Pixel Battery Saver promises to save a little power by shutting off pixels in a grid pattern on AMOLED displays. For a long time, that's what it did for thousands of users, but now it has been sold to a third party. Pixel Battery Saver was updated as "Complete Virus Protection" yesterday evening before being pulled from the store. It's back now, but this is still just a huge mess.
In a report released today, security researchers claim to have identified a vulnerability in as many as 24 Coolpad devices. The backdoor, which the researchers at Palo Alto Networks call "CoolReaper," reportedly installs adware without user consent or notification. More problematic is the fact that Coolpad built the backdoor into the operating systems themselves. The cherry on top is that Coolpad even had the nefarious app impersonate the Google Play Services framework file to avoid alerting users. Read More
It's hard to be Sprint these days. Its LTE rollout is lagging way behind the competition, it's losing subscribers and cash fast, and everyone is making fun of its "Framily" plans. That's too bad, but Sprint isn't going to get back in our good graces by charging money for things we already have or don't need in the first place. That's just what it's doing with the new Total Equipment Protection (TEP) Plus plan.
Google's previously announced enhancement to the Verify Apps framework is rolling out to users now, according to the official Android blog. Your device already has the standard Verify Apps system built-in that scans at the time of installation, but the new version will be watching all the time for suspicious activity.
Verify Apps compares each app you install with known malware signatures, but there's always a possibility you are downloading a form of malware that hasn't been identified yet. An app might also install malicious code by some means after it has passed through the filter successfully. That's why Google is ramping up its scanning system. Read More
Malware is a problem for Android, but that problem almost exclusively exists outside the confines of the safety of the Play Store. Like any platform where the sharing of pirated, cracked software occurs, if you're downloading something you didn't rightly pay for, there's a risk it might be carrying a little something "extra" you hadn't counted on being included. For the most part, this is how Android malware spreads - but what do malware distributors do once they've got a device infected?
Well, they might buy something like Dendroid, an almost hilariously well-marketed mass device management tool you can find on some of the dark corners of the web. Read More
Android malware isn't as big of a concern as some mainstream media reports would have you believe, but it is enough of an issue that Google started beefing up its security a few years ago. There's the "Bouncer" server-side scanning that checks apps before they go live, and your device runs app verification as new packages are installed. Now Google is about to patch a hole in the local app scanning by making it run continuously.
Even casual observers of the Android ecosystem know that piracy is a big issue for developers. But if a report from mobile security company Arxan is to be believed, app piracy and "hacking" is incredibly prevalent, or at least prevalent enough that most of the popular apps are available in a pirated or cracked form. According to the company's "State of Security in the App Economy" report for 2013 (PDF link), the top 100 paid Android apps have been "hacked."
We used "cracked" in the headline because Arxan doesn't mention the purpose behind these hacks, so we're assuming that in most cases they're free, pirated versions of paid apps. Read More
You probably see that "Display images below" button in Gmail all the time on both mobile and desktop. This is the default behavior because it makes it harder for spammers and advertisers to track you. However, Google says it has prepared a workaround that mitigates the security concern and will allow it to show those images by default.
An XDA member recently unveiled serious vulnerabilities in all three root packages used to gain superuser access on devices. The developers have been contacted, and the two active projects are working to address the issues. If you're running an older version, you might want to get on the update train.
According to cernekee on XDA, the vulnerabilities allow for a malicious app to obtain root access without going through the proper channels. You wouldn't see a notification at all – the app could just do its business in secret. Superuser from ChainsDD is no longer in development, but some folks are still using it. Read More
According to Google, less than one hundredth of a percent of apps out there are both malicious and capable of evading the built-in defenses in both Android and the Google Play Store. But if you really feel like you need a defense from that one-in-100,000 app, a trusted name in software protection has just entered the fray. Malwarebytes, makers of the popular eponymous Windows software, is now offering its services on Android.
The anti-malware app works on the familiar and relatively ancient principle of a scanner paired to an updated database of naughty apps. According to the company's press release, the app actively scans for "over 200 malware families" in real-time in both apps and general files. Read More