Andrones

[91Chris]

 

 

We’ve become increasingly aware of how important it is to protect privacy and personal data in this modern digital age, and whenever there’s a risk of said information falling into the wrong hands, it’s only natural that we pay attention.

An interesting discovery has been made by Computerworld’s Michael Horowitz. Apparently, Google keeps a log of every Wi-Fi password ever entered into an Android device, and although humans do not see these passwords, the mere fact that they are there will be disconcerting to some.

The Big G’s privacy policy has been thrust into the spotlight on more than a few occasions in the past, and although this behavior of automatically logging passwords is only used to help mobile users backup their data to Google servers and not need to keep re-entering passwords, it’s fair to say that the company has a lot of Wi-Fi password information.

When you back your data up to Google servers, it keeps your phone book information and such, but few would even recognize that Wi-Fi passwords are included in the bargain. There’s no doubt that it is useful from a user experience point of view, for when you opt to restore data on a new device, you don’t need to go scratching around for those hotspot passphrases once again – cumbersome to say the least.

However, while Google is helping make Android a more seamless experience, not everybody will feel comfortable with any entity keeping this information. You can opt out of the auto-backup feature within the Settings app of any Android device, but considering no human will see your Wi-Fi password anyway, you’re perhaps better off allowing the backups to continue.

To be honest, it depends on your own personal stance, and which you find to be the lesser of two evils. Typing in passwords time after time is not particularly fun, but knowing such a large company knows so much about you is, by the same token, quite scary.

Will you be preventing your Android device’s automatic backups, or you don’t care one bit? You know where to drop your thoughts.

 

 

 

Redmond Pie

 

 

 

[ERSCreeper]

Source?

[Samdb]

It would be nice if you added something yourself, instead of just quoting the entire article. Not to mention you need to source.

[91Chris]

Stop bitching I did mention the source. You're obviously blind?

Want me to add something? OK... This is further proof Google is an awful company

[snowComet]

Stop bitching I did mention the source. You're obviously blind?

Want me to add something? OK... This is further proof Google is an awful company

I think you should provide the source as a link, not the name of the website. It's for the ease of the readers...

Besides, Linus encouraged us to add write sth for  the news we posted in the live show (not the WAN show at that time)

[91Chris]

There's nothing really to say. I suppose i could moan and ask how they get away with this stuff, but that's not going to change anything is it?

It annoys me how one company can be so sneaky and evil in regards to their users privacy, and another company gets ripped apart in the main stream media because a users optional location based data is navigated through their servers. It doesn't make sense. Google doesn't even bother to mention a lot of their "policies" anywhere, as Microsoft has pointed out in the past. There doesn't appear to be a level playing field.

[LAwLz]

 

An interesting discovery has been made by Computerworld’s Michael Horowitz. Apparently, Google keeps a log of every Wi-Fi password ever entered into an Android device, and although humans do not see these passwords, the mere fact that they are there will be disconcerting to some.

Wait, people didn't know this? I've know it for several years now. The article says you can opt-out of it, but I am fairly sure it is an opt-in feature. It asks you if you want to back up your personal information to Google servers when you sign in to your Google account on the phone, and then people get surprised when personal info is backed up on Google's servers?

Fairly sure both Apple and Microsoft has options for backing up your personal data (like phone books and such) in their mobile OSes as well. Don't want personal info on their servers? Disable it in the options menu,

 

Here is a post on Phandroid from 2011 which talks about it.

 

I don't think this is a big deal either. Oh no they know my WiFi password. It takes like 5 seconds to change that, and I could disable the backup if I really cared. I think it's a good thing they back that up. No need to retype all my WiFi passwords if I were to get a new phone, or reset my old phone.

 

 

It annoys me how one company can be so sneaky and evil in regards to their users privacy, and another company gets ripped apart in the main stream media because a users optional location based data is navigated through their servers.

Under what rock have you been living? Google gets a ton of crap for being privacy intrusive.

