Researchers have discovered that nearly every Android smartphone has a vulnerability that could allow data theft when accessing the web from an unsecured network.
According to research conducted by security experts at Germany's University of Ulm, around 99 percent of Android devices run the risk of having their digital credentials stolen by hackers.
The researchers found the bug in the ClientLogin authentication protocol found in devices running Android 2.3.3 or older. The problem does not affect Android 2.3.4 users, but a majority of Android devices are still running older Android versions.
When users submit their account credentials for accessing Google Calender, Contacts and other Google and non-Google services, their data is stored in servers in an unencrypted form for 14 days. This vulnerability could allow hackers to steal the credentials via unprotected Wi-Fi connections, mostly found in public areas.
“For instance, the adversary can gain full access to the calendar, contacts information, or private Web albums of the respective Google user," researchers Bastian Könings, Jens Nickels, and Florian Schaub wrote in their report, CNET reports.
"This means that the adversary can view, modify, or delete any contacts, calendar events, or private pictures. This is not limited to items currently being synced but affects all items of that user." the report read.
Google apparently is aware of the issue since they fixed it in Android 2.3.4, but users who have not yet upgraded are still at risk.