Mastodawn

Signal vs Wire — binary analysis of both APKs (apktool, strings, ELF inspection).

The gap is larger than most people think:

Signal: Rust core (libsignal_jni.so), Kyber-1024 post-quantum hybrid ratchet, SQLCipher for at-rest encryption, SVR with Intel SGX attestation, IME_FLAG_NO_PERSONALIZED_LEARNING (keyboard can't index your messages), zero third-party trackers.

Wire: Kotlin/Ktor, no hardened native core (more accessible to Frida), no SQLCipher (messages extractable in plaintext on rooted devices), no post-quantum, Segment SDK for behavioural telemetry.

But the finding that surprised me most:

Wire APKs from unofficial stores (Uptodown et al.) contain additional tracking workers and ACCESS_SUPERUSER permission requests not present in the official build. Supply chain integrity is not a footnote — it's the threat model.

Conclusion: Signal is the only one of the two suitable for threat models involving physical or administrative device compromise.

soon the full paper

#infosec #AndroidSecurity #Signal #Wire #ReverseEngineering #mobileforensics #supplychain #MASA

Caria Giovanni - Harpocrates 2d ago

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

TechNadu 2d ago

Android 17 is tightening Accessibility API access to stop malware from abusing system permissions.

The update integrates with Advanced Protection Mode to reduce privilege escalation and limit sensitive data access.

https://www.technadu.com/android-17-restricts-accessibility-api-to-prevent-malware-from-requesting-excessive-permissions/623574/

#AndroidSecurity #Infosec #MobileSecurity

Show thread

Android Faithful 4d ago

Florence Ion wrote it up in full in this week's Android Faithful newsletter. It's free, it drops every Friday, and it's the sharpest Android coverage out there.
Get the details and Subscribe → https://www.androidfaithful.com/androids-biggest-spring-cleaning-in-years/

#Android #InfoSec #CVE #ProjectMainline #AndroidSecurity

Android's Biggest Spring Cleaning in Years

A record-breaking 129 reasons why Project Mainline is paying off.

Android Faithful

Tom's Hardware Italia 4d ago

🔒 L'attesa è finita! Scopri i migliori VPN Android dal nostro ultimo aggiornamento di marzo 2026: sicurezza & velocità garantite! #MiglioriVPN #AndroidSecurity

🔗 https://www.tomshw.it/hardware/migliori-vpn-per-android

Migliori VPN Android (marzo 2026)

Se vi occorre una VPN per Android, abbiamo stilato l'elenco dei migliori servizi VPN da utilizzare con il vostro smartphone o tablet.

Tom's Hardware

TechNadu 5d ago

⚠️ Android threat landscape evolving.
Researchers discovered new malware families targeting banking apps and crypto wallets:
PixRevolution, BeatBanker, TaxiSpy RAT, Mirax, Oblivion RAT, SURXRAT.

Capabilities include:
• Real-time payment hijacking
• Overlay attacks
• Remote device control
• AI experimentation in malware samples

Source: https://thehackernews.com/2026/03/six-android-malware-families-target-pix.html

Follow TechNadu for more cybersecurity threat intelligence updates.

#InfoSec #AndroidSecurity #MalwareResearch #CyberThreats

The Daily Perspective 6d ago

Critical Android flaw puts 25% of phones at risk of crypto theft

#AndroidSecurity #CryptoCurrency #DataBreach #AusNews

https://thedailyperspective.org/article/2026-03-11-critical-android-flaw-puts-25-of-phones-at-risk-of-crypto-theft-1454b81d

Critical Android flaw puts 25% of phones at risk of crypto theft

Critical hardware flaw in MediaTek Android phones lets attackers steal crypto seed phrases in seconds with physical access. Affects budget devices globally.

The Daily Perspective

Anastasis Vasileiadis Mar 11

🚨 Your Android Phone Can Turn Into a Cybersecurity Lab… 📱🐉

Most people think penetration testing requires a powerful computer.
But tools like ANDRAX-NG are changing that.

The new ANDRAX-NG v1002 pre-stable update brings improvements that turn your Android device into a portable security testing environment.

⚡ In this reel you’ll see:

📱 A mobile pentesting platform running on Android
⚔️ Powerful cybersecurity tools in your pocket
🚀 A preview of the new ANDRAX-NG update

Your smartphone can become a portable hacking lab for learning cybersecurity.

⚠️ Demonstration for educational and authorized security research only.

👉 Don’t comment yet
🔁 Share this reel first to support my work
💬 Then comment ANDRAX and tell me what you want to see next

#CyberSecurity #EthicalHacking #AndroidSecurity #Pentesting #Infosec

gnu0os0ta✅🐧

Mar 9

Step-by-Step: Dein Weg zum Google-freien Smartphone mit GrapheneOS!

Hinweis zur Nutzung von F-Droid und Alternativen!
Warum ich F-Droid nicht verwende!
Der Beitrag wurde als Sicherheitsgründen überarbeitet.

https://hedgedoc.linuxat.de//hc/s/M_FkGQLNyC#

#F Droid #NeoStore #GrapheneOS #AndroidSecurity #OpenSource
#IzzyOnDroid #AppSecurity #Datenschutz #Privacy #DeGoogle #Linux

📱 Step-by-Step: Dein Weg zum Google-freien Smartphone mit GrapheneOS - HedgeDoc

# 📱 Step-by-Step: Dein Weg zum Google-freien Smartphone mit GrapheneOS *Eine vollständige Einsteig