If you use the stock Android browser, you might want to make a switch unless you like potentially sharing your password with the world. The vulnerability was discovered by RootzWiki developer JBirdVegas - the stock browser, like other apps before it in Android's sordid security history, stores your saved website passwords as plain text. This means rooted users are especially vulnerable to this security hole.

If Google wants Android to be taken seriously as an option for enterprise/corporate use, it will certainly have to come up with a comprehensive solution to this long-standing issue. Obviously, patching a hole in a single app isn't going to be sufficient - some kind of policy will have to be implemented that forces all apps that come preinstalled or come from the Play Store to encrypt their credential storage. There are already options available such as device encryption, but it is unclear whether that fully addresses the vulnerability, especially when the device is up and running.

JBirdVegas did say that the issue does not affect Chrome for Android, so you might want to consider using that browser until either Google or your favorite ROM developers patch the vulnerability. Team Kang, for example, is currently in the process of blocking this hole for AOKP. Don't expect Google to come flying to the rescue for rooted users, but the company does have considerable incentive to address this issue if malicious apps are also able to capture this information on unrooted devices while the stock browser is running.]]>