Google Android SD Card Cross-application Data Disclosure
Local Access Required
Loss of Confidentiality
No Vendor Response
Android has been reported to contain a flaw related to data storage. The issue is allegedly due to Android storing data insecurely, allowing for copied data (i.e. cloned) to be used by a second application, allowing for an authentication bypass. However, the analysis is based on having super-user privileges when performing testing, which would of course allow such data access. Subsequent dispute has clarified that the behavior originally demonstrated is expected.
The reported vulnerability has been determined to be incorrect. No solution is required.