mobile apps - Security Ticks

Which messaging app takes the most limited approach to permissions on Android?

Android, Facebook Messenger, mobile apps, News, Privacy, research, Signal, Telegram / SecurityTicks

Which messaging app takes the most limited approach to permissions on Android? 2026-04-03 at 08:39 By Sinisa Markovic Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android versions of Messenger, Signal, and Telegram shows that differences in permissions, background activity, […]

Which messaging app takes the most limited approach to permissions on Android? Read More »

Mobile privacy audits are getting harder

Android, Don't miss, EU, Europe, framework, mobile apps, News, Privacy, research / SecurityTicks

Mobile privacy audits are getting harder 2026-02-06 at 09:28 By Anamarija Pogorelec Mobile apps routinely collect and transmit personal data in ways that are difficult for users, developers, and regulators to verify. Permissions can reveal what an app can access, and privacy policies can claim what an app should do, yet neither reliably shows what

Mobile privacy audits are getting harder Read More »

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)

Cloudflare, Don't miss, Google Cloud, Hot stuff, JavaScript, Meta, mobile apps, News, Node.js, React, security update, vulnerability, web application, Wiz / SecurityTicks

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) 2025-12-04 at 14:32 By Zeljka Zorz A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) Read More »

Your budget Android phone might be spying on you

Android, cybersecurity, Don't miss, mobile apps, mobile devices, News, smartphones, threat / SecurityTicks

Your budget Android phone might be spying on you 2025-09-30 at 08:08 By Sinisa Markovic Researchers have found that many low-cost Android devices come with pre-installed apps that have high-level access to the system. Unlike apps from the Google Play Store, many of these are not subject to thorough checks and can serve as vectors

Your budget Android phone might be spying on you Read More »

Android VPN apps used by millions are covertly connected AND insecure

Android, Don't miss, Hot stuff, mobile apps, News, Privacy, research, VPN / SecurityTicks

Android VPN apps used by millions are covertly connected AND insecure 2025-08-19 at 17:07 By Zeljka Zorz Three families of Android VPN apps, with a combined 700 million-plus Google Play downloads, are secretly linked, according to a group of researchers from Arizona State University and Citizen Lab. Finding the secret links Virtual private networks (VPNs)

Android VPN apps used by millions are covertly connected AND insecure Read More »

Mobile security is a frontline risk. Are you ready?

Android, Endpoint Security, iOS, mobile apps, mobile devices, mobile security, News, report, survey, threats, Zimperium / SecurityTicks

Mobile security is a frontline risk. Are you ready? 2025-04-30 at 08:33 By Help Net Security The mobile threat landscape has shifted. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. For enterprises, mobile is no longer a secondary risk. It’s now one of the primary attack surfaces.

Mobile security is a frontline risk. Are you ready? Read More »

BLint: Open-source tool to check the security properties of your executables

Android, AppThreat, Don't miss, GitHub, Linux, mobile apps, News, open source, programming, software, Windows / SecurityTicks

BLint: Open-source tool to check the security properties of your executables 2024-05-14 at 07:31 By Mirko Zorz BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries. BLint features “Several source code analysis

BLint: Open-source tool to check the security properties of your executables Read More »

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps

Android, bug bounty, Don't miss, Google, Hot stuff, mobile apps, News / SecurityTicks

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 2024-05-03 at 17:16 By Zeljka Zorz Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. “We increased reward amounts by up to 10x in some categories (for example Remote Arbitrary

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps Read More »

Apps secretly turning devices into proxy network nodes removed from Google Play

consumer, Don't miss, enterprise, Hot stuff, HUMAN Security, mobile apps, News, Orange Cyberdefense, Proxy, research, Sekoia.io / SecurityTicks

Apps secretly turning devices into proxy network nodes removed from Google Play 2024-03-26 at 12:16 By Zeljka Zorz Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that

Apps secretly turning devices into proxy network nodes removed from Google Play Read More »

MobSF: Open-source security research platform for mobile apps

Android, code analysis, cybersecurity, Don't miss, GitHub, Hot stuff, iOS, mobile, mobile apps, mobile devices, News, open source, software / SecurityTicks

MobSF: Open-source security research platform for mobile apps 2024-03-14 at 07:30 By Mirko Zorz The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is adept

MobSF: Open-source security research platform for mobile apps Read More »

LassPass is not LastPass: Fraudulent app on Apple App Store

Don't miss, Hot stuff, LastPass, LogMeIn, mobile apps, News, password manager / SecurityTicks

LassPass is not LastPass: Fraudulent app on Apple App Store 2024-02-08 at 17:02 By Zeljka Zorz A fraudulent app named “LassPass Password Manager” that mimics the legitimate LastPass mobile app can currently be found on Apple’s App Store, the password manager maker is warning. The fraudulent app on Apple’s App Store “The app in question

LassPass is not LastPass: Fraudulent app on Apple App Store Read More »

New method to safeguard against mobile account takeovers

apple, attacks, cybersecurity, Don't miss, Hot stuff, iPhone, mobile apps, mobile devices, mobile security, News, Samsung, Xiaomi / SecurityTicks

New method to safeguard against mobile account takeovers 2024-01-22 at 13:01 By Help Net Security Computer science researchers have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where an attacker gains unauthorized access to online accounts. Most mobiles are now home to a complex ecosystem of interconnected

New method to safeguard against mobile account takeovers Read More »

Google Play will mark independently validated VPN apps

Android, Application Security, Don't miss, Google, Google Play, Hot stuff, mobile apps, News, VPN / SecurityTicks

Google Play will mark independently validated VPN apps 06/11/2023 at 13:49 By Helga Labus Android VPN apps that have gone through an independent security validation will now be able to claim that distinction on Google Play with a prominent badge in their Data Safety section. “We’ve launched this banner beginning with VPN apps due to

Google Play will mark independently validated VPN apps Read More »

Backdoored Android phones, TVs used for ad fraud – and worse!

Android, backdoor, data theft, Don't miss, fraud, Hot stuff, HUMAN Security, iOS, mobile apps, News, smart tv, smartphones / SecurityTicks

Backdoored Android phones, TVs used for ad fraud – and worse! 04/10/2023 at 19:46 By Help Net Security A key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices has been disrupted, Human Security has announced. The company’s Satori Threat Intelligence and Research Team observed more than

Backdoored Android phones, TVs used for ad fraud – and worse! Read More »

Easy-to-exploit Skype vulnerability reveals users’ IP address

consumer, deanonymization, Don't miss, Hot stuff, Microsoft, mobile apps, News, Privacy, Skype, vulnerability / SecurityTicks

Easy-to-exploit Skype vulnerability reveals users’ IP address 29/08/2023 at 13:32 By Zeljka Zorz A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. The vulnerability The security vulnerability has

Easy-to-exploit Skype vulnerability reveals users’ IP address Read More »

Meta’s Threads app used as a lure

Don't miss, EU, Hot stuff, Meta, mobile apps, Mysk, News, Threads, Veriti / SecurityTicks

Meta’s Threads app used as a lure 14/07/2023 at 14:16 By Zeljka Zorz It was to be expected: As the buzz around Meta’s new microblogging platform Threads gained momentum, some individuals have stepped in to take advantage of the fact that the app still can’t formally serve users in the European Union (or China, or

Meta’s Threads app used as a lure Read More »