#android-security — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #android-security, aggregated by home.social.
-
The feature can automatically detect and block malicious websites, suspicious calls, phishing attempts and other harmful activities. https://english.mathrubhumi.com/lifestyle/how-to/how-to-enable-advanced-protection-on-android-16-jjga157g?utm_source=dlvr.it&utm_medium=mastodon #HowTo #AndroidUpdate #Google #AndroidSecurity
-
The feature can automatically detect and block malicious websites, suspicious calls, phishing attempts and other harmful activities. https://english.mathrubhumi.com/lifestyle/how-to/how-to-enable-advanced-protection-on-android-16-jjga157g?utm_source=dlvr.it&utm_medium=mastodon #HowTo #AndroidUpdate #Google #AndroidSecurity
-
The feature can automatically detect and block malicious websites, suspicious calls, phishing attempts and other harmful activities. https://english.mathrubhumi.com/lifestyle/how-to/how-to-enable-advanced-protection-on-android-16-jjga157g?utm_source=dlvr.it&utm_medium=mastodon #HowTo #AndroidUpdate #Google #AndroidSecurity
-
The feature can automatically detect and block malicious websites, suspicious calls, phishing attempts and other harmful activities. https://english.mathrubhumi.com/lifestyle/how-to/how-to-enable-advanced-protection-on-android-16-jjga157g?utm_source=dlvr.it&utm_medium=mastodon #HowTo #AndroidUpdate #Google #AndroidSecurity
-
Fileless RCE on stock Android (~2.5B devices). Reported to Google VRP, confirmed by their own engineering team, closed as NSBC anyway.
#AndroidSecurity #infosec #Android #MobileSecurity #VulnerabilityResearch #RCE #BugBounty #VRP #ResponsibleDisclosure #AppSec #ThreatIntel #WebView #ZeroDay #CVE
-
Fileless RCE on stock Android (~2.5B devices). Reported to Google VRP, confirmed by their own engineering team, closed as NSBC anyway.
#AndroidSecurity #infosec #Android #MobileSecurity #VulnerabilityResearch #RCE #BugBounty #VRP #ResponsibleDisclosure #AppSec #ThreatIntel #WebView #ZeroDay #CVE
-
Fileless RCE on stock Android (~2.5B devices). Reported to Google VRP, confirmed by their own engineering team, closed as NSBC anyway.
#AndroidSecurity #infosec #Android #MobileSecurity #VulnerabilityResearch #RCE #BugBounty #VRP #ResponsibleDisclosure #AppSec #ThreatIntel #WebView #ZeroDay #CVE
-
Fileless RCE on stock Android (~2.5B devices). Reported to Google VRP, confirmed by their own engineering team, closed as NSBC anyway.
#AndroidSecurity #infosec #Android #MobileSecurity #VulnerabilityResearch #RCE #BugBounty #VRP #ResponsibleDisclosure #AppSec #ThreatIntel #WebView #ZeroDay #CVE
-
🔥 Learn Android #hacking from practitioners who do it for a living.
2 days. Hands-on: Frida, reverse engineering, pinning & root detection bypasses, CTFs, and real-world attacks.
🎟️ Code: DCTLV26SAVE10 for 10% OFF (first 10)
👉https://training.defcon.org/products/hacking-android-apps-by-example-abraham-aranguren-abhishek-j-m-anirudh-anand-dctlv2026 -
4 security features I always set up on every new Android phone
Mishaal Rahman / Android Authority Whenever I set up a new Android phone, I do the usual stuff…
#NewsBeep #News #Mobile #Android #AndroidSecurity #CA #Canada #Technology
https://www.newsbeep.com/ca/735310/ -
4 security features I always set up on every new Android phone
Mishaal Rahman / Android Authority Whenever I set up a new Android phone, I do the usual stuff…
#NewsBeep #News #Mobile #android #AndroidSecurity #Technology #UK #UnitedKingdom
https://www.newsbeep.com/uk/637519/ -
https://www.europesays.com/ie/534008/ 4 security features I always set up on every new Android phone #Android #AndroidSecurity #Éire #IE #Ireland #Mobile #Technology
-
El parche de seguridad de Samsung de junio 2026 corrige 45 vulnerabilidades
La actualización incluye 33 correcciones de Google —cinco críticas y 28 de alta severidad— y 12 fixes propios de Samsung que afectan componentes como Samsung Account, Samsung Cloud, Smart Suggestions y Theme Manager. El despliegue comenzará en Corea del Sur y se extenderá en días al resto del mundo (Fuente Sammobile).
