Only the latest phones have had the data leak plugged, meaning 99.7 per cent of Android handsets are vulnerable. When a user needs to access Google calendar, contacts and photo apps, an authentication ‘token’ is retrieved. But the tokens are sent unencrypted in plain text over non-secure networks. Hackers watching wi-fi traffic can easily spot a token, which is valid for two weeks, and use it to pose as the phone owner. Researchers discovered the flaw in Android versions on devices such as HTC Desire, Nexus One and Motorola XOOM.
Source: https://thehackernews.com/2011/05/android-phones-vulnerable-to-hackers.html