vulnerability on xda-developers- XDA Developers

Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months

Mishaal Rahman March 2, 2020

On the first Monday of every month, Google publishes the Android Security Bulletin, a page that discloses all the security vulnerabilities and their patches submitted by Google themselves or other third-parties. Today was no exception: Google just made public the Android Security Bulletin for March 2020. One of the vulnerabilities that are documented in the...

Google Camera and Samsung Camera apps exposed camera and video intents to third-party apps

Aamir Siddiqui November 20, 2019

When compared to iOS, Android provides applications a lot of ways to interact with each other, enabling developers to build some of the more common Android features we have come to expect and love. This is made possible thanks to Android's Intent system, which allows any app to send any intent it wants, and allows...

Google now pays more for disclosing vulnerabilities in Chrome, Chrome OS, and some Play Store apps

George Burduli July 18, 2019

One of the hardest aspects of maintaining a cross-platform product is ensuring its security. Vulnerabilities can be exploited on various platforms in various scenarios, and it's almost impossible for literally any company's security department to fix all of them on their own. That's why companies often use vulnerability disclosure rewards programs, which basically means giving...

Huawei opens a Vulnerability Reward Program with a max payout of ~$143,000

Adam Conway December 3, 2018

Mobile security is important for a number of reasons, no less because most of our personal lives now reside on our smartphones. From photographs to social media, anybody with malicious access to your device could, in theory, cause a number of problems in your life. That's why it's important to make sure you have the...

Fortnite Installer could be abused to silently install apps on Galaxy phones

Mishaal Rahman August 24, 2018

The launch of Fortnite Mobile on Android hasn't been too great, especially since many of the supported devices really struggle to play the game with acceptable frame rates. The game launched as a Samsung Galaxy exclusive for only 3 days. The Fortnite Installer was first available on Samsung Galaxy Apps before Epic Games allowed non-Samsung...

Google acquires GraphicsFuzz, a firm which specializes in testing GPU reliability

Mishaal Rahman August 6, 2018

Google has acquired GraphicsFuzz to improve GPU reliability within the Android ecosystem. GraphicsFuzz is a firm that specializes in testing GPU reliability by creating graphics driver testing technologies that can be used to find bugs in graphics drivers. The firm then discloses these bugs to GPU vendors, OEMs, or any other involved parties and works...

Many Android email apps and PayPal are vulnerable to recipient spoofing

Max Weinbach July 13, 2018

A couple of months ago, we covered a story about a Google Inbox spoofing design flaw found by Eli Grey. It would allow for people to send mailto links that would spoof the recipient of the email. This could be used for tricking people to send emails to a different address than the one shown. The...

OxygenOS 5.1.7 update for the OnePlus 6 fixes bootloader vulnerability

Adam Conway June 15, 2018

Following a slew of updates for the OnePlus 6 since its launch, OxygenOS 5.1.7 is the first to offer strictly bug fixes and security enhancements. The first big fix for this update pertains to the bootloader vulnerability uncovered by a security researcher last week. It has been patched with an updated bootloader, so users are...

[Update: Fix] Bootloader Protection Bypass Discovered on OnePlus 6 (requires physical access)

Mishaal Rahman June 9, 2018

The OnePlus 6 was made official in the middle of last month. The device has only recently started to make its way into the hands of consumers and developers on our forums, and already we're hearing about the work that's being done. An official build of TWRP is already available and work is progressing nicely...

LastPass Authenticator Update Fixes a Serious Security Vulnerability

Idrees Patel December 29, 2017

LastPass is one of the most popular password managers on Android, and for good reason: It's incredibly secure. But the same couldn't be said of LastPass Authenticator, its companion application, which made headlines when a security researcher discovered a serious vulnerability in its code. Luckily, it was patched this week. LastPass Authenticator offers 2FA on LastPass...

Janus Vulnerability Allows Attackers to Modify Apps without Affecting their Signatures

Idrees Patel December 11, 2017

Android is installed on a huge large number of devices, and that makes it a target for malicious attackers. Vulnerabilities in Google's mobile operating system continue to be discovered every month, but the good news is that Google is usually diligent about fixing them in regular security patches which are then offered to OEMs, who...

New Android Vulnerability Tricks Users Into Recording Their Screen

Idrees Patel November 15, 2017

Android is on billions of devices worldwide, and new vulnerabilities are discovered every day. Now, an exploit discovered by MWR InfoSecurity details how applications in Android versions between 5.0 and 7.1 can trick users into recording screen contents without their knowledge. It involves Android's MediaProjection framework, which launched with 5.0 Lollipop and gave developers the ability to capture...

Notifications

My Devices (edit)

VULNERABILITY Posts on XDA

Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months

Google Camera and Samsung Camera apps exposed camera and video intents to third-party apps

Google now pays more for disclosing vulnerabilities in Chrome, Chrome OS, and some Play Store apps

Huawei opens a Vulnerability Reward Program with a max payout of ~$143,000

Fortnite Installer could be abused to silently install apps on Galaxy phones

Google acquires GraphicsFuzz, a firm which specializes in testing GPU reliability

Many Android email apps and PayPal are vulnerable to recipient spoofing

OxygenOS 5.1.7 update for the OnePlus 6 fixes bootloader vulnerability

[Update: Fix] Bootloader Protection Bypass Discovered on OnePlus 6 (requires physical access)

LastPass Authenticator Update Fixes a Serious Security Vulnerability

Janus Vulnerability Allows Attackers to Modify Apps without Affecting their Signatures

New Android Vulnerability Tricks Users Into Recording Their Screen

Latest XDA News

Firefox for Android ditches Preview builds to simplify releases

OnePlus Nord, Samsung Galaxy Note 20, POCO M2 Pro, and ASUS ROG Phone 3 forums are open

Chrome is switching to 64-bit on Android 10

10 Incredible Deals on the Web This Fourth of July Weekend

Motorola One Fusion, Realme X50 5G, and Samsung Galaxy Z Flip 5G forums are open

From the Forums

Warden is an open source app from the developer of Aurora Store that lets you disable trackers/loggers [Root]

DiscoverKiller is an Xposed Module that replaces the Google Discover feed with whatever you want

Kirisakura custom kernel for the OnePlus 8 Pro enables Control Flow Integrity (CFI) for better security

AniWeather is a beautiful new weather app for Android focused on animations and simplicity

Paranoid Android releases beta builds for the OnePlus 8 and OnePlus 8 Pro

UBports GSI brings Ubuntu Touch to any Project Treble-supported Android device

Here are Android 11’s new emojis that you can install right now [Root]

Suggested Apps

Official XDA Forum App

Navigation Gestures

XDA Labs

VULNERABILITY Posts on XDA

Subscribe to XDA

Latest XDA News

From the Forums

Suggested Apps