NewApp Digest
search bot

Android app vulnerabilities

Boffins build automated Android bug hunting system
AppWizard
September 6, 2025

Boffins build automated Android bug hunting system

Researchers from Nanjing University and The University of Sydney have developed an AI vulnerability identification system called A2, which is designed to discover and validate vulnerabilities in Android applications. A2 achieves 78.3 percent coverage on the Ghera benchmark, outperforming static analyzers like APKHunt, which only reaches 30.0 percent. In testing on 169 production APKs, A2 identified 104 true-positive zero-day vulnerabilities, with 57 validated through automatically generated proof-of-concept exploits. One identified vulnerability was a medium-severity flaw in an Android app with over 10 million installs, specifically an intent redirect issue. A2 integrates various commercial AI models for planning, execution, and validation of tasks, improving upon its predecessor, A1, which lacked robust validation. The system effectively reduces false positives by providing valuable signals rather than overwhelming noise.
Google Play ends rewards for Android app bug hunters
AppWizard
August 19, 2024

Google Play ends rewards for Android app bug hunters

Google is set to conclude the Google Play Security Reward Program (GPSRP) on August 31, due to a decline in actionable vulnerabilities being reported, which Google attributes to improvements in Android OS security. The GPSRP, launched in October 2017, incentivized researchers to identify vulnerabilities in popular Android applications on the Google Play Store, expanding over time to include all apps with at least 100 million installations. Through the program, developers earned money for finding security flaws, and it helped over 300,000 developers fix more than 1,000,000 applications, reducing the number of risky apps. The closure of the GPSRP raises concerns about the motivation for security experts to report vulnerabilities responsibly, particularly for apps from companies with weaker bug report management systems.
Big Security Alert! Critical Android App Flaws Found, Update Your Phone Now To Protect Your Personal Data
AppWizard
May 4, 2024

Big Security Alert! Critical Android App Flaws Found, Update Your Phone Now To Protect Your Personal Data

Microsoft's Threat Intelligence Team uncovered vulnerabilities in Android applications with a collective download count exceeding 4 billion, potentially allowing access to sensitive user data through a "dirty stream" attack. Users are advised to keep apps updated, install from trusted sources, and scrutinize app permissions. Microsoft is collaborating with Google to notify developers and prevent similar security issues in the future.
Search