Blu took a substantial hit last month when security firm Kryptowire discovered a pre-installed service on several of the company's phones was sending users' data to a server in China. The offending service was part of the OTA update module provided by third-party company Adups. Blu has now promised to get rid of the Adups software after previously neutering it. Read More
The battle against Android malware is ongoing, but it's a big world and Android is everywhere. It presents a tempting target for criminals, and the Gooligan malware is just the latest attempt to make a buck off the trusting nature of smartphone users. This attack has compromised more than a million phones in the last few months, and as many as 13,000 new infections are occurring each day. The goal is not to steal your data (although that can still happen), but to make you download apps in an advertising fraud scheme. Read More
Google's Safe Browsing feature has been around since 2007, and has protected millions of people from harmful threats on the internet. It's a blacklist of harmful websites, such as those distributing malware and phishing scams, that Google actively updates every day. The database is used by Chrome, Firefox, and even Safari to ensure users can be as safe as possible online.
Back at Google I/O, Google announced they would make an official API for applications to check a given website in the Safe Browsing database. Starting with Google Play Services 9.4, developers can finally use the API in their apps.
The Safe Browsing API uses the latest version of the Safe Browsing Network Protocol, meaning it's designed to be as quick (and use up as little cellular data) as possible. Read More
Ransomware is one of the nastier types of malicious software to emerge in the last few years. It's not exclusive to mobile, but the basic gist is that it locks down either specific files or an entire machine until the user sends money to a shady, untraceable online account to get their digital life back in order. The combination of easily-exploited security vulnerabilities, relatively small payments spread out over thousands of devices, and users reliance on their phones or computers has proven incredibly lucrative for malware developers. Read More
We occasionally see apps pulled from the Play Store for trivial (but valid) violations of the rules. Google has been more proactive about enforcing its guidelines, but it's often pointed out it could be more consistent. Case in point: there are, right now, two listings on the Play Store from a warez site called BlackMart that offers paid apps for free. One of them has been up for months and has more than 100,000 downloads. C'mon, Google. Read More
Google has released its second Android Security Annual report, and it's full of big, impressive numbers. The full report is 49 pages long and covers the state of Android security in detail, but the basics are covered in Google's latest blog post. The gist is, Google scans all the things to keep Android users safe. We're talking about billions of apps; the Verify Apps service sure is working overtime. Read More
Over a year ago there was a lot of concern about this piece of malware that had not only a flashy, user-friendly interface, but also the ability to monitor audio and video on Android devices. Even worse, it was able to slip past the automated checking used by Google at the time. Technically, it was really a software toolkit to make it easier to package malware APKs and then do malicious things with them.
At long last, Morgan Culbertson was arrested last month after being charged with creating the software. Tuesday, Culbertson pleaded guilty in federal court, telling the judge "I committed the crime" when asked why he was entering the plea. Read More
People are hyper-aware of Android vulnerabilities after the announcement of the Stagefright exploit recently, so Trend Micro is taking the opportunity to detail a bug it found in Android recently. It's a bug in the mediaserver service that can be used to crash the phone, rendering it unusable until a reboot. Read More
Last year, there was a rather widely-covered story about a piece of Android malware (rather, an Android malware control suite) called Dendroid. That malware was published for sale on a cybercrime-aligned forum known as Darkode, and it just so happens that the FBI (with assistance from agencies in other nations) just arrested the guy who wrote Dendroid as part of a larger raid on Darkode's operators.
That guy is Morgan C. Culbertson, who has a pretty solid real name, but somehow the most tragically boring and uninventive criminal alias of all time: "Android." Come on, Morgan - you could have done better. Read More
A couple of months ago, we published a story about the scam problem in Google Play Books, and we haven't been alone in criticism of the store's issues.
The gist is this: Google's Play Books store was plagued by scammy "guide" books that, for a few dollars, promised access to cracked APKs, but in reality provided nothing but scams and malware.
Two of the publishers we mentioned in the post - Monster Guides Editor Pro and leon Master - were removed from the Play Store, but plenty remain, still distributing links to pirated apps and malicious sites, or outright selling the work of legitimate authors. Read More