Subnoscription scam apps found on iOS App Store

These apps charge subnoscription rates around $30 per month after a 3 or 7-day trial period
https://news.sophos.com/en-us/2020/04/08/iphone-fleeceware/

Apple and Google came up with own solution to covid19 contact tracing

-without GPS
-only Bluetooth LE
-in May will release APIs
-user consent is necessity
-should be more secure than country's government own app solution
https://blog.google/inside-google/company-announcements/apple-and-google-partner-covid-19-contact-tracing-technology/

Intercept SSL traffic to perform penetration testing on Android apps using Charles Debug Proxy (Android 7-9)
https://medium.com/@Mayank.Grover/intercept-ssl-traffic-to-perform-penetration-testing-on-android-apps-using-charles-debug-proxy-59211859d22f

Vulnerability Analysis of Android SuperVPN app that allows attacker to exchange VPN gateway
https://youtu.be/ofTts7jlC2Y

OSINT Investigation: Android Cerberus Trojan and the INPS related to COVID19 campaign
https://bushidotoken.blogspot.com/2020/04/osint-investigation-cerberus-and-inps.html

Virtual machine host for iOS
It allows to run Windows, Android, and more on your iPhone and iPad 
https://getutm.app

Firefox for Android fixed 2 vulnerabilities:

-overwriting preference could lead to arbitrary code execution CVE-2020-6828
-URI spoofing CVE-2020-6827
https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/

TikTok Vulnerability Enables Hackers to Show Users Fake Videos
https://www.mysk.blog/2020/04/13/tiktok-vulnerability-enables-hackers-to-show-users-fake-videos/

Nice bug chaining found in Xiaomi Mi9 to achieve RCE

Visit attacker website ->...-> download & launch APK

CVE-2020-9530: A redirect vulnerability in a privileged WebView
CVE-2020-9531: XSS in locally stored web pages loaded into a privileged WebView
https://labs.f-secure.com/advisories/xiaomi-mi9/

Project Spy - Android and iOS Spyware
https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/

XploitSPY: New Android spyware designed by ethical-ish hackers
https://bushidotoken.blogspot.com/2020/04/xploitspy-new-android-spyware-designed.html

Nation-state Mobile Malware Targets Syrians with COVID-19 Lures
https://blog.lookout.com/nation-state-mobile-malware-targets-syrians-with-covid-19-lures

Android workshop: kernel vulnerability analysis and exploitation (CVE-2019-2215 - Use after Free)
https://cloudfuzz.github.io/android-kernel-exploitation/
https://github.com/cloudfuzz/android-kernel-exploitation

Broken Authentication in Mobile Application

https://medium.com/bugbountywriteup/broken-authentication-in-mobile-application-9f470513a4ab

Vulnerability Advisory: CVE-2020-7958 biometric data disclosure vulnerability in OnePlus 7 Pro Android phone
https://www.synopsys.com/blogs/software-security/cve-2020-7958/

Aptoide data breach

Hacker leaked 20 million records out of 39 million Aptoide user records
https://www.zdnet.com/article/details-of-20-million-aptoide-app-store-users-leaked-on-hacking-forum/

The Zaheck of Android Deep Links!

https://medium.com/@shivsahni2/the-zaheck-of-android-deep-links-a5f57dc4ae4c

Hacking Unity Games (part 2) - Manipulating game state with Frida
https://www.hypn.za.net/blog/2020/04/19/hacking-unity-games-part-2-manipulating/

How Android banking Trojan (GINP) behaves on real infected device
https://youtu.be/WeL_xSryj8E

1. iOS Application Pentesting Blog By Sunil Kande

https://techfrendz007.blogspot.com/2020/01/application-pentesting-series.html

iOS Houseparty app analysis
https://abrignoni.blogspot.com/2020/04/ios-houseparty-app-more-realm.html