Play Protect Archives

AppWizard

June 27, 2025

Your Android phone is getting a big security upgrade for free

Google has introduced various security features for Android users to protect against scams and malware. Key enhancements include: 1. Protection against scam calls with warnings and blocking actions related to disabling Google Play Protect, sideloading apps, and granting accessibility permissions. Screen sharing reminders will be provided on devices running Android 6 or higher. 2. In-call protections for banking apps, alerting users to potential risks when sharing screens with unknown callers, available for participating banks on devices running Android 11 or higher. 3. Improved scam detection in Google Messages, targeting various types of scams, including job scams, cryptocurrency scams, and technical support scams. 4. The Key Verifier tool for verifying contact identities through public encryption keys, ensuring private conversations. 5. Enhanced mobile theft protection with the Identity Check tool expanding to more devices running Android 16, reinforced protections against unauthorized factory resets, and hidden one-time passwords on the lock screen. 6. An Advanced Protection Program for targeted attacks, cryptographically verifying login operations on devices running Android 16. 7. Improvements to Google Play Protect, utilizing new on-device rules for malware detection and providing warnings about potentially malicious apps. 8. Ongoing commitment to enhancing overall Android security with each new version and updates to Google Play services.

AppWizard

June 24, 2025

Is your Android phone safe? ‘Godfather’ malware targets 500 Android apps

Cybersecurity firm Zimperium has reported a new variant of the Godfather malware targeting around 500 Android applications, mainly in banking, cryptocurrency, and e-commerce sectors. This version uses virtual spoofing to create deceptive replicas of the user's phone environment, misleading users and security measures. The malware installs a malicious "host" app that scans for banking applications and downloads counterfeit versions that operate in a concealed virtual space. When users access their banking apps, they interact with these fraudulent versions, which record sensitive information such as PINs, passwords, and two-factor authentication codes. It can also remotely control devices, execute money transfers, and exfiltrate confidential data. Most affected applications are based in Turkey, but the malware has the potential to spread globally.

AppWizard

June 20, 2025

‘Godfather’ Malware Is Now Hijacking Banking Apps on Android

The latest version of the "Godfather" malware targets Android devices, capable of hijacking legitimate banking applications and complicating detection. Initially detected in 2021, it used screen overlay attacks to trick users into entering sensitive information. The new iteration introduces a virtualization capability, creating a virtual environment on the device that allows it to intercept and manipulate user interactions with banking apps. This malware can harvest account credentials and exert remote control over the device, enabling unauthorized transactions. Currently, it affects nearly 500 applications, primarily targeting banks in Turkey, with potential for global spread. Users are advised to download apps only from trusted sources, modify permission settings, enable Google Play Protect, keep devices updated, and audit installed applications to protect against this threat.

AppWizard

June 19, 2025

Godfather Android malware now uses virtualization to hijack banking apps

A new iteration of the Android malware "Godfather" has emerged, utilizing advanced techniques to create isolated virtual environments on mobile devices for stealthy account data theft and transaction manipulation from legitimate banking applications. It targets over 500 banking, cryptocurrency, and e-commerce applications globally, employing a comprehensive virtual filesystem, virtual Process ID, intent spoofing, and a component called StubActivity. Godfather is delivered as an APK app with an embedded virtualization framework, scanning for installed target applications and launching them within its virtual environment. It intercepts user interactions with genuine banking apps, capturing sensitive data like credentials and PINs while presenting a legitimate interface. The malware can execute commands to unlock devices and initiate transactions while avoiding detection. Godfather first appeared in March 2021 and has evolved significantly since then, with the latest version representing a notable advancement over previous iterations. Users are advised to download apps only from trusted sources and remain cautious about app permissions to protect against this malware.

