A recent white paper reported an Autofill API vulnerability within Android's 8.0 Oreo release. The vulnerability comes via the ability for widgets to hide themselves from users and request information that users are unaware they are providing to the hidden widget. No public fixes have been issued.
This is the third part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part looks at how to determine who will get access to your API.