android
Security Vulnerability On Android
The weakness stems from the improper implementation of an authentication protocol known as ClientLogin in Android versions 2.3.3 and earlier. The process is when after a user submits their credentials for Google Calendar, Twitter, Facebook, or other accounts, the programming interface then retrieves an authentication token that is sent in cleartext. Now because the authToken can be used for up to 14 days in any subsequent requests on the service, attackers can exploit them to gain unauthorized access to accounts instead.
This security hole was patched by Google with the release of Gingerbread 2.3.4 and very possibly with Honeycomb 3. If you recall Android’s fragmented distribution then you should be well aware of how many devices there are out there in the smartphone market that are running on Android but with versions 2.3 and in some cases even 2.2. If you are such a user then it is highly suggested that you upgrade your Android operating system to 2.3.4 as soon as possible.