One Line of Code Exposed Billions of Microsoft Android App Downloads

A single development setting bypassed Android app token protections, allowing unauthorized apps to access Microsoft account data. The flaw existed in Microsoft's Android app infrastructure and affected billions of installations. SecurityWeek reported the vulnerability as part of an exclusive analysis. The setting was active in development environments and not properly restricted. The exposure could enable account hijacking and data theft for users. Microsoft has not yet released a public fix for the vulnerability.