Mobile Security
Mobile application security encompasses the unique attack surface of iOS and Android applications, including insecure local data storage, weak transport layer protection, insufficient binary protections, and client-side injection vulnerabilities. The OWASP Mobile Top 10 highlights risks such as improper platform usage, insecure data storage, insecure communication, insecure authentication, insufficient cryptography, and code tampering. Mobile apps face threats that web applications do not: reverse engineering of client-side code, certificate pinning bypass, inter-process communication attacks, and exploitation of platform-specific features like deep links, content providers, and keychain storage. Tools like Frida, objection, MobSF, and Jadx enable dynamic instrumentation and static analysis of mobile binaries, while proxy tools allow interception of API traffic for server-side testing.
| Date Added | Link | Excerpt |
|---|---|---|
| 2026-05-06 NEW 2026 | Critical Android vulnerability CVE-2026-0073 fixed by Google news RCE | Reference to CVE-2026-0073, a critical remote code execution flaw in Android's System component affecting the Android Debug Bridge daemon (adbd). This vulnerability, patched by Google, allowed attackers to execute code as the shell user without privileges or user interaction. While not publicly exploited, it underscores ongoing security risks, similar to the previously exploited Qualcomm component vulnerability, CVE-2026-21385. → securityaffairs.com |
| 2026-05-06 NEW 2026 | Critical Remote Code Execution Vulnerability Patched in Android news RCE | Library for patching CVE-2026-0073, a critical remote code execution flaw in the Android System component. This vulnerability in the Android Debug Bridge daemon allows exploitation without user interaction to execute code as the shell user. Google has released an update addressing this issue, noting no observed exploitation. |
| 2026-05-05 NEW 2026 | Google Update: Android Flaw Could Put Billions of Devices at Risk news RCE | Google Update: Android Flaw Could Put Billions of Devices at Risk https://ift.tt/hVIfD24 |
| 2026-05-05 NEW 2026 | Critical Qualcomm Chipset Vulnerabilities Enables Remote Code Execution news RCE | Researchers discovered critical vulnerabilities in Qualcomm chipsets that could allow remote code execution. These flaws, detailed in a linked report, pose a significant security risk by potentially enabling attackers to control devices without user interaction. The specific details of the vulnerabilities and their exploitation potential are highlighted, emphasizing the widespread impact given Qualcomm's prevalence in mobile devices. The summary does not mention a specific bug bounty payout amount as none was provided in the content. → cybersecuritynews.com |
| 2026-05-05 NEW 2026 | Android Zero-Click RCE Vulnerability Enables Remote Shell Access news RCE | Tool. This resource details CVE-2026-0073, a zero-click RCE vulnerability in Android's Debug Bridge daemon (adbd) affecting multiple OS versions, including Android 14-16. Exploitable from the same local network or physical proximity, it allows remote shell access without user interaction or elevated privileges, bypassing application sandboxing and potentially enabling persistence. Recommendations include timely patching, disabling USB debugging, restricting ADB access, network segmentation, and implementing zero trust policies. → esecurityplanet.com |
| 2026-05-05 NEW 2026 | Google Confirms Critical Android 0-Click VulnerabilityUpdate Now news RCE | Google Confirms Critical Android 0-Click Vulnerability—Update Now https://ift.tt/r9c8NaL |
| 2026-05-05 NEW 2026 | Critical Android Zero-Click Vulnerability Grants Attackers Remote Shell Access news RCE | A critical zero-click vulnerability in Android allows attackers to gain remote shell access to devices. This means attackers can compromise a device without any user interaction, making it a severe threat. The vulnerability has been patched by Google. No specific bounty payout amount is mentioned in the provided text. → cyberpress.org |
| 2026-05-05 NEW 2026 | Critical Remote Code Execution Vulnerability Patched in Android news RCE | Vulnerability writeup detailing CVE-2026-0073, a critical remote code execution flaw in Android's System component affecting the Android Debug Bridge daemon ('adbd'). Exploitation allows an unauthenticated attacker to execute code as the shell user without requiring user interaction. The report notes this vulnerability has not been observed in the wild, unlike several other Android flaws from previous years such as CVE-2024-43093 and CVE‑2025‑27038. → securityweek.com |
| 2026-05-05 NEW 2026 | Critical Qualcomm Chip Flaws Could Allow Remote Code Execution Attacks news RCE | Critical vulnerabilities have been discovered in Qualcomm chips, potentially enabling remote code execution (RCE) attacks. These flaws, if exploited, could allow attackers to gain control of devices without user interaction. The security bulletin highlights the severity of these vulnerabilities, which could impact a wide range of devices relying on Qualcomm's processing power. No specific bounty payout amount was mentioned in the provided content. → cyberpress.org |
| 2026-05-05 NEW 2026 | Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk news RCE | Qualcomm chipsets are facing a serious security threat from newly discovered vulnerabilities. These flaws could allow attackers to execute malicious code remotely on affected devices, potentially leading to widespread compromise. The extent of the impact is still being assessed, but the risk of remote code execution is a significant concern for the millions of devices relying on Qualcomm technology. Further details on specific CVEs and affected models are expected to be released as the investigation continues. → gbhackers.com |
| 2026-05-05 NEW 2026 | Critical Android Zero-Click Vulnerability Enables Remote Shell Access news RCE | A critical zero-click vulnerability has been discovered in Android, allowing attackers to gain remote shell access to a device without any user interaction. This means a device can be compromised simply by being targeted, without the user needing to click a link or open a file. The severity of this vulnerability is extremely high, as it bypasses typical security measures and opens devices up to potential data theft and malicious control. Further details are available at the provided link. → gbhackers.com |
| 2026-05-05 NEW 2026 | Critical Android Zero-Click Vulnerability Grants Remote Shell Access news RCE | Critical Android Zero-Click Vulnerability Grants Remote Shell Access https://ift.tt/WMdoOBe → cybersecuritynews.com |
| 2026-05-04 2026 | Weekly Recap: AI-Powered Phishing Android Spying Tool Linux Exploit GitHub RCE & More news AI RCE | Library for securing applications, this resource details ongoing threats and vulnerabilities. Key issues include active exploitation of a cPanel flaw (CVE-2026-41940) leading to authentication bypass and data wiping, and a Linux kernel vulnerability (CVE-2026-31431) enabling trivial privilege escalation. It also covers supply chain attacks via npm, PyPI, and Packagist by TeamPCP, a Python backdoor framework (DEEP#DOOR) for data theft and system manipulation, a critical GitHub flaw (CVE-2026-3854) allowing remote code execution, and the VECT 2.0 ransomware's destructive encryption method. → thehackernews.com |
| 2026-05-01 2026 | Spyware-as-a-Service Platform Enables Rebranding and Resale Of Android Malware beginner | A new Spyware-as-a-Service (SPaaS) platform has emerged, allowing threat actors to rebrand and resell sophisticated Android malware. This "malware factory" empowers less technical criminals to deploy customized spyware, making it harder to track and attribute attacks. The platform likely lowers the barrier to entry for developing and distributing mobile surveillance tools, posing a significant threat to Android users worldwide. → cyberpress.org |
| 2026-04-29 2026 | 38 Vulnerabilities Found in OpenEMR Medical Software news SQLi | Analysis of 38 vulnerabilities in OpenEMR, including critical SQL injection flaws (CVE-2026-24908, CVE-2026-23627) and authorization bypasses (CVE-2026-24487), reveals risks of PHI exfiltration and remote code execution. These patched issues, primarily stemming from authorization defects, were discovered by Aisle. → securityweek.com |
