According to a security researcher, Google's Android operating system has a web browser flaw which could steal just about anything from the users browser data. It appears to be a flaw in the native browser supplied with Android. According to Google, its solution is to use Google Chrome on Android, and not the default Android web browser.

A bug quietly reported on September 1 appears to have grave implications for Android users. Android Browser, the open source, WebKit-based browser that used to be part of the Android Open Source Platform (AOSP), has a flaw that enables malicious sites to inject JavaScript into other sites. Those malicious JavaScripts can in turn read cookies and password fields, submit forms, grab keyboard input, or do practically anything else.Security Flaw In Google Android Native Web Browser Could Allow Access To User Data [arstechnica.com]

Have you switched to Chrome on your Android device?