According to the report, the password of the user’s email account usually stored as plain text in SQLite database and stays un-encrypted.
When asked by a user, an Android support person, Andy Stadler said that since the App supports older email protocols, it requires the password to be used every time a connection request with the email server takes place.
Stadler, in his response, clarified that Google Android takes security very seriously and has been implemented in Android at several levels and that this loophole won’t impact the way Gmail works on Android device.
However, it was not being clear now whether Google will roll out any update to secure that or users will have to create and use obscure passwords for their email accounts.
Most mid-range to high end Android devices available these days offer Microsoft Exchange Active Sync support. Apart from that, several users make do with the traditional POP3, IMAP and SMTP protocols for their email accounts on the Android device.
The core issue lies in the older email protocols that are dependent on the simpler form of password data requirement. In the modern times, nefarious hackers employ sophisticated methods to steal user login credentials that may be residing deep in some specific databases.
Security indeed has been implemented in Android OS but there is no method to check whether the apps from the third party markets are actually secure. In past, Android has been victim of malware loaded apps being spread through the third party app stores. Apparently these apps exploit several such loopholes that exist due to technologies that are not updated.