Samsung detalló su actualización de seguridad Android para junio de 2026, y el número habla por sí solo. El parche aborda un total de 45 vulnerabilidades de seguridad en dispositivos Galaxy, incluyendo 33 correcciones de Google para problemas a nivel Android —cinco calificadas como críticas y 28 como de alta severidad— y 12 correcciones específicas de Samsung que cubren componentes como Samsung Account, Samsung Cloud, Smart Suggestions, Theme Manager, Settings y otros servicios de One UI.
En el detalle técnico, 11 de los fixes son provistos por Samsung MX y uno por la división de semiconductores Samsung Exynos, que corrige una vulnerabilidad en el controlador DRM HDR. La mayoría de las correcciones propias de Samsung afectan dispositivos con Android 14, Android 15 y Android 16.
Vale la pena destacar un dato adicional: este parche de seguridad está incluido también en la actualización beta de One UI 9.0 lanzada para el Galaxy S26, por lo que los usuarios del programa de pruebas ya lo tienen disponible.
En cuanto al despliegue, la actualización aún no está llegando a los dispositivos al momento de publicación de este artículo, pero se espera que el rollout comience pronto, muy probablemente iniciando en Corea del Sur. Las actualizaciones de Samsung suelen expandirse a otros mercados en cuestión de días, por lo que la espera no debería ser prolongada. Los dispositivos más nuevos recibirán la actualización primero, aunque esto no es una regla fija.
#Actualizacion #Android16 #AndroidSecurity #ciberseguridad #Exynos #GalaxyS26 #OneUI #parche #PORTADA #Samsung #SamsungAccount #seguridadMovil #SmartSuggestions #ThemeManager #vulnerabilidades -
Google Gemini on Android Exposed to Notification-Based Hijacking
Researchers have uncovered a vulnerability in Google Gemini on Android that allows hackers to hijack the assistant using a single hostile notification, no malicious app required. This shocking exploit lets anyone able to push a notification to a device deliver a payload and take control.
#AndroidSecurity #GoogleGemini #NotificationbasedHijacking #EmergingThreats #MobileSecurity
-
Google Bolsters Android Defenses Against AI-Powered Scam Calls
Google's new fake call detection feature sends a silent signal to verify the caller, instantly warning you if a scammer tries to impersonate someone you know. If the signal is missing, your device double-checks with the caller's actual phone to keep you safe.
#AipoweredScamCalls #FakeCallDetection #AndroidSecurity #Google #EmergingThreats
-
Google Patches Actively Exploited Android Flaw Amid June Update
Google just dropped a crucial security update for Android, fixing 124 vulnerabilities, including a high-severity flaw that's being actively exploited - don't wait, patch up your device now! This critical fix tackles a privilege escalation bug that can be triggered without any user interaction, putting your data at risk.
#AndroidSecurity #Cve202548595 #Google #EmergingThreats #PrivilegeEscalation
-
Network Monitoring with Termux
In this article, I cover practical network monitoring with Termux, packet capture workflows for cybersecurity
https://denizhalil.com/2025/06/16/termux-network-monitoring-android-guide/
#CyberSecurity #Termux #AndroidSecurity #NetworkMonitoring #NetworkSecurity #Linux #tcpdump
-
Network Monitoring with Termux
In this article, I cover practical network monitoring with Termux, packet capture workflows for cybersecurity
https://denizhalil.com/2025/06/16/termux-network-monitoring-android-guide/
#CyberSecurity #Termux #AndroidSecurity #NetworkMonitoring #NetworkSecurity #Linux #tcpdump
-
Network Monitoring with Termux
In this article, I cover practical network monitoring with Termux, packet capture workflows for cybersecurity
https://denizhalil.com/2025/06/16/termux-network-monitoring-android-guide/
#CyberSecurity #Termux #AndroidSecurity #NetworkMonitoring #NetworkSecurity #Linux #tcpdump
-
Android apps hide dozens of trackers — here’s how to find them
