Since the first release, Android has required developers to sign their applications. When you update an app, Android will compare the update's signature to the existing version. If they match, the app update will install. This way, developers don't have to worry about modified APKs causing problems, and users are kept secure. Read More
Vulnerabilities. There's a new flavor of the week every few days and in this highly connected world, it's tough to keep up, whether it's for users who don't know which of their devices are vulnerable and have/haven't been patched or for companies who are scrambling to fix one bug only to see the next one around the corner.
The BlueBorne vulnerability affected Bluetooth devices and could be exploited by hackers to completely take over a device with Bluetooth just turned on, without pairing with it first. Android patched it in September, but it appears that Amazon Echo and Google Home devices were left vulnerable for a while. Read More
Recently, Google has notified developers of apps that use Accessibility features for purposes other than helping users with disabilities to cease using those APIs or otherwise unpublish their app. The impetus for this move appears to be existence of (now removed) apps in the Play Store which use Accessibility features in conjunction with a vulnerability patched as part of the September security update to install malware. Read More
Many companies give out rewards for vulnerabilities found in their software, and Samsung is now joining those ranks. The Korean tech company's Mobile Security Rewards Program has just gone public, enabling security researchers to receive awards of up to $200,000 per bug found. Read More
What's worse than a security vulnerability in a widely-used program? A security vulnerability in several widely-used programs. Researchers from Check Point Software Technologies have uncovered a flaw in a handful of media players (including VLC, Kodi, Stremio, and PopcornTime) that allows hackers to run executable code through subtitle files. Read More
We of a certain age remember the days before WiFi was widespread. It sucked. Now, there's a wireless network on every corner bringing you all the wonders (and horrors) of the internet. They can also bring you something else: hacks. A researcher from Google's Project Zero security team has revealed an exploit for Broadcom WiFi chips that can allow an attacker to execute code on your device. They just have to be on the same WiFi network as you. Read More
Android is a hulking beast as far as global user share is concerned — hell, it's the most-used operating system in the world, surpassing even Windows (in terms of internet usage). When Samsung announced that it was creating its own open-source alternative to Google's mobile OS, it was not really a surprise. We've had several upstarts over the years, like Sailfish, Firefox OS, Ubuntu Touch, and so on, but all of them have failed in some form or another. There were a few people, however, who thought Sammy could be the one to unseat Google and Android with a mobile operating system that it called Tizen. Read More
In what I am sure was on purpose due to it being Friday the 13th, some mild form of privacy panic has hit the world due to The Guardian's article this morning about a critical backdoor in WhatsApp. It postulates that, due to how encryption keys are handled when a device goes offline and messages are not sent (for whatever reason), WhatsApp or its parent company Facebook can intercept user communications. Meanwhile, Gizmodo has reported that this is not the case — how WhatsApp handles encryption is a feature and works as intended. Read More
Security has been a hot topic on Android for many years, particularly as smartphones take on increasingly significant roles both at home and at work. A single device acts as your main form of communication, contains personal photos and confidential documents, and may even have access to your finances. Google and other companies have made significant investments in time and money to ensure these devices are very hard to break into. However, a vulnerability was recently discovered in some phones that compromises important security measures and opens devices up to various types of attacks. The worst part is that it was created intentionally by a manufacturing partner contracted to build the phones, and the OEMs that designed the phone had no idea. Read More
About nine months ago, Rootjunky managed to bypass the factory reset protection (FRP) on Samsung devices simply by inserting an OTG drive into the phone and installing an app. Then, two months later, he found a vulnerability on LG phones; this time, he circumvented FRP by using talkback settings to open a browser, downloading an APK that opened settings, adding a new user, switching back to the main account, and then resetting without FRP. However, this new exploit for Samsung phones might be the most ingenious yet.
Factory reset protection was added to Android with 5.1 Lollipop, but since different OEMs use different variations of Android, vulnerabilities can arise. Read More