sensitive communications Archives

AppWizard

November 26, 2025

Hackers Bypass Signal, Telegram And WhatsApp Encryption To Read Messages

CISA has issued a warning about spyware targeting users of instant messaging applications, particularly highlighting the Sturnus trojan, which poses significant risks to Android smartphone users. Sturnus, identified as a banking trojan, can bypass encrypted messaging by capturing messages after they are decrypted on the smartphone screen, rather than cracking the encryption itself. Security expert Aditya Sood noted that Sturnus uses a combination of plaintext, RSA, and AES-encrypted communication, complicating detection efforts. The trojan can read everything displayed on the smartphone screen in real time, including sensitive messages and contacts. CISA also identified tactics used by cyber threat actors, such as phishing, zero-click exploits, and impersonation to gain unauthorized access to messaging apps. Users are advised to keep Google’s Play Protect activated, avoid unauthorized app stores, and be cautious with accessibility permissions to protect against these threats.

Tech Optimizer

October 23, 2025

Delete the fake VPN app stealing Android users’ money

Malware targeting Android devices has become more sophisticated, with cybercriminals deploying fake banking applications and phishing campaigns. A recently identified dangerous app, Mobdro Pro IP TV + VPN, introduces a malware strain called Klopatra, which is used in campaigns against financial institutions. This app appears to be a free streaming platform but installs a banking Trojan and remote-access tool, allowing attackers to steal banking credentials and conduct fraudulent transactions. The infection process involves social engineering tactics to trick users into downloading the app from unofficial sources, and Klopatra can bypass Android's security measures. The rise of fake VPNs, like Mobdro, poses a significant risk, as many users rely on VPNs for privacy and security. Users are advised to take protective measures, including downloading apps only from trusted sources, checking app permissions, using secure VPNs, installing strong antivirus software, monitoring accounts, removing suspicious apps, keeping devices updated, changing passwords, enabling two-factor authentication, and reporting malicious apps.

AppWizard

August 3, 2025

What You Should Know About the New, Free Messaging App Bitchat

On July 28, Jack Dorsey introduced Bitchat Mesh, an open-source messaging application available for free in Apple's App Store. The app features a minimalist design and transmits messages exclusively via Bluetooth, establishing a mesh network for connectivity without relying on phone numbers or internet access. Users can communicate with nearby devices and extend their network reach through a series of connections. Each device acts as both a client and a server, and messages sent in the main chat are visible to all users within the network, while private messaging is available for one-on-one conversations. Additional features include the ability to send private messages, block users, and engage in playful interactions, with notifications for screenshots taken during conversations. Although the app is open-source, raising transparency about its code, Dorsey issued a security warning highlighting that it has not undergone external security reviews and may contain vulnerabilities.

AppWizard

July 21, 2025

How Free Android VPNs Improve HTTP Security in App Development (2025)

The integration of a free Android VPN is essential for mobile application developers to protect sensitive communications by creating an encrypted tunnel between a user's device and a secure server. VPNs enhance HTTP security by encrypting data, making it unreadable to unauthorized entities. They use various encryption protocols such as OpenVPN, WireGuard, and IKEv2/IPSec to secure HTTP connections. Free Android VPNs are cost-effective for developers, allowing secure testing across regions, maintaining security during remote work, and protecting data integrity in app testing. While some free VPNs may compromise user privacy, reputable providers offer secure options with no-log policies. Five recommended free Android VPNs for developers in 2025 include X-VPN, Proton VPN Free, Windscribe, TunnelBear, and Hideme, each with specific features suited for secure app development. Best practices for using free VPNs include verifying VPN protocols, enabling a kill switch, regularly auditing security settings, and using dedicated VPN profiles for app testing.

AppWizard

June 25, 2025

Russia set to develop national messaging app

Russian President Vladimir Putin has endorsed the development of a national messaging application aimed at enhancing digital communication within public institutions. The initiative addresses security concerns over popular messaging platforms like WhatsApp and Telegram. The Digital Development Ministry is leading the project, which may be inspired by China's WeChat and based on the Max application from Russian tech company VK. The app is expected to be pre-installed on new smartphones sold in Russia and mandated for use in public institutions.

AppWizard

June 23, 2025

Iran encourages citizens to use a messaging app previously flagged as a state surveillance tool

Iranian authorities are promoting the domestic messaging app Bale for communication with family abroad amid a near-total internet blackout since June 18, 2025. Bale has 16.5 million monthly active users as of May 2023, with increased adoption following restrictions on Western apps after 2022 protests. A security audit by the Open Technology Fund revealed critical vulnerabilities in Bale and two other Iranian messaging apps, Eitaa and Rubika, including the lack of end-to-end encryption (E2EE) and potential state surveillance through a state-owned service called the Message Exchange Bus (MXB). Bale's encryption could compromise sensitive data and shares location data during authentication. Experts recommend more secure alternatives like Signal and advise against using Bale for sensitive communications. Since the blackout, internet connectivity remains poor, with the government urging citizens to delete WhatsApp and imposing restrictions that have increased VPN usage by over 700%.

Winsage

May 22, 2025

Signal signals discontent with Microsoft Recall

Signal has activated Digital Rights Management (DRM) features within Windows to prevent Microsoft Recall from capturing screenshots of its chat windows. Recall has been criticized for its imprecise screenshot capturing, which affects sensitive communications. Signal's DRM solution ensures that Recall and other screenshot tools do not capture its content. The "Screen security" setting in Signal Desktop for Windows 11 is enabled by default, requiring users to confirm if they wish to disable it. Recall was initially criticized during its launch at Microsoft's 2024 Build event and has since been revised, remaining an opt-in feature with a "Preview" label. Microsoft claims users control what apps and websites are saved in snapshots.

AppWizard

May 8, 2025

Signal clone used by Trump team hacked, GlobalX flight data leaked

The messaging app TeleMessage, used by President Donald Trump’s national security advisor, has been suspended due to a reported security breach, raising concerns about the security of sensitive government communications. The app, a modified version of Signal, was halted after a hacker accessed message contents from its customized versions, although the communications of national security advisor Mike Waltz were reportedly not affected. TeleMessage's suspension follows a statement from its parent company, Smarsh, confirming an investigation into the security incident. Despite President Trump's criticism of Signal, the White House continues to defend it, highlighting its pre-installation on government devices. Concerns about privacy protections arise from TeleMessage's archiving features, which may compromise Signal's end-to-end encryption. Additionally, GlobalX, the airline involved in Trump’s deportation flights, experienced a hacking incident, resulting in the exposure of flight records and passenger lists.