The vast majority of Android mobile apps available on the official Google Play Store that are meant for the management of cryptocurrencies are vulnerable to the most common and well-known vulnerabilities, according to a report published today by Swiss cyber-security firm High-Tech Bridge.
A collaborative effort between the Yale Privacy Lab and Exodus Privacy has shed light on dozens of invasive trackers that are embedded within Android applications and record user activity, sometimes without user consent.
Keybase is notifying Android users of a bug in its mobile app that might have unintentionally included the users' private key —used to encrypt conversations and other private data— into the automatic backups created by the Android OS and uploaded on Google's servers.
Android smartphones running Lolipop, Marshmallow, and Nougat, are vulnerable to an attack that exploits the MediaProjection service to capture the user's screen and record system audio
Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers.
Google has emailed Android app developers and has informed them of plans to remove all apps that misuse the Accessibility service from the Play Store.
A theoretical attack described by security researchers at the start of September has been integrated into a live malware distribution campaign for the first time.
Google has published this month's Android security bulletin, and the company provided a fix for the KRACK vulnerability that came to light last month.
A bug in the new "Adaptive Icons" feature introduced in Android Oreo has sent thousands of phones into infinite boot loops, forcing some users to reset their devices to factory settings, causing users to lose data along the way.
A Facebook spam campaign is luring users to phishing pages that try to trick targets into handing over Facebook or YouTube credentials.
Google's new Play Protect security system did not survive its first real-world tests, and the system was ranked dead last in an experiment carried out by German antivirus testing lab AV-Test.
Security researchers have spotted a new Android banking trojan named LokiBot that turns into ransomware and locks users' phones when they try to remove its admin privileges.
Google has added support in Android for an experimental feature that will encrypt DNS requests and prevent network-level attackers from snooping on user traffic.
Google has launched a bug bounty program for popular apps available on its Play Store. Dubbed the Play Security Reward Program, the bug bounty will be offered through the HackerOne platform and is not aimed at Google's own Android apps.
Google has removed eight apps from the official Play Store that were infected with the Sockbot Android malware.
A new report released earlier this week estimates that Kotlin will surpass Java as the primary programming language used for Android apps by December 2018.