Google has released its second Android Security Annual report, and it's full of big, impressive numbers. The full report is 49 pages long and covers the state of Android security in detail, but the basics are covered in Google's latest blog post. The gist is, Google scans all the things to keep Android users safe. We're talking about billions of apps; the Verify Apps service sure is working overtime. Read More
Over a year ago there was a lot of concern about this piece of malware that had not only a flashy, user-friendly interface, but also the ability to monitor audio and video on Android devices. Even worse, it was able to slip past the automated checking used by Google at the time. Technically, it was really a software toolkit to make it easier to package malware APKs and then do malicious things with them.
At long last, Morgan Culbertson was arrested last month after being charged with creating the software. Tuesday, Culbertson pleaded guilty in federal court, telling the judge "I committed the crime" when asked why he was entering the plea. Read More
People are hyper-aware of Android vulnerabilities after the announcement of the Stagefright exploit recently, so Trend Micro is taking the opportunity to detail a bug it found in Android recently. It's a bug in the mediaserver service that can be used to crash the phone, rendering it unusable until a reboot. Read More
Last year, there was a rather widely-covered story about a piece of Android malware (rather, an Android malware control suite) called Dendroid. That malware was published for sale on a cybercrime-aligned forum known as Darkode, and it just so happens that the FBI (with assistance from agencies in other nations) just arrested the guy who wrote Dendroid as part of a larger raid on Darkode's operators.
That guy is Morgan C. Culbertson, who has a pretty solid real name, but somehow the most tragically boring and uninventive criminal alias of all time: "Android." Come on, Morgan - you could have done better. Read More
A couple of months ago, we published a story about the scam problem in Google Play Books, and we haven't been alone in criticism of the store's issues.
The gist is this: Google's Play Books store was plagued by scammy "guide" books that, for a few dollars, promised access to cracked APKs, but in reality provided nothing but scams and malware.
Two of the publishers we mentioned in the post - Monster Guides Editor Pro and leon Master - were removed from the Play Store, but plenty remain, still distributing links to pirated apps and malicious sites, or outright selling the work of legitimate authors. Read More
It's not uncommon for security firms to raise their public profile by publishing analyses of device security and vulnerabilities. However, Bluebox Security really stuck its virtual foot in its mouth this time. After posting what appeared to be a damning exposé of malware shipping on Xiaomi's Mi4 last week, the company has had to post an addendum admitting that it was fooled by a fake and Xiaomi's phones aren't shipping with malware after all. Oops. Read More
We are, at this point, familiar with fake apps in the Play Store—they pop up from time to time, but Google swiftly eliminates them. It seems like for all its efforts in cleaning up the Play Store, Google has a blind spot when it comes to books. There are multiple publisher accounts in Google Play Books that claim to offer cracked APKs for a dollar or two, and people are buying them. Instead of getting a cheap game, all people are getting is disappointment and malware.
Pixel Battery Saver promises to save a little power by shutting off pixels in a grid pattern on AMOLED displays. For a long time, that's what it did for thousands of users, but now it has been sold to a third party. Pixel Battery Saver was updated as "Complete Virus Protection" yesterday evening before being pulled from the store. It's back now, but this is still just a huge mess.
In a report released today, security researchers claim to have identified a vulnerability in as many as 24 Coolpad devices. The backdoor, which the researchers at Palo Alto Networks call "CoolReaper," reportedly installs adware without user consent or notification. More problematic is the fact that Coolpad built the backdoor into the operating systems themselves. The cherry on top is that Coolpad even had the nefarious app impersonate the Google Play Services framework file to avoid alerting users. Read More
It's hard to be Sprint these days. Its LTE rollout is lagging way behind the competition, it's losing subscribers and cash fast, and everyone is making fun of its "Framily" plans. That's too bad, but Sprint isn't going to get back in our good graces by charging money for things we already have or don't need in the first place. That's just what it's doing with the new Total Equipment Protection (TEP) Plus plan.