Mobclix Ad Library for Android contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the com.mobclix.android.sdk.MobclixJavascriptInterface class is called once the application is installed and subsequently whenever the user moves to a different location. This will disclose a user's location to a third party advertiser.

The presence of this software means the host system has been compromised through some other exploit/vulnerability. The only way to ensure the software, and any other malicious software (malware), is completely removed is to re-install the operating system.

• Related OSVDB ID: 85303 85304 85305 85306 85307
• News Article: http://arstechnica.com/business/news/2012/03/researchers-find-privacy-and-security-holes-in-android-apps-with-ads.ars
• Other Advisory URL: http://www.csc.ncsu.edu/faculty/jiang/pubs/WISEC12_ADRISK.pdf

• Michael Grace - Department of Computer Science, North Carolina State University
• Wu Zhou - Department of Computer Science, North Carolina State University
• Xuxian Jiang - Department of Computer Science, North Carolina State University
• Ahmad-Reza Sadeghi - Center for Advanced Security Research, Technical University Darmstadt

NVD does not currently have a CVSSv2 score assigned.