Security 17 October 2025 - 31 January 2026

Android fingerprint unlock “downgrade” claim reignites the Face ID fight

Android fingerprint unlock “downgrade” claim reignites the Face ID fight

A PhoneArena editor criticized Android phones for relying on fingerprint unlock, calling it a downgrade from Apple’s 3D face scanning. He argued manufacturers could offer both fingerprint and 3D face unlock but rarely do. Google’s Pixel 8 now uses Face Unlock for payments and app sign-ins, though Google warns it may be less secure in some conditions. Most Android devices still use less secure 2D face unlock.
February 1, 2026
Should you restart your iPhone and Android every week? The NSA reboot advice resurfaces

Should you restart your iPhone and Android every week? The NSA reboot advice resurfaces

The NSA continues to advise iPhone and Android users to reboot their phones weekly to help disrupt certain memory-based malware, according to renewed reports Friday. Security experts say a restart can flush out some spyware, though persistent threats may survive. Apple recently flagged sophisticated attacks exploiting WebKit flaws but notes its latest iOS update lists no new vulnerabilities. The NSA guidance does not call for factory resets.
January 31, 2026
Clawdbot goes viral — but security warnings trail the AI assistant behind the Mac mini rush

Clawdbot goes viral — but security warnings trail the AI assistant behind the Mac mini rush

SOCRadar reported 1,009 Clawdbot gateways exposed online after scanning with Shodan. The open-source AI assistant has seen a surge in use, with some users buying Mac minis to run it nonstop. Creator Peter Steinberger advised against new hardware purchases and urged basic security. Exposed instances risk leaking credentials and allowing unauthorized command execution.
January 27, 2026
Turn Your iPhone Off And On Again? iOS 26.2 Security Warning Triggers Fresh Calls to Update

Turn Your iPhone Off And On Again? iOS 26.2 Security Warning Triggers Fresh Calls to Update

Apple said two WebKit flaws patched in iOS 26.2 may have been used in highly targeted attacks. Security experts and tech sites are urging users to update and restart their devices, as many have delayed upgrading due to iOS 26’s new design. Apple released the fixes on Dec. 12, 2025, for iPhone 11 and later, and for older models. The bugs have been linked to commercial spyware used in targeted hacking campaigns.
January 19, 2026
iOS 26.3 Could Finally Encrypt iPhone-to-Android Texts — What Apple’s Beta Reveals

iOS 26.3 Could Finally Encrypt iPhone-to-Android Texts — What Apple’s Beta Reveals

Apple’s iOS 26.3 beta includes a new carrier setting tied to end-to-end encryption for RCS messaging, but it currently applies only to four French carriers and remains inactive. Apple previously announced plans to add encrypted RCS support in a future update. The change appears in carrier configuration files, suggesting activation may depend on individual carriers. iOS 26.2 remains the latest public release.
January 16, 2026
Update your Bluetooth headphones now: Google Fast Pair “WhisperPair” bug risks eavesdropping and tracking

Update your Bluetooth headphones now: Google Fast Pair “WhisperPair” bug risks eavesdropping and tracking

Researchers at KU Leuven disclosed “WhisperPair” attacks allowing nearby hackers to hijack Fast Pair Bluetooth audio devices from brands including Sony, Google, and JBL. The flaw, tracked as CVE-2025-36911, lets attackers connect without user consent and intercept audio or track location. Fixes require firmware updates, but most users have not installed them. Google said it has seen no real-world exploitation so far.
January 16, 2026
Apple iPhone Security Alert (Jan 14, 2026): Update to iOS 26.2 and Restart Now to Block WebKit Zero‑Day Attacks

Apple iPhone Security Alert (Jan 14, 2026): Update to iOS 26.2 and Restart Now to Block WebKit Zero‑Day Attacks

Apple is under renewed pressure after security researchers and media outlets warned millions of iPhones remain unpatched against two WebKit zero-day flaws exploited by mercenary spyware. The vulnerabilities, fixed in iOS 26.2 last month, are being actively used in targeted attacks, according to Apple and government advisories. Urgent calls to update and restart devices have intensified as many users have not installed the update.
January 14, 2026
Apple iOS 26.3 Could Make Switching to Android Easier — and a Surprise iPhone Update Signals a New Security Strategy (Jan. 10, 2026)

Apple iOS 26.3 Could Make Switching to Android Easier — and a Surprise iPhone Update Signals a New Security Strategy (Jan. 10, 2026)

Apple’s iOS 26.3 beta introduces a built-in “Transfer to Android” tool, allowing direct wireless migration of data from iPhone to Android without a separate app. The update also tests “Background Security Improvements,” enabling faster security patches outside regular updates. EU-specific features for accessory pairing and notifications are included for Digital Markets Act compliance. Public release is expected later this month.
January 10, 2026
Google starts January 2026 Android system updates with WebView v144 security fixesSan Francisco, January 8, 2026, 02:34 (PST)

Google starts January 2026 Android system updates with WebView v144 security fixesSan Francisco, January 8, 2026, 02:34 (PST)

