Recently, researchers have discovered that the Android app “Dune!”, has been diseased with OWASP flaws is continuously leaking sensitive data.
The game has been downloaded roughly 5-10 million times and can leak data such as device manufacturer, the user’s server provider, battery level, device name and much more.
The stolen information is sent to 32 servers due to the presence of 11 OWASP flaws, which allows other apps to bypass security and access as much sensitive information as possible. Two additional vulnerabilities include the broadcast service and broadcast receiver.
These two vulnerabilities can allow for a DDoS attack, URL canonicalization, or a X.509Trustmanagerbug which could allow the attacker(s) to read transmitted data.
The app has not been taken down from the Google Play Store however, users are recommended to uninstall the app as soon as possible.