You deserve our explanation with full transparency

2016.12.09 Update:

AirDroid(Mobile 4.0.0.3; Mac/Win 3.3.5.3 ) is now completed its roll out and available on Google Play. We have fixed the issue regarding the recent concerns over AirDroid’s security altogether with a structure upgrade that we have prepared for awhile. 

In this update we have:

  1. Upgraded the communication channels to https
  2. Improved the encryption mechanism
  3. Other security improvements

You can now download it from Google Play.

 

 

Regarding the security concern about AirDroid, we are here to be transparent to you.

First of all, we want you to know that your AirDroid account shall not be exposed to any security risks provided that a secured Wi-Fi/LAN connection is used (a Wi-Fi/LAN connection whose host is known by the user).

However, it does not mean that we don’t take this concern seriously. We did take an immediate reaction right after became aware of the possible security issue. Unfortunately, there’s a misunderstanding between us and the blog which thought we didn’t keep our promise to improve.

Due to the complexity of coding for a cross-screen management application like AirDroid, it is required to have a complete sync systematic coding across clients and server to ensure best possible experience for our users during this transition time, as the systematic amendment will not be completely compatible with the previous versions and some functions may be affected.

Although we experienced a major restructure earlier this year, we have worked tirelessly and stretched our capability to the max. to make sure that we bring the best solution to you ASAP. We now catch up the timeline and will ship a security update as soon as possible.

We want to emphasize that your security is our first priority, and this is what our tech guys have always been working the hardest to improve AirDroid.

Meanwhile, we want to press again that we highly encourage our users to be alarmed to any unknown wifi which might expose your personal data at risk.

Please bear with us, our AirDroid team is working on shortening the lead time and we will make sure you will be the first to know upon the update is ready!

If you have any further concern, please do feel free to leave comments below, we will answer your questions asap.

Thank you for being with us all along, your trust means everything to us!

  • Josh

    Why did you not pause development of 4.0, release a fix for the bug, and continued work on 4.0 with the fix? Why was security not a priority?

    • Slav Dok

      Prolly have no code branching

      • Noah Boudy

        No because this “exploit” or “bug” is neither, it was intentional and now they got caught, so they will find another way.

  • resource

    This is not acceptable. You ignored a major bug to push out a new release. This is not acceptable product management or respectful of your users.

  • Gilgamesho

    Thanks for your efforts AirDroid team. Some of us appreciate the hard work that you are doing. The rest are just upset because they love using your app but they don’t want to compromise their data. Hope that you fix the issue soon 🙂

    • verboze

      We’re upset at the way this issue was handled. Security bugs happen all the time, that’s understandable. Knowingly leaving an vulnerability open for over half a year to focus on other priorities, knowing full-well what sort of sensitive data users trust to their app, and only reacting AFTER being exposed is NOT acceptable. Consider this: they will have a fix in two weeks, yet they could not feet those two weeks in a span of 6+ months? This is poor prioritization, makes me consider how seriously they take the security of the data I’m entrusting to them.

    • Noah Boudy

      Nope, not upset, just vindicated that I DID NOT use their product because 5 minutes into installing and “using” it, it became clear to me that its shady, you guys should really pay closer attention to what you install, use and trust.

  • Swami

    Explanation with full transparency AFTER being exposed.. And an advice of don’t connect to insecure networks AFTER knowing the vulnerability for more than 8 months.. Your security is our first priority BUT v4 was an even higher priority.. Bravo!!

    • verboze

      My thoughts exactly. they had months to fix his. I call bull on this post. I’m thankful to the security researcher and blog posts who forced their hands on this.

    • Noah Boudy

      I pointed out almost a month ago on their blog and got the generic write us and we’ll look into it and nothing ever happened. They are based in Hong Kong, they have ALWAYS been shady and frankly the zero support they provide should have been everyone’s clue. There is no transparency, there never has been, even about who they are and where they are located and how they handle your information. I guess it takes something like this for people to wake up and use common sense.

  • Justin Coffman

    Probably the best question to ask is this: Why did the AirDroid team think it was a good idea to roll their own crypto solution in the first place, let alone one that uses a static key easily discoverable from source, let alone a “key” that wouldn’t pass even basic password complexity checks, let alone to use as a key for an algorithm that has been deprecated and known broken (via brute force) for almost 20 years? This “vulnerability” wouldn’t have existed in the first place had anyone even stopped to consider the basic tenets of secure design.

    • Justin Coffman

      With a more forward view: Will AirDroid be allowing any third-parties to audit the code they put in place to solve the issue, to ensure that it does meet secure design requirements?

    • Noah Boudy

      Again, makes perfect sense for shady operations that don’t care one bit about YOUR interests. Just what they can get out of it, nothing more.

  • Andy Roid

    You destroyed our trust

    You knew there was a massive security hole for six months and did nothing to fix it

    You only responded when you were publicly exposed.

    Who knows what other security holes you are ignoring at the moment.
    I uninstalled your app straight away. Terrible developers

    • wombatmustdie

      LOOOOOL You are dumb as shit and i just hacked your MOM

  • mchlwlsh

    I downloaded Airdroid 4, it drive my AV software crazy, in the setup there was something nasty. I pulled the log file and sent it to them…never heard anything, cancelled subscription.

  • https://kylegospodneti.ch/ Kyle Gospodnetich
  • Daniel

    My trust in AirDroid is destroyed. And I am sick of this attitude – basically not accepting your fault plus you say that security is your first priority? What *tech guys* you have there? I wouldn’t employ them in any of my companies. Hope they at least stand up against this…

  • Dana Běla

    I switched to Feem v4 (http://www.feem.io). I now feel safer.

    • wombatmustdie

      theres massive virus alert on the news about feem !!!!! Software got hacked last week by swedish meat sausage. Was on tv in germany today …. im sorry

  • Toto

    I regret blackberry blend 🙁

  • Kaled Kelevra

    You were great. Now you are shit.

  • wombatmustdie

    I just installed AIRDROID HACKED BY HACKOOOR AND ITS AWESOME 😀 Seriously …. people who are scared that much shouldn’t be on the internet.

    Goodnight.

  • englishinator

    Wow, this reads like horribly Google translated Asian to English