Just in case you haven’t already donned a tinfoil hat in light of Edward Snowden’s NSA revelations, here’s a little extra motivation. According to the Electronic Frontier Foundation (EFF), Android users who use the “back up my data” feature on their devices could be serving up their Wi-Fi passwords to data harvesters like the NSA.
Disclaimer: No evidence exists that the NSA is actually logging passwords and it is irresponsible to suggest otherwise unless actual evidence is provided. EFF has demonstrated that it is simply possible.
“The ‘Back up my data’ option in Android is very convenient,” wrote Micah Lee, staff technologist at the EFF. “However, it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.” [ArsTechnica]
Ostensibly, Android’s backup feature is outstanding and frankly a responsible thing to use. It sends data including your call logs, system settings, and browser bookmarks to Google’s cloud so they can be easily retrieved should you lose your phone. Unfortunately, since the data is sent in plain text, any information requests could very well include more sensitive data like your Wi-Fi passwords.
“Since backup and restore is such a useful feature, and since it's turned on by default,” wrote Lee, “it's likely that the vast majority of Android users are syncing this data with their Google accounts. Because Android is so popular, it's likely that Google has plaintext Wi-Fi passwords for the majority of password-protected Wi-Fi networks in the world.”
And if that’s not unsettling enough, don’t forget that Google also mapped most of those Wi-Fi networks with their Street View program. It wouldn’t take much to link the location of the network and the corresponding password for anyone interested in snooping.
Have we mentioned you should use a VPN when you’re on Wi-Fi?