A security researcher has found a second factory app that was included on OnePlus devices delivered to customers, and this one can be abused to dump the user's photos and videos, but also GPS, WiFi, Bluetooth, and various other logs.
The Google Play Store is seeing a wave of malware-infested apps like never before. Four separate security companies have reported —or are preparing to release reports— on malware campaigns currently underway via Android apps available on the Play Store.
Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers.
Google has emailed Android app developers and has informed them of plans to remove all apps that misuse the Accessibility service from the Play Store.
A theoretical attack described by security researchers at the start of September has been integrated into a live malware distribution campaign for the first time.
Security researchers have discovered that tens of developers have left API credentials in hundreds of applications built around the Twilio service.
Google has published this month's Android security bulletin, and the company provided a fix for the KRACK vulnerability that came to light last month.
A bug in the new "Adaptive Icons" feature introduced in Android Oreo has sent thousands of phones into infinite boot loops, forcing some users to reset their devices to factory settings, causing users to lose data along the way.
Google's new Play Protect security system did not survive its first real-world tests, and the system was ranked dead last in an experiment carried out by German antivirus testing lab AV-Test.
Security researchers have spotted a new Android banking trojan named LokiBot that turns into ransomware and locks users' phones when they try to remove its admin privileges.
Google has added support in Android for an experimental feature that will encrypt DNS requests and prevent network-level attackers from snooping on user traffic.
Google has launched a bug bounty program for popular apps available on its Play Store. Dubbed the Play Security Reward Program, the bug bounty will be offered through the HackerOne platform and is not aimed at Google's own Android apps.
A new report released earlier this week estimates that Kotlin will surpass Java as the primary programming language used for Android apps by December 2018.
Microsoft announced on Monday that it started rolling out Cortana integration in Skype, bringing its smart AI-based virtual assistant to the company's instant messaging client.
OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer.
There is now an Android app that can search and detect gas pump skimmers based on their Bluetooth fingerprint.
WhatsApp has the honor of being the most popular app on iOS enterprise devices, but also the most blacklisted app on enterprise networks.
A Google security researcher has published proof-of-concept code for a vulnerability that can be exploited remotely via a WiFi connection to take over iPhone 7 handsets.
Security researchers from Trend Micro published a report detailing a new malware family named ZNIU that uses Dirty COW to root devices and plant a backdoor.
GO Keyboard, an insanely popular custom keyboard app for the Android OS, also available on the official Google Play Store, was caught collecting user data and downloading and running code from a third-party server.