Android security Archives

AppWizard

June 16, 2026

50+ Samsung Galaxy Store apps spread phone malware

Samsung's Galaxy Store had over 50 applications that unknowingly distributed a hidden Android trojan named MagicAd, which has since been removed. Users who downloaded these apps may still have the malware on their devices, as it establishes persistent background services that remain after the app is uninstalled and hides its icon. Signs of infection include unsolicited ads, battery drain, and unexplained data usage. The malware evades detection by assessing its environment and concealing its core code in encrypted files. Developers rotated the infected apps to maintain persistence and generated revenue through fraudulent ad impressions. Users are advised to run security scans and consider a factory reset if symptoms persist, ensuring to back up important files without including app settings. No app store can guarantee the exclusion of all threats, so users should check ratings and download counts before installing applications.

AppWizard

May 18, 2026

Why There’s Simply No Need For Android Antivirus Apps Anymore

Android users are advised to avoid clicking on random links and sideloading applications to maintain safety. Threats such as phishing scams, deceptive pop-ups, and malicious links still exist in the Android ecosystem. Android includes built-in security features like Google Play Protect, which scans applications for malware and alerts users to threats, and Google Safe Browsing, which warns against hazardous websites. Monthly security updates are released to patch vulnerabilities, but the speed of these updates can vary by manufacturer. Users should avoid downloading apps from unverified sources, regularly review app permissions, and install security updates promptly. While antivirus applications can be useful, cultivating smart usage habits is crucial for effective security.

AppWizard

May 13, 2026

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google introduced a new opt-in feature for Android users called Intrusion Logging, which enhances the analysis of spyware attacks as part of the Advanced Protection Mode. Developed with Amnesty International and Reporters Without Borders, it logs daily device and network activities, including app activity, installations, network connections, file transfers, system certificate modifications, and device lock events. The log data is encrypted and stored securely, accessible only to the device owner. Logs are retained for 12 months and cannot be deleted by users before expiration, though they can be downloaded for offline storage. Intrusion Logging also records network events during Chrome's Incognito mode. This feature is beneficial for high-risk individuals who may be targets of surveillance. Users can access the logs through the Settings app, and the rollout is underway for devices with the Android 16 December update and newer. Additionally, Google announced other privacy and security features, including a verified financial call feature to combat scams, expansion of Live Threat Detection, evaluation of APK files for malware, revocation of accessibility services API access from non-designated apps, and enhancements to Find Hub's Mark as Lost feature. Other updates include improved device recovery options, enhanced privacy controls, introduction of AISeal with pKVM, expansion of Binary Transparency, protection against OTP theft, and strengthening data protection with post-quantum cryptography.

AppWizard

May 13, 2026

What’s New in Android Security and Privacy in 2026

The company is implementing default-on theft protections globally for all new Android 17 devices and those recently reset or upgraded. This initiative follows a successful pilot in Brazil and will also extend to devices running Android 10 or higher in Argentina, Chile, Colombia, Mexico, and the UK. Features like Remote Lock and Theft Detection Lock will automatically activate to enhance security against theft. The frequency of PIN or password attempts has been reduced, with longer wait times between failed attempts to deter brute-force attacks. Users can access their device's IMEI from the lock screen on Android 12 or higher, aiding in the recovery of stolen devices. Additionally, Android 17 introduces a temporary location sharing button for specific applications, allowing users to share their location without permanent permissions.

AppWizard

May 12, 2026

Your Android security and privacy got huge upgrades—The Android Show reveals all

Google announced significant security and privacy enhancements at the Android Show, including features in the upcoming Android 17. Users will have increased transparency regarding location access and can manage which apps track their location. New protections against banking scams and a "Mark as Lost" feature with biometric security will be introduced. A "temporary precise location" button will allow quick access to surroundings while preventing unwanted tracking. Live Threat Detection will receive an upgrade for 2026, focusing on harmful behaviors like SMS forwarding. Dynamic signal monitoring will alert users to suspicious app behavior. Improvements to the Advanced Protection program include USB Protection for all Pixel devices running Android 16 or higher and Intrusion Logging for all Android 16 devices with the December update. Chrome on Android will enhance Safe Browsing to analyze APKs for malware. The "Mark as Lost" feature will allow biometric locking of devices, hide Quick Settings, and disable new connections. Theft protections will be enabled by default in several countries, including Argentina, Chile, Colombia, Mexico, and the U.K.

