A new strain of mobile malware found on an array of apps can pull out sensitive data – including audio recordings – from Android phones.

Google’s Android security team has turned a corner with 8.0 Oreo, reducing the attack surface, compartmentalizing components and beefing up protection against rogue apps.

Researchers say a variant of the notorious surveillance software called Pegasus has been targeting Android users allowing third parties to take screenshots, capture audio, read email and exfiltrate data from targeted phones.

The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed.

Google removed a family of malicious apps, Chamois, from its Play marketplace recently that were found manipulating ad traffic.

Researchers at Check Point found and remediated malware on 38 Android devices that were infected somewhere along the supply chain.

Google’s Android security director touts 2016 mobile OS security accomplishments from encryption, improved APIs and new developer testing tools at the RSA Conference.

Google this week explained how it weighs potentially harmful Android apps using the Verify Apps malware scanner and a scoring system it calls Dead or Insecure.

Attackers could exploit over-the-air updates in three million Android devices to remotely execute commands with root privileges via a man-in-the-middle (MiTM) attack.

The Quadrooter vulnerabilities made a lot of people take notice because the scale of affected Android devices (more than 900,000) put it on a level with Stagefright and other bugs that impact a large majority of the Android ecosystem. Some details on the four vulnerabilities were publicly disclosed at DEF CON in August by researchers...