security enhancement Archives

AppWizard

March 16, 2026

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is piloting a security enhancement in its Android Advanced Protection Mode (AAPM) that restricts certain applications from using the accessibility services API. This update is part of Android 17 Beta 2. AAPM, introduced in Android 16, enhances device security by blocking app installations from unknown sources, restricting USB data signaling, and mandating Google Play Protect scanning. Developers can integrate with AAPM through the AdvancedProtectionManager API to adapt their apps based on the security mode's status. The new restriction prevents non-accessibility apps from accessing the accessibility services API, allowing only verified accessibility tools like screen readers and voice-based input tools. Non-accessibility apps, including antivirus software and password managers, will have their access revoked when AAPM is activated, and users cannot grant permissions to these apps unless AAPM is disabled. Additionally, Android 17 introduces a new contacts picker feature that allows developers to specify which fields to access from a user's contact list, providing more granular control over data access.

AppWizard

February 20, 2026

Keeping Google Play & Android app ecosystems safe in 2025

The Android ecosystem focuses on preventing real-world harm, including malware and privacy invasions, by enhancing investments in AI and real-time defenses. In 2025, over 1.75 million policy-violating apps were prevented from being published, and more than 80,000 malicious developer accounts were banned. Google Play conducts over 10,000 safety checks on each app, blocking over 255,000 apps from accessing sensitive user data and 160 million spam ratings and reviews. Google Play Protect scans over 350 billion apps daily, identifying over 27 million new malicious apps last year. Enhanced fraud protection was expanded to 185 markets, blocking 266 million risky installation attempts. Developer tools like Play Policy Insights and the Play Integrity API were introduced to streamline app development and enhance security. Developer verification is being extended to ensure accountability, and Android 16 includes features to protect sensitive information with minimal code.

AppWizard

December 11, 2025

Android 17 will boost Xiaomi’s app lock security to a new level

Android 17 introduces a system app locking feature, enhancing mobile security with a new permission structure called LOCK_APPS, allowing only system apps and designated launchers to execute this functionality. This feature utilizes the Biometric Prompt API for user authentication via fingerprint, facial recognition, or PIN. Users can lock or unlock apps by long-pressing the app icon on the launcher, which sends a SETAPPLOCK request to Android's core security service. The app lock will only be available on handheld devices, excluding Android Automotive, Wear OS, and Android TV. The feature is expected to debut later in the rollout of Android 17, benefiting Xiaomi devices and HyperOS.

Winsage

November 7, 2025

How to improve Windows 11 security using Administrator Protection — shielding your PC with a switch buried in its settings

Windows 11 will introduce a security feature called Administrator Protection with the November 2025 Patch Tuesday Update. This feature requires an authorization dialog via Windows Hello for unsigned or untrusted applications seeking elevated permissions. To configure Administrator Protection using Group Policy, users must navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options, select "Admin Approval Mode with Administrator protection," and reboot the device. Alternatively, to enable it via the Registry, users should change the TypeOfAdminApprovalMode key value to 2 in HKEYLOCALMACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem and reboot. To disable the feature, users can revert the settings to their defaults.

Winsage

October 26, 2025

Microsoft Warning—Do Not Open These Files On A Windows PC

Effective October 14, Microsoft will automatically disable the preview feature in File Explorer for files downloaded from the internet that are marked with a "Mark of the Web (MotW)." This measure addresses vulnerabilities related to "NTLM hash leakage," which could allow attackers to exploit the preview feature to capture sensitive credentials. Users must manually unblock these files by accessing the Properties settings. The change will take effect after the next login, and users can also unblock all files from a specific file share address, although this will relax security measures for those files.

Winsage

October 24, 2025

Microsoft Disables File Explorer Preview for Internet Files to Patch NTLM Vulnerability

Following the October 2025 Patch Tuesday updates, many Windows users experienced issues with the File Explorer preview pane, which stopped functioning for several file types. This change, implemented by Microsoft as a security enhancement, affects both Windows 11 and Windows 10 and is linked to a vulnerability associated with NTLM credential hashes. The updates, KB5066835 for Windows 11 and KB5066791 for Windows 10, disable the preview functionality for files marked with the "Mark of the Web" (MotW), indicating they originated from the internet. Instead of a preview, users receive a warning message about potential harm from the file. Microsoft has provided workarounds for users who wish to restore the preview functionality, including manually unblocking files or adjusting security settings for network shares, though these methods come with security risks. This change reflects a broader industry trend toward prioritizing security over user convenience.

