Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow users to install apps from unverified devs.

The Android vulnerability CVE-2025-48561 (Pixnapping) enables the theft of any data displayed on a smartphone's screen. We explain how Pixnapping works and provide advice on mitigating the risk.

Security researchers discovered "Fantasy Hub," a new Android remote access trojan (RAT) operating as a Malware-as-a-Service (MaaS) platform.

A critical vulnerability that affects Samsung mobile devices was exploited in the wild to distribute LANDFALL spyware.

Backup Vulnerabilities Android Mobile Application Summary hello everyone today I will share about Android Backup Vulnerabilities, this is one of the findings that I often find when doing pentest on android applications, especially on mobile applications. I made this article because it was quite inspired by this blog , Now lets just go straight to the discussion. Android Backup Vulnerabilities are vulnerabilities where an application allows backups for the application, this vulnerability will be very impactful if the same application has Insecure data storage vulnerabilities, because the application’s internal files can be stolen without root, even though the android device must turn on usb debugging How to look for it? Check the androidmanifest.xml file and highlight the android:allowBackup text, if android:allowBackup = "true" this means that the application is vulnerable to android backup vulnerabilities, and vice versa if the value is false , it means that the android application is not vulnerable to Android Backup Vulnerabilities, it's easy, right? okay, continue to the demo. Unpack the app using jadx and then open the Androidmanifest.xml file, this file is usually found in Resource Using the adb (android debug brigde) tool, we try to backup the application folder with commands more or less like this, and don’t forget to connect the adb via usb or wireless. adb backup -f <backup-name.ab> <app-package-name> adb backup -f application com.app.info // Create Password 12345678 Using ABE ( Android Backup Extractor ) convert .ab files to .tar so that they can be extracted, look like the picture below the internal application folder can be retrieved. When converting the abe tool, it will ask for the password that we created before Refrence https://owasp.org/www-project-mobile-top-10/2023-risks/m9-insecure-data-storage https://vishwarajbhattrai.wordpress.com/2017/07/17/finding-backup-vulnerabilities-in-android-apps/ https://www.appsealing.com/insecure-data-storage/ Backup vulnerabilities android mobile application was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

Security researchers have uncovered two distinct Android malware strains, BankBot-YNRK and DeliveryRAT, both engineered to pilfer sensitive financial data from compromised devices. The discoveries highlight ongoing sophistication in mobile threat actor tactics, techniques, and procedures.

Would you allow a stranger to drive a camera-equipped computer around your living room? You might have already done so without even realizing it. The Beginning: A Curious Experiment It all started ...

The malicious app required to make a “Pixnapping” attack work requires no permissions.

Researchers have uncovered a high-severity Pixnapping attack that enables hackers to snoop on Android screens and steal sensitive data.

Are you trying to use AI chatbots to add a splash of efficiency to your daily perusal of the news? Well, you’ve already messed up. According to a study conducted by the BBC, a news organization that has some vested interest in people understanding the news they’re publishing every day, using AI chatbots that summarize […]

A partially accurate historical account on how we finally arrived at passkeys as the ultimate solution to accessible and secure authentication from simple passwords.

LineageOS 23.0 apporte Android 16 à plus de 100 appareils malgré de nombreux obstacles créés par Google. LineageOS vient de publier la version 23.0 de sa

Google cache maintenant le code source d'Android aux développeurs de ROM. LineageOS galère, GrapheneOS cherche à fuir les Pixels. Comment la communauté

Mobdro Pro IP TV + VPN hides Klopatra, a new Android Trojan that lets attackers steal banking credentials.

A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube.

A code execution vulnerability in the Unity game engine could be exploited to achieve code execution on Android and privilege escalation on Windows.

Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account ...

ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates.

An interesting piece of research was published recently that found that the effective maximum context size of Large Language Models is orders of magnitude smaller than the advertised maximum contex…