Sideloading | Breaking Cybersecurity News | The Hacker News

Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the  Play Integrity API  that third-party app developers can take advantage of to secure their applications against malware. "Developers can check if there are other apps running that could be capturing the screen, creating overlays, or controlling the device," Dave Kleidermacher, vice president of engineering for Android security and privacy,  said . "This is helpful for apps that want to hide sensitive information from other apps and protect users from scams." Additionally, the Play Integrity API can be used to check if  Google Play Protect  is active and if the user's device is free of known malware before performing sensitive actions or handling sensitive data. Google, with Android 13, introduced a feature called  restricted settings  that by default blocks sideloaded apps from accessing

Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data. "This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps or file managers)," the company  said . The feature is designed to examine the permissions declared by a third-party app in real-time and look for those that seek to gain access to sensitive permissions associated with reading SMS messages, deciphering or dismissing notifications from legitimate apps, and accessibility services that have been  routinely   abused  by Android-based malware for  extracting valuable information . As part of the test, users in Singapore who attempt to sideload such apps

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.