Android Police

Articles Tagged:

security

...

Don't panic: Emails about Samsung Email accessing your Gmail are legit, Samsung is working on a fix

If you own a Samsung phone, you may have been confused by an email Google sent out today regarding the Samsung Email app. Users were told that the app, submitted by an "unverified developer," was granted access to their Google account and was authorized to "read, compose, send, and permanently delete" any message within their Gmail account. The good news is that Samsung is aware of the issue: it is advising its customers to not act on the alert.

Read More
...

Fake Google Wallet is being granted access to Google Accounts

Back in January, Google simplified its payment offering by merging Android Pay and Google Wallet into Google Pay. The new appellation made it simpler for users to manage their payments, thanks to a unified platform allowing them to pay with their phone, but also online using their browser. Despite this move, the defunct service seems to be coming back to life, in a rather intriguing manner. Indeed, several users have reported receiving notifications mentioning Google Wallet was granted access to their Google account.

Read More
...

Google is rolling out a new 2-step verification screen and expanded Bluetooth security key support

The internet is a rough-and-tumble place, full of sketchy characters who would love to dig through your online accounts. The best way to prevent that is with 2-step verification (also called 2-factor authentication), and Google is making it easier to use that on Google G Suite accounts. The browser UI is getting an update, and support for Bluetooth security keys is expanding.

Read More
...

Facebook reportedly stored hundreds of millions of user passwords in plaintext - for years

Today, Krebs on Security has revealed that Facebook was storing between 200 and 600 million Facebook users passwords in plain text, going back to as early as 2012. While Facebook claims to have found no indication that the passwords were abused, an insider speaking to Krebs on Security claims around 2,000 developers made around 9 million queries against the logs, returning data which contained these plain text passwords.

Read More
...

Android Q won't let apps turn Wi-Fi on and off, potentially crippling apps like Tasker

Android is known and loved for the extensive amount of automation and customization that can be achieved through its APIs. One of those is giving apps the ability to turn on and off Wi-Fi without user input. Tasker and IFTTT are major beneficiaries of this capability, but there is always malware that could abuse access to that system feature. To prevent that, Android Q will cut off apps' access to Wi-Fi settings.

Read More
...

Android Q steps up the fight against overlay-based malware

One of the bigger developer-facing changes we've spotted in Android Q is a mild deprecation of the SYSTEM_ALERT_WINDOW permission which controls overlays. (Think Facebook's chat heads or those Pokémon Go stats apps and you should get the idea.) Sideloaded apps on Android Q will see that permission revoked after 30 seconds, Play Store apps on Q will see it revoked on reboot, and the permission is being taken away entirely on the "Go" version of Android Q.

Read More
...

[Update: Gearbest responds] Gearbest reportedly left its main database unsecured, payment information and other customer data easily accessible

Gearbest is a massive online store, primarily specializing in Chinese products. In the Android community, Gearbest is known as one of the easiest ways to purchase devices from Xiaomi and other Chinese brands in the United States. If you've purchased something from Gearbest in the past, you might want to start changing your credit cards the company's main database was found to be completely unsecured.

Read More
...

Rogue adware SimBad found in the Play Store, over 200 affected apps with 150+ million downloads removed

Another day, another security problem. This time, we have what's been dubbed SimBad by the Check Point research team, a rogue adware campaign found to affect over 200 now-removed apps in the Play Store — these apps together accounted for over 150 million downloads. It shows out-of-context ads, exposes users to other malicious apps, and can even open a URL in the browser without the user's consent.

Read More
...

Samsung Galaxy S10 face unlock can be fooled by a photo, video, or even your sister

Samsung's latest Galaxy S10 might be our favorite phone right now, but you might want to be a little bit careful when it comes to setting up lockscreen security on it. Right now, you can fool it with a video of yourself played back on another phone, or even just a photo. In at least one case, even siblings have been able to trick it.

Read More
...

Update your browser right now: Google releases fix for zero-day exploit in Chrome

Another day, another major security hole is found in a widely used piece of software. This time around, a flaw in Chrome's implementation of the FileReader API allowed sites to break out of their sandbox and execute native code. To make matters worse, Google said the exploit was being actively used before the company fixed it.

Read More