Skip to main content
  1. Home
  2. Mobile
  3. Legacy Archives

Nearly all Android phones ‘leak’ sensitive personal data, tests show

Add as a preferred source on Google

Google Android LogoGoogle’s privacy woes just got worse. According to a study by researchers at a German university, more than 99 percent of all smartphones that run Google‘s Android operating system can easily be infiltrated by mobile hackers. The attackers can then use the “leaked” data to impersonate the rightful user, and access online accounts, such as Google Calendar, Twitter and Facebook.

According to the University of Ulm researchers, Bastian Konings, Jens Nickels, and Florian Schaub, the Android vulnerability is due to an improper implementation of the ClientLogin protocol, which is used in Android versions 2.3.3 and earlier, reports The Register. Once a user submits his or her login information, ClientLogin receives an authentication token that is sent as a cleartext file. Because the authentication token (authToken) can be used repeatedly for up to 14 days, hackers can access the information stored in the file, and use it to do their nefarious bidding.

Recommended Videos

“We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis,” write the researchers on their blog. “The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs.”

As bad as this sounds — indeed, is — for Android users, this type of attack can only be waged when the Android device is using an unsecured network, like a Wi-Fi hotspot, to send data. The researchers say hackers could wage such an attack when a device is connected to a network that is under their control.

“To collect such authTokens on a large scale an adversary could setup a wifi access point with a common SSID (evil twin) of an unencrypted wireless network, e.g., T-Mobile, attwifi, starbucks,” write the researchers. “With default settings, Android phones automatically connect to a previously known network and many apps will attempt syncing immediately. While syncing would fail (unless the adversary forwards the requests), the adversary would capture authTokens for each service that attempted syncing.”

The researchers suggest a number of ways to fix the issue, for app developers, Google and Android users alike. Developers whose apps use ClientLogin “should immediately switch to https,” the researchers say. And Google should limit the life of the authentication token, and restrict automatic connects to protected networks only. Android users should update their devices to 2.3.4 as soon as possible, they say, as well as turn off automatic sync when connecting with Wi-Fi, or avoid unsecured Wi-Fi networks entirely.

Andrew Couts
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
The best phones in 2026: our 14 favorite smartphones right now
We tested phones across all price brackets so that you can make the best pick based on your needs and budget.
Google Pixel 10 Pro Fold vs Galaxy Z Fold 7 cameras

Choosing the right smartphone in 2026 is no easy task. Apple and Android manufacturers now have strong options at almost every price, while better cameras, longer battery life, improved software support, new AI features, and more refined foldable designs have made the market more competitive than ever. But picking one is not easy, especially if your budget is tight, or you are just legitimately concerned about getting the best value for your money and need a reliable daily driver for long-term usage.

We have tested and compared the leading smartphones available today, looking beyond the spec sheet to see how they actually perform in daily use. Camera quality, battery life, performance, display quality, software, design, and long-term value all play a part in our recommendations. Whether you are looking for a powerful flagship, a dependable budget phone, a compact device, or a foldable, this guide should help narrow down your choices.

Read more
Snapchat Planets Meaning: Order, Rankings, and How Friend Solar System Works
Snapchat Planets turns your best friends list into a solar system, and yes, your orbit says a lot
Snapchat Planets being shown on the Snapchat app on iPhone.

Snapchat+ includes several exclusive features, but few have generated as much curiosity as Snapchat Planets. Part of the app's Friend Solar System, it transforms your Best Friends list into a planetary ranking, assigning each of your top eight friends a planet based on how often you interact.

From Mercury, which represents your closest friend, to Neptune, which represents your eighth closest, the system offers a quick visual snapshot of your interactions. But what do the different planets actually mean, and how does Snapchat decide who gets which one?

Read more
How to use WhatsApp Web
We'll show you how to use WhatsApp on your desktop or laptop
WhatsApp Web

As one of the most popular messaging services, you’ve already heard of WhatsApp. From its humble beginnings in 2009—two years before Apple introduced iMessage—to its acquisition by Facebook (now Meta) in 2014, WhatsApp has become the dominant messaging platform around the globe.

In recent years, it's grown even more potent with new features like video messages, self-destructing voice messages, the ability to edit sent messages, and more. We even finally got an WhatsApp iPad app in May 2025.

Read more