Description: We discovered a leaking content providers vulnerability in one of the most famous apps on Google play, Catch notes (https://play.google.com/store/apps/details?id=com.threebanana.notes). We also made a POC to show how an attacker could create another application(asking for no permission) and access the data stored in catch application.
We reported this to Catch, and was patched in the next update of the application.
Also, we have included a module in the Android Framework for Exploitation(http://afe-framework.com) using which you could find these kind of vulnerabilities in apps.
Tags: "Catch Android Application" , "Hacking" , "Android Hacking" , "Content Providers" , "Android application vulnerability" , "Android Framework for Exploitation" ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.