Mobile Dynamix PrinterShare Android OAuth Token Leakage Vulnerability

A vulnerability in the Mobile Dynamix PrinterShare Android application, affecting versions through 12.15.01, allows the unauthorized capture of Gmail authentication tokens. These tokens can be reused to access a user's Gmail account without proper authorization. The issue arises in an exported activity that interacts with the Gmail application, leading to the exposure of sensitive authentication data.

Impact

Exploitation of this vulnerability allows for unauthorized access to a user's Gmail account by capturing and reusing authentication tokens.

Reproduction

The vulnerability can be reproduced on a rooted Samsung device running Android 13. After attaching the device's Gmail account to the PrinterShare application, the vulnerability can be triggered by accessing the 'Gmail' option within the app. This action initiates the token leakage, which can be monitored and captured using a Frida script.