Google's handling of Android flaw should be a lesson for Sony

It almost seems like we aren’t safe anywhere these days. After hackers invaded my favorite gaming system, the PlayStation 3, I was shocked. Now it looks like there is a huge problem with my Android phone. Is nothing sacred?

However, where Sony totally dropped the ball on getting the word out about security, Google is running fast and hard to head off even the potential of problems associated with Android phones.

In the case of the Android, your phone is only vulnerable in limited circumstances. Specifically, if you connect your phone over an unsecured wireless network, a hacker can sniff out that data and then directly access your data. They would be limited to viewing or changing your calendar data, viewing your photos and stealing your contacts. Everything else would be safe.

Oddly enough, if you have the latest version of the Android OS, 2.3.3, you are immune to this problem, which was first discovered by researchers at Ulm University in Germany, and thankfully not by malicious hackers. That older OSs are in trouble is typical of things on the PC side, where older versions of operating systems are often susceptible to worms and hacks that have long since been patched.

The problem with Android phones is that most people don’t upgrade the OS. In fact, if you look at the number of users, you might be surprised to learn that the vast majority of them, as of the writing of this column, are at least two full versions behind the current one. Some are still using the version of the OS that shipped with their devices at launch years ago!

The reason for the heavy backlog on upgrades is that, although most people love their Android phones, the update process is a bear and a half. It takes forever to upgrade to the latest OS, so after doing it once, people don’t want to try it again. Why stick your hand into a fire twice? Thankfully, Google found a way to fix this current problem without requiring an update. They simply required that calendar and other apps use an HTTPS connection instead of the unsecured HTTP one they use now. No need to do anything. You will be protected in a few days even if you have an older OS version.

So a big thanks to Google for taking security seriously, and for doing everything right. Contrast their actions with how Sony bungled their hack, and you’ll see why the Android platform has such a following.

The bottom line, though, is that you’re really not safe anywhere. Hope for the best but fear the worst. And plan accordingly.

About the Author

John Breeden II is a freelance technology writer for GCN.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.