Google began January 2026 system-services updates with Android WebView v144, citing security, privacy, and developer improvements. The company said rollout timing may vary and some features are experimental. Not all users will see changes immediately. WebView updates install automatically on most Google-certified devices.
January 8, 2026
Android Security Checklist (Dec 29, 2025): 10 Quick Checks to Protect Your Phone From New Year APK Scams

Android Security Checklist (Dec 29, 2025): 10 Quick Checks to Protect Your Phone From New Year APK Scams

A WhatsApp scam is circulating, tricking Android users into installing malicious APKs disguised as New Year greetings, according to The Indian Express. Samsung confirmed some Galaxy phones are missing recent Google Play system updates, with fixes delayed until January 2026. Google’s December 2025 security bulletin flags two Android vulnerabilities under targeted attack.
December 29, 2025
iOS 26.2 Is Out: Critical WebKit Security Fixes, AirDrop Codes, and 14 iPhone Shortcuts to Try Today (Dec 14, 2025)

iOS 26.2 Is Out: Critical WebKit Security Fixes, AirDrop Codes, and 14 iPhone Shortcuts to Try Today (Dec 14, 2025)

Apple began rolling out iOS 26.2 on December 14, addressing two WebKit zero-day vulnerabilities that may have been used in targeted attacks, according to Apple and Singapore’s Cyber Security Agency. The update also brings new features to AirDrop, Reminders, Apple Music, and Podcasts. Apple highlighted an emergency calling fix for iPhone 12 users in Australia. iOS 18.7.3 was released as a security update for older devices.
December 14, 2025
iOS 26.2 Update: Apple Urges iPhone Users to Install Critical Security Fixes, Adds Liquid Glass Lock Screen Controls, AirDrop Codes, and More

iOS 26.2 Update: Apple Urges iPhone Users to Install Critical Security Fixes, Adds Liquid Glass Lock Screen Controls, AirDrop Codes, and More

Apple released iOS 26.2 on Dec. 12, addressing over 20 security vulnerabilities, including two WebKit flaws reportedly used in “extremely sophisticated” targeted attacks. The update also adds an option to reduce Lock Screen clock transparency, following user complaints. Apple issued similar security patches for older iPhones and other platforms. An emergency-calling fix is included for users in Australia.
December 13, 2025
Why You Should Turn Off Your Phone’s Wi‑Fi Every Time You Leave Home – December 2025 Security Warning

Why You Should Turn Off Your Phone’s Wi‑Fi Every Time You Leave Home – December 2025 Security Warning

Security researchers and major news outlets are urging users to turn off smartphone Wi‑Fi when leaving home, citing new studies showing devices can be tracked and exposed even when not connected. The Times of India ran a front-page warning about public Wi‑Fi risks, as Google released over 100 Android security fixes, many targeting wireless vulnerabilities. Recent research shows privacy features like MAC randomization often fail to prevent tracking.
December 5, 2025
Android PDF Ad Scam: Fake ‘Update PDF App’ Pop-Ups Are Flooding Phones With Junk Apps (Nov 28, 2025)

Android PDF Ad Scam: Fake ‘Update PDF App’ Pop-Ups Are Flooding Phones With Junk Apps (Nov 28, 2025)

A deceptive ad in WPS Office on an Android phone mimicked a system alert, prompting a user to install multiple junk PDF apps from Google Play. The issue was resolved only after uninstalling WPS Office, which had served the misleading ad. Experts warn similar tactics are used by malware and banking trojans. Google’s enforcement of ad policies remains inconsistent.
November 28, 2025
Android Face Unlock Is Finally Getting Serious: Polar ID, Galaxy S27 Ultra Leaks, and the Race to Beat Face ID

Android Face Unlock Is Finally Getting Serious: Polar ID, Galaxy S27 Ultra Leaks, and the Race to Beat Face ID

Metalenz and UMC have begun mass production of Polar ID, a new facial authentication system using meta-optics and polarized light. Firmware leaks indicate Samsung’s Galaxy S27 Ultra, expected in 2027, is testing Polar ID for secure face unlock. Polar ID modules are now built on a 40 nm node and have been demonstrated on Qualcomm hardware. Multiple outlets report references to Polar ID in Samsung’s test software.
November 17, 2025
Your Phone’s Default Apps Are Spying on You — Here’s How to Reclaim Your Privacy

Your Phone’s Default Apps Are Spying on You — Here’s How to Reclaim Your Privacy

The EU fined Apple €500 million in April 2025 for blocking alternative app stores and browsers. Researchers at Trinity College Dublin found Google Play Store and Play Services install tracking cookies on Android phones without consent. Aalto University experts say Apple’s built-in apps collect data even when disabled. Privacy-focused projects like GrapheneOS and Murena SHIFTphone 8 are expanding.
October 19, 2025
PayPal and Venmo Crash Leaves Millions Locked Out – Are Your Funds Safe?

PayPal and Venmo Crash Leaves Millions Locked Out – Are Your Funds Safe?

PayPal and Venmo suffered a global outage Thursday, Oct. 16, 2025, leaving users unable to log in or transfer funds for several hours. Downdetector logged nearly 10,000 reports for PayPal and over 8,000 for Venmo at the peak. PayPal confirmed a technical issue and said service was restored by early afternoon. The company did not disclose the cause but said no data breaches or fund losses occurred.
October 17, 2025