A security leak that affected nearly all of the phones with Google"s Android operating system is in the process of being fixed, at least in some aspects. The issue, which we first reported on Tuesday, was an "improper implementation of an authentication protocol known as ClientLogin in Android versions 2.3.3 and earlier". Now according to a story in Computerworld, that exploit has been closed, at least partially, and thankfully it won"t require a client download.
According to the article, the exploit would have allowed hackers to go after info from a Android user"s Google Calendar, Google Contacts, and Google Picasa account if the user was connected to a public WiFi network. That issue has been fixed for phones that have the 2.3.4 version or higher of Android but that still leaves 99 percent of Android phones vulnerable to that particular security hole.
Now Google is saying that they are pushing out a server-side update that will mostly close that exploit. specifically for the Google Calendar and Google Contacts programs for all Android-based phones and devices. Because the update will be on Google"s servers, there will be no software update needed for the phones themselves. It should cover all of the affected phones by the end of the week. However the security exploit that affects Google Picasa is still being worked on by Google and there"s no word on when that will be fixed. As we mentioned on Tuesday we recommend that Android phone users to always use encrypted WiFi networks in order to keep their data secure.