Tag: account token exposure

1 article

Smartphone on a neutral surface with a blurred mobile app interface and a hint of a cityscape through a nearby window.

Microsoft 365 Android Apps Expose Account Tokens Due to Debug Flag Oversight

A single line of code, "setIsDebugMode(true)," inadvertently left in multiple Microsoft 365 Android apps, created a gaping security hole that allowed other apps on the same phone to access sensitive account tokens without user permission. This tiny oversight, discovered by Enclave's Yanir Tsarimi and Ofek Levin, exposed users to potential security risks.

Analyst 207Jun 3, 2026