Researchers have found that Meta and Yandex are exploiting legitimate internet protocols to de-anonymize Android users by embedding tracking codes in websites. This practice allows them to bypass security measures and link web browsing identifiers to persistent user identities in their mobile apps. Google is currently investigating this issue.

Google is rolling out a change that allows its Gemini AI engine to access third-party apps like WhatsApp, overriding user settings that previously blocked such interactions. Users may need to take action to maintain their privacy, but the guidance provided by Google is unclear and contradictory, leaving many users confused about how to fully disable Gemini's access.

Google has introduced new restrictions on sideloading Android apps, limiting the installation of apps that request sensitive permissions in a bid to enhance security. Critics argue this move undermines user autonomy and further entrenches Google's control over app distribution, drawing parallels to the closed ecosystem of Apple’s iOS. In contrast, Purism promotes its privacy-respecting devices and operating system as an alternative for those seeking user control and freedom from corporate surveillance.

Meta has paused its mobile tracking technology on Android after researchers revealed that the company, along with Yandex, exploited localhost ports to link users' web browsing data to their identities, circumventing standard privacy protections. Following this disclosure, Meta's tracking code was largely removed to comply with Google Play policies amid discussions with Google regarding the issue.

A recent study highlights significant data leaks associated with popular free VPN apps available on iOS and Android. Despite their claims of privacy protection, many of these applications have been found to expose sensitive user data, raising concerns about their reliability and the true safety they offer to users.

Fake TikTok and WhatsApp apps have surfaced on Android, posing as legitimate applications but actually containing Clayrat spyware. Users who download these apps risk their personal data being compromised, as the spyware can capture sensitive information and track activities. It is crucial for users to be vigilant and verify app authenticity before installation.

A new attack known as "pixnapping" has emerged, targeting Android devices by using pixel-stealing techniques to access sensitive information. This method allows attackers to manipulate the display output, potentially compromising user data without their knowledge. Users are advised to remain vigilant and update their security measures to protect against this threat.

Google is introducing a new security feature for Android devices that automatically reboots locked devices after three days of inactivity, enhancing protection against data extraction by forensic tools. This update aims to keep user data encrypted in the Before First Unlock (BFU) state for longer periods, complicating unauthorized access during forensic investigations. Users can obtain the update through the Google Play store, though it will be rolled out gradually.

The article discusses the Helium Browser for Android, an experimental Chromium-based web browser that emphasizes privacy and security while supporting browser extensions. It provides instructions for installation and configuration, as well as warnings about the experimental nature of the builds. Users are advised to consider using GrapheneOS with Vanadium for enhanced security features.