Android Police

Security

...

Facebook reportedly stored hundreds of millions of user passwords in plaintext - for years

Today, Krebs on Security has revealed that Facebook was storing between 200 and 600 million Facebook users passwords in plain text, going back to as early as 2012. While Facebook claims to have found no indication that the passwords were abused, an insider speaking to Krebs on Security claims around 2,000 developers made around 9 million queries against the logs, returning data which contained these plain text passwords.

Read More
...

Android Q steps up the fight against overlay-based malware

One of the bigger developer-facing changes we've spotted in Android Q is a mild deprecation of the SYSTEM_ALERT_WINDOW permission which controls overlays. (Think Facebook's chat heads or those Pokémon Go stats apps and you should get the idea.) Sideloaded apps on Android Q will see that permission revoked after 30 seconds, Play Store apps on Q will see it revoked on reboot, and the permission is being taken away entirely on the "Go" version of Android Q.

Read More
...

[Update: Gearbest responds] Gearbest reportedly left its main database unsecured, payment information and other customer data easily accessible

Gearbest is a massive online store, primarily specializing in Chinese products. In the Android community, Gearbest is known as one of the easiest ways to purchase devices from Xiaomi and other Chinese brands in the United States. If you've purchased something from Gearbest in the past, you might want to start changing your credit cards the company's main database was found to be completely unsecured.

Read More
...

You can revoke permissions for older apps in Android Q before installing them

Android used to be the Wild West when it came to permissions: Apps would tell you what parts of your phone they needed access to before you installed them, and you could either accept that or not use the app at all — it was an all-or-nothing deal. Over the years, Google got its act together and realized that wasn't the best approach (overshooting the mark at times). Android Q steps up that game for apps that still rely on this old API, asking users to choose which permissions to grant before starting these apps for the first time.

Read More
...

Rogue adware SimBad found in the Play Store, over 200 affected apps with 150+ million downloads removed

Another day, another security problem. This time, we have what's been dubbed SimBad by the Check Point research team, a rogue adware campaign found to affect over 200 now-removed apps in the Play Store — these apps together accounted for over 150 million downloads. It shows out-of-context ads, exposes users to other malicious apps, and can even open a URL in the browser without the user's consent.

Read More
...

Samsung Galaxy S10 face unlock can be fooled by a photo, video, or even your sister

Samsung's latest Galaxy S10 might be our favorite phone right now, but you might want to be a little bit careful when it comes to setting up lockscreen security on it. Right now, you can fool it with a video of yourself played back on another phone, or even just a photo. In at least one case, even siblings have been able to trick it.

Read More
...

Android's FIDO2 certification could mean less password-entry for websites and apps

IT Security is an ever-evolving field – or a game of cat-and-mouse, if you'd rather –  with either new or improved standards to make sure we keep our data safe. One of the more recent developments has been the FIDO2 initiative, which promises secure access to websites and applications without the strict need for passwords. And one of the announcements coming out of MWC this year is that Android is now FIDO2-certified.

Read More
...

Why Samsung using ultrasonic tech for the Galaxy S10's in-screen fingerprint scanner matters

Samsung has just announced its latest super-duper flagship phone, and among the new features it boasts is the world's first commercial ultrasonic fingerprint sensor under a display. We've seen other in-display scanners on phones from the likes of OnePlus and Huawei, but they use optical technology instead. This new ultrasonic method is supposed to be better in more ways than one — let's take a look at why.

Read More
...

Google bans 29 beauty camera apps from the Play Store that steal your photos

Security firm Trend Micro has discovered 29 malicious beauty camera apps that aim to phish user traffic and steal your photos. The apps have already been removed by Google from the Play Store, but only after accumulating millions of downloads.

Once installed, some of the apps would load up full-screen advertisements for fraudulent or pornographic content each time the device is unlocked, and some of the apps would forward users to phishing websites to steal their personal information.

Read More
...

Chrome OS to require authentication to view saved passwords

Google talks a big game about Chrome OS's security versus other operating systems. One area where it falls short, though, is keeping your passwords safe from the prying eyes of those around you. On competing operating systems like Windows and macOS, viewing saved passwords requires first entering your device password; not so on Chrome OS. That could soon be changing, though, according to a recent commit on the Chromium Gerrit.

Read More