CVE-2024-54134

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

Google Sues App Developers Over Fake Crypto Investment App Scam

Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of...

Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials

Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors...

Google Bringing the Android App Permissions Section Back to the Play Store

Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of...

Google Removes "App Permissions" List from Play Store for New "Data Safety" Section

Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which...

Google's New Safety Section Shows What Data Android Apps Collect About Users

Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user...

Limiting your exposure to location data resellers

Location data is valuable, just ask Huq Industries, who make a living out of selling your location information, then found that the apps they bought it from hadn’t asked the end users permission to have it! Naughty! The organisations they sell it to use it for better marketing, to get a better...

Payment API Bungling Exposes Millions of Users’ Payment Data

App developers have once again been accused of having butterfingers when it comes to API keys, leaving millions of mobile app users at risk of exposing their personal and payment data. CloudSEK, maker of artificial intelligence- AI- enabled digital threat protection, reported last week that the...

Fake Trezor app steals more than $1 million worth of crypto coins

Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake app with the same name. The app was available on Google Play and Apple’s App Store and also claimed to be from SatoshiLabs, the creators of Trezor. According to the Washington Post, th...

Facebook exposed user data to thousands of app developers

By Zara Khan Facebook 'Privacy Matters' reveals 5000 app developers accessed user data. This is a post from HackRead.com Read the original post: Facebook exposed user data to thousands of app developers...

Official Government COVID-19 Mobile Apps Hide a Raft of Threats

A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. However, they’re also putting people’s privacy and the security of their data at risk, researchers have found. Security researchers at the ZeroFO...

Google’s War on Android App Permissions, 60 Percent Successful

Overzealous Android apps that needlessly ask for permissions to handset resources such as contact lists and location data are not only obnoxious, but also potential privacy threats. To address this hot-button issue with Android users Google implemented a strict permission policy designed to curb...

Facebook Reveals New Data Leak Incident Affecting Groups' Members

Facebook today revealed yet another security incident admitting that roughly 100 app developers may have improperly accessed its users' data in certain Facebook groups, including their names and profile pictures. In a blog post published Tuesday, Facebook said the app developers that unauthorized...

Facebook Reveals New Data Leak Incident Affecting Groups' Members

Facebook today revealed yet another security incident admitting that roughly 100 app developers may have improperly accessed its users' data in certain Facebook groups, including their names and profile pictures. In a blog post published Tuesday, Facebook said the app developers that unauthorized...

Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica

Facebook said it has suspended tens of thousands of apps as part of its ongoing investigation into how third-party apps on its platform collect, handle and utilize users’ personal data. The results of the investigation, launched in March 2018 in response to Facebook’s infamous Cambridge Analytica...

Facebook Sues Two Android App Developers for Click Injection Fraud

Facebook has filed a lawsuit against two shady Android app developers accused of making illegal money by hijacking users' smartphones to fraudulently click on Facebook ads. According to Facebook, Hong Kong-based 'LionMobi' and Singapore-based 'JediMobi' app developers were distributing malicious...

Is 'Sign in with Apple' Marketing Spin or Privacy Magic? Experts Weigh In

Apple’s “Sign in with Apple” feature promises to protect user privacy – and while many are looking at that claim as more of a marketing move than anything else, authentication experts say it has the potential to have an enormous impact on the data privacy ecosystem. The giant from Cupertino took...

Google Makes it Tough for Rogue App Developers Get Back on Android Play Store

Even after Google's security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existin...

Google Gives Users More Choice with Location-Tracking Apps

Anyone who uses a mobile app knows how convenient the features that use location data can be, from getting turn-by-turn directions and finding nearby restaurants to fitness-tracking and weather integration. But these rich mobile “experiences” – as app developers call them – can be a double-edged...

How Facebook Tracks Non-Users via Android Apps

LEIPZIG, GERMANY – If you quit Facebook or never joined because of its data collecting practices the odds are good the social network is still tracking you – despite your protest. Facebook collects data of non-users of its social network via dozens of mainstream Android apps that send tracking an...