Android Police

Articles Tagged:

security

...

Google Play services v10.2 prepares for Google Fit v2 API and FIDO-certified security keys [APK Teardown]

The recent rollout of Google Play services v10.2 came with a cool new Instant Tethering feature that automatically enables a small set of devices to sip on a shared cellular signal when they're in need. Aside from a couple of minor tweaks, that appears to be the only major functional change we're supposed to access at this time. However, that doesn't mean there aren't a few other things waiting to be revealed. Fresh additions to the APK reveal new data types coming to the Google Fit API. There's also support baked in for the new FIDO Alliance U2F tokens for secure authentication.

Read More
...

Google shuts off Chrome Sync API for third-party browsers on Android, citing a security vulnerability

If you aren't familiar, Chrome has two versions: the open-source Chromium project, and Google's proprietary Chrome builds with added functionality (like a built-in Flash player). Numerous browsers on Android are based on Chromium, including the popular Snapdragon-optimized CAF browser. Unfortunately, Google has now shut off access to the Chrome Sync API on Android for anything but Chrome itself, including vanilla builds of Chromium.

Read More
...

The Guardian alleges that WhatsApp has a "backdoor" that could be used to spy on users [Update]

In what I am sure was on purpose due to it being Friday the 13th, some mild form of privacy panic has hit the world due to The Guardian's article this morning about a critical backdoor in WhatsApp. It postulates that, due to how encryption keys are handled when a device goes offline and messages are not sent (for whatever reason), WhatsApp or its parent company Facebook can intercept user communications. Meanwhile, Gizmodo has reported that this is not the case — how WhatsApp handles encryption is a feature and works as intended.

Read More
...

LG posts January security bulletin ahead of Google with Android and LG-specific patches

Google has been releasing monthly security patches like clockwork ever since it revamped the Android security model in the wake of Stage Fright. Samsung and LG are also trying to keep up with the monthly patches, but not always with the most success. LG's getting the jump on Google today, though. It has posted the January security bulletin a little early with information on Google and LG-specific patches.

Read More
...

[Update: Fix is live] AirDroid Beta 4.0.0.2 fixes major security issues, official rollout expected soon

A few days ago, independent security firm Zimperium released details about several major security flaws in the popular AirDroid application. In summary, attackers can easily intercept insecure requests to AirDroid's servers, as well as push malicious APKs to devices which appear as AirDroid add-on updates (which AirDroid then prompts the user to accept). Granted, the user has to be on an insecure Wi-Fi network for the attack to work, but it's still a major problem.

That alone is bad enough, but Zimperium informed AirDroid of the problem a whopping seven months ago. During that time, a major 4.0 update was released, which still had the same security issues.

Read More
...

Google posts December 2016 security bulletin to go along with new OTA

There's an OTA update rolling out to Google devices today, but what sort of holes have been patched? Now you can find out with Google's latest security bulletin. Like the last few months, this one has multiple patch levels that you might see on devices going forward.

Read More
...

Blu promises to completely remove the update software that stole user data

Blu took a substantial hit last month when security firm Kryptowire discovered a pre-installed service on several of the company's phones was sending users' data to a server in China. The offending service was part of the OTA update module provided by third-party company Adups. Blu has now promised to get rid of the Adups software after previously neutering it.

Read More
...

[Update: AirDroid responds] Multiple security vulnerabilities found in AirDroid, including ability to send malicious APKs to a user's device

AirDroid is one of several services that allows Android users to send and receive text messages, as well as transfer files and see notifications, from their computer. According to the Play Store, AirDroid has somewhere between 10 and 50 million installs (not counting anyone directly installing the APK from the AirDroid website). Mobile security company Zimperium recently released details of several major security vulnerabilities in AirDroid, allowing attackers on the same network to access user information and even execute code on a user's phone.

Read More
...

The Gooligan Android malware has infected more than 1 million devices since August

The battle against Android malware is ongoing, but it's a big world and Android is everywhere. It presents a tempting target for criminals, and the Gooligan malware is just the latest attempt to make a buck off the trusting nature of smartphone users. This attack has compromised more than a million phones in the last few months, and as many as 13,000 new infections are occurring each day. The goal is not to steal your data (although that can still happen), but to make you download apps in an advertising fraud scheme.

Read More
...

[Updated] Security firm reportedly finds spyware on Chinese Android phones, including Blu devices sold in the US

Mobile security is a huge issue, but most consumers tend to think that at least a brand new phone is safe. That assumption may be in error, according to security research firm Kryptowire. In a new report Kryptowire documents the inclusion of software tools collectively called Adups, which allegedly shipped on phones like the Blu R1 HD and other devices sold internationally, including the US market via Amazon and Best Buy.

Read More
Page 2 of 3212345...10...Last»