CyanogenMod is already one of the most polished Android ROMs out there, but as the dev team says in the most recent blog post, running a custom OS shouldn't mean you're lacking first-class features. To that end, CyanogenMod ROMs will soon include CyanogenMod Account for encrypted device management. The account provider is already in CM's Github, but don't get too ahead of yourself – the CyanogenMod Account isn't rolling out right away.
When it comes right down to it, few things are much scarier than finding out somebody can track your movements, read your call log and text messages, and even record audio and take pictures of whatever the phone can get, all without your knowledge. Here's the thing - as careful, security-conscious people, many of us already install software like that for our own purposes, usually to recover a phone in the event it should fall into the hands of thieves. Like a weapon intended for protection, sometimes our best defenses can be turned against us.
It was recently discovered that Cerberus anti theft, a tool we've talked about a few times in the past, has a weakness in its network protocol that allows a determined hacker to use brute-force methods to find the IMEI numbers of user devices and ultimately invoke any of Cerberus's functions. Read More
Avast has been busy today. The company has released its new Mobile Backup app in Google Play, and it looks to have an okay feature set (it was previously in beta). The Mobile Security and Antivirus app also got a substantial update. Mobile Backup will grab your contacts, call log, images, videos, SMS, and more, then upload them to the cloud for safe keeping.
Bitcoin is still emerging as an online currency, and that means issues are sure to pop up in the way it's implemented. This time there's an Android-specific problem. It turns out there's a weakness in the way Android generates random secure numbers (the Java SecureRandom class), which most Bitcoin apps use to create wallet IDs. That means an attacker could possibly figure out your wallet key and swipe your digital cash.
Anyone that generated a Bitcoin wallet key on an Android device is potentially affected (even if it is no longer used on Android). Keys generated elsewhere and simply used on Android are not vulnerable to the potential attack. Read More
How much would you pay for an Android security suite that may occasionally be of use? Maybe $1.99? $4.99? How about $149.00? No? Well, that's what Kaspersky Lab is currently asking for its Mobile Security app in Google Play. Got a lot of cash to burn and very little common sense? Kaspersky Tablet Security is only $199.00. What?
See, the apps for phones and tablets used to cost $4.95 and $9.95, respectively. A bit steep, but not outlandish. So does Kaspersky really think its software is worth hundreds of dollars all of a sudden? Probably not. It looks like the company tried to nudge the price upward and just missed a few keys on the keyboard. Read More
Today's Twitter update has a keen focus on security. Back in May, the company introduced an SMS-based two-factor authentication system for signing into the service. Now login requests can be be verified using just the mobile app. Users can sign into Twitter and enjoy the extra security of two-factor authentication without having to provide a phone number or worry about cell reception. The app also generates backup codes just in case your phone isn't available when you want to sign in later on. Yet in my case, I had to use the backup code even with my phone in front of me. Read More
Remember when Google's app verification and malware scanning service debuted with Android 4.2? No? Well, that's probably because statistically speaking, you're likely to be one of the 95% of Android users rocking 4.1 or earlier. To help address this, it looks like Google has moved the Verify Apps system to Google Play Services, which at this point should be installed on all Google Play Store-equipped Android devices running Gingerbread or higher. The change was spotted by JR Raphael at ComputerWorld.
Verify Apps is not to be confused with the "Bouncer," Google's Play Store watchdog that keeps an eye on the included Android apps, to greater or lesser success. Read More
Samsung announced this spring that security app LoJack would soon be built into the Galaxy S4. The necessary firmware arrived on most North American variants of the S4 in recent weeks, and now the service is live to take advantage of it. LoJack can be activated on your Galaxy S4 today for $29.99 per year. In return for your money you get phone tracking, remote wipe, and recovery assistance.
The LoJack app is built into the firmware of the device, making it persistent through factory resets (but probably not ROM flashes). This can be done manually on rooted devices with apps like Cerberus, but the people able to do that aren't really the market Samsung and Absolute Software (the maker of LoJack for Mobile) are going for. Read More
If you're having reception issues or dropped calls at your home or office, Verizon Wireless (and other carriers) might recommend you pick up a femtocell. This is a small device that plugs into your router and acts like a miniature cell tower. However, a pair of security researchers have revealed how they managed to use that same device to snoop on phone calls and other communications. Read More
A few weeks ago the "Master Key" APK verification vulnerability rocked the Android security landscape... then immediately stopped rocking it, once Google revealed that they had patched the vulnerability months ago. Still, that's little comfort to users who aren't on a brand-new 4.2 phone (or, you know, a Nexus device that gets real updates). CyanogenMod has responded by patching all of its official ROMs (twice), and now noted security firm Duo has teamed up with Northeastern University's SecLab to do the same for all Android rooted users, regardless of their device. The patch is called "ReKey," and it's from both the Play Store and the ReKey website. Read More