Android Police

Articles Tagged:

security

...

Nest finally adds two-factor authentication

Nest recently announced that two-factor authentication is here, finally adding in the often asked for option of secondary security. There does appear to be one caveat in regard to this new security measure, but isn't there always?

Read More
...

CloudPets user data, possibly including children's voice messages, hacked and held for ransom

Everything can be hacked, as a certain Overwatch character is fond of saying. That seems to be increasingly true of consumer electronics... including stuffed teddy bears and unicorns. According to security researcher Troy Hunt, a series of web-connected, app-enabled toys called CloudPets have been hacked. The manufacturer's central database was reportedly compromised over several months after stunningly poor security, despite the attempts of many researchers and journalists to inform the manufacturer of the potential danger. Several ransom notes were left, demanding Bitcoin payments for the implied deletion of stolen data.

Read More
...

Google's Verify Apps now shows apps that it has recently scanned

Google rolled out the Verify Apps framework many years ago to scan apps as they were installed. Then, in 2014 it added the ability to constantly scan apps to watch for malicious behavior. You were sort of taking Google at its word as a user that Verify Apps was indeed rummaging around to keep tabs on things. Now you can see some of what it's doing—the settings menu now shows which apps have recently been scanned.

Read More
...

Two major vulnerabilities found in OnePlus 3 bootloader - OP has patched one, working on the other

OnePlus is something of a darling among Android power users, shipping phones that can be bootloader unlocked without any special permissions or codes. But security researcher Roee Hay found that the OnePlus 3 (and the revised OnePlus 3T) are rather more open than was probably intended. With two native fastboot commands, Hay found he could install unverified boot images and disable the verified boot feature, all without actually unlocking the bootloader with the familiar user-accessible command. Which is, well, bad: it basically means anyone can run malicious code on the phone without resetting the user's data.

Read More
...

Google releases February security bulletin, OTA and system images available for Google devices

It's that time of month again where Google releases security fixes for Android. The Android Security Bulletin for February 2017 has just been posted, addressing 35 critical bugs - most of which affect Nexus and Pixel devices. The most severe issue that the February patch level fixes could enable remote code execution when processing media files.

Read More
...

Google adds more enterprise-grade security controls to G Suite

While on the face of things, it may seem like Google steals data and invades privacy, the company is actually very serious about security. That doubles when it comes to the security of G Suite, Google's enterprise accounts product range. Today the company has announced it's adding a few things to make the accounts even more secure.

Read More
...

Gmail won't allow JavaScript file attachments starting February 13

Malicious emails often attach various forms of executable programs and trick users into running them. These include standard Windows executables (.exe), batch files (.bat), and even JavaScript files (.js). Starting February 13, 2017, Google will not allow JS files to be sent as an attachment, including JS files detected within archives.

Read More
...

Google Play services v10.2 prepares for Google Fit v2 API and FIDO-certified security keys [APK Teardown]

The recent rollout of Google Play services v10.2 came with a cool new Instant Tethering feature that automatically enables a small set of devices to sip on a shared cellular signal when they're in need. Aside from a couple of minor tweaks, that appears to be the only major functional change we're supposed to access at this time. However, that doesn't mean there aren't a few other things waiting to be revealed. Fresh additions to the APK reveal new data types coming to the Google Fit API. There's also support baked in for the new FIDO Alliance U2F tokens for secure authentication.

Read More
...

Google shuts off Chrome Sync API for third-party browsers on Android, citing a security vulnerability

If you aren't familiar, Chrome has two versions: the open-source Chromium project, and Google's proprietary Chrome builds with added functionality (like a built-in Flash player). Numerous browsers on Android are based on Chromium, including the popular Snapdragon-optimized CAF browser. Unfortunately, Google has now shut off access to the Chrome Sync API on Android for anything but Chrome itself, including vanilla builds of Chromium.

Read More
Page 3 of 3312345...10...Last»