Key Findings Critical flaw in EngageLab SDK affected up to 50 million Android devices, including over 30 million crypto wallet installations Intent redirection vulnerability allowed malicious apps to bypass Android sandbox protections and access private data EngageLab released patch in version 5.2.1 on November 3, 2025, after Microsoft's coordinated disclosure in April 2025 No active exploitation confirmed in the wild Vulnerable apps were removed from Google Play Store follow
