Sunday, May 22, 2011

99.7% of Android phones leak data, contacts can be downloaded

Turns out that Google uses tokens for authentication that have an unreasonable lifetime. This isn't the real issue. The problem is that when your phone connects to an open wifi network, the phone attempts to reconnect to all the services, including your Google accounts. This is where your contacts are stored. So...sniff the AuthToken, use it later to authenticate/sync to an account, and wah-lah, p0wn3d.

Gee, nice...