SDKs Archives

AppWizard

April 9, 2026

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

Version 5.2.1 of the EngageSDK was released to address security vulnerabilities related to third-party SDKs, particularly affecting digital asset management applications. Although no exploitation of this vulnerability has been reported, developers are urged to upgrade to the latest version. The Android operating system's security model provides some protections against these vulnerabilities, and the Android team has updated user protections during the transition to the secure version. The vulnerability, classified as severe, allows unauthorized access to protected components and sensitive data through intent redirection. Affected applications, particularly in the cryptocurrency and digital wallet sectors, account for over 30 million installations. The vulnerability was first identified in version 4.5.4 of the EngageLab SDK, reported in April 2025, and was addressed in version 5.2.1 released on November 3, 2025, which set the vulnerable activity to non-exported. Developers are advised to regularly review their Android manifests and upgrade to the latest SDK version to maintain application security.

AppWizard

April 3, 2026

Which messaging app takes the most limited approach to permissions on Android?

Messaging applications Messenger, Signal, and Telegram exhibit significant differences in permissions and operational behaviors that impact user privacy. Telegram has the fewest total permissions at 71, with 25 classified as dangerous; Signal requests 72 permissions, including 19 dangerous ones; and Messenger requests the most at 87, with 24 dangerous permissions. Messenger also has the highest number of vendor-specific unknown permissions. Access to sensitive resources is crucial for messaging functionalities, with permissions for contacts, camera, microphone, location, storage, and calendar being essential. Telegram and Messenger request additional system-level permissions, while Signal is more conservative and does not request certain permissions like phone-call control or overlay windows. The analysis, using the Mobile Security Framework (MobSF), indicates all three apps are in the medium risk category, with Messenger having more flagged issues. Telegram allows cleartext connections by default, potentially exposing traffic, while Signal uses encrypted connections by default and only permits limited cleartext traffic for certificate checks. Messenger's issues include world-writable files and remote debugging enabled in WebViews. Messenger uses third-party SDKs, while Signal and Telegram do not disclose third-party trackers. All three utilize Firebase Cloud Messaging for notifications without sensitive data leakage. Data exchange patterns show Messenger primarily routes traffic through North America, while Telegram and Signal focus on Europe with some additional connections in the U.S. and Asia.

Winsage

March 27, 2026

Microsoft Introduces WinApp CLI to Unify Windows App Development Workflows

In January 2026, Microsoft launched the public preview of the WinApp CLI, a command-line tool for Windows application development that is open source and supports various frameworks including .NET, C++, Electron, and Rust. The tool aims to simplify the complexities of Windows development by providing a unified entry point for environment setup, configuration, and packaging. Key features include the winapp init command for environment initialization, the winapp create-debug-identity command for attaching package identities without full MSIX packaging, and automation capabilities for manifests, certificates, and signing processes. The CLI also supports Electron and Node.js scenarios, allowing developers to inject package identity into running Electron processes. The WinApp CLI is currently in public preview, with potential changes before general availability, and an updated version 0.2.0 was released in late February 2026. It can be accessed via WinGet, npm, and as a GitHub project for community contributions.

Tech Optimizer

March 26, 2026

Announcing Amazon Aurora PostgreSQL serverless database creation in seconds

Colin Lazier, Vice President of Databases at AWS, announced at re:Invent 2025 that developers can now create production-ready databases using Amazon DynamoDB and Amazon Aurora DSQL in seconds. AWS introduced an express configuration for Amazon Aurora PostgreSQL, allowing users to set up a serverless database in two clicks without needing an Amazon VPC network. This configuration includes preconfigured defaults, IAM authentication for passwordless access, and an internet access gateway for secure connections. Users can create an Aurora PostgreSQL serverless database via the AWS console or command-line interface, and they can customize settings during and after creation. The new setup supports additional features like read replicas and automated failover. AWS also enhanced the Free Tier program, providing up to 0 in credits for new users, and integrated Aurora with platforms like Vercel for rapid application development. Users are billed based on Aurora Capacity Units (ACUs), which scale automatically.

