CVE-2021-32695

Name of the Vulnerable Software and Affected Versions Nextcloud Android app versions prior to 3.16.1

Description The Nextcloud Android app is vulnerable to an issue where a malicious app on the same device could access the shared preferences of the Nextcloud Android application. This requires user-interaction, as the victim must initiate the sharing flow and choose the malicious app. The shared preferences contain limited private data, such as push tokens and the account name.

Recommendations For versions prior to 3.16.1, update to version 3.16.1 to resolve the issue. As a temporary workaround, consider restricting the sharing flow to trusted apps until the update is applied.