Major Security Flaw Found in Popular Android App 'QuickScan PDF'

Cybersecurity researchers have issued an urgent warning for users of "QuickScan PDF," a popular Android application with over 10 million downloads on the Google Play Store. A critical vulnerability has been discovered that could allow malicious actors to gain unauthorized access to users' private photos and documents.

The Nature of the Flaw

The vulnerability, tracked as CVE-2025-1984, stems from improper handling of storage permissions within the app. According to the security firm that discovered the issue, a specially crafted file could trick the app into granting broad access to the device's internal storage. An attacker could potentially exploit this by convincing a user to open a malicious document, which would then allow the attacker's server to read and exfiltrate files from the device's photo gallery and document folders.

"This is a serious flaw because the app has legitimate reasons to ask for storage access, so users are likely to grant it without suspicion. The vulnerability turns this normal permission into a powerful weapon for data theft." — Lead Security Researcher (Statement)

What You Should Do Immediately

The app's developers have been notified and are reportedly working on a patch. In the meantime, users are advised to take immediate action to protect their data.

This incident serves as a critical reminder to regularly review the permissions granted to all applications on your devices. Even trusted apps can harbor vulnerabilities, and limiting their access is a key part of maintaining your digital security.