#android-security — Public Fediverse posts

The feature can automatically detect and block malicious websites, suspicious calls, phishing attempts and other harmful activities. https://english.mathrubhumi.com/lifestyle/how-to/how-to-enable-advanced-protection-on-android-16-jjga157g?utm_source=dlvr.it&utm_medium=mastodon #HowTo #AndroidUpdate #Google #AndroidSecurity

Fileless RCE on stock Android (~2.5B devices). Reported to Google VRP, confirmed by their own engineering team, closed as NSBC anyway.

Full writeup:
https://www.researchgate.net/publication/407433163_Fileless_Code_Execution_via_Semantic_Gap_in_Android_WebView_Bridge_Architecture_A_Case_Study_in_Platform_Security_Boundary_Ambiguity

#AndroidSecurity #infosec #Android #MobileSecurity #VulnerabilityResearch #RCE #BugBounty #VRP #ResponsibleDisclosure #AppSec #ThreatIntel #WebView #ZeroDay #CVE

🔥 Learn Android #hacking from practitioners who do it for a living.

2 days. Hands-on: Frida, reverse engineering, pinning & root detection bypasses, CTFs, and real-world attacks.

🎟️ Code: DCTLV26SAVE10 for 10% OFF (first 10)
👉https://training.defcon.org/products/hacking-android-apps-by-example-abraham-aranguren-abhishek-j-m-anirudh-anand-dctlv2026

#DEFCON #AndroidSecurity

El parche de seguridad de Samsung de junio 2026 corrige 45 vulnerabilidades

La actualización incluye 33 correcciones de Google —cinco críticas y 28 de alta severidad— y 12 fixes propios de Samsung que afectan componentes como Samsung Account, Samsung Cloud, Smart Suggestions y Theme Manager. El despliegue comenzará en Corea del Sur y se extenderá en días al resto del mundo (Fuente Sammobile).

Samsung detalló su actualización de seguridad Android para junio de 2026, y el número habla por sí solo. El parche aborda un total de 45 vulnerabilidades de seguridad en dispositivos Galaxy, incluyendo 33 correcciones de Google para problemas a nivel Android —cinco calificadas como críticas y 28 como de alta severidad— y 12 correcciones específicas de Samsung que cubren componentes como Samsung Account, Samsung Cloud, Smart Suggestions, Theme Manager, Settings y otros servicios de One UI.

En el detalle técnico, 11 de los fixes son provistos por Samsung MX y uno por la división de semiconductores Samsung Exynos, que corrige una vulnerabilidad en el controlador DRM HDR. La mayoría de las correcciones propias de Samsung afectan dispositivos con Android 14, Android 15 y Android 16.

Vale la pena destacar un dato adicional: este parche de seguridad está incluido también en la actualización beta de One UI 9.0 lanzada para el Galaxy S26, por lo que los usuarios del programa de pruebas ya lo tienen disponible.

En cuanto al despliegue, la actualización aún no está llegando a los dispositivos al momento de publicación de este artículo, pero se espera que el rollout comience pronto, muy probablemente iniciando en Corea del Sur. Las actualizaciones de Samsung suelen expandirse a otros mercados en cuestión de días, por lo que la espera no debería ser prolongada. Los dispositivos más nuevos recibirán la actualización primero, aunque esto no es una regla fija.

Google Gemini on Android Exposed to Notification-Based Hijacking

Researchers have uncovered a vulnerability in Google Gemini on Android that allows hackers to hijack the assistant using a single hostile notification, no malicious app required. This shocking exploit lets anyone able to push a notification to a device deliver a payload and take control.

https://osintsights.com/google-gemini-on-android-exposed-to-notification-based-hijacking?utm_source=mastodon&utm_medium=social

#AndroidSecurity #GoogleGemini #NotificationbasedHijacking #EmergingThreats #MobileSecurity

Google Bolsters Android Defenses Against AI-Powered Scam Calls

Google's new fake call detection feature sends a silent signal to verify the caller, instantly warning you if a scammer tries to impersonate someone you know. If the signal is missing, your device double-checks with the caller's actual phone to keep you safe.

https://osintsights.com/google-bolsters-android-defenses-against-ai-powered-scam-calls?utm_source=mastodon&utm_medium=social

