updated — the fix is a rollin’ out : http://blogs.computerworld.com/18308/google_android_security_flaw
If you geek out on the latest android SDK like me (admittly not as much as I would like to), or know anything about API more details about the flaw are in the paper here: http://www.uni-ulm.de/in/mi/mitarbeiter/koenings/catching-authtokens.html which compares this to sidejacking a session cookie.
ClientLogin API: http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html
Poll of the Week
Could your inbox use a little more awesome?
Sign up to get a daily dose of awesome gov-focused resources, trainings, blogs and articles to help you do you job better.