Novel technique allows malicious apps to escape iOS and Android guardrails - eviltoast
  • Ghostalmedia@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    3 months ago

    I would argue that the new piece is that phishers are taking advantage Android’s ability to throw an install button in the browser.

    Enough phones support that now, and they’re able to catch more people in their nets now that folks aren’t installing web apps from a nested menu item.

    • Aatube@kbin.melroy.org
      link
      fedilink
      arrow-up
      5
      ·
      3 months ago

      Pretty sure that was widely available two years ago. I used that to install a free VPN while in China.

      • Ghostalmedia@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        Yeah, I forget what version of Android it went out in. I only really started paying attention when, at work, we realized that a lot of our unreproducible bugs were from PWA users claiming they had installed the native app.

        And those mismatched PWA / native bugs were overwhelmingly from Android users on newer versions of Android. They thought the new PWA install user experience was for a native Play Store app.

        The bugs were driving us crazy and then someone in UX caught the behavior on a user test.