#android-security — Public Fediverse posts

Ein Konfigurationsfehler legt die komplette .de-Zone lahm. Drei Linux-Kernel-Exploits zielen auf dasselbe Angriffsmuster. Und Daniel Stenberg beschreibt, wie KI-generierte Bug-Reports curl gleichzeitig besser und anstrengender machen.
 
Unser aktueller Security Digest ordnet ein, was die letzten Wochen wirklich relevant war:
🔐 Copy Fail, Dirty Frag, Dirty Pipe: Local Privilege Escalation bleibt eine der häufigsten Schwachstellenklassen im Linux-Kernel. Unser Take: SELinux ist kein Nice-to-have, sondern die wirksamste Gegenmaßnahme. Nicht-privilegierte Accounts sollten nicht unter unconfined_u laufen. Punkt.
🌐 DNSSEC-Ausfall der .de-Zone: Ein Signierfehler bei der DENIC hat am 05.05. gezeigt, wie fragil zentralisierte DNS-Infrastruktur sein kann.
🤖 KI und Open Source: curl erlebt nach der AI-Slop-Welle jetzt hochwertige Meldungen. Gleichzeitig steigt die Last für Maintainerinnen und Maintainer massiv.
📱 Android Intrusion Logging: Google liefert mit dem Advanced Protection Mode endlich eine echte Datenquelle für mobile Forensik. Wir empfehlen die Aktivierung für exponierte Personen und Organisationen mit erhöhtem Schutzbedarf.
 
Das Security-Modell aus dem Mobilbereich wird zunehmend zum Vorbild für Desktop und Server. Wer heute noch ohne Mandatory Access Control arbeitet, liefert eine Angriffsfläche, die sich mit wenigen Konfigurationsschritten deutlich reduzieren ließe. Den vollständigen Digest mit allen Quellen und unserer Einordnung finden Sie hier: https://research.hisolutions.com/2026/05/
 
Wie gehen Sie in Ihrer Organisation mit SELinux um? Und nutzt jemand von Ihnen bereits Android Intrusion Logging in der Vorfallsbehandlung?
 
#Cybersecurity #SELinux #DNSSEC #AndroidSecurity #OpenSource @brahms @jrt

Google reveals Pixel 10 modem firmware now uses Rust to reduce baseband security risks

https://fed.brid.gy/r/https://nerds.xyz/2026/04/pixel-10-rust-baseband/

Day 10 of #100VibeProjects 🔍

Built a local web tool that does static security analysis of Android APKs — upload an APK and get a report covering permissions, hardcoded secrets, SDK fingerprinting, cert pinning, and crypto posture.

The interesting part: the methodology came from reverse-engineering the WhiteHouse app teardown that went viral last week. Applied the same five-gate analysis framework to a real banking app.

Found an expired certificate pin (silently disables TLS pinning for all users), a session replay SDK with no confirmed masking rules, and four Adobe tracking SDKs doing cross-device user stitching.

The tool runs entirely locally. No data leaves your machine. APK deleted after analysis.

Stack: Python · Flask · androguard · 380 lines

📝 Blog: mrdee.in
https://mrdee.in/writing/vibecoding-day010-offline-apk-security-analyzer/

💻 GitHub Repo: https://github.com/mr-dinesh/Offline-APK-Analyzer

#VibeCoding #AppSec #AndroidSecurity #MobileSecurity #Python #Flask #DFIR #InfoSec #ReverseEngineering #CyberSecurity

Google clamps down on Android developers with mandatory verification

https://fed.brid.gy/r/https://nerds.xyz/2026/03/android-developer-verification/

This article more eloquently phrases how I feel about the new #android #sideloading rules: https://www.androidauthority.com/i-dont-recognize-android-i-fell-in-love-with-3650462/ I pretty much agree with everything that this journalist is saying.

The new rules might cause some friction -- but they generally make Android safer for everyone.

And that's always a good thing.

#googleandroid #androidsecurity

Android sideloading is getting a new speed bump: Google will require a 24-hour wait before installing apps from unverified developers, a move supposedly meant to make malware and scam-driven installs harder to pull off.

https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html

#AndroidSecurity #Cybersecurity #Malware #MobileSecurity #Google

Areizen présente «Reverse Engineering Android - Part II» (ENSIBS, 2019) — un must pour qui veut creuser le fonctionnement interne des apps Android ! Idéal pour devs & chercheurs en sécurité mobile. Slides et ressources incluses, à découvrir ! #ReverseEngineering #Android #AndroidSecurity #Sécurité #CyberSécurité #Hack2G2 #Areizen #French
https://videos.hack2g2.fr/videos/watch/989d8cb2-fb53-48b2-8b87-05c74ecaa601

Signal vs Wire — binary analysis of both APKs (apktool, strings, ELF inspection).

The gap is larger than most people think:

Signal: Rust core (libsignal_jni.so), Kyber-1024 post-quantum hybrid ratchet, SQLCipher for at-rest encryption, SVR with Intel SGX attestation, IME_FLAG_NO_PERSONALIZED_LEARNING (keyboard can't index your messages), zero third-party trackers.

Wire: Kotlin/Ktor, no hardened native core (more accessible to Frida), no SQLCipher (messages extractable in plaintext on rooted devices), no post-quantum, Segment SDK for behavioural telemetry.

But the finding that surprised me most:

Wire APKs from unofficial stores (Uptodown et al.) contain additional tracking workers and ACCESS_SUPERUSER permission requests not present in the official build. Supply chain integrity is not a footnote — it's the threat model.

