What Android Token Theft Means for Your Accounts
Android token theft is a security issue where apps steal authentication tokens stored on your device, letting attackers bypass passwords and reuse your identity across services without your knowledge or consent. Instead of guessing credentials, attackers copy tokens that your apps already use to stay signed in, then replay them from anywhere to open email, files, or AI tools as if they were you. Two recent cases show how serious this is. In one, a malicious Android app and an npm package quietly stole OpenAI Codex tokens. In another, a leftover debug flag in Microsoft 365 Android apps allowed untrusted apps on the same device to grab Microsoft account tokens. Both flaws turned normal single sign-on into an app authentication bypass that attackers could exploit without any visible warnings.
How Codex Tokens Were Stolen Through a Compromised Android Tool
The codexui-android npm package and related Android apps show how a normal-looking tool can hide Android token theft in plain sight. The codexui-android package, with over 29,000 weekly downloads, included code that read Codex’s ~/.codex/auth.json file and sent access_token, refresh_token, id_token, and the account ID to sentry.anyclaw.store, a server posing as Sentry. Aikido Security researcher Charlie Eriksen noted that “the refresh_token doesn’t expire,” so attackers could quietly impersonate affected users for as long as tokens worked. An Android app called OpenClaw Codex Claude AI Agent (over 50,000 downloads) pulled the same npm package into a Termux-derived Linux userland inside the app, then exfiltrated Codex OAuth data after in-app sign-in. Another app named Codex also used the same chain, showing how Android app security and supply chain trust can break together.
Microsoft 365 Android Token Flaw: What Went Wrong
The Microsoft 365 Android token flaw, nicknamed FlagLeft by Enclave, turned a convenience feature into an account security vulnerability. Microsoft’s Word, Excel, PowerPoint, OneNote, Microsoft Loop, and Microsoft 365 Copilot share FOCI tokens so users sign in once and stay authenticated across apps. A single line in a shared Microsoft SDK, setIsDebugMode(true), disabled the check that should limit token sharing to trusted Microsoft apps. Any other app on the same phone could request a token, obtain it, and read email, files, or calendar entries without a password or prompt. Enclave built a proof-of-concept that used an unverified third-party app to pull tokens and read email. Microsoft treated this as a local spoofing issue and issued patches with four CVEs on May 12, after which the detailed research became public.
Steps Users and IT Teams Should Take Right Now
Both incidents show how Android app security can fail without obvious warning signs, so users and admins should respond quickly. First, uninstall or stop using any OpenClaw Codex Claude AI Agent or Codex Android apps linked to codexui-android, revoke Codex tokens where possible, and treat ~/.codex/auth.json like a password by deleting or regenerating its contents. Next, update all Microsoft 365 Android apps, including Word, Excel, PowerPoint, OneNote, Microsoft Loop, and Microsoft 365 Copilot, to ensure the Microsoft 365 Android patch for FlagLeft is installed. IT teams should verify managed devices have the latest builds and adjust mobile app governance so only trusted apps can coexist with corporate tools. For all users, reviewing app permissions, removing unused apps, and watching account activity for unfamiliar logins or actions can help catch token-based account misuse early.
