Android Police

Articles Tagged:

android security


Android 10 beta Galaxy S9 and Note9 iris scanners now support Google's new Biometric API

Samsung may have removed the iris scanner from its recent flagship devices like the Galaxy S10 and Note10, but it hasn't forgotten about it on earlier hardware. According to some Galaxy S9 and Note9 users in the Android 10 One UI 2.0 beta program, the company has updated the iris scanner in those phones to be compatible with Google's new Biometric API, a one-stop-shop for in-app user authentication.

Read More

Android camera app flaws left devices vulnerable to spying eyes (Update: App clarification)

A new security vulnerability has been discovered inside the Android camera app that potentially affects hundreds of millions of phones across the world. Discovered by a team of security researchers at Checkmarx, the exploit allows a malicious app with access to a phone's storage system to bypass Google's permission safety net and completely spy on users.

Read More

To the shock of no one, research paper shows 5G is vulnerable to all sorts of attacks

Although 5G is often touted for being newer, faster, and more secure than 4G, a team of security researchers from the University of Iowa and Purdue University has flipped the last bit of that marketing message on its head by discovering almost a dozen new 5G vulnerabilities. As a result of these breaches, they were able to carry out some nasty attacks like location tracking, broadcasting of false emergency alerts, and severing the 5G connection of a phone entirely from the network.

Read More

USB and Bluetooth accessories can be used to attack Android phones and spy on owners

A group of security researchers has discovered an exploit that lets Bluetooth and USB accessories wreak all sorts of havoc on multiple Android smartphones. In both cases, the door of entry was the cellphone modem, or baseband, which is found inside all smartphones.

Read More

[Update: Sprint, T-Mobile] US carriers launch system that could replace app passwords with your phone itself

Smartphone users already have several great options when it comes to password managers on Android, letting them log in to supported apps at the press of a button. Now they're being joined by ZenKey, a new service developed in collaboration with the four major US cell carriers that's looking to do away with individual passwords while claiming some robust security features of its own.

Read More

October Pixel patches now available via OTA files and factory images

Promptly on time, Google has released October's OTA files and factory images for the Pixels, as well as its general Android security bulletin for the month. At the same time, Verizon is pushing out the set of patches to Pixel users now. It's the second update to Android 9 Pie, and this time around there are no Pixel security patches — just a few functional patches including, most notably, what might finally be a fix for the 2016 Pixel fast charging bug.

Read More

Wi-Fi Alliance announces WPA3 security protocol for protecting wireless devices

The Wi-Fi Alliance has announced additional measures to secure wireless devices, following revelations last year about an oversight in the WPA2 specification which left devices vulnerable.

Read More

Google paid out $550k for Android Security Reward bounties in the last year, is upping bounty amounts

A year ago today Google announced Android Security Rewards, an expansion of its Vulnerability Rewards Program. Find a vulnerability, tell Google about it, help them fix the issue, and take home money. That's the concept, and it's a common one in the tech industry.

Google handed out over half a million bucks to 82 individuals over the past year. This averaged out to $2,200 per reward. Researchers averaged higher payouts, at $6,700. One, @heisecode, received $75,750 for 26 vulnerability reports. 15 researchers received $10,000 or more.

Read More

Android Now Shows Your Device's "Android Security Patch Level" In Marshmallow

While going hands-on with the Nexus 5X and 6P a bit earlier, I noticed something interesting in the "about" screen of both devices: a new field. It's called "Android security patch level," and what it appears to do is display the date of your phone's most recent security patch.

We know Google has been taking significant flack for Android security updates post-Stagefright, so it seems this feature may be in response to those criticisms. I didn't learn anything else about it, but it was definitely on the 5X and 6P units I used, and speaking to a Google rep, they suggested this feature would ship on the devices.

Read More