system applications Archives

AppWizard

February 17, 2026

New Keenadu backdoor found in Android firmware, Google Play apps

A sophisticated Android malware named Keenadu has been discovered embedded in the firmware of various device brands, compromising all installed applications and granting unrestricted control over infected devices. It employs multiple distribution methods, including compromised firmware images delivered over-the-air, access via backdoors, embedding in system applications, modified applications from unofficial channels, and infiltration through apps on Google Play. As of February 2026, Keenadu has been confirmed on approximately 13,000 devices, primarily in Russia, Japan, Germany, Brazil, and the Netherlands. The firmware-integrated variant remains dormant if the device's language or timezone is associated with China and ceases to function without the Google Play Store and Play Services. While currently focused on ad fraud, Keenadu has extensive capabilities for data theft and risky actions on compromised devices. A variant embedded in system applications has limited functionality but elevated privileges to install apps without user notification. The malware has been detected in the firmware of Android tablets from various manufacturers, including the Alldocube iPlay 50 mini Pro. Kaspersky has detailed how Keenadu compromises the libandroid_runtime.so component, making it difficult to remove with standard Android OS tools. Users are advised to seek clean firmware versions or consider replacing compromised devices with products from trusted vendors.

AppWizard

January 27, 2026

Google Play Store not showing Android, Pixel system app updates [U]

Users have reported that the Google Play Store is not displaying available updates for certain system-level applications when automatic updates are turned off. As of January 22, 2026, several Google applications do not appear in the Pending downloads list, although users can still see an “Update” option in the app's listing. Applications such as Android System Intelligence, Google Partner Setup, and Settings Services have resolved this issue, with updates accessible through the Settings app. On September 4, 2024, the issue was reported to affect YouTube, where users received notifications about updates but found none in the Pending downloads screen. On July 11, the problem was noted again with Google Partner Setup, which is crucial for devices running Google Mobile Services, and devices running Android 7 or earlier will not receive updates for this app. On July 1, users were alerted to a missing update for Google’s Data Restore Tool, which can only be updated through a direct link in the Play Store. The original issue was first observed on February 6, leading to confusion among users due to discrepancies between notifications and actual update availability. This situation may reflect a strategic shift by Google regarding the management of system-level applications within the Play Store, requiring users who disable automatic updates to manually check for updates.

AppWizard

January 26, 2026

Google Play Store not showing Android, Pixel system app updates [U]

Users of the Google Play Store have reported that when automatic updates are disabled, updates for certain system-level applications do not appear in the Pending downloads list. As of January 22, 2026, affected Google applications include Android System Intelligence, Google Partner Setup, and Settings Services, which can still be updated by visiting their app listings directly. On September 4, 2024, the issue also began affecting YouTube, where users receive update notifications but do not see them in the Pending downloads screen. Google Partner Setup, crucial for devices using Google Mobile Services, is experiencing the same visibility issue and cannot be disabled or deleted. Devices running Android 7 or earlier will not receive updates for this app. Additionally, on July 1, users noted a missing update for Google’s Data Restore Tool, which can only be updated via a direct link from the Play Store. The visibility issue has affected various system applications, leading to confusion over available updates. This situation may indicate a strategic shift by Google regarding the management of updates for system-level applications.

Winsage

January 9, 2026

Someone recreated the Windows 8 Start menu in Linux for some reason

A developer has recreated the Windows 8.1 tiled Start menu for Linux, which is a Python-based application that supports flatpaks, Steam, and native apps. The tiles are movable and customizable in color. The project requires PyQt6 6.10.1 and pynput 1.8.1 to run and has been shared on Pastebin. It aims to replicate about 80% of the original Windows 8 Start menu's functionality, excluding search mode and larger tiles. The menu can be activated with the "super+p" command and remains in the system tray until then. The project has received significant interest, amassing 627 upvotes on a subreddit post.

AppWizard

December 15, 2025

Google Makes Uninstalling System App Updates More Complicated Than It Needs to Be

Google has removed the "Uninstall updates" button from the Play Store interface for core system apps, requiring users to navigate through the Settings app to roll back updates. This change affects several key system applications, including Android Auto, Android System WebView, and Pixel Camera Services. Users can now only find an "Open" button in the Play Store for these apps. To uninstall updates, users must long-press the app icon, select "App info," tap the three-dot menu, and choose "Uninstall updates." This alteration adds complexity to the process of reverting to earlier app versions.

