More and more often we use our mobile devices for tasks that we used to rely on desktop computers for - banking, social networking, general web surfing, etc. As mobile usage increases, so too does the number of attacks attacks that attempt to hijack your device or steal personal information. Fortunately, there are companies out there dedicated to protecting us and our information. One such company is Lookout, the creator of Lookout Mobile Security.
Remember DroidDream - one of the worst malware apps that we've seen since Android's inception? Well, it appears that the developer of said malware is back at it again, with a reported 25 infected apps (so far) found in the Android Market. Dubbed DroidDreamLight by the Lookout Security team, this infection is a stripped down version of its predecessor. Make no mistake, though - that doesn't mean it's any less malicious.
Wow - from our perspective, it's almost like the world exploded overnight. We have more information and details on the virus - which Lookout has named "DroidDream" (the word was consistently used in package names by the malware developers) - and some updates on where things stand.
Update: For more details on DroidDream, check out out the follow-up post. It includes more information about the virus and how it works, who's to blame, and provides a link to a flashable .ZIP that prevents the virus from working.
Over the years, Google has been shoring up security on Android in a bid to make the operating system more attractive to governments and businesses, and to reduce the threat of malware for regular users. Unfortunately, these changes often come at the expense of flexibility in our beloved platform. As we close in on the next major release of Android, due to be announced next month, SuperSU developer Chainfire has discovered a set of commits to the Android Open Source Project (AOSP) that may seriously impact some of the functionality currently enjoyed by many root users.
It's hard to be Sprint these days. Its LTE rollout is lagging way behind the competition, it's losing subscribers and cash fast, and everyone is making fun of its "Framily" plans. That's too bad, but Sprint isn't going to get back in our good graces by charging money for things we already have or don't need in the first place. That's just what it's doing with the new Total Equipment Protection (TEP) Plus plan.
Google's previously announced enhancement to the Verify Apps framework is rolling out to users now, according to the official Android blog. Your device already has the standard Verify Apps system built-in that scans at the time of installation, but the new version will be watching all the time for suspicious activity.
Verify Apps compares each app you install with known malware signatures, but there's always a possibility you are downloading a form of malware that hasn't been identified yet.
Google has updated its Play Store developer policy with some tweaked language and a few new sections. As usual, Google is making changes to address worrying trends it is seeing in apps. Developers whose apps are not in line with the new policy risk getting booted from the store. Perhaps the most interesting alteration is a new section outlining unacceptable app promotion techniques.
Android malware isn't as big of a concern as some mainstream media reports would have you believe, but it is enough of an issue that Google started beefing up its security a few years ago. There's the "Bouncer" server-side scanning that checks apps before they go live, and your device runs app verification as new packages are installed. Now Google is about to patch a hole in the local app scanning by making it run continuously.