The use of unencrypted data transmission in a number of popular Android apps could pose a significant privacy concern, according to Rice University computer science professor Dan Wallach.

In a demonstration for his undergraduate security class, he writes in a blog, a sniffer using Wireshark and Mallory was able to pick out unencrypted data being sent from his Android smartphone. While Gmail and Google Voice both use proper encryption for data sent wirelessly, Google Calendar sends data in the clear, Wallach says.

Facebook and Twitter both use unencrypted transmission as well, though Twitter, at least, uses OAuth to make it very difficult for someone to impersonate an authorized user and post bogus tweets. However, the Facebook app sent data in the clear, even though Wallach had specified full encryption in his web settings.

Experts say the issue could be a serious one for those hoping to use Android as a cornerstone of a Google-based cloud computing system, given the security risks inherent in using unencrypted data to communicate with a server.