More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.
The data being leaked is typically used to get at web-based services such as Google Calendar.
The discovery was made by German security researchers looking at how Android phones handle identification information.
Google has yet to comment on the loophole uncovered by the researchers.
Read more on BBC.
Related: Catching AuthTokens in the Wild: The Insecurity of Google’s ClientLogin Protocol