#AipoweredScamCalls #FakeCallDetection #AndroidSecurity #Google #EmergingThreats

Google Patches Actively Exploited Android Flaw Amid June Update

Google just dropped a crucial security update for Android, fixing 124 vulnerabilities, including a high-severity flaw that's being actively exploited - don't wait, patch up your device now! This critical fix tackles a privilege escalation bug that can be triggered without any user interaction, putting your data at risk.

https://osintsights.com/google-patches-actively-exploited-android-flaw-amid-june-update?utm_source=mastodon&utm_medium=social

#AndroidSecurity #Cve202548595 #Google #EmergingThreats #PrivilegeEscalation

Network Monitoring with Termux

In this article, I cover practical network monitoring with Termux, packet capture workflows for cybersecurity

https://denizhalil.com/2025/06/16/termux-network-monitoring-android-guide/

#CyberSecurity #Termux #AndroidSecurity #NetworkMonitoring #NetworkSecurity #Linux #tcpdump

Network Monitoring with Termux

In this article, I cover practical network monitoring with Termux, packet capture workflows for cybersecurity

https://denizhalil.com/2025/06/16/termux-network-monitoring-android-guide/

#CyberSecurity #Termux #AndroidSecurity #NetworkMonitoring #NetworkSecurity #Linux #tcpdump

Ein Konfigurationsfehler legt die komplette .de-Zone lahm. Drei Linux-Kernel-Exploits zielen auf dasselbe Angriffsmuster. Und Daniel Stenberg beschreibt, wie KI-generierte Bug-Reports curl gleichzeitig besser und anstrengender machen.
 
Unser aktueller Security Digest ordnet ein, was die letzten Wochen wirklich relevant war:
🔐 Copy Fail, Dirty Frag, Dirty Pipe: Local Privilege Escalation bleibt eine der häufigsten Schwachstellenklassen im Linux-Kernel. Unser Take: SELinux ist kein Nice-to-have, sondern die wirksamste Gegenmaßnahme. Nicht-privilegierte Accounts sollten nicht unter unconfined_u laufen. Punkt.
🌐 DNSSEC-Ausfall der .de-Zone: Ein Signierfehler bei der DENIC hat am 05.05. gezeigt, wie fragil zentralisierte DNS-Infrastruktur sein kann.
🤖 KI und Open Source: curl erlebt nach der AI-Slop-Welle jetzt hochwertige Meldungen. Gleichzeitig steigt die Last für Maintainerinnen und Maintainer massiv.
📱 Android Intrusion Logging: Google liefert mit dem Advanced Protection Mode endlich eine echte Datenquelle für mobile Forensik. Wir empfehlen die Aktivierung für exponierte Personen und Organisationen mit erhöhtem Schutzbedarf.
 
Das Security-Modell aus dem Mobilbereich wird zunehmend zum Vorbild für Desktop und Server. Wer heute noch ohne Mandatory Access Control arbeitet, liefert eine Angriffsfläche, die sich mit wenigen Konfigurationsschritten deutlich reduzieren ließe. Den vollständigen Digest mit allen Quellen und unserer Einordnung finden Sie hier: https://research.hisolutions.com/2026/05/
 
Wie gehen Sie in Ihrer Organisation mit SELinux um? Und nutzt jemand von Ihnen bereits Android Intrusion Logging in der Vorfallsbehandlung?
 
#Cybersecurity #SELinux #DNSSEC #AndroidSecurity #OpenSource @brahms @jrt

Google Bolsters Android Security to Counter Spyware Vendors

Google's new Intrusion Logging feature is a game-changer in the fight against spyware, helping digital forensics researchers uncover sophisticated attacks on Android devices. By recording security incidents like device unlocking and spyware installation, it provides crucial evidence to investigate and take down these threats.

https://osintsights.com/google-bolsters-android-security-to-counter-spyware-vendors?utm_source=mastodon&utm_medium=social

#AndroidSecurity #Spyware #IntrusionLogging #DigitalForensics #AdvancedProtectionMode

🎯 Google mette in palio $1,5 Milioni per bucare Android! Prova a superare la sfida. #HackerChallenge #AndroidSecurity ⚔️💰

