Dropbox Android app security flaw fixed

Dropbox has fixed a security vulnerability found in its Android app, which could have given hackers access to stored data via compromised third-party apps.

However, the company announced that it has not come across any incident where the vulnerability was used to get access to user data.

According to reports, the flaw existed in the SDK that was provided to third party apps makers that work with its Android app.

The company also asked Android app developers to updated their core API Android SDK v1.6.3 or Sync/Datastore Android SDK v3.1.2.

Dropbox explained that attackers could have linked their own Dropbox account to a vulnerable third-party app on the victim’s device, which would have allowed the hacker to capture data saved by the user to Dropbox.

The flaw was discovered by IBM researchers, who immediately informed the company about the security issue.

Dropbox security engineer Devdatta Akhawe said: "We want to thank Roee Hay and Or Peles at IBM for discovering and responsibly disclosing this vulnerability.

"We take user security and privacy very seriously, and we continue to work closely with security researchers to keep our users safe."

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up