A critical security flaw in Android could be used by attackers to “assume the identity” of legitimate apps in order to carry out on-device phishing attacks, say researchers.
Source: Naked Security Sophos New feed
Android ‘StrandHogg 2.0’ flaw lets malware assume identity of any app
