Google Promises Flaw Fix And Improved Privacy Tools

Google is quietly fixing an authentication flaw discovered in its Android operating system, and will generally improve and simplify its security and privacy settings in the near future.

The flaw was discovered by researchers at the University of Ulm in Germany on 13 May. The authentication glitch only affects applications that access Google services, such as Calendar and Contacts. When a Wi-Fi network connection opens access to the services, the authentication token, which has a validity of two weeks, is vulnerable to interception and a hacker could use it to log in to a user’s account.

Relief For Locked-In Users

One solution is to upgrade Android to version 2.3.4 or the Honeycomb 3.0 release which are not vulnerable. This is not an option for many Android devices which are locked to a service supplier and, if they do not offer an upgrade, the user has no option open to them.

“We’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts,” a Google spokesman said. “This fix requires no action from users and will roll out globally over the next few days.”

At Google’s UK Big Tent privacy conference, its former CEO Eric Schmidt said that Google will simplify its app installation process to comply with privacy issues. The installation would make it much clearer if an app expects to access users’ sensitive data. Schmidt did not say if this would be extended to comply with a recent EU request to include location data.

Privacy Not In Schmidt’s Dictionary

The Google measures have limits and will not fully protect users. “It is worth stressing that we can only do this with data you have shared with Google. We can’t be a vacuum-cleaner for the whole Internet,” he said.

Schmidt’s views on privacy are somewhat contradictory. He has said in the past that information sharers show they have nothing to hide but has also said that some shared information will have bad repercussions for sharers. This time, his comments left many conference delegates wondering if Google really has a handle on the problems that can arise. This was highlighted when he said that it would be better for people to forget about the whole issue and just hand over the information Google requests.

“If you choose to give us that information we can do a better job. If we know a little bit more about you we can offer better targeted search,” he explained.