Impact
A third-party malicious application installed on the same phone can force Element Android, versions 0.91.0 (released on 2020-07-01) through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary Matrix room.
The impact of the attack is reduced by the fact that the most of the resources stored in this folder are encrypted.
Patches
Fixed in Element Android 1.6.12 (commit 8f9695a).
Workarounds
Forks of Element Android which have set android:exported="false" in the AndroidManifest.xml file for the IncomingShareActivity activity are not impacted.
References
For more information
If you have any questions or comments about this advisory, please email us at security at element.io.
Impact
A third-party malicious application installed on the same phone can force Element Android, versions 0.91.0 (released on 2020-07-01) through 1.6.12, to share files stored under the
filesdirectory in the application's private data directory to an arbitrary Matrix room.The impact of the attack is reduced by the fact that the most of the resources stored in this folder are encrypted.
Patches
Fixed in Element Android 1.6.12 (commit 8f9695a).
Workarounds
Forks of Element Android which have set
android:exported="false"in theAndroidManifest.xmlfile for theIncomingShareActivityactivity are not impacted.References
For more information
If you have any questions or comments about this advisory, please email us at security at element.io.