Much of the commerce that takes place on the web goes through PayPal, so if you're accessing the service from a mobile device, you should take extra precautions to secure your account. With the latest version, you can now link your phone to your account so that the service can better verify that you are indeed the person trying to access it. The app has a new SMS permission that is necessary to link up your number. Read More
This contest is now over.
The final results are listed below. If you've won, you will be contacted in the near future. Congratulations!
Everyone else - keep participating and stay tuned to Android Police so that you don't miss our upcoming giveaway announcements. You can follow AP on Twitter, Facebook, Google+, and RSS.
Any decent bank heist movie always has one common hurdle for the would-be thieves: a regularly changing access code to the vault, and only one person knows what it is. Read More
Described by the Wall Street Journal as "a vulnerability that could allow malicious software to track emails and record data communications," a potential vulnerability in Samsung's Knox platform was discovered in late December by researchers at Israel's Ben-Gurion University. The researchers said the vulnerability would allow those with malicious intent to "easily intercept" secure data from Knox users. Samsung's initial response was that the problem may be less serious than researchers implied, and that it would investigate the situation thoroughly. Read More
Even casual observers of the Android ecosystem know that piracy is a big issue for developers. But if a report from mobile security company Arxan is to be believed, app piracy and "hacking" is incredibly prevalent, or at least prevalent enough that most of the popular apps are available in a pirated or cracked form. According to the company's "State of Security in the App Economy" report for 2013 (PDF link), the top 100 paid Android apps have been "hacked."
We used "cracked" in the headline because Arxan doesn't mention the purpose behind these hacks, so we're assuming that in most cases they're free, pirated versions of paid apps. Read More
You probably see that "Display images below" button in Gmail all the time on both mobile and desktop. This is the default behavior because it makes it harder for spammers and advertisers to track you. However, Google says it has prepared a workaround that mitigates the security concern and will allow it to show those images by default.
The CyanogenMod team has been working on a secure messaging component for the popular ROM in recent months, and the time has come for some real world testing. The new encrypted WhisperPush messaging system is being rolled out to CyanogenMod 10.2 nightlies for compatibility and server load testing. If all goes as planned, it will reach the CM11 branch soon.
CyanogenMod's secure messaging is an implementation of TextSecure, a cross-platform encrypted SMS platform maintained by Open WhisperSystems. Read More
Back in October, Google announced a rewards program that would give financial incentives for "down-to-earth, proactive improvements" to security across third-party open-source projects that Google deems "vital to the health of the entire Internet."
Starting with core infrastructure services, Chrome foundations and other "high impact libraries," Google vowed to expand the program soon. Today, in an entry to the official security blog, Google announced that the program has been expanded in scope to include open-source bits of Android, found in AOSP, and several other projects. Read More
An XDA member recently unveiled serious vulnerabilities in all three root packages used to gain superuser access on devices. The developers have been contacted, and the two active projects are working to address the issues. If you're running an older version, you might want to get on the update train.
According to cernekee on XDA, the vulnerabilities allow for a malicious app to obtain root access without going through the proper channels. Read More
There's a new Google Play Services app in town, and it includes all kinds of goodies for developers. But there's a nasty surprise waiting inside Google Play Services 4.0, at least for users on some devices: it may have disabled the Android Device Manager's permission to act as a Device Administrator. This is what allows users to access the new remote lock and device wipe features from the web... which some of them might not realize they can no longer do. Read More