Lukas Stefanko for ESET: Banking Trojans continue to surface on Google Play The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users BuzzFeed: Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A Multimillion-Dollar ... Read More

John Gruber cites Amazon Web Services CEO Andy Jassy’s tweet while considering Bloomberg’s decreasingly convincing insistence on the Apple/Amazon/etc. supply chain story: AWS CEO ANDY JASSY: ‘BLOOMBERG SHOULD RETRACT’ I have to agree: Bloomberg’s position is not looking very tenable. David Harley Advertisements ... Read More

Apple extends GDPR(-ish) to US users, while Security Boulevard looks at Safari extensions. Plus Android monopolizing and the Titan chip ... Read More

Hacker News: New iPhone Bug Gives Anyone Access to Your Private Photos – “A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week.” See also ... Read More

Brian Krebs interview with Tony Sager, on supply chain security ... Read More

Technode: Hundreds of Chinese iPhone users are believed to have had their Apple IDs compromised – “Over 700 Chinese iPhone users have inexplicably had money deducted from their Apple ID-bound payment channels, with the highest being RMB 10,000 ($1,440), according to local media.” David Harley Advertisements ... Read More

Bloomberg describes another supply-chain attack and names a source ... Read More

Whatsapp, iOS and Android; Slate tablet; iOS 12.0.1; Intel Manufacturing Mode ... Read More

More links in the Apple (and Amazon etc.) supply chain security mystery ... Read More

Lukas Stefanko on an Android SMS worm, and Mark Stockley on setting up a Mac for children to use ... Read More