Your app's security logic might be solid, but what about the environment it runs in? We analyzed billions of Android device identification events at real protected action points like logins, signups, and checkouts to dive into how Android apps get abused. In this talk, I'll dig into device-level attack vectors that often fly under the radar of app security, such as same-device app cloning, location spoofing, and MitM attacks. For each one, you'll see global real-world data what year-over-year trends tell us about where abuse is heading. You'll walk away learning more about detecting these signals, why their rarity makes them actionable, and how to translate detection into the right response.