 

Google doesn't even bother to mention a lot of their "policies" anywhere, as Microsoft has pointed out in the past. There doesn't appear to be a level playing field.

For example?

[PapaRhino]

I back my shit up with Google every time I flash a new ROM on my phone, pretty useful imo.

[91Chris]

"Under what rock have you been living? Google gets a ton of crap for being privacy intrusive."

Yeah, occasionally online. It doesn't get blown out of proportion like it does with other companies. People just take it on the chin with Google.

 

"Oh no they know my WiFi password. It takes like 5 seconds to change that, and I could disable the backup if I really cared."

Totally besides the point.

 

"For example?"

I'm not going to go digging online to find the info, you go find it. I'm pretty sure Microsoft has a website dedicated to showing all of the issues with Google and privacy. It's one thing to have things in place, but another when it's not mentioned anywhere in the agreement.

 

 

From my own experience Google's privacy is shit. My Apple ID got "hacked" twice now. After the second time the head of security at Apple phoned me to further investigate, it was discovered that it was done through my Google account somehow. I made the "mistake" of giving Google my Apple email and using the same password for my Google account as i did with Apple. Since i removed my Apple email from Google and changed to a different password i've had no problems with my Apple ID. 

 

 

EDIT: this is exactly my point...

 

"That's creepy and bad of Google. Google should ask you if you want your WiFi passwords stored to the cloud. I would have said no. If Microsoft did something like that on Windows, there would be public outcry and a congressional investigation. But if Google does it, people are like, "Wow, cool feature. Google is awesome.""

[silencerbob]

I use the WPS button on my WiFi router. Can they still read mine?

[R4STABAN]

How dare you question google / android on this forum?!

[91Chris]

HAHA. Thats why i just left it as a quote.

[colonel_mortis]

It talks about android storing the password to all wifi networks you've ever connected to, but I was looking around my iPod touch with iFile and discovered that it had all the passwords to all the wifi networks I've ever connected to, even if I "forgot" the network. It should be an opt in thing to back up your passwords to the cloud not opt out IMO, and if it already is then brilliant. If you can opt into it, there's nothing wrong with it because you have to consciously decide to enable it, and it's your risk.

[LAwLz]

"Under what rock have you been living? Google gets a ton of crap for being privacy intrusive."

Yeah, occasionally online. It doesn't get blown out of proportion like it does with other companies. People just take it on the chin with Google.

I highly disagree. I think it's just that you go "yeah woho you go!" when someone says something bad about Android, and when someone says anything bad about Apple you overreact. Typical fanboy behavior. Open your eyes, be unbiased, and visit more than a handful of sites and you'll see that Google gets a ton of crap. Maybe even more than Apple does overall.

 

 

"Oh no they know my WiFi password. It takes like 5 seconds to change that, and I could disable the backup if I really cared."

Totally besides the point.

Why is that besides the point? I was just pointing out that even if they did this in secret (it's been known for several years now), even if it wasn't opt-in (as in you have to tell your phone "yes I want you to save this info") it would still not really matter. So they got your WiFi password, big deal. Disable backup and change your password and there, any "harm" that was done has been 100% nullified.

 

 

"For example?"

I'm not going to go digging online to find the info, you go find it. I'm pretty sure Microsoft has a website dedicated to showing all of the issues with Google and privacy. It's one thing to have things in place, but another when it's not mentioned anywhere in the agreement.

No, you made an outrageous statement and I demand some proof. I think that Google has some privacy issues, but saying that they are lying in their TOS is a serious thing to accuse them for.

"An extraordinary claim requires extraordinary proof"

 

 

From my own experience Google's privacy is shit. My Apple ID got "hacked" twice now. After the second time the head of security at Apple phoned me to further investigate, it was discovered that it was done through my Google account somehow. I made the "mistake" of giving Google my Apple email and using the same password for my Google account as i did with Apple. Since i removed my Apple email from Google and changed to a different password i've had no problems with my Apple ID.

