The conventional wisdom is that limiting your app downloads to the Play Store will help you avoid malware. That's true for the most part, but every now and then we hear about something sketchy that fell through the cracks. For instance, the security firm Check Point says that a number of "game guide" apps in the Play Store were hiding malicious code, and they may have accumulated millions of downloads. Read More
Google is pushing out a new version of the Play Store for Android users around the world. Like most updates to this version, there really aren't any notable changes showing up already, but there are a few interesting things hidden beneath the hood. There are some new features focused on improving security for apps that are updated from unexpected sources and making its security scanner more visible to users. There's also a plan to move notification settings to their own dedicated screen. Read More
An unusually advanced strain of malware was discovered on iOS last year, dubbed Pegasus by Lookout and other security firms that analyzed it. Now, an Android version of Pegasus has been discovered. The new malware is known as Chrysaor, and a full analysis of its origins and capabilities has been published by Google and Lookout. It's a serious piece of malware, but you don't have to worry about it showing up on your phone. Read More
You know what's great? Having lots of streaming content available on your TV. What's not so great is when your quest to stream content results in ransomware bricking your TV. One fellow on Twitter shared the story of an LG TV that caught some nasty malware, and now it's apparently useless. Perhaps technology has gone too far. Read More
Blu took a substantial hit last month when security firm Kryptowire discovered a pre-installed service on several of the company's phones was sending users' data to a server in China. The offending service was part of the OTA update module provided by third-party company Adups. Blu has now promised to get rid of the Adups software after previously neutering it. Read More
The battle against Android malware is ongoing, but it's a big world and Android is everywhere. It presents a tempting target for criminals, and the Gooligan malware is just the latest attempt to make a buck off the trusting nature of smartphone users. This attack has compromised more than a million phones in the last few months, and as many as 13,000 new infections are occurring each day. The goal is not to steal your data (although that can still happen), but to make you download apps in an advertising fraud scheme. Read More
Google's Safe Browsing feature has been around since 2007, and has protected millions of people from harmful threats on the internet. It's a blacklist of harmful websites, such as those distributing malware and phishing scams, that Google actively updates every day. The database is used by Chrome, Firefox, and even Safari to ensure users can be as safe as possible online.
Back at Google I/O, Google announced they would make an official API for applications to check a given website in the Safe Browsing database. Starting with Google Play Services 9.4, developers can finally use the API in their apps.
The Safe Browsing API uses the latest version of the Safe Browsing Network Protocol, meaning it's designed to be as quick (and use up as little cellular data) as possible. Read More
Ransomware is one of the nastier types of malicious software to emerge in the last few years. It's not exclusive to mobile, but the basic gist is that it locks down either specific files or an entire machine until the user sends money to a shady, untraceable online account to get their digital life back in order. The combination of easily-exploited security vulnerabilities, relatively small payments spread out over thousands of devices, and users reliance on their phones or computers has proven incredibly lucrative for malware developers. Read More
We occasionally see apps pulled from the Play Store for trivial (but valid) violations of the rules. Google has been more proactive about enforcing its guidelines, but it's often pointed out it could be more consistent. Case in point: there are, right now, two listings on the Play Store from a warez site called BlackMart that offers paid apps for free. One of them has been up for months and has more than 100,000 downloads. C'mon, Google. Read More
Google has released its second Android Security Annual report, and it's full of big, impressive numbers. The full report is 49 pages long and covers the state of Android security in detail, but the basics are covered in Google's latest blog post. The gist is, Google scans all the things to keep Android users safe. We're talking about billions of apps; the Verify Apps service sure is working overtime. Read More