InfoWorld: Researchers from Germany's University of Ulm have discovered an Android vulnerability that could put personal data at risk when users are connected to an unsecured Wi-Fi network. A quirk in the authTokens used to log in to Google Services means "[an] adversary can gain full access to the calendar, contacts information, or private web albums of the respective Google user," according to the researchers. "This means that the adversary can view, modify or delete any contacts, calendar events, or private pictures. This is not limited to items currently being synced but affects all items of that user."
Users can limit their vulnerability by upgrading to Android 2.3.4. The researchers also suggest steps that developers can take to make their apps more secure.