• elmicha@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    Dirty Stream allows malicious apps to send a file with a manipulated filename or path to another app using a custom intent. The target app is misled into trusting the filename or path and executes or stores the file in a critical directory.

    Couldn’t Android filter these names so they can’t contain a path?