AppWizard

June 15, 2025

Crypto holders beware: these wallet apps look real but exist only to steal your assets instantly

Recent investigations by Cyble Research and Intelligence Labs (CRIL) have identified over 20 malicious applications on the Google Play Store that impersonate legitimate cryptocurrency wallet tools. These apps are designed to steal users' mnemonic phrases, which are essential for accessing crypto wallets. The applications utilize WebView technology to create fake login pages resembling those of well-known platforms, tricking users into providing sensitive information. Users are advised to activate Google Play Protect, use strong passwords, enable multi-factor authentication, and avoid entering sensitive information into unverified apps. A list of 22 fake apps includes: 1. Pancake Swap - Package: co.median.android.pkmxaj, Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html 2. Suiet Wallet - Package: co.median.android.ljqjry, Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html 3. Hyperliquid - Package: co.median.android.jroylx, Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 4. Raydium - Package: co.median.android.yakmje, Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 5. Hyperliquid - Package: co.median.android.aaxblp, Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 6. BullX Crypto - Package: co.median.android.ozjwka, Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html 7. OpenOcean Exchange - Package: co.median.android.ozjjkx, Privacy Policy: hxxps://openoceansi.sbs/privatepolicy.html 8. Suiet Wallet - Package: co.median.android.mpeaaw, Privacy Policy: hxxps://suietsiz.cz/privatepolicy.html 9. Meteora Exchange - Package: co.median.android.kbxqaj, Privacy Policy: hxxps://meteorafloydoverdose.sbs/privatepolicy.html 10. Raydium - Package: co.median.android.epwzyq, Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 11. SushiSwap - Package: co.median.android.pkezyz, Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html 12. Raydium - Package: co.median.android.pkzylr, Privacy Policy: hxxps://raydifloyd.cz/privatepolicy.html 13. SushiSwap - Package: co.median.android.brlljb, Privacy Policy: hxxps://sushijames.sbs/privatepolicy.html 14. Hyperliquid - Package: co.median.android.djerqq, Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 15. Suiet Wallet - Package: co.median.android.epeall, Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html 16. BullX Crypto - Package: co.median.android.braqdy, Privacy Policy: hxxps://bullxni.sbs/privatepolicy.html 17. Harvest Finance blog - Package: co.median.android.ljmeob, Privacy Policy: hxxps://harvestfin.sbs/privatepolicy.html 18. Pancake Swap - Package: co.median.android.djrdyk, Privacy Policy: hxxps://pancakefentfloyd.cz/privatepolicy.html 19. Hyperliquid - Package: co.median.android.epbdbn, Privacy Policy: hxxps://hyperliqw.sbs/privatepolicy.html 20. Suiet Wallet - Package: co.median.android.noxmdz, Privacy Policy: hxxps://suietwz.sbs/privatepolicy.html 21. Raydium - Package: cryptoknowledge.rays, Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc 22. PancakeSwap - Package: com.cryptoknowledge.quizzz, Privacy Policy: hxxps://www.termsfeed.com/live/a4ec5c75-145c-47b3-8b10-d43164f83bfc

AppWizard

June 8, 2025

These apps tricked Google to list them in the Play Store and you must delete them from your phone

The Google Play Store has been infiltrated by deceptive applications that are part of a phishing campaign, as revealed by an investigation by Cyble. These applications mimic legitimate digital wallets, including names like SushiSwap, PancakeSwap, Hyperliquid, and Raydium, and have utilized over 50 domains to evade detection. The primary threat involves the extraction of users' mnemonic phrases, which are critical for accessing cryptocurrency and tokens. Users are advised to uninstall nine specific apps identified by Cyble: Pancake Swap, Suite Wallet, Hyperliquid, Raydium, BullX Crypto, OpenOcean Exchange, Meteora Exchange, SushiSwap, and Harvest Finance Blog, to protect their digital assets. Although many of these malicious apps have been removed from the Play Store, the risk persists for those who still have them installed.

