1 in 3 Android Apps Leak Sensitive Data
One third of Android and over half iOS apps shown to be leaking insecure APIs and hardcoded secrets
Android is Google's mobile operating system, whose apps, devices, and updates create a broad security surface for vulnerabilities and advisories.
Search across headline titles and summaries.
Background for this topic.
Android is an open-source operating system for mobile devices based on the Linux kernel, supporting apps primarily written in Java and Kotlin. Its architecture enforces app sandboxing and a permission model to isolate apps and restrict access to sensitive data or system features. However, Android’s allowance for installing apps from unofficial sources increases exposure to malicious software outside the vetted app store environment.
Security risks on Android include malware distribution via sideloaded apps, privilege escalation exploiting OS or pre-installed app vulnerabilities, and data leakage through excessive app permissions. Fragmentation in device models and delayed security updates complicate patch management, making timely application of security patches and careful permission control essential defensive practices for reducing attack surfaces on Android devices. Understanding these factors is critical for managing vulnerabilities in both consumer and enterprise contexts.
One third of Android and over half iOS apps shown to be leaking insecure APIs and hardcoded secrets
A massive Android ad fraud operation dubbed "SlopAds" was disrupted after 224 malicious applications on Google Play were used to generate 2.3 billion ad requests per day. [...]
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories
Steganography, Mobile Marketing Attribution, Code Obfuscation Deployed for Ad FraudA cybercrime crew using Android mobile apps to conduct advertising fraud took unusual pains to hide its activity, concealing malicious code in downloadable digital images and holding off from infecting the subset of users who organically found their apps through the Google Play store.