EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

Yikes, a massive supply-chain flaw just dropped. EngageLab's SDK—used by tons of Android apps—had a critical vulnerability that exposed over 50 million installs. And get this: 30 million of those were crypto wallet apps. Your digital assets? Potentially at risk.

The flaw was disclosed in April 2025, but here's the kicker: it wasn't fully patched until November 2025. That's a seven-month window where bad actors could've exploited it. If you had any of those affected apps, your data might've been up for grabs.

EngageLab's SDK is embedded in apps for push notifications and analytics. The vulnerability allowed unauthorized access to sensitive user data. Think: personal info, device details, and—for crypto wallets—potentially private keys or transaction data. Not a good look.

This is a classic supply-chain attack. One vulnerable component, and boom—dozens of apps are compromised. It highlights why third-party SDKs need rigorous security audits. Developers, take note: your app's security is only as strong as its weakest dependency.

The tags say it all: Android, cryptocurrency, cybersecurity, data protection, Google Play, Microsoft, mobile security, Supply Chain Security, Vulnerability. This story touches every corner of the tech security world. Stay vigilant, update your apps, and maybe double-check your crypto wallet's security settings.