Zero-day flaw in Google Admin app allows malicious apps to read its files

An unpatched vulnerability in the Google Admin application for Android can allow rogue applications to steal credentials that could be used to access Google for Work acccounts.

One of the main aspects of the Android security model is that apps run in their own sandboxes and cannot read each other’s sensitive data through the file system. There are APIs for applications to interact with each other and exchange data, but this requires mutual agreement.

But researchers from security consultancy firm MWR InfoSecurity in the U.K. discovered a flaw in the Google Admin app that could be exploited by potentially malicious applications to break into the app’s sandbox and read its files.

To read this article in full or to leave a comment, please click here

Read more: Zero-day flaw in Google Admin app allows malicious apps to read its files

Story added 14. August 2015, content source with full text you can find at link above.