Scary tales about Android malware have been told since before people started guessing what dessert name would start with the letter 'D' (it's "Donut," in case anybody has forgotten.) Most of those claims came and went, amounting to little more than ghost stories. Unfortunately, there are a few real ghouls and goblins for which we should be afraid. Back in February, one such monster was discovered lurking about that allowed modified APKs to be installed on your device while successfully side-stepping the cryptographic signature used to prevent that very thing.
After a few months of testing, Sony has announced its my Xperia service will be hitting all regions in the next few weeks. This system will provide remote management of 2012 and 2013 Xperia devices. Smartphones are expensive – it's nice of Sony to help you keep track of it.
Once it is deployed in your country, my Xperia will come in the form of a new app that can be enabled in settings.
We don't need no NSA up is our business, right? CyanogenMod recently added the Privacy Guard feature to nightlies to protect user data from sketchy apps, but the next innovation might go deeper than that. Koushik Dutta (Koush) has started development of a secure messaging platform for CyanogenMod devices.
Koush expressed his admiration for the elegance of iMessage in his post, and he wants to do the same for CyanogenMod. To that end, Koush has built an encrypted open source push messaging plugin for CM that would stand in for regular SMS.
Have you ever refused to install an app because it wants too many permissions? Yeah, a lot of people have, and we don't blame them. A little too much trust can lead to stolen information, mysterious charges on your cellular bill, or worse. Thanks to developer M66B, we've got a simple way to lock down potentially misbehaving software. His new mod, XPrivacy, can block several types of activities and queries, despite the permissions granted at installation.
Most people make do with a PIN or pattern lock to secure their Android devices. If you need something a little stronger (or just want to feel like Ethan Hunt) EyeVerify has just released the beta version of an app that uses honest-to-goodness eye scans. Eyeprint takes a photo of your face, then matches the pattern of blood vessels on your eyeballs to a previous photo to access locked apps. The beta is extremely limited - none of my devices are showing compatible on the Play Store.
Google has quietly rolled out two new features in account settings that give you a quick overview of everything going on with your account security. The security dashboard shows all your important security settings, and the recent activity page tracks account sign-in history. These features could potentially help users track down suspicious behavior in a snap.
The security dashboard tells you how long ago you changed your password, what your account recovery options are, how you receive notifications, 2-step verification status, and lists your connected apps.
If you're paranoid about losing both your smartphone and your tablet... well, you probably shouldn't be carrying both in an area where either is likely to get stolen. But if you do, and feel like you need an extra layer of protection, McAfee is here to indulge your fear. Smart Perimeter Plus (in the Security Innovations app) links your Android phone and tablet, then sets off an alarm if either are separated from the same WiFi network.
There may be many ways to root an Android phone, but there's allegedly one root to rule them all. At this year's Black Hat USA 2013 conference, security researcher Jeff Forristal will detail how to gain system access and control on nearly any Android device. The bug was disclosed back in February, and Google presumably has worked to patch the vulnerability in the months since, so don't get too excited.
Over the weekend, Android Police received a tip about a serious privacy hole in Facebook Pages Manager for Android that made some privately uploaded photos public. Shortly after I made the details of the issue public, Facebook Security got in touch and let us know that its engineers were looking into the report and trying to get a fix up soon.
At 4:19pm PT today, I received a follow-up email from Facebook Security that confirmed a fix had been rolled out server-side, and no app update was necessary.