timeline Archives

AppWizard

July 9, 2025

TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions

A new Android vulnerability named TapTrap allows malicious applications to bypass the operating system's permission system without requiring special permissions. It exploits activity transition animations to mislead users into granting sensitive permissions or executing harmful actions. Researchers from TU Wien analyzed 99,705 applications on the Google Play Store and found that 76.3% are susceptible to this attack. TapTrap uses low-opacity animations (approximately 0.01 alpha) to make sensitive permission dialogs nearly invisible while still registering touch events. The attack can last up to six seconds and can lead to unauthorized access to critical functionalities like the camera and microphone, and even device administrator privileges. TapTrap bypasses existing defenses against tapjacking in Android, affecting popular web browsers as well. A user study showed that all participants failed to detect at least one variant of the attack. As of June 2025, Android 15 remains vulnerable, with no timeline for a comprehensive fix. The vulnerability has been assigned two CVEs, and researchers disclosed their findings to Google in October 2024. They propose solutions to mitigate the risks, including blocking touch events during low-opacity animations and setting an opacity threshold of 0.2.

AppWizard

July 9, 2025

Researchers Warn: This Android Animation Glitch Lets Apps Spy, Snap, and Steal… Undetected

A technique for Android devices called TapTrap allows malicious applications to intercept user taps without requiring special permissions. It uses transparent screen transitions to mislead users into triggering hidden actions. Devices running Android versions 15 and 16 are particularly vulnerable. TapTrap operates by overlaying a nearly transparent screen on top of another application, making it appear as if users are interacting with one app while their taps are registered by the hidden screen. A study of around 100,000 Android applications revealed that approximately 76 percent contained screens vulnerable to TapTrap. The researchers successfully executed the attack on a Google Pixel 8a running Android 16. Google has acknowledged the issue and plans to include a fix in a future software update, but no specific timeline has been provided. Users can enhance their security by disabling animations in their system settings.

AppWizard

July 9, 2025

Google is sprucing up Android’s photo picker in a big way

Android's Photo Picker is receiving an update that introduces a search bar to help users locate specific images more easily. This feature is currently being tested with a select group of users and will be positioned above the Photos and Collections tabs. Additionally, Google is developing a timeline slider to improve navigation through large photo libraries. The update aims to enhance user experience by allowing users to search for photos using keywords and maintain privacy by enabling users to select which photos, GIFs, or videos they wish to share without giving apps access to their entire gallery.

Winsage

July 9, 2025

Windows 11 25H2 adds tool to debloat the OS and remove built-in apps

Windows 11 version 25H2 introduces a feature called Remove Default Microsoft Store Packages, allowing users, particularly IT administrators, to remove preinstalled Microsoft applications such as Camera, Sound Recorder, Windows Media Player, Xbox, Windows Terminal, and Notepad. This feature is accessible under Computer Configuration > Administrative Templates > Windows Components > App Package Deployment and simplifies the uninstallation process compared to previous methods like PowerShell. Users may still see non-functional shortcuts in the Start menu after removal. The first preview build of version 25H2 was released recently, and a public release is expected later this year. Similar uninstall features will also be available in version 24H2, though disabled by default. Windows 11 has recently surpassed Windows 10 in user base, partly due to the upcoming end of Windows 10 support.

AppWizard

July 8, 2025

Call of Duty: WW2 on PC Game Pass yanked offline amid reports security exploits are leaving players with screens full of smut

Activision has temporarily removed the PC Game Pass version of Call of Duty: WW2 due to reports of an unspecified issue, with concerns raised about a potential remote code execution (RCE) exploit causing disruptive app pop-ups, unexpected PC shutdowns, and inappropriate content. The game is unavailable on both the Game Pass and Microsoft Store but remains accessible on Steam and Battle.net. Community feedback indicates that the game may be vulnerable to RCE exploits, allowing malicious actors to execute harmful code on players' systems. A notable incident involved streamer Wrioh, who reported being "hacked," with a video showing a pop-up claiming, "just RCE'd your ass," and a change to their desktop wallpaper. The VX-Underground malware research collective shared images of an alleged RCE attack, highlighting an "unpatched RCE exploit" and instances of trolling with pop-ups and inappropriate content. VX-Underground speculated that the attacker could deploy various forms of malware, though their primary intent seems to be creating chaos. As of now, Call of Duty: WW2 for PC Game Pass and the Microsoft Store remains offline, with no updates from Activision on its return.

