Skip to main content

Google: Android security fix to roll out over next few days

Mark Milian
Security researchers discovered a flaw in Android phones that allows hackers to access personal information.
Security researchers discovered a flaw in Android phones that allows hackers to access personal information.
  • Google began fixing a security flaw in Android smartphones on Wednesday
  • The patch will take a few days to reach everyone, a Google spokesman said
  • The bug can allow a hacker to access a phone's contacts, calendar and photos

(CNN) -- Google on Wednesday began fixing a security flaw that affects some 97% of Android smartphones.

The fix, which addresses a hole allowing hackers to access the contacts, calendars and photos on an Android phone connected to an open Wi-Fi network, will take a few days to cover every phone, a Google spokesman said.

Unlike a traditional software update, the problem exists on Google's servers, so Android users won't need to manually take action.

The newest versions of Android, including the new wave of tablets running its Honeycomb software, are not affected by the bug, according to the researchers at Ulm University who initially reported the issue.

Newer Android software that has a feature for synchronizing photos to Google's Picasa Web Albums service is also vulnerable. Google does not yet have a solution for that, but a spokesman said the company is investigating the matter.

Eric Schmidt on Android vs iPad

The server fix involves switching its login systems to a more secure protocol. Use of the less secure method is a common practice on the Web, as CNN reported in November.

Google's swiftness in patching its network is laudable, but the company doesn't seem to have an adequate solution for a time when such a problem could only be fixed in each handset's software, said Adrian Turner, the CEO of device security firm Mocana.

"We don't think there's enough being invested proactively to address some of these threats," Turner said. "You want to avoid the oil spill in the first place."

Google recently acknowledged that its procedure for issuing Android software updates needs work, and formed a consortium of cellular carriers and hardware manufacturers to address the problem.


Most popular Tech stories right now