How a Misconfigured Android SDK Can Lead to Stealthy Camera Abuse
·
During a security assessment of a popular Android application, I discovered a serious vulnerability resulting from a misconfigured third-party SDK. This vulnerability allowed an arbitrary third-party application to launch an exported activity in the target app and use the app’s granted camera permission for stealthy photo capture—without any user interaction. Vulnerability Overview The vulnerable SDK…