I have read an article on Lithuanian technologies portal –> here about security on Android phones. Below i will try to translate as shortly and briefly as i can.
A University of Ulm in Germany made a reasearch and found out that “Android” DOS is almost 100% insecure and that its very easy for attackers to take your personal information , this also was found out by “Google” erlier.University proposes that „Android 2.3.3“ and older phones , which is 99,7% of all “Android” phones have a security issue related to innapropriate program in accesion protocol called “ClientLogin”.When a user connects to “Twitter”, “Facebook”,..etc Client login gets an uncoded authentication mark in a plain text, this where the creepy things happen. Attacker just has to steal Cookies intended for a fast login. This is where comes the biggest cyberattacks tool “Botnet”, the user has to only connect to them. Then the attacker gets all the information he wants : Contact persons , your personal calender, passwords from social networks.
Google had this problem much erlier , but they had succesfully fixed the vurnelability, by changing the version of their DOS.
In my opinion while the problem is so big , the users have to take some additional security means, like updating the software as soon as possible, if its not they should turn off the automatic synchronization and do not use this kit to uknown networks.