Amid the turmoil surrounding Carrier IQ, the company's VP of Marketing, Andrew Coward, has come forward in a series of interviews with a few clarifications.
For those not in the loop, the controversy around Carrier IQ is based on developer Trevor Eckhart's findings which indicated that Carrier IQ's software was indeed collecting a vast array of information, and his demonstration showing that said data could be read using a simple command – one that could be executed by any malicious app with access to logcat.
According to a group of computer scientists at North Carolina State University, a vulnerability exists within many Android devices that would allow hackers (or malicious apps) to bypass the permissions request process and tap into audio and location, wipe apps and data, or send unauthorized SMS messages, all without the user knowing.
This news may sound a bit sensational, but the researchers have created and tested a dummy app which effectively demonstrates the exploit:
Among the eight phones tested with the researchers' diagnostic app (Woodpecker), HTC's Evo 4G seemed to be the most vulnerable, able to "leak" eight different capabilities to their dummy app, which was not explicitly granted appropriate permissions by the user.
Trevor Eckhart, a developer involved in uncovering a huge security vulnerability that affected several HTC devices, was recently threatened by Carrier IQ (CIQ), a company involved in gathering various forms of user data and sending it to carriers or manufacturers for analysis. For those who haven't been following the story, here's what happened:
Trevor Eckhart found several training manuals on CIQ's website. These were publicly available. Trevor shared them with the community, explaining just how far-reaching CIQ's data collection practices are.
Coming in at number seventeen in our shootout, NetQin Security Pro is a security app that offers a lot more than your average anti-theft protection, even if that means skimping a little on features that may help you recover your lost device.
At A Glance
First, I want to comment on NetQin's design. The app's overall appearance is clean, and relatively well thought out. The main screen gives you access to all the app's main features, and the layout makes it virtually impossible to misstep.
As it turns out, Dolphin HD, one of the top browsers the Android platform has to offer, sends pretty much every web page url you visit, including those that start with https, to a remote server en.mywebzines.com, which belongs to the company.
One of the features that really differentiates Android from other mobile operating systems is the ability to install a custom keyboard that works for you. I constantly keep jumping between a variety of keyboards as new updates come out (right now I've settled on SwiftKey due to its unparalleled prediction technology), but when some of our readers pointed out A.I.type Keyboard's "psychic" word completion, I had to check it out.
At the beginning of the month, we broke the news about a huge security vulnerability in several HTC phones, including the Thunderbolt, EVO 3D, EVO 4G, and possibly more. Not long after word of this issue hit the 'net, HTC issued a response acknowledging it, as well as promising to deliver a patch to correct it. Looks like they are making good on that promise now, as several HTC devices are currently receiving an OTA update to correct this vulnerability.
If you find PIN codes or gesture patterns too predictable to keep your phone secure, Ice Cream Sandwich has the ultimate solution: face unlock.
Face unlock utilizes your phone's front-facing camera to "recognize" your face. If anyone else looks into the camera, they will be denied access. Simple as that. Not only is this a nice option to have for everyday use, but I could imagine it being integrated into mobile security apps as well, ensuring that no one but you could get into your phone and see potentially sensitive data.
It's been eleven days since Android Police published this story detailing the discovery by Trevor Eckhart of some serious security issues within HTC's more recent software. Three days after that HTC responded, and now, a further week or so later, we are seeing reports of an "important security update" being pushed to HTC Sensations throughout Europe.
Screencap by FG1234 of Android-Hilfe.de
While HTC does not specify exactly what the ~9 MB update addresses, the timing seems right to relate to the preceding story.
This is a pretty wild piece of news. Google, George Mason University, and the NSA are working to make Android the most secure OS out there. They're developing a "hardened" kernel so Android can pass all the necessary red tape to be deployed for government use. By 2012 they expect Android to be good enough for classified communication, and eventually they'll hit a higher security clearance level than BlackBerrys. Poor BlackBerry, security was one of the last things they had left.