This week researchers spotted a security flaw affecting more than 99 percent of all Android devices that could allow an attacker to steal your account credentials when you tried to synchronize with Gmail, Facebook, Twitter, Google Calendar, or other services on an insecure wireless network. Today Google acknowledge the issue and promised that the company is already rolling out a fix which will work for all Android users, regardless of which version of the operating system they’re running.
Google says the fix “requires no user action,” and should be available globally within the next few days.
Unfortunately there’s still no fix for Picasa. When you sync your gallery photos with Picasa Web Albums, you’re still exposing your data, so you might want disable sync when you’re using a public WiFi hotspot until Google solves the Picasa vulnerability.