Exploiting CVE-2020-0041 - Part 1: Escaping the Chrome Sandbox
https://labs.bluefrostsecurity.de/blog/2020/03/31/cve-2020-0041-part-1-sandbox-escape/

Protecting Android App against Reverse Engineering and Tampering
https://medium.com/avi-parshan-studios/protecting-your-android-app-against-reverse-engineering-and-tampering-a727768b2e9e

Gained unauthorized Camera access on iOS and macOS

Technical walkthrough of discovered several zero-day bugs in Safari during hunt to hack the iOS/MacOS camera
https://www.ryanpickren.com/webcam-hacking

Automatic Uncovering of Hidden Behaviors From Input Validation in Mobile Apps
https://panda.moyix.net/~moyix/papers/inputscope_oakland20.pdf

Android Webview Exploited
http://www.nuckingfoob.me/android-webview-csp-iframe-sandbox-bypass/index.html

Bypassing Xamarin Certificate Pinning on Android

https://www.gosecure.net/blog/2020/04/06/bypassing-xamarin-certificate-pinning-on-android/

Unkillable xHelper and a Trojan matryoshka
https://securelist.com/unkillable-xhelper-and-a-trojan-matryoshka/96487/

Subnoscription scam apps found on iOS App Store

These apps charge subnoscription rates around $30 per month after a 3 or 7-day trial period
https://news.sophos.com/en-us/2020/04/08/iphone-fleeceware/

Apple and Google came up with own solution to covid19 contact tracing

-without GPS
-only Bluetooth LE
-in May will release APIs
-user consent is necessity
-should be more secure than country's government own app solution
https://blog.google/inside-google/company-announcements/apple-and-google-partner-covid-19-contact-tracing-technology/

Intercept SSL traffic to perform penetration testing on Android apps using Charles Debug Proxy (Android 7-9)
https://medium.com/@Mayank.Grover/intercept-ssl-traffic-to-perform-penetration-testing-on-android-apps-using-charles-debug-proxy-59211859d22f

Vulnerability Analysis of Android SuperVPN app that allows attacker to exchange VPN gateway
https://youtu.be/ofTts7jlC2Y

OSINT Investigation: Android Cerberus Trojan and the INPS related to COVID19 campaign
https://bushidotoken.blogspot.com/2020/04/osint-investigation-cerberus-and-inps.html

Virtual machine host for iOS
It allows to run Windows, Android, and more on your iPhone and iPad 
https://getutm.app

Firefox for Android fixed 2 vulnerabilities:

-overwriting preference could lead to arbitrary code execution CVE-2020-6828
-URI spoofing CVE-2020-6827
https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/

TikTok Vulnerability Enables Hackers to Show Users Fake Videos
https://www.mysk.blog/2020/04/13/tiktok-vulnerability-enables-hackers-to-show-users-fake-videos/

Nice bug chaining found in Xiaomi Mi9 to achieve RCE

Visit attacker website ->...-> download & launch APK

CVE-2020-9530: A redirect vulnerability in a privileged WebView
CVE-2020-9531: XSS in locally stored web pages loaded into a privileged WebView
https://labs.f-secure.com/advisories/xiaomi-mi9/

Project Spy - Android and iOS Spyware
https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/

XploitSPY: New Android spyware designed by ethical-ish hackers
https://bushidotoken.blogspot.com/2020/04/xploitspy-new-android-spyware-designed.html

Nation-state Mobile Malware Targets Syrians with COVID-19 Lures
https://blog.lookout.com/nation-state-mobile-malware-targets-syrians-with-covid-19-lures

Android workshop: kernel vulnerability analysis and exploitation (CVE-2019-2215 - Use after Free)
https://cloudfuzz.github.io/android-kernel-exploitation/
https://github.com/cloudfuzz/android-kernel-exploitation

Broken Authentication in Mobile Application

https://medium.com/bugbountywriteup/broken-authentication-in-mobile-application-9f470513a4ab