Skip to content

Reports & Research

Periodic threat reports and notable technical research publications on Android security.

Periodic Reports

Report Publisher Cadence
Financial Threat Report Kaspersky Securelist Annual
Mobile Threat Landscape 2024 Kaspersky Securelist Annual
Consumer Mobile Threat Report 2023 McAfee Labs Annual
Mobile Threat Statistics Q1 2025 Kaspersky Securelist Quarterly
Mobile Threat Statistics Q2 2025 Kaspersky Securelist Quarterly
Mobile Threat Statistics Q3 2025 Kaspersky Securelist Quarterly
ESET Threat Report H1 2024 ESET Semi-annual
ESET Threat Report H2 2025 ESET Semi-annual
Year in Review: 0-days Google Project Zero Annual
Global Mobile Threat Report Zimperium Annual
Mobile Banking Heists Report Zimperium Annual
Mobile Threat Intelligence Report Lookout Annual
Global Threat Landscape Report Fortinet Semi-annual

Notable Research

Key technical research publications from security teams. For vendor-specific malware analysis, see individual malware family pages.

Research Publisher Topic
A 0-click exploit chain for the Pixel 9 (3-part series) Google Project Zero Dolby decoder integer overflow + kernel driver sandbox escape. 139-day patch gap.
Bad Binder: Android In-The-Wild Exploit Google Project Zero CVE-2019-2215 Binder use-after-free. Linked to NSO Group's Pegasus.
In-the-Wild Series: Android Exploits Google Project Zero Chrome RCE + Android n-day privilege escalation from watering hole.
Multiple Internet-to-Baseband RCE in Exynos Modems Google Project Zero 18 zero-days in Samsung Exynos modems. 4 allow RCE with just a phone number.
Samsung In-the-Wild Exploit Chain Google Project Zero Logic bugs exploited against Samsung devices. CVE-2021-25337, CVE-2021-25369, CVE-2021-25370.
Analyzing a Modern In-the-Wild Android Exploit Google Project Zero CVE-2023-0266 (ALSA 0-day) + CVE-2023-26083 (Mali GPU 0-day). Commercial spyware.
.NET MAUI Evasion McAfee Labs Malware using C#/.NET MAUI framework to bypass DEX-based analysis.
Xamalicious Backdoor McAfee Labs Xamarin-based backdoor in 25 Google Play apps (327K downloads). Xamarin build process acts as packer hiding malicious code.
SpyAgent OCR Crypto Theft McAfee Labs 280+ fake apps using image recognition to steal crypto wallet seed phrases from device photos.
Invisible Adware McAfee Labs 43 Play Store apps (2.5M downloads) loading ads only when screen is off, weeks-long activation delay.
India MaaS Phishing McAfee Labs MaaS platform with 800+ apps targeting Indian banking users, 3,700+ infected devices.
Disclosure of 7 Android and Pixel Vulnerabilities Oversecured WebView file theft, Bluetooth permission bypass, VPN bypass, system component access.
Two Weeks of Securing Samsung Devices Oversecured 60+ Samsung vulnerabilities. Path traversal via Uri.getLastPathSegment(), SMS database access.
20 Security Issues in Xiaomi Devices Oversecured Intent redirection, content provider, and privilege escalation in Xiaomi system apps.
Exploiting Memory Corruption on Android Oversecured Native memory corruption via VirtualRefBasePtr. PayPal vulnerability example.
Play Core Library Code Execution Oversecured Persistent code execution through dynamic module loading. Automated discovery.
NGate: NFC Relay Attacks ESET First Android NFC relay malware. Clones payment cards via NFCGate for ATM cash withdrawal.
EvilVideo: Telegram Zero-Day ESET Zero-day exploit for Telegram for Android. APKs disguised as video previews. Sold on underground forums.
525,600 Assessments: Top Mobile App Risks NowSecure 75% of apps have misconfigured crypto, 85% have SDK vulnerabilities, 1 in 5 has hardcoded keys.
Dangerous Mobile App Permissions NowSecure Analysis of 378,000+ Android apps: 62% request dangerous permissions.
AI-Assisted Decompilation NowSecure Using language models to optimize decompiled Android app code.