Researchers from ULM University have found a security flaw similar to sidejacking in Google s Android operating system affecting some 99.7% of users. The flaw is in the ClientLogin API, and according to the report, it could allow hackers to steal contact lists, calendar events, and other sensitive data. The researchers claim that in theory, any Google service using ClientLogin APIs, whether on an Android device or not, could be vulnerable. Google announced their intention to release a transparent fix that does not require an Android OS update.
Source: https://threatpost.com/study-android-app-authentication-bug-affecting-99-users-052411/75265/