Mr. Number for Android contains a flaw that is triggered when a suspected spam pop-up window appears in front of the screen lock. In certain situations if the number in the pop-up is blocked and the 'done' option is selected, the screenlock will be bypassed and the user's home screen will appear. This may allow a physically present attacker to gain access to a user's phone.
Android contains a flaw that is during the handling of a specially crafted application. This may allow a local attacker to bypass a secure virtual private network (VPN) connection and redirect potentially sensitive cleartext information to a location they control.
Bit Web Server for Android installs with default MySQL admin credentials (the 'root' account has a blank password), which are publicly known and documented. This allows remote attackers to trivially gain privileged access to the service.
Brightest Flashlight Free Application for Android contains a flaw that is due to the device transmitting potentially sensitive information even if the user opted out of data sharing. This will cause location data and the unique device identifier to be transmitted to the vendor's servers and subsequently shared with advertisers.
Instagram contains a flaw that is due to the application transmitting pictures with the media_id tag unencrypted over an HTTP connection. This may allow a remote attacker to gain access to potentially sensitive media_id information.