Avast has been busy today. The company has released its new Mobile Backup app in Google Play, and it looks to have an okay feature set (it was previously in beta). The Mobile Security and Antivirus app also got a substantial update. Mobile Backup will grab your contacts, call log, images, videos, SMS, and more, then upload them to the cloud for safe keeping.
Bitcoin is still emerging as an online currency, and that means issues are sure to pop up in the way it's implemented. This time there's an Android-specific problem. It turns out there's a weakness in the way Android generates random secure numbers (the Java SecureRandom class), which most Bitcoin apps use to create wallet IDs. That means an attacker could possibly figure out your wallet key and swipe your digital cash. Read More
How much would you pay for an Android security suite that may occasionally be of use? Maybe $1.99? $4.99? How about $149.00? No? Well, that's what Kaspersky Lab is currently asking for its Mobile Security app in Google Play. Got a lot of cash to burn and very little common sense? Kaspersky Tablet Security is only $199.00. What?
See, the apps for phones and tablets used to cost $4.95 and $9.95, respectively. Read More
Today's Twitter update has a keen focus on security. Back in May, the company introduced an SMS-based two-factor authentication system for signing into the service. Now login requests can be be verified using just the mobile app. Users can sign into Twitter and enjoy the extra security of two-factor authentication without having to provide a phone number or worry about cell reception. The app also generates backup codes just in case your phone isn't available when you want to sign in later on. Read More
Remember when Google's app verification and malware scanning service debuted with Android 4.2? No? Well, that's probably because statistically speaking, you're likely to be one of the 95% of Android users rocking 4.1 or earlier. To help address this, it looks like Google has moved the Verify Apps system to Google Play Services, which at this point should be installed on all Google Play Store-equipped Android devices running Gingerbread or higher. Read More
Samsung announced this spring that security app LoJack would soon be built into the Galaxy S4. The necessary firmware arrived on most North American variants of the S4 in recent weeks, and now the service is live to take advantage of it. LoJack can be activated on your Galaxy S4 today for $29.99 per year. In return for your money you get phone tracking, remote wipe, and recovery assistance.
The LoJack app is built into the firmware of the device, making it persistent through factory resets (but probably not ROM flashes). Read More
If you're having reception issues or dropped calls at your home or office, Verizon Wireless (and other carriers) might recommend you pick up a femtocell. This is a small device that plugs into your router and acts like a miniature cell tower. However, a pair of security researchers have revealed how they managed to use that same device to snoop on phone calls and other communications. Read More
A few weeks ago the "Master Key" APK verification vulnerability rocked the Android security landscape... then immediately stopped rocking it, once Google revealed that they had patched the vulnerability months ago. Still, that's little comfort to users who aren't on a brand-new 4.2 phone (or, you know, a Nexus device that gets real updates). CyanogenMod has responded by patching all of its official ROMs (twice), and now noted security firm Duo has teamed up with Northeastern University's SecLab to do the same for all Android rooted users, regardless of their device. Read More
Second verse, same as the first. Two days ago the CyanogenMod ROM team announced a security update to the CM 10.1 platform, incorporating the "Master Key" security patch that Google had already issued back in February. Yesterday another, more intricate exploit in the same vein was posted by a Chinese blog, and again, Google has rapidly moved to patch the problem in Android... which won't be much comfort to those running an older release. Read More
Hot on the heels of Bluebox's disclosure of the "Master Key" exploit, a Chinese blog has posted details of a similar vulnerability. This attack also sidesteps a bug in the signature verification step and allows seemingly innocent APKs to include a potentially dangerous payload; and like its brethren, Google has already patched the flaw and posted it to the Android Open Source Project (AOSP). The information comes to us from a China-based group (or possibly individual) calling itself the Android Security Squad. Read More