camera access Archives

AppWizard

August 20, 2025

Fake Antivirus App Spreads Android Malware to Spy on Russian Users

Cybersecurity experts at Doctor Web have identified a new variant of Android malware called Android.Backdoor.916.origin, active since January 2025. This malware can eavesdrop on conversations, steal messages, stream video, and log keystrokes. It targets Russian business representatives rather than average users, being distributed through direct messages as a fake antivirus app named GuardCB, which mimics the Russian Central Bank's emblem. The app requests extensive permissions, including geolocation, audio recording, camera access, and SMS data, and can function as a keylogger. It is designed for persistence, launching background services and communicating with multiple command-and-control servers. The malware can livestream audio, broadcast video, capture text, and upload contacts and call history. It exploits Android’s Accessibility Service to capture keystrokes and prevent uninstallation. The interface is exclusively in Russian, indicating it is specifically designed for a targeted group. Users in Russia are advised to download applications only from trusted sources to mitigate risks.

AppWizard

August 18, 2025

Confirmed—These 20 popular Android apps are accessing your microphone, location and files without you knowing it… and thus spying on you

A study by Which? and Hexiosec analyzed 20 popular Android apps, revealing that many request excessive permissions beyond their core functionalities. Notably, Xiaomi Home requested 91 permissions, Samsung SmartThings 82, Facebook 69, and WhatsApp 66. TikTok and Temu also raised concerns for their permission requests, while Amazon defended its need for camera access for product scanning. Additionally, 16 of the tested apps attempted to display pop-up windows over other applications, indicating aggressive monitoring tactics. Users are advised to check app permissions, set them manually, deactivate background access, download official apps, and keep their devices updated to protect their privacy.

AppWizard

July 28, 2025

Alert for Android users: Experts say these apps could be spying on you

A comprehensive investigation by Which? and Hexiosec analyzed 20 popular Android applications, revealing that all request permissions that could compromise user privacy. The Xiaomi Home app had the highest number of permission requests at 91, followed by Samsung SmartThings with 82, Facebook with 69, and WhatsApp with 66. While some permissions are necessary for functionality, the excessive requests raise concerns about digital surveillance. TikTok faced scrutiny for its audio recording and device file access requests, while Temu was criticized for excessive promotional emails linked to its location access. Amazon defended its camera access requests as enhancing user experience, and Meta stated that its apps do not use the microphone without user involvement. The investigation highlights the trade-off between free services and the collection of personal data.

AppWizard

July 12, 2025

New Android TapTrap attack fools users with invisible UI trick

A new tapjacking technique called TapTrap can exploit user interface animations on Android devices, bypassing the permission system and potentially allowing access to sensitive data or harmful actions. TapTrap operates with zero-permission applications, layering a transparent activity over a malicious one. This vulnerability exists in both Android 15 and 16. Developed by researchers from TU Wien and the University of Bayreuth, TapTrap manipulates activity transitions using custom low-opacity animations, making risky prompts nearly invisible to users. An analysis of nearly 100,000 apps revealed that 76% are vulnerable to TapTrap due to specific conditions related to activity launching and animation handling. The attack has been confirmed on Android 16, including tests on a Google Pixel 8a. GrapheneOS has acknowledged its vulnerability to TapTrap and plans to include a fix in its next release. Google is aware of the issue and intends to address it in a future update.

AppWizard

July 9, 2025

TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions

A new Android vulnerability named TapTrap allows malicious applications to bypass the operating system's permission system without requiring special permissions. It exploits activity transition animations to mislead users into granting sensitive permissions or executing harmful actions. Researchers from TU Wien analyzed 99,705 applications on the Google Play Store and found that 76.3% are susceptible to this attack. TapTrap uses low-opacity animations (approximately 0.01 alpha) to make sensitive permission dialogs nearly invisible while still registering touch events. The attack can last up to six seconds and can lead to unauthorized access to critical functionalities like the camera and microphone, and even device administrator privileges. TapTrap bypasses existing defenses against tapjacking in Android, affecting popular web browsers as well. A user study showed that all participants failed to detect at least one variant of the attack. As of June 2025, Android 15 remains vulnerable, with no timeline for a comprehensive fix. The vulnerability has been assigned two CVEs, and researchers disclosed their findings to Google in October 2024. They propose solutions to mitigate the risks, including blocking touch events during low-opacity animations and setting an opacity threshold of 0.2.

