Android app developers should update to Dropbox’s latest SDK
Android apps that use Dropbox for storage and are built using an older version of its SDK are vulnerable to an attack that can steal data, although Dropbox has released a fix, according to IBM security researchers.
IBM’s application security research team said Wednesday they had found a way to link their own Dropbox account to an Android app on another person’s phone that connects to the storage service. After a successful attack, any data uploaded by the app is delivered to the attacker’s Dropbox account.
Dropbox publishes an SDK (software development kit) for linking its service to an app. The flaw, nicknamed “DroppedIn,” affected Dropbox SDK versions 1.5.4 through 1.6.1 and was fixed in version 1.62, IBM said in a blog post.