Listen up Android users: If you use the default Android Browser on your phone or tablet, you have a critical security vulnerability that experts are describing as a "privacy disaster." According to the most recent statistics, about half of Android users use Android Browser.
This dangerous flaw exploits a problem with how Android Browser treats Same Origin Policy (SOP). I won't get too technical, but SOP is one of the most important building blocks of Internet security. Basically it prevents information you send to a website from being accessed by the wrong website - for example, a malicious website. It could let hackers intercept any data you send through your browser to almost any website. This includes your passwords, your emails, your payment info - all of it.
An independent security researcher named Rafay Baloch discovered the vulnerability and wrote about it on his blog. He found a way to bypass SOP on Android Browser. We don't know of any specific incident where a hacker has used this to steal personal information from an Android phone or tablet, but that doesn't mean it hasn't happened.
The good news is you might not be affected by this issue. The better news is that it's very easy to fix.
Android Browser was phased out of the most recent version of Android. If you have Android 4.4 KitKat, you don't have Android Browser and you're safe from this flaw. You can find out which version of Android you're using by going to Settings>About Phone. Underneath the header "Android Version" it will tell you which version you have. If the number is higher than 4.4, you're fine.
If it's lower, you still have Android Browser on your phone, although you might not be using it. If you don't use Browser, you still might want to disable it just to be sure. Go to Settings>Apps>All. Find Browser. It has an icon that looks like a blue globe. Press it and then press the disable button.
After you've disabled Browser, go to the Google Play Store and download the browser of your choice. Chrome and Firefox are fast and secure. You can't go wrong with either of them.