Location updates in Android 11 | Android Developers
To further protect user privacy, Android 11 adds one-time| Android Developers
To further protect user privacy, Android 11 adds one-time| Android Developers
A content provider manages access to a central repository of data. A provider| Android Developers
Android 13 (API level 33) and higher supports a| Android Developers
The code samples, guides, and API reference you need—whether you're building for phones, watches, tablets, laptops, foldables, TVs, cars, or XR. Take advantage of these resources to develop your app faster, with higher quality.| Android Developers
Learn about the new features and APIs for developers in Android 13.| Android Developers
We conducted the first analysis of WeChat’s tracking ecosystem. Using reverse engineering methods to intercept WeChat’s network requests, we identified exactly what types of data the WeChat app is sending to its servers, and when. This report is part one of a two-part series on a privacy and security analysis of the WeChat ecosystem.| The Citizen Lab
On devices that run Android 4.4 (API level 19) and higher, your app can interact| Android Developers
A special permission guards access to system resources that are particularly| Android Developers
As mentioned in the workflow for using| Android Developers
Not all Android apps are created equal. The Settings app on an Android device, for example, can change numerous things that no “normal” app can, regardless of how many permissions that app requests. Apps with special privileges like Settings are often called “system apps.” But what makes an app a “system app”? In answering that question for ourselves, we noticed that AOSP’s resources on the subject are disparate and assume a great deal of Android internals knowledge. We wrote th...| Meta Red Team X
We have discovered a vulnerability in Android that allows an attacker with the WRITE_SECURE_SETTINGS permission, which is held by the ADB shell and certain privileged apps, to execute arbitrary code as any app on a device. By doing so, they can read and write any app’s data, make use of per-app secrets and login tokens, change most system configuration, unenroll or bypass Mobile Device Management, and more. Our exploit involves no memory corruption, meaning it works unmodified on virtually ...| Meta Red Team X
Android 10 (API level 29) introduces a number of features and behavior changes| Android Developers
If your app targets Android 11 (API level 30) or higher, and the user doesn't| Android Developers
Every Android app runs in a limited-access sandbox. If your app needs to use| Android Developers
Android is a very secure and robust operating system out of the box. This post will be less of a “hardening guide”, but more of a non-exhaustive list of tips when it comes to buying and using Android phones. Android Devices Recommended Phones Google Pixel phones are the only devices I would recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google’s c...| privsec.dev
F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software. F-Droid is often recommended among security and privacy enthusiasts, but how does it stack up against Play Store in practice? This write-up will attempt to emphasize major security issues with F-Droid that you should consider. Before we start, a few things to keep in mind: The main goal of this write-up was to inform users so they can make responsib...| privsec.dev
One key component of the Tracking the Trackers project is building a machine learning (ML) tool to aide humans to find tracking in Android apps. One of the most important pieces of developing a machine learning tool is figuring out which “features” should be fed to the machine learning algorithms. In this context, features are constrained data sets derived from the whole data set. In our case, the whole data set is terabytes of APKs.| Guardian Project
