so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


zCamera, 100M+ installation app, from remote compromise to data leaks

This article is a technical deep dive, showing how a 100M+ installation image application can expose its user’s images and suffer from remotely exploitable vulnerabilities ranging from SQL injection and intent redirect to arbitrary file download.

In 2021, we reported a set of vulnerabilities to the Google AppStore team, which affected a popular Camera application called zCamera.

The application had over 100M+ installations and suffered from several critical issues affecting its users’ security and privacy. zCamera, 100M+ installation app, from remote compromise to data leaks

November 13, 2023
#android#malware#security