We knew that Android 4.2 would see the introduction of new security features both on your device and in the Play Store, but Computerworld got a chance to speak with Android's VP of Engineering, Hiroshi Lockheimer, about the platform's beefed up security measures, specifically Android's new real-time app scanning utility.
The scanner builds on the functionality of the Play Store's existing security features by bringing app-scanning security to the frontend, scanning incoming apps from third party sources (including apps like Amazon's App Store). Read More
We've got an LG Nexus system dump and endless desire to spoil every Googley surprise we can. Today's edition of the Android 4.2 Teardown could be alternatively subtitled "The Super-Serious Security Edition," because we're talking about the sort of stuff that should make your sysadmin jump for joy.
Please keep in mind this is just as forward-facing and time-ambiguous as all my other teardowns. This is a list of new stuff in the 4.2 dump, not a list of "confirmed for 4.2" features. Read More
The last time we heard from Lockitron the company was trying to sell a $300 smart deadbolt lock that you could open with NFC. This time Lockitron is taking a different, less expensive approach. The new device is mounted on top of your existing deadbolt, allowing you to control it without buying and installing a whole new lock. The product isn't quite ready to ship, but the company has a handy video demo ready to go. Read More
Several weeks ago, Dropbox suffered a small security breach that gave wrong-doers access to a few unlucky users' email addresses. On the good side, it also brought the vulnerability to the Dropbox staff's attention. Since then, they've been working hard to beef up security, and today, they introduced two-step verification.
Much like Google's two-factor authentication, once enabled this requires you to login using two different sets of verification: your password and a unique identifier sent in either a text message or generated locally on the device using the authenticator app (which you have the option to get via QR during the set up process). Read More
Piracy is a major issue for Android, and even more so for Android developers, which is why Jelly Bean introduced App Encryption. But this may be a case of the cure being worse than the disease: hundreds of developers of paid apps have chimed in on a Google Code thread, claiming that the encryption (or more accurately, the location of installed and encrypted apps from the Google Play Store) makes their apps entirely unusable, as account information and other stored data is removed after a device reboot. Read More
If you're serious about security on your Android phone or tablet, you probably know that the Face Unlock feature introduced in Ice Cream Sandwich is a long way from secure. While Google didn't make any claims to the contrary, it looks like the extra "Liveness check" (which requires the user to blink after the initial scan) is almost as susceptible. A group of YouTube users demonstrated how to get past the check with a photo taken off of Facebook and just a few minutes of Photoshopping. Read More
Over at Black Hat USA 2012, security researcher Ralf-Phillip Weinmann demonstrated a vulnerability in several Android devices that utilized A-GPS to send illicit messages to the device which could, he explained, be used to send a report of the device's location any time an A-GPS message was sent or even be used to gain complete control of the device.
In describing the attack, Weinmann pointed out that, for example, a malicious WiFi network could instruct a phone to relay all future A-GPS requests, even once the device has left the WiFi network's range. Read More
We've all read the horror stories: a new virus is crawling through the third-party stores, aiming to steal your personal information, identity, and first born child. More often than not, this type of malicious app is made possible because of one of the various root vulnerabilities that have been discovered throughout the various versions of Android.
X-Ray is a new app that lets you see exactly how vulnerable your device is by scanning it against several of these exploits, including RageAgainstTheCage, Gingerbreak, Mempodroid, Levitator, and a few more. Read More
The Galaxy S III on Sprint has been seeing a considerable amount of update action in the short time since it's been released. Back on June 29th, the device saw a security update and now, according to Sprint's community website, a second "Google security updates" OTA software patch is headed to the device.
The carrier hasn't offered any details on what the update fixes, beyond that today's update is Google-related, while the previous update is just a generic security update. Read More
Xuxian Jiang, along with his research team at North Carolina State University, has cooked up a proof-of-concept "clickjack rootkit" which targets Android. The rootkit is unique not only in that it can function without a device restart, but also in that it targets Android's framework, not requiring deep modifications to the underlying firmware or kernel.
Clickjacking, for those unfamiliar, is a malicious technique typically used on the web to "trick" users into handing over control of their device or confidential information. Read More