| 2026-04-22 2026 | Root/Jailbreak Detection and SSL Pinning in KMM intermediate | Library implementing root/jailbreak detection and SSL pinning for Kotlin Multiplatform Mobile (KMM) applications. It details platform-specific techniques for detecting rooted Android devices by checking for the `su` binary or common root packages, and for jailbroken iOS devices by looking for Cydia or writable system directories. The library also covers SSL pinning using OkHttpClient on Android and a custom URLSessionDelegate with proxy detection on iOS to prevent man-in-the-middle attacks. The article further explores how attackers bypass these protections, particularly using Frida for dynamic instrumentation. |
| 2026-04-22 2026 | Reversing Android Apps: Bypassing Detection Like a Pro intermediate | Library for bypassing common Android app detection mechanisms like Frida, root checks, and SSL pinning. Techniques include utilizing Magisk DenyList, employing Frida codeshare scripts, attaching Frida after app launch, static analysis with Jadx to identify and patch detection code, using Objection's `patchapk` feature, dumping loaded classes, tracing method calls, reversing native JNI code, and patching SSL pinning with `apk-mitm` for network traffic analysis. |
| 2026-04-22 2026 | Reverse engineering and modifying Android apps with JADX and Frida intermediate | Library for reverse engineering and modifying Android applications, utilizing JADX for code extraction and Frida for dynamic instrumentation. This resource details how to decompile APKs, analyze Java source code generated by JADX, and write custom Frida scripts to bypass security measures like certificate pinning, enabling traffic interception with tools like HTTP Toolkit. It covers techniques applicable to understanding and altering app behavior beyond standard certificate pinning implementations. |
| 2026-04-22 2026 | Common Vulnerabilities and Exposures Examples in Mobile Apps beginner | Library for validating mobile application CVEs, enabling security teams to reproduce exploits and analyze vulnerabilities in virtualized iOS and Android environments. It supports automated security assessments, real-time reporting, and tools like Frida for hooking and tracing behavior, addressing challenges posed by the rising volume of CVEs and the limitations of testing within app sandboxes. This approach moves beyond static CVE database entries to provide actionable insights into exploitable risks, exemplified by issues like CVE-2024-26131 in the Element Android App and the Operation Triangulation CVE chain impacting iOS. |
| 2026-04-22 2026 | Bypassing iOS Frida Detection with LLDB and Frida intermediate | Writeup details bypassing iOS Frida detection using LLDB and Frida. The process involves jailbreaking an iPhone, setting up development tools like `libimobiledevice`, `frida-tools`, and LLDB, and then using `debugserver` for remote debugging. The author demonstrates how to find and breakpoint `FridaInTheMiddle.systemSanityCheck()` with LLDB to bypass detection, trace the `dummyFunction(flag:)` Swift function using `frida-trace` to get its mangled name, and finally hook this function with a Frida script to intercept and decode the Swift string argument, ultimately revealing the flag. |
| 2026-04-22 2026 | frida-interception-and-unpinning: Scripts to MitM all HTTPS traffic intermediate | Library of Frida scripts automates HTTPS MitM interception on mobile devices by redirecting traffic to a proxy, injecting CA certificates into trust stores, and patching certificate pinning and transparency checks. It also handles fallback patching for obfuscated certificate pinning on Android, disables root/jailbreak detection, and blocks HTTP/3 connections. The scripts can be used independently or together to intercept HTTP(S) traffic on Android and iOS. |
| 2026-04-22 2026 | Android Reports and Resources beginner | Library of Android security reports and resources detailing vulnerabilities such as CVE-2020-8913 in the Google Play Core library, path traversal, account takeover via deep links, sensitive information disclosure, arbitrary code execution in TikTok, memory corruption exploitation, SQL injection in Content Providers, and XSS via WebView. It includes resources on secure cryptography, WebResourceResponse configurations, and vendor-specific issues in Xiaomi and Samsung devices, alongside references to vulnerable Android applications like Oversecured, GoatDroid, and Sieve for educational purposes. |
| 2026-04-22 2026 | iOS Security Testing - OWASP MASTG beginner | Library for iOS security testing, detailing environment setup with macOS hosts, jailbroken devices, and tools like Burp Suite or OWASP ZAP. It covers obtaining device UDIDs via Finder or command-line tools such as `idevice_id` and `instruments`, and contrasts iOS simulators with emulators, noting the simulator's limitations for reverse engineering. The library also explains jailbreaking concepts, contrasting them with Android rooting, and highlights the benefits of privileged access for security testers, including root file system access and unrestricted debugging. It further categorizes jailbreak types (tethered, semi-tethered, semi-untethered, untethered) and discusses the challenges of maintaining jailbroken devices due to Apple's security hardening and signing mechanisms, mentioning exploits like CVE-2015-6794 and CVE-2015-7037. → mas.owasp.org |
| 2026-04-22 2026 | Android Security Bulletin - March 2026 news | Bulletin detailing security vulnerabilities affecting Android devices, including critical remote code execution flaws in the System component. Patches are available for security patch levels 2026-03-01 and 2026-03-05, addressing issues in Framework, System, Kernel, and various vendor components like Arm, MediaTek, Unisoc, and Qualcomm. Android and Google Play Protect mitigations are discussed to enhance device security. |
| 2026-04-22 2026 | Android Security Bulletin - April 2026 news | Bulletin detailing critical vulnerabilities in Android Framework, potentially leading to local denial of service without requiring user interaction or execution privileges. It addresses issues with security patch levels 2026-04-01 and 2026-04-05, affecting components from Google, NXP, STMicroelectronics, and Thales. The document also covers Android and Google Play Protect mitigations, emphasizing the importance of updating to the latest Android versions. |
| 2026-04-19 2026 | Zero-Day Vulnerabilities in Apple WebKit — CSA Singapore news | Zero-Day Vulnerabilities in Apple WebKit — CSA Singapore |
| 2026-04-19 2026 | Update Apple Devices: Actively Exploited CVE-2025-14174 & CVE-2025-43529 news | Writeup of CVE-2025-14174 and CVE-2025-43529, actively exploited WebKit vulnerabilities in Apple devices. CVE-2025-14174, an out-of-bounds memory access flaw in ANGLE for Chrome on Mac, and CVE-2025-43529, a WebKit vulnerability, may have been used in tandem to execute arbitrary code via crafted HTML pages. Both have been addressed in recent iOS, macOS, tvOS, watchOS, visionOS, and Safari updates, and CVE-2025-43529 is now on CISA's Known Exploited Vulnerabilities catalog. → helpnetsecurity.com |
| 2026-04-19 2026 | CVE-2025-14174: Apple WebKit Memory Corruption Zero-Day news | Writeup on CVE-2025-14174, a WebKit memory corruption zero-day actively exploited in targeted attacks. This vulnerability, alongside CVE-2025-43529, impacts all Apple devices rendering web content, including Safari and iOS/iPadOS browsers, allowing for arbitrary code execution through malicious web pages. Google also patched a similar out-of-bounds memory access issue in ANGLE. Immediate OS and browser updates are critical mitigation measures, as these exploits highlight the growing risk of browser engine vulnerabilities. |
| 2026-04-19 2026 | Two Serious Vulnerabilities in Latest Android Security Update news | Two Serious Vulnerabilities in Latest Android Security Update |
| 2026-04-19 2026 | LANDFALL: New Commercial-Grade Android Spyware (CVE-2025-21042) news | Analysis of LANDFALL, a commercial-grade Android spyware targeting Samsung Galaxy devices, details its exploitation of CVE-2025-21042, a zero-day vulnerability in Samsung’s image processing library. Delivered via malicious DNG image files, potentially through WhatsApp, LANDFALL facilitates comprehensive surveillance. This operation, active since mid-2024 and patched in April 2025, predates public disclosures of similar exploit chains involving CVE-2025-21043 and iOS vulnerabilities, suggesting links to private-sector offensive actors in the Middle East. → unit42.paloaltonetworks.com |
| 2026-04-16 2026 | Awesome Android Reverse Engineering: Curated List beginner | Library of curated training, tools, and resources for Android reverse engineering, covering static and dynamic analysis techniques, decompilation with JADX and Ghidra, dynamic instrumentation with Frida and Objection, network analysis using Burp Suite and Wireshark, and popular tools like MobSF, QARK, and Androguard. It also lists resources for obfuscation, anti-reversing, firmware analysis, and includes CTFs and crackmes for hands-on practice. |
