Microsoft has identified a new threat called “Dirty Stream,” exposing Android apps to potential attacks allowing them to overwrite files in another app’s directory.

This exploit stems from improper use of Android’s content provider system, which manages data sharing between apps.

Vulnerable implementations of custom intents can bypass security measures, leading to arbitrary code execution or data theft.

Microsoft’s research found numerous vulnerable apps in the Google Play Store, affecting over four billion installations.

Xiaomi’s File Manager and WPS Office were among the highlighted vulnerable apps, prompting collaboration with Microsoft to release fixes, Bleeping Computer has reported.

Google updated its security guidance to address these issues, and Microsoft shared its findings with the Android developer community to prevent similar vulnerabilities.

For users, staying updated on app versions and avoiding unofficial sources are essential precautions.

Written by B.C. Begley