We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Android vulnerability

Google Play Store’s Bug Bounty Program to End on August 31
AppWizard
August 21, 2024

Google Play Store’s Bug Bounty Program to End on August 31

Google's bug bounty program for Android apps, the Google Play Security Reward Program (GPSRP), will conclude on August 31, 2024. Launched in 2017, the program incentivized researchers to find security vulnerabilities in popular Android applications, initially targeting select developers with rewards up to ,000 for critical issues. In 2019, it expanded to all apps with over 100 million downloads, increasing potential payouts to 0,000. The decision to end the program is due to a decline in actionable vulnerabilities reported, attributed to improvements in Android OS security. Google will continue investing in other security initiatives, such as the Android Vulnerability Rewards Program (AVRP). Researchers are encouraged to submit findings before the program ends, with reports due by September 15 and final decisions by September 30.
Google to remove app from Pixel devices following claims that it made phones vulnerable
AppWizard
August 16, 2024

Google to remove app from Pixel devices following claims that it made phones vulnerable

Google and iVerify are in conflict over the security implications of an application called "Showcase.apk," found on many Android Pixel devices since September 2017. iVerify claims that this app, which operates at the system level, makes these devices vulnerable to man-in-the-middle (MITM) attacks. The app was discovered on a Palantir employee's device, leading Palantir to confirm that it compromises security and announce plans to phase out Android devices. Google disputes iVerify's claims, stating that the app is not a vulnerability of the Android platform but was developed by Smith Micro for Verizon's in-store demonstrations. Google plans to remove the app from supported Pixel devices and asserts that exploiting it requires physical access and the user's password. Verizon confirmed that the demo capability of the app is no longer used. iVerify's co-founder criticized Google's distribution of the app and expressed concerns about the inability to remove it, labeling it an Android vulnerability. iVerify warns that this situation creates an "untrusted ecosystem" for corporate security, as millions of Android devices are used in workplaces. Researchers speculate that cybercriminals could exploit vulnerabilities in the app's infrastructure.
Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App
AppWizard
August 15, 2024

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

A vulnerability has been identified in Google Pixel devices, linked to a software package called “Showcase.apk,” which has existed in every Android release for these devices since September 2017. This application, created by Smith Micro for Verizon, operates at the system level and has extensive privileges, including remote code execution and the ability to install software remotely. It downloads configuration files via an unencrypted HTTP connection, making it susceptible to exploitation. iVerify disclosed this vulnerability to Google in early May, but a fix has not yet been released. Google has stated that Showcase is no longer in use by Verizon and that an update to remove it from supported Pixel devices is forthcoming. There is currently no evidence of active exploitation, and the app is absent in the newly announced Pixel 9 series. However, concerns remain about the potential for exploitation, particularly if a remote activation method is discovered. iVerify also speculates that Showcase could be present in other Android devices, and Google is notifying other manufacturers about the issue.
New Android security flaw lets hackers seize control of apps — uninstall these immediately
AppWizard
May 5, 2024

New Android security flaw lets hackers seize control of apps — uninstall these immediately

A critical security vulnerability known as "Dirty Stream" has been discovered in the Android ContentProvider system, allowing attackers to hijack communications between apps. Over four billion installations of Android apps are affected by this vulnerability, with popular apps like Xiaomi Inc.’s File Manager and WPS Office being patched. Users are advised to avoid sideloading apps and activate Google Play Protect on their devices to safeguard against malware.
Search