| 2026-04-16 2026 | Android App Reverse Engineering 101 beginner | Workshop slides introduce static analysis techniques for reverse engineering Android applications, focusing on understanding code without execution. Exercises are performed within a provided Ubuntu 18.04 VM pre-loaded with necessary tools, with a username of "AndroidAppRE" and password "android." This resource builds foundational skills applicable to areas like Android malware analysis and vulnerability hunting. |
| 2026-04-16 2026 | Exploiting Android Fingerprint Authentication intermediate | Exploiting Android Fingerprint Authentication |
| 2026-04-16 2026 | Android Keystore Pitfalls and Best Practices intermediate | Library detailing Android Keystore pitfalls, this resource examines the complexities of mobile biometric authentication within the Android ecosystem. It highlights how half of tested Android apps fail OWASP AUTH-2 standards and how many fingerprint authentications can be bypassed. Best practices are discussed, emphasizing the importance of `UserAuthenticationRequired` for cryptographic keys and proper utilization of `CryptoObject` for secure data encryption/decryption, contrasting with insecure event-based or non-cryptographic implementations. |
| 2026-04-16 2026 | Frida's Impact on Mobile Security and How to Fight Back intermediate | Frida's Impact on Mobile Security and How to Fight Back |
| 2026-04-16 2026 | From an Android Hook to RCE: $5000 Bounty intermediate | From an Android Hook to RCE: $5000 Bounty |
| 2026-04-16 2026 | iOS Reverse Engineering: Defeating Anti-Debug and Extracting Hidden Flag intermediate | Walkthrough of bypassing anti-debug and anti-Frida mechanisms in an iOS application to extract a hidden flag. This process involves static analysis using `rabin2` to find relevant strings, dynamic analysis with `FridaGadget` embedded via `insert_dylib`, and runtime instrumentation with a custom Frida script. The technique leverages `TrollStore` for installation and `FridaGadget.dylib` to bypass runtime detection and hook `UILabel` updates, ultimately revealing the flag. |
| 2026-04-16 2026 | DarkSword iOS Exploit Chain Adopted by Multiple Threat Actors - Google news | Library for detecting and analyzing the DarkSword iOS exploit chain, which leverages multiple zero-day vulnerabilities to compromise devices. It details its use by various threat actors, including UNC6748, against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine. The library identifies specific vulnerabilities like CVE-2025-31277 and CVE-2026-20700, and the deployed malware families GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER, supporting iOS versions 18.4 through 18.7. → cloud.google.com |
| 2026-04-16 2026 | Inside DarkSword: A New iOS Exploit Kit - iVerify news | Library detailing the DarkSword iOS exploit kit, a JavaScript-based framework delivered via waterhole attacks targeting iPhones running iOS 18.4 through 18.6.2. The kit includes Safari exploits, sandbox escapes, privilege escalation, and in-memory implants for data exfiltration, leveraging vulnerabilities patched by Apple in iOS 26.1, 26.2, and 26.3. The analysis uncovered infrastructure in Estonia and Ukraine, with code comments in Russian and English, and identified specific exploit stages such as `rce_loader.js`, `rce_worker_18.6.js`, `/sbx0_main_18.4.js`, and `/pe_main.js` targeting the `mediaplaybackd` daemon. |
| 2026-04-16 2026 | DarkSword iOS Exploit Kit: 6 Flaws and 3 Zero-Days for Full Takeover advanced | Library leveraging six iOS vulnerabilities, including zero-days CVE-2026-20700, CVE-2025-43529, and CVE-2025-14174, to steal sensitive data from iPhones running iOS 18.4 through 18.7. This JavaScript-based exploit chain, dubbed DarkSword, achieves code execution via JavaScriptCore vulnerabilities like CVE-2025-31277, escapes sandboxes through GPU processes, and escalates privileges via kernel flaws like CVE-2025-43520, ultimately exfiltrating information within minutes. → thehackernews.com |
| 2026-04-13 2026 | Google Blocks 2.36 Million Risky Android Apps from Play Store in 2024 news | Analysis of Google's 2024 Android app security initiatives reveals a proactive stance against 2.36 million risky app submissions, aided by AI-powered reviews in 92% of cases. Google also banned 158,000 developer accounts, prevented 1.3 million apps from gaining excessive permissions, and enhanced Google Play Protect with daily scans of over 200 billion apps. Developer tools, including an expanded Play SDK index and increased Play Integrity API adoption, further bolster security, while an untrusted APK installation blocking system was rolled out to multiple countries. |
| 2026-04-11 2026 | Exploiting Content Providers in Android Applications intermediate | Exploiting Content Providers in Android Applications |
| 2026-04-11 2026 | SQL injection vulnerabilities in Owncloud Android app intermediate | Advisories detail SQL injection vulnerabilities in the Owncloud Android app, specifically impacting the `FileContentProvider` (GHSL-2022-059) and the `ReceiveExternalFilesActivity`. The `FileContentProvider` allows malicious applications to exploit SQL injection flaws through its `delete`, `insert`, `query`, and `update` methods, potentially leading to unauthorized data access or modification within the app's databases. Additionally, improper sanitization of externally provided file paths in `ReceiveExternalFilesActivity` can allow attackers to read from or write to the application's internal storage. → securitylab.github.com |
| 2026-04-11 2026 | Android, SQL and ContentProviders - Why SQL injections aren't dead yet intermediate | Writeup detailing SQL injection vulnerabilities within Android Content Providers. It explains how these providers, used for inter-process data communication, can be exploited when user-supplied input is not properly sanitized before being used in SQL queries. The article uses the Yahoo Weather app's Content Providers as a specific example, illustrating the mechanisms that allow for these injection attacks. |
| 2026-04-11 2026 | iOS Universal Links - HackTricks beginner | Reference detailing iOS Universal Links, focusing on penetration testing implications. It covers the `apple-app-site-association` file, its configuration via Xcode entitlements with `applinks:`, and methods for retrieving and validating it using tools like AASA Validator, GetUniversal.link, and Knil. The entry also discusses how apps handle these links via `application:continueUserActivity:restorationHandler:` and emphasizes URL validation to prevent spoofing, mentioning CVE-2024-10474 as a related vulnerability. |
| 2026-04-11 2026 | MASTG-TEST-0070: Testing Universal Links intermediate | Guide to testing Universal Links on iOS applications, covering static analysis of the Associated Domains entitlement, retrieval of the Apple App Site Association file using tools like the AASA Validator, and verification of the link receiver method (`application:continueUserActivity:restorationHandler:`) and data handler method within the app delegate, emphasizing URL parameter validation and the use of HTTPS. → mas.owasp.org |
| 2026-04-11 2026 | Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped intermediate | Library demonstrating iOS URL scheme hijacking via OAuth. This technique leverages `ASWebAuthenticationSession` and the `prompt=none` OAuth parameter to silently steal authentication codes from vulnerable applications, potentially leading to account takeover. The attack exploits how iOS handles redirects within in-app browsers and custom URL schemes, bypassing common protections like PKCE. |
| 2026-04-11 2026 | Android security checklist: WebView - Oversecured Blog beginner | Checklist of common Android WebView vulnerabilities, including insufficient URL validation (scheme bypasses via `javascript://`, `file://`, `content://`, and reflection API attacks), Universal XSS, JavaScript injection, and insecure internal URL handlers. The guide details attacks on JavaScript interfaces, universal/file access from file URLs, and arbitrary file theft via file choosers, citing examples like `DeeplinkActivity` and `OVAA`. |
| 2026-04-11 2026 | WebView addJavascriptInterface Remote Code Execution - WithSecure Labs intermediate | Writeup detailing remote code execution in Android WebView's `addJavascriptInterface`. This vulnerability, affecting all current Android platforms, allows attackers to inject JavaScript into a WebView, potentially via Man-in-the-Middle attacks on advertising SDKs. By abusing the `JavascriptInterface` and reflection, attackers can leverage `java.lang.Runtime` to execute arbitrary operating system commands and deploy payloads like `drozer`'s `weasel`. The exploit mechanism is demonstrated by executing shell commands and establishing a reverse TCP shell connection. |
