Google will be launching its new Allo chat application in the coming weeks, and with it comes true end-to-end encryption. Open Whisper Systems has announced that its own Signal Protocol is powering the encryption in Allo. It's not on by default, which has sent some privacy purists into a fit, but this is still a very good thing. Read More
Most of the mobile devices sold in the US have to wait a long while for security updates to be developed and deployed, and that's just if you're lucky enough to get one. Most phones don't come with any guarantee of security updates, and government regulators are starting to wonder why. The Federal Communications Commission (FCC) and Federal Trade Commission (FTC) are on the case. Read More
Google introduced factory reset protection (FRP) in Android 5.1 to make it impossible to use a stolen device. Ever since then, RootJunky has been finding workarounds for it. Presumably this is all he does, tapping around in the setup menu for hours or days on end until he finds a trick. Google just rolled out the May security patch for Nexus devices, and RootJunky has found a FRP bypass method for it. It's not easy, but it works. Read More
It's the first Monday of May, and that means there are some new factory images and OTAs for the Nexus line. As usual, these new firmware packages include the latest security patches from the preceding month, and possibly some bug fixes and optimizations, as well. While we'll be looking for changes in the AOSP changelog (coming soon), Google has posted the security bulletin to explain the major risks that that have been fixed in this release.
Google took special care to point out that the security bulletin has been renamed (from "Nexus" to "Android") to reflect its relationship to all devices running Android, not just those directly supported by Google. Read More
Google has released its second Android Security Annual report, and it's full of big, impressive numbers. The full report is 49 pages long and covers the state of Android security in detail, but the basics are covered in Google's latest blog post. The gist is, Google scans all the things to keep Android users safe. We're talking about billions of apps; the Verify Apps service sure is working overtime. Read More
Dev previews are by definition not finished, so bugs are to be expected. Sometimes bugs are also patched, though. You might have noticed something that looks broken in the new Android N dev preview recent apps list, but it's not. The missing app previews are actually addressing a bug in the secure apps flag. It's a security thing. Read More
In a perfect world, every manufacturer would update all of its Android phones and tablets every single time Google posted an update to AOSP. We don't live in that perfect world, but at least some of them have paid lip service to the new monthly security updates that Google has been issuing for the last eight months or so. Samsung is one of them... as long as the definition of "monthly" is stretched to something like "eventually." The company posted March's security update notes yesterday (on April 13th) and followed up with the April notes almost immediately. Read More
We're a few days into a new month, which means it's time for a fresh set of security updates for the Nexus family and the Android Open Source Project (AOSP). Factory images are available for most of the actively maintained devices, though it looks like the Pixel C is still waiting its turn. OTAs should also begin rolling out shortly, if they haven't already.
Google has already posted the associated security bulletin for April's update. Read More
Staying private online is easier said than done, but a few services are popping up that promise to shield your conversations from prying eyes. The Signal messaging app, previously known as TextSecure, comes to mind. But the WhatsApp team has been working on securing its messages using some of the same code, and now, after testing things out last month, the service is ready to roll out end-to-end encryption to all users. Read More