CVE-2017-16905
DuoLingo TinyCards for Android (before 1.0) uses unencrypted HTTP, enabling a man‑in‑the‑middle to spoof content and potentially achieve remote code execution. Root cause: insecure network transport. Impact: content spoofing and possible RCE as stated. Remediation: upgrade to version 1.0 or later...