| 2026-04-11 2026 | Exploiting Insecure Android WebView with JavaScript Interface intermediate | Exploiting Insecure Android WebView with JavaScript Interface |
| 2026-04-11 2026 | Mobile Security Framework - MobSF Documentation beginner | Mobile Security Framework - MobSF Documentation |
| 2026-04-11 2026 | MobSF: Mobile Security Framework (GitHub) beginner | Library for mobile application security, penetration testing, malware analysis, and privacy analysis on Android, iOS, and Windows Mobile. MobSF supports static analysis of APK, IPA, and APPX binaries, as well as dynamic analysis with instrumented testing, runtime data, and network traffic analysis for Android and iOS. It integrates with DevSecOps pipelines via REST APIs and CLI tools. |
| 2026-04-11 2026 | Deep Linking Vulnerabilities - Application Security Cheat Sheet beginner | Deep Linking Vulnerabilities - Application Security Cheat Sheet → 0xn3va.gitbook.io |
| 2026-04-11 2026 | Android Intent Redirection: A Hacker's Gateway to Internal Components intermediate | Android Intent Redirection: A Hacker's Gateway to Internal Components |
| 2026-04-11 2026 | From Browser to Breach: One-Click Android Deep Link Exploitation intermediate | From Browser to Breach: One-Click Android Deep Link Exploitation |
| 2026-04-11 2026 | Unsafe use of deep links - Android Developers Security beginner | Library for secure deep link implementation on Android, addressing risks like hijacking and data validation attacks that can lead to cross-app scripting or remote code execution. It details mitigations such as using `android:autoVerify="true"` in `AndroidManifest.xml` to prevent malicious apps from intercepting links, and emphasizes robust data validation for all incoming parameters, referencing techniques discussed in Android Developers Security and OWASP MASVS-PLATFORM. |
| 2026-04-11 2026 | Android Pentest: Deep Link Exploitation intermediate | Library for analyzing Android deep link vulnerabilities, demonstrating exploitation techniques for sensitive data exposure, session hijacking, account takeovers, open redirects, LFI, and XSS. It details how insecure implementations of custom URL schemes, as found in applications like InjuredAndroid, can be leveraged through tools like Drozer and phishing pages to gain unauthorized access or data. Recommendations include using `android:autoVerify="true"` and `assetlinks.json` for secure verification. |
| 2026-04-11 2026 | A Comprehensive Guide to iOS Jailbreak Detection Bypass intermediate | Library for bypassing iOS jailbreak detection, detailing one-time bypass using Liberty and run-time bypass with Frida and Objection. It explains how to hook methods, manipulate return values to spoof non-jailbroken status, and lists common file paths applications can check to detect jailbroken devices. |
| 2026-04-11 2026 | Bypassing iOS Security Suite: Jailbreak Detection Explained and Tested intermediate | Library for iOS developers to implement jailbreak detection, emulator detection, and more within their applications. The iOS Security Suite's jailbreak checks, including URL schemes, suspicious files, restricted directories, fork, DYLD, and ObjC classes, can be bypassed by overriding the `amIJailbroken()` method using tools like Frida, revealing potential security risks in apps that don't layer their defenses. |
| 2026-04-11 2026 | Frida CodeShare: iOS Jailbreak Detection Bypass intermediate | Frida CodeShare: iOS Jailbreak Detection Bypass |
| 2026-04-11 2026 | iOS Jailbreak Detection Bypass with Frida - Full Guide intermediate | Library for bypassing iOS jailbreak detection using Frida. This guide details how to leverage Corellium's virtualized platform to identify and hook specific methods within applications like DVIA-2. It covers setup, class and method enumeration, and modifying boolean return values to circumvent detection mechanisms, enabling dynamic analysis and security testing of iOS applications. |
| 2026-04-11 2026 | Android 15 Vulnerabilities: A Comprehensive Security Research Analysis advanced | Android 15 Vulnerabilities: A Comprehensive Security Research Analysis |
| 2026-04-11 2026 | December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited news | Analysis of the December 2025 Android Security Bulletin, detailing over 100 vulnerabilities. This release highlights two zero-day Framework exploits, CVE-2025-48633 (information disclosure) and CVE-2025-48572 (elevation of privilege), which are under limited, targeted exploitation across Android 13-16. The bulletin also addresses a critical Framework DoS (CVE-2025-48631), kernel privilege escalations (including pKVM and IOMMU issues), and vendor-specific flaws in Arm, Imagination GPU, MediaTek, Unisoc, and Qualcomm components. |
| 2026-04-11 2026 | Android Security Bulletin - December 2025 news | Bulletin detailing security vulnerabilities affecting Android devices, with patch levels 2025-12-01 and 2025-12-05 addressing critical issues in Framework, System, and Kernel components. The bulletin references specific CVE IDs and notes mitigations provided by Android security platform protections and Google Play Protect. Updates incorporate fixes for Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components. |
| 2026-04-11 2026 | Intent redirection vulnerability in third-party SDK exposed millions of Android wallets intermediate | Writeup details an intent redirection vulnerability in the EngageSDK, a third-party Android library used by millions of applications, including crypto wallets. This flaw allowed malicious apps to bypass Android's security sandbox and access sensitive user data, including PII and financial information. The vulnerability, identified in the exported `MTCommonActivity` component, enabled attackers to craft intents that, when processed by the vulnerable SDK, could lead to unauthorized access, data exposure, and privilege escalation. While Google removed affected apps from the Play Store and provided platform-level mitigations, developers are urged to update to EngageSDK version 5.2.1 to resolve the issue. → microsoft.com |
| 2026-04-11 2026 | Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks news | Library update addressing DarkSword attacks on older iPhones and iPads, specifically iOS 18.7.7 and iPadOS 18.7.7. DarkSword is a hacking toolkit that can steal device data, including messages, browser histories, location, and cryptocurrency, by exploiting websites hosting malicious code. This update protects against these web-based attacks, which have been observed in several countries, and is also mitigated by Lockdown Mode. → techcrunch.com |
| 2026-04-10 2026 | Mobile App Security Testing Guide 2026 beginner | Library for comprehensive mobile application security testing, covering Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), API security, and forensic analysis. It highlights the importance of addressing vulnerabilities like weak authentication, data leaks, and insecure APIs, citing the high cost of breaches and regulatory penalties. Key tools such as MobSF, Frida, OWASP ZAP, Burp Suite, Drozer, QARK, and Objection are mentioned, along with the OWASP Mobile Top 10 and MASVS standards. |
| 2026-04-10 2026 | Frida - OWASP Mobile Application Security Tool intermediate | Library for dynamic instrumentation, Frida enables JavaScript execution within native Android and iOS applications. It utilizes QuickJS for code injection via modes like Injected, Embedded, and Preloaded. Key APIs include Interceptor for inline hooking and Stalker for transparent, high-granularity tracing using JIT recompilation. Frida also offers specific APIs for Java and Objective-C interaction, alongside terminal tools such as `frida-ps` for process listing and `frida-trace` for function call tracing. Frida 17 introduces breaking changes, including the removal of bundled runtime bridges, necessitating separate installation via `frida-pm`, and API modifications for enhanced readability and performance. → mas.owasp.org |
| 2026-04-10 2026 | OWASP MASTG Testing Guide beginner | OWASP MASTG Testing Guide → mas.owasp.org |
| 2026-04-10 2026 | OWASP MASVS & MASTG: Mobile Security Guide (2026) beginner | Library of OWASP MASVS & MASTG mobile application security requirements and testing guides, detailing structured verification for categories including storage, cryptography, authentication, network communication, platform interaction, code quality, and resilience. MASVS offers baseline (L1) and defense-in-depth (L2) security levels, alongside a resilience (R) category for protection against reverse engineering, with MASTG providing companion test cases for each requirement. Tools like MobSF, NowSecure, and AppKnox can map to specific MASVS categories for automated and manual assessments. → appsecsanta.com |
