Zimperium zLabs discovered over 760 Android apps misusing NFC and HCE to steal payment data, with a notable increase in attacks since April 2024. These malicious apps impersonate trusted institutions and operate through a command-and-control system, making detection difficult. Financial institutions and users need to be wary of unfamiliar apps requesting NFC access.

Cybersecurity experts found a new Android spyware, RadzaRat, disguised as a file manager app. It grants hackers full control over devices, including keylogging capabilities, and is undetectable by antivirus programs. The malware is easily accessible online and can be deployed by anyone with basic skills.

A report from Zscaler reveals that over 239 malicious Android apps were downloaded 42 million times from Google Play between June 2024 and May 2025. The rise in malware includes banking trojans and spyware, with a notable shift towards social engineering tactics. India, the U.S., and Canada are the top targets, while adware has become the most detected threat.

Meta’s secure-by-default frameworks improve mobile security by wrapping risky OS and third-party functions, making security easier for developers. Generative AI helps automate the adoption of these frameworks across Meta's extensive codebase, ensuring consistent security without sacrificing developer speed.

The Kimwolf botnet has infected over 2 million devices by exploiting vulnerabilities in residential proxy networks. It spreads through compromised Android TV boxes and digital photo frames, allowing attackers to relay malicious traffic and launch DDoS attacks. Security experts warn that the risk from unsecured proxy networks is escalating.

Google is introducing developer verification requirements to enhance security on the Android platform, addressing issues with scams and malware. The update considers feedback from various user groups, including students and experienced users, offering tailored solutions for each. Early access to the new verification process is starting for developers.

Google reports significant gains in memory safety by adopting Rust for Android development. Memory safety vulnerabilities dropped below 20% for the first time, and Rust's code changes are not only safer but also faster to implement, showing a marked reduction in rollback rates and code review times.

This project sets up an MCP server on a rooted Android device, enabling remote access to Frida's dynamic instrumentation for mobile security testing. Users can manage apps, execute scripts, and bypass security controls without needing a direct USB connection. It’s a proof-of-concept that still needs improved security and session management.

Google is launching a feature that allows Quick Share to work with AirDrop, enabling easier file transfers between iPhones and Android devices. This update starts with the Pixel 10 family and emphasizes strong data security measures. More Android devices will gain access in the future.

Google has enabled Android’s Quick Share to work with Apple’s AirDrop, allowing file transfers between the two platforms. This feature supports photos, videos, and files, operating directly and securely without routing data through servers. Currently available on Pixel 10, it will roll out to more Android devices later.

This article discusses the progression of FIDO authentication methods on Android, highlighting the shift from traditional passwords to passkeys. It outlines the challenges of password security and details how new technologies like U2F and passkeys enhance user authentication experiences.

The article discusses how the lack of kernel address space layout randomization (KASLR) on Pixel devices allows for predictable kernel memory access. It explains the implications of static physical memory allocation and how attackers can exploit this to write to kernel memory without needing to leak KASLR. The findings highlight security vulnerabilities in the Android kernel on Pixel phones.

The Herodotus malware family targets Android devices by using random delays to imitate human typing, making it harder for security software to detect. Currently distributed through SMS phishing, it can bypass Accessibility permissions and interact with the user interface to steal sensitive information. Experts warn Android users to be cautious about app permissions and avoid downloading apps from untrusted sources.

A new report from Zimperium reveals a rise in NFC relay malware targeting Android users' tap-to-pay systems. Over 760 malicious apps have been found that impersonate legitimate banking applications to steal payment data and facilitate fraud. Users are advised to download apps only from the Google Play Store and stay vigilant against unknown payment requests.

Google patched 107 vulnerabilities in Android, including two high-severity flaws currently being exploited. Users should check their Android version and update to at least the 2025-12-05 patch level to ensure these issues are resolved. It's important to only install apps from trusted sources and keep devices up to date for security.

The article details the author's experience using AI, specifically Claude Opus 4.5, to reverse engineer and intercept network traffic from the Cronometer app, built with Flutter. It covers challenges related to SSL pinning and proxy routing, and how AI-assisted debugging streamlined the process.

Researchers have uncovered two new Android malware families, FvncBot and SeedSnatcher. FvncBot targets banking users in Poland, using advanced techniques for data theft, while SeedSnatcher aims to steal cryptocurrency wallet seed phrases and intercept SMS for two-factor authentication.

