Android handsets leak personal data

BBC : Nearly all phones that run Google’s Android operating system are leaking data used to access web-based services. Many applications installed on the phones interact with Google services by asking for an authentication token—a digital ID card for that application. Once issued, that token stays active and users aren’t prompted to log in again for a certain length of time. These tokens are sometimes sent over wireless networks in plain text, which makes them easy to find and steal for anyone eavesdropping on wi-fi traffic. The tokens aren’t bound to individual phones or times of use, so they could potentially be used to impersonate a handset anywhere. Bastian Konings of the University of Ulm and colleagues, made the discovery when they investigated how Android phones handle login credentials for web-based services. Google has not yet commented on the loophole uncovered by the team.