Microsoft reveals 'Dirty Stream' flaw in Android apps with billions of downloads

Microsoft has uncovered a critical vulnerability in Android applications, impacting apps that have been downloaded billions of times from the Google Play store.

The tech giant from Redmond has identified a severe security risk. A flaw of considerable magnitude has been discovered in several popular applications that have amassed over four billion downloads from the Google Play store.

The vulnerability, dubbed "Dirty Stream", targets the ContentProvider tool within the Android system, which facilitates sharing files across installed applications. The issue here is that this flaw can be manipulated to overwrite critical files in the home directory.

This breach can easily lead to modifications in the app that may result in the theft of login credentials, among other sensitive data, not to mention the risk of losing control or full access to the affected application.

"We have identified several vulnerable apps in the Google Play store, collectively surpassing four billion installations. We believe this pattern of vulnerability could be present in other applications. We're sharing our findings so that developers and publishers might check their apps for similar vulnerabilities, rectify them if found, and avoid such issues in future apps or updates." stated the Microsoft announcement.

Which apps are under scrutiny? Microsoft has pinpointed two that were susceptible. The key word here is "were", as the issues in both instances have since been resolved. The apps in question are Xiaomi Inc.’s File Manager, which has over one billion installations, and WPS Office, which has over 500 million installations.