🔗 https://www.tomshw.it/smartphone/google-android-premi-exploit

Google Fortifies Ad Ecosystem, Cracks Down on 8.3B Policy-Violating Ads

Google is taking a giant leap in protecting user privacy and cracking down on fraud, having blocked over 8.3 billion ads and suspended 24.9 million accounts in a single year. This bold move is part of a broader effort to reshape how apps handle sensitive data, with a focus on transparency and security.

https://osintsights.com/google-fortifies-ad-ecosystem-cracks-down-on-83b-policy-violating-ads?utm_source=mastodon&utm_medium=social

#AdEcosystem #OnlineAdvertising #PolicyEnforcement #PrivacyUpdates #AndroidSecurity

Mirax Android RAT:
• 220K users via Meta ads
• Full RAT + SOCKS5 proxy
• Residential IP abuse
• Multi-stage evasion
Devices now double as infra.

💬 Detection strategies?

Source: https://thehackernews.com/2026/04/mirax-android-rat-turns-devices-into.html

🔁 Share
🔔 Follow @technadu

#Infosec #AndroidSecurity #ThreatIntel

Google reveals Pixel 10 modem firmware now uses Rust to reduce baseband security risks

https://fed.brid.gy/r/https://nerds.xyz/2026/04/pixel-10-rust-baseband/

EngageLab SDK Flaw Compromises 50M Android Users

A security flaw in the EngageLab SDK has put a whopping 50 million Android users at risk, allowing apps on the same device to bypass Android's security sandbox and gain unauthorized access to sensitive information. This vulnerability, now patched, exposed cryptocurrency wallet users and others to potential data breaches.

https://osintsights.com/engagelab-sdk-flaw-compromises-50m-android-users?utm_source=mastodon&utm_medium=social

#EngagelabSdk #AndroidSecurity #MobileSecurity #ThirdpartySdkVulnerability #EmergingThreats

I would strongly encourage everyone who has a Google account to enable Advanced Protection via Google's #AdvancedProtectionProgram https://google.com/advancedprotection and if you have an #AndroidPhone, you should also enable enable Advanced Protection on your device as well.

On Pixel Devices:
-> Settings
-> Security and Privacy
-> Advanced Protection

And turn it on.

This gives you Google's highest level of protection for your device and account.

#GoogleSecurity #androidsecurity #securityforeveryone

:D

Android malware advisory
WhatsApp droppers, Accessibility abuse
Full device takeover
OTP theft, overlays, persistence

Source: https://i4c.mha.gov.in/theme/resources/advisories/ADVISORY%20TAU-ADV-012-%20Android%20GOD%20Mode%20Advisory.pdf

👉 Audit permissions
🔔 Follow TechNadu

#Infosec #AndroidSecurity #CyberSecurity

Day 10 of #100VibeProjects 🔍

Built a local web tool that does static security analysis of Android APKs — upload an APK and get a report covering permissions, hardcoded secrets, SDK fingerprinting, cert pinning, and crypto posture.

The interesting part: the methodology came from reverse-engineering the WhiteHouse app teardown that went viral last week. Applied the same five-gate analysis framework to a real banking app.

Found an expired certificate pin (silently disables TLS pinning for all users), a session replay SDK with no confirmed masking rules, and four Adobe tracking SDKs doing cross-device user stitching.

The tool runs entirely locally. No data leaves your machine. APK deleted after analysis.

Stack: Python · Flask · androguard · 380 lines

📝 Blog: mrdee.in
https://mrdee.in/writing/vibecoding-day010-offline-apk-security-analyzer/

💻 GitHub Repo: https://github.com/mr-dinesh/Offline-APK-Analyzer

#VibeCoding #AppSec #AndroidSecurity #MobileSecurity #Python #Flask #DFIR #InfoSec #ReverseEngineering #CyberSecurity

Day 10 of #100VibeProjects 🔍

Built a local web tool that does static security analysis of Android APKs — upload an APK and get a report covering permissions, hardcoded secrets, SDK fingerprinting, cert pinning, and crypto posture.

The interesting part: the methodology came from reverse-engineering the WhiteHouse app teardown that went viral last week. Applied the same five-gate analysis framework to a real banking app.

Found an expired certificate pin (silently disables TLS pinning for all users), a session replay SDK with no confirmed masking rules, and four Adobe tracking SDKs doing cross-device user stitching.

