Alert! Alert! If you use Instagram's Android app, complete strangers could be looking at your photos of appetizers and makeup techniques right now! ...which is kind of the point of Instagram, I suppose. But security researcher Mazin Ahmed discovered that the app uses standard HTTP to transmit photos, cookies, and authentication (including usernames and unique IDs), instead of the encrypted HTTPS protocol. As Mr. Mackie is so fond of saying, that's bad.
Just like any open marketplace, there's a lot of crap in the Play Store. In a strange and roundabout way, I'm actually OK with that - separating the silver from the dross of Android apps is one of our core functions at Android Police. But a recent promotion from antivirus vendor Trend Micro painted an extremely dim picture of the Play Store. The company claimed, among other things, that the Play Store was full of "potentially evil doppelgangers...
Account security is a tough issue for a lot of people. It's a constant balancing act between having a stronger system to keep out would-be invaders while also making it convenient enough that users won't reject it. After Google began offering its own 2-step verification system, several other services adopted the same mechanism and opt-in model for people that wanted more than a single password protecting their personal data. This generally left users with Google's Authenticator app, which got the job done, but it lacked features and languished on an early Holo dark design.
When certain things finally happen, they make us want to search for that hidden ladder that takes people up to the rooftop and scream "Hallelujah," religious or no. This is one of those things. Google apparently no longer requires people with two-factor authentication enabled to sign in twice when setting up a new Android device or adding another account. Better yet, this change doesn't require Android L or anything fancy. Here's a video of the magic taking place on an HTC One M8.
Users of newer versions of Windows or just about any Microsoft web service might be familiar with the company's rudimentary two-factor authentication system. If it's been a while since you've logged in or you're setting up a new Windows device, it might ask you for a verification code, accessible from a backup email account. Of course that can be a pain if you don't remember the password for that account, or simply don't want to dig it out.
Let's face it, as the world becomes more dependent on computers and the Internet for the functions of day-to-day life, security will become ever more important. Clearly encouraged by employee Neel Mehta's discovery of Heartbleed, Google has decided to do more in the area of Internet security. To help combat this ever increasing problem, they're offering up Project Zero. Essentially, Google will begin hiring "the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet." Their work will not be limited to just Google products, but will instead be focused on "any software depended upon by large numbers of people." The idea is that researchers will find the threats, then inform only the software developer.
We've heard that Google intended to really make a push for greater corporate adoption with the L release, and the company touched on some of its plans in today's keynote. It confirmed that Android will empower companies to separate personal data from work data using containers without outside companies having to apply additional code to their devices. Interestingly, this comes thanks in part to Samsung, which has contributed some of its KNOX code to the next version of Android.
It seems like everyone is making smartphone screens more useful when they're off, and LG's attempt is called Knock Code. This feature lets you securely wake and unlock the device with a series of taps on the screen while the phone is asleep. No need to buy a new phone, though. Knock Code is rolling out the the AT&T LG G2 via an OTA update right now.
The latest version of the Play Store hit the scene a little over a week ago and introduced a tweak to the way permissions are displayed at install time, and it left some people feeling a little...uncertain. Gone is the ugly wall of poorly spaced, semi-specific permissions. The replacement is a short set of simplified categories, each with crisp-looking icons and buttons that reveal a brief description when tapped. Google filtered through roughly 145 permissions and narrowed them down to a dozen groups, plus one bucket for anything that remains.
Update: Excuse me, this isn't actually AgileBit's first swing at the whole 1Password for Android thing. The team previously released a version that it allowed to grow so out of date that it chose to develop and release a new one built from the ground up. The Play Store link for the previous release has been taken down.
1Password keeps all of your login credentials encrypted and safely tucked away under the protection of a single master key, and now the cross-platform service has extended out from Windows, Mac, and iOS to make itself available to Android users.