Security and privacy is a big issue when it comes to the internet. Many services have seen issues arise in their security features over the past year or so. Android is no exception.

Researchers at the Institute of Media Formatics at Ulm University say a security issue is present in nearly all Android phones. A breach could leak contact information, calendar data, and photos.

According to researchers, the issue is with ClientLogin, the method Google Android apps use to authorize data transfers to web-based services. The method uses token to pass login information to a web service through a secure connection. The problem is that the tokens remain valid for up to 2 weeks through an unsecured connection. The life on the validation gives hackers a chance to steal or modify any data within these services, as is typically done with stalking or corporate espionage.

In order to steal the data, hackers must be on the same Wi-Fi network and in close proximity of the phone. The theft occurs more commonly on unsecured networks against phones using Android versions prior to 2.3.4. Version 2.3.4 for Picasa is also affected.

The researchers said the best way to eliminate this kind of data theft is to upgrade to version 2.3.4 and use only secured connections. Users can then turn off the automatic synchronization, which will help eliminate the possibility of an unsecured connection.