[Android] Directory traversal leading to disclosure of auth tokens

Files uploaded to and opened in Slack with specially-crafted names could cause the Android operating system to overwrite configuration files on customer devices, potentially exposing Slack data to attacker-controlled websites. In order to take advantage of this vulnerability, attackers needed to be in a workspace with the user and to induce a user to click on a file uploaded to Slack exceeding 1MB (files smaller than 1MB are not downloaded to the device and therefore do not present a risk) from their Android device. Slack quickly mitigated this issue with a patch to the Slack backend web site and confirmed that no customers were impacted by this issue. Later, Slack introduced an additional patch in the Android client itself for defense-in-depth.