Posted by 0x3d5157636b525761 iddqd on May 09

Brief
=====
Android App WheresMyDroid (10M – 50M installations) allows a malicious
user to perform the following:

– Take silent camera photos, automatically uploading them.

– Getting the GPS location.

– Possibly wiping the phone, locking and unlocking the device.

– Upgrading the App to the Pro version.

These are all possible via SMS messages.

Disclosure timeline

===================

April 20th, 2016: discovered issues.
April 21st, 2016:…