Intent redirection in EngageLab SDK versions 4.5.4 and earlier enabled sandbox escape on 50M Android devices

First reported

09.04.2026 20:26

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A now-patched intent redirection vulnerability in EngageLab SDK versions 4.5.4 and earlier allowed malicious apps on affected Android devices to bypass application sandboxing and gain unauthorized access to private data. At least 50 million installations across multiple apps—including more than 30 million cryptocurrency wallets—were potentially exposed. An attacker would need a malicious app installed on the same device to exploit the flaw by manipulating intent contents leveraging the SDK’s trusted context.

Timeline

09.04.2026 20:26 1 articles · 4h ago

EngageLab SDK intent redirection vulnerability patched after responsible disclosure
Responsible disclosure initiated in April 2025 led to the release of EngageLab SDK version 5.2.1 in November 2025, addressing an intent redirection flaw in version 4.5.4 that allowed sandbox escape and unauthorized data access on Android devices. Affected apps, including over 30 million cryptocurrency wallets, were removed from Google Play Store following remediation.
Show sources

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26
Open in new tab

Information Snippets

The vulnerability existed in EngageLab SDK version 4.5.4 and was addressed in version 5.2.1 released in November 2025 following responsible disclosure in April 2025.
First reported: 09.04.2026 20:26

1 source, 1 article
Show sources
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26
The flaw enabled intent redirection, allowing a malicious app to access internal directories of apps that integrated the vulnerable SDK, leading to unauthorized access to sensitive data or privilege escalation via Android’s intent messaging system.
First reported: 09.04.2026 20:26

1 source, 1 article
Show sources
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26
Affected installations included at least 30 million cryptocurrency and digital wallet apps, with total vulnerable installations exceeding 50 million when non-wallet apps are included.
First reported: 09.04.2026 20:26

1 source, 1 article
Show sources
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26
Microsoft Defender Security Research Team reported that all detected apps using vulnerable SDK versions were removed from the Google Play Store after the fix was released.
First reported: 09.04.2026 20:26

1 source, 1 article
Show sources
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26
No evidence of active exploitation in the wild has been reported.
First reported: 09.04.2026 20:26

1 source, 1 article
Show sources
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26

Summary

Timeline

EngageLab SDK intent redirection vulnerability patched after responsible disclosure

Information Snippets