The single-line IsDebugMode(true) oversight in six Microsoft 365 Android apps (Word, Excel, PowerPoint, Copilot, Loop, OneNote) bypassed token-sharing restrictions, allowing any installed app to harvest FOCI refresh tokens. This enabled stealthy exfiltration of emails, documents, and calendar data without user interaction. Beyond the reported auto-update game-app vector, the flaw intersects with Android's fragmented update ecosystem and enterprise MDM gaps, where sideloaded or repackaged apps routinely evade Play Protect. Enclave's discovery highlights a recurring pattern seen in prior incidents, such as the 2022 Google Play supply-chain compromises detailed in the Android Security Bulletin and the 2023 Microsoft Teams token-handling issues reported by Krebs on Security. Unlike those, this case involved no malicious actor insertion but a production debug artifact that weaponized legitimate inter-app token flows. The absence of Teams exposure suggests inconsistent build pipelines across Microsoft divisions, amplifying risks for hybrid workforces reliant on Microsoft identity. Geopolitically, such tokens could facilitate persistent access for intelligence collection against corporate targets, underscoring mobile as a high-value vector in supply-chain espionage campaigns previously focused on desktop and cloud infrastructure.