Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow an attacker to compromise the privacy of the applications’ users. This has been fixed in Adobe AIR SDK release version 23.0.0.257. This affects applications compiled with the Adobe AIR SDK versions 22.0.0.153 and earlier.