Android 11 introduced a protection for the installed apps list through a permission, treating it as sensitive personal data. In theory, any app wanting that information must request a special, tightly controlled permission. In practice, this post shows that a simple manifest trick allows apps to bypass those protections entirely and list almost all installed … read more

With Appicaptor, we analyze mobile apps with a strong focus on their IT security quality. We provide companies with well-founded assessments of potential risks. These analyses serve as an important decision-making foundation for IT departments and security managers. However, we also know that in practice, receiving complex and extensive analysis reports often leads to very … read more

Third-party libraries are widely used in Android apps and take over some functionality, thus making app development easier. As these libraries inherit the privileges of the app, they can often be overprivileged. Libraries, can abuse these privileges, oftentimes through extensive data collection. This article delves into the issue of permission piggybacking, a technique where libraries … read more