Google is no stranger to shady shenanigans with Wi-Fi and Computerworld’s Michael Horowitz notes that the company can see the passwords of every single Wi-Fi network you’ve ever connected with on your Android phone or tablet.
The issue is that Google automatically backs up all your Wi-Fi passwords to its servers as a default setting for Android devices and that it can see the plaintext data that it’s stored even though your passwords are encrypted before they’re sent to its servers.
So although there’s little risk of a hacker breaking into Google’s servers and stealing the encrypted passwords, Horowitz points out that Google can be compelled to hand over Wi-Fi passwords that it has stored on its servers by the United States government.
The good news is that backing up your Wi-Fi passwords on Android is completely optional, even though Google has made it a default setting on its phones.
Here is how you can tell Google to stop backing up your Wi-Fi passwords and to delete the stored data they have on their servers.
- For devices that use Android 2.3, go to the Settings menu
- Click on a menu option that will either say “Back up my settings” or “Back up my data”
- Simply uncheck the box that asks whether you want to back up your settings and app data
The process is similarly straightforward for Android 4.2 Jelly Bean devices.
- Once again, go to your Settings menu
- Find the “Backup and Reset” option
- Uncheck the “Back up my data”
In both cases, Google will erase the data it’s collected from your phone automatically when you tell the company that you no longer want to back up your passwords and app settings.
Although this process is relatively simple for users who want to keep their home Wi-Fi networks’ passwords secure, it may be trickier for large enterprises whose employees use Android devices at work because Google stores all Wi-Fi passwords that a phone uses, not just the ones that it uses most often.
In other words, all it takes is one Android phone in your workplace that’s backing up Wi-Fi data to have your company’s Wi-Fi password stored on Google servers. Companies that don’t want their passwords vulnerable to NSA dragnets may want to consider telling all employees with Android devices to disable the backup option as a prerequisite for using their office’s in-house Wi-Fi network.