Security News

A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan. Because the trojan apps are file managers, it's less likely to raise suspicions when requesting dangerous permissions for loading the Sharkbot malware.

DuckDuckGo for Android's 'App Tracking Protection' feature has reached open beta, allowing all Android users to block third-party trackers across all their installed apps. The 'App Tracking Protection' aims to increase privacy throughout the entire operating system by blocking third-party tracking scripts in other Android apps installed on the device.

Internet behemoth Google on Tuesday said it plans to roll out Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. "The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions," the company said.

Google announced today that they will begin rolling out the Privacy Sandbox system on a limited number of Android 13 devices starting in early 2023. The Privacy Sandbox is a set of technologies Google introduced in February this year, aiming to limit the tracking of users while still providing advertisers with viable performance-measurement options.

Google has agreed to pay $391.5 million to settle a privacy lawsuit filed by a coalition of attorneys general from 40 U.S. states. The settlement shows that the U.S. attorneys general discovered while investigating a 2018 Associated Press article that the search giant misled Android users and tracked their locations since at least 2014 even when they thought location tracking was disabled.

Cybersecurity researcher David Schütz accidentally found a way to bypass the lock screen on his fully patched Google Pixel 6 and Pixel 5 smartphones, enabling anyone with physical access to the device to unlock it. Exploiting the vulnerability to bypass the lock screen on Android phones is a simple five-step process that wouldn't take more than a few minutes.

Microsoft announced that the Mobile Network Protection feature is generally available to help organizations detect network weaknesses affecting Android and iOS devices running Microsoft's Defender for Endpoint enterprise endpoint security platform.Once Mobile Network Protection is toggled, MDE will provide protection and alerts when rogue Wi-Fi-related threats and certificates are detected.

According to Schütz, he stumbled on a total Android lockscreen bypass bug entirely by accident in June 2022, under real-life conditions that could easily have happened to anyone. In Schütz's case, it was the humble PIN on his SIM card that stumped him, and because SIM PINs can be as short as four digits, they're protected by a hardware lockout that limits you to three guesses at most.

A previously undocumented Android spyware tool named 'BadBazaar' has been discovered targeting ethnic and religious minorities in China, most notably the Uyghurs in Xinjiang. Uyghurs, a regional Muslim minority of roughly 13 million people, have suffered extreme oppression from the central Chinese government due to their cultural deviation from typical eastern Chinese values.

Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. The BadBazaar campaign, according to the security firm, is said to date as far back as late 2018 and comprise 111 unique apps that masquerade as benign video players, messengers, religious apps, and even TikTok.