Search

Microsoft Finds Major Security Flaw ‘Dirty Stream’ in Android Apps Totalling Billions of Downloads

As per Microsoft, the vulnerability emerges from improper implementation of Android's content provider system.

Advertisement
Highlights
  • Microsoft says vulnerable apps have over four billion installations
  • The Dirty Stream flaw can allow hackers to take control of the app
  • Google has updated its app security guidance to highlight the issue
Microsoft Finds Major Security Flaw ‘Dirty Stream’ in Android Apps Totalling Billions of Downloads

Users are recommended to keep their apps updated and avoid installing apps from third-party sources

Photo Credit: Pexels/Lisa Fotios

Microsoft discovered a major security vulnerability in multiple Android apps last week that could be exploited to gain unauthorised access to apps and sensitive data on the device. Interestingly, this security flaw does not come from the system codes, but an improper usage of a particular system by developers that can lead to loopholes prone to exploitation. Notably, the flaw has been highlighted to Google, and the tech giant has taken steps to make the Android app developer community aware of the issue.

In a post on its Security Blog, the Microsoft Threat Intelligence team stated, “Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application's home directory.” The researchers also highlighted that the vulnerability was spotted in several apps in the Google Play Store that had a combined total of more than four billion installations.

This vulnerability emerges when a developer incorrectly uses Android's content provider system, which is designed to secure data exchange between different apps on a device. This includes data isolation, URI permissions, path validation and other security measures to stop unauthorised access by the apps or anyone else breaking into the app. However, improper implementation of the system affects a component called custom intents. These are the messaging objects that conduct two-way communication between different apps. When this vulnerability exists the apps can ignore the security measures and let other apps (or hackers controlling them) access sensitive data stored in them.

In case of an attack on the device, hackers can manipulate this vulnerability by accessing just one app, they can enter all such apps that contain this loophole. This enables the bad actors to gain complete control over the device or steal sensitive data including financial information. Notably, the vulnerability was found in the Xiaomi File Manager and WPS Office apps. Microsoft stated in its report that developers behind both the apps have investigated and fixed the issue.

Google has also taken cognisance of the issue and published a post on its Android Developers blog. The company has highlighted the common errors and ways to fix them. It is expected that developers of affected apps will be fixing the issues in the coming days and release a fix. While end users cannot do much to avoid this vulnerability, it is recommended that they remain proactive in updating the apps on their devices and avoid downloading apps from third-party sources for a while.


Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

 
Show Full Article
Please wait...
Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Freedom Sale 2025 Highlights: Best Deals on Phones, Tablets and More
  2. Flipkart Freedom Sale 2025 to Start Tonight; Smartphone Deals Teased
  3. Vivo T4R 5G Launched in India With MediaTek Dimensity 7400 SoC
  4. Vodafone Idea (Vi) Rolls Out 5G Services in These Nine Cities
  5. Samsung Launches Galaxy Book 4 Edge AI PC in India With These Features
  6. Insta360 Go Ultra Could Offer Up to 4K 60FPS Video Recording
  1. MIT Just Proved Einstein Wrong in the Famous Double-Slit Quantum Experiment
  2. PSR J0922+0638 Pulsar Keeps Glitching Every 550 Days, Scientists Are Intrigued
  3. Starlink’s Unintended Signals Threaten Astronomical Research, Study Finds
  4. DogMan OTT Release Date: When and Where to Watch This American Animated Movie Online?
  5. Love Hurts OTT Release Date: When and Where to Watch it Online?
  6. Xbox Game Pass Hit Nearly $5 Billion in Revenue for the First Time in FY 2025, Microsoft Says
  7. Samsung Tri-Fold Phone to Launch in H2 2025; Galaxy S25 FE Teased to Debut Earlier
  8. Flipkart Freedom Sale 2025 to Start Tonight With Discounts on iPhone 16, Galaxy S24, Nothing Phone 3a, More
  9. Vodafone Idea (Vi) 5G Services Rolling Out in Surat, Meerut, and Seven Other Cities With Special Introductory Offers
  10. Qualcomm Said to be Developing Another High-End Chipset; Could Offer Snapdragon 8 Elite-Level Performance
Gadgets 360 is available in
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »