Cybersecurity researchers from Check Point have unearthed a vulnerability in WhatsApp that could allow attackers to trick users by intercepting messages and editing the content. This opens up the possibility of scamming people and spreading misinformation. Read More
Over the weekend, Android Police received a tip about a serious privacy hole in Facebook Pages Manager for Android that made some privately uploaded photos public. Shortly after I made the details of the issue public, Facebook Security got in touch and let us know that its engineers were looking into the report and trying to get a fix up soon.
At 4:19pm PT today, I received a follow-up email from Facebook Security that confirmed a fix had been rolled out server-side, and no app update was necessary. The issue was introduced about a week prior, and the company promised to conduct a thorough internal review to investigate how it could have happened and how it could prevent similar issues in the future. Read More
Stop me if you've heard this one before: Facebook has a privacy hole that exposes private information to the public. And it's a serious one, this time in Facebook Pages Manager for Android, which has been installed over 5 million times since January of this year. Let me explain.
Update 5/26/13 11:30pm PT: Rory from Facebook Security has informed me that the company is looking into the issue and "will try to get a fix up soon."
Update 5/27/13 06:28pm PT: Facebook patched the issue.
Yesterday, Android Police reader Joann MacDonald tipped us off to a critical bug in the aforementioned application created by Facebook to help Facebook Page admins manage their Pages. Read More
Owners of LG's Verizon-connected Intuition (otherwise known as the Optimus Vu) would be well-advised to avoid an update that began rolling out recently. The short version of this story is that the update is wreaking havoc on handsets –users who have already accepted the update are reporting constant app errors, an inability to connect to the Play Store, camera/gallery failure, and more. You can read users' impassioned responses to the flawed firmware here, here, and here.
It should be noted that although some users report total loss of photos and contacts, user files should still be present on the device. Read More
Just a month after releasing its new 'durable and splash-proof' Xperia Tablet S, Sony has found that some units have gaps between the screen and the aluminum case, making them particularly vulnerable to water damage.
The issue has been caused by a manufacturing flaw at the Chinese plant where the tablet is produced, and as a result, Sony has chosen to temporarily stop selling the device until the problem can be resolved.
Although the Japanese company is trailing behind competitors, such as Samsung, in the tablet market, 100,000 units of the Xperia Tablet S have already been sold across Japan, Europe, and the United States. Read More
Every year, Defcon brings about some new concepts, hacks, vulnerabilities, and other digital tomfoolery. Sometimes it's all in good fun, but other times it's all too scary, which happens to be the case with a new class of Android malware that could allow for phishing attacks and pop-up ads alike.
Thanks to a design flaw in Android, there is a "feature" that allows an application to steal focus and pull itself into the foreground, bypassing the notification system entirely. Even more, the app can disable the use of the 'back' button to return the previously opened application, nearly locking you in to its interface. Read More
Update #1: Skype is investigating the issue, we've been told.
Update #2: Skype's official first response can be found here.
The safety of our personal information is often a concern of mine - who has my email address, my phone number, my date of birth? How can I keep my private information safe while still enjoying the internet? These concerns have prompted me to take a deeper look at Android apps more than once, and often this can yield some frightening information.
On April 11, a leaked version of Skype Video hit the web and, having a Thunderbolt, I had to try it. Read More
Adobe announced a "critical vulnerability" in the Flash 10.1 platform for all OS's, including Android, yesterday. While this is an extremely common occurrence (I use it to mark the new moon), it is a little troubling to know that Adobe's infamously-insecure plug-in could be giving evil-doers unsolicited access to Android devices running Flash.
While Adobe was not clear on exactly what malicious activity the exploit could allow on Android devices, the typical "control of a user's system" language is used when describing the implications of the problem. Here's Adobe's full release on the issue, which they hope to resolve by September 27th:
Security Advisory for Flash Player
Release date: September 13, 2010
Vulnerability identifier: APSA10-03
CVE number: CVE-2010-2884
A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android.