Conclusion: Signal is the only one of the two suitable for threat models involving physical or administrative device compromise.

soon the full paper

#infosec #AndroidSecurity #Signal #Wire #ReverseEngineering #mobileforensics #supplychain #MASA

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

Android 17 is tightening Accessibility API access to stop malware from abusing system permissions.

The update integrates with Advanced Protection Mode to reduce privilege escalation and limit sensitive data access.

https://www.technadu.com/android-17-restricts-accessibility-api-to-prevent-malware-from-requesting-excessive-permissions/623574/

#AndroidSecurity #Infosec #MobileSecurity

🚨 Your Android Phone Can Turn Into a Cybersecurity Lab… 📱🐉

Most people think penetration testing requires a powerful computer.
But tools like ANDRAX-NG are changing that.

The new ANDRAX-NG v1002 pre-stable update brings improvements that turn your Android device into a portable security testing environment.

⚡ In this reel you’ll see:

📱 A mobile pentesting platform running on Android
⚔️ Powerful cybersecurity tools in your pocket
🚀 A preview of the new ANDRAX-NG update

Your smartphone can become a portable hacking lab for learning cybersecurity.

⚠️ Demonstration for educational and authorized security research only.

👉 Don’t comment yet
🔁 Share this reel first to support my work
💬 Then comment ANDRAX and tell me what you want to see next

#CyberSecurity #EthicalHacking #AndroidSecurity #Pentesting #Infosec

Motorola partners with GrapheneOS to bring hardened Android—packed with elite privacy & security—to upcoming devices! 🔒📱 Announced at MWC 2026, expanding beyond Pixels. Future arrives 2027. https://cyberinsider.com/motorola-partners-with-grapheneos-to-bring-hardened-android-to-devices/ #GrapheneOS #Motorola #PrivacyMatters #AndroidSecurity
:awesome: ✨ 💫

RedAlert Trojan spreads via SMS spoofing in Israel.
Fake emergency APK harvests GPS, contacts & SMS.
Uses proxy hooks & reflection to evade Android checks.
Enforce MDM. Block sideloading.
Full report:
https://www.technadu.com/redalert-trojan-campaign-disseminates-fake-emergency-app-targeting-israel-via-sms-spoofing-steals-contacts-gps-data/622048/

#InfoSec #AndroidSecurity #MobileThreats

Xiaomi Rolls Out February 2026 Security Update for HyperOS Devices

Xiaomi has started pushing the February 2026 Android security patch to several HyperOS devices, including Xiaomi, Redmi, and POCO smartphones worldwide.

#mymobprice #XiaomiUpdate #HyperOS #AndroidSecurity #TechNews #XiaomiDevices

https://mymobprice.com/blog/article/xiaomi-rolls-out-february-2026-security-update-for-hyperos-devices-b2579

🔐 Introducing frida-ui

A lightweight, web-based user interface built for Frida - designed to make Android application penetration testing more intuitive and efficient.

📦 Easy to get started:
> uv tool install frida-ui
> frida-ui

Check it out on GitHub - https://github.com/adityatelange/frida-ui

Available on PyPI: https://pypi.org/project/frida-ui

#AndroidSecurity #infosec #Frida #SecurityTools #OpenSource

Privacium spotlights privacy-friendly tools for Android users 🔒🌐 Discover open-source, ad-free guidance based on PrivacyGuides criteria. 🚀✨ Check it out on IzzyOnDroid: https://apt.izzysoft.de/fdroid/index/apk/com.kaleedtc.privacium #PrivacyFirst #OpenSource #PrivacyTools #AndroidSecurity

Oh, look! Another tech messiah has arrived, and it's called #GrapheneOS. 🎉 The only Android OS that keeps you safe from... well, everything but boring Mastodon updates and JavaScript woes. 🙄 Go ahead, enable JavaScript, and feel your IQ drop. 📉
https://grapheneos.social/@GrapheneOS/115647408229616018 #TechMessiah #AndroidSecurity #SafeBrowsing #JavaScriptWoes #HackerNews #ngated

Android app testers and security engineers spend a lot of time dealing with Activities. The attack surface may look small, but a poorly configured Activities can expose data or let other apps do things they shouldn't. In this blog post, David Lodge explains how exported and debug Activities, weak WebView settings, and missing window security flags can pose security concerns.

📌 https://www.pentestpartners.com/security-blog/android-activities-101/

#androidsecurity #cybersecurity #appsec #mobile #pentesting #infosec #securitytesting

Buenos días!
Hoy me he enterado de la existencia de grapheneOS, y cual ha sido mi decepción al ver que solo soporta teléfonos Pixel.

Conocéis alguna alternativa similar para el resto de dispositivos?
---------

Hi folks!
Do you know a privacy-focused alternative to grapheneOS which can be installed on modern non Pixel devices?

---------

#Privacidad #Privacy #Android #DeGoogle #GrapheneOS #OpenSource #FOSS #AndroidSecurity #CustomROM

New Android Trojan Sturnus: Your Encrypted Chats Aren't Safe

A recent discovery reveals a new banking trojan, Sturnus, that can bypass even encrypted messaging on Android devices. This means your private conversations are not secure.

The implications are alarming: Sturnus can capture and exploit your encrypted chats, leading to identity theft, financial loss, and more. Your device security is compromised when you're vulnerable to such attacks.

How do you protect yourself? Are you using a reputable antivirus software? Have you enabled two-factor authentication on all your accounts?

Stay vigilant and stay secure. Share this with someone who needs to know the importance of robust device security. #AndroidSecurity #CyberPrivacyMatters

#Ransomware #Cybersecurity #RedTeam

Read more: https://short.steelefortress.com/b8z9c1