Android app developers should update to Dropbox’s latest SDK

March 11, 2015

apps that use for and are built using an older version of its are vulnerable to an attack that can steal data, although Dropbox has released a fix, according to IBM researchers.IBM’s security research team said Wednesday they had found a way to link their own Dropbox account to an Android app on another person’s phone that connects to the storage . After a successful attack, any data uploaded by the app is delivered to the attacker’s Dropbox account.

Dropbox publishes an SDK (software development kit) for linking its service to an app. The flaw, nicknamed “DroppedIn,” affected Dropbox SDK versions 1.5.4 through 1.6.1 and was fixed in version 1.62, IBM said in a blog post.

Read More