1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Microsoft warns worrying security flaw exposed over 50 million An

    From TechnologyDaily@1337:1/100 to All on Fri Apr 10 17:00:28 2026
    Microsoft warns worrying security flaw exposed over 50 million Android users, says 'user credentials and financial data were exposed to risk'

    Date:
    Fri, 10 Apr 2026 15:45:00 +0000

    Description:
    An outdated SDK carries a dangerous flaw that allows threat actors to steal private data.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Microsoft found EngageLab SDK flaw affecting 50 million Android devices Vulnerability let apps bypass sandbox and access private data At least 30 million installs were crypto apps, patched in v5.2.1 Roughly 50 million Android devices were using apps with vulnerabilities that allowed threat actors to access private data stored on those devices, experts have warned. Many of those installations were cryptocurrency apps, which only made the problem bigger.

    Security researchers from Microsoft said they identified an intent
    redirection vulnerability in EngageLab SDK, a popular software development
    kit that helps build user engagement features such as push notifications or in-app messaging. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," Microsoft wrote in its report. Article continues below You may like Shock report claims Android apps have leaked over 730TB of user data and Google secrets - here
    are some of the worst offenders around How hackers can steal PINs and private data from over a billion Android devices Is your AI chat history public?
    These 198 iOS apps just leaked user data Removing vulnerable apps Intent is a mechanism in Android, used for communication between apps (or between
    multiple components inside a single app). It acts as a message object
    carrying data and instructions, allowing a component to request an action
    from another (such as opening an activity, or triggering a function).

    While any app can send an intent, whether its accepted depends on the
    identity and permissions of the sending app.

    Microsoft did not say which apps contained the vulnerable SDK but said that
    at least 30 million of the downloads fell on cryptocurrency apps. The bug was discovered in April 2025, in version 4.5.4. It was patched in November the same year, in version 5.2.1.

    All of the apps built with the bugged SDK were removed from Google s Play Store , it was said. Are you a pro? Subscribe to our newsletter Sign up to
    the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    Microsoft also stated that it found no evidence of malicious actors discovering this flaw beforehand and using it as a zero-day in real-life attacks. However, developers are urged to update the SDK to the newest
    version as soon as possible.

    "This case shows how weaknesses in thirdparty SDKs can have largescale security implications, especially in highvalue sectors like digital asset management," Microsoft said. "Apps increasingly rely on thirdparty SDKs, creating large and often opaque supplychain dependencies. These risks
    increase when integrations expose exported components or rely on trust assumptions that arent validated across app boundaries."

    Via The Hacker News The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-warns-worrying-security-flaw- exposed-over-50-million-android-users-says-user-credentials-and-financial-data -were-exposed-to-risk


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)