Your Wi-Fi Password accessible by Google
Recently, Micah Lee, staff technologist for EFF and the project maintainer of HTTPS Everywhere, posted an interesting topic in the “Issues” section of the Android Open Source Project. As he has a solid understanding about the power of encryption on the Internet, his suggestion was definitely not to be ignored:
“The ‘Back up my data’ option in Android is very convenient. However, it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests to data.”
Convenience Comes With A Price
In Android, this option is found on the ‘Backup & reset’ section on the Settings page, and backs up all of your settings, app data, bookmarks, and Wi-Fi passwords on Google’s servers thanks to cloud hosting. While it can be turned off, most don’t because of the reason Lee points out: it’s convenient.
Think about it: you either lost your phone or tablet, or maybe you recently performed a restore and want an easy way to reset the phone to exactly the way you want it. Isn’t it so much easier when the backup is done automatically? No need to re-install apps or re-enter passwords.
But what if you wish to turn it off? Nothing detrimental. In fact, you might be better off as Google collects and stores more data without encryption than you may be comfortable with. If you do wish to turn it off, it effectively erases all copies of your data on Google servers. But is turning this backup off a good idea? That depends. Do you prefer convenience, or security?
The Tumblr App Example
Although a little more extreme, it still shows you just how much better encryption is for your sensitive data. In the case of Tumblr, its iOS app was transmitting personal data such as passwords without first securing the data through encryption. As a result, anyone could get ahold of your Tumblr password.
With the Google/Android issue, however, the data is encrypted when being transmitted to Google. It could very well be stored in encrypted form as well. The problem lies in the fact it is not data that is available to you exclusively. Anyone can access this encrypted data.
Google makes it all too easy to recover your data after a loss, whether due to wiping data off your device or losing it altogether. Google can recover all of this data, including plaintext Wi-Fi passwords, in an instant, even if you can’t remember your device password. It points to consumers’ need for easy, convenient, and fast.
Your Passwords And The NSA
Now, let’s think about something that has been in the news a lot lately: the NSA and your cyber privacy. So if Google is keeping this list of your data, which just so happens to contain your Wi-Fi passwords, can’t they gather these to include in their own database? Probably.
Now, think about how you use your wireless device. You probably have multiple Wi-Fi data stored there, maybe the network at your workplace; your parents’; your sister; the library. You’re now giving them not only your own personal Wi-Fi network password, but that of everywhere you use the Internet on your device.
Does this bother you? It should. But is there anything you can do about it? Yes.
Your Wi-Fi Password accessible by Google: Encryption Is Key
Although it isn’t as convenient as the automatic backup Google offers, you can be guaranteed security of your passwords and other data if you simply encrypt the data prior to pushing it to the cloud for backup.
Rather than relying on a cloud hosting service to save you when you’ve forgotten your passwords, whether on your device or otherwise, keep a record of these passwords. Then you don’t lose everything, but Google doesn’t have a copy of the information in plaintext for anyone to get ahold of.
No, these methods aren’t as simple and instant as relying on Android’s backup methods. But they’re safer, for your data and the data of those who allow you to use their Wi-Fi.
What is more important to you: convenience or security?