Google today acknowledged that there was a security flaw where a third-party was able to access data available in calendar and contacts on certain phones. Yesterday, it was exposed that Android users who were using an unsecured WiFi network could have their Contacts, Calendar, and Picasa web albums stolen.
Google has said that the fix being pushed out is all server-side and can not be fixed by the user. The update begins today and may not be completed until later this week. Google explains,
Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third-party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.