AppWizard

March 17, 2026

Android 16 brings desktop windowing to Pixel and Samsung phones

Google has announced that connected display support for Android has reached general availability with the release of Android 16 QPR3. This feature allows compatible Android phones and foldable devices to initiate a new desktop session on an external display while maintaining the phone's independent state. Supported devices include the Pixel 8, 9, and 10 series, as well as various Samsung devices like the Galaxy S26, Fold7, Flip7, and Tab S11. The collaboration between Google and Samsung has been crucial in developing this feature. The Android 16 QPR3 release has refined windowing behaviors, taskbar interactions, and input compatibility for mouse and keyboard usage. It introduced two new width window size classes: Large (1200dp to 1600dp) and Extra-large (1600dp and above) to assist developers in creating adaptive layouts. Navigation 3 has also been released, providing a system for managing UI flow based on Scenes. Design principles for desktop contexts have been updated, emphasizing the importance of multitasking, efficient use of screen space, and accommodating various input types. The Android Design Gallery has been launched to showcase design examples across different categories and input types. The announcement has implications for mobile advertising and app measurement, as the distinction between mobile and desktop ad inventory becomes more complex. Developers are advised to ensure their apps can adapt to changes in display configurations to maintain ad performance and measurement accuracy. Key dates include the announcement of connected display general availability on March 3, 2026, and the launch of the Android Design Gallery on March 16, 2026.

AppWizard

January 31, 2026

Google takes down an invisible network that was secretly using your phone’s internet

Google has dismantled the IPIDEA residential proxy network, which had exploited millions of devices for cybercrime. This operation resulted in the liberation of approximately nine million Android devices and the removal of hundreds of compromised applications. IPIDEA's infrastructure was integrated into various software development kits (SDKs), allowing it to covertly enlist devices into its proxy pool. Google updated its Play Protect system to identify and eliminate affected applications and collaborated with partners to disrupt the network's underlying systems. The efforts led to a significant decrease in hijacked devices available for exploitation.

AppWizard

December 2, 2025

Android users warned to check phones now as Google bans apps

Recent findings have revealed that certain widely-used Android applications have been involved in an adware campaign, identified as 'GhostAd', which drains phone resources and disrupts normal usage. This malicious software disguised itself as utility and emoji-editing tools and infiltrated at least 15 applications, targeting unsuspecting users. Many of these compromised apps were available on Google’s Play Store, including the GenMoji Studio app, which became popular in the 'Top Free Tools' category. Users reported issues such as disappearing app icons, intrusive advertisement pop-ups, and sluggish device performance after installation. Google has removed all compromised applications from its Play Store, but users who installed them must manually delete the harmful software. Check Point noted that the GhostAd campaign blurs the line between marketing and malware, repurposing users' phones to generate revenue. To protect against future threats, users are advised to scrutinize app reviews, verify the app creator's reputation, and exercise caution with permissions.

AppWizard

November 30, 2025

Google removes apps that slow down Android phones – check yours now

A significant adware campaign named "GhostAd" has been identified, affecting Android devices globally. This adware operates through benign-looking utility and emoji-editing applications, which drain battery life and disrupt phone functionality without compromising personal data. At least 15 compromised applications were used in the campaign, some of which were available on Google’s Play Store, with one app reaching the second position in the "Top Free Tools" category. Users have reported issues such as incessant pop-up ads and sluggish device performance. Google has removed the compromised applications from the Play Store, but users must manually uninstall them to restore their device's performance. The incident highlights the misuse of legitimate software development kits (SDKs) and the need for users to review application ratings and developer reputations.

AppWizard

November 30, 2025

Urgent Google app ban affects millions of Android users, check your phone now

A significant adware campaign named "GhostAd" has been identified, affecting Android users globally. This adware infiltrates various applications that appear to be benign utility tools and emoji-editing software, operating a persistent advertising engine that drains device resources and disrupts functionality. At least 15 different infected applications were deployed, some of which were available on Google’s Play Store, including one that reached the number two spot in the "Top Free Tools" category. Users have reported issues such as persistent pop-up ads, disappearing app icons during uninstallation attempts, and slowed device performance. Google has removed the identified infected applications from the Play Store, but existing installations will not be automatically deleted, requiring users to review their apps. The campaign highlights the risks of advertising tools being misused to erode user trust in mobile ecosystems.

AppWizard

November 21, 2025

Bad battery life? Google will name-and-shame Android apps that drain your phone faster than expected

Google is overhauling the Google Play Store to address Android apps that excessively drain device batteries. New regulations require developers to minimize unnecessary background activities and adhere to stricter guidelines on how often their apps can wake devices or access system resources. Non-compliant apps will receive warnings on their Play Store listings, and their visibility may be reduced. A new measurement system, developed with Samsung, tracks "excessive partial wake locks," which monitor how long apps keep devices awake while the screen is off. If an app exceeds a threshold of 5% of total user sessions with excessive wake locks over a 28-day period, it will trigger notifications on the developers' dashboard. Developers must rectify these issues by March 1, 2026, to keep their apps on the Play Store. This initiative is part of a broader strategy to enhance transparency regarding app resource utilization and improve battery performance across Android devices.