You have to pay $1.99 for deleting your profile in dating app.
New scam technique?

"Because of the huge workload, we will charge $1.99 as service fee."
https://www.reddit.com/r/assholedesign/comments/c7nqw5/i_got_a_dating_app_but_wanted_to_delete_my/

I went to Cirque du Soleil show - TORUK, where they offer app to be part of the show App would sync all the devices in audience with effects.
The first thing that came to my mind was if I can hack them...next day I found bug where I could control the show.

TORUK app left open port 6161 and accepted any request to perform commands at the show:
-change volume settings
-discover nearby Bluetooth devices
-display animations
-read or write to shared preferences
-set the position of the “Like” Facebook
https://androidappwatch.eset.com/latest-posts/a-great-show-is-now-history-as-is-its-insecure-mobile-app/

Adware campaign discovered on Google Play

111 apps were found on Play Store with 9M+ installs.
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-campaign-identified-from-182-game-and-camera-apps-on-google-play-and-third-party-stores-like-9apps/

Malicious campaign that for years was using Facebook pages to spread malware across mobile and desktop environments targeting Libya 🇱🇾.
Threat actor used known open source Android RAT tools such as SpyNote.
https://research.checkpoint.com/operation-tripoli/

Top Android malware threats of June, 2019

Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019/blob/master/README.md

HiddenApp Adware with 50k+ installs found on Google Play
https://twitter.com/s_metanka/status/1145744992582995968?s=19

Android Security Bulletin—July 2019

The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Stay updated, stay secure.
https://source.android.com/security/bulletin/2019-07-01.html#2019-07-01-details

FridaLoader - One click tool to download and launch the latest version of the Frida x86 Server on a Genymotion emulator. #tool
https://github.com/dineshshetty/FridaLoader

New version of WannaLocker, the WannaCry copycat for mobile, which bundles spyware, remote-access-Trojan (RAT) malware, and banking Trojan malware in one nasty package.
https://blog.avast.com/wannalocker-targets-banks-in-brazil

Did you know that app developer on Google Play can based on user localization change app icon?
https://twitter.com/LukasStefanko/status/1145952428887543810

China Is Forcing Tourists to Install Text-Stealing Malware at its Border

The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.
https://www.vice.com/amp/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware
APK: https://github.com/motherboardgithub/bxaq

Vulnerabilities in smart home hub allows hacker to open front door locks. #IoT
https://blackmarble.sh/zipato-smart-hub/

Common Android App Vulnerabilities

“Watering Hole” is a cyber attack strategy in which the victim is a particular group (organization, industry, or region).
In this attack, the attacker typically observes which websites or apps the group uses and infects one or more of them with malware.
https://blog.zimperium.com/the-mobile-watering-hole-how-a-sip-leads-to-a-trojan-compromise/

HiddenApp adware found again on Google Play with 100k+ installs
https://twitter.com/s_metanka/status/1146113662169563137?s=19

Security of messaging apps
https://drive.google.com/file/d/1TkBq8Y8pBmNM-uBV3p5TyMF_ZAWVTyVY/view

Analysis of a new wave of Android malware family - BianLian
https://www.fortinet.com/blog/threat-research/new-wave-bianlian-malware.html

iOS emulator for Windows
https://github.com/ipasimulator/ipasim

June 2019 mobile malware review from Doctor Web

https://news.drweb.com/show/review/?lng=en&i=13335

Did you know iPhones have liquid detector in their lightning connector with instructions what to do?

iMessage: malformed message bricks iPhone.
Vulnerability was fixed in the 12.3 update.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1826