EngageLab SDK version 5.2.1 patch release
Security Patch Release
Summary
Hide ▲
Show ▼
EngageLab released version 5.2.1 to fix the EngageLab SDK flaw affecting Android apps that used vulnerable integrations. The update closed an intent redirection issue that could let a malicious app bypass the Android security sandbox and reach private data. The patch followed responsible disclosure in April 2025 and matters because the SDK was embedded in apps across the Android ecosystem, including high-value wallet software.
Related Happenings
Google Play Protect adds warnings and app disabling for compromised SDK abuse
Security Tool/Service
H score11
First: 03.07.2026 12:35
Last: 03.07.2026 12:35
Sources 1
About this happening:
**Google Play Protect** was updated in **July 2026** to **warn Android users automatically** and **disable apps** tied to **compromised SDKs**, limiting abuse of consumer devices...
Google Play Protect adds warnings and app disabling for compromised SDK abuse
Security Tool/ServiceAbout this happening: **Google Play Protect** was updated in **July 2026** to **warn Android users automatically** and **disable apps** tied to **compromised SDKs**, limiting abuse of consumer devices...
Google Android Developer Verifier enforcement rollout for verified app installs
Security Tool/Service
H score14
First: 22.06.2026 15:45
Last: 22.06.2026 15:45
Sources 1
About this happening:
Google is **enforcing Android developer verification** on **September 30, 2026**, blocking normal installs of unverified apps on certified Android phones in **Brazil, Indonesia, S...
Google Android Developer Verifier enforcement rollout for verified app installs
Security Tool/ServiceAbout this happening: Google is **enforcing Android developer verification** on **September 30, 2026**, blocking normal installs of unverified apps on certified Android phones in **Brazil, Indonesia, S...
Android 17 expands platform security and privacy protections
Security Tool/Service
H score15
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
Campaign
H score34
First: 08.05.2026 18:08
Last: 08.05.2026 18:08
Sources 1
About this happening:
The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
CampaignAbout this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware Activity
H score29
First: 03.04.2026 12:10
Last: 03.04.2026 12:10
Sources 1
About this happening:
The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware ActivityAbout this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
Timeline
-
09.04.2026 20:26 2 articles · 3mo ago
EngageLab SDK version 5.2.1 patch release
Initial DisclosureAfter responsible disclosure, **EngageLab** issued **version 5.2.1** in **November 2025** to remediate the Android SDK weakness. The patch is the fixed release for apps integrating the vulnerable SDK.
Show sources
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26
- Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users — www.securityweek.com — 10.04.2026 10:33