"Flaw in Android Browser Allows Same Origin Policy Bypass"
http://threatpost.com/flaw-in-android-browser-allows-same-origina-policy-bypass/108265
There’s a serious vulnerability in pre-4.4 versions of Android that allows an attacker to read the contents of other tabs in a browser when a user visits a page the attacker controls. The flaw is present in a huge percentage of the Android devices in use right now, and there’s now a Metasploit module available to exploit the vulnerability.
"Back-and-Forth With Google Led to Disclosure of Android Browser Flaw"
http://threatpost.com/back-and-forth-with-google-led-to-disclosure-of-android-browser-flaw/108308
The researcher who originally discovered the same-origin policy bypass in the Android browser said he reported the vulnerability to Google some time ago, but that the company’s Android security team said it was unable to reproduce the issue.
Baloch said via email that after receiving the reply from Google, he wrote his blog post explaining the vulnerability. Shortly thereafter, Josh Armour from the Android security team sent another email saying that the company had in fact been able to verify the vulnerability after all.
"Dozens of Popular Android Apps Leak Sensitive User Data"
http://blog.kaspersky.com/privacy_holes_in_popular_android_apps/6047/
A group of researchers from the University of New Haven’s Cyber Forensics Research and Education Group have uncovered vulnerabilities in several popular Android apps, including Instagram, Vine, OKCupid and more. The bugs could expose the sensitive information of some 968 million users that have installed the affected applications on their Android mobile devices.