Android Police



OnePlus accidentally exposes customer information — again — in the stupidest way possible

OnePlus has now suffered two security snafus in just a month. Today's news is a bit less serious, but given the company's history, it's indicative of a clear trend. OnePlus blasted out a mass mailer for a research study earlier today, and someone seems to forgotten what BCC means, giving everyone in the chain access to hundreds of customer emails. Whoops.

Read More

Google Chat, Meet, Gmail gain new security tools

Google has put in place new security measures across Gmail, Chat, and Meet that will protect users from forgers, spammers, and rabble-rousers looking to disrupt their communications. Most of these changes will take effect for G Suite users first, though consumer Google accounts do have at least one takeaway as well.

Read More

Massive Twitter breach made possible by social engineering

Some verified Twitter accounts are not able to post tweets right now. The company says it is working to investigate and fix a major vulnerability that saw celebrities including Jeff Bezos, Warren Buffett, Bill Gates, Elon Musk, Kanye West, and MrBeast of YouTube fame post bogus offers to give back double whatever Bitcoin deposit their followers put in.

Read More

Flash VPN, UFO VPN, and five other services leaked 1.2TB of private information

When you use a VPN service, you're trusting it with the same data that your internet service provider would typically collect. That's why it's crucial to properly research any VPNs you use, even if they claim to not collect any logs. Case in point: seven VPN services using the same white-label provider were found leaking a lot of user data.

Read More

Mozilla's Firefox VPN is now out of beta on Android

Mozilla has been working on a VPN for a long time, first experimenting with such a service in 2018. But lately, there's been more movement. The company has been beta-testing its latest take on virtual networks since last year, with an Android app available since early 2020. Today, Mozilla has announced that it's officially launching the paid service in a few countries.

Read More

Firefox for Android fixes critical security vulnerability in latest update (APK Download)

Mozilla has been busy at work on a rewritten version of Firefox for Android, which is already live in the browser's Beta and Nightly (formerly Preview) channels. However, if you're still on the regular stable version of Firefox for Android, you should update right now.

Read More

OnePlus fixes yet another security flaw that may have exposed sensitive customer data

A security vulnerability in OnePlus' out-of-warranty repair and advance exchange invoicing system has been fixed. The vulnerability, which was discovered on June 30th, exposed customer details including full names, phone numbers, email addresses, IMEI numbers, and physical addresses. The system affected is run by a third-party vendor and is only used by US customers. Android Police disclosed details of the vulnerability to OnePlus after receiving a tip from a reader, and OnePlus does not believe it was ever actively exploited.

Read More

Arlo announces the Ultra 2 with improved Wi-Fi connectivity and... not much else

Arlo has been making some of the best home security products on the market for a while now. Just a few weeks back we saw the launch of the budget-oriented Essential Spotlight camera, but users looking for higher-end surveillance could always turn to last year's Arlo Ultra. Now that model is getting a few tweaks, as Arlo announces the Ultra 2, a mildly refreshed edition of its 4K-capable camera.

Read More

Android's Enterprise program to switch out security update requirements for mandatory transparency

For two years, Google has been trying to make it easy for businesses to run and deploy reliable Android devices through its Android Enterprise Recommended (AER) program. It's essentially a collection of certified hardware with certain minimum guarantees: They must be eligible for zero-touch enrollment, carrier-unlocked, and should receive security updates no later than 90 days of release for a minimum of three years. As XDA Developers reports, the latter requirement might soon be significantly relaxed in favor of more nebulous transparency requirements.

Read More

Google Chrome extensions found spying on users once again

According to a report by Reuters, researchers at Awake Security uncovered a new spyware campaign that threatened the security of Chrome users. Google removed the more than 70 offending extensions from the Chrome Web Store last month after being alerted to the malicious activity, but not before they were downloaded 32 million times by unsuspecting users.

Read More