Many versions of Android, including Android 10, have a weakness dubbed StrandHogg that can lead to credential phishing and other malicious actions.
Google is now offering a top bounty of $1 million for a full chain remote code execution exploit that gains persistence on the Titan M chip on Pixel phones.
A new version of the Gustuff Android banking trojan has emerged, this time with new communications capabilities and more credential-theft features.
The Android security team was busy battling the Chamois malware family on Google Play starting in 2016. Android security engineer Maddie Stone outlined the steps Google has taken to reduce the number of devices infected with this technically complex malware.
Google's Android Q will include a handful of changes to the way that the OS deals with location privacy and other app permissions.