AppWizard

November 14, 2025

Malicious Android Photo Frame App Gives Hackers Full Device Control Without User Action

A security assessment has revealed that digital photo frames using Uhale technology are vulnerable to a new class of malicious Android applications that can take control of devices without user interaction. The pre-installed Uhale app can silently download and execute malware during device booting or software updates due to insecure connections and improper certificate verification. Attackers can intercept network traffic to execute remote code with a critical CVSS score of 9.4, allowing access to private photos and the potential to create botnets. Many affected devices run outdated Android versions (6.0/6.0.1) with SELinux disabled and rooted by default, facilitating privilege escalation and persistent malware installation. Additionally, the Uhale app's unsecured local network file transfer feature allows attackers on the same network to send malicious files or delete files without user consent. Researchers emphasize the need for improved software security in consumer electronics, urging manufacturers to adopt modern Android builds and enforce security protocols. Users are advised to disconnect or update their devices to mitigate risks.

AppWizard

October 14, 2025

Google tried to kill this Pixel VoLTE-enabling app, but the developer already has a fix

In early 2023, a Korean developer launched the "Pixel IMS" app, enabling VoLTE and VoWiFi on unsupported carriers for Pixel users. A recent Google update in October 2025 disrupted this functionality by closing a loophole that allowed the app to access the overrideConfig API, resulting in the app crashing when users tried to toggle these features. The overrideConfig API is restricted to apps with the MODIFYPHONESTATE permission, typically reserved for privileged system applications. The Pixel IMS app had previously used Shizuku, an open-source tool, to gain elevated privileges and access the API. Google reclassified the loophole as a high-severity privilege escalation vulnerability but did not include it in the latest security bulletin. The update added a check to the overrideConfig API, blocking access from the shell user. In response, the developer created a workaround that indirectly calls the API through an Instrumentation component, circumventing the restriction. However, this workaround is vulnerable to future patches from Google, which could remove the necessary permissions from the shell app.

Winsage

October 3, 2025

Microsoft is building a new OneDrive app for Windows 11 complete with redesigned gallery interface — here’s your first look

Microsoft is developing a new dedicated OneDrive app for Windows 11, featuring a modern interface focused on photo and video viewing, file management, and editing capabilities. The app was discovered through leaks revealing an executable file named OneDrive.app.exe. Upon launch, it presents a new OneDrive icon on the Taskbar and showcases a photo library with a design that combines Fluent Design principles and web aesthetics. Key features include a Copilot functionality for quick access to chat about files, a gallery tab for photo and video editing, and a Moments feature that displays curated images from previous years. The app has a redesigned gallery mode with a floating menu bar for editing or deleting photos and includes built-in editing tools similar to those in the Windows Photos app. Despite its appealing design, there are questions about its necessity since OneDrive is already integrated into File Explorer and the Photos app. Initial impressions indicate the app performs well for a web-based application, with a scheduled OneDrive event on October 8 that may provide more information about its rollout.

AppWizard

October 2, 2025

Signal Messenger Impersonated in ‘ProSpy’ Android Spyware Campaign

ESET researchers have identified two Android spyware campaigns, ProSpy and ToSpy, which masquerade as secure messaging apps, Signal and ToTok. These malware families were first detected in June 2025 and are distributed through phishing websites and fake app marketplaces. ProSpy, which mimics a “Signal encryption plugin” or an enhanced ToTok, extracts sensitive user information, including SMS messages, contacts, and device metadata, after gaining permissions. It disguises itself as “Play Services” to avoid detection. ToSpy, discovered concurrently, seeks to capture specific files related to ToTok backups and collects various document types. Both malware types maintain long-term access to infected devices and have been reported to Google, resulting in Play Protect blocking their known variants. The main targets of these campaigns are users in the United Arab Emirates.

AppWizard

September 30, 2025

Fire Toolbox 42 lets you make recent Amazon Fire tablets feel more like Android tablets (Disable & replace Amazon apps with

Amazon's Fire Tablets are affordable devices that run on a customized version of Android called Fire OS, which is integrated with Amazon's services. Users have sought to modify their Fire tablets, and a new exploit in Fire Toolbox v42 for Windows and v12 for Linux allows enhanced control over system applications without granting root access. This version enables users to block over-the-air updates, ensuring modifications remain intact. Users must enable developer mode, connect their tablet to a PC, and use Fire Toolbox for modifications. Important considerations include the lack of support from Amazon for any issues arising from these modifications. Users are advised to block OTA updates to maintain customization capabilities.