Google confirms Android security issue, server-side fix rolling out today
![](https://s.yimg.com/ny/api/res/1.2/dt3w2xbDRrJ7hRaixOkJ3w--/YXBwaWQ9aGlnaGxhbmRlcjt3PTk2MDtoPTc0Mg--/https://s.yimg.com/uu/api/res/1.2/iin_zqQrEyvXsC_huu4cJg--~B/aD00MjU7dz01NTA7YXBwaWQ9eXRhY2h5b24-/https://www.blogcdn.com/www.engadget.com/media/2011/05/google-android-fix-05-18-2011.jpg)
No Android security flaw is good news for Google, but the recently discovered ClientLogin issue that left the OS vulnerable to impersonation attacks is surely at least a bit more welcome than some of the alternatives. That's because the flaw can be fixed at the server-side level (rather than on millions of Android phones), and Google has now confirmed that a fix is rolling out today, although it may take a few more days for it to cover all users (there's no action required on your part). The company's not quite out of the woods just yet, though -- while we've confirmed with Google that the fix addresses the issues with Calendar and Contacts, the problem with Picasa remains, and there's still no indication of a fix for it. Incidentally, Google had already fixed the Calendar and Contacts issues on the phone-side with Android 2.3.4 (although that still left 99 percent of phones vulnerable), but it too is still stuck with the Picasa vulnerability.