It's not uncommon for security firms to raise their public profile by publishing analyses of device security and vulnerabilities. However, Bluebox Security really stuck its virtual foot in its mouth this time. After posting what appeared to be a damning exposé of malware shipping on Xiaomi's Mi4 last week, the company has had to post an addendum admitting that it was fooled by a fake and Xiaomi's phones aren't shipping with malware after all. Oops. Read More
We are, at this point, familiar with fake apps in the Play Store—they pop up from time to time, but Google swiftly eliminates them. It seems like for all its efforts in cleaning up the Play Store, Google has a blind spot when it comes to books. There are multiple publisher accounts in Google Play Books that claim to offer cracked APKs for a dollar or two, and people are buying them. Read More
Pixel Battery Saver promises to save a little power by shutting off pixels in a grid pattern on AMOLED displays. For a long time, that's what it did for thousands of users, but now it has been sold to a third party. Pixel Battery Saver was updated as "Complete Virus Protection" yesterday evening before being pulled from the store. It's back now, but this is still just a huge mess.
In a report released today, security researchers claim to have identified a vulnerability in as many as 24 Coolpad devices. The backdoor, which the researchers at Palo Alto Networks call "CoolReaper," reportedly installs adware without user consent or notification. More problematic is the fact that Coolpad built the backdoor into the operating systems themselves. The cherry on top is that Coolpad even had the nefarious app impersonate the Google Play Services framework file to avoid alerting users. Read More
It's hard to be Sprint these days. Its LTE rollout is lagging way behind the competition, it's losing subscribers and cash fast, and everyone is making fun of its "Framily" plans. That's too bad, but Sprint isn't going to get back in our good graces by charging money for things we already have or don't need in the first place. That's just what it's doing with the new Total Equipment Protection (TEP) Plus plan. Read More
Google's previously announced enhancement to the Verify Apps framework is rolling out to users now, according to the official Android blog. Your device already has the standard Verify Apps system built-in that scans at the time of installation, but the new version will be watching all the time for suspicious activity.
Verify Apps compares each app you install with known malware signatures, but there's always a possibility you are downloading a form of malware that hasn't been identified yet. Read More
Malware is a problem for Android, but that problem almost exclusively exists outside the confines of the safety of the Play Store. Like any platform where the sharing of pirated, cracked software occurs, if you're downloading something you didn't rightly pay for, there's a risk it might be carrying a little something "extra" you hadn't counted on being included. For the most part, this is how Android malware spreads - but what do malware distributors do once they've got a device infected? Read More
Android malware isn't as big of a concern as some mainstream media reports would have you believe, but it is enough of an issue that Google started beefing up its security a few years ago. There's the "Bouncer" server-side scanning that checks apps before they go live, and your device runs app verification as new packages are installed. Now Google is about to patch a hole in the local app scanning by making it run continuously. Read More
Even casual observers of the Android ecosystem know that piracy is a big issue for developers. But if a report from mobile security company Arxan is to be believed, app piracy and "hacking" is incredibly prevalent, or at least prevalent enough that most of the popular apps are available in a pirated or cracked form. According to the company's "State of Security in the App Economy" report for 2013 (PDF link), the top 100 paid Android apps have been "hacked."
We used "cracked" in the headline because Arxan doesn't mention the purpose behind these hacks, so we're assuming that in most cases they're free, pirated versions of paid apps. Read More
You probably see that "Display images below" button in Gmail all the time on both mobile and desktop. This is the default behavior because it makes it harder for spammers and advertisers to track you. However, Google says it has prepared a workaround that mitigates the security concern and will allow it to show those images by default.