| 2026-04-10 2026 | Mobile App Tampering and Reverse Engineering - OWASP MASTG intermediate | Library detailing mobile application tampering and reverse engineering techniques. It addresses the increasing need for security testers to understand compiled apps, including methods for bypassing defenses like SSL pinning and root detection. The resource covers static and dynamic binary analysis, deobfuscation, and the use of tools and scripting for complex tasks, emphasizing practical experience for mastering these skills. → mas.owasp.org |
| 2026-04-10 2026 | A Comprehensive Guide to iOS Penetration Testing intermediate | A Comprehensive Guide to iOS Penetration Testing |
| 2026-04-10 2026 | iOS Penetration Testing: Definition, Process and Tools beginner | Library detailing iOS penetration testing, a method to uncover and exploit security vulnerabilities in iOS applications. It covers a structured process including preparation, static and dynamic analysis, reverse engineering, and reporting, utilizing tools like MobSF, Frida, and Burp Suite. Specific techniques addressed include SSL pinning bypass, insecure data caching, and hardcoded keys, with a focus on Apple's architecture and its unique technologies such as Swift and the Secure Enclave, referencing the OWASP Mobile Security Testing Guide. |
| 2026-04-10 2026 | iOS App Reverse Engineering: Tools & Tactics beginner | Library for performing dynamic and static analysis of iOS applications, enabling security researchers and pentesters to uncover vulnerabilities. It supports tools like Hopper, Ghidra, and R2Frida for examining hardcoded secrets, bypassing jailbreak detection, tracing functions, and interacting with private APIs. This library facilitates live device analysis and integrates with virtualized iOS environments, streamlining vulnerability discovery and patch validation within CI/CD workflows. |
| 2026-04-10 2026 | iOS Pentesting Checklist: Complete Guide for 2026 beginner | Checklist for comprehensive iOS application security assessments. This guide details crucial testing areas, including static and dynamic analysis, authentication, data storage, input validation, cryptographic implementations, and platform-specific checks, aiming to identify and mitigate vulnerabilities such as insecure Keychain usage, weak password handling, and potential injection attacks. It also covers meeting compliance needs like GDPR and HIPAA, building user trust, preventing data breaches, and improving app performance to attract more users. |
| 2026-04-10 2026 | Understanding Mobile App Reverse Engineering: How Attackers Break Apps beginner | Library for understanding mobile app reverse engineering techniques from an attacker's perspective. It details how attackers use tools like JADX and methods such as static analysis to unpack APK/IPA files, decompile bytecode, and uncover vulnerabilities like hardcoded API keys, unencrypted tokens, and insecure backend URLs. The library highlights how AI-enhanced analysis, cross-platform framework weaknesses, and democratized attack tools increase these risks, with examples of exploits found in dating apps and fintech applications. |
| 2026-04-10 2026 | 2025 Phone Security Guide: Android vs iOS beginner | Guide comparing Android and iOS phone security in 2025, detailing sandboxing, secure boot, and update strategies. It scrutinizes app ecosystem differences, including Apple's "walled garden" vetting versus Android's "sideloading risks," and highlights the importance of granular app permissions. The guide also covers hardware-backed encryption, secure protocols for data in transit, the dangers of public Wi-Fi, the rise of AI-driven phishing and mobile malware, IoT interconnectivity risks, and emphasizes user best practices like Multi-Factor Authentication (MFA). |
| 2026-04-10 2026 | Android vs iOS Security Comparison beginner | Analysis comparing Android and iOS mobile operating system security, detailing vulnerabilities like SQL injection, CSRF, and cross-site scripting. It highlights iOS's closed-source nature and stringent App Store policies as advantages, while noting Android's open-source flexibility leads to fragmentation and a loosely regulated marketplace. The comparison covers consistent updates, user feedback, third-party support, and specific threats such as mobile remote access Trojans (mRATs). |
| 2026-04-10 2026 | iOS vs Android Security: Which Is More Secure? beginner | Library detailing platform-level and application-layer security for iOS and Android. It highlights Apple's integrated hardware and software approach, Secure Enclave, and secure boot chain as strengths, while noting iOS's susceptibility to zero-day exploits and reduced runtime analysis visibility. For Android, it discusses fragmentation issues and malware growth, as well as the significant prevalence of hardcoded secrets (API keys, credentials) found in 71% of mobile apps across both platforms, a vulnerability missed by both App Store and Google Play Protect reviews. |
| 2026-04-10 2026 | iOS vs Android Security Comparison 2025 beginner | Survey of iOS and Android security features, detailing hardware encryption, Secure Enclave, sandboxing, and biometric authentication on iOS, contrasted with Android's Google Play Protect, permission controls, Verified Boot, and file-based encryption. It also touches upon vulnerabilities like the Pegasus spyware and the importance of regular security updates for both platforms. |
| 2026-04-10 2026 | Common Mobile Application Security Vulnerabilities 2025 beginner | Common Mobile Application Security Vulnerabilities 2025 |
| 2026-04-10 2026 | 2025 Global Mobile Threat Report news | 2025 Global Mobile Threat Report |
| 2026-04-10 2026 | Mobile Security Testing Challenges: 2025-2026 Outlook news | Analysis of 2025-2026 mobile security testing challenges, detailing how the iOS visibility blackout, stemming from the end of jailbreaking capabilities on devices running iOS 18 and iOS 26, severely impacts security validations like filesystem verification, cryptography inspection, and network security testing. The article highlights emerging threats including the nekoJB Online scam and AI-powered mobile fraud, such as deepfake KYC bypasses and synthetic media attacks, demonstrating the inadequacy of traditional testing methods and the critical need for new approaches to meet compliance demands like PCI-DSS and HIPAA. |
| 2026-04-10 2026 | App Threat Report 2025 Q1: Android and iOS news | Report summarizing 2025 Q1 Android and iOS application security, detailing platform mitigations like app stores, sandboxing, kernel protections, and device integrity. It contrasts iOS's strict app signing with Android's more permissive approach, explores encrypted code challenges on both platforms, and touches on memory protection limitations. The analysis highlights the ongoing threat landscape and practical concerns for securing mobile applications against evolving attacks. |
| 2026-04-10 2026 | Mobile App Security Testing in 2026: Statistics and OWASP Threats news | Survey of mobile app security threats in 2026, detailing the rising costs of breaches ($6.99 million average) and the shift to mobile as the primary enterprise attack surface. The entry highlights the updated OWASP Mobile Top 10, emphasizing new priorities like Improper Credential Usage (M1) and Inadequate Supply Chain Security (M2), and discusses platform-specific risks for iOS and Android. It also notes the widespread overconfidence in existing mobile app protections despite significant vulnerabilities. |
| 2026-04-08 2026 | A major hacking tool has leaked online putting millions of iPhones at risk. Heres what you need to know. news | Library of leaked hacking toolkits, Coruna and DarkSword, poses a significant risk to millions of iPhones and iPads. Coruna targets iOS 13 through 17.2.1, while DarkSword exploits vulnerabilities in iOS 18.4 to 18.7. These tools, some reportedly originating from U.S. defense contractor L3Harris, allow attackers to gain full device control, steal data like messages and cryptocurrency, and were allegedly linked to Operation Triangulation. The DarkSword toolkit has been leaked online via GitHub, making it accessible for widespread attacks. → techcrunch.com |
| 2026-04-08 2026 | Mobile App Security Trends: Safeguarding User Data in a Digital World beginner | Library for mobile app security, this resource explores key trends and techniques to safeguard user data. It details the importance of end-to-end encryption using standards like AES, multi-factor authentication including biometrics, and app sandboxing. Secure API practices with OAuth 2.0 and token-based authentication, alongside code obfuscation with tools like ProGuard, are highlighted. The entry also covers integrated security testing, compliance with regulations such as GDPR and CCPA, and the adoption of Zero Trust architecture for robust protection. |
