Google moves to fix Android leak

Image caption,
Android phone owners are being urged to update their handset to avoid problems

Google is fixing an issue with Android phones that could have exposed users' personal data.

It follows a warning from German security researchers that more than 99% of handsets were potentially leaking information.

The flaw meant hackers could have gained access to data within the phones' calendar and contacts applications.

Such issues are likely to become more frequent, warned security experts.

Google said in a statement: "We're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts.

"This fix requires no action from users and will roll out globally over the next few days."

The vulnerability affected the login credentials for some applications.

The ID token that allows people to access the service without the need to keep logging could be intercepted by criminals if they were sent over unsecured wireless networks.

With this token, criminals would be able to pose as the user and get at their personal information.

Security experts have praised Google's quick response to the issue but warned that the huge range of Android smartphones on the market leaves Android devices open to security issues.

"Whereas Apple can issue a single iOS update to patch iPhones and iPads, things aren't so simple for Google's users," said Graham Cluley, a senior consultant for security firm Sophos.

He said users should upgrade to the latest version of Android and avoid using open wi-fi networks.

"Using 3G may eat into your data plan, but it is far less likely that your communications are being snooped upon," he said.

More on this story