Google is working on fixing a hole in Android that can allow someone to snoop around on an unencrypted WiFi network and access the user’s calendar and contact data on Android powered smartphones.
Google announced on 18,April-2011 that the flaw, which was first detected by researchers from the University of Ulm in Germany, occurs in the way that Android apps use the “ClientLogin” authentication feature to access any number of Google services, which includes Google Calendar and Contacts.
“Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts. This fix requires no action from users and will roll out globally over the next few days,” said a spokesperson from Google.
Google’s fix, which should be coming out in the next few days, will force all Android devices to use the HTTPS protocol when connecting to Google Calendar and Contacts. This will prevent someone who is snooping around from accessing authentication tokens that are used by the operating system to validate devices.
Since most android users still use older versions of the operating system, Google is working on making this fix come out sooner. The latest releases of Android 2.3.4 and Android 3.0 do not have this issue.