| 2026-04-07 2026 | Someone has publicly leaked an exploit kit that can hack millions of iPhones news | Tool leaked on GitHub allows easy targeting of millions of iPhones and iPads running older iOS versions, specifically mentioning iOS 18. Researchers warn the DarkSword exploit kit is simple to deploy, requiring minimal expertise. Post-exploitation capabilities include exfiltrating sensitive data like contacts, messages, and the iOS keychain via HTTP. This spyware was allegedly used by Russian government hackers against Ukrainian targets and is considered a significant threat due to its widespread vulnerability. → techcrunch.com |
| 2026-04-06 2026 | Hacking Android and IOT Apps by Example - DEF CON Training LV 2026 beginner Talks | Workshop slides from DEF CON 32 present a 100% hands-on deep dive into the OWASP Mobile Security Testing Guide (MSTG) and MASVS, covering and exceeding the OWASP Mobile Top Ten. The training focuses on Android and IoT app security, utilizing tools like Frida, Objection, radare2, and RMS for static and dynamic analysis, instrumentation, and vulnerability exploitation, with practical CTF-style challenges. Participants learn to intercept network communications, bypass certificate pinning and root detection, and reverse engineer mobile applications. |
| 2026-04-06 2026 | Mobile Application Penetration Testing: iOS and Android beginner | Tooling for mobile application penetration testing, encompassing iOS and Android platforms. This resource details techniques for static and dynamic analysis, including binary reverse engineering with tools like jadx, apktool, class-dump, and Hopper Disassembler, as well as runtime instrumentation using Frida and Objection. It addresses common vulnerabilities such as improper credential usage, insecure communication via certificate pinning bypass (e.g., SSL Kill Switch, Objection), insecure data storage in Keychain/Keystore, and covers OWASP Mobile Top 10 risks. The methodology includes reconnaissance, static/dynamic analysis, network/API testing, exploitation, and reporting. |
| 2026-04-06 2026 | 10 Mobile App Security Best Practices for 2026 beginner | Library for mobile application security best practices, offering guidance for React Native, Expo, and Supabase. It details techniques such as code obfuscation using R8, certificate pinning via Network Security Configuration, and secure local storage with react-native-keychain. The resource also covers implementing multi-factor authentication, securing API communication with interceptors and request signing, managing sessions with JWTs and secure storage, and employing runtime protection (RASP) with tools like react-native-jail-monkey, all aimed at addressing OWASP Mobile Top 10 threats and mitigating data breach risks. |
| 2026-04-06 2026 | Grapefruit: Open-source mobile security testing suite intermediate | Library for runtime mobile application security testing, powered by Frida and offering a web-based interface for inspecting, hooking, and modifying iOS and Android applications. Key features include runtime method hooking, cryptographic API interception, filesystem and SQLite inspection, syslog streaming, and privacy monitoring. It supports Flutter and React Native, with capabilities for memory scanning, thread inspection, and analysis of DEX, Hermes, and native code. Grapefruit also facilitates Keychain manipulation, traffic capture (NSURL, HTTP), WebView inspection, UI hierarchy dumping, and bypasses for biometric authentication and geolocation spoofing, while explicitly omitting built-in RASP bypasses to focus on composable instrumentation. |
| 2026-04-06 2026 | Objection 2026: Runtime Mobile Exploration via Frida intermediate | Library for runtime mobile security exploration built on Frida. Objection provides a Python CLI that wraps Frida with pre-built commands for iOS and Android pentesting, allowing users to hook live applications from an interactive command line without writing custom JavaScript. Key features include SSL pinning bypass, file system and container exploration, and memory/heap analysis. It supports testing on jailbroken/rooted devices via `frida-server` or non-jailbroken/non-rooted devices by patching apps with `objection patchipa`/`patchapk`. → appsecsanta.com |
| 2026-04-04 2026 | AutoSecT Mobile: Automating Android and iOS Security Testing intermediate | Platform that automates Android and iOS application security testing by performing deep APK/IPA structural analysis, integrating Static and Dynamic Application Security Testing (SAST and DAST), and mapping findings to the OWASP Mobile Top 10. AutoSecT Mobile, built by Kratikal, continuously scans applications, identifies vulnerabilities like hardcoded secrets and insecure data storage, and tests backend APIs to detect issues such as SQL injection and broken authentication, facilitating early detection and remediation within existing development workflows. → securityboulevard.com |
| 2026-04-03 2026 | OWASP Mobile Top 10 2024: A Security Guide beginner | OWASP Mobile Top 10 2024: A Security Guide |
| 2026-04-03 2026 | OWASP Mobile Top 10 and MobSF intermediate | Library for addressing the OWASP Mobile Top 10 risks, including M1 (Improper Credential Usage) with examples like hardcoded credentials and insecure transmission, M2 (Inadequate Supply Chain Security) concerning malware injection, M3 (Insecure Authentication/Authorization) detailing hidden service requests, M4 (Insufficient Input/Output Validation) leading to remote code execution, M5 (Insecure Communication) through lack of certificate inspection, M6 (Inadequate Privacy Controls) via improper log sanitization, M7 (Insufficient Binary Protections) exposing API keys, and M8 (Security Misconfiguration) from insecure default settings. |
| 2026-04-03 2026 | Bypassing Certificate Pinning Using Frida: A Step-by-Step Guide intermediate | Walkthrough of bypassing certificate pinning on Android apps using Frida to enable Man-in-the-Middle (MitM) attacks. This guide details the setup of Frida, Android Studio, Mitmproxy, and an Android emulator, then demonstrates hooking into the ShipFast app's runtime to intercept HTTPS traffic, even when certificate pinning is implemented via the network security config file. |
| 2026-04-03 2026 | Hail Frida!! The Universal SSL Pinning Bypass for Android intermediate | Hail Frida!! The Universal SSL Pinning Bypass for Android → infosecwriteups.com |
| 2026-04-03 2026 | OWASP Mobile Top 10 (2024) — Bug Bounty Hunter's Guide beginner | OWASP Mobile Top 10 (2024) — Bug Bounty Hunter's Guide |
| 2026-04-03 2026 | Four Ways to Bypass Android SSL Verification and Certificate Pinning | NetSPI intermediate | Library detailing four methods to bypass Android SSL verification and certificate pinning for man-in-the-middle attacks. Techniques include adding a custom CA to the trusted certificate store, overwriting packaged CA certificates, utilizing Frida to hook and bypass checks, and reversing custom certificate code, with tools like BurpSuite, ZAP, Frida, and Objection mentioned. |
| 2026-04-03 2026 | Bypassing Certificate Pinning | OWASP MASTG intermediate | Technique for bypassing SSL pinning on Android applications, applicable when apps use standard API functions. Methods include dynamic bypassing using Frida or Objection's `android sslpinning disable` command, and static bypass by patching certificate hashes, replacing certificate files, or modifying truststore files within the decompiled application. The MASTG also details finding and patching custom certificate pinning logic within native libraries and obfuscated frameworks like OkHTTP3. → mas.owasp.org |
| 2026-04-03 2026 | Defeating Android Certificate Pinning with Frida intermediate | Library for bypassing Android certificate pinning using Frida. This technique enables security researchers, developers, and privacy advocates to intercept and inspect HTTPS traffic from hyper-vigilant applications that employ custom certificate validation beyond the default system trust store. The library details how to leverage Frida scripts to modify application behavior dynamically, remove SSL pinning logic, and expose the actual network communication for analysis, particularly useful for apps like Twitter, N26, or BBVA. |
| 2026-04-03 2026 | OWASP Mobile Top 10 beginner | Reference detailing the OWASP Mobile Top 10 for 2024, including risks like Improper Credential Usage, Inadequate Supply Chain Security, and Insecure Communication. This resource also outlines the data-driven methodology used for identifying and prioritizing these vulnerabilities, comparing the 2024 list to previous iterations from 2016 and 2014. → owasp.org |
