How to stop Google from knowing all your WiFi passwords

Martin Brinkmann
Sep 13, 2013
Google Android

Android's backup and reset feature looks on first glance like a great feature. It backs up app data, Wi-Fi passwords and other settings to Google servers, so that you can restore them at a later point in time. This can come in handy if you lose access to your phone and get a new one. Instead of having to enter the data again manually, you simply restore it to have access to it again right away.

Most Android users have the setting probably enabled by default, and those who do are not likely to object to it at all. A issue however came to light recently. If WiFi passwords are backed up as well, it means that Google can in theory access those passwords.

Some may suggest that Google is using a password or other means of protection, like it does on Chrome, so that the company cannot read the data. But if you have ever lost access to your phone and bought a new one, you may have noticed that the restore feature added hotspot and password information back to the phone automatically and without you having to enter any password or other data before that happened.

This means that Google can read the data. Even if you think that Google won't read it, it is still bound by law. And since Google is a US company, it can be asked to provide information without being allowed to talk about it.

If you look at the big picture, you will notice an alarming situation. With more than 750 million Android phones being sold in 2013 alone, Google sits on a goldmine of WiFi data. Even if Google does not access it at all, it may be forced to share the data in the US.

Block the transmission of WiFi passwords in Android

I checked my Samsung Galaxy Note II phone and noticed that it too was set to backup data to Google automatically. What you need to do is disable the feature to block the passwords from being submitted to Google. This disables the back up feature of the phone, so that you need to take other precautions, like backing up all data locally so that you have full control over it at any time.

block google backup

Here are the steps to turn the feature off:

  1. Open the settings of your phone or tablet.
  2. Select Back up and reset.
  3. Uncheck the back up my data option.

Google notes that unchecking the option will stop the backup and delete all existing data on Google servers as well.

If you want to be extra-careful, change the WiFi passwords that you have used in the past.

Please note that the steps may be different depending on your Android version and phone manufacturer. On Android 2.x, you need to select Settings > Privacy and then the back up option displayed there. It is interesting to note that you won't find WiFi passwords mentioned here at all.

You find additional coverage of the issue over at Micaflee's blog, The Register and Tech Republic.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. kakero said on July 7, 2017 at 5:59 am

    hello thanks for guide

  2. Michael Horowitz said on September 15, 2013 at 6:23 pm

    Excellent summary of the situation Martin. Thanks.

  3. Zsolt said on September 13, 2013 at 9:17 pm

    I use the Wi-Fi password only on the router, so if someone can read that password, it works only with my Wi-Fi (and not on my e-mail, etc).
    On my dd-wrt router MAC-filtering is enabled, so even if you have that password, you can not connect.

    So: should I still uncheck this confortable feature in the settings after this?

    1. Charles Laughton said on September 5, 2021 at 4:52 pm

      Remind me to show you how trivial it is to spoof a mac address. In fact, your home router probably has a feature built in for this to deal with fussy cable modems. Also, MAC collisions can occur when manufacturers re-use mac addresses. We need ways to handle these problems, ; )

    2. Dante said on September 14, 2013 at 4:55 pm

      It is very easy to spoof MACs. A simple Internet search comes up with dozens of free means to do so.

    3. ilev said on September 14, 2013 at 6:23 am

      If someone has the password to your router in can change your router configuration (DNS…)
      and route all data in your network through a bogus server….

    4. Martin Brinkmann said on September 13, 2013 at 9:50 pm

      Mac Filtering is not a secure protection.

  4. ilev said on September 13, 2013 at 9:06 pm

    Report: NSA Mimics Google to Monitor “Target” Web Users

    Buried in a Brazilian television report on Sunday was the disclosure that the NSA has impersonated Google and possibly other major internet sites in order to intercept, store, and read supposedly secure online communications. The spy agency accomplishes this using what’s known as a “man-in-the-middle (MITM) attack,” a fairly well-known exploit used by elite hackers….

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.