At the beginning of the month, we broke the news about a huge security vulnerability in several HTC phones, including the Thunderbolt, EVO 3D, EVO 4G, and possibly more. Not long after word of this issue hit the 'net, HTC issued a response acknowledging it, as well as promising to deliver a patch to correct it. Looks like they are making good on that promise now, as several HTC devices are currently receiving an OTA update to correct this vulnerability.
If you find PIN codes or gesture patterns too predictable to keep your phone secure, Ice Cream Sandwich has the ultimate solution: face unlock.
Face unlock utilizes your phone's front-facing camera to "recognize" your face. If anyone else looks into the camera, they will be denied access. Simple as that. Not only is this a nice option to have for everyday use, but I could imagine it being integrated into mobile security apps as well, ensuring that no one but you could get into your phone and see potentially sensitive data.
Originally Posted October 12th.
It's been eleven days since Android Police published this story detailing the discovery by Trevor Eckhart of some serious security issues within HTC's more recent software. Three days after that HTC responded, and now, a further week or so later, we are seeing reports of an "important security update" being pushed to HTC Sensations throughout Europe.
Screencap by FG1234 of Android-Hilfe.de
While HTC does not specify exactly what the ~9 MB update addresses, the timing seems right to relate to the preceding story.
This is a pretty wild piece of news. Google, George Mason University, and the NSA are working to make Android the most secure OS out there. They're developing a "hardened" kernel so Android can pass all the necessary red tape to be deployed for government use. By 2012 they expect Android to be good enough for classified communication, and eventually they'll hit a higher security clearance level than BlackBerrys. Poor BlackBerry, security was one of the last things they had left.
HTC acknowledged the vulnerability in some of its devices that Android Police together with Trevor Eckhart posted Saturday night. The privilege escalation vulnerability currently allows a potentially malicious app that uses only the INTERNET permission to connect to HTC's HtcLoggers service and get access to data far exceeding its access rights. This data includes call history, the list of user accounts, including email addresses, SMS data, system logs, GPS data, and more.
I am quite speechless right now. Justin Case and I have spent all day together with Trevor Eckhart (you may remember him as TrevE of DamageControl and Virus ROMs) looking into Trev's findings deep inside HTC's latest software installed on such phones as EVO 3D, EVO 4G, Thunderbolt, and others.
These results are not pretty. In fact, they expose such ridiculously frivolous doings, which HTC has no one else to blame but itself, that the data-leaking Skype vulnerability Justin found earlier this year pales in comparison.
Trend Micro, the company that "Secures Your Journey To The Cloud" with an extensive line of security products for home and business, also offers a mobile security solution for Android users, called simply Mobile Security Personal Edition. This app is what we'll be discussing in the thirteenth installment of our Mobile Security App Shootout.
At A Glance
Within Trend Micro's security app we find another smoothly designed, well functioning security solution that sets up quickly and is exceedingly easy to use.
Coming in at number 11 in our shootout is McAfee Wave Secure. McAfee is one of the biggest names in digital security, and by buying the popular security app Wave Secure, they're bringing the McAfee name and protection many have come to trust to your Android device.
At A Glance
It took me a couple of tries to get Wave Secure installed on my Evo, but once I did I was quite pleased with the interface.
Looking to protect your mobile devices as well as it protects your computer, AVG has cooked up Anti-virus, available in free version, or a Pro offering for a one-time payment of $9.99. It's an app that not only helps you locate your lost device, but also protects your phone or tablet in real time by scanning apps, web pages, and settings to be sure you're safe.
At A Glance
AVG's anti-virus/security app comes in a small package but packs a lot of features.
Today, Motorola announced its newest handset geared towards corporate types: the Pro+. This is yet another offering to fill the Blackberry-style void in the Android world, as it not only offers the same familiar form factor, but advanced security features akin to that of RIM's handsets -- like remote wipe, full data encryption, and password expiration.
The Pro+ packs a 1GHz processor, 512 MB RAM, and Android 2.3 under its 3.1-inch 480x640 Gorilla Glass display and full QWERTY keyboard, along with a 5MP rear shooter and 1600mAh battery.