Developers using APKTool, IntelliJ, Eclipse, or Android Studio to open an app containing a malicious AndroidManifest.xml file are vulnerable to having local files stolen by an attacker.