The tool runs entirely locally. No data leaves your machine. APK deleted after analysis.

Stack: Python · Flask · androguard · 380 lines

📝 Blog: mrdee.in
https://mrdee.in/writing/vibecoding-day010-offline-apk-security-analyzer/

💻 GitHub Repo: https://github.com/mr-dinesh/Offline-APK-Analyzer

#VibeCoding #AppSec #AndroidSecurity #MobileSecurity #Python #Flask #DFIR #InfoSec #ReverseEngineering #CyberSecurity

Google clamps down on Android developers with mandatory verification

https://fed.brid.gy/r/https://nerds.xyz/2026/03/android-developer-verification/

This article more eloquently phrases how I feel about the new #android #sideloading rules: https://www.androidauthority.com/i-dont-recognize-android-i-fell-in-love-with-3650462/ I pretty much agree with everything that this journalist is saying.

The new rules might cause some friction -- but they generally make Android safer for everyone.

And that's always a good thing.

#googleandroid #androidsecurity

This article more eloquently phrases how I feel about the new #android #sideloading rules: https://www.androidauthority.com/i-dont-recognize-android-i-fell-in-love-with-3650462/ I pretty much agree with everything that this journalist is saying.

The new rules might cause some friction -- but they generally make Android safer for everyone.

And that's always a good thing.

#googleandroid #androidsecurity

Android sideloading is getting a new speed bump: Google will require a 24-hour wait before installing apps from unverified developers, a move supposedly meant to make malware and scam-driven installs harder to pull off.

https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html

#AndroidSecurity #Cybersecurity #Malware #MobileSecurity #Google

Android sideloading is getting a new speed bump: Google will require a 24-hour wait before installing apps from unverified developers, a move supposedly meant to make malware and scam-driven installs harder to pull off.

https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html

#AndroidSecurity #Cybersecurity #Malware #MobileSecurity #Google

Perseus Android trojan scans notes for crypto seeds & enables full device takeover via Accessibility abuse.

Advanced evasion marks next-gen mobile threats.

https://www.technadu.com/perseus-malware-based-on-phoenix-and-cerberus-predecessors-initiates-android-device-takeovers-targets-users-personal-notes/623847/

#Infosec #AndroidSecurity #ThreatIntel

Areizen présente «Reverse Engineering Android - Part II» (ENSIBS, 2019) — un must pour qui veut creuser le fonctionnement interne des apps Android ! Idéal pour devs & chercheurs en sécurité mobile. Slides et ressources incluses, à découvrir ! #ReverseEngineering #Android #AndroidSecurity #Sécurité #CyberSécurité #Hack2G2 #Areizen #French
https://videos.hack2g2.fr/videos/watch/989d8cb2-fb53-48b2-8b87-05c74ecaa601

Signal vs Wire — binary analysis of both APKs (apktool, strings, ELF inspection).

The gap is larger than most people think:

Signal: Rust core (libsignal_jni.so), Kyber-1024 post-quantum hybrid ratchet, SQLCipher for at-rest encryption, SVR with Intel SGX attestation, IME_FLAG_NO_PERSONALIZED_LEARNING (keyboard can't index your messages), zero third-party trackers.

Wire: Kotlin/Ktor, no hardened native core (more accessible to Frida), no SQLCipher (messages extractable in plaintext on rooted devices), no post-quantum, Segment SDK for behavioural telemetry.

But the finding that surprised me most:

Wire APKs from unofficial stores (Uptodown et al.) contain additional tracking workers and ACCESS_SUPERUSER permission requests not present in the official build. Supply chain integrity is not a footnote — it's the threat model.

Conclusion: Signal is the only one of the two suitable for threat models involving physical or administrative device compromise.

soon the full paper

#infosec #AndroidSecurity #Signal #Wire #ReverseEngineering #mobileforensics #supplychain #MASA

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

Android 17 is tightening Accessibility API access to stop malware from abusing system permissions.

The update integrates with Advanced Protection Mode to reduce privilege escalation and limit sensitive data access.

https://www.technadu.com/android-17-restricts-accessibility-api-to-prevent-malware-from-requesting-excessive-permissions/623574/

#AndroidSecurity #Infosec #MobileSecurity

Android 17 is tightening Accessibility API access to stop malware from abusing system permissions.

