#androidsecurity — Public Fediverse posts

Google Bolsters Android Security to Counter Spyware Vendors

Google's new Intrusion Logging feature is a game-changer in the fight against spyware, helping digital forensics researchers uncover sophisticated attacks on Android devices. By recording security incidents like device unlocking and spyware installation, it provides crucial evidence to investigate and take down these threats.

https://osintsights.com/google-bolsters-android-security-to-counter-spyware-vendors?utm_source=mastodon&utm_medium=social

#AndroidSecurity #Spyware #IntrusionLogging #DigitalForensics #AdvancedProtectionMode

Google reveals Pixel 10 modem firmware now uses Rust to reduce baseband security risks

https://fed.brid.gy/r/https://nerds.xyz/2026/04/pixel-10-rust-baseband/

Google reveals Pixel 10 modem firmware now uses Rust to reduce baseband security risks

https://fed.brid.gy/r/https://nerds.xyz/2026/04/pixel-10-rust-baseband/

Day 10 of #100VibeProjects 🔍

Built a local web tool that does static security analysis of Android APKs — upload an APK and get a report covering permissions, hardcoded secrets, SDK fingerprinting, cert pinning, and crypto posture.

The interesting part: the methodology came from reverse-engineering the WhiteHouse app teardown that went viral last week. Applied the same five-gate analysis framework to a real banking app.

Found an expired certificate pin (silently disables TLS pinning for all users), a session replay SDK with no confirmed masking rules, and four Adobe tracking SDKs doing cross-device user stitching.

The tool runs entirely locally. No data leaves your machine. APK deleted after analysis.

Stack: Python · Flask · androguard · 380 lines

📝 Blog: mrdee.in
https://mrdee.in/writing/vibecoding-day010-offline-apk-security-analyzer/

💻 GitHub Repo: https://github.com/mr-dinesh/Offline-APK-Analyzer

#VibeCoding #AppSec #AndroidSecurity #MobileSecurity #Python #Flask #DFIR #InfoSec #ReverseEngineering #CyberSecurity

Google clamps down on Android developers with mandatory verification

https://fed.brid.gy/r/https://nerds.xyz/2026/03/android-developer-verification/

Signal vs Wire — binary analysis of both APKs (apktool, strings, ELF inspection).

The gap is larger than most people think:

Signal: Rust core (libsignal_jni.so), Kyber-1024 post-quantum hybrid ratchet, SQLCipher for at-rest encryption, SVR with Intel SGX attestation, IME_FLAG_NO_PERSONALIZED_LEARNING (keyboard can't index your messages), zero third-party trackers.

Wire: Kotlin/Ktor, no hardened native core (more accessible to Frida), no SQLCipher (messages extractable in plaintext on rooted devices), no post-quantum, Segment SDK for behavioural telemetry.

But the finding that surprised me most:

Wire APKs from unofficial stores (Uptodown et al.) contain additional tracking workers and ACCESS_SUPERUSER permission requests not present in the official build. Supply chain integrity is not a footnote — it's the threat model.

Conclusion: Signal is the only one of the two suitable for threat models involving physical or administrative device compromise.

soon the full paper

#infosec #AndroidSecurity #Signal #Wire #ReverseEngineering #mobileforensics #supplychain #MASA

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

🔐 Introducing frida-ui

A lightweight, web-based user interface built for Frida - designed to make Android application penetration testing more intuitive and efficient.

📦 Easy to get started:
> uv tool install frida-ui
> frida-ui

Check it out on GitHub - https://github.com/adityatelange/frida-ui

Available on PyPI: https://pypi.org/project/frida-ui

#AndroidSecurity #infosec #Frida #SecurityTools #OpenSource

Privacium spotlights privacy-friendly tools for Android users 🔒🌐 Discover open-source, ad-free guidance based on PrivacyGuides criteria. 🚀✨ Check it out on IzzyOnDroid: https://apt.izzysoft.de/fdroid/index/apk/com.kaleedtc.privacium #PrivacyFirst #OpenSource #PrivacyTools #AndroidSecurity

Oh, look! Another tech messiah has arrived, and it's called #GrapheneOS. 🎉 The only Android OS that keeps you safe from... well, everything but boring Mastodon updates and JavaScript woes. 🙄 Go ahead, enable JavaScript, and feel your IQ drop. 📉
https://grapheneos.social/@GrapheneOS/115647408229616018 #TechMessiah #AndroidSecurity #SafeBrowsing #JavaScriptWoes #HackerNews #ngated

Rust continues to reshape Android’s security posture.

