Android Police

Articles Tagged:

security

46

Carrier IQ Explains How Its Software Works, Implicitly Blames HTC For Insecure Log Files, Data Leak Exposed By Trevor Eckhart

Amid the turmoil surrounding Carrier IQ, the company's VP of Marketing, Andrew Coward, has come forward in a series of interviews with a few clarifications.

For those not in the loop, the controversy around Carrier IQ is based on developer Trevor Eckhart's findings which indicated that Carrier IQ's software was indeed collecting a vast array of information, and his demonstration showing that said data could be read using a simple command – one that could be executed by any malicious app with access to logcat.

Read More
26

Report: Security Vulnerability In Many Android Phones Allows Malicious Apps To Record Audio, Track Location, And More Without User Permission

According to a group of computer scientists at North Carolina State University, a vulnerability exists within many Android devices that would allow hackers (or malicious apps) to bypass the permissions request process and tap into audio and location, wipe apps and data, or send unauthorized SMS messages, all without the user knowing.

This news may sound a bit sensational, but the researchers have created and tested a dummy app which effectively demonstrates the exploit:

Among the eight phones tested with the researchers' diagnostic app (Woodpecker), HTC's Evo 4G seemed to be the most vulnerable, able to "leak" eight different capabilities to their dummy app, which was not explicitly granted appropriate permissions by the user.

Read More
17

Carrier IQ Drops Legal Threats, Apologizes To Developer Trevor Eckhart

Trevor Eckhart, a developer involved in uncovering a huge security vulnerability that affected several HTC devices, was recently threatened by Carrier IQ (CIQ), a company involved in gathering various forms of user data and sending it to carriers or manufacturers for analysis. For those who haven't  been following the story, here's what happened:

Trevor Eckhart found several training manuals on CIQ's website. These were publicly available. Trevor shared them with the community, explaining just how far-reaching CIQ's data collection practices are.

Read More
0

[Mobile Security App Shootout, Part 17] NetQin Security Pro Focuses On Anti-Virus Protection Over Anti-Theft, Still Makes A Capable Solution

Coming in at number seventeen in our shootout, NetQin Security Pro is a security app that offers a lot more than your average anti-theft protection, even if that means skimping a little on features that may help you recover your lost device.

At A Glance

First, I want to comment on NetQin's design. The app's overall appearance is clean, and relatively well thought out. The main screen gives you access to all the app's main features, and the layout makes it virtually impossible to misstep.

Read More
105

[Updated x4: Issue Fixed] Privacy Advisory: Dolphin HD Sends URL Of Every Page You Visit To A Remote Server (In Plain-Text)

Hot on the heels of the previous privacy/security advisory about A.I.type Keyboard sending your keystrokes to the cloud in plain-text, some of our commenters pointed out another, much more popular app that does something similarly privacy-invading.

Description

As it turns out, Dolphin HD, one of the top browsers the Android platform has to offer, sends pretty much every web page url you visit, including those that start with https, to a remote server en.mywebzines.com, which belongs to the company.

Read More
40

[Updated x2] Security Advisory: A.I.Type Keyboard Sends All Your Keystrokes To Their Servers In Plain-Text - Sometimes You Can't Trust The Cloud

One of the features that really differentiates Android from other mobile operating systems is the ability to install a custom keyboard that works for you. I constantly keep jumping between a variety of keyboards as new updates come out (right now I've settled on SwiftKey due to its unparalleled prediction technology), but when some of our readers pointed out A.I.type Keyboard's "psychic" word completion, I had to check it out.

Read More
29

[Updated] Carriers Sending Out An OTA Update To Fix Massive Security Flaw In Several HTC Devices

At the beginning of the month, we broke the news about a huge security vulnerability in several HTC phones, including the Thunderbolt, EVO 3D, EVO 4G, and possibly more. Not long after word of this issue hit the 'net, HTC issued a response acknowledging it, as well as promising to deliver a patch to correct it. Looks like they are making good on that promise now, as several HTC devices are currently receiving an OTA update to correct this vulnerability.

Read More
25

Ice Cream Sandwich Feature Closer Look - Face Unlock Keeps Prying Eyes From Your Phone Like Never Before

If you find PIN codes or gesture patterns too predictable to keep your phone secure, Ice Cream Sandwich has the ultimate solution: face unlock.

10-18-2011-7-35-12-PM_thumb

Face unlock utilizes your phone's front-facing camera to "recognize" your face. If anyone else looks into the camera, they will be denied access. Simple as that. Not only is this a nice option to have for everyday use, but I could imagine it being integrated into mobile security apps as well, ensuring that no one but you could get into your phone and see potentially sensitive data.

Read More
7

HTC Security OTA Appearing On European Sensations [Update: And Now The GSM EVO 3D, Too]

Originally Posted October 12th.

It's been eleven days since Android Police published this story detailing the discovery by Trevor Eckhart of some serious security issues within HTC's more recent software. Three days after that HTC responded, and now, a further week or so later, we are seeing reports of an "important security update" being pushed to HTC Sensations throughout Europe.

image

Screencap by FG1234 of Android-Hilfe.de

While HTC does not specify exactly what the ~9 MB update addresses, the timing seems right to relate to the preceding story.

Read More
18

NSA And Google Developing Hardened Android Kernel For Government Communication; Will Be More Secure Than BlackBerry

This is a pretty wild piece of news. Google, George Mason University, and the NSA are working to make Android the most secure OS out there. They're developing a "hardened" kernel so Android can pass all the necessary red tape to be deployed for government use. By 2012 they expect Android to be good enough for classified communication, and eventually they'll hit a higher security clearance level than BlackBerrys. Poor BlackBerry, security was one of the last things they had left.

Read More