#mobile-security — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #mobile-security, aggregated by home.social.
-
Stolen phones - and specifically iPhones - have robust anti-theft protections. They are worthless once they're flagged - locked to their owner. So why are millions still being stolen every year?
In this paper, we uncover a thriving underground marketplace focused on unlocking stolen phones. It is powered by:Lookalike domains impersonating Apple, Xiaomi, Samsung and other brands
Smishing campaigns targeting device owners
Pay‑as‑you‑go “unlocking” tools sold on Telegram
By pivoting on DNS data, we identified 10,000+ malicious domains and a growing ecosystem turning locked devices into profit at scale.👉 Read how this supply chain works—from theft to resale—and why it’s growing fast. https://www.infoblox.com/blog/threat-intelligence/lookalike-domains-expose-the-iphone-theft-economy/
#ThreatIntel #CyberSecurity #Phishing #MobileSecurity #iOS #Smishing #dns #threatintelligence #cybercrime #infosec #infoblox #infobloxthreatintel #threatintelligence #cybercrime #infosec #infoblox #infobloxthreatintel
-
Most people use their smartphones every day without realizing how risky some habits have become in 2026.
Here are 10 things you should stop doing on your phone right now 👇📱
https://techputs.com/things-you-should-stop-doing-on-your-phone-today/
#Technology #PhoneTips #MobileSecurity #PrivacyTips #CyberAwareness #DigitalLife #TechPuts
-
Most people think their phone data is safe until it’s too late. I just published a guide on common scenarios where you might lose your data and how to prevent it.
Read it here: https://blog.keepita.com/phone-data-safety-scenarios-prevent/
Got a scenario I missed? Drop a comment! If it’s good, I’ll add it to the article and credit you/your profile personally. Let’s build the ultimate safety guide together. 🤝
#DataSafety #CyberSecurity #iPhone #Samsung #Android #Keepita #TechTips #Privacy #Backup #MobileSecurity #Infosec
-
For the first time ever, OWASP MAScon hits OWASP Global AppSec EU 2026 in Vienna! Join top experts for cutting-edge mobile security talks, live demos & real-world insights.
🎟 Tickets: https://owasp.glueup.com/event/owasp-global-appsec-eu-2026-vienna-austria-162243/tickets.html
📖 Details: https://owaspglobalappseceuvienna20.sched.com/overview/type/MobileAppSecCon -
Your phone just became its own bodyguard.
AmnyX’s new Intruder Alert 📸
3 failed password attempts = instant email to you:
✓ Date & Time
✓ GPS Location
✓ IP Address
✓ Photo of the intruderBecause peace of mind should be automatic.
@AmnyX
#AmnyX #IntruderAlert #MobileSecurity #DataPrivacy #SmartSecurity #TechNews -
iOS 26.4.2 fixes an issue where deleted push notifications could remain in a local database, exposing data accessed via law-enforcement tools 🔐
Apple adds improved redaction; EFF flags risk in local/cloud notification handling; Signal welcomes patch, urges limiting notification content 🔐#TechNews #Apple #iOS #iPhone #Privacy #Security #FBI #Signal #EFF #PushNotifications #Encryption #Surveillance #DataProtection #MobileSecurity #CyberSecurity #Mobile #Smartphone
-
Quick thought experiment. Pull out your phone, look at your lock screen, and ask yourself who else is reading those notification previews. The answer is stranger than you think.
EFF just laid out what most people don't realize: push notifications usually route through Apple or Google servers before they hit your device, often with content visible in the clear. Then they get written to a local notification database that doesn't always get wiped when you swipe the alert away or even when you uninstall the app. 404 Media reported the FBI has pulled deleted Signal message text out of that database using standard forensic tools. Signal. The app you installed specifically because you didn't want this.
🔐 Apple and Google now require a court order for push notification data, but Apple's transparency report still shows hundreds of users handed over
📱 Lock screen previews are a free read for anyone who picks up your phone, including at a border crossing or traffic stop
🧹 Uninstalling an app does not guarantee its notification history goes with it, and we don't know what gets backed up to iCloud or Google
🛠️ Signal's notification setting "No Name or Content" is a 30-second fix that closes the easiest leakFor the security folks, this is a useful reminder that end-to-end encryption ends at the endpoint, and the endpoint includes a SQLite file most users have never heard of. For the executives, this is the reason your travel security policy for high-risk regions should say more than "use Signal." The default settings on a stock iPhone leak more than the app you chose to protect you.
https://www.eff.org/deeplinks/2026/04/how-push-notifications-can-betray-your-privacy-and-what-do-about-it
#Privacy #Cybersecurity #MobileSecurity #security #cloud #infosec -
Join Sven Schleier’s 2-day mobile app security training either remotely or in Vienna! 👀
Learn Android & iOS testing (OWASP MASTG), dynamic/static analysis, Frida, reverse engineering, cloud labs, and live CTFs 🚀
No device needed, just your laptop. Level up your skills
-
Comparison of Android-based Operating Systems
👑 #GrapheneOS 👑
https://eylenburg.github.io/android_comparison.htm
@GrapheneOS
#grapheneOSFoundation #Graphene #GrapheneOS #Googlepixel #Motorola
#DeGoogle#DeGoogledAndroid #AndroidFork #AndroidOS #DegoogledPhone #hardened #Android #Privacy #Security #CyberSecurity #MobileSecurity #InfoSec #DigitalSecurity #HardenedAndroid #OpenSource #AOSP -
For the first time ever, OWASP MAScon hits OWASP Global AppSec EU 2026 in Vienna! Join top experts for cutting-edge mobile security talks, live demos & real-world insights.
