Samsung’s Galaxy S3 flagship has a large security hole: the built-in SMemo app is storing passwords – including Google account information – in plain text files in its SQLite database. While the amount of people this will present a problem to is rather limited, it’s still a glaring omission in the design of the application. The S3, easily the best-selling Android device to date, represents a large base that can be targeted by malicious applications and hackers, and Samsung’s security should reflect this fact.
This kind of exploit can easily be used by a malicious app, since the path to the files which hold the unencrypted passwords are always the same. And because the issue is with Samsung’s SMemo note-taking app, this security liability is only applicable to certain Samsung devices, and not Android as a whole.
Due to the potential severity of this problem, Samsung will likely issue an updated very quickly.
[XDA Developers via Geek]