Search

Microsoft Finds Major Security Flaw ‘Dirty Stream’ in Android Apps Totalling Billions of Downloads

As per Microsoft, the vulnerability emerges from improper implementation of Android's content provider system.

Advertisement
Highlights
  • Microsoft says vulnerable apps have over four billion installations
  • The Dirty Stream flaw can allow hackers to take control of the app
  • Google has updated its app security guidance to highlight the issue
Microsoft Finds Major Security Flaw ‘Dirty Stream’ in Android Apps Totalling Billions of Downloads

Users are recommended to keep their apps updated and avoid installing apps from third-party sources

Photo Credit: Pexels/Lisa Fotios

Microsoft discovered a major security vulnerability in multiple Android apps last week that could be exploited to gain unauthorised access to apps and sensitive data on the device. Interestingly, this security flaw does not come from the system codes, but an improper usage of a particular system by developers that can lead to loopholes prone to exploitation. Notably, the flaw has been highlighted to Google, and the tech giant has taken steps to make the Android app developer community aware of the issue.

In a post on its Security Blog, the Microsoft Threat Intelligence team stated, “Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application's home directory.” The researchers also highlighted that the vulnerability was spotted in several apps in the Google Play Store that had a combined total of more than four billion installations.

This vulnerability emerges when a developer incorrectly uses Android's content provider system, which is designed to secure data exchange between different apps on a device. This includes data isolation, URI permissions, path validation and other security measures to stop unauthorised access by the apps or anyone else breaking into the app. However, improper implementation of the system affects a component called custom intents. These are the messaging objects that conduct two-way communication between different apps. When this vulnerability exists the apps can ignore the security measures and let other apps (or hackers controlling them) access sensitive data stored in them.

In case of an attack on the device, hackers can manipulate this vulnerability by accessing just one app, they can enter all such apps that contain this loophole. This enables the bad actors to gain complete control over the device or steal sensitive data including financial information. Notably, the vulnerability was found in the Xiaomi File Manager and WPS Office apps. Microsoft stated in its report that developers behind both the apps have investigated and fixed the issue.

Google has also taken cognisance of the issue and published a post on its Android Developers blog. The company has highlighted the common errors and ways to fix them. It is expected that developers of affected apps will be fixing the issues in the coming days and release a fix. While end users cannot do much to avoid this vulnerability, it is recommended that they remain proactive in updating the apps on their devices and avoid downloading apps from third-party sources for a while.


Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

 
Show Full Article
Please wait...
Advertisement

Related Stories

Popular Mobile Brands
  1. Google's Veo 3 in Gemini Can Now Generate Videos from Images
  2. Best Deals on Lumio Vision TVs, Arc 7 Projector During Prime Day Sale
  3. Amazon Prime Day 2025 Sale Is Live: Best Tech Deals
  4. Xiaomi X Pro QLED TV Review: The Price is Right
  5. Flipkart GOAT Sale 2025 Begins on July 12 Alongside Amazon Prime Day Sale
  6. Amazon Prime Day Sale: Smartwatches from Apple, Huawei Get These Discounts
  7. Amazon Prime Day Sale 2025: Best Early Deals on Gaming Laptops
  8. Samsung Days Sale 2025 Is Bringing Big Discounts on These Devices
  1. Scientists Recreate Cosmic Ray Physics Using Cold Atom in New Laboratory Study
  2. Scientists Say Dark Matter Could Turn Failed Stars Into ‘Dark Dwarfs’
  3. New Gel-Based Robotic Skin Feels Touch, Heat, and Damage Like Human Flesh
  4. Flipkart GOAT Sale 2025 Begins on July 12 for All Customers Alongside Amazon Prime Day Sale
  5. Samsung Galaxy S26 Ultra Tipped to Get 200-Megapixel Sony Camera Sensor
  6. Acer Aspire Go 14 Launched in India With Up to Intel Core Ultra 7 CPU: Price, Features
  7. Industry Video Game Actors Pass Agreement With Studios for AI Security
  8. Samsung Days Sale 2025 Offers Up to 41 Percent Discount on Galaxy S25 Ultra, S25 Edge
  9. Flipkart GOAT Sale: Nothing Phone 3a, Phone 3a Pro, CMF Phone 2 Pro, More to See Discounts
  10. Nvidia's Market Value Tops $4 Trillion
Gadgets 360 is available in
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »