IBM X-Force has discovered a vulnerability in the DropBox software development kit (SDK) for Android that allows attackers to connect a victim’s Android apps to an attacker’s own DropBox account. The “DroppedIn” vulnerability affects any Android app developed with DropBox SDK versions 1.5.4 through 1.6.1. The vulnerability is in the implementation of the authentication mechanism used to give the app access to DropBox. It’s supposed to work like this: while the user is providing their username-password combo to log in, the SDK is generating a large random number.”]
Source: https://www.darkreading.com/cloud/droppedin-vuln-links-victims-androids-to-attackers-dropboxes