AppWizard

July 9, 2025

Researchers Warn: This Android Animation Glitch Lets Apps Spy, Snap, and Steal… Undetected

A technique for Android devices called TapTrap allows malicious applications to intercept user taps without requiring special permissions. It uses transparent screen transitions to mislead users into triggering hidden actions. Devices running Android versions 15 and 16 are particularly vulnerable. TapTrap operates by overlaying a nearly transparent screen on top of another application, making it appear as if users are interacting with one app while their taps are registered by the hidden screen. A study of around 100,000 Android applications revealed that approximately 76 percent contained screens vulnerable to TapTrap. The researchers successfully executed the attack on a Google Pixel 8a running Android 16. Google has acknowledged the issue and plans to include a fix in a future software update, but no specific timeline has been provided. Users can enhance their security by disabling animations in their system settings.

Tech Optimizer

July 2, 2025

These 5 macOS settings are a security risk and you should turn them off now

Apple emphasizes robust security measures for its users, particularly for Mac users who often believe built-in protections eliminate the need for additional antivirus software. Users can enhance their macOS security by adjusting default settings in five key areas: 1. Location Sharing: Users should manage app access to location data through System Settings > Privacy & Security > Location Services, disabling it entirely or adjusting settings for individual applications. 2. Microphone and Camera Permissions: Users are advised to review and manage app permissions for microphone and camera access in System Settings > Privacy & Security, allowing them to toggle permissions off if necessary. 3. Siri: Users concerned about privacy may choose to disable Siri by going to System Settings > Apple Intelligence & Siri and toggling off the feature. 4. Automatic Wi-Fi Connections: To protect sensitive information, users should disable automatic connections to public Wi-Fi networks by modifying settings in System Settings > Wi-Fi and enabling the option to ask before joining networks. 5. Personalized Ads: Users can opt out of personalized ads by navigating to System Preferences > Security & Privacy and unchecking the box for Personalized Ads to mitigate risks associated with ad tracking.

AppWizard

July 1, 2025

6 Android phone features that boost productivity

- Android phones, particularly the Google Pixel 6 Pro running on Android 15, offer features that enhance productivity and work-life balance. - The camera can be accessed quickly by double-pressing the power button, and photos can be taken using the Volume Down button. - Bedtime Mode silences the phone, dims the wallpaper, and allows only alarms and essential calls, which can be set up in Settings > Digital Wellbeing and Parental Controls > Bedtime Mode. - Google Messages can be connected to a web browser for easier access to texts and sending messages using a full keyboard by visiting the Google Messages page and following the QR code pairing process. - Important text messages can be pinned to the top of the message list by pressing and holding the conversation and tapping the Pin icon. - App Pin locks the phone screen to a specific app to prevent accidental navigation, which can be enabled in Settings > Security and privacy > More security & privacy > App pinning. - Do Not Disturb can be scheduled for a specific time period by swiping down from the home screen, tapping on Mode, selecting Do Not Disturb, and setting the desired duration.

Winsage

February 27, 2025

Microsoft battles more bugs in Windows 11 24H2 with new round of patches

Microsoft released an optional update, KB5052093, for Windows 11 24H2 to address persistent bugs. Users may need to manually download and install this update as it is being rolled out gradually. The update includes fixes for File Explorer, improving performance with media files, context menu response for cloud files, and the reliability of the address bar. It resolves issues with color displays in the Start menu, hard drive misidentification in Task Manager, Guest account sign-ins, custom mouse pointer colors after UAC prompts, and audio bugs related to volume spikes and USB devices. Connectivity issues with Remote Desktop and display rendering problems have been fixed, along with improvements to drag-and-drop functionality and an error message in the Settings screen. New features include file sharing from the Taskbar jump list, simultaneous camera access for multiple applications, enhancements to Windows Narrator for easier navigation, and a more user-friendly Windows Spotlight. A referral card for PC Game Pass may also appear for eligible users. The update can be checked via Settings under Windows Update, and the official version will be released on March 11.

AppWizard

February 12, 2025

Android XR apps will have camera permissions similar to Android phones

In December of last year, Google introduced Android XR, an extended reality operating system for virtual and mixed reality headsets, with a commercial launch planned for 2025. Samsung is developing a headset for this platform, called Project Moohan, and Google’s DeepMind subsidiary is creating a pair of smart glasses. Android XR app developers can request camera permissions similar to those on Android smartphones, allowing access to both world-facing and selfie cameras. Unlike Meta’s Quest 3 and Apple’s Vision Pro, which do not allow third-party camera access, Android XR will enable developers to access the living room feed through the headset's cameras to enhance mixed-reality applications. Developers can also request access to "Scene Understanding" features, including light estimation and advanced tracking capabilities for hand movements. Basic hand tracking functionalities will be available by default, with further details expected from Google soon.