Google reports memory-safety bugs are now under 20%, backed by:
• 1000× reduction in memory-safety bug density vs C/C++
• 4× fewer rollbacks
• Faster reviews + fewer revisions
• Rust moving deeper into kernel, firmware & Android’s security-sensitive apps
A recent “near-miss” RCE (CVE-2025-48530) in unsafe Rust was mitigated by Scudo before reaching public release.

Thoughts from the AppSec community?
Follow @technadu for more unbiased cybersecurity reporting.

#RustLang #MemorySafety #AndroidSecurity #AppSec #InfoSec #DevSecOps #SecureCoding #TechNadu

North Korean hackers are using Google’s own tools to remotely wipe Android devices and hijack messaging apps. Think your account is safe? Dive into how a single breach can trigger a digital meltdown.

https://thedefendopsdiaries.com/konni-activity-cluster-north-korean-apts-exploit-google-find-hub-for-advanced-cyber-espionage/

#konni
#apt37
#cyberespionage
#androidsecurity
#googlefindhub
#malware
#northkorea
#spearphishing
#infosec

A single image on WhatsApp turned a Samsung Galaxy into a hacker’s playground—no click needed. How did this zero-day flaw let attackers spy on your phone? Find out the details behind the stealthy exploit.

https://thedefendopsdiaries.com/samsung-zero-day-cve-2025-21042-how-a-malicious-image-file-compromised-galaxy-devices/

#samsung
#zeroday
#androidsecurity
#cve202521042
#spyware
#cyberespionage
#patchmanagement
#mobilevulnerabilities
#cisa

Over 760 Android apps are disguising themselves as trusted banking services to hijack your contactless payments using NFC relay malware. Could your mobile be the next target?

https://thedefendopsdiaries.com/nfc-relay-malware-surge-in-europe-how-sophisticated-attacks-are-targeting-android-users/

#nfcrelaymalware
#androidsecurity
#contactlesspayments
#cybercrime
#mobilemalware

Google is ramping up Android security—every app developer now needs to verify their identity. Could this be the breakthrough to finally shut down malware? Dive in to see how this move might make your phone safer.

https://thedefendopsdiaries.com/googles-developer-verification-initiative-enhancing-android-security/

#androidsecurity
#googleplay
#developerverification
#malwareprotection
#appsecurity

🚨 New Android malware poses as a Russian FSB antivirus tool, targeting Russian business execs! It spies via mic, camera, keylogging & exfiltrates data from popular apps. Beware fake security apps! 🔍📱🕵️‍♂️ #MalwareAlert #AndroidSecurity #CyberEspionage #FSB #InfoSec https://www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/
#newz

The Android Phone: Three OPSEC Levels to Disappear Into the Shadows
#OPSEC #Android #Privacy #Cybersecurity #OperationalSecurity #DeadSwitch #PhoneSecurity #PrivacyTools #AndroidSecurity #Encryption #SecurePhone #PrivacySettings #GhostMode #MobileSecurity #DigitalAnonymity #StealthTech #TechPrivacy #PrivacyMatters #SecureYourTech

http://tomsitcafe.com/2025/04/15/the-android-phone-three-opsec-levels-to-disappear-into-the-shadows/

How we kept the Google Play & Android app ecosystems safe in 2024 – Source:security.googleblog.com https://ciso2ciso.com/how-we-kept-the-google-play-android-app-ecosystems-safe-in-2024-sourcesecurity-googleblog-com/ #GoogleOnlineSecurityBlogRSSFeed #GoogleOnlineSecurityBlog #rssfeedpostgeneratorecho #1CyberSecurityNewsPost #rssfeedsAutogenerated #GoogleSecurityBlog #CyberSecurityNews #googleplayprotect #androidsecurity #googleplay #android

How we fought bad apps and bad actors in 2023 – Source:security.googleblog.com https://ciso2ciso.com/how-we-fought-bad-apps-and-bad-actors-in-2023-sourcesecurity-googleblog-com/ #GoogleOnlineSecurityBlogRSSFeed #GoogleOnlineSecurityBlog #rssfeedpostgeneratorecho #1CyberSecurityNewsPost #rssfeedsAutogenerated #GoogleSecurityBlog #CyberSecurityNews #googleplayprotect #androidsecurity #googleplay #android

#Hackers believed to be linked to an Indian #APT group known as #Bahamut, are using a fake #Android app called "SafeChat" to infect unsuspecting victims with #spyware that can steal a wide range of data from the phone like call logs, text, GPS coordinates and more.

It is also believed that this spyware is a variant of #Coverlm which can steal data from #Telegram, #Signal, #WhatsApp, #Viber, and #Facebook Messenger.

#infosec #cybersecurity #AndroidSecurity #appsecurity #malware

https://www.bleepingcomputer.com/news/security/hackers-steal-signal-whatsapp-user-data-with-fake-android-chat-app/