The SafetyNet API is the bane of root and custom ROM users everywhere. For those unfamiliar, it is part of the Google Play Services API that is designed to detect modified devices. If your system is tampered with in any way, be it rooted or a custom ROM, the SafetyNet check will fail. Android Pay, among other applications, uses this API and will fail to run if SafetyNet fails.
Reports are coming in from Reddit and our own tip box that SafetyNet appears to fail on some bootloader-unlocked devices, even if the device has not been modified in any other way. Devices confirmed to have issues include the Nexus 6P, OnePlus 3, and Nexus 6. Read More
Security has been a hot topic on Android for many years, particularly as smartphones take on increasingly significant roles both at home and at work. A single device acts as your main form of communication, contains personal photos and confidential documents, and may even have access to your finances. Google and other companies have made significant investments in time and money to ensure these devices are very hard to break into. However, a vulnerability was recently discovered in some phones that compromises important security measures and opens devices up to various types of attacks. The worst part is that it was created intentionally by a manufacturing partner contracted to build the phones, and the OEMs that designed the phone had no idea. Read More
There is no shortage of WiFi-capable wireless security cameras on the market today. The Canary Flex is another entry, but with a few tricks that help it stand out from the crowd. First off, the design marks a strong resemblance to GlaDOS, and is available in white or black colors.
Inside the main unit is a 720p camera (actually 1080p, but downgraded for smoother streaming), a high-quality microphone, a 116° wide-angle lens, and dual-band WiFi and Bluetooth Low Energy support. There is also a speaker for two-way communication, but that feature will come in a future software update. Read More
Google's Safe Browsing feature has been around since 2007, and has protected millions of people from harmful threats on the internet. It's a blacklist of harmful websites, such as those distributing malware and phishing scams, that Google actively updates every day. The database is used by Chrome, Firefox, and even Safari to ensure users can be as safe as possible online.
Back at Google I/O, Google announced they would make an official API for applications to check a given website in the Safe Browsing database. Starting with Google Play Services 9.4, developers can finally use the API in their apps.
The Safe Browsing API uses the latest version of the Safe Browsing Network Protocol, meaning it's designed to be as quick (and use up as little cellular data) as possible. Read More
Google is preparing to make a significant change to how users are informed of security online. Beginning in January 2017, Chrome will subtly mark password and payment pages as non-secure if they use HTTP instead of HTTPS. This is just the first step toward marking all HTTP pages as non-secure with a more visible notice. Read More
Email scams are as old as email itself, but Google is doing its best to help you make smart decisions. Starting this week, Gmail users will see some new tools that identify potentially dangerous messages. There are two new features here, but only one is coming to Android. Read More
Google already sends email notifications when a new device accesses your account, but people are programmed to ignore email. According to Google, native Android notifications are four times more effective at getting your attention, so that's what it's going to show you from now on when devices are added to your account. Read More
Frequent United flyers may find themselves using the airline's Android app more often than they realize. The latest update cuts down on how often you have to type out your password as you sign in to your MileagePlus account. Now you can tap a fingerprint scanner instead. Read More
Starting in Android 4.4, Google implemented verified boot (known as dm-verity) in the Android kernel to prevent malware from hiding in your device. This was all behind the scenes until Android 6.0 Marshmallow—that's when Google started alerting users to system integrity. In Android 7.0, it's going a step further. In Nougat, verified boot will be "strictly enforcing" and won't allow your device to boot if the software has been compromised. Android will also be able to correct errors, but this will cause some headaches for modders. Read More
The Factory images and OTA ZIPs for July 2016 are now available for the full line of supported Nexus hardware (still waiting for the Pixel C). They're a little behind schedule this month, possibly because it was Independence Day in the United States on Monday, or possibly to leave time for some late-breaking security patches that may have been added in the eleventh hour. The Android Security Bulletin covers the list of vulnerabilities addressed with this set of updates, and for the first time it includes two separate lists: one dated July 1st and the other dated July 5th. Read More