Novel technique allows malicious apps to escape iOS and Android guardrails - eviltoast
    • Ghostalmedia@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      3 months ago

      I would argue that the new piece is that phishers are taking advantage Android’s ability to throw an install button in the browser.

      Enough phones support that now, and they’re able to catch more people in their nets now that folks aren’t installing web apps from a nested menu item.

      • Aatube@kbin.melroy.org
        link
        fedilink
        arrow-up
        5
        ·
        3 months ago

        Pretty sure that was widely available two years ago. I used that to install a free VPN while in China.

        • Ghostalmedia@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          Yeah, I forget what version of Android it went out in. I only really started paying attention when, at work, we realized that a lot of our unreproducible bugs were from PWA users claiming they had installed the native app.

          And those mismatched PWA / native bugs were overwhelmingly from Android users on newer versions of Android. They thought the new PWA install user experience was for a native Play Store app.

          The bugs were driving us crazy and then someone in UX caught the behavior on a user test.