Nobody "hacked" your Google account. You probably got a keylogger or something like that, which is 100% your own fault. Google even offers 2-step verification for such occasions. Don't blame Google when they are not at fault. And no, your password was stolen from you, not from Google. Nobody broke into Google's servers, stole their database with passwords and reverse engineered your password from the hash.

 

 

EDIT: this is exactly my point...

 

"That's creepy and bad of Google. Google should ask you if you want your WiFi passwords stored to the cloud. I would have said no. If Microsoft did something like that on Windows, there would be public outcry and a congressional investigation. But if Google does it, people are like, "Wow, cool feature. Google is awesome.""

But they do ask you. This is an exact quote from the setup you see every time you connect your Google account to a new Android device:

 

 

Signed into <username>@gmail.com and synchronizing data.

 

You can use your Google Account to back up your apps, settings (such as bookmarks and Wi-Fi passwords), and other data. if you previously backed up your data with this account, you can restore it to this device now.

 

Restore data from my Google Account to this device   ☑

 

Keep this device backed up with my Google account   ☑

This should come as no surprise to anyone who actually read the guide you get when you first start your device. It says that it will store your Wi-Fi password, and people are surprised that it stores your Wi-Fi password? I am sorry, but if you own an Android device, just found out about this, and is mad about it, then you're an idiot (not talking directly to you Chris, I am talking about people who are outraged about this in general). Google asks you if it is OK to that it, and you have to agree before they start storing it.

[qwertywarrior]

just dont  backup ur password with google

[91Chris]

I highly disagree. I think it's just that you go "yeah woho you go!" when someone says something bad about Android, and when someone says anything bad about Apple you overreact. Typical fanboy behavior. Open your eyes, be unbiased, and visit more than a handful of sites and you'll see that Google gets a ton of crap. Maybe even more than Apple does overall.

 

 

Why is that besides the point? I was just pointing out that even if they did this in secret (it's been known for several years now), even if it wasn't opt-in (as in you have to tell your phone "yes I want you to save this info") it would still not really matter. So they got your WiFi password, big deal. Disable backup and change your password and there, any "harm" that was done has been 100% nullified.

 

 

No, you made an outrageous statement and I demand some proof. I think that Google has some privacy issues, but saying that they are lying in their TOS is a serious thing to accuse them for.

"An extraordinary claim requires extraordinary proof"

 

 

Nobody "hacked" your Google account. You probably got a keylogger or something like that, which is 100% your own fault. Google even offers 2-step verification for such occasions. Don't blame Google when they are not at fault. And no, your password was stolen from you, not from Google. Nobody broke into Google's servers, stole their database with passwords and reverse engineered your password from the hash.

 

 

But they do ask you. This is an exact quote from the setup you see every time you connect your Google account to a new Android device:

 

This should come as no surprise to anyone who actually read the guide you get when you first start your device. It says that it will store your Wi-Fi password, and people are surprised that it stores your Wi-Fi password? I am sorry, but if you own an Android device, just found out about this, and is mad about it, then you're an idiot (not talking directly to you Chris, I am talking about people who are outraged about this in general). Google asks you if it is OK to that it, and you have to agree before they start storing it.

 

You mad?

[LAwLz]

You mad?

No? Not sure how you got that out of my post since I thought I worded it in a fairly unoffensive and calm way. If anything, I am disappointed that you could only make a lousy comment like "you mad" as a reply.

[EChondo]

Just enable your router to require MAC addresses.

 

Done, no one can get on your wifi, even if they have your password.

[colonel_mortis]

Just enable your router to require MAC addresses.

 

Done, no one can get on your wifi, even if they have your password.

So easy to get around if you know what you're doing. You can quite easily just see what mac addresses are connecting to the network then spoof yours to be the same as theirs. And that's not really the point of the thread.