The update integrates with Advanced Protection Mode to reduce privilege escalation and limit sensitive data access.

https://www.technadu.com/android-17-restricts-accessibility-api-to-prevent-malware-from-requesting-excessive-permissions/623574/

#AndroidSecurity #Infosec #MobileSecurity

🔒 L'attesa è finita! Scopri i migliori VPN Android dal nostro ultimo aggiornamento di marzo 2026: sicurezza & velocità garantite! #MiglioriVPN #AndroidSecurity

🔗 https://www.tomshw.it/hardware/migliori-vpn-per-android

⚠️ Android threat landscape evolving.
Researchers discovered new malware families targeting banking apps and crypto wallets:
PixRevolution, BeatBanker, TaxiSpy RAT, Mirax, Oblivion RAT, SURXRAT.

Capabilities include:
• Real-time payment hijacking
• Overlay attacks
• Remote device control
• AI experimentation in malware samples

Source: https://thehackernews.com/2026/03/six-android-malware-families-target-pix.html

Follow TechNadu for more cybersecurity threat intelligence updates.

#InfoSec #AndroidSecurity #MalwareResearch #CyberThreats

🚨 Your Android Phone Can Turn Into a Cybersecurity Lab… 📱🐉

Most people think penetration testing requires a powerful computer.
But tools like ANDRAX-NG are changing that.

The new ANDRAX-NG v1002 pre-stable update brings improvements that turn your Android device into a portable security testing environment.

⚡ In this reel you’ll see:

📱 A mobile pentesting platform running on Android
⚔️ Powerful cybersecurity tools in your pocket
🚀 A preview of the new ANDRAX-NG update

Your smartphone can become a portable hacking lab for learning cybersecurity.

⚠️ Demonstration for educational and authorized security research only.

👉 Don’t comment yet
🔁 Share this reel first to support my work
💬 Then comment ANDRAX and tell me what you want to see next

#CyberSecurity #EthicalHacking #AndroidSecurity #Pentesting #Infosec

🚨 Your Android Phone Can Turn Into a Cybersecurity Lab… 📱🐉

Most people think penetration testing requires a powerful computer.
But tools like ANDRAX-NG are changing that.

The new ANDRAX-NG v1002 pre-stable update brings improvements that turn your Android device into a portable security testing environment.

⚡ In this reel you’ll see:

📱 A mobile pentesting platform running on Android
⚔️ Powerful cybersecurity tools in your pocket
🚀 A preview of the new ANDRAX-NG update

Your smartphone can become a portable hacking lab for learning cybersecurity.

⚠️ Demonstration for educational and authorized security research only.

👉 Don’t comment yet
🔁 Share this reel first to support my work
💬 Then comment ANDRAX and tell me what you want to see next

#CyberSecurity #EthicalHacking #AndroidSecurity #Pentesting #Infosec

Motorola partners with GrapheneOS to bring hardened Android—packed with elite privacy & security—to upcoming devices! 🔒📱 Announced at MWC 2026, expanding beyond Pixels. Future arrives 2027. https://cyberinsider.com/motorola-partners-with-grapheneos-to-bring-hardened-android-to-devices/ #GrapheneOS #Motorola #PrivacyMatters #AndroidSecurity
:awesome: ✨ 💫

RedAlert Trojan spreads via SMS spoofing in Israel.
Fake emergency APK harvests GPS, contacts & SMS.
Uses proxy hooks & reflection to evade Android checks.
Enforce MDM. Block sideloading.
Full report:
https://www.technadu.com/redalert-trojan-campaign-disseminates-fake-emergency-app-targeting-israel-via-sms-spoofing-steals-contacts-gps-data/622048/

#InfoSec #AndroidSecurity #MobileThreats

Xiaomi Rolls Out February 2026 Security Update for HyperOS Devices

Xiaomi has started pushing the February 2026 Android security patch to several HyperOS devices, including Xiaomi, Redmi, and POCO smartphones worldwide.

#mymobprice #XiaomiUpdate #HyperOS #AndroidSecurity #TechNews #XiaomiDevices

https://mymobprice.com/blog/article/xiaomi-rolls-out-february-2026-security-update-for-hyperos-devices-b2579