Andy Walker / Android Authority It’s no secret that Android apps can and often do track users as…
#NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Mobile #Androidapps #AndroidSecurity #privacy #Technology
https://www.newsbeep.com/us/674315/ -
Android apps hide dozens of trackers — here’s how to find them
Andy Walker / Android Authority It’s no secret that Android apps can and often do track users as…
#NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Mobile #Androidapps #AndroidSecurity #privacy #Technology
https://www.newsbeep.com/us/674315/ -
Android apps hide dozens of trackers — here’s how to find them
Andy Walker / Android Authority It’s no secret that Android apps can and often do track users as…
#NewsBeep #News #Mobile #Androidapps #AndroidSecurity #Privacy #Technology #UK #UnitedKingdom
https://www.newsbeep.com/uk/612141/ -
https://www.europesays.com/ie/510389/ Android apps hide dozens of trackers — here’s how to find them #AndroidApps #AndroidSecurity #Éire #IE #Ireland #Mobile #Privacy #Technology
-
https://www.europesays.com/uk/994428/ Android apps hide dozens of trackers — here’s how to find them #AndroidApps #AndroidSecurity #Mobile #Privacy #Technology #UK #UnitedKingdom
-
https://www.europesays.com/ie/488861/ Android 17’s latest anti-theft feature stops thieves who already have your PIN #Android17 #AndroidSecurity #Éire #FindHub #Google #IE #Ireland #Mobile #Technology
-
Ein Konfigurationsfehler legt die komplette .de-Zone lahm. Drei Linux-Kernel-Exploits zielen auf dasselbe Angriffsmuster. Und Daniel Stenberg beschreibt, wie KI-generierte Bug-Reports curl gleichzeitig besser und anstrengender machen.
Unser aktueller Security Digest ordnet ein, was die letzten Wochen wirklich relevant war:
🔐 Copy Fail, Dirty Frag, Dirty Pipe: Local Privilege Escalation bleibt eine der häufigsten Schwachstellenklassen im Linux-Kernel. Unser Take: SELinux ist kein Nice-to-have, sondern die wirksamste Gegenmaßnahme. Nicht-privilegierte Accounts sollten nicht unter unconfined_u laufen. Punkt.
🌐 DNSSEC-Ausfall der .de-Zone: Ein Signierfehler bei der DENIC hat am 05.05. gezeigt, wie fragil zentralisierte DNS-Infrastruktur sein kann.
🤖 KI und Open Source: curl erlebt nach der AI-Slop-Welle jetzt hochwertige Meldungen. Gleichzeitig steigt die Last für Maintainerinnen und Maintainer massiv.
📱 Android Intrusion Logging: Google liefert mit dem Advanced Protection Mode endlich eine echte Datenquelle für mobile Forensik. Wir empfehlen die Aktivierung für exponierte Personen und Organisationen mit erhöhtem Schutzbedarf.
Das Security-Modell aus dem Mobilbereich wird zunehmend zum Vorbild für Desktop und Server. Wer heute noch ohne Mandatory Access Control arbeitet, liefert eine Angriffsfläche, die sich mit wenigen Konfigurationsschritten deutlich reduzieren ließe. Den vollständigen Digest mit allen Quellen und unserer Einordnung finden Sie hier: https://research.hisolutions.com/2026/05/
Wie gehen Sie in Ihrer Organisation mit SELinux um? Und nutzt jemand von Ihnen bereits Android Intrusion Logging in der Vorfallsbehandlung?
#Cybersecurity #SELinux #DNSSEC #AndroidSecurity #OpenSource @brahms @jrt -
Ein Konfigurationsfehler legt die komplette .de-Zone lahm. Drei Linux-Kernel-Exploits zielen auf dasselbe Angriffsmuster. Und Daniel Stenberg beschreibt, wie KI-generierte Bug-Reports curl gleichzeitig besser und anstrengender machen.
Unser aktueller Security Digest ordnet ein, was die letzten Wochen wirklich relevant war:
🔐 Copy Fail, Dirty Frag, Dirty Pipe: Local Privilege Escalation bleibt eine der häufigsten Schwachstellenklassen im Linux-Kernel. Unser Take: SELinux ist kein Nice-to-have, sondern die wirksamste Gegenmaßnahme. Nicht-privilegierte Accounts sollten nicht unter unconfined_u laufen. Punkt.
🌐 DNSSEC-Ausfall der .de-Zone: Ein Signierfehler bei der DENIC hat am 05.05. gezeigt, wie fragil zentralisierte DNS-Infrastruktur sein kann.
🤖 KI und Open Source: curl erlebt nach der AI-Slop-Welle jetzt hochwertige Meldungen. Gleichzeitig steigt die Last für Maintainerinnen und Maintainer massiv.
