It’s the second security problem to hit Android after people revealed that the unmonitored Android app store was hiding viruses masked as apps.
Unsecured wifi-networks are a safety risk anyway. But the particular problem with wifi and Android phones was a faulty authentication mechanism that left phones open much longer than they needed to be.
Extracting user data from the phones would still require a scammer to put some work into impersonating a router – see the dangers of unsecured wifi here. But it’s definitely a weakness that could result in people losing email accounts and more.
According to the German researchers who uncovered the problem, Bastian Konings, Jens Nickels, and Florian Schaub, the vulnerability is due to an improper implementation of the ClientLogin protocol.
iPhones have recently been hit by the fact that Apple has been storing very precise location data of users movements, though no third-parties are involved there.
Google needs to shorten the lifespan of the authentication tokens it gives out. And if you are web-browsing on your android on an unsecure wifi network, set the servers to https rather than http – makes it much more secure.