There are settings that should be backed up to the cloud and there are settings that should not be backed up. With Android, it’s all or nothing, and the worst part is that you don’t know what “all” contains.
On Android, if you look under Settings / Privacy, you’ll find an option called “Backup my data”. The description on this says “Back up application data, Wi-Fi passwords, and other settings to Google servers”. I’ve seen devices where the Wi-Fi passwords part is left out, and other devices where there is no description at all. At first thought, this is a great option. Who doesn’t want their new Android device to automatically know all the settings of their old device?
There are 2 problems with this feature. The first issue is that Google is not clear as to what “other settings” are being backed up to the cloud. Are we talking email accounts? screen brightness? wallpaper? ringtones? etc.. If it’s my data that is being backed up, I should have some sort of indication as to what that data is.
The second problem is that this will automatically backup your WiFi networks encryption keys. This is great for personal home networks. But I’m pretty sure most enterprises would have a concern if they learned that the encryption keys for the corporate WiFi are being uploaded to the cloud. If someone hacks my GMAIL account, they would instantly have access to the corporate network. Since this feature is driven by the phone, there is no way for the enterprise to specify that a given encryption key should not be backed up.
Donovan Colbert might have jumped the gun a little when he first wrote about this on TechRepublic’s IT Security blog, as it’s not some automatic upload in the background without ever telling the consumer. It does ask you during the initial setup if you would like to backup to the cloud. But it doesn’t provide a means to back up some or part of your personal information.
While it sounds a little extreme, if you’re running a private corporate network and want to keep it secure, you might want to consider blocking Android devices from connecting to it, or step up the key rotation.
(Source = TechRepublic)