Google has begun rolling out Android 17, the June Pixel Feature Drop, and Wear OS 7 simultaneously across supported Pixel phones and watches. Highlights include floating app bubbles, improved foldable multitasking and gaming, tighter location and contact permissions, stronger lost-device protections, new Pixel AI tools, and up to 10% better Pixel Watch battery life. PhoneArena reports: Pixel owners are the clear winners, since everything here reaches Pixel first and a lot of it goes back to the Pixel 6. Fold owners get the most toys, with the Bubble Bar and foldable gaming mode built for the big screen. Watch wearers get the quietly important upgrade. Better battery and Live Updates make an everyday wearable easier to rely on, especially if you keep it on overnight. Google's latest Pixel Drop combines several AI-powered tools with a broader slate of Android 17 upgrades. Pixel owners gain Lyria 3 for generating music from text or images, Gemini Omni for creating custom video clips, enhanced call translation and screening, AirDrop-compatible Quick Share, expanded Magic Cue support, and conversational photo editing. Android 17 builds on those additions with floating app Bubbles, selfie-camera Screen Reactions, and a split-screen gaming mode for foldables, while also strengthening privacy and security with more granular location and contact permissions, improved lost-device protection, tighter PIN-guessing limits, and enhanced threat detection. Other additions include expanded parental controls, separate assistant volume and app memory settings, and an option to hide app names for greater privacy. You can read more about everything new in Android 17 in Google's blog post.

Read more of this story at Slashdot.

A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations.

The post Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk appeared first on SecurityWeek.

Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks.

The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek.

Delivered via phishing lures, the malware combines financial theft with data exfiltration and remote access.

The post New BTMOB Android Malware Enables Full Device Takeover appeared first on SecurityWeek.

APPLE By Will Fastie Nineteen years after the introduction of the iPhone, I succumbed. It was an emergency purchase; I had not planned to do so for a few more months. But my Samsung Galaxy A53 5G received a One UI update, and performance crashed. Action was needed. The battery was bad, too. Having done […]

Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first.

The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it out.

“The new intrusion logging feature promises to be a major aid to digital forensics researchers undertaking investigations into sophisticated attacks on Android devices,” Amnesty International said in a Tuesday technical briefing. “This is the first time a major device vendor has released a feature specifically to enhance the ability to forensically detect and respond to advanced digital threats.”

To date, independent investigators have relied on records and often short-lived log files that weren’t meant for forensic use, and Amnesty said surveillance groups have grown increasingly aware of those forensic efforts. Intrusion Logging, a feature of Android Advanced Protection Mode, is designed specifically to keep track of possible intrusions for forensic purposes. It keeps records of security incidents like device unlocking, physical access and spyware installation and removal.

Google’s annual security and privacy update for Android phones mentions the feature and its development with Amnesty International, Reporters Without Borders and others. It also touts new protections against banking scam calls, other features for detecting suspicious activity on Android phones, additional privacy safeguards and more.

The firm has been working on the feature since announcing it last year.

“Intrusion Logging enables persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” wrote Eugene Liderman, director of Android security and privacy.

Intrusion Logging joins an expanding slate of features from tech companies to fight sophisticated attacks like those from commercial spyware, among them Apple’s Lockdown Mode and Memory Integrity Enforcement and WhatsApp’s Strict Account Settings.

Intrusion Logging “promises to help shift the balance to the advantage of defenders, providing civil society investigators with the key evidence needed to detect and expose some of the most advanced attacks facing journalists and activists,” said Donncha Ó Cearbhaill, head of the Amnesty International Security Lab, “With Intrusion Logging Google is the first major vendor to proactively address to challenge of detecting advanced attacks on device. By making more consensual forensic data available for researchers, we can make life more difficult for attackers and help civil society seek accountability when their devices are unlawfully targeted by spyware and mobile data extraction tools.”

The feature has some limitations, though, Amnesty said in its technical briefing. It requires Android 16 and is only available for now on Pixel devices; the device has to be linked to a Google account, and the logs may include sensitive information, like browser navigation history, so secure sharing of the logs is important.

The logs may also be deletable by attackers, Ó Cearbhaill told CyberScoop, but he said he understands there are plans to strengthen protections against that in future versions. And lots of attacks would be detectable in the logs where attackers wouldn’t necessarily have the root access needed to try to delete logs, he said.

To enable Intrusion Logging, users need to be using Android Advanced Protection Mode, and can find the feature at Settings > Security & privacy > Advanced Protection > Intrusion Logging. If users suspect some kind of security incident, they’ll need to export and share the logs with a forensic analyst.

