{"id":555,"date":"2026-04-09T20:22:59","date_gmt":"2026-04-09T20:22:59","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=555"},"modified":"2026-04-09T20:22:59","modified_gmt":"2026-04-09T20:22:59","slug":"engagelab-sdk-flaw-exposed-50m-android-users-including-30m-crypto-wallets","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=555","title":{"rendered":"EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Apr 09, 2026<\/span><\/span>Vulnerability \/ Mobile Security<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit\u00a0(SDK) called\u00a0EngageLab\u00a0SDK<\/a> that could have put millions of cryptocurrency wallet users at\u00a0risk.<\/p>\n

\u00abThis flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private\u00a0data,\u00bb the Microsoft Defender Security Research\u00a0Team said<\/a> in a report published\u00a0today.<\/p>\n

EngageLab SDK offers\u00a0a push notification\u00a0service<\/a>, which, according to its website, is designed to\u00a0deliver\u00a0\u00abtimely notifications\u00bb based on user behavior already tracked by developers. Once integrated into an app, the\u00a0SDK offers a way to\u00a0send personalized notifications\u00a0and drive real-time engagement.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

The tech giant said a significant number of apps using the SDK are part of the cryptocurrency and digital wallet ecosystem, and that the affected wallet apps accounted for more than 30 million installations. When\u00a0non\u2011wallet apps built on the same\u00a0SDK are\u00a0included, the installation count surpasses 50\u00a0million.<\/p>\n

Microsoft did not reveal the names of the apps, but noted that all those detected apps using vulnerable versions of the SDK\u00a0have been\u00a0removed from the Google Play Store. Following responsible disclosure in April 2025, EngageLab\u00a0released version\u00a05.2.1<\/a> in November 2025 to address the vulnerability.<\/p>\n

The issue, identified in version 4.5.4, has been described as an intent redirection vulnerability. Intents in\u00a0Android refer\u00a0to\u00a0messaging\u00a0objects<\/a>\u00a0that\u00a0are used to request an action from another app component.<\/p>\n

Intent redirection occurs when the contents of an\u00a0intent that a vulnerable\u00a0app sends are manipulated\u00a0by taking advantage\u00a0of its trusted context\u00a0(i.e., permissions) to gain unauthorized access to protected components, expose sensitive data, or escalate privileges within the Android environment.<\/p>\n

An attacker could exploit this vulnerability\u00a0by means\u00a0of a malicious\u00a0app installed on the\u00a0device through some other\u00a0means to access internal directories associated with an app that has the SDK integrated, resulting in unauthorized access to sensitive\u00a0data.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

There\u00a0is no evidence that the vulnerability was ever exploited in a malicious context. That\u00a0said, developers who integrate the SDK are recommended to update to the latest version as soon as possible, especially given that even trivial flaws in upstream libraries can have cascading impacts and impact millions of\u00a0devices.<\/p>\n

\u00abThis case shows how weaknesses in third\u2011party SDKs can have large\u2011scale security implications, especially in high\u2011value sectors like digital asset management,\u00bb Microsoft said. \u00abApps increasingly rely on third\u2011party SDKs, creating large and often opaque supply\u2011chain dependencies. These\u00a0risks increase when integrations expose exported components or rely on trust assumptions that aren\u2019t validated across app boundaries.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

\ue804Ravie Lakshmanan\ue802Apr 09, 2026Vulnerability \/ Mobile Security Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit\u00a0(SDK) called\u00a0EngageLab\u00a0SDK that could have put millions…<\/p>\n","protected":false},"author":1,"featured_media":556,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1153,1152,281,143,1151,137,70,584,355,826,617],"class_list":["post-555","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-30m","tag-50m","tag-android","tag-crypto","tag-engagelab","tag-exposed","tag-flaw","tag-including","tag-sdk","tag-users","tag-wallets"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=555"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/555\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/556"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}