A new report from Bloomberg claims Google is about to revamp the way privacy is handled in Android apps. The changes would allow users to approve permissions individually for things like the camera, location, or the contact list. With Android M expected at I/O later this month, it seems like a perfect time to make this happen. It's long overdue.
Whether you subscribe to the whole debate on the lack of (and need for) privacy on a personal user level or not, there's no denying that security is crucial in the enterprise. That's the premise behind Silent Circle's new Blackphone announcements today at MWC. The company, which recently purchased Geeksphone to gain full control over its products, has unveiled its plans to foray into the enterprise with a complete suite of devices and services.
The Blackphone 2, which will be available in the second half of 2015, is an upgraded version of the first generation Blackphone. It has switched to a larger 5.5" 1080 display with a bigger battery, faster octa-core processor, 3GB of RAM, and 32GB of storage.
With the myriad of ways nefarious types are able to get their hands on passwords these days, often times whether your information gets stolen is completely out of your hands. Rather than changing their sign-in credentials every time another leak or hack happens, many folks trust their online security to password managers such as LastPass. Dashlane is an alternative that can also get the job done, and for the next week, you can snag a premium account free for six months over at sharewareonsale.com. A yearly subscription currently goes for $39.99.
Dashlane relies on AES-256 encryption to protect your data, which it backs up and automatically syncs across your various devices if you have a premium account.
A new flag added to Chrome v41, currently in beta, reduces the information about referring websites shared with others as you browse the web. The default behavior, without the flag enabled, is to pass along the website you clicked from when you browse to a new page. This feature will make the referring information sent along to websites less specific when you go from one domain to another.
Knowing your referring website can reveal a fair amount of information about you. At the basic level, anything about the site you clicked from can be used to learn something. If you came to Android Police from www.ILikePonies.com, we are going to assume that you like ponies.
Sorry, class, you don't get any extra credit for predicting this one. After some heated responses from consumers following the reveal of a controversial "supercookie" web traffic monitoring system, Verizon Wireless has announced that it will allow its customers to opt out of the lucrative and potentially dangerous advertising practice. Verizon Wireless spokeswoman Debi Lewis told The New York Times, "We have begun working to expand the opt-out to include the identifier referred to as the UIDH, and expect that to be available soon."
The system isn't technically using a "cookie" in the conventional browsing sense; UIDH stands for "unique identification header," a customized version of a standard HTTP header, in this case tailored specifically for Verizon.
Not long after British Prime Minister David Cameron did the same, President Obama said Friday that he opposes encryption methods that are inaccessible to law enforcement. Rather naively, he advocated that the technology should still exist, but with methods of access for approved entities like police and preferred spy agencies. This is his first clear issue stance on the matter, though it is not necessarily out of step with his previous actions and statements.
Of course, cybersecurity experts collectively groaned at the President's suggestion of strong encryption that is only accessible to authorities. Taking for granted that law enforcement can be trusted - and, of course, Edward Snowden and countless others have shown us it cannot - there are a host of problems.
If you are using data as a Verizon Wireless customer, Verizon is tracking you. Not only that, but their method to ensure that you can't navigate around it makes your unique identifier visible to every website you visit. The injected data has been called a "supercookie," a term that reflects the fact that it is not removable like a tracking cookie. Now, recent reports show that at least one third-party ad agency has been using Verizon's supercookie to track users after they have deleted cookies or opted out of data collection.
How it works
Technically speaking, what Verizon is using is not a cookie or supercookie or any kind of baked good.
Reddit user Ponkers posted an interesting find to /r/Android today, pointing out a significant privacy hole in Skype that essentially allows users to force an Android device to answer a call, making eavesdropping nearly effortless.
Ponkers drew a diagram below, which I feel compelled to include based on its artistic merits, but here's the gist of how the process works.
Assume you have three devices, device 1, device 2, and device 3. There are also two Skype accounts involved: account A and account B. Device 1 and device 3 are attached to account A. Device 2 is attached to account B.
If a user uses device 1 to call device 2, then shuts off any network connection to device 1, device 2 will then automatically call and connect to device 3, giving the holder of account A a connection to device 2 without the owner of the device necessarily knowing.
Who better to learn encryption from than the people who have actively tried to build vulnerabilities into encryption? Nobody, says the GCHQ, the British NSA equivalent that has released a free Android app called Cryptoy to teach children the basics of encryption. The app, designed for tablets, focuses on four basic techniques and allows users to create encrypted messages for sharing to friends to decode.
The internet is a mysterious and magical place full of Wikipedia rabbit holes, animated GIFs of Ron Paul, and cat videos as far as the eye can see. There are also plenty of ads watching which of those things you are looking at. If that makes you uncomfortable, maybe Ghostery is the browser for you.