Skype released an update to its Android app this morning, remedying the vulnerability which exposed tons of personal info that we revealed last week. Our own Justin Case who originally found the issue has taken a look at the updated version of the app and confirmed that the exploit he developed to demonstrate the vulnerability no longer functions.
Specifically, Skype has changed the permissions of the databases (which contain the personal information) in question. Read More
Update #1: Skype is investigating the issue, we've been told.
Update #2: Skype's official first response can be found here.
The safety of our personal information is often a concern of mine - who has my email address, my phone number, my date of birth? How can I keep my private information safe while still enjoying the internet? These concerns have prompted me to take a deeper look at Android apps more than once, and often this can yield some frightening information. Read More
With a great plugin comes great responsibility - to avoid malicious Flash files, that is. A zero-day exploit has been discovered in Adobe Flash that affects all Android versions of the software, Adobe announced today.
The most common vessel for the exploit is (fortunately) a Microsoft document (.doc) email attachment with an embedded Flash file (.swf) - and I'm not aware of any Word document viewers/editors in Android that support embedded Flash. Read More
With all of the recent concern about malware in the Android Market, it may lead one to make the generalization that the Android OS is nothing but a big loser in the mobile security department. It looks like that may be a faulty conclusion, if the results from hacking competition Pwn2Own are any indication. In this year's contest, held at the CanSecWest Security Conference, Android and Windows Phone 7 both survived unscathed, while iOS and Blackberry fell to the hackers. Read More
It seems evil-doers' depravity knows no bounds: we've just heard word from Symantec that an infected version of Google's Android Market Security Tool March 2011 is floating around the "black markets" - meaning it's not in the Android Market, but it is floating around the 'net in APK form. Luckily, it's not nearly as bad as DroidDream (the malware it was designed to remove), but it's malware nonetheless.
Specifically, Justin says it's closely related to (or possibly the same as) "Fake 10086" malware. Read More
Google has responded to the alarm raised by an Android security expert of a bug related to the Android Market that could have caused a lot of trouble. The security hole was related to the recent implementation of the Android Web Market, and would have given hackers the ability to install malicious software fairly easily.
Co-founder and chief technology officer at Duo Security Jon Oberheide discovered the flaw last month and notified Google, who fixed it within "the last week or so." Users would have merely had to click on a malicious link on either their phones or on their desktops to activate the unwanted installation of rogue software. Read More
Google continues to be admirably quick to react to DroidDream, the nasty Android Trojan we helped uncover on Tuesday. After removing the offending apps from the Market in just a few minutes of finding out about them, a new post on the Google Mobile Blog reveals that they're now ready to take further steps.
Update: After having a back and forth with Android Security, there's some disagreement as to just how malicious these apps we linked in this post are. We may have jumped the gun here, so hold tight, and we'll keep you informed.
First off, no, we're not trying to be sensationalist. And I'll admit up front that we're a bit light on details at the moment, but we've got a guy who is a professional, seasoned coder, and that's not the type of guy whose opinion you ignore. Read More
Wow - from our perspective, it's almost like the world exploded overnight. We have more information and details on the virus - which Lookout has named "DroidDream" (the word was consistently used in package names by the malware developers) - and some updates on where things stand. Read More