AppWizard

May 20, 2025

Best Android Security Apps for Enterprise and Personal Use

Android holds a 71.65% market share as the leading mobile operating system. In 2025, users face sophisticated cyber threats such as ransomware and phishing scams. Android Enterprise provides a multi-layered defense system validated by the U.S. Department of Defense, featuring AI-driven threat detection that blocks 99.8% of malware through 100,000 daily app scans. It supports three device management models: Fully Managed Devices (COBO), Work Profiles (BYOD), and Dedicated Kiosk Mode. Recent enhancements include automated security patch deployment and hardware-backed key attestation. Leading Mobile Device Management (MDM) solutions include TinyMDM, which offers real-time location tracking and remote device wiping, and integrates with Microsoft Intune for conditional access. Harmony Mobile combines app reputation scanning with network-level phishing prevention. Emerging trends in enterprise security include AI-powered anomaly detection, with 42% of enterprises adopting Zero Trust principles, and rugged device management optimized for industrial environments. For personal protection, Bitdefender Mobile Security leads AV-Test rankings, Kaspersky Premium blocks 5.6 million malware attacks monthly, and Norton 360 Deluxe includes biometric app locking. Privacy tools like ExpressVPN and DuckDuckGo Privacy Browser enhance user security. Google's Project Zero reports a 35% decline in critical Android vulnerabilities, attributed to improved patch adoption. The convergence of enterprise and personal security solutions is emphasized, with a focus on AI/ML integration for enterprises and comprehensive protection suites for individuals.

AppWizard

May 20, 2025

Preventing App-Based Threats on Android Devices

By 2025, the Android platform faces increasingly sophisticated app-based threats, including ransomware, fake apps, social engineering, and remote access attacks. Cybercriminals exploit Android's open architecture, prompting the need for advanced security measures. Android's security architecture includes: 1. Google Play Protect: Scans applications before installation using real-time machine learning to detect emerging malware and deceptive tactics. 2. Application Sandboxing: Isolates apps to prevent data access between them, utilizing Linux permissions and SELinux policies. 3. App Signing and Code Integrity: Requires cryptographic signatures for apps, complicating the introduction of rogue certificates and runtime modifications. Advanced protections include Runtime Application Self-Protection (RASP) for high-security apps, which monitors behavior in real time, and secure coding practices that encourage regular code reviews, strong authentication, and data encryption. User vigilance is crucial, emphasizing responsible downloading, limiting permissions, keeping software updated, enabling two-factor authentication, and being cautious with public Wi-Fi. Google continuously updates security measures, ensuring older devices receive new protections, while collaboration with the security community aids in identifying and countering emerging threats.

AppWizard

May 14, 2025

Google Will Prevent Unknown App Downloads During Calls On Android 16

Google has introduced Advanced Protection for Android devices, aimed at enhancing security for users, especially those in public-facing roles. This feature was showcased on May 13, 2025, and will be released with Android 16 in June. Key functionalities include an Offline Device Key, Theft Detection, and Play Protect. Advanced Protection will restrict sideloading applications and downloading from third-party sources. It also blocks downloads from unknown sources during active phone calls and restricts access to banking applications during calls. Users will be unable to share screens with third-party applications while on calls. The initiative is currently being tested in various countries.

AppWizard

May 14, 2025

Android launches new protections against phone call scammers

Google is implementing new features to enhance security for Android users against phone call scams. Users will be restricted from sideloading applications or granting sensitive permissions while on a call with an unknown contact, receiving a notification that states, “This setting is blocked to protect your device.” Google has also prevented users from disabling its Play Protect security service during calls. These measures are available for devices running Android 16. Additionally, Google is piloting a feature for banking apps in the UK that alerts users of a “likely scam” when accessing these apps while sharing their screen with an unknown caller. Users can choose to end the call or face a 30-second delay before accessing their banking app’s screen. This feature will roll out for devices running Android 11 and newer. These updates build on existing scam protection tools, including AI that identifies potential scam callers and integrates scam detection into Google Messages.