A Primer On Android Forensics
https://nex.sx/tech/2022/01/28/a-primer-on-android-forensics.html

Abusing Facebooks Call To Action to launch internal deeplinks
https://www.ash-king.co.uk/blog/abusing-Facebooks-call-to-action-to-launch-internal-deeplinks

Diving Deeper in Android System Diagnostics and Remote Forensics
https://nex.sx/tech/2022/02/04/diving-deeper-in-android-system-diagnostics.html

How to build a Cellphone IMSI Catcher (Stingray)
https://www.hackers-arise.com/post/software-defined-radio-part-6-building-a-imsi-catcher-stingray

FluBot and Medusa Android banking Trojans attack banks side-by-side via SMiShing
https://www.threatfabric.com/blogs/partners-in-crime-medusa-cabassous.html#medusa-turkish-delight-with-dangerous-filling

Malicious campaign Roaming Mantis (Wroba.o, Moqhao, XLoader) reaches Europe via SMiShing targeting Android and iOS
https://securelist.com/roaming-mantis-reaches-europe/105596/

Zero-Click RCE Exploit for the Peloton Bike (And Also Every Other Unpatched Android Device)
https://www.nowsecure.com/blog/2022/02/09/a-zero-click-rce-exploit-for-the-peloton-bike-and-also-every-other-unpatched-android-device/

SIM Hijacking
https://sensepost.com/blog/2022/sim-hijacking/

Google awarded $8.7 million to 696 security researchers in 2021

Highest reward - $157,000 by discovering critical exploitation chain in Android (CVE-2021-39698)

- $3 million went to Android vulnerabilities
- $3.3 million went to Chrome browser bugs
- $0.5 million went to Google Play Store vulnerabilities
- $0.313 million went to Google Cloud bugs.
https://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html

apkingo - get detailed information about apk files

I retrieves: package name, target SDK, permissions, metadata, certificate serial and issuer, info from Google Play Store and detect if it is malicious using Koodous
https://github.com/andpalmier/apkingo

How to Bypass Jailbreak Detection On iOS Apps & Games (iOS 11 - iOS 14)
https://idevicecentral.com/jailbreak-guide/how-to-bypass-jailbreak-detection-on-ios-applications-and-games-ios-11-ios-14/

WiFi Zero Click RCE Trigger PoC CVE-2021-1965
https://github.com/parsdefense/CVE-2021-1965

Collection of Android (Samsung) Security Related Resources https://github.com/NetKingJ/android-security-awesome

SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html

Mobile malware evolution 2021 by Kaspersky
https://securelist.com/mobile-malware-evolution-2021/105876/

Xenomorph: A newly hatched Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html

Xenomorph - new Android Banker - here is a quick video how smoothly it creates malicious overlay once targeted app (PayPal, Binance, Coinbase etc.) are launched by victim
https://youtu.be/7-yT65lVBf8

Writeup for an iOS 15 exploit that can achieve kernel

Impact: A malicious application may be able to execute arbitrary code with kernel privileges (CVE-2021-30955)
https://www.cyberkl.com/cvelist/cvedetail/24

Directory traversal vulnerability discovered in Android Slack lead to disclosure of auth tokens https://hackerone.com/reports/1378889

Intercepting Android Emulator SSL traffic with burp using magisk
https://infosecwriteups.com/intercepting-android-emulator-ssl-traffic-with-burp-using-magisk-bc948dca68f9

How to execute running Java code directly on Android (without creating an APK)
Part 1: https://raccoon.onyxbits.de/blog/run-java-app-android/
Part 2: https://raccoon.onyxbits.de/blog/programmatically-talking-to-the-android-system-adb-shell/