A great many people use smartphones and tablet devices to log into Wi-Fi networks — home networks for sure, but also work networks, coffee-shop networks, friends’ networks, networks everywhere there’s Wi-Fi. Some of these networks are public; others, very private (your home network, for example, or your friend’s).
There’s a setting on Android devices variously labeled “Back up my data” or “Back up my settings.” Guess what gets backed up? All of your stored Wi-Fi passwords. To a Google server. Because Android is Google’s answer to Apple’s iDevices. (But you knew that, right?)
Think Google can (and does) read those passwords? This writer does.
I found this amazing, but I can’t find a hole in the writer’s logic. This is from Computerworld, so we’re not talking about a disreputable source. Read on (many thanks to commenter Just_AC via email; my emphasis):
If an Android device (phone or tablet) has ever logged on to [any] particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide.
Recently IDC reported that 187 million Android phones were shipped in the second quarter of this year. That multiplies out to 748 million phones in 2013, a figure that does not include Android tablets.
Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords. …
Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldn’t change it. I suspect that many Android users have never even seen the configuration option controlling this. After all, there are dozens and dozens of system settings to configure.
There’s more, including instructions for changing the setting. Do read the whole thing. There are lots of related links in it. For example, the problem isn’t just that the Google has your data and can read it. Hackers can too. From a link from the article:
Anyone with access to a Google account … has access to its Wi-Fi passwords.
Meaning, if someone hacks into your Gmail account, they can then synch an Android phone with your account and get all of its backed up Wi-Fi passwords. Apple, at least, puts your passwords in an encrypted “keychain” that can only be read by the same phone that encrypted them in the first place.
Corporate users of Android devices are starting to freak out. Amazing story; amazing ethics at Don’t Be Evil Inc. I think if I was evil, I’d hide behind just that slogan myself.
Does the NSA have access to your Wi-Fi passwords?
That’s a good question. Computerworld on just that subject:
When it comes to Wi-Fi, the NSA, CIA and FBI may not need hackers and cryptographers. They may not need to exploit WPS or UPnP. If Android devices are offering up your secrets, WPA2 encryption and a long random password offer no protection.
Even if Google deletes every copy of your backed up data, they may already have been compelled to share it with others. And, Google will continue to have a copy of the password until every Android device that has ever connected to the network turns off the backing up of settings/data.
Would Google do that to you? Would the google serve you up to Gen. Keith “Collect it all” Alexander and the robot protectors at the NSA? You decide. Is the google a part of the national security state? What do you think?
And if their defense is — “Hey, they made us do it; ‘cuz hey, we’re not evil on purpose” — well hey, their crisis-management team would order them to say just that, wouldn’t they?
What else would they say — “Hey, we did it in exchange for a boatload of government contracts and an in with top Internet lawmakers”? I mean, that would be dumb, right?
The google — Is it here to serve you, or serve you to others? You decide.
To follow or send links: @Gaius_Publius