The new Android Protected Confirmation API in Android P ensures that a human, not malware, is engaging with the app.
We tend to think of phone numbers as part of our identity, and that impression is reinforced when we use our phone numbers to register for mobile apps. For many mobile apps, however, phone number is a handy username. We are still looking for a proper identifier in the mobile world.
> What constitutes a backdoor in software, firmware, or even hardware? This question nagged at us during a recent project that Duo Labs worked on.