Microsoft flags SDK flaw that put 50M+ Android installs at risk
This image was generated by AI and may not depict real events.
Microsoft has flagged a security vulnerability in the EngageLab SDK, a third-party Android software development kit, which could have put over 50 million Android installs at risk. The vulnerability, now patched, allowed apps to bypass Android security sandbox and gain unauthorized access to private data, particularly affecting cryptocurrency wallet users.
A security flaw was found in the EngageLab SDK, a widely used Android software development kit. The vulnerability allowed apps to bypass Android security sandbox and access private data. Over 50 million Android installs were at risk, including 30 million cryptocurrency and digital wallet ecosystem apps. The issue was identified in version 4.5.4 and has been patched in version 5.2.1, released in November 2025. Microsoft detected the vulnerable apps and had them removed from the Google Play Store. Developers are recommended to update to the latest version to prevent potential security risks.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.