apparently it isn't an Android specific flaw, but the Apple biased media sure seemed to have led us to believe it was though.
"The story is getting a lot of attention because it was noticed on Android, but it’s not, in fact, an Android vulnerability. It’s a security bug in any program that does not encrypt its authorization tokens
and besides the Google already fixed theirs. But this can happen on any wifi device. Not Android specific.