Reddit user Ponkers posted an interesting find to /r/Android today, pointing out a significant privacy hole in Skype that essentially allows users to force an Android device to answer a call, making eavesdropping nearly effortless.
Ponkers drew a diagram below, which I feel compelled to include based on its artistic merits, but here's the gist of how the process works.
Assume you have three devices, device 1, device 2, and device 3. Read More
In a report released today, security researchers claim to have identified a vulnerability in as many as 24 Coolpad devices. The backdoor, which the researchers at Palo Alto Networks call "CoolReaper," reportedly installs adware without user consent or notification. More problematic is the fact that Coolpad built the backdoor into the operating systems themselves. The cherry on top is that Coolpad even had the nefarious app impersonate the Google Play Services framework file to avoid alerting users. Read More
Who better to learn encryption from than the people who have actively tried to build vulnerabilities into encryption? Nobody, says the GCHQ, the British NSA equivalent that has released a free Android app called Cryptoy to teach children the basics of encryption. The app, designed for tablets, focuses on four basic techniques and allows users to create encrypted messages for sharing to friends to decode. Read More
There are updates, and then there are updates. For Cerberus, version 3.0 is the latter. It gets the app ready for Android 5.0 by covering it with pretty materials. Well, as pretty as this particularly unflattering app is going to get.
Cerberus still consists mostly of menus, but now the action bar is very red, a hamburger icon sits in the top left corner, and a sidebar (redesigned since the last time we took a look at the beta) now pulls out over every other part of the interface. Read More
PasswordBox is a system that allows users to keep long and secure passwords to major services, auto-inputting the fields on desktops and mobile platforms and syncing them to a cloud-based system with a single login. It's a popular alternative to the similar LastPass system. Yesterday Intel announced that it had acquired the 44-person company for an undisclosed sum, and intends to integrate it into its Intel Security team (which includes support from McAfee) going forward. Read More
Secure Settings is a complex Tasker/Locale plugin for rooted and non-rooted security conscious users alike. Version 1.3.5 of the app has gone stable, bringing with it a beefy changelog that should help the software play nicely with modern devices and give older handsets new perks as well. Read More
Do you fret about vast government conspiracies, lizard people running the world, and the all-seeing eye of the NSA? Well, you might have a little problem with paranoia there, but you don't have to be paranoid to see the appeal of Telegram. This is a secure messaging app that has full end-to-end encryption, and with version 2.0, a new material design theme.
Not all new features are created equal, and this particular change has us kind of scratching our heads wondering why Google would consider it a good idea. In Lollipop, you can now access your quick settings straight from the lockscreen. This way you can toggle Wi-Fi, cellular data, and Bluetooth without unlocking the device, even if it's secured behind a passphrase. Read More
Writing for Android Police from my home office in Virginia, it's not every day that I get to report on something somewhat close to home. But here it is. A Virginia Circuit Court judge has ruled that while police officers cannot compel a person to give up their passcode, they can demand someone use their fingerprint to unlock their phone.
Judge Steven C. Frucci made the ruling this week, saying that giving a police officer your fingerprint is similar to providing a DNA or handwriting sample, something the law permits. Read More
Google's two-factor authentication system is a great way to keep your email and other accounts safe, especially if you've always got a smartphone (or even a dumb phone) around. Today Google is adding even more options beyond the current phone call, text message, email, and app-based verification. The latest update to the desktop version of Chrome lets you use a USB key as your two-factor security token, ensuring access via both your physical presence and your login password. Read More