German researchers have claimed that 99.7 percent of Androids were host to a major security flaw, although Google has refuted the figure.
Edge reports a team from Ulm University claims Google’s ClientLogin API was open to hackers until a recent update.
By using a method similar to cookie theft, it was apparently “quite easy” to snag entry to Android users’ Google services, with privileges to view, modify, and delete. Contacts, calendar and Picasa all seem to have been vulnerable.
Google responded to Edge’s request for more information by confirming the exploit’s existence, but said it had it under control.
“We’re aware of this issue, have already fixed it for calendar and contacts in the latest versions of Android, and we’re working on fixing it in Picasa.”
The representative also told Edge that the research team’s figures are inflated, as the exploit only works in “highly specific” situations.