Android Police

Articles Tagged:

security

...

Google's Verify Apps now shows apps that it has recently scanned

Google rolled out the Verify Apps framework many years ago to scan apps as they were installed. Then, in 2014 it added the ability to constantly scan apps to watch for malicious behavior. You were sort of taking Google at its word as a user that Verify Apps was indeed rummaging around to keep tabs on things. Now you can see some of what it's doing—the settings menu now shows which apps have recently been scanned.

Read More
...

Two major vulnerabilities found in OnePlus 3 bootloader - OP has patched one, working on the other

OnePlus is something of a darling among Android power users, shipping phones that can be bootloader unlocked without any special permissions or codes. But security researcher Roee Hay found that the OnePlus 3 (and the revised OnePlus 3T) are rather more open than was probably intended. With two native fastboot commands, Hay found he could install unverified boot images and disable the verified boot feature, all without actually unlocking the bootloader with the familiar user-accessible command. Which is, well, bad: it basically means anyone can run malicious code on the phone without resetting the user's data.

Read More
...

Google releases February security bulletin, OTA and system images available for Google devices

It's that time of month again where Google releases security fixes for Android. The Android Security Bulletin for February 2017 has just been posted, addressing 35 critical bugs - most of which affect Nexus and Pixel devices. The most severe issue that the February patch level fixes could enable remote code execution when processing media files.

Read More
...

Google adds more enterprise-grade security controls to G Suite

While on the face of things, it may seem like Google steals data and invades privacy, the company is actually very serious about security. That doubles when it comes to the security of G Suite, Google's enterprise accounts product range. Today the company has announced it's adding a few things to make the accounts even more secure.

Read More
...

Gmail won't allow JavaScript file attachments starting February 13

Malicious emails often attach various forms of executable programs and trick users into running them. These include standard Windows executables (.exe), batch files (.bat), and even JavaScript files (.js). Starting February 13, 2017, Google will not allow JS files to be sent as an attachment, including JS files detected within archives.

Read More
...

Google Play services v10.2 prepares for Google Fit v2 API and FIDO-certified security keys [APK Teardown]

The recent rollout of Google Play services v10.2 came with a cool new Instant Tethering feature that automatically enables a small set of devices to sip on a shared cellular signal when they're in need. Aside from a couple of minor tweaks, that appears to be the only major functional change we're supposed to access at this time. However, that doesn't mean there aren't a few other things waiting to be revealed. Fresh additions to the APK reveal new data types coming to the Google Fit API. There's also support baked in for the new FIDO Alliance U2F tokens for secure authentication.

Read More
...

Google shuts off Chrome Sync API for third-party browsers on Android, citing a security vulnerability

If you aren't familiar, Chrome has two versions: the open-source Chromium project, and Google's proprietary Chrome builds with added functionality (like a built-in Flash player). Numerous browsers on Android are based on Chromium, including the popular Snapdragon-optimized CAF browser. Unfortunately, Google has now shut off access to the Chrome Sync API on Android for anything but Chrome itself, including vanilla builds of Chromium.

Read More
...

The Guardian alleges that WhatsApp has a "backdoor" that could be used to spy on users [Update]

In what I am sure was on purpose due to it being Friday the 13th, some mild form of privacy panic has hit the world due to The Guardian's article this morning about a critical backdoor in WhatsApp. It postulates that, due to how encryption keys are handled when a device goes offline and messages are not sent (for whatever reason), WhatsApp or its parent company Facebook can intercept user communications. Meanwhile, Gizmodo has reported that this is not the case — how WhatsApp handles encryption is a feature and works as intended.

Read More
...

LG posts January security bulletin ahead of Google with Android and LG-specific patches

Google has been releasing monthly security patches like clockwork ever since it revamped the Android security model in the wake of Stage Fright. Samsung and LG are also trying to keep up with the monthly patches, but not always with the most success. LG's getting the jump on Google today, though. It has posted the January security bulletin a little early with information on Google and LG-specific patches.

Read More
Page 5 of 35«First...34567...10...Last»