The findings from Germany's University of
Ulm build on previous findings from Rice University professor Dan Wallach, who in February uncovered similar Android privacy shortcomings. "Based on Google's own statistics ... more than 99 percent of
Android-based handsets are vulnerable to the attacks, which are similar in difficulty and effect to so-called sidejacking exploits that steal authentication cookies," The Register writes.
The attacks can only be carried out when Android-powered devices are using unsecured networks, such as those offered at Wi-Fi hotspots. A Google spokesman said the Android team is aware of the issue and is working on a fix.