diff --git a/app/src/main/java/com/nextcloud/android/sso/InputStreamBinder.java b/app/src/main/java/com/nextcloud/android/sso/InputStreamBinder.java
index 22195227bbad..9a780027ac4e 100644
--- a/app/src/main/java/com/nextcloud/android/sso/InputStreamBinder.java
+++ b/app/src/main/java/com/nextcloud/android/sso/InputStreamBinder.java
@@ -28,6 +28,7 @@
 import com.owncloud.android.lib.common.OwnCloudClientManagerFactory;
 import com.owncloud.android.lib.common.utils.Log_OC;
 import com.owncloud.android.utils.EncryptionUtils;
+import io.github.pixee.security.ObjectInputFilters;
 
 import org.apache.commons.httpclient.HttpConnection;
 import org.apache.commons.httpclient.HttpMethodBase;
@@ -208,6 +209,7 @@ private <T extends Serializable> ByteArrayInputStream serializeObjectToInputStre
     private <T extends Serializable> T deserializeObjectAndCloseStream(InputStream is) throws IOException,
         ClassNotFoundException {
         ObjectInputStream ois = new ObjectInputStream(is);
+        ObjectInputFilters.enableObjectFilterIfUnprotected(ois);
         T result = (T) ois.readObject();
         is.close();
         ois.close();