A newly published study from the University of Ulm in Germany has revealed that virtually every Android device has a major flaw in how they handle app security and could leak personal information. An authentication protocol apps need to use, ClientLogin, delivers its authentication token in clear text on at least Android 2.3 and earlier. The lack of protection not only makes the information easy to intercept but is reusable for two weeks after it's first sent, making it easily exploitable once detected.