Tech Optimizer

May 5, 2026

The best mobile antivirus software of 2026: Expert tested and reviewed

Bitdefender Mobile Security is currently regarded as the best mobile antivirus software, achieving a 100% detection rate for malware on Android devices according to AV-TEST's August 2025 report. The 2026 version introduces App Anomaly Detection and includes features like Scam Alert and anti-theft tools. Sophos Intercept X for Mobile offers a free version with a perfect score in AV-TEST's comparisons and features such as multi-factor authentication and a Privacy Advisor. Surfshark Antivirus, part of the Surfshark One package, scored six out of six in AV-TEST's evaluations and includes various security tools, but is only available for Android, macOS, and Windows. Avast Mobile Security is a popular free option with robust features and achieved perfect scores in protection and usability in AV-TEST's September-October 2025 report. AVG Antivirus, operating on the same engine as Avast, also detected 100% of malware in AV-TEST's March-April 2025 evaluations and includes anti-theft tools.

AppWizard

April 29, 2026

New Android spyware Morpheus linked to Italian surveillance firm

Morpheus is a new spyware identified by the nonprofit organization Osservatorio Nessuno, which spreads through counterfeit Android applications that appear as legitimate updates. Attackers use SMS messages to direct victims to a fraudulent website mimicking an Internet Service Provider (ISP). The spyware installs a dropper app that deploys a concealed payload, which disguises itself as legitimate system components and manipulates users into granting dangerous permissions, including Accessibility access. Once granted, Morpheus initiates a Permission Workflow that creates a fake update overlay, disabling the touchscreen to prevent user interaction. It ensures persistence by restarting after device reboots and can request device administrator privileges. The spyware exploits overlay windows and Accessibility features to gain control of the device and bypass security measures, including disabling antivirus solutions without requiring root access. Analysis suggests Morpheus has Italian origins, with connections to an Italian firm, IPS Intelligence, known for lawful interception technologies. The spyware is capable of invasive actions such as recording audio and video, linking to WhatsApp, and compromising device security. The report highlights a network of dubious companies and shared contacts linked to the spyware's distribution.

AppWizard

April 9, 2026

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

Version 5.2.1 of the EngageSDK was released to address security vulnerabilities related to third-party SDKs, particularly affecting digital asset management applications. Although no exploitation of this vulnerability has been reported, developers are urged to upgrade to the latest version. The Android operating system's security model provides some protections against these vulnerabilities, and the Android team has updated user protections during the transition to the secure version. The vulnerability, classified as severe, allows unauthorized access to protected components and sensitive data through intent redirection. Affected applications, particularly in the cryptocurrency and digital wallet sectors, account for over 30 million installations. The vulnerability was first identified in version 4.5.4 of the EngageLab SDK, reported in April 2025, and was addressed in version 5.2.1 released on November 3, 2025, which set the vulnerable activity to non-exported. Developers are advised to regularly review their Android manifests and upgrade to the latest SDK version to maintain application security.

AppWizard

April 3, 2026

Google Responds As 50 Apps With 2 Million Downloads Hit By Malware

Researchers at McAfee Labs discovered that 50 Android applications on the Google Play Store contain malware known as NoVoice, which can grant full remote access to infected smartphones. These apps have over 2.3 million downloads. The malware can communicate with remote servers, profile devices, and download tailored root exploits, potentially compromising specific hardware and software configurations. However, devices with an Android security patch level of May 2021 or later are not vulnerable to these exploits, as the vulnerabilities were patched by Android between 2016 and 2021. Google Play Protect removes these apps and blocks new installs, and users are advised to keep their devices updated with the latest security patches.

AppWizard

February 22, 2026

Google Blocks Millions of Risky Android Apps: Biggest Play Store Cleanup Yet

Google blocked approximately 1.75 million dangerous or policy-violating apps from reaching users in 2025 and shut down over 80,000 developer accounts associated with fraud, malware, and repeated policy violations. Play Protect identified millions of risky apps installed from external sources, and it scans apps in real-time, even after installation. Key reasons for app rejections include malware behavior, financial fraud, misuse of permissions, and deceptive advertisements. The crackdown results in safer app downloads, reduced risk of data theft, improved privacy enforcement, and lower exposure to counterfeit applications.