In a report released today, security researchers claim to have identified a vulnerability in as many as 24 Coolpad devices. The backdoor, which the researchers at Palo Alto Networks call "CoolReaper," reportedly installs adware without user consent or notification. More problematic is the fact that Coolpad built the backdoor into the operating systems themselves. The cherry on top is that Coolpad even had the nefarious app impersonate the Google Play Services framework file to avoid alerting users.
Who better to learn encryption from than the people who have actively tried to build vulnerabilities into encryption? Nobody, says the GCHQ, the British NSA equivalent that has released a free Android app called Cryptoy to teach children the basics of encryption. The app, designed for tablets, focuses on four basic techniques and allows users to create encrypted messages for sharing to friends to decode.
There are updates, and then there are updates. For Cerberus, version 3.0 is the latter. It gets the app ready for Android 5.0 by covering it with pretty materials. Well, as pretty as this particularly unflattering app is going to get.
Cerberus still consists mostly of menus, but now the action bar is very red, a hamburger icon sits in the top left corner, and a sidebar (redesigned since the last time we took a look at the beta) now pulls out over every other part of the interface.
PasswordBox is a system that allows users to keep long and secure passwords to major services, auto-inputting the fields on desktops and mobile platforms and syncing them to a cloud-based system with a single login. It's a popular alternative to the similar LastPass system. Yesterday Intel announced that it had acquired the 44-person company for an undisclosed sum, and intends to integrate it into its Intel Security team (which includes support from McAfee) going forward.
Do you fret about vast government conspiracies, lizard people running the world, and the all-seeing eye of the NSA? Well, you might have a little problem with paranoia there, but you don't have to be paranoid to see the appeal of Telegram. This is a secure messaging app that has full end-to-end encryption, and with version 2.0, a new material design theme.
Not all new features are created equal, and this particular change has us kind of scratching our heads wondering why Google would consider it a good idea. In Lollipop, you can now access your quick settings straight from the lockscreen. This way you can toggle Wi-Fi, cellular data, and Bluetooth without unlocking the device, even if it's secured behind a passphrase.
Writing for Android Police from my home office in Virginia, it's not every day that I get to report on something somewhat close to home. But here it is. A Virginia Circuit Court judge has ruled that while police officers cannot compel a person to give up their passcode, they can demand someone use their fingerprint to unlock their phone.
Judge Steven C. Frucci made the ruling this week, saying that giving a police officer your fingerprint is similar to providing a DNA or handwriting sample, something the law permits.
Google's two-factor authentication system is a great way to keep your email and other accounts safe, especially if you've always got a smartphone (or even a dumb phone) around. Today Google is adding even more options beyond the current phone call, text message, email, and app-based verification. The latest update to the desktop version of Chrome lets you use a USB key as your two-factor security token, ensuring access via both your physical presence and your login password.
The final round of Developer Preview images released on Friday left a number of users without root access on their devices, but a lightning fast quick-fix by Chainfire had them back in business the following day. Yesterday, he took to Google+ with a follow-up of how it works and the issues that are making it more difficult to acquire root on the latest version of Android.
Due to increasingly effective security measures and stricter enforcement of SELinux, it seems that many, or possibly all of the available methods for initializing the SuperSU daemon at startup have been rendered ineffective.