If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Google rolls out fix for Android security flaw

Calendar and contacts exploits already addressed, as patch due in "next few days"

An automatic fix for a serious security issue in the Android OS has begun to roll out for smartphones, as Google tries to assure users that no action is needed on their part.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," said Google in a statement. "This fix requires no action from users and will roll out globally over the next few days."

The flaw was identified by a research team at Ulm University in Germany and affects 99.7 per cent of smartphone users with Android. The flaw potentially allows hackers access to the calendar, contacts information, and private web albums.

The calendar and contacts exploits were fixed on the same day as they were reported, with the forthcoming patch addressing the other issues.

The university team has stressed that the flaw does not involve any database of information, as with the recent PlayStation Network security scandal, and so far there have been no reports of problems from users.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," said researchers Bastian Könings and Jens Nickels.

"The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

The team also discovered that some Android applications transmit unencrypted data.