Google is rolling out a "high-friction" sideloading process for Android, aimed at increasing user awareness about the risks of installing apps from unverified sources. While users can still opt to install without verification, this will come with additional steps to ensure they understand the potential dangers. The long-term impact on sideloading accessibility remains uncertain.

The article discusses the latest security features in Google Android 16, highlighting enhancements aimed at scam protection and user safety. These updates include advanced tools to combat phishing and other cyber threats, ensuring a more secure experience for Android users.

Android 16 has been launched, introducing significant updates for developers and users, including enhanced camera and media APIs, improvements in app visual consistency, and new adaptive features. The update emphasizes performance efficiency and security, alongside a framework for better app compatibility across devices. Developers are encouraged to prepare for these changes and take advantage of new APIs to enhance their applications.

Google has introduced Advanced Protection for Android users, enhancing security for at-risk individuals like journalists and public figures. This feature integrates with Chrome to enforce secure connections, implement full site isolation, and reduce attack surfaces by disabling certain JavaScript optimizations, thereby providing greater protection against sophisticated threats. Users can customize these security settings regardless of their participation in the Advanced Protection Program.

Google plans to implement a verification process for all Android developers to enhance security and trust within its app ecosystem. This new measure aims to prevent fraudulent apps and protect users from malicious software. The initiative is part of Google's ongoing efforts to improve safety in the Android platform.

The latest version of the 'Crocodilus' Android malware now includes a feature that adds fake contacts to infected devices, allowing attackers to spoof trusted callers and enhance their social engineering tactics. Initially identified in Turkey, the malware has expanded its reach globally and incorporates advanced evasion techniques to avoid detection while stealing sensitive data. Android users are advised to exercise caution and download only from trusted sources to mitigate risks.

Google has issued the September 2025 security update for Android, addressing 84 vulnerabilities, including two critical zero-day flaws that are currently being exploited. The update also includes fixes for four critical-severity issues, particularly affecting Qualcomm components and various Android versions. Users are urged to update their devices to ensure protection against these vulnerabilities.

Android 16 has been launched, introducing features such as streamlined notifications, enhanced support for hearing devices, and improved security measures. This update also enhances productivity on tablets with desktop windowing and offers a new Material 3 Expressive design. Additional features and updates are expected later this year for Android and Pixel devices.

Researchers have discovered that the defenses implemented by Apple and Google against "juice jacking," a method of data theft via malicious chargers, can be easily bypassed. Their new attack, termed ChoiceJacking, exploits vulnerabilities in the USB protocol, allowing attackers to gain unauthorized access to sensitive data on mobile devices. Despite recent updates from both companies, many Android devices remain at risk due to fragmentation and incomplete implementations of security measures.

A new Android banking Trojan named Anatsa has been discovered, targeting users by mimicking legitimate banking applications. It employs advanced techniques to steal sensitive information and bypass security measures, posing a significant threat to users’ financial security. The malware is spread through malicious apps and phishing campaigns, highlighting the need for increased vigilance among mobile users.

Fake TikTok and WhatsApp apps have surfaced on Android, posing as legitimate applications but actually containing Clayrat spyware. Users who download these apps risk their personal data being compromised, as the spyware can capture sensitive information and track activities. It is crucial for users to be vigilant and verify app authenticity before installation.

The article discusses the Android security update scheduled for June 2025, highlighting critical vulnerabilities that will be addressed to enhance device security. It emphasizes the importance of timely updates for protecting user data and maintaining device integrity against emerging threats.

Researchers have discovered ten significant security vulnerabilities in the Perplexity AI chatbot's Android app, making it less secure than competitors like ChatGPT and DeepSeek. Key issues include hardcoded API keys and weak detection mechanisms, which could lead to serious data integrity and confidentiality risks for users. Users are advised to uninstall the app until these vulnerabilities are addressed.

A new attack known as "pixnapping" has emerged, targeting Android devices by using pixel-stealing techniques to access sensitive information. This method allows attackers to manipulate the display output, potentially compromising user data without their knowledge. Users are advised to remain vigilant and update their security measures to protect against this threat.

Google is introducing a new security feature for Android devices that automatically reboots locked devices after three days of inactivity, enhancing protection against data extraction by forensic tools. This update aims to keep user data encrypted in the Before First Unlock (BFU) state for longer periods, complicating unauthorized access during forensic investigations. Users can obtain the update through the Google Play store, though it will be rolled out gradually.