Over 99% of Android phones are vulnerable to data theft when accessing the internet from an unsecured network.
Applications installed on devices carrying Android interact with Google services by asking for an authentication token, which serves as a form of digital ID.
The tokens then become vulnerable to theft if they are sent over an unsecured wireless network, making them easily accessible to criminals.
The data being leaked is done so through using web-based services such as Google Calendar, with older versions of the software most susceptible.
Having gained access to the token your personal information is at risk, along with access to bank details and passwords.
The data you’ve inputted is stored for up to 14 days, removing the need to keep logging in to a particular service. The submitted information is then stored in serves in an unencrypted form giving criminals the chance to steal the data.
The findings come from German Security Researchers, at the University of Ulm, who were looking into how Android phones handled information.
Any Android phone running the 2.3.4 version is safe after an update removed the risk; but shows only 0.3% of Android devices have this software installed.
Users have been asked to update their phone to avoid becoming a victim, with Google looking to get this updates to people faster than they are currently managing.