Google's Password Storage Database

Do you have an Android phone? Some interesting news I read this week was that an innocuous (on by default) setting on Android phones can save your Wifi passwords on Google’s servers.  It also backs up all your app settings, bookmarks and so on.  This isn’t that worrying - it could be considered a useful feature.  However, the worrying thing is that these plain-text passwords aren’t encrypted using your account details - they are available in unencrypted form to Google employees. This includes the password to any Wifi point you’ve connected to - home, work, and so on.  Seeing as how Google have been harshly criticised in the past for collecting data about the locations of Wifi access points, it seems a little foolish to trust them with unencrypted passwords to all these access points too.  We already know they can be compelled to hand off this information to the security services.  It just makes it a little too easy for it to be abused. They claim that turning off the feature will delete the data from their servers - but who knows whether that happens or not?  I am getting more and more concerned about how much this one company knows about me.  It gives them an awful lot of power. What if I want to save my app settings but not my Wifi passwords?  There is no option.  It’s pretty much all or nothing.  I shall be backing up my data myself from now on I think…

• android
• gchq
• google
• nsa
• Security