Android “API breaking” vulnerability can leak device data