A side-channel vulnerability (“Picping”) in Android allows malicious apps to sniff 1FA codes without special permissions.
Why it matters: App security remains critical; this affects trust in mobile apps and may trigger stricter OS/app store rules.
Major Android “Picping” flaw lets rogue apps steal 1FA codes
