printable article

Originally published September 29 2013

Google has been secretly harvesting the passwords of all Wi-Fi devices everywhere

by J. D. Heyes

(NaturalNews) It's bad enough that the federal government, through its various agencies, has been "data mining" (i.e., spying) on all of our electronic communications, all in the name of "national security," but now comes word that some of the largest telecom and social media companies are unconstitutionally lifting our private, personal data too. Namely, our passwords.

According to a blog post by Michael Horowitz on the website Computer World, Google and Android have teamed up to steal the passwords on hundreds of millions of Wi-Fi devices.

Per Horowitz:

If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide.

'Back-up' feature betrays your privacy - who knew? Google...

Recently tech analyst firm IDC noted that 187 million Android phones were shipped in the second fiscal quarter of this year. In all of 2013, that figure would translate into about 748 million - and that figure does not include Android tablets.

Horowitz says most of those devices are "phoning home to Google," to back-up Wi-Fi passwords and other assorted (private) settings. And while it has never admitted as much, "it is obvious that Google can read the passwords," he wrote, adding:

Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldn't change it. I suspect that many Android users have never even seen the configuration option controlling this. After all, there are dozens and dozens of system settings to configure.

And, anyone who does run across the setting cannot hope to understand the privacy implication. I certainly did not.

He advises specifically:

-- "In Android 2.3.4, go to Settings, then Privacy. On an HTC device, the option that gives Google your Wi-Fi password is 'Back up my settings.' On a Samsung device, the option is called 'Back up my data.' The only description is 'Back up current settings and application data.' No mention is made of Wi-Fi passwords."


-- "In Android 4.2, go to Settings, then 'Backup and reset'. The option is called 'Back up my data'. The description says 'Back up application data, Wi-Fi passwords, and other settings to Google servers.'"

There you have it.

And while "backing up" your data so you can move it from one Android device to another, no one ever said anything about stealing your passwords - did they?

But the "glitch" - if you want to call it that - is not escaping privacy experts, especially after the discovery that tech companies and telecoms like Yahoo!, Google, Facebook et al., were assisting the National Security Agency and the government in the theft of the private information of users.

How about user encryption of private information?

Reports Britain's The Register:

Privacy experts have urged Google to allow Android users' to encrypt their backups in the wake of the NSA PRISM surveillance flap.

The useful "back up my data" option in Google's Android operating system sends a lot of private information from fandroids' devices to Google's cloud storage service. Such sensitive data includes wireless network passwords, application files and configuration settings.

These backed-up bytes are probably stored in an encrypted form on the advertising giant's servers. However, if it is encrypted, then it's Google that has the decryption keys, not the person or organization that owns the data. As such, the information is vulnerable to secret demands from government agents and cops for that data.

If users had the cryptographic keys then at least they are aware of the surveillance and have a chance of personally fighting the request.

"The 'back up my data' option in Android is very convenient. However it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data," writes Micah Lee, a staff technologist at the privacy warrior outfit Electronic Frontier Foundation.

Android users, beware.


All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit