What is the EngageLab SDK vulnerability?

It was an intent redirection flaw in v4.5.4 letting malicious apps bypass Android sandbox for data access. Patched in 5.2.1.

Which crypto wallets used EngageLab SDK?

Microsoft didn't name them, but 30M installs affected. Check your apps' changelogs for updates post-Nov 2025.

How to protect against SDK flaws on Android?

Update apps immediately, avoid sideloading, use antivirus like Microsoft Defender, and stick to audited wallets.

🕳️ Vulnerabilities & CVEs

EngageLab SDK Flaw Exposed 50M Android Devices — 30M Crypto Wallets in the Crosshairs

Imagine a push notification SDK quietly unlocking your crypto wallet for any rogue app on your phone. That's the EngageLab SDK flaw Microsoft just dissected — affecting 50 million Android users.

theAIcatchup Apr 09, 2026 4 min read

Android phone screen showing security alert for EngageLab SDK vulnerability impacting crypto wallets

⚡ Key Takeaways

EngageLab SDK flaw risked 50M Android users via intent redirection, with 30M crypto wallets exposed. 𝕏
Microsoft disclosed responsibly; vulnerable apps removed from Play Store, patch in v5.2.1. 𝕏
Highlights third-party SDK risks in crypto — demand audits to avoid supply-chain disasters. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#Android vulnerability #EngageLab SDK #crypto wallet security #intent redirection

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Flowise's Perfect-Score Flaw CVE-2025-59528: Attackers Already Inside

Microsoft's February Patch Tuesday: 58 Fixes, 6 Active Exploits, Azure in the Crosshairs

Oracle's CVE-2026-21992 Lets Hackers Run Wild on Identity Systems

OpenClaw's Exposed Underbelly: Agentic AI's Security Reckoning

Stay in the loop