Android applications. Archives

AppWizard

January 16, 2026

Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026

The past year saw a 45% increase in new vulnerabilities targeting Android. By the end of 2024, there are projected to be 2.87 million apps on Google Play, with 66% of American employees using personal smartphones for work. Mobile applications are responsible for 70% of digital interactions, and vulnerabilities in these apps contributed to approximately 40% of data breaches involving personal data in 2023. Effective Android App Vulnerability Scanners analyze app security by identifying insecure local storage, hardcoded credentials, weak cryptography, insecure network configurations, broken authentication flows, and misconfigured components. AI-powered scanners, like AutoSecT, can autonomously generate new scanning protocols quickly, detect zero-day vulnerabilities, automate penetration testing, and operate with near-zero false positives.

AppWizard

November 26, 2025

Zimperium research reveals security risks inside Android apps

Zimperium's zLabs team has revealed that many popular Android applications still use an outdated mapping component, libmapbox-gl.so, which was deprecated in 2023. This legacy library is embedded in thousands of active applications, including leading travel, airline, and weather apps, and contains known security vulnerabilities that could be exploited by malicious actors. Zimperium is working with Google through the App Defense Alliance to improve app security and advises developers to switch to Mapbox Maps SDK v10+ or MapLibre. Their analysis found that thousands of Android apps contain the vulnerable library, with 40% of these apps ranking among the top 20 in their Play Store categories, posing significant risks for employee devices and enterprise security.

AppWizard

November 14, 2025

Google backpedals on new Android developer registration rules

Google is recalibrating its "Developer Verification" initiative, originally set to launch in 2026, which aimed to prevent malware from sideloaded applications by requiring verified developer identities for app installations on certified Android devices. The initiative faced backlash from users and developers due to the registration process, which involved a fee and government identification, leading to reports to national regulators and decreased participation in the early access program. F-Droid, a third-party app store, criticized the initiative, claiming it was more about consolidating control than enhancing security.

BetaBeacon

November 14, 2025

Valve Opens Steam to Android Games Through New VR Headset

Valve has announced the Steam Frame VR headset, which supports Android applications natively on Steam's platform, marking a significant expansion into the mobile gaming space.

AppWizard

November 13, 2025

Android will let ‘experienced users’ sideload unverified apps as Google makes case for verification

In August, Google announced plans to implement developer verification for Android applications, including those installed via sideloading, with early access available immediately. The company is creating an advanced flow for experienced users that allows them to accept risks associated with installing unverified software while resisting coercion from scammers. This feature will include clear warnings about the risks involved. Google is gathering early feedback on this design and plans to share more details later. The importance of developer verification is highlighted, as it helps protect users from manipulation by scammers, who often use high-pressure tactics to bypass security warnings. An example of such a scam in Southeast Asia involves scammers posing as bank representatives to trick victims into installing malware disguised as a verification app. Google believes that requiring verification will force malicious actors to use real identities, making it harder and more costly to distribute malware. Additionally, Google is developing a dedicated account type for students and hobbyists to facilitate limited app distribution without full verification requirements.

AppWizard

November 12, 2025

Valve is welcoming Android games into Steam

The Steam Frame is a new device from Valve that represents its entry into mobile gaming, functioning similarly to a wireless VR headset or a Steam Deck. It features an Arm-based Qualcomm Snapdragon chip and aims to integrate Android applications into its ecosystem. Valve is encouraging developers to adapt their Android applications for the Steam Frame, launching a developer kit program to facilitate this. The device is expected to run code natively on the Arm processor, enhancing performance. While Valve's primary focus is on gaming, there is potential for broader software integration, including tools like Discord and Blender. Plans for rich browser integration are also in development. Users will have the option to sideload Android APKs, and Valve may adapt SteamOS for various Arm-based devices in the future.

AppWizard

November 3, 2025

Android Apps misusing NFC and HCE to steal payment data on the rise

Researchers from Zimperium zLabs have identified over 760 Android applications exploiting Near-Field Communication (NFC) and Host Card Emulation (HCE) technologies to illegally acquire payment data. Since April 2024, there has been a significant increase in NFC relay fraud, affecting banks, payment services, and government portals globally, including Russian banks and various European financial institutions. The malware operates as paired “scanner/tapper” toolchains or standalone data collectors, exfiltrating sensitive EMV data and transmitting it to Telegram channels. Operators control these applications via command-and-control (C2) servers, allowing for fraudulent transactions with minimal user involvement. More than 70 C2 servers and numerous Telegram bots have targeted over 20 institutions worldwide, primarily focusing on Russian banks. The rise of “Tap-to-Pay” transactions has made NFC a target for cybercriminals, with harmful applications exploiting Android’s NFC permissions to steal payment data. Zimperium has provided Indicators of Compromise (IOCs) related to this campaign for safeguarding systems.

AppWizard

October 23, 2025

These Android Apps Are Terrible For Your Phone’s Battery Life

pCloud conducted a study on battery consumption of around 100 popular Android applications, analyzing their average battery requirements while using various features. Fitbit was identified as the top battery consumer, running 14 out of 16 background processes, with four significantly draining the battery. The Verizon app ranked second, also consuming considerable battery due to its background processes related to location services. Six social media apps—Facebook, Instagram, Snapchat, YouTube, WhatsApp, and LinkedIn—were noted for their battery drain, allowing 11 processes to run in the background. Dating apps like Grindr, Tinder, and Bumble were included in the findings but do not offer dark mode options. The Google app was highlighted as a major battery drain, with Gmail and Chrome also ranking high. Users can check their apps' battery impact through the Android power menu in the Settings app.

AppWizard

October 1, 2025

Accelerating our Android apps with Baseline Profiles

Meta has integrated Android’s Baseline Profiles into its applications, resulting in performance enhancements of up to 40% across critical metrics. The Baseline Profiles, created from user data, allow developers to optimize app performance by controlling which classes and methods are included for install-time optimizations. Meta has established a robust infrastructure for profile-guided compiler and runtime optimizations, focusing on improving cold start performance and user interactions. The implementation of Baseline Profiles has led to significant improvements in app startup times, scrolling performance, and navigation latency.

AppWizard

September 17, 2025

38 Million Downloads Across 224 Malicious Android Apps on Google Play Deliver Harmful Payloads

Researchers from HUMAN’s Satori Threat Intelligence and Research Team discovered a digital advertising fraud operation called “SlopAds,” which involves 224 Android applications that have over 38 million downloads across 228 countries. SlopAds employs a multi-layered obfuscation strategy to deploy fraud modules that siphon ad revenue. The applications connect to Firebase Remote Config to retrieve an encrypted configuration that conceals URLs for PNG images containing fragments of an APK, which are reassembled to create the core fraud component known as FatModule. SlopAds generates approximately 2.3 billion bid requests daily, primarily targeting users in the United States (30%), India (10%), and Brazil (7%). Google Play Protect alerts users and blocks known SlopAds applications, and Google has removed these applications from the Play Store. Users who installed these apps from off-market sources remain vulnerable until they uninstall them.