| 2026-04-03 2026 | OWASP Mobile Application Security (MAS) beginner | Library defining the industry standard for mobile application security. It provides the OWASP MASVS (mobile application security verification standard), OWASP MASWE (mobile application security and privacy weaknesses), and OWASP MASTG (mobile application security testing guide). The MASTG includes comprehensive processes, techniques, tools, and test cases for consistent and complete mobile app security testing. → mas.owasp.org |
| 2026-04-03 2026 | Think Your Phone Camera Is Hacked? Heres How You Find Out beginner | Reference detailing how to detect phone camera hacking, typically occurring via spyware or Remote Access Trojans (RATs) installed through malicious apps or phishing links. Signs include unexpected camera indicator lights, "camera already in use" errors, unknown photos/videos, overheating, battery drain, and increased data usage. Attackers gain access through granted permissions, disguised apps, social engineering, physical access, or advanced zero-click exploits like Pegasus, enabling silent photo/video capture and live viewing. |
| 2026-04-02 2026 | Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild news | Library for detecting DarkSword, a stealthy iPhone hacking technique that exploits vulnerabilities in iOS 18. This "smash-and-grab" tool, found embedded in websites, targets hundreds of millions of iOS devices by hijacking legitimate system processes to steal data like passwords, messages, browser history, and cryptocurrency credentials. DarkSword's fileless nature leaves minimal traces, and its code has been publicly exposed, inviting wider adoption by various hacking groups. → wired.com |
| 2026-04-02 2026 | Apple made strides with iOS 26 security but leaked hacking tools still leave millions exposed to spyware attacks news | Writeup detailing how leaked hacking tools like Coruna and DarkSword are targeting millions of users on older iOS versions, despite Apple's security advancements like Memory Integrity Enforcement in iOS 26. These tools exploit memory corruption bugs, previously assumed to be difficult to leverage broadly, and a thriving secondary market for exploits exacerbates the issue. → techcrunch.com |
| 2026-04-02 2026 | Independent Audits of Our iOS and Android Apps beginner | Audits by Cure53 of ExpressVPN's iOS and Android apps revealed a total of seven medium/low severity vulnerabilities and fifteen hardening recommendations. The Android audit found three vulnerabilities and ten informational recommendations, while the iOS audit identified four vulnerabilities, three related to local information disclosure, and five recommendations. All issues were addressed, with some not modified due to usability impacts, and agreements made with Cure53. |
| 2026-04-02 2026 | Apple: iPhone users should update software amid hacking campaigns news | Writeup of DarkSword and Coruna exploit kits used in iPhone hacking campaigns. These tools allow attackers deep remote access, enabling data theft including passwords, messages, and browser history. Russian intelligence and Chinese cybercriminals are reportedly using these kits, targeting specific groups such as Ukrainians and cryptocurrency users. Apple urges users to update their software, emphasizing that older iOS versions are vulnerable to these sophisticated attacks, which are delivered via watering hole attacks and involve complex exploit chains. |
| 2026-04-02 2026 | WhatsApp warns of spyware in fake iPhone app news | Library for detecting and mitigating spyware, specifically referencing the Spyrtacus threat embedded in a fake WhatsApp iPhone application targeting Italian users. This incident, attributed to Italian firm SIO, involved malicious unofficial clients designed to compromise user data, similar to a prior campaign involving Paragon Solutions. The library aims to address such sophisticated attack vectors. → scworld.com |
| 2026-04-02 2026 | NowSecure Launches AI Data Partner Program to Expand Mobile Application Risk Intelligence for Security Platforms news | Program enabling security vendors and AI platforms to access risk intelligence from over four million mobile application security assessments. This data provides insights into application behavior, infrastructure relationships, and risks like vulnerable SDKs, sensitive data exchange, and AI service usage without governance. Available datasets include risk scores, behavioral data (permissions, endpoints, SBOMs), and detailed vulnerability and privacy findings, enriching existing security platforms and agentic AI workflows with mobile application layer visibility. |
| 2026-04-02 2026 | Onespan prepares for RSAC2026 pushing passkey and mobile app security solutions news | Library of digital security solutions from Onespan, accelerating preparations for RSAC2026. The company is promoting passkeys, OTPs, FIDO security keys, mobile app protection, and fraud defense technologies. Attendees can discuss transaction security needs and protection strategies against evolving cyber threats, referencing Onespan's efforts in response to heightened regulatory scrutiny like PSD3 and FINTRAC oversight. |
| 2026-02-14 2026 | HackingDave/btrpa-scan: Bluetooth Low Energy (BLE) scanner with Resolvable Private Address (RPA) resolution using Identity Resolving Keys (IRKs) intermediate | Library for discovering Bluetooth Low Energy (BLE) devices, capable of resolving privacy-randomized addresses using Identity Resolving Keys (IRKs). It offers features like targeted scanning by MAC address, RSSI filtering and averaging, name filtering, active scanning for richer data, and environment presets for distance estimation. Output options include real-time CSV logging, batch export to CSV, JSON, or JSONL, and a web-based radar interface. |
| 2026-01-18 2026 | Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK intermediate XSS | Writeup detailing account takeover vulnerabilities in Facebook's mobile app and JS SDK. The analysis uncovers an XSS flaw in the Customer Chat plugin due to unescaped `iconSVG` injection. More critically, it reveals that Facebook's reliance on `Math.random()` for generating crucial callback identifiers, combined with the SDK's reuse of this generator for iframe names and a mechanism to force reinitialization, allows attackers to predict and forge these identifiers, bypassing security checks and enabling unauthorized account access. |
| 2026-01-15 2026 | A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby - Project Zero advanced | Library detailing a 0-click exploit chain targeting the Pixel 9, focusing on vulnerabilities within the Dolby Unified Decoder. This analysis delves into CVE-2025-54957, an integer overflow in the EMDF payload processing, and CVE-2025-36934, a driver vulnerability, explaining how these lead to arbitrary code execution in the mediacodec context and privilege escalation to the kernel. The research highlights the increased attack surface introduced by AI-driven audio transcription features in mobile devices. |
| 2026-01-04 2026 | Android Reverse Engineering Notes intermediate | https://t.co/PISBfNlzPa |
| 2025-11-03 2025 | Advanced Android Hacking Course advanced Bug Bounty | Workshop materials from Ken Gannon, a Pwn2Own and Pwnie award winner, detail advanced Android hacking techniques used in competitive scenarios like Pwn2Own. Gannon, who has won Pwn2Own consecutively by compromising flagship devices, shares insights into the strategic approaches employed by security researchers to discover and exploit vulnerabilities in mobile platforms. |
| 2025-02-08 2025 | The Mac Malware of 2024 👾 advanced | Library cataloging new macOS malware for 2024, detailing specimens like the CloudChat stealer. It covers infection vectors, persistence mechanisms, and features, providing technical analysis and sample download links. The library references tools such as ProcessMonitor, FileMonitor, and Hopper Disassembler, and highlights the rise of info-stealers and AI's role in malware development. |
| 2025-02-08 2025 | Enable End-to-End Encryption for Your iCloud Backups beginner | Guide to enabling Advanced Data Protection for iCloud, which extends end-to-end encryption to 23 sensitive data categories including iCloud Backup, Photos, and Notes. This opt-in feature ensures only your trusted Apple devices can decrypt data, with recovery options via device passcode, password, recovery contact, or recovery key. The guide covers necessary software updates, account recovery setup, and the process of activating Advanced Data Protection across iPhone, iPad, and Mac. |
