How Hackers Found a Security Startup's Secret Android Flaw