📱 Android Intrusion Logging: Google liefert mit dem Advanced Protection Mode endlich eine echte Datenquelle für mobile Forensik. Wir empfehlen die Aktivierung für exponierte Personen und Organisationen mit erhöhtem Schutzbedarf.
Das Security-Modell aus dem Mobilbereich wird zunehmend zum Vorbild für Desktop und Server. Wer heute noch ohne Mandatory Access Control arbeitet, liefert eine Angriffsfläche, die sich mit wenigen Konfigurationsschritten deutlich reduzieren ließe. Den vollständigen Digest mit allen Quellen und unserer Einordnung finden Sie hier: https://research.hisolutions.com/2026/05/
Wie gehen Sie in Ihrer Organisation mit SELinux um? Und nutzt jemand von Ihnen bereits Android Intrusion Logging in der Vorfallsbehandlung?
#Cybersecurity #SELinux #DNSSEC #AndroidSecurity #OpenSource @brahms @jrt -
Ein Konfigurationsfehler legt die komplette .de-Zone lahm. Drei Linux-Kernel-Exploits zielen auf dasselbe Angriffsmuster. Und Daniel Stenberg beschreibt, wie KI-generierte Bug-Reports curl gleichzeitig besser und anstrengender machen.
Unser aktueller Security Digest ordnet ein, was die letzten Wochen wirklich relevant war:
🔐 Copy Fail, Dirty Frag, Dirty Pipe: Local Privilege Escalation bleibt eine der häufigsten Schwachstellenklassen im Linux-Kernel. Unser Take: SELinux ist kein Nice-to-have, sondern die wirksamste Gegenmaßnahme. Nicht-privilegierte Accounts sollten nicht unter unconfined_u laufen. Punkt.
🌐 DNSSEC-Ausfall der .de-Zone: Ein Signierfehler bei der DENIC hat am 05.05. gezeigt, wie fragil zentralisierte DNS-Infrastruktur sein kann.
🤖 KI und Open Source: curl erlebt nach der AI-Slop-Welle jetzt hochwertige Meldungen. Gleichzeitig steigt die Last für Maintainerinnen und Maintainer massiv.
📱 Android Intrusion Logging: Google liefert mit dem Advanced Protection Mode endlich eine echte Datenquelle für mobile Forensik. Wir empfehlen die Aktivierung für exponierte Personen und Organisationen mit erhöhtem Schutzbedarf.
Das Security-Modell aus dem Mobilbereich wird zunehmend zum Vorbild für Desktop und Server. Wer heute noch ohne Mandatory Access Control arbeitet, liefert eine Angriffsfläche, die sich mit wenigen Konfigurationsschritten deutlich reduzieren ließe. Den vollständigen Digest mit allen Quellen und unserer Einordnung finden Sie hier: https://research.hisolutions.com/2026/05/
Wie gehen Sie in Ihrer Organisation mit SELinux um? Und nutzt jemand von Ihnen bereits Android Intrusion Logging in der Vorfallsbehandlung?
#Cybersecurity #SELinux #DNSSEC #AndroidSecurity #OpenSource @brahms @jrt -
Ein Konfigurationsfehler legt die komplette .de-Zone lahm. Drei Linux-Kernel-Exploits zielen auf dasselbe Angriffsmuster. Und Daniel Stenberg beschreibt, wie KI-generierte Bug-Reports curl gleichzeitig besser und anstrengender machen.
Unser aktueller Security Digest ordnet ein, was die letzten Wochen wirklich relevant war:
🔐 Copy Fail, Dirty Frag, Dirty Pipe: Local Privilege Escalation bleibt eine der häufigsten Schwachstellenklassen im Linux-Kernel. Unser Take: SELinux ist kein Nice-to-have, sondern die wirksamste Gegenmaßnahme. Nicht-privilegierte Accounts sollten nicht unter unconfined_u laufen. Punkt.
🌐 DNSSEC-Ausfall der .de-Zone: Ein Signierfehler bei der DENIC hat am 05.05. gezeigt, wie fragil zentralisierte DNS-Infrastruktur sein kann.
🤖 KI und Open Source: curl erlebt nach der AI-Slop-Welle jetzt hochwertige Meldungen. Gleichzeitig steigt die Last für Maintainerinnen und Maintainer massiv.
