Dossier
debug flag
Coverage of debug flag in the Nexus archive.
- Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left enabled in production builds of several Microsoft 365 Android apps allowed any app on the same device to steal user account tokens. This vulnerability bypassed security checks that restrict token sharing to trusted Microsoft apps, enabling unauthorized access to emails, files, calendars, and messaging.