Google has plugged an Android hole that could have allowed someone to snoop on an unencrypted Wi-Fi network and access calendar and contact data on the smartphones.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in Calendar and Contacts," a Google spokesman said in a statement. "This fix requires no action from users and will roll out globally over the next few days."

Basically, the fix forces all Android devices to connect to Google Calendar and Contacts servers over https (Hyper Text Transfer Protocol Secure) so that someone snooping on an unprotected wireless network won't be able to grab authentication tokens used by the operating system to validate devices. Android customers will not have to do anything for the fix, which could take a couple of days to roll out to everyone.

More: http://news.cnet.com/8301-27080_3-20064011-245.html