mobile security Archives

AppWizard

April 3, 2026

Which messaging app takes the most limited approach to permissions on Android?

Messaging applications Messenger, Signal, and Telegram exhibit significant differences in permissions and operational behaviors that impact user privacy. Telegram has the fewest total permissions at 71, with 25 classified as dangerous; Signal requests 72 permissions, including 19 dangerous ones; and Messenger requests the most at 87, with 24 dangerous permissions. Messenger also has the highest number of vendor-specific unknown permissions. Access to sensitive resources is crucial for messaging functionalities, with permissions for contacts, camera, microphone, location, storage, and calendar being essential. Telegram and Messenger request additional system-level permissions, while Signal is more conservative and does not request certain permissions like phone-call control or overlay windows. The analysis, using the Mobile Security Framework (MobSF), indicates all three apps are in the medium risk category, with Messenger having more flagged issues. Telegram allows cleartext connections by default, potentially exposing traffic, while Signal uses encrypted connections by default and only permits limited cleartext traffic for certificate checks. Messenger's issues include world-writable files and remote debugging enabled in WebViews. Messenger uses third-party SDKs, while Signal and Telegram do not disclose third-party trackers. All three utilize Firebase Cloud Messaging for notifications without sensitive data leakage. Data exchange patterns show Messenger primarily routes traffic through North America, while Telegram and Signal focus on Europe with some additional connections in the U.S. and Asia.

AppWizard

March 31, 2026

Free Antivirus for Android: Best Apps to Protect Your Smartphone

Smartphones are integral to daily life, storing emails, banking apps, and social media. The Android operating system is vulnerable to threats like viruses and ransomware. Free Android antivirus tools offer basic protection but have limitations compared to paid versions. Free antivirus solutions focus on malware scanning and threat detection. Bitdefender Mobile Security (Free Version) provides lightweight background operation, real-time scanning, and web protection but lacks anti-theft and VPN features. Norton Mobile Security (Free Tier) offers essential malware scanning, with advanced features available in premium subscriptions. Avast Mobile Security (Free) includes virus scanning, malware protection, and anti-theft tools, allowing users to lock apps and protect against malicious websites. AVG AntiVirus (Free) offers virus, malware, and spyware scanning, real-time updates, and a "Photo Vault" for securing images. Kaspersky Mobile Security (Free) provides basic virus protection and ranks high in malware detection, with additional features available in paid plans. Free antivirus tools detect malware and monitor real-time system activity, alerting users to phishing sites. They may scan files transferred via USB or Bluetooth and offer limited VPN services. Limitations of free antivirus include the absence of advanced features like unlimited VPN, application locking, and anti-theft capabilities. Many rely on ads for revenue, which can disrupt user experience. Choosing the right antivirus depends on usage habits and security concerns. Running multiple antivirus apps can cause conflicts and hinder performance. Upgrading to premium versions may be necessary for comprehensive protection, especially for sensitive tasks. User behavior is crucial for security; regularly updating the OS and applications, using strong passwords, and considering two-factor authentication can enhance protection. Free antivirus apps offer core threat protection but lack advanced features. Most are lightweight, with minimal impact on performance. Regular scans are recommended, and reputable sources should be used for downloads. Free antivirus apps can warn about phishing attempts but cannot eliminate the risk entirely. A built-in VPN is not essential for basic protection but is advisable for public Wi-Fi use.

AppWizard

March 20, 2026

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google has introduced a new "advanced flow" for Android sideloading, which includes a mandatory 24-hour waiting period for users installing applications from unverified developers. This follows a developer verification mandate requiring all Android applications to be registered by verified developers to help identify malicious actors and reduce malware distribution. The new sideloading protocol aims to mitigate risks from cybercriminals who may deceive users into disabling Play Protect, Google's anti-malware feature. Over 50 app developers and marketplaces, including F-Droid and Brave, have expressed concerns about the registration requirements, arguing they could create barriers and raise privacy issues. Google has outlined a one-time process for sideloading apps, which includes enabling developer mode, confirming voluntary sideloading, restarting the device, waiting 24 hours, and using biometric authentication or a PIN to install apps. Google plans to introduce free "limited distribution accounts" for hobbyist developers and students to share apps with up to 20 devices without needing government-issued IDs or registration fees. This process will not apply to installations via the Android Debug Bridge (ADB) and is set to be available in August 2026, ahead of new developer verification requirements. This announcement comes as a new Android malware, Perseus, targets users in Turkey and Italy, with at least 17 distinct Android malware families identified in the past four months.

AppWizard

March 20, 2026

Google adds 24-hour Android sideloading for unverified apps

Google is revising its approach to Android sideloading by allowing users to install applications from unverified developers while implementing a new 24-hour process to enhance security. Users must activate developer mode, confirm their decision, restart their devices, and re-authenticate before installation. A one-time 24-hour waiting period is also introduced to prevent scams. This change addresses concerns from developers and advocacy groups about the impact of stringent verification policies on smaller developers. Google is also offering limited-distribution accounts for students and hobbyists to share apps without full verification. The updated process includes additional security measures to disrupt scams, while users are encouraged to use dedicated security solutions for better protection against mobile threats.