AppWizard

July 8, 2025

Android Auto’s Spotify update adds new playlist options for long trips

Spotify has updated its app to enhance collaboration with Android Auto, introducing the Spotify Jam feature that allows all vehicle passengers to contribute to a shared playlist by scanning a QR code. This feature is available to anyone, including those with free Spotify accounts, while the connected device must have a Spotify Premium account. The update also includes visual enhancements, such as a new floating Search button for easier access to a voice-powered search page, allowing users to select tracks from a list of results instead of automatically playing a suggested track. Additionally, the Downloaded section in the Spotify library has been made more prominent, with indicators for offline tracks, improving access for users mindful of data usage. Users can access these features by updating the Spotify app on their smartphones, with similar enhancements planned for vehicles with built-in Android Auto in the future.

Winsage

July 7, 2025

Oh dear – Microsoft Windows Firewall was found to be complaining about…Microsoft code?

Microsoft has acknowledged an issue with Windows Firewall following the June 2025 preview update of Windows 11 24H2 (KB5060829, OS Build 26100.4484). Users may encounter an error event labeled 'Config Read Failed' with the message 'More data is available' each time they restart their device. Microsoft assures that this does not indicate a malfunction within Windows Firewall and can be disregarded. The issue is linked to a feature under development, and no timeline for a fix has been provided. Additionally, there is another issue affecting the display of Chinese, Japanese, and Korean characters at 96 DPI in Chromium-based browsers, which Microsoft is working on with Google.

AppWizard

July 7, 2025

Report says ByteDance is creating a new TikTok US version to quell ‘concerns’

ByteDance is developing a U.S.-specific version of TikTok to address concerns from the U.S. government about the app's ties to China and user data handling. This new application is expected to launch on September 5, before a potential ban on September 17. There are over 170 million TikTok users in the U.S., making the transition to a new app complicated. The U.S. government has expressed concerns about TikTok's data collection and potential propaganda dissemination. The House passed a bill requiring TikTok to either sell to a U.S. company or face a ban. ByteDance prefers not to divest TikTok and has been granted extensions to operate in the U.S. until September 17.

AppWizard

July 7, 2025

Google Gemini app gains automatic Android access to phone and messaging data

On July 7, 2025, Google Gemini app users experienced automatic activation of permissions for accessing phone calls, messaging services, WhatsApp, and system utilities on Android devices, following a privacy policy update on June 11, 2025. This change affects millions of users globally and allows user data to be reviewed by humans for AI training. Users can disable these permissions through the app's settings, but the option to opt-out is criticized for being difficult to find. Legal experts have raised concerns about compliance with GDPR regulations due to the lack of explicit user consent for these changes. The data collected supports machine-learning development and may be retained for up to three years, even after users delete their activity.

Winsage

July 7, 2025

Oh dear – Microsoft Windows Firewall was found to be complaining about…Microsoft code?

Microsoft acknowledged an issue with Windows Firewall following the June 2025 preview update of Windows 11 24H2 (KB5060829), which generates "Config Read Failed" error messages in security event logs. Despite frequent logging upon device restarts, Microsoft stated that this does not indicate a malfunction of Windows Firewall and can be ignored. The issue is linked to an under-development feature, and no resolution timeline has been provided. Additionally, there is a problem with displaying Chinese, Japanese, and Korean characters at 96 DPI in Chromium-based browsers, which Microsoft is working on with Google.