Google has confirmed a flaw in its Android OS that could potentially see personal data leaked and revealed it will roll out a fix within "the next few days".
Search engine has started patch roll-out
Yesterday, researchers from the University of Ulm highlighted the data leak, which is caused by the way the mobile OS handles log-ins for web-based services.
A number of apps in the OS require an authentication token from Google services, such as the search engine's Calendar function, when opened. The token means users don't need to keep logging-in to the service for a specific period of time. However these tokens are being issued over Wi-Fi networks, so cybercriminals monitoring the network would be able to spot them instantly and subsequently fraudulently gain access to the Google services themselves.
It is not thought the flaw, which applies to all versions of the OS except 2.3.4 and version 3.0 that is also known as Honeycomb and is designed for tablet PCs, is being exploited yet. However, Google still plans to distribute a patch.
"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in calendar and contacts," Google said.
"This fix requires no action from users and will roll out globally over the next few days."
Comments
Akhere Ewalefoh said: Heard about this loophole before but scarcely believed it now I know for sure it is real Well we all just have to be on guard I think phone anti virus and anti malware should be rolled out as soon as possible since these hi tech phones are nothing but mini PCs
Sirjohng said: Unfortunately The Cloud is full of holes it seems apparently we must always be on our guard What an easier life it was pre-Internet