In Android Q beta 3 apps running in the background can no longer launch activities.
However, users can disable this feature in developer options by turning on "Allow background activity starts."
Because of that, malware could allow it via Accessibility services. https://www.androidpolice.com/2019/05/08/background-apps-can-no-longer-launch-activities-in-android-q-beta-3/
However, users can disable this feature in developer options by turning on "Allow background activity starts."
Because of that, malware could allow it via Accessibility services. https://www.androidpolice.com/2019/05/08/background-apps-can-no-longer-launch-activities-in-android-q-beta-3/
Android Police
Background apps can no longer launch activities in Android Q beta 3
Google is following through on a promise it made when it unveiled Android Q. As of the newly launched beta, apps running in the background can no longer
APKiD (new release) gives you information about how an APK was made.
It identifies many compilers, packers, obfuscators, and other weird stuff. It's PEiD for Android.
https://github.com/rednaga/APKiD/blob/master/README.md
It identifies many compilers, packers, obfuscators, and other weird stuff. It's PEiD for Android.
https://github.com/rednaga/APKiD/blob/master/README.md
GitHub
APKiD/README.md at master · rednaga/APKiD
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android - rednaga/APKiD
Hacking Public Warning System in LTE Mobile Network
https://t.co/pv7EUmYTa0?amp=1
https://t.co/pv7EUmYTa0?amp=1
3 fake apps found on Google Play Store. Their goal is to steal text messages and set itself as default SMS app. If you have them installed, uninstall them!
Forwarded from The Bug Bounty Hunter
Pentesting Android applications by reversing and finding attack surfaces
https://blog.usejournal.com/an-intro-to-pentesting-an-android-phone-464ec4860f39
https://blog.usejournal.com/an-intro-to-pentesting-an-android-phone-464ec4860f39
Medium
Pentesting Android applications by reversing and finding attack surfaces
In this past semester, I was taking a cybersecurity class. Since our awesome professor believe in the concept that we learn by doing and…
Did You Know These Mobile Fraud Examples?
https://www.linkedin.com/pulse/did-you-know-mobile-fraud-examples-ad-fraud-historian
https://www.linkedin.com/pulse/did-you-know-mobile-fraud-examples-ad-fraud-historian
Linkedin
Did You Know These Mobile Fraud Examples?
Most marketers have heard of mobile ad fraud. Most also assume that fraud detection tech companies are detecting mobile fraud and preventing or reducing it for them.
DEF CON Quals 2019 : VERYANDROIDOSO
#Android #CTF #Writeup #Frida
https://eybisi.run/DEF-CON-Quals-2019-Veryandroidoso/
#Android #CTF #Writeup #Frida
https://eybisi.run/DEF-CON-Quals-2019-Veryandroidoso/
hedgehog's cave
DEF CON Quals 2019 : VERYANDROIDOSO
Here is my writeup for VERYANDROIDOSO task. Ofcourse with frida :D App takes input from us and checks if it is correct flag. Length of flag should be 23 enclosed with OOO{..}. Also inside of brackets
Four Main Mobile Payment Models and their security
https://2muchcoffee.com/blog/paying-with-your-mobile-phone-types-and-models/
https://2muchcoffee.com/blog/paying-with-your-mobile-phone-types-and-models/
Tech News and Discussions | 2muchcoffee
Paying With Your Mobile Phone: Types and Models
Today mobile payment solutions are fast, convenient and secure practice. But what payment type or model to choose? Still confused? Take a look at our approach to classify payment with your mobile phone.
“If you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature,” Twitter said
https://threatpost.com/twitter-leaked-ios-users-location/144687/
https://threatpost.com/twitter-leaked-ios-users-location/144687/
Threat Post
Twitter Leaks Apple iOS Users’ Location Data to Ad Partner
A Twitter glitch "inadvertently" leaked iOS users' location data to an unnamed partner.
Android app "Ever - Capture Your Memories" with 1M+ installs.
