A side-channel attack in Qualcomm technology, which is used by most modern Android devices, could allow an attacker to snatch private keys.
The vulnerability is one of many with the same root cause: Cross-process information leakage.
Armed with the information, adversaries can explore and attack the local WiFi network, or identify and physically track any Android device.
Vendors have been shipping Android products with Android Debug Bridge enabled, making them attractive targets for hackers.
An Android vulnerability called Janus allows attackers to inject malicious code into signed Android apps.