AppWizard

March 19, 2026

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have identified a new family of Android malware called Perseus, designed for device takeovers and financial fraud. It utilizes Accessibility-based remote sessions for real-time monitoring and interaction with infected devices, particularly targeting Turkey and Italy. Perseus monitors user notes to extract personal or financial information and is distributed through dropper applications via phishing websites. It expands on the codebase of previous malware like Phoenix and employs disguises as IPTV services to reduce user suspicion. Once operational, it performs overlay attacks and captures keystrokes to steal credentials from financial applications. The malware allows operators to issue commands through a command-and-control panel, enabling various malicious actions, including capturing note content and initiating remote visual streams. Perseus also conducts environment checks to evade detection and ensure it operates on legitimate devices.

AppWizard

March 13, 2026

Patch Me If You Can: AI Codemods for Secure-by-Default Android Apps

Meta’s Product Security team has developed a strategy to enhance mobile security through two main initiatives: creating secure-by-default frameworks that make secure Android OS APIs more accessible for developers, and utilizing generative AI to automate the migration of existing code to these frameworks. This approach allows for efficient large-scale updates and the ability to propose, validate, and submit security patches across millions of lines of code.

Tech Optimizer

March 11, 2026

XShield Review 2026: Don’t Buy Antivirus, VPN & Ad Blocker Before Reading This!

XShield is a multi-feature digital security suite operated by Xshield Technologies AG and Xshield USA Inc., governed by Swiss law. It combines six protection categories: antivirus, secure VPN, cyber privacy protection, anti-ransomware, dark web monitoring, and mobile security, supporting unlimited devices across iOS, Android, Windows, and macOS. As of March 2026, XShield offers two pricing plans: a monthly plan at .99 and an annual plan at .99, both including full access to all features and 24/7 customer support. It provides a 30-day money-back guarantee for first-time purchases. XShield lacks independent third-party lab certifications. Contact information includes a phone number (+1 800 358 9107), email (care@xshield.com), and 24/7 live chat support.

Tech Optimizer

March 6, 2026

XShield Security Suite Claims Evaluated: 2026 Consumer Report on All-In-One Antivirus, VPN Privacy Protection, Dark Web Monitoring, and What Consumers Should Verify

In 2026, consumers are increasingly opting for bundled cybersecurity solutions due to the confusion caused by separate antivirus tools, VPN subscriptions, and privacy utilities. XShield, operated by Xshield Technologies AG, is a subscription-based digital privacy protection suite that consolidates various security functions, including antivirus, secure VPN, cyber privacy tools, anti-ransomware defenses, dark web monitoring, and mobile security. It is compatible with iOS, Android, Windows, and macOS devices, offering unlimited device coverage under one subscription. The setup process takes about two minutes, and customer support is available 24/7 via live chat, with email and phone assistance during business hours. Subscriptions automatically renew unless canceled. XShield offers two subscription tiers: a monthly plan at .99 per month and a yearly plan at .99 per year, which includes two months free. Both plans provide full access to the security suite. A 30-day money-back guarantee is available for first-time purchases, but it does not cover subscription renewals or third-party purchases. Consumers are advised to seek independent testing results, clarify the meaning of "unlimited devices," understand auto-renewal terms, examine VPN specifications, and consider mobile platform security differences before subscribing.

AppWizard

February 24, 2026

Android mental health apps with 14.7M installs filled with security flaws

Recent analysis by Oversecured identified 1,575 security vulnerabilities across ten mental health mobile applications, which include 54 high-severity, 538 medium-severity, and 983 low-severity issues. These apps, with over 14.7 million downloads, assist users with conditions like clinical depression and anxiety. Vulnerabilities include improper handling of user-supplied URIs, weak local data storage practices, and cryptographically weak session token generation. Six of the ten apps had no high-severity vulnerabilities, but medium-severity issues still pose risks to user privacy. The scans were conducted between January 22 and 23, 2026, and only four apps had received recent updates.

Tech Optimizer

February 22, 2026

Researchers Discover First Android Malware Using Generative AI for Persistence

Security researchers have identified a new Android Trojan named PromptSpy that uses generative AI technology to enhance its persistence on compromised devices. Discovered by ESET researchers, PromptSpy leverages Google's Gemini AI model to analyze infected device screens and generate tailored instructions for embedding itself within recent apps lists. It includes a Virtual Network Computing (VNC) module that allows attackers full remote control over the device, enabling activities such as viewing the screen, performing actions remotely, capturing lock screen data, blocking uninstallation attempts, gathering device information, taking screenshots, and recording screen activity as video. The malware communicates with command-and-control servers using AES encryption and exploits Android Accessibility Services, making it difficult to remove. PromptSpy is distributed through a dedicated website and is financially motivated, adapting to various Android interfaces and operating system versions. ESET's analysis indicates that the malware is regionally targeted, with a focus on Argentina, and may have been developed in a Chinese-speaking environment. The same threat actor is believed to be responsible for both VNCSpy and PromptSpy.