Dossier
Microsoft 365 Android Apps
Coverage of Microsoft 365 Android Apps in the Nexus archive.
- Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left enabled in production builds of several Microsoft 365 Android apps allowed any app on the same device to steal user account tokens. This vulnerability bypassed security checks that restrict token sharing to trusted Microsoft apps, enabling unauthorized access to emails, files, calendars, and messaging.