"For instance, the adversary can gain full access to the calendar, contacts information, or private web albums of the respective Google user," wrote the researchers, from the University of Ulm.
“This means that the adversary can view, modify, or delete any contacts, calendar events, or private pictures. This is not limited to items currently being synced but affects all items of that user."
The vulnerable data are known as Authentication Tokens. They allow users to log in to online services via apps for up to two weeks at a time.
Normally Authentication Tokens are sent to smartphones via an encrypted connection, but the researchers found that handsets running Android up to version 2.3.3 receive them as plain text files when connected via an unencrypted WiFi network.
My ramblings: This is not a fault of Google. If you use any device (iPad, iPhone, iPod Touch, a desktop, laptop, etc.) on an unencrypted WiFi network, you are highly vunerable. Please, if you have a WiFi router at home, make sure it is encrypted with up-to-date security, and make sure that the password is not guessable (ie. address, family name, favorite book, favorite movie, etc.).
