If you're an Android smartphone owner, congratulations! There's a 99% chance your phone is vulnerable to an extremely devastating exploit. Security researchers recently uncovered a vulnerability in Android 2.3.3 and earlier. Due to an incorrect authentication protocol, authentication tokens for several apps are being sent in unencrypted cleartext.
An AuthToken works for up to 14 days and can be used to gain access to a 'secure' account. Google Calendar, Contacts and more are believed to be at risk. One researcher described the exploit as "quite easy" to do. Google has already released a fix for the issue but, thanks to the shocking state of Android fragmentation most users do not yet have it. An estimated 99% of Android phones are still unprotected.
This brings us to the major issue fragmentation poses for the future of Google's mobile operating system. An OS like Windows has no trouble pushing updates to millions of users. They may not all choose to download it when prompted, but Microsoft has the ability to offer every legal Windows user a fix as soon as it becomes available. That isn't even an option for Google.
There are many Android devices running weird custom UIs and filled with carrier bloatware that can't rely on the 'stock' Google updates to fix their problems. What if your phone still runs Android 2.1? Or if it has the Sense UI? And what if your carrier decides they don't want to push the update right then? You're left high and dry- and very vulnerable.
The longer Android's reign continues, the more often problems like these are going to crop up. So far, Android has thus far avoided a cataclysmic information disaster ala the PSN hack. But they aren't invulnerable and you can trust that there are very smart people working to exploit the OS right now. If Google doesn't find a way to keep the mass of Android users secure, they risk losing consumer confidence.
You trust a lot of data to your smartphone. You give it your name, address, email, password info, credit card details and every least snippet of your private life. We like to think these little plastic and metal boxes of secrets are secure. News like this underscores the fact that, past a certain point, the average person is helpless to maintain the sanctity of his or her own secrets. We have to rely on Google for that. And it looks like Android has grown to big now for even them to control.