A study at the University of Ulm (in Germany) has found that any Android phone running version 2.3.3 or lower can be hacked for personal data.The security hole has to do with Android’s Client Login protocol, which is the way your phone stores information when you log in to a service like Twitter or Gmail.
The study found that the information is stored on your phone for 14 days and available to any hacker who knows how to access it from an open wireless network. (Such as a public Wi-Fi connection.)
Since the only version of Android that isn’t vulnerable to the attack — version 2.3.4 — was released a few days ago and only on Nexus S and One phones, that means 99% of Android owners are affected by the security flaw.
You can read the full study here. The researchers suggest logging in using HTTPS on mobile sites whenever possible until Google issues a fix.
Business Insider Emails & Alerts
Site highlights each day to your inbox.