Winsage

October 22, 2025

Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025

Microsoft has identified an authentication issue affecting users of Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025, due to updates rolled out since late August 2025. These updates have caused failures in Kerberos and NTLM protocols on devices with identical Security Identifiers (SIDs), leading to widespread login disruptions in enterprise networks. Users have reported repeated credential prompts, error messages, and compromised network access, including issues with Remote Desktop Protocol (RDP) sessions and Failover Clustering operations. Event Viewer logs indicate machine ID mismatches and potential session discrepancies. The problem is particularly severe in virtual desktop infrastructure (VDI) environments where multiple machines share SIDs. Microsoft has emphasized the importance of using the Sysprep tool to ensure unique SIDs during cloning, as the recent updates now strictly verify SIDs during authentication. IT administrators can temporarily alleviate the authentication blocks with a specialized Group Policy, but a permanent solution involves rebuilding devices using approved cloning procedures. As of October 21, 2025, no broader patch has been released.

AppWizard

September 18, 2025

Android’s New Verification System May Limit Offline App Sideloading

Google is introducing a new developer verification system for Android that may require an internet connection to sideload apps. A code snippet in the Android SDK suggests that the installation process will include an online check to confirm the developer's legitimacy. This could hinder users in areas without reliable internet access from installing apps, even from trusted sources. However, the Android Debug Bridge (ADB) will still allow advanced users to sideload applications offline. The new system is expected to roll out over the next year, giving developers time to register and users time to adapt.

Winsage

September 10, 2025

Windows 11 KB5065431 23H2 released, direct download links (.msu)

KB5065431 is the latest security update for Windows 11 23H2 devices, being rolled out as a reminder that this version will reach its end of life on November 11, 2025. Microsoft is migrating eligible 23H2 Home and Pro edition PCs to Windows 11 24H2, but the rollout was temporarily paused due to around a dozen reported errors, some linked to app compatibility issues. Most barriers to upgrading have now been resolved, allowing the automatic upgrade process to begin. The Enterprise and Education editions of Windows 11 23H2 have an extended support timeline until November 10, 2026. The KB5065431 update will automatically install on PCs, or users can manually install it using the offline update installer file (.msu). The Windows 11 22631.5909 build includes important fixes but no new functionalities, addressing issues like NDI streaming performance and enhancing security for SMB shares. It also introduces a UAC prompt for administrator credentials during certain operations, which can be disabled by administrators via group policy.

Winsage

September 5, 2025

Microsoft fesses up to Windows update that caused UAC prompts

Microsoft has acknowledged that the August 2025 security updates for Windows have caused unexpected User Account Control (UAC) prompts for users across all supported versions of Windows. The affected client versions include Windows 11 (24H2, 23H2, 22H2) and Windows 10 (22H2, 21H2, 1809, Enterprise LTSC 2019, Enterprise LTSC 2016, 1607, Enterprise 2015 LTSB). The server versions impacted are Windows Server 2025, 2022, 2019, 2016, 2012 R2, and 2012. The updates included a security enhancement (KB5063878) that enforced UAC prompts for administrator credentials during Windows Installer (MSI) repair operations to address the vulnerability CVE-2025-50173. Various scenarios can trigger UAC prompts for non-administrative users, including executing MSI repair commands, launching Autodesk applications, installing user-specific applications, and deploying packages via Configuration Manager. Standard users attempting to run applications that initiate MSI repair operations without a user interface may encounter errors, such as Error 1730 when trying to install Office Professional Plus 2010. Microsoft is working on a solution to allow IT administrators to permit specific applications to perform MSI repairs without triggering UAC prompts, which will be included in a future update. In the meantime, users are advised to run applications as administrators when possible, and IT admins can mitigate the issue by configuring a special Group Policy using Known Issue Rollback (KIR) for the affected Windows versions.