Domain Spoofing Vuln in Status Android Wallet

3 points by hackideiomat 1 year ago | 1 comment
  • hackideiomat 1 year ago
    This android wallet has an internal browser and it incorrectly strips www. from hosts. This also affects their permission system, meaning this is the perfect bug to phish users.

    They didn't answer multiple mails in 30 days, so it's being disclosed.