Security firms spot new malware variations all the time, but most of them aren't very sophisticated. They don't have to be to spam ads or track your location. However, the newly identified Skygofree is in a completely different league. According to Kaspersky, this piece of malware possesses features never before seen in the wild.
Read MoreInBrief
Emergency Patch Issued For Android Studio And IntelliJ-Based IDEs To Close Up Two Serious Security Vulnerabilities
Chainfire Explains His Root Method For The Latest Lollipop Developer Preview, Modified Kernels May Become A Requirement
The final round of Developer Preview images released on Friday left a number of users without root access on their devices, but a lightning fast quick-fix by Chainfire had them back in business the following day. Yesterday, he took to Google+ with a follow-up of how it works and the issues that are making it more difficult to acquire root on the latest version of Android.
Due to increasingly effective security measures and stricter enforcement of SELinux, it seems that many, or possibly all of the available methods for initializing the SuperSU daemon at startup have been rendered ineffective. As part of Chainfire's updated root, custom kernels were posted for the Nexus 5, Nexus 7, and ADT-1 that switch a few SELinux policies to permissive mode so that SuperSU can be run in the correct context after a device boots up.
Read More
[New App] Bluebox Heartbleed Scanner Can Help You Discover An OpenSSL Vulnerability On Your Device
The Internet has been abuzz over the recently discovered Heartbleed bug. If you're not already familiar, Heartbleed is a vulnerability in the OpenSSL software library that allows an attacker to steal data directly from the memory space of an application and learn the private keys used to keep data securely encrypted as it travels over the Internet. The implications of this kind of leak are certainly severe, and it has everybody rushing to either install updates that fix the bug or implement workarounds to disable it.
As users, there's not a lot you can do to close this security hole on your device, but you might still want to know if you're vulnerable.
Read More
New Firewater S-Off Tool Will Unlock Any HTC Device In Moments
Like most OEMs, HTC likes to lock down the devices it sells to the general public, but maybe you like a little more freedom. That means an exploit is required to get s-off status. The new Firewater S-Off tool can manage that for any (or at least very nearly any) HTC device, even newer HTC One phones.
The tool comes courtesy of developers beaups and fuses, and it's completely free for personal use. Just download the files and get to work. The website has a full walkthrough of the process. There are some prerequisites that need to be taken care of first, though.
Read More
RockMyMoto Roots Moto X After Latest Camera Update, Should Work On All Recent Motorola Phones
Some Moto X owners weren't particularly happy to learn that a recent OTA with improvements to the camera also had the undesirable consequence of breaking root acquired through PwnMyMoto. Fortunately, the creator of PwnMyMoto, Justin Case, is back with an updated root method that works on the latest Moto X update and should be compatible with all recent Motorola firmwares.
Update: RockMyMoto is confirmed to also work on the latest firmwares for the Droid Maxx, Ultra, and Mini.
Disclaimer: Android Police isn't responsible for any harm to your device - proceed at your own risk.
If you're eager to get started, swing by the RockMyMoto thread on XDA.
Read More
[Security] Vulnerability In Firefox For Android Discovered That Allows Hackers To Steal Files From The SD Card And Firefox's Privately Stored Data [Update]
The security of our mobile apps and private data is a very serious matter. This is particularly true for high value targets like web browsers, which often store login credentials that can be used to access many of the websites we use on a regular basis. Unfortunately, browsers are also very complicated applications with an extensive set of features that are difficult to lock down completely. Sebastián Guerrero Selma of viaForensics recently posted a video demonstrating a newly discovered vulnerability in Firefox for Android which would allow hackers to access both the contents of the SD card and the browser's private data.
Read More
PwnMyMoto Roots And Bypasses Write Protection On Moto X, Droid Ultra, Mini, And Maxx, Makes Flashing Custom ROMs A Reality
That didn't take long. Just 2 days after Justin Case released a root method for the Moto X, Droid Ultra, Droid Mini, and Droid Maxx, he's already back with a hack that bypasses write protection. By disabling the write protection afforded by the bootloader, it becomes possible to flash 3rd-party ROMs, themes, and other mods. In other words, the flood gates are open for the modding community.
Much like MotoRoot, PwnMyMoto is packaged as a single app that must be sideloaded with adb. After running it and waiting through 2-3 reboots, your phone will be set up to boot into either the standard write-protected mode (recommended for daily use) or with write protection disabled.
Read MoreThe Best Of AP
[Security] Firefox For Android Can Be Tricked Into Automatically Downloading And Executing Malicious Code
A very serious security hole has been discovered in Firefox for Android that allows a website to force the browser to download and run potentially damaging files, usually without the user's knowledge or interaction. The vulnerability was first described and demonstrated publicly on September 9th as part of a posting meant to advertise the attack as being for sale. The method for exploiting the weakness simply requires a webserver to instruct Firefox for Android to initiate a download, after which the downloaded file is automatically opened or executed (depending on the file type).
