Is Your App Protected? The Branch API Vulnerability You Need to Know About

A problem with the $fallback_url in Branch.io’s deep linking system could leave users open to being redirected to phishing and malware sites by attackers using exposed API keys.
The anomaly occurs when a smart deep link, designed to open a specific app, is unable to do so and reverts to a programmer-provided URL as fallback.
This system could be abused when an attacker exposes an API key and uses a wildcard $fallback_url, allowing for malicious redirections and compromising user data through false prompts for login details.
The article warns developers to keep API keys secret to avoid exposing users to such risks and also to regularly monitor $fallback_url to ensure security.

Fast Feed