Malicious local application can trick user into sending file from Mail.Ru Mail Android application folder by exploiting TOCTOU condition in ru.mail.ui.writemail.MailToMySelfActivity via symlink manipulation.