You might remember mention of a new AT&T service called Toggle last month, a service which promised to allow enterprise users to access corporate email, calendars and contacts securely from whatever Android device they choose to purchase, while separately maintaining their personal data. AT&T's official Toggle app hit the Android Market today, heralding the beginning of the service, and bringing hugely useful functionality to enterprise users concerned with keeping their business and personal activities separate.
Amid the turmoil surrounding Carrier IQ, the company's VP of Marketing, Andrew Coward, has come forward in a series of interviews with a few clarifications.
For those not in the loop, the controversy around Carrier IQ is based on developer Trevor Eckhart's findings which indicated that Carrier IQ's software was indeed collecting a vast array of information, and his demonstration showing that said data could be read using a simple command – one that could be executed by any malicious app with access to logcat.
According to a group of computer scientists at North Carolina State University, a vulnerability exists within many Android devices that would allow hackers (or malicious apps) to bypass the permissions request process and tap into audio and location, wipe apps and data, or send unauthorized SMS messages, all without the user knowing.
This news may sound a bit sensational, but the researchers have created and tested a dummy app which effectively demonstrates the exploit:
Among the eight phones tested with the researchers' diagnostic app (Woodpecker), HTC's Evo 4G seemed to be the most vulnerable, able to "leak" eight different capabilities to their dummy app, which was not explicitly granted appropriate permissions by the user.
Trevor Eckhart, a developer involved in uncovering a huge security vulnerability that affected several HTC devices, was recently threatened by Carrier IQ (CIQ), a company involved in gathering various forms of user data and sending it to carriers or manufacturers for analysis. For those who haven't been following the story, here's what happened:
Trevor Eckhart found several training manuals on CIQ's website. These were publicly available. Trevor shared them with the community, explaining just how far-reaching CIQ's data collection practices are.
Coming in at number seventeen in our shootout, NetQin Security Pro is a security app that offers a lot more than your average anti-theft protection, even if that means skimping a little on features that may help you recover your lost device.
At A Glance
First, I want to comment on NetQin's design. The app's overall appearance is clean, and relatively well thought out. The main screen gives you access to all the app's main features, and the layout makes it virtually impossible to misstep.
Hot on the heels of the previous privacy/security advisory about A.I.type Keyboard sending your keystrokes to the cloud in plain-text, some of our commenters pointed out another, much more popular app that does something similarly privacy-invading.
As it turns out, Dolphin HD, one of the top browsers the Android platform has to offer, sends pretty much every web page url you visit, including those that start with https, to a remote server en.mywebzines.com, which belongs to the company.
One of the features that really differentiates Android from other mobile operating systems is the ability to install a custom keyboard that works for you. I constantly keep jumping between a variety of keyboards as new updates come out (right now I've settled on SwiftKey due to its unparalleled prediction technology), but when some of our readers pointed out A.I.type Keyboard's "psychic" word completion, I had to check it out.
At the beginning of the month, we broke the news about a huge security vulnerability in several HTC phones, including the Thunderbolt, EVO 3D, EVO 4G, and possibly more. Not long after word of this issue hit the 'net, HTC issued a response acknowledging it, as well as promising to deliver a patch to correct it. Looks like they are making good on that promise now, as several HTC devices are currently receiving an OTA update to correct this vulnerability.
If you find PIN codes or gesture patterns too predictable to keep your phone secure, Ice Cream Sandwich has the ultimate solution: face unlock.
Face unlock utilizes your phone's front-facing camera to "recognize" your face. If anyone else looks into the camera, they will be denied access. Simple as that. Not only is this a nice option to have for everyday use, but I could imagine it being integrated into mobile security apps as well, ensuring that no one but you could get into your phone and see potentially sensitive data.
Originally Posted October 12th.
It's been eleven days since Android Police published this story detailing the discovery by Trevor Eckhart of some serious security issues within HTC's more recent software. Three days after that HTC responded, and now, a further week or so later, we are seeing reports of an "important security update" being pushed to HTC Sensations throughout Europe.
Screencap by FG1234 of Android-Hilfe.de
While HTC does not specify exactly what the ~9 MB update addresses, the timing seems right to relate to the preceding story.