US media reports that Google may have obtained the majority of the world's WiFi passwords
According to a report by the US IT website ComputerWorld, if an Android device connects to a Wi-Fi network, then Google may know the password of that Wi-Fi. Given the almost ubiquitous presence of Android devices today, it is possible that Google has access to most of the world's Wi-Fi passwords.
According to the latest report from market research firm IDC, in the second quarter of this year, global shipments of Android phones reached 187 million units, and annual shipments could reach 748 million units, a figure that does not include Android tablets.
Among these Android tablets and phones, many, perhaps most, users connect with Google customer service and back up their Android passwords and various settings. Although Google has never explicitly stated this, it is clear that it can read the Wi-Fi passwords of these Android devices.
Starting from Android version 2.2, according to default settings, Android devices could inadvertently disclose Wi-Fi passwords. Since this feature was considered beneficial, most users did not change this setting. American security expert Michael Horowitz said he suspected that many Android users had never even seen the configuration options controlling this feature. After all, it involves countless system settings. Users who happened to see this setting might not delve deeply into its privacy implications.
Specifically, in Android version 2.3.4, the option for disclosing Wi-Fi passwords is located under "Settings" → "Privacy". On HTC devices, the option allowing Google to know the Wi-Fi password is "Backup my settings"; on Samsung devices, the setting that discloses the Wi-Fi password is "Backup my data." Their only description is "Back up current settings and app data," without mentioning Wi-Fi passwords at all.
In Android version 4.2, the option for disclosing Wi-Fi passwords is under "Settings" → "Backup and Reset." This option is called "Backup my data," described as "Backing up app data, passwords, and other settings to Google servers."
Without a doubt, "settings" and "app data" are vague terms. In the "User Guide" for Android version 2.3.4, there is a more detailed explanation of this backup function: "Through your 'Google Account,' you can back up some personal data to Google servers. If you switch phones, you can restore previously backed-up data."
"If you select this option, various personal data will be backed up, including Wi-Fi passwords, browser bookmarks, lists of installed apps, words added to the dictionary, and most settings made through the 'Settings' app. Some third-party apps may also use this feature, so if you reinstall an app, you can restore personal data. If you do not select this option, it means you no longer want to back up data to your account, and all existing backups will be deleted from Google servers."
Based on this explanation, backing up data or settings allows users to easily transfer to a new Android device while ensuring synchronization of settings between old and new Android devices. It doesn't mention that Google can read passwords. But remember, Android devices remember the passwords of all Wi-Fi networks they have connected to.
According to the tech site The Register, "The list of Wi-Fi networks and passwords saved on the device may not just be limited to the user's home but also includes hotels, stores, libraries, friends' homes, offices, and various other places. Google and other companies may incorporate this information into the Wi-Fi hotspot maps they have been creating over the years. If such data gets out, the user's privacy may be compromised."
The good news is that Android users can opt out by turning off this option; the bad news is that like other US companies, Google may be forced by US government agencies to secretly reveal user personal information. Agencies like the National Security Agency, Federal Bureau of Investigation, and Central Intelligence Agency may not need professional codebreakers to obtain user Wi-Fi passwords, and they don't need to crack WPS or UpnP.
If Android devices can leak user secrets, WPA2 passwords and long random passwords provide no protection. Perhaps, Google does not want to upset users, but they have no choice. Yahoo CEO Marissa Mayer recently admitted that if executives of US public companies leaked government secrets, they might face imprisonment.
Similarly, US cloud storage service Dropbox can read files users save on their platform, Microsoft can read files users save on SkyDrive, and even Apple can access iMessages users store. Industry insiders say that users today have no secrets left.
In conclusion, while users can protect themselves by opting out of certain features, the potential for government surveillance and data exposure remains a significant concern in today’s digital age.
