I've gotten a little lazy with this blog but I promise I will post more often in 2016.
32c3 27-30 December, Hamburg, Germany. Iridium Update: more than just pagers by Schneider and Sec. Running your own 3G/3.5G network: OpenBSC reloaded by LaForge. (Un)Sicherheit von App-basierten TAN-Verfahren im Onlinebanking (in German) by Vincent Haupert.
ShmooCon January 15 - 17, Washington D.C. Hiding from the Investigator: Understanding OS X and iOS Code Signing to Hide Data by Joshua Pitts. LTE Security and Protocol Exploits by Roger Piqueras Jover.
BSides NYC January 16, NYC. 99 Problems but a Microkernel ain't one! by Alex Plaskett. Mobile implants in the age of cyber-espionage by Dmitry Bestuzhev.
Black Hat ASIA March 31 - April 1, Singapore. HEY YOUR PARCEL LOOKS BAD - FUZZING AND EXPLOITING PARCEL-IZATION VULNERABILITIES IN ANDROID by Qidan He.
NDSS 2016 February 21 - 24, San Diego. Has a good number of Android related papers. Some titles look quite interesting.
As I said before, I'm neither attending 32c3 nor Shmoocon. I'll be attending BSides NYC tho.
Google suspended Android-vts the only up to date Android device vulnerability scanner. No idea if Google would allow it back after fixing the issues. On the other side I rather have a tool that can find a large number vulnerabilities rather than having a crippled version in the Play Store.
Palo Alto Networks - Mobile Malware Research Engineer
We at Square are looking for Security people and Engineers.
Grab'n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.
Exploring Android's SELinux Kernel Policy
(In)secure iOS Mobile Banking Apps - 2015 Edition
Samsung patched the Pwn2Own baseband bug within 1 month
Android-classyshark for looking at Android APKs/decompiling
This tool is used to extract dex files from oat file.
Android Data Residue Vulnerability
New Android 'enjarify' Decompile Tool
Droid Turbo Bootloader Unlock on now with SunShine 3.2 Beta
Windows Phone Internals
Huawei is disclosing 'Security Advisory' for baseband bugs
Google can remotely bypass the passcode of at least 74% of Android devices if ordered I thought this was more widely known?
Hacking Team - how they infected your Android device by 0days (slides from Hack.Lu)
Unblocking Stolen Mobile Devices Using SS7-MAP Vulnerabilities: Exploiting the Relationship between IMEI and IMSI for EIR Access (paper)
POC for CVE-2015-6620, AMessage unmarshal arbitrary write
iOS Trojan 'TinyV' Attacks Jailbroken Devices
Attacking Bound Services on Android
BytecodeViewer - A Java Reverse Engineering Suite. GUI Java And APK Decompiler, Editor, Debugger And More
Using "system" privileges by abusing mobile remote support tools (slides)
List of Android apps to detect fake mobile towers
Defeating iOS Jailbreak detection for Mobile Application Testing
Abusing Android ClipData
50 smartphone users in Singapore hit by malware targeting mobile banking customers
BareDroid allows for bare-metal analysis on Android devices.
Apparently if install an accessibility service, FDE password is reset to default on Android 5.x+.
Capstone Engine on Android