Android Police

Articles Tagged:

flaw

...

WhatsApp vulnerability could be used to spread fake news and scam users

Cybersecurity researchers from Check Point have unearthed a vulnerability in WhatsApp that could allow attackers to trick users by intercepting messages and editing the content. This opens up the possibility of scamming people and spreading misinformation.

Read More
...

Facebook Patches Privacy Flaw In Pages Manager For Android

Over the weekend, Android Police received a tip about a serious privacy hole in Facebook Pages Manager for Android that made some privately uploaded photos public. Shortly after I made the details of the issue public, Facebook Security got in touch and let us know that its engineers were looking into the report and trying to get a fix up soon.

image

At 4:19pm PT today, I received a follow-up email from Facebook Security that confirmed a fix had been rolled out server-side, and no app update was necessary. The issue was introduced about a week prior, and the company promised to conduct a thorough internal review to investigate how it could have happened and how it could prevent similar issues in the future.

Read More
...

Serious Privacy Flaw In Facebook Pages Manager For Android Exposes Private Pictures For Everyone To See [Updated]

Stop me if you've heard this one before: Facebook has a privacy hole that exposes private information to the public. And it's a serious one, this time in Facebook Pages Manager for Android, which has been installed over 5 million times since January of this year. Let me explain.

Update 5/26/13 11:30pm PT: Rory from Facebook Security has informed me that the company is looking into the issue and "will try to get a fix up soon."

Update 5/27/13 06:28pm PT: Facebook patched the issue.

The Flaw

graphic

Yesterday, Android Police reader Joann MacDonald tipped us off to a critical bug in the aforementioned application created by Facebook to help Facebook Page admins manage their Pages.

Read More
...

PSA: LG Intuition's Latest Update Wreaking Havoc, Should Be Avoided For Now

Owners of LG's Verizon-connected Intuition (otherwise known as the Optimus Vu) would be well-advised to avoid an update that began rolling out recently. The short version of this story is that the update is wreaking havoc on handsets –users who have already accepted the update are reporting constant app errors, an inability to connect to the Play Store, camera/gallery failure, and more. You can read users' impassioned responses to the flawed firmware here, here, and here.

Untitled-2

It should be noted that although some users report total loss of photos and contacts, user files should still be present on the device.

Read More
...

Sony Forced To Halt Sales Of The Xperia Tablet S Due To A Manufacturing Flaw, Turns Out It Isn't 'Splash-Proof' After All

Just a month after releasing its new 'durable and splash-proof' Xperia Tablet S, Sony has found that some units have gaps between the screen and the aluminum case, making them particularly vulnerable to water damage.

The issue has been caused by a manufacturing flaw at the Chinese plant where the tablet is produced, and as a result, Sony has chosen to temporarily stop selling the device until the problem can be resolved.

Although the Japanese company is trailing behind competitors, such as Samsung, in the tablet market, 100,000 units of the Xperia Tablet S have already been sold across Japan, Europe, and the United States.

Read More
...

[Poll] Is The One S' Micro-Arc Oxidation Ceramic Surface Failing? Users Report Unsightly Chipping [Update: More Information]

Update: According to The Verge, HTC has indicated that it's "aware of the reports," and is currently investigating the situation. Stay tuned for further info.

Update 2: Turns out that HTC is ready to make good on this issue, but only by telling customers to return their chipped phone to the store from which it was purchased and get a replacement. If, however, you'd rather send it off to HTC to be repaired, that's always an option. Below is HTC's official statement on the matter.

HTC is committed to delivering a high quality product and great experience for all our customers.

Read More
...

Design Flaw In Android Could Allow For Phishing Attempts And Pop-Up Ads

Every year, Defcon brings about some new concepts, hacks, vulnerabilities, and other digital tomfoolery. Sometimes it's all in good fun, but other times it's all too scary, which happens to be the case with a new class of Android malware that could allow for phishing attacks and pop-up ads alike.

Thanks to a design flaw in Android, there is a "feature" that allows an application to steal focus and pull itself into the foreground, bypassing the notification system entirely. Even more, the app can disable the use of the 'back' button to return the previously opened application, nearly locking you in to its interface.

Read More
...

[Updated] Exclusive: Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More

Update #1: Skype is investigating the issue, we've been told.

Update #2: Skype's official first response can be found here.

The safety of our personal information is often a concern of mine - who has my email address, my phone number, my date of birth? How can I keep my private information safe while still enjoying the internet? These concerns have prompted me to take a deeper look at Android apps more than once, and often this can yield some frightening information.

On April 11, a leaked version of Skype Video hit the web and, having a Thunderbolt, I had to try it.

Read More
...

Critical Security Vulnerability In Flash For Android (And Every Other OS) - In Other News: Sky Still Blue, Grass Still Green

Adobe announced a "critical vulnerability" in the Flash 10.1 platform for all OS's, including Android, yesterday. While this is an extremely common occurrence (I use it to mark the new moon), it is a little troubling to know that Adobe's infamously-insecure plug-in could be giving evil-doers unsolicited access to Android devices running Flash.

While Adobe was not clear on exactly what malicious activity the exploit could allow on Android devices, the typical "control of a user's system" language is used when describing the implications of the problem. Here's Adobe's full release on the issue, which they hope to resolve by September 27th:

Security Advisory for Flash Player

Release date: September 13, 2010

Vulnerability identifier: APSA10-03

CVE number: CVE-2010-2884

Platform: All

SUMMARY

A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android.

Read More