| 2025-02-01 2025 | The Protesters' Guide to Smartphone Security beginner | Guide to smartphone security for protesters detailing risks like confiscation, surveillance, and service disruption. It advises using a separate "burner phone" purchased with cash and activated discreetly, or securing a primary device with a strong alphanumeric passphrase, disabling biometric authentication, and knowing local rights regarding unlocking devices for law enforcement. |
| 2025-01-30 2025 | Privacy Respecting Web Browsers for Android and iOS - Privacy Guides beginner | Library configurations for mobile web browsers, specifically Brave and Cromite on Android and Safari on iOS, detail settings to enhance privacy against trackers and fingerprinting. Recommended Brave settings include "Aggressive" ad blocking, requiring HTTPS, and blocking third-party cookies. Cromite configurations focus on closing tabs on exit, secure connections, and using default Adblock Plus filter lists. Safari on iOS leverages Intelligent Tracking Prevention and fingerprint randomization, with recommendations to disable Siri suggestions and utilize separate browser profiles for distinct activities. |
| 2024-12-20 2024 | Apple platform security guide beginner | Apple platform security guide |
| 2024-11-25 2024 | Vxcon2024 workshop beginner Talks | Vxcon2024 workshop |
| 2024-10-02 2024 | iOS 18 Quick Tips; Security Edition beginner | Tips for iOS 18 security highlight new features like requiring Face ID to launch any app and hiding applications to prevent unauthorized access on unlocked devices. It also revisits Guided Access, a feature that locks the phone to a specific app and can disable certain screen areas, requiring Face ID for exit. These functionalities offer enhanced protection against unauthorized app access and snooping, particularly relevant given rising mobile phone theft. |
| 2024-09-14 2024 | How Do You Configure VPN Split Tunneling on Ios and When Should You Use It? beginner | To configure VPN Split Tunneling on iOS, access settings, tap ‘General,’ then ‘VPN,’ choose the configuration, and toggle ‘Connect On… |
| 2024-09-04 2024 | Require passwords for managed mobile devices - Google Workspace Admin Help beginner | Guide for Google Workspace administrators detailing how to enforce screen lock or password requirements on managed mobile devices. It covers both basic and advanced mobile management options, including setting minimum password characteristics, regular password resets, and device wipe policies for failed attempts. The guide also notes limitations for specific Android and iOS versions and integration with Context-Aware Access for immediate enforcement. |
| 2023-12-28 2023 | Android Data Encryption in depth beginner | Library analyzing Android's file-based encryption (FBE) at rest, detailing how attackers with software vulnerabilities might defeat it. It explores CE key derivation, focusing on TrustZone with the Gatekeeper Trusted Application and security chips using Weaver, and highlights that user credentials remain essential for unlocking data, even when chaining multiple vulnerabilities. |
| 2023-10-16 2023 | Comprehensive guide to Add Apple BLE spam module to Flipper zero via Xtreme Flipper Firmware intermediate | Comprehensive guide to Add Apple BLE spam module to Flipper zero via Xtreme Flipper Firmware https://ift.tt/tSy48qo |
| 2023-09-15 2023 | Five important iOS 17 security features coming to your iPhone this month beginner | Reference detailing five key iOS 17 security features including Safari Private Browsing lock with Face ID, enhanced tracking prevention by automatically removing tracking parameters from URLs in Safari, Mail, and Messages, auto-deletion of verification codes from Messages and Mail after autofill, new Photos privacy permissions prompting users to limit app access to specific photos, and the "Check In" safety feature in Messages for automatic destination arrival alerts. |
| 2023-09-06 2023 | Hacker uses Flipper Zero to spam iPhone users with fake Bluetooth pop-ups news | Tool utilizing Flipper Zero to spam iPhone users with persistent Bluetooth pairing pop-ups. This attack leverages Bluetooth Advertisements to mimic legitimate accessories like AirPods, overwhelming nearby Apple devices. The vulnerability persists even in Airplane Mode, with the only mitigation being disabling Bluetooth entirely in Settings. Demonstrations at Def Con 2023 highlighted the potential for rendering devices unusable through this method. |
| 2023-08-30 2023 | NosyMonkey: API hooking and code injection made easy! intermediate API Sec | Library for simplified API hooking and code injection, enabling researchers to modify binary behavior without source code access. NosyMonkey automates the complex process of creating valid references for injected code within a target process, streamlining techniques like API micro-servicing for LSASS dumping or hiding processes from Task Manager. It avoids the need for manual shellcode generation and complex ASM patching, offering a more stable and less detectable approach to process manipulation. |
| 2021-12-31 2021 | A Memory Visualiser Tool for iOS Security Research intermediate | A Memory Visualiser Tool for iOS Security Research |
| 2021-11-01 2021 | MalAPI.io beginner API Sec | MalAPI.io |
| 2021-09-05 2021 | Writing an iOS Kernel Exploit from Scratch advanced RCE | Library for writing an iOS kernel exploit from scratch, focusing on chain #3 of a Google Project Zero exploit. It details setting up a test environment, reverse engineering IOKit drivers, analyzing a double-free vulnerability mitigated in iOS 11.4.1, and developing a full exploit using techniques including Siguza's sandbox escape. The entry serves as a beginner's reference for exploit development on iOS, with source code available. |
| 2021-06-28 2021 | How to encrypt your Mac iPhone and iPad backups beginner | This guide explains how to encrypt backups for Mac, iPhone, and iPad. Encrypting backups is crucial for protecting sensitive data, as unencrypted backups can be accessed by anyone with physical access to the backup file. The process typically involves using a password during the backup process. Specific steps vary slightly depending on whether you are using iCloud backups or local backups made with Finder (on newer Macs) or iTunes (on older Macs). Encrypting ensures that your personal information, such as passwords, health data, and home network details, remains secure. |
| 2021-06-11 2021 | Mobile Nuclei Templates beginner | Library of Nuclei templates designed for mobile security assessments. It includes specific templates for Android applications, focusing on `smali` checks. A dedicated `Keys` folder provides templates to identify API keys using regex patterns on decompiled Android apps, local code repositories, or unzipped IPA files. Users should install Nuclei from its GitHub repository to utilize these templates effectively for targeted mobile app analysis. |
| 2021-06-11 2021 | mobsfscan beginner | Library for static analysis of Android and iOS source code, mobsfscan detects insecure patterns in Java, Kotlin, XML, Swift, and Objective C. It leverages MobSF static analysis rules, semgrep, and libsast, identifying vulnerabilities like CWE-295 Improper Certificate Validation and CWE-532 Insertion of Sensitive Information into Log File. Supported output formats include JSON, SARIF, SonarQube, and HTML, enabling integration into automated security assessment workflows. |
Frequently Asked Questions
- What is the OWASP Mobile Top 10?
- The OWASP Mobile Top 10 covers the most critical mobile application security risks: Improper Credential Usage, Inadequate Supply Chain Security, Insecure Authentication/Authorization, Insufficient Input/Output Validation, Insecure Communication, Inadequate Privacy Controls, Insufficient Binary Protections, Security Misconfiguration, Insecure Data Storage, and Insufficient Cryptography.
- What tools are used for mobile app security testing?
- Essential tools include Frida and objection for dynamic instrumentation, MobSF for automated static and dynamic analysis, Jadx and apktool for Android reverse engineering, Hopper and Ghidra for iOS binary analysis, and proxy tools like Burp Suite or mitmproxy for intercepting API traffic with certificate pinning bypass.
- How is mobile security testing different from web testing?
- Mobile testing adds client-side concerns: local data storage, binary protections, certificate pinning, inter-app communication, and platform-specific features. You must analyze the compiled binary, not just network traffic. Reverse engineering reveals hardcoded secrets, hidden endpoints, and client-side logic that attackers can manipulate.
Weekly AppSec Digest
Get new resources delivered every Monday.