Here's a demonstration using an apk crafted to look like an update to Firefox:
While the demo video above uses an apk and relies on a user being tricked into installing it, the potential vectors of attack aren't restricted simply to apks and can possibly leverage other weaknesses on a device.
Read More
Second "Master Key" Style APK Exploit Is Revealed Just Two Days After Original Goes Public, Already Patched By Google
Hot on the heels of Bluebox's disclosure of the "Master Key" exploit, a Chinese blog has posted details of a similar vulnerability. This attack also sidesteps a bug in the signature verification step and allows seemingly innocent APKs to include a potentially dangerous payload; and like its brethren, Google has already patched the flaw and posted it to the Android Open Source Project (AOSP). The information comes to us from a China-based group (or possibly individual) calling itself the Android Security Squad. The original post is in Chinese, but a vaguely comprehensible translation can be had thanks to Google.
Read MoreLatest Deals
-
10
[Free Alert] Ariana Grande and The Beach Boys albums are gratis on Google Play Music (probably US-only)
-
11
35 temporarily free and 77 on-sale to kick off the weekend, including some Asmodee titles
-
22
[Update: Note8 $300 off] Deal alert: Get a Verizon Galaxy S9 for $520 ($200 off) or S9+ for $640 ($200 off) from Samsung
-
9
33 temporarily free and 38 on-sale apps and games for Wednesday, including Evoland 2
-
25
[Update: It's back] Deal alert: LG V30S ThinQ drops to just $600 ($330 off) at B&H
-
10
Latest Poll
Loading ...Recent Reviews
-
27
Acer Chromebook Spin 11 (2018) review: Costs too much for what you get
-
4
Wearable widgets turns your phone's app widgets into Wear OS watch face complications
-
56
Moto G6 review: A predictably good value
-
133
HTC U12+ review: No buttons, no sale
-
25
Cielo Breez review: Smartening up your air conditioner, the easy way
-
27
Latest Roundups
-
1
13 new and notable (and 1 WTF) Android apps and live wallpapers from the last two weeks including Google Podcasts, Adobe Spark Post, and IGTV (6/10/18 - 6/23/18)
-
5
[Bonus Round] Toca Mystery House, King and Assassins, Suzy Cube, The Franz Kafka Videogame, Gorogoa, and One Line
-
16
20 of the best keyboard compatible Android games for Chrome OS
-
7
21 new and notable Android games from the last week including ARK: Survival Evolved, Bloons TD 6, and Silly Walks (6/11/18 - 6/16/18)
-
2
24 new and notable Android games from the last week including Eden Obscura, Deep Space, and Make Squares (6/4/18 - 6/10/18)
-
1
Recent Apps and Games
-
4
Microsoft Outlook now lets you block external images
-
1
13 new and notable (and 1 WTF) Android apps and live wallpapers from the last two weeks including Google Podcasts, Adobe Spark Post, and IGTV (6/10/18 - 6/23/18)
-
1
Google app v8.9.9 beta prepares search bar for settings and corrects mismatched Podcast icon [APK Teardown]
-
11
35 temporarily free and 77 on-sale to kick off the weekend, including some Asmodee titles
-
50
Bethesda lawsuit says Westworld game stole Fallout Shelter code, even has the same bugs
-
4
Blast from the Past
-
13
1 Year Ago Today
IFTTT updated with more than 30 new data sources, Google Photos support, and VoIP
-
628
2 Years Ago Today
Exclusive: specs for "Sailfish" - the smaller of two upcoming HTC-built Nexus devices
-
64
3 Years Ago Today
Someone Got Android 1.6 Running On A Texas Instruments Graphing Calculator, OnePlus One Owners Feel Strangely Jealous
-
132
4 Years Ago Today
[Update x2] UpgradeSwap Has Stopped Buying Used T-Mobile Phones, And You Probably Should Too
-
20
5 Years Ago Today
Lyrics Provider TuneWiki Shutting Down On June 28th After More Than 10 Million Google Play Downloads
-
1
6 Years Ago Today
Official Wimbledon App Brings Live Tennis Commentary, Photos, And More To The Play Store
-
5
7 Years Ago Today
Galaxy Tab 10.1 Overclocked To A Stable 1.4GHz 2 Days After Kernel Source Release (Thanks, Samsung!)
-
72
8 Years Ago Today
Latest Nexus One Froyo ROM Leak: FRF83
-
13
