The Droid 2 – which is also likely to be released in the UK early next year – is the successor to the Motorola Milestone, aka Droid in the UK, which has been available on the O2 and T-Mobile networks.
The security flaw on the Droid 2 reportedly centres on Google Voice actions, which can be triggered even when the handset is locked and password security activated.
Google Voice is a Google telephony service that gives US users a single personal number and then allows call screening, forwarding and other advanced functions, including automated callbacks triggered across the internet.
There are plans, Infosecurity notes, to launch Google Voice in the UK very shortly.
According to a weekend report on the Softpedia newswire, even in a locked state, when the 'search' softkey – or the keyboard-key –- is pressed for four seconds, Google's 'voice actions' facility is triggered.
"What's more interesting is that the handset won't inform the user in any way that the said option has been enabled", says the newswire.
The problem with this security flaw is that, once activated, the feature then allows chargeable calls to be made using the spoken word, rather than a keyboard interface.
A similar issue, says Softpedia, was spotted on the original Droid/Milestone handset at the start of the year, but was resolved with an over-the-air software update.
"At that time, the handset's pattern lock screen, which was supposed to be active when call was in progress, for example, could have been bypassed through simply hitting the Back button when in a call, a move that would have offered full access to the applications and menus of the device", says the newswire.
Motorola has yet to respond to the reports, but forum postings over the weekend suggest that the handset vendor will soon be aware of the issue, hopefully before US carrier Verizon starts shipping the mobiles later this month.