Google Play Store bad apps and developers review in 2022
-blocked 1.43 million apps to be available on the Store
-banned 173K bad accounts
-prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years
-expanded the App Defense Alliance (McAfee, Trend Micro, ESET, Lookout, Zimperium)
https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html

Android Deep Link Issues And WebView Exploitation
https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/

Android Java code translation into native code to thwart AV detection
Video: https://youtu.be/UcdMx-te2NE
Slides and materials: https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615

BouldSpy (DAAM) - Android Spyware Tied to Iranian Police Targeting Minorities
https://www.lookout.com/blog/iranian-spyware-bouldspy

Smartphones With Qualcomm Chip Secretly Share Private Information With US Chip-Maker
"Smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution."
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker

Androset: Automated noscript to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite
https://github.com/Anof-cyber/Androset

Android TV Boxes: AllWinner H616/H618 & RockChip 3328 Android Malware Analysis & Cleanup
https://github.com/DesktopECHO/T95-H616-Malware

Android greybox fuzzing with AFL++ Frida mode
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html

Vulnerabilities identified in Amazon Fire TV Stick
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javanoscript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf

Flutter Hackers: Understand and reverse engineere Flutter APK Release Mode with Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e

Arbitrary code execution discoverd in Android imo-International Calls & Chat with 1B installs up to version 2022.11.1051 (CVE-2022-47757)
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757

FluHorse – Newly Discovered Android Malware Disguised as Popular Android Apps Targeting East Asia to steal victim credentials and 2FA codes
https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/

Mobile Threats Report for Q1/2023 by Avast
https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/#mobile

Fleckpe - A new family of Trojan subscribers discovered on Google Play #Jocker #Harly
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/

Bypass Tiktok SSL pinning on Android devices
https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass

Meta (Facebook) Adversarial Threat Report for Q1 2023 (Android threats included)
https://about.fb.com/wp-content/uploads/2023/05/Meta-Quarterly-Adversarial-Threat-Report-Q1-2023.pdf

Analysis of Android SpyNote spyware targeting Indian Railway Catering and Tourism Corporation (IRCTC) users
https://labs.k7computing.com/index.php/spynote-targets-irctc-users/

GSMA Mobile Telecommunications Security Landscape in 2022
(ransomware, malware, smsishing, spyware, SIM swap, eSIM fraud, supply chain attacks, critical national infrastructure attacks, human threat...)
https://www.gsma.com/security/wp-content/uploads/2023/02/GSMA-Mobile-Telecommunications-Security-Landscape-2023_v1_for-website.pdf