this post was submitted on 22 Aug 2024
64 points (82.0% liked)
Technology
58083 readers
3050 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
TLDR: the ‘novel technique’ is PWAs
I would argue that the new piece is that phishers are taking advantage Android’s ability to throw an install button in the browser.
Enough phones support that now, and they’re able to catch more people in their nets now that folks aren’t installing web apps from a nested menu item.
Pretty sure that was widely available two years ago. I used that to install a free VPN while in China.
Yeah, I forget what version of Android it went out in. I only really started paying attention when, at work, we realized that a lot of our unreproducible bugs were from PWA users claiming they had installed the native app.
And those mismatched PWA / native bugs were overwhelmingly from Android users on newer versions of Android. They thought the new PWA install user experience was for a native Play Store app.
The bugs were driving us crazy and then someone in UX caught the behavior on a user test.