Piracy is a major issue for Android, and even more so for Android developers, which is why Jelly Bean introduced App Encryption. But this may be a case of the cure being worse than the disease: hundreds of developers of paid apps have chimed in on a Google Code thread, claiming that the encryption (or more accurately, the location of installed and encrypted apps from the Google Play Store) makes their apps entirely unusable, as account information and other stored data is removed after a device reboot. Read More
If you're serious about security on your Android phone or tablet, you probably know that the Face Unlock feature introduced in Ice Cream Sandwich is a long way from secure. While Google didn't make any claims to the contrary, it looks like the extra "Liveness check" (which requires the user to blink after the initial scan) is almost as susceptible. A group of YouTube users demonstrated how to get past the check with a photo taken off of Facebook and just a few minutes of Photoshopping. Read More
Over at Black Hat USA 2012, security researcher Ralf-Phillip Weinmann demonstrated a vulnerability in several Android devices that utilized A-GPS to send illicit messages to the device which could, he explained, be used to send a report of the device's location any time an A-GPS message was sent or even be used to gain complete control of the device.
In describing the attack, Weinmann pointed out that, for example, a malicious WiFi network could instruct a phone to relay all future A-GPS requests, even once the device has left the WiFi network's range. Read More
We've all read the horror stories: a new virus is crawling through the third-party stores, aiming to steal your personal information, identity, and first born child. More often than not, this type of malicious app is made possible because of one of the various root vulnerabilities that have been discovered throughout the various versions of Android.
X-Ray is a new app that lets you see exactly how vulnerable your device is by scanning it against several of these exploits, including RageAgainstTheCage, Gingerbreak, Mempodroid, Levitator, and a few more. Read More
The Galaxy S III on Sprint has been seeing a considerable amount of update action in the short time since it's been released. Back on June 29th, the device saw a security update and now, according to Sprint's community website, a second "Google security updates" OTA software patch is headed to the device.
The carrier hasn't offered any details on what the update fixes, beyond that today's update is Google-related, while the previous update is just a generic security update. Read More
Xuxian Jiang, along with his research team at North Carolina State University, has cooked up a proof-of-concept "clickjack rootkit" which targets Android. The rootkit is unique not only in that it can function without a device restart, but also in that it targets Android's framework, not requiring deep modifications to the underlying firmware or kernel.
Clickjacking, for those unfamiliar, is a malicious technique typically used on the web to "trick" users into handing over control of their device or confidential information. Read More
We at Android Police take our mobile security pretty seriously. It's in the job description. Entering the realm of mobile security today is yet another contender on the good side of the battle: VirusTotal has released its client for Android. Prior to this, VirusTotal was a simple website where you can upload suspicious files to be scanned by a multitude of antivirus engines. Having provided this desktop OS-oriented service for several years now, VirusTotal has brought its experience and expertise to mobile. Read More
The Google Play Store's "Bouncer," which Google launched back in February to protect Android users from malicious apps, is a service that scans potential Play Store apps by running them in a virtual phone environment, where the app's activities are monitored for any signs of mal-intent.
Taking advantage of that test period, security researchers Charlie Miller and Jon Oberheide have evidently found ways past Bouncer (which they will be presenting at the Summercon conference in New York this week). Read More
Who uses WhatsApp Messenger? From The look of the Play Store listing, a damn lot of people. Considering it's so popular, it's probably a pretty secure app, right? Think again.
WhatsApp actually sends all chats in plaintext, so anyone on the same Wi-Fi network can easily pull your entire conversation - including pictures and videos - straight out of the air. And now, that process is even easier than ever thanks to a new app called WhatsAppSniffer. Read More
While not everyone who owns an Android device roots, the Android modding community is at the very heart of everything we love about our little green buddy. Security researcher Dan Rosenberg recently gave a presentation where he elaborates on root and modding methods, as well as expounding on the security implications of modding Android phones.
Rosenberg also had quite a lot to say about how carriers influence the Android landscape. Read More