

Android app with full control over your Google account - dsr12
http://isciurus.blogspot.com/2015/01/android-app-with-full-control-over-your.html

======
jarofgreen
No mention of Responsible Disclosure .... really hope that was done!

~~~
jkn
It's actually mentioned at the bottom of the article:

    
    
      Timeline:
      December 2, 2014 — Reported the vulnerability to the Android security, @natashenka confirmed the repro works
      January 6, 2015 — Response form Android security saying that the fix was pushed in mid-December, I checked that the repro stopped working on all my phones
      January 9, 2015 — Public disclosure

------
efoto
You did get your bounty for finding the bug I presume?

~~~
Aissen
Otherwise he might have passed on ~$20k. Maybe he just didn't care.

------
kryps
The PoC exploit fails on Android 5.0.1 with latest Google Play Services.

~~~
on_and_off
Not too surprising (but still reassuring), Play Services issues are by far the
easiest thing to patch on Android.

