Authorization bypass vulnerability in Dropbox app threatens data security on Android
A report from MWR InfoSecurity found that an Android app from cloud data storage and backup provider Dropbox could allow malicious users to upload files without permission, though the company announced that it had patched the vulnerability in its latest update.
The problem, according to the research firm, was found in the AndroidManifest.xml file that is installed with all Android applications, since the Dropbox app did not properly secure this information against a potential intruder.
A potential exploit, the company said, would have seen attackers simply use a malicious app to rewrite values in the AndroidManifest.xml file and potentially gain access to the Dropbox account itself.
Fortunately, however, MWR noted that Dropbox acted quickly to close this particular loophole, updating the Android app to change the vulnerable file and defend against the substantial data security threat posed by potential attacks.
The case may be seen as an instructive one, experts say, particularly for mobile app developers. The novelty of mobile technology combined with its rapid growth has made it an increasingly popular target for hackers.