Security Concerns Around Androids Backup

There are settings that should be backed up to the cloud and there are settings that should not be backed up. With Android, it’s all or nothing, and the worst part is that you don’t know what “all” contains.

On Android, if you look under Settings / Privacy, you’ll find an option called “Backup my data”. The description on this says “Back up application data, Wi-Fi passwords, and other settings to Google servers”. I’ve seen devices where the Wi-Fi passwords part is left out, and other devices where there is no description at all. At first thought, this is a great option. Who doesn’t want their new Android device to automatically know all the settings of their old device?

There are 2 problems with this feature. The first issue is that Google is not clear as to what “other settings” are being backed up to the cloud. Are we talking email accounts? screen brightness? wallpaper? ringtones? etc..  If it’s my data that is being backed up, I should have some sort of indication as to what that data is.

The second problem is that this will automatically backup your WiFi networks encryption keys. This is great for personal home networks. But I’m pretty sure most enterprises would have a concern if they learned that the encryption keys for the corporate WiFi are being uploaded to the cloud. If someone hacks my GMAIL account, they would instantly have access to the corporate network. Since this feature is driven by the phone, there is no way for the enterprise to specify that a given encryption key should not be backed up.

Donovan Colbert might have jumped the gun a little when he first wrote about this on TechRepublic’s IT Security blog, as it’s not some automatic upload in the background without ever telling the consumer. It does ask you during the initial setup if you would like to backup to the cloud. But it doesn’t provide a means to back up some or part of your personal information.

While it sounds a little extreme, if you’re running a private corporate network and want to keep it secure, you might want to consider blocking Android devices from connecting to it, or step up the key rotation.

(Source = TechRepublic)

About Mike Temporale

Mike Temporale has written 614 posts on Mobile Jaw..

Mike Temporale grew up fascinated by computers since an early age. His first hands on with a computer came when he was 7 years old and a travelling lab of Commodore PET computers made a stop at his school. Hooked on the new world these devices offered, he took any chance possible to get in front of a computer. When Compaq launched the iPaq 3600, he was hooked again. This time on a whole new world of mobile computing. Today, Mike spends his day helping clients deploy and manage their mobile device around the world. From installing custom software, to locking and securing data, and everything in between. He is also the Editor in Chief at Mobile Jaw - a site focused on today's mobile world.

  • Pingback: MobileJaw()

  • Suresh Babu

    Great piece of information here. The data back up is a crucial factor and also a give way to hackers who are intending to extract sensitive data. No enterprise should ever be prone to such accidents and the technology should maintain the data integrity. Gmail hack should not manipulate the entire personal details relating to the corporate company. Thanks for mentioning the flaws in the Android technology!