The post Google and Amnesty International teamed up to make it harder for spyware vendors to hide appeared first on CyberScoop.

CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. 

The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek.

The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million.

The post Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge appeared first on SecurityWeek.

An apparent hack-for-hire campaign from a group with suspected Indian government connections targeted Middle Eastern and North African journalists and activists using spyware, three collaborating organizations said in reports published Wednesday.

The attacks shared infrastructure that pointed to the advanced persistent threat group known as Bitter, which most frequently targets government, military, diplomatic and critical infrastructure sectors across South Asia, according to conclusions from researchers at Access Now, Lookout and SMEX.

Each group took on a different piece of the puzzle:

• Access Now got calls on its helpline that led it to examine a spearphishing campaign in 2023 and 2024. It contacted Lookout for technical support about the malware it encountered.
• Lookout attributed the malware to Bitter, concluding it was a likely hack-for-hire campaign, using the Android ProSpy spyware.
• SMEX dived into a spearphishing campaign targeting a prominent Lebanese journalist last year, collaborating with Access Now to discover shared infrastructure between the campaigns.

One of the victims, independent Egyptian journalist Mostafa Al-A’sar, said he contacted Access Now after receiving a suspicious link from someone he’d been talking to about a job position. He was skeptical because his phone had been targeted before, when he was arrested in Egypt in 2018.

The lesson for journalists and civil society groups is that cybersecurity “is not a luxury,” he said.

“I feel like I’m threatened,” Al-A’sar said, and even though he was living in exile, he feels like “they are still following me. I also felt worried about my family, about my friends, about my sources.”

The combined research found a wider campaign than just the original victims.

“Our joint findings expose an espionage campaign that has been operational since at least 2022 until present day primarily targeting civil society members and potentially government officials in the Middle East,” Lookout wrote. “The operation features a combination of targeted spearphishing delivered through fake social media accounts and messaging applications leveraging persistent social engineering efforts, which may result in the delivery of Android spyware depending on the target’s device.”

The Committee to Protect Journalists condemned the campaign.

“Spying on journalists is often the first step in a broader pattern of intimidation, threats, and attacks,” said the group’s regional director, Sara Qudah. “These actions endanger not only journalists’ personal safety, but also their sources and their ability to do their work. Authorities in the region must stop weaponizing technology and financial resources to surveil journalists.”

Access Now said it didn’t have enough information to attribute who was behind the attacks it identified.

ESET first published research on the ProSpy malware last year, after finding it targeting residents of the United Arab Emirates.

The post Hack-for-hire spyware campaign targets journalists in Middle East, North Africa appeared first on CyberScoop.

This blog will cover how to root an AVD emulator and a physical Pixel 6. But before we cover those topics, let's cover what it is we will be doing and some of the pro/cons of rooting an Android phone.

The post How to Root Android Phones appeared first on Black Hills Information Security, Inc..

Hey guys, my name is Connor. I am a web developer here at BHIS who also loves hacking phones. Particularly, Android phones! Today, I am going to show you the basics […]

The post How to Install LineageOS on Your Android Device  appeared first on Black Hills Information Security, Inc..

Every Android application has a “manifest.xml” file located in the root directory of the APK. (Remember APKs are just zip files.) The manifest file is like a guide to the application.

The post Field Guide to the Android Manifest File appeared first on Black Hills Information Security, Inc..

Jeff Barbi // *Guest Post Background Unless you’re pentesting mobile apps consistently, it’s easy for your methodologies to fall out of date. Each new version of Android brings with it […]

The post Start to Finish: Configuring an Android Phone for Pentesting appeared first on Black Hills Information Security, Inc..

Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the […]

The post Embedding Meterpreter in Android APK appeared first on Black Hills Information Security, Inc..

Joff Thyer // Editor’s Note:  This is part 2 of a 3 part series.  Part 1 discussed configuring your virtual machine engine and virtual hardware emulation.  Part 2 (this part) covers […]

The post Android Dev & Penetration Testing Setup – Part 2: Installing Android Studio appeared first on Black Hills Information Security, Inc..

Joff Thyer // Editor’s Note:  This is part 1 of a 3 part series.  Part 1 will discuss configuring your virtual machine engine and virtual hardware emulation.  Part 2 covers installing […]

The post Android Dev & Penetration Testing Setup – Part 1 appeared first on Black Hills Information Security, Inc..