During device acquisition, getPathToLocalCopy() constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName(). The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path containing traversal sequences, filepath.Join resolves them, allowing the file to be written outside the intended apks/ directory.

Practical exploitability is limited because Android enforces strict package path formats under /data/app/ and does not allow apps to register paths containing traversal sequences. Rated Informational as a defense-in-depth concern.

An attacker with control of the connected device could potentially write files outside the expected output directory on the acquisition workstation, leading to arbitrary file overwrite with attacker-controlled content.