What began in 2013 as another cloud storage app has pivoted toward a far more lucrative business known as Ever AI — without telling the app’s millions of users.
https://www.nbcnews.com/tech/security/millions-people-uploaded-photos-ever-app-then-company-used-them-n1003371
What began in 2013 as another cloud storage app has pivoted toward a far more lucrative business known as Ever AI — without telling the app’s millions of users.
https://www.nbcnews.com/tech/security/millions-people-uploaded-photos-ever-app-then-company-used-them-n1003371
NBC News
Millions of people uploaded photos to the Ever app. Then the company used them to develop facial recognition tools.
“The app developers were not clear about their intentions," one Ever user said. "I believe it’s a huge invasion of privacy.”
Update WhatsApp!
WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.
https://techcrunch.com/2019/05/13/whatsapp-exploit-let-attackers-install-government-grade-spyware-on-phones/
WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.
https://techcrunch.com/2019/05/13/whatsapp-exploit-let-attackers-install-government-grade-spyware-on-phones/
TechCrunch
WhatsApp exploit let attackers install government-grade spyware on phones | TechCrunch
WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.
A Korean-speaking hacking group in operation since at least 2016 is expanding its arsenal of hacking tools to include a Bluetooth-device harvester in a move that signals the group’s growing interest in mobile devices.
https://arstechnica.com/information-technology/2019/05/korean-speaking-hackers-add-bluetooth-harvester-to-its-tool-arsenal/
https://arstechnica.com/information-technology/2019/05/korean-speaking-hackers-add-bluetooth-harvester-to-its-tool-arsenal/
Ars Technica
Bluetooth harvester signals hacking group’s growing interest in mobile
ScarCruft's new interest in mobile devices suggests the group's continuing evolution.
Android & iOS app "Call India - IntCall" allows anyone to register any phone number without OTP verification
This means that anyone can make calls spoofing any phone number.
This concerns only users from #India 🇮🇳
The app hasn't been updated since 2014.
https://www.news18.com/amp/news/tech/this-android-calling-app-presents-a-huge-threat-but-is-still-guarded-by-a-high-rating-2140363.html?__twitter_impression=true
This means that anyone can make calls spoofing any phone number.
This concerns only users from #India 🇮🇳
The app hasn't been updated since 2014.
https://www.news18.com/amp/news/tech/this-android-calling-app-presents-a-huge-threat-but-is-still-guarded-by-a-high-rating-2140363.html?__twitter_impression=true
News18
This Android Calling App Presents a Huge Threat, But is Still Guarded by a High Rating
TeleStar's 'Call India - IntCall' app can remotely authorise any random number on your phone, make remote phone calls using your number, and even include voice morphing, hence being a massive threat to security.
[technical analysis of WhatsApp vulnerability]
Vulnerable RTCP module is called before the WhatsApp voice call is answered - 0 click RCE.
https://research.checkpoint.com/the-nso-whatsapp-vulnerability-this-is-how-it-happened/
Vulnerable RTCP module is called before the WhatsApp voice call is answered - 0 click RCE.
https://research.checkpoint.com/the-nso-whatsapp-vulnerability-this-is-how-it-happened/
Check Point Research
The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research
Earlier today the Financial Times published that there is a critical vulnerability in the popular WhatsApp messaging application and that it is actively being used to inject spyware into victims phones. According to the report, attackers only need to issue…
U.S. immigration cops just spent $1 Million on iPhone hacking equipment.
GrayKey, previously described as the world’s best iPhone hacking tech for police and intelligence agents, allowing them to break passcodes and retrieve information from inside Apple devices.
https://www.forbes.com/sites/thomasbrewster/2019/05/08/immigration-just-spent-a-record-1-million-on-the-worlds-most-advanced-iphone-hacking-tech/
GrayKey, previously described as the world’s best iPhone hacking tech for police and intelligence agents, allowing them to break passcodes and retrieve information from inside Apple devices.
https://www.forbes.com/sites/thomasbrewster/2019/05/08/immigration-just-spent-a-record-1-million-on-the-worlds-most-advanced-iphone-hacking-tech/
Forbes
Immigration Cops Just Spent A Record $1 Million On The World's Most Advanced iPhone Hacking Tech
The GrayKey promises access to locked iPhones. And ICE is its biggest fan.