Researchers: Alon Boxiner, Eran Vaknin, Alexey Volodin, Dikla Barda, Roman Zaikin December 2019   Available in over 150 markets, used in 75 languages globally, and with over 1 billion users, TikTok has definitely cracked the code to the term “popularity”…

A US-funded government assistance program is selling budget-friendly mobile phones that come pre-installed with unremovable malicious apps.

Posted by Samuel Groß, Project Zero Introduction This is the first blog post in a three-part series that will detail how a vulnerability...

Posted by Samuel Groß, Project Zero This post is the second in a series about a remote, interactionless iPhone exploit over iMessage.The f...

Posted by Samuel Groß, Project Zero This is the third and last post in a series about a remote, interactionless iPhone exploit over iMessa...

Recently I solved a CTF style challenge where the user was given an .apk file with the goal to find the flag. It turned out that it was a…

Posted by Alec Guertin and Vadim Kotov, Android Security & Privacy Team In this edition of our PHA Family Highlights series we introdu...

Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks.

Frida is a dynamic instrumentation framework and has remained as the most popular reverse engineering tool among security researchers, pentesters and even the bad actors. Frida is more robust compa…

This post is in-fact a continuation of my previous post on Frida detection. In this post, I will explain the mechanisms I have followed in hardening the native code written for Frida detection.Gene…

You can find the letter below. Add your voice to this campaign by signing our petition if you believe that its time Google stopped enabling exploitation.

Have you ever noticed strange reviews of Google Play apps that look totally out of place? Their creators might give it five stars, while dozens of users rate it with just one, and in some cases the reviews seem to

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python. - nccgroup/house

Android app penetration testing is a must when developing an app, especially if you deal with sensitive user information.

Fleeceware remains a problem on Google Play, where Android users still run the risk of being charged hundreds of dollars or euros for “subnoscriptions” to apps

All iPhones running iOS 10 or later can now be used as hardware security keys for Google accounts.

Bitdefender researchers recently found 17 Google Play apps that, once installed,
start hiding their presence on the user’s device and constantly display
aggressive ads.