Google is already working hard to fix the security lapse that affects the Android applications security that sync with servers on the Internet. Successfully, they have now found a way to fix the problem without even having to update users’ devices, which is good since 99.7% of devices (all running Android 2.3.3 and below) were affected.
This fixation is from server side as Google will make its servers switch to a secure channel when syncing users’ data. The fix should be rolling out to Google’s servers in over next few days time and affect every Android device.
The Contacts and Calendar applications were affected and this fix should make them secure. The Gallery app, which syncs online albums with Picasa, however is and will remain vulnerable after the fix (the Gallery app is developed by a third party). Google is looking into that but didn’t give a timeframe for fixing the Gallery hole.
It is a good news to Android users that Google managed to find a solution that doesn’t require updating the Android devices themselves – that usually takes quite a while and some older devices aren’t being updated at all any more.