Google Confirms recent Android vulnerability : Working on Fix
Google has confirmed the recent ClientLogin issue that left the Android OS vulnerable to impersonation attacks. As we know, Google really loves their OS and has alread stared rolling out a Server side fix for the issue and should cover all Android users in the next 48 hours. On the other hand, Calendars , Contacts and Picasa accounts are still vunerable Phone-side and need to be updated to OS 2.3.4 to be eligible for a fix that Google has included in the update.
The funny thing is that in most parts of the world, Especially in India, a majority of Android users are on 2.2 / 2.1 or even lower, and these users will remain exposed to the security flaw.