Dropbox fixes vital security flaw in its Android app

A serious vulnerability popped up in the Dropbox for Android app recently, and its makers have now gone on to convey that they have managed to fix it completely. This potential threat would have allowed wrongdoers to hack their way into data stored via the cloud storage service’s Android app using compromised third-party apps.

To much relief though, Dropbox has announced that there have been no reports or evidence to signify that the weakness was ever used to access user data. This flaw was initially found out by the researchers over at IBM, who were quick to inform the file hosting service to ensure a fast fix.


Dropbox has said that the security defect basically existed in the SDK it provides third parties making apps that work with its Android app. After announcing that it has fixed the flaw in the latest version of its SDK, it urged all developers to adopt this version of the software and discard the previous one.

IBM had brought to the notice of Dropbox that using the vulnerability, any attacker would have been able to link their cloud storage account to a vulnerable third-party app on the victim’s device. This would have eventually allowed the hacker to capture new data which the user saved to Dropbox using the vulnerable app.

Also Read: Stalker alert! WhatsApp security flaw leaves you open to tracking by anyone

Through a blog post, Dropbox has made clear that since every app works differently, a number of offerings making use of the affected SDKs weren’t vulnerable at all in the first place. Moreover, those users who had the Android version of this cloud storage service installed on their devices never vulnerable as well.