Google to Patch Android Credentials Vulnerability

Well that didn’t take long. Yesterday, we told you about an Android vulnerability found in ClientLogin that could have serious security ramifications. Using a dummy open access-point, a nefarious third party could passively — via Wi-Fi — collect authentication tokens to password protected services such as Facebook, Twitter, and Google Calendar stored on affected Android devices.

Speaking with Mobilized’s Ina Fried, the Android-maker has stated that it is taking action, and fast. “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts,” Google told the publication. “This fix requires no action from users and will roll out globally over the next few days.”

The vulnerability will still be present in the company’s Picasa online photo offering, but Google stated that it is working to patch that service as well.

This content was originally published on

More news from BGR:- With iPhone 4S on the horizon, Apple to slow iPhone 4 shipments- 250,000 BlackBerry PlayBook tablets sold to date, RBC says- Verizon’s Motorola DROID X2 will launch on May 26th for $199.99