Major Security Flaw Dirty Stream Found on Android Apps With Billions Downloads by Microsoft All Details

Microsoft last week discovered a major security flaw in several Android apps that could be exploited to gain unauthorized access to apps and sensitive data on the device. Interestingly, this security flaw does not come from the system code but rather from the misuse of a particular system by developers that can create a hacking vulnerability. Google has been reported about the flaw and the tech giant has taken steps to make the Android app developer community aware of the issue.

on his security blog Post In , the Microsoft Threat Intelligence team said, “Microsoft has discovered a path traversal-associated vulnerability pattern in several popular Android applications that could enable a specific malicious application to overwrite files in the home directory of a vulnerable application.” The researchers also highlighted that the vulnerability was observed in several apps in the Google Play Store, which had a combined total of over four billion installations.

This vulnerability emerges when a developer misuses Android’s content provider system, which is designed to secure data exchange between different apps on a device. It includes data isolation, URI permissions, path validation, and other security measures to prevent unauthorized access to apps by users or anyone else. However, the improper implementation of the system affects components called custom intents. These are messaging objects that create two-way communication between different apps. When this vulnerability exists, apps can bypass security measures and give other apps (or hackers who control them) access to sensitive data stored in them.

In case of an attack on the device, hackers can manipulate this vulnerability by accessing just one app, they can enter all the apps that have this flaw. This enables hackers to gain full control over the device or steal sensitive data including financial details. Specifically, the vulnerability was found in Xiaomi File Manager and WPS Office apps. Microsoft said in its report that the developers of both apps have investigated and fixed the issue.

Google has also taken cognizance of the issue and posted a fix on its Android Developers blog. Post The company has published a report on the issue. The company has highlighted common flaws and ways to fix them. It is expected that the developers of the affected apps will fix the problems and release a fix in the coming days.