Mobile Zero-days vulnerabilities are worth more than Windows.
We walk around with perfect espionage devices in our pockets and bad actors are aware of it.

The apps bundled with many Android phones are presenting threats to security and privacy greater than most users think.
They found that everyone from the hardware builders to mobile carriers and third-party advertisers were loading products up with risky code (PDF). https://arxiv.org/pdf/1905.02713.pdf

Gartner evaluates a number of operating systems and device implementations including Android. Android 9 received strong ratings in 26 of 30 categories, including 12 of the 13 categories in the corp-managed section.
https://www.blog.google/products/android-enterprise/android-enterprise-security-assessed-gartner/

If you have app Qualcomm Telecome app that tries to send SMS remove it.

How: Go to Settings -> Apps search for Qualcomm Telecome app and check if it requests SMS permission. If so, uninstall it.
This app was found on Pixel 2XL, Pixel 3XL and OnePlus 5 once updated to Android 9.

South Africa Has Second Most Android Banking Malware Attacks As Cyber Crime Increases

▪️Android smartphones in South Africa are the second-most targeted for banking malware
▪️There are 13,842 cyber attacks per day in Africa’s most sophisticated economy
https://sabric.co.za/media-and-news/press-releases/digital-banking-crime-statistics/

A popular GPS tracker — used as a panic alarm for elderly patients, to monitor kids, and track vehicles — contains security flaws that could leak real-time locations and can remotely activate its microphone.

▪️Device has integrated SIM card but without internet connectivity
▪️If not properly secured (not by default), it can receive SMS commands from anyone
https://techcrunch.com/2019/05/10/gps-trackers-flaw/

Quick overview of "secure messaging apps"

In Android Q beta 3 apps running in the background can no longer launch activities.
However, users can disable this feature in developer options by turning on "Allow background activity starts."
Because of that, malware could allow it via Accessibility services. https://www.androidpolice.com/2019/05/08/background-apps-can-no-longer-launch-activities-in-android-q-beta-3/

APKiD (new release) gives you information about how an APK was made.
It identifies many compilers, packers, obfuscators, and other weird stuff. It's PEiD for Android.
https://github.com/rednaga/APKiD/blob/master/README.md

Great feature on iOS 12

Local DoS on all Samsung phones with PoC https://link.medium.com/IhXHrKKCDW

Hacking Public Warning System in LTE Mobile Network
https://t.co/pv7EUmYTa0?amp=1

3 fake apps found on Google Play Store. Their goal is to steal text messages and set itself as default SMS app. If you have them installed, uninstall them!

Pentesting Android applications by reversing and finding attack surfaces
https://blog.usejournal.com/an-intro-to-pentesting-an-android-phone-464ec4860f39

Did You Know These Mobile Fraud Examples?
https://www.linkedin.com/pulse/did-you-know-mobile-fraud-examples-ad-fraud-historian

DEF CON Quals 2019 : VERYANDROIDOSO
#Android #CTF #Writeup #Frida
https://eybisi.run/DEF-CON-Quals-2019-Veryandroidoso/