📱 Android Intrusion Logging: Google liefert mit dem Advanced Protection Mode endlich eine echte Datenquelle für mobile Forensik. Wir empfehlen die Aktivierung für exponierte Personen und Organisationen mit erhöhtem Schutzbedarf.
Das Security-Modell aus dem Mobilbereich wird zunehmend zum Vorbild für Desktop und Server. Wer heute noch ohne Mandatory Access Control arbeitet, liefert eine Angriffsfläche, die sich mit wenigen Konfigurationsschritten deutlich reduzieren ließe. Den vollständigen Digest mit allen Quellen und unserer Einordnung finden Sie hier: https://research.hisolutions.com/2026/05/
Wie gehen Sie in Ihrer Organisation mit SELinux um? Und nutzt jemand von Ihnen bereits Android Intrusion Logging in der Vorfallsbehandlung?
#Cybersecurity #SELinux #DNSSEC #AndroidSecurity #OpenSource @brahms @jrt -
https://www.europesays.com/ie/481476/ Android 17 will soon tell you whether your OS is legit #Android #Android17 #AndroidSecurity #Cybersecurity #Éire #IE #Ireland #Mobile #Technology
-
https://www.europesays.com/uk/955471/ Android 17 will soon tell you whether your OS is legit #Android #Android17 #AndroidSecurity #Cybersecurity #Mobile #Technology #UK #UnitedKingdom
-
Google Bolsters Android Security to Counter Spyware Vendors
Google's new Intrusion Logging feature is a game-changer in the fight against spyware, helping digital forensics researchers uncover sophisticated attacks on Android devices. By recording security incidents like device unlocking and spyware installation, it provides crucial evidence to investigate and take down these threats.
#AndroidSecurity #Spyware #IntrusionLogging #DigitalForensics #AdvancedProtectionMode
-
Update Android Now—Google Confirms Critical Zero-Click Vulnerability
Update Android now—zero-click vulnerability confirmed by Google. SOPA Images/LightRocket via Getty Images The newly published May 2026 Android…
#NewsBeep #News #Mobile #AndroidSecurity #androidsecurityupdate #Androidzero-clicksecurityvulnerability #CVE-2026-0073 #Google #GoogleAndroid #GoogleSecurityUpdate #Technology #UK #UnitedKingdom #UpdateAndroidnow
https://www.newsbeep.com/uk/575949/ -
https://www.europesays.com/ie/475913/ Update Android Now—Google Confirms Critical Zero-Click Vulnerability #AndroidSecurity #AndroidSecurityUpdate #AndroidZeroClickSecurityVulnerability #CVE20260073 #Éire #Google #GoogleAndroid #GoogleSecurityUpdate #IE #Ireland #Mobile #Technology #UpdateAndroidNow
-
🎯 Google mette in palio $1,5 Milioni per bucare Android! Prova a superare la sfida. #HackerChallenge #AndroidSecurity ⚔️💰
🔗 https://www.tomshw.it/smartphone/google-android-premi-exploit
-
🎯 Google mette in palio $1,5 Milioni per bucare Android! Prova a superare la sfida. #HackerChallenge #AndroidSecurity ⚔️💰
🔗 https://www.tomshw.it/smartphone/google-android-premi-exploit
-
🎯 Google mette in palio $1,5 Milioni per bucare Android! Prova a superare la sfida. #HackerChallenge #AndroidSecurity ⚔️💰
🔗 https://www.tomshw.it/smartphone/google-android-premi-exploit
-
New under-display face unlock tech could finally kill the notch
Paul Jones / Android Authority Screenshot TL;DR Apple has been trying to bring Face ID under-display with no…
#NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Mobile #AndroidSecurity #Technology
https://www.newsbeep.com/us/624869/ -
New under-display face unlock tech could finally kill the notch
Paul Jones / Android Authority Screenshot TL;DR Apple has been trying to bring Face ID under-display with no…
#NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Mobile #AndroidSecurity #Technology
https://www.newsbeep.com/us/624869/ -
New under-display face unlock tech could finally kill the notch
Paul Jones / Android Authority Screenshot TL;DR Apple has been trying to bring Face ID under-display with no…
#NewsBeep #News #Mobile #AndroidSecurity #CA #Canada #Technology
https://www.newsbeep.com/ca/649188/ -
https://www.europesays.com/ie/469386/ New under-display face unlock tech could finally kill the notch #AndroidSecurity #Éire #IE #Ireland #Mobile #Technology
-
Signing up for new Android apps just got easier
TL;DR Google now lets you sign up for an Android app via email without using magic links and…
#NewsBeep #News #Mobile #Android #AndroidSecurity #CA #Canada #Google #Technology
https://www.newsbeep.com/ca/623001/ -
Signing up for new Android apps just got easier
TL;DR Google now lets you sign up for an Android app via email without using magic links and…
#NewsBeep #News #Mobile #Android #AndroidSecurity #AU #Australia #Google #Technology
https://www.newsbeep.com/au/625429/ -
Signing up for new Android apps just got easier
TL;DR Google now lets you sign up for an Android app via email without using magic links and…
#NewsBeep #News #Mobile #Android #AndroidSecurity #AU #Australia #Google #Technology
https://www.newsbeep.com/au/625429/ -
Google Fortifies Ad Ecosystem, Cracks Down on 8.3B Policy-Violating Ads
Google is taking a giant leap in protecting user privacy and cracking down on fraud, having blocked over 8.3 billion ads and suspended 24.9 million accounts in a single year. This bold move is part of a broader effort to reshape how apps handle sensitive data, with a focus on transparency and security.
