Making Unique Observations in a Very Cluttered World

Monday, 16 September 2013

Your secret Wi-Fi password is no secret to Google -

Your secret Wi-Fi password is no secret to Google - 

You know that home Wi-Fi network you have? The one with the super-complicated password you came up with to keep your neighbors from jacking your connection? 

Chances are, Google knows that password.

If you've ever logged on to your network with an Android device, or even if it was just a friend logging on just once, chances are Google has your password stored in their servers. In fact, it's very possible that Google knows just about every Wi-Fi password in the world.

It's not a secret, exactly, as Michael Horowitz at Computer World points out in a recent blog post. The issue has been covered by several prominent blogs, but during the current privacy backlash against tech companies, the collection of millions of Wi-Fi passwords has mostly flown under the radar.

But it's a notable issue. As Horowitz points out, an estimate 748 million Android phones will be sold in 2013 (a figure that does not include tablets). And most of these devices are backing up Wi-Fi passwords as part of their default settings. 

"Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings," he writes. "And, although they have never said so directly, it is obvious that Google can read the passwords."

This has been the default setting for Wi-Fi passwords since version 2.2 of the Android operation system. It's been presented as a positive feature for users, one that makes it easier to save data and configure a new phone. But for those who don't want the feature, it can be tricky to change. Depending on which version of the Android platform you have, you either have to go to "Backup my Data" or "Backup and Reset" to do the necessary configuration.

But it's not just your home Wi-Fi account. Android phones are set to automatically remember the passwords of any Wi-Fi network according to the Register:

"The list of Wi-Fi networks and passwords stored on a device is likely to extend far beyond a user's home, and include hotels, shops, libraries, friends' houses, offices and all manner of other places. Adding this information to the extensive maps of Wi-Fi access points built up over years by Google and others, and suddenly fandroids face a greater risk to their privacy if this data is scrutinised by outside agents.  

These revelations are troubling for privacy advocates who fear all this information is ripe for government cherry picking if any U.S. intelligence agency were to compel Google to give up information on one of its users. As Micah Lee of the Electronic Frontier Foundation blogged, its reasonable to expect that these passwords are not secure in Google's servers, readable by anyone.


No comments:

Post a Comment