The security of our mobile apps and private data is a very serious matter. This is particularly true for high value targets like web browsers, which often store login credentials that can be used to access many of the websites we use on a regular basis. Unfortunately, browsers are also very complicated applications with an extensive set of features that are difficult to lock down completely. Sebastián Guerrero Selma of viaForensics recently posted a video demonstrating a newly discovered vulnerability in Firefox for Android which would allow hackers to access both the contents of the SD card and the browser's private data.
Note from Artem: Mark Murphy, also known as CommonsWare and CommonsGuy, is one of the top 10 contributors to StackOverflow (he's currently #8). He's the Chuck Norris of Android development, with over 300,000 StackOverflow reputation points. I am honored by his decision to accept my offer to join the AndroidPolice team of contributors.
The User Defense series of posts will highlight relatively easy ways in which users can improve the privacy and security of their use of Android devices.
Android 4.3 has a hidden feature! It's called "App Ops" and it lets you selectively disable some permissions for your apps. Is some misbehaving app constantly pinging your location and draining your battery in a few hours? You can fix that now.
I'm working on my full 4.3 teardown, but I just ran across this and had to add it here:
<string name="grant_confirm_question">Do you want to grant the following permissions?
After a few months of testing, Sony has announced its my Xperia service will be hitting all regions in the next few weeks. This system will provide remote management of 2012 and 2013 Xperia devices. Smartphones are expensive – it's nice of Sony to help you keep track of it.
Once it is deployed in your country, my Xperia will come in the form of a new app that can be enabled in settings.
We don't need no NSA up is our business, right? CyanogenMod recently added the Privacy Guard feature to nightlies to protect user data from sketchy apps, but the next innovation might go deeper than that. Koushik Dutta (Koush) has started development of a secure messaging platform for CyanogenMod devices.
Koush expressed his admiration for the elegance of iMessage in his post, and he wants to do the same for CyanogenMod. To that end, Koush has built an encrypted open source push messaging plugin for CM that would stand in for regular SMS.
Privacy Guard, the feature formerly known as Incognito Mode for apps, will make its way into CyanogenMod starting tonight. Steve Kondik, Mr. Cyanogen himself, has merged the ability to enable Privacy Guard support into all future nightly builds. Just to be clear, this new feature is not included in the 10.1.0 RC or stable releases currently available. Only those who like to walk on the wild side are getting their hands on this feature right away.
Have you ever refused to install an app because it wants too many permissions? Yeah, a lot of people have, and we don't blame them. A little too much trust can lead to stolen information, mysterious charges on your cellular bill, or worse. Thanks to developer M66B, we've got a simple way to lock down potentially misbehaving software. His new mod, XPrivacy, can block several types of activities and queries, despite the permissions granted at installation.
Wood block apps are a f*!#ing joke. Most of them don't even have mallet options or choices for wood weight or grain type. Fakeblock, which is now free on the Play Store...well, actually, it also doesn't have any of those options. But! It is still the most phenomenal block-of-wood-simulator that you will ever have the privilege of installing on your device.
We've been waiting for this app to launch ever since the big Cinco de Quatro event where CEO George Maharis announced that the app is "real" and encouraged us to "put up this wall." The company has already received several rounds of funding including $50,000 from an unnamed executive of a real estate company.
Over the weekend, Android Police received a tip about a serious privacy hole in Facebook Pages Manager for Android that made some privately uploaded photos public. Shortly after I made the details of the issue public, Facebook Security got in touch and let us know that its engineers were looking into the report and trying to get a fix up soon.
At 4:19pm PT today, I received a follow-up email from Facebook Security that confirmed a fix had been rolled out server-side, and no app update was necessary.