I read that Google Inc. can access any Wi-Fi network password to which an Android smartphone or tablet has connected in the past. Is there a way to prevent mobile devices from remembering Wi-Fi passwords? What are the risks my organization faces if Google (or other companies) know my password?
Ask the Expert
Have questions about network security? Send them via email today! (All questions are anonymous)
It is possible to prevent an Android device from remembering Wi-Fi passwords. In Android 4.2, go to Settings, then Backup and Reset. Choose Backup My Data. If you don't want your device to remember your various Wi-Fi network passwords, simply unselect this option.
What becomes ambiguous now is whether Wi-Fi passwords get saved to Google's servers even after you've unselected this option. You could assume that Google does save them because when you purchase another Android device, you simply type in the username and password to your Google account and all of the settings and passwords from your previous device repopulate your new device.
In terms of security implications for your enterprise, I would say two glaring issues are immediately apparent. First, even if you personally deselect the Backup My Data option -- and even if the Wi-Fi password isn't saved on one of Google's servers -- the same cannot be said about every other Android device that has successfully connected to your organization's Wi-Fi network. In this case, I would recommend that your company implement a policy that requires a password change on a relatively frequent basis.
The second security implication that has surfaced in several forums has to do with the legal ramifications of Google being in possession of enterprise passwords. In my own uninformed legal opinion, there's not much that can be done about this. If the federal government were to serve Google with a subpoena requiring it to hand over a list of usernames and passwords, then, absent a hotshot team of attorneys employed by your organization, I would say that there's little that can be done in the way of privacy protection.
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ... Continue Reading