#AdEcosystem #OnlineAdvertising #PolicyEnforcement #PrivacyUpdates #AndroidSecurity
-
Mirax Android RAT:
• 220K users via Meta ads
• Full RAT + SOCKS5 proxy
• Residential IP abuse
• Multi-stage evasion
Devices now double as infra.💬 Detection strategies?
Source: https://thehackernews.com/2026/04/mirax-android-rat-turns-devices-into.html
🔁 Share
🔔 Follow @technadu -
Mirax Android RAT:
• 220K users via Meta ads
• Full RAT + SOCKS5 proxy
• Residential IP abuse
• Multi-stage evasion
Devices now double as infra.💬 Detection strategies?
Source: https://thehackernews.com/2026/04/mirax-android-rat-turns-devices-into.html
🔁 Share
🔔 Follow @technadu -
Mirax Android RAT:
• 220K users via Meta ads
• Full RAT + SOCKS5 proxy
• Residential IP abuse
• Multi-stage evasion
Devices now double as infra.💬 Detection strategies?
Source: https://thehackernews.com/2026/04/mirax-android-rat-turns-devices-into.html
🔁 Share
🔔 Follow @technadu -
Google reveals Pixel 10 modem firmware now uses Rust to reduce baseband security risks
https://fed.brid.gy/r/https://nerds.xyz/2026/04/pixel-10-rust-baseband/
-
EngageLab SDK Flaw Compromises 50M Android Users
A security flaw in the EngageLab SDK has put a whopping 50 million Android users at risk, allowing apps on the same device to bypass Android's security sandbox and gain unauthorized access to sensitive information. This vulnerability, now patched, exposed cryptocurrency wallet users and others to potential data breaches.
#EngagelabSdk #AndroidSecurity #MobileSecurity #ThirdpartySdkVulnerability #EmergingThreats
-
I would strongly encourage everyone who has a Google account to enable Advanced Protection via Google's #AdvancedProtectionProgram https://google.com/advancedprotection and if you have an #AndroidPhone, you should also enable enable Advanced Protection on your device as well.
On Pixel Devices:
-> Settings
-> Security and Privacy
-> Advanced ProtectionAnd turn it on.
This gives you Google's highest level of protection for your device and account.
#GoogleSecurity #androidsecurity #securityforeveryone
:D
-
Android malware advisory
WhatsApp droppers, Accessibility abuse
Full device takeover
OTP theft, overlays, persistence👉 Audit permissions
🔔 Follow TechNadu -
Android malware advisory
WhatsApp droppers, Accessibility abuse
Full device takeover
OTP theft, overlays, persistence👉 Audit permissions
🔔 Follow TechNadu -
Android malware advisory
WhatsApp droppers, Accessibility abuse
Full device takeover
OTP theft, overlays, persistence👉 Audit permissions
🔔 Follow TechNadu -
Day 10 of #100VibeProjects 🔍
Built a local web tool that does static security analysis of Android APKs — upload an APK and get a report covering permissions, hardcoded secrets, SDK fingerprinting, cert pinning, and crypto posture.
The interesting part: the methodology came from reverse-engineering the WhiteHouse app teardown that went viral last week. Applied the same five-gate analysis framework to a real banking app.
