Android cloud backups store unecrypted wifi passwords

Android cloud backups store unecrypted wifi passwords

A report on the Android issue tracker suggests that the ‘Back up my data‘ option, which saves your Android data to the cloud, does not encrypt your wifi passwords. While this may not be a huge issue for private users, for large organizations this could be a serious privacy concern.

In most Android devices, the ‘Back up my data’ to Google servers option is enabled by default. Included in the data sent are your wifi passwords, and they are saved in plain text. If someone managed to get hold of your backup, they would be able to access any wifi network you have saved on your device. As the issue reporter Micah Lee points out, all that needs to be changed is to add encryption to this data. A similar problem has occurred before with Android, which was found to be storing all passwords locally, unencrypted. That potential problem was fixed.

For large companies, this means that any employee who uses their wifi has that company wifi password stored, unencrypted in plain text, in the cloud. In the wake of the PRISM scandal, having so many possibly sensitive passwords stored by Google with little security seems irresponsible.

[Source: https://code.google.com/p/android/issues/detail?id=57560]

Loading comments