🎟 Tickets: https://owasp.glueup.com/event/owasp-global-appsec-eu-2026-vienna-austria-162243/tickets.html
📖 Details: https://owaspglobalappseceuvienna20.sched.com/overview/type/MobileAppSecCon -
The 2026 Security 360 Mobile report is here!
As part of this year’s research, #Jamf partnered with NowSecure to analyze 135 widely used mobile apps used in enterprises today.
The analysis, grounded in #OWASP standards, highlights how pervasive app vulnerabilities are.
See the report findings: https://loom.ly/P761XRY
@jamfsoftware #Jamf #MobileSecurity#Cybersecurity #MobileApps
-
Day 10 of #100VibeProjects 🔍
Built a local web tool that does static security analysis of Android APKs — upload an APK and get a report covering permissions, hardcoded secrets, SDK fingerprinting, cert pinning, and crypto posture.
The interesting part: the methodology came from reverse-engineering the WhiteHouse app teardown that went viral last week. Applied the same five-gate analysis framework to a real banking app.
Found an expired certificate pin (silently disables TLS pinning for all users), a session replay SDK with no confirmed masking rules, and four Adobe tracking SDKs doing cross-device user stitching.
The tool runs entirely locally. No data leaves your machine. APK deleted after analysis.
Stack: Python · Flask · androguard · 380 lines
📝 Blog: mrdee.in
https://mrdee.in/writing/vibecoding-day010-offline-apk-security-analyzer/💻 GitHub Repo: https://github.com/mr-dinesh/Offline-APK-Analyzer
#VibeCoding #AppSec #AndroidSecurity #MobileSecurity #Python #Flask #DFIR #InfoSec #ReverseEngineering #CyberSecurity
-
Google clamps down on Android developers with mandatory verification
https://fed.brid.gy/r/https://nerds.xyz/2026/03/android-developer-verification/
-
🔐 Cyber Tip: Enable biometric logins on mobile devices.
Fingerprint or facial recognition adds an extra layer of protection if your device is lost or stolen.
-
For the first time ever, OWASP MAScon hits OWASP Global AppSec EU 2026 in Vienna! Join top experts for cutting-edge mobile security talks, live demos & real-world insights.
🎟 Tickets: https://owasp.glueup.com/event/owasp-global-appsec-eu-2026-vienna-austria-162243/tickets.html
📖 Details: https://owaspglobalappseceuvienna20.sched.com/overview/type/MobileAppSecCon -
The first ever OWASP MAScon is happening inside OWASP Global AppSec EU 2026 in Vienna, June 25 to 26, during 25 years of OWASP. Organized by Carlos Holguera @grepharder and Sven Schleier, with talks from Carlos, Stefan Bernhardsgrütter, Sergi Alvarez @pancake, Jan Seredynski, Ole André Vadla Ravnås @oleavr, and Jeroen Beckers.
-
Android sideloading is getting a new speed bump: Google will require a 24-hour wait before installing apps from unverified developers, a move supposedly meant to make malware and scam-driven installs harder to pull off.
https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html
#AndroidSecurity #Cybersecurity #Malware #MobileSecurity #Google
-
Android is rolling out a new security system 🔒 for sideloading that includes developer verification, mandatory wait times, and device restarts. The goal? Disrupting scam tactics while keeping the platform open. Here's how the new flow actually works and what it means for users wanting to install apps outside official stores 📱
Read the article to learn more: https://true-tech.net/android-sideloading-security-update-2026/
#Android #Cybersecurity #Sideloading #AppSecurity #MobileSecurity
https://true-tech.net/android-sideloading-security-update-2026/
-
DarkSword iOS exploit framework confirmed in global attacks — SecurityAffairs.
Enterprise EDR covers managed endpoints. Phones outside MDM enrollment carry credentials and sensitive data your security stack cannot see.
Audit MDM enrollment completeness. Patch iOS devices now.
-
Android 17 is tightening Accessibility API access to stop malware from abusing system permissions.
The update integrates with Advanced Protection Mode to reduce privilege escalation and limit sensitive data access.
-
I wonder if Motorola will tighten security of their future phones running stock android now that they are working with GrapheneOS?
Things like setting USB-port to charge only when screen is locked to secure against data extraction from companies like Cellbrite.
#Android #GrapheneOS #Motorola #Security #Infosec #Phones #MobilePhones #MobileSecurity