Found an expired certificate pin (silently disables TLS pinning for all users), a session replay SDK with no confirmed masking rules, and four Adobe tracking SDKs doing cross-device user stitching.
The tool runs entirely locally. No data leaves your machine. APK deleted after analysis.
Stack: Python · Flask · androguard · 380 lines
📝 Blog: mrdee.in
https://mrdee.in/writing/vibecoding-day010-offline-apk-security-analyzer/💻 GitHub Repo: https://github.com/mr-dinesh/Offline-APK-Analyzer
#VibeCoding #AppSec #AndroidSecurity #MobileSecurity #Python #Flask #DFIR #InfoSec #ReverseEngineering #CyberSecurity
-
Day 10 of #100VibeProjects 🔍
Built a local web tool that does static security analysis of Android APKs — upload an APK and get a report covering permissions, hardcoded secrets, SDK fingerprinting, cert pinning, and crypto posture.
The interesting part: the methodology came from reverse-engineering the WhiteHouse app teardown that went viral last week. Applied the same five-gate analysis framework to a real banking app.
Found an expired certificate pin (silently disables TLS pinning for all users), a session replay SDK with no confirmed masking rules, and four Adobe tracking SDKs doing cross-device user stitching.
The tool runs entirely locally. No data leaves your machine. APK deleted after analysis.
Stack: Python · Flask · androguard · 380 lines
📝 Blog: mrdee.in
https://mrdee.in/writing/vibecoding-day010-offline-apk-security-analyzer/💻 GitHub Repo: https://github.com/mr-dinesh/Offline-APK-Analyzer
#VibeCoding #AppSec #AndroidSecurity #MobileSecurity #Python #Flask #DFIR #InfoSec #ReverseEngineering #CyberSecurity
-
Day 10 of #100VibeProjects 🔍
Built a local web tool that does static security analysis of Android APKs — upload an APK and get a report covering permissions, hardcoded secrets, SDK fingerprinting, cert pinning, and crypto posture.
The interesting part: the methodology came from reverse-engineering the WhiteHouse app teardown that went viral last week. Applied the same five-gate analysis framework to a real banking app.
Found an expired certificate pin (silently disables TLS pinning for all users), a session replay SDK with no confirmed masking rules, and four Adobe tracking SDKs doing cross-device user stitching.
The tool runs entirely locally. No data leaves your machine. APK deleted after analysis.
Stack: Python · Flask · androguard · 380 lines
📝 Blog: mrdee.in
https://mrdee.in/writing/vibecoding-day010-offline-apk-security-analyzer/💻 GitHub Repo: https://github.com/mr-dinesh/Offline-APK-Analyzer
#VibeCoding #AppSec #AndroidSecurity #MobileSecurity #Python #Flask #DFIR #InfoSec #ReverseEngineering #CyberSecurity
-
Day 10 of #100VibeProjects 🔍
Built a local web tool that does static security analysis of Android APKs — upload an APK and get a report covering permissions, hardcoded secrets, SDK fingerprinting, cert pinning, and crypto posture.
The interesting part: the methodology came from reverse-engineering the WhiteHouse app teardown that went viral last week. Applied the same five-gate analysis framework to a real banking app.
Found an expired certificate pin (silently disables TLS pinning for all users), a session replay SDK with no confirmed masking rules, and four Adobe tracking SDKs doing cross-device user stitching.
The tool runs entirely locally. No data leaves your machine. APK deleted after analysis.
Stack: Python · Flask · androguard · 380 lines
📝 Blog: mrdee.in
https://mrdee.in/writing/vibecoding-day010-offline-apk-security-analyzer/💻 GitHub Repo: https://github.com/mr-dinesh/Offline-APK-Analyzer
#VibeCoding #AppSec #AndroidSecurity #MobileSecurity #Python #Flask #DFIR #InfoSec #ReverseEngineering #CyberSecurity
-
Google clamps down on Android developers with mandatory verification
https://fed.brid.gy/r/https://nerds.xyz/2026/03/android-developer-verification/
-
This article more eloquently phrases how I feel about the new #android #sideloading rules: https://www.androidauthority.com/i-dont-recognize-android-i-fell-in-love-with-3650462/ I pretty much agree with everything that this journalist is saying.
The new rules might cause some friction -- but they generally make Android safer for everyone.
And that's always a good thing.