Google fixes Android security flaw

Google has started rolling out a fix for a security flaw that may affect a majority of smartphones running its Android operating system. A Google spokesperson told Computerworld that the fix requires no action from users and will be rolled out in the next few days. "Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days," it quoted the spokesperson as saying. Earlier this week, security firm Sophos said that a security vulnerability may allow unauthorized parties to snoop on the Google Calendar and Contacts information of up to 99 percent of Android smartphones. Sophos' Graham Cluley said that researchers at the University of Ulm found the Calendar and Contacts apps transmit information via HTTP and merely get an authentication token (AuthToken) from Google. Citing the paper by Bastian Könings, Jens Nickels, and Florian Schaub, Sophos said this applies to Google's ClientLogin Protocol in Android 2.3.3 and earlier. Cluley said that this scenario is a real problem if one uses an unencrypted WiFi hotspot such as those commonly available in hotel lobbies, airports or at the local coffee shop. He also said that while Google may have fixed the problem in Android 2.3.4, some 99 percent of Android users are vulnerable, as they are running a lower version. For now, Cluley recommended that Android smartphone users upgrade to the latest version of Android if at all possible. — TJD, GMA News