Google fixes Android security flaw

Update shuts down Google calendar and contacts vulnerability...

Google is deploying a fix for a vulnerability that affects handsets running the Android operating systemPhoto: James Martin/CNET

Google is rolling out a patch for a software flaw that allows third parties to snoop on Google calendar and contacts.

The update will fix a vulnerability that allows an intruder to steal a token that is used to authenticate access to calendar and contacts on most Google Android smartphones. The devices are vulnerable to the token being stolen when a user accesses calendar or contacts using an unencrypted wi-fi connection.

The flaw affects handsets running versions 2.3.3 or earlier of the Android operating system, which means most Android handsets.

The patch will be applied to Google's servers and will fix the vulnerability for all versions of the Android OS.

A Google spokeswoman said in a statement: "Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts.

"This fix requires no action from users and will roll out globally over the next few days."