XDA News Articles

Mathew Brack · Mar 10, 2015

BlueBox Security Vs Xiaomi, Who is in the Wrong?

Several days ago security firm BlueBox released a worrying report highlighting security flaws and privacy concerns with Xiaomi's Mi 4 phone, however several points in the article gave cause for concern that the device in question was not in fact a legitimate product. This doubt causes more concerns than the initial claim itself. The initial report stated several key points: "Our first test was to determine the authenticity of the Xiaomi Mi 4 LTE we had acquired. Determining whether our Mi 4...

Mario Tomás Serrafero · Mar 3, 2015

Cross-Platform Encrypted Messaging with Signal 2.0

Privacy and security are two increasingly important factors in today's globalized world, and with the surge of internet spying by government agencies and third parties, wiretaps are an everyday thing that don't just concern James Bond anymore. Encryption made its way to the semi-mainstream messaging world with the Telegram platform, but while millions flocked to it, it is still clear that convenience beats privacy for most of smartphone users. After all, with the huge user bases boasted by Whatsapp and the...

Mathew Brack · Feb 12, 2015

Invoke Cerberus To Protect Your Phone From Thieves

Most of us have experienced that feeling at some point, you reach for your phone but it's not there. What follows is usually an increasingly rapid patting of all your pockets and a rising feeling of dread. Then you realize: the taxi, the restaurant, the man who bumped in to you earlier. Your phone could be anywhere now. In situations like this, you have several options to choose from, many of us will go down the route of: retrace your...

Pulser_G2 · Jan 12, 2015

Fingerprint Authentication – Just a Plain Bad Idea

A growing number of smartphones are adding fingerprint reading hardware, to attempt to add a differentiating factor in an increasingly crowded marketplace, and to attempt to offer users more convenient security features. The Motorola Atrix 4G stole the show at CES 2011, as the first modern smartphone to feature a fingerprint reader (there were previous generation Windows Mobile devices with fingerprint readers but these were never general consumer products). Since then, the Samsung Galaxy Alpha 4G, iPhone 5s, HTC One...

Diamondback · Jan 9, 2015

Signing Tool for Kindle Fire HDX Exploits Bootloader

What happens when an Android-related vulnerability is published on a website like the CodeAurora Forum? You got it! Security enthusiasts and Android developers around the world try to take advantage of the newly found problem to create an exploit, which can be used to gain advanced access to your device (such as root access or the ability to flash custom images). This is exactly what happened to CVE-2014-0973, a vulnerability in an Android Bootloader dubbed "Little Kernel (LK)". We will...

Jimmy McGee · Jan 1, 2015

Android Security Overview and Safe Practices for Web-Based Android Applications w/ Dario Incalza – XDA:DevCon 2014

So far, we’ve talked about many things while presenting the videos from XDA:DevCon 2014. We’ve talked about robotics with Android, Robotics and Vision Oh My! w/ Shane Francis, open source with AOSP for Sony Devices: Past, Present and Future w/ Alin Jerpelea and supporting users with Shoot Troubles, Not Users w/ Alex Boag-Munroe. However, all of this knowledge needs another piece to make a successful developers, and that is security. As a full-time Master student of engineering at the department of Computer Science at...

Tomek Kondrat · Nov 22, 2014

Detect, Avoid IMSI-Catcher Attacks with Android IMSI-Catcher Detector

Privacy is always an important topic, as well as a delicate one to cover. Corporations spend millions to provide the best security systems, which are then quite often cracked by hackers or security researchers. You might not be aware that some fake cell towers (a.k.a. IMSI-Catchers, StingRays, GSM Interceptors, Subscriber Trackers) can be used to track and monitor specific groups of users and even remotely manipulate a particular phone. Scary, right? Unfortunately, few parts of the world are free of...

jerdog · Nov 20, 2014

WhatsApp Decides to Protect Your Data

When Facebook bought WhatsApp for the absurdly large sum of $19bn back in February, they took the tech world by storm. $19bn for a FREE messaging app? A messaging app? Really? Soon afterwards, speculation began to grow about the real reason Facebook, a content marketing company at its core, bought the company and it's pretty clear: They wanted the wealth of personal information stored about the service subscribers. As it turns out, they weren't the only ones, as WhatsApp has...

Tomek Kondrat · Sep 20, 2014

Android L Will Have Data Encryption Turned On by Default

Android L, once it is eventually released, will feature data encryption turned on by default. This information has been revealed by Niki Christoff, spokeswoman for Google. And in doing so, the Mountain View company is joining Apple in the battle for user privacy and security. Data encryption is nothing new in Android, as it has been available on certain Android devices since 2011. With the upcoming Android L release, which should happen next month, Google will add procedures to make the encryption automatic. This means that...

Conan Troutman · Sep 13, 2014

Help Protect and Secure Your Sensitive Data With Droid Protector

Privacy and security are always a concern when it comes to mobile devices, and many of us probably have something or other stored or installed that we'd like to protect and keep from prying eyes or curious children. This can take the form of a certain app or set of applications that you don't want just anyone to be able to access, or even--dare I say it--some revealing photos that you no longer trust to the cloud. If that sounds at all...

Jimmy McGee · Aug 15, 2014

Blackphone Gets Rooted, Qualcomm Security Exploits Affect Moto X, Nexus 5, LG G2, and More! – XDA Developer TV

The "secure" Blackphone has been rooted! That and much more news is covered by Jordan when he reviews all the important stories from this week. Included in this week's news is the Qualcomm Security Exploit being demonstrated at Blackhat Conference and the article talking about Code Syntax Highlighting being enabled on the XDA Forums! That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA Developer TV. XDA Developer TV Producer TK...

Faiz Malkani · Aug 11, 2014

Qualcomm Security Exploit Demonstrated at Blackhat Conference

The annual Blackhat conference, now in its 17th year, took place in Las Vegas last week. The conference is an assembly of security-focused individuals at which a number of devices such as home automation systems, smart cars, etc are hacked, in addition to a line up of speakers discussing information security. This year's event turned out to be rather momentous with the SilentCircle's Blackphone being rooted by XDA Senior Recognized Developer jcase. Another interesting development was Dan Rosenberg's discussion, which popped...

Jimmy McGee · Aug 4, 2014

Verizon G Pad 8.3 Gets KitKat, Android Fake ID Vulnerability Fixed with Xposed – XDA Developer TV

Android 4.4.3 KitKat has been released for the Verizon G Pad 8.3! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this week's news is the article talking about getting Navigation on your Samsung Gear 2. Also, be sure the check out the article talking about the Android Fake ID vulnerability! That's not all that's covered in today's video! Jordan talks about the other video released this weekend on...

Tomek Kondrat · Aug 2, 2014

Fight off the Android Fake ID Vulnerability with Xposed

While Android is considered a pretty stable and safe operating system, there are some vulnerabilities that pop up from time to time. Some of them are pretty nasty, and force Google to release a minor revision to their OS. But developers here on XDA don't like to wait, so they often take matters into their own hands before Google officially addresses the problem. One of the recently discovered bugs is known as the Android Fake ID, and it has been present in...

Tomek Kondrat · Jul 19, 2014

Google Project Zero Aims to Keep the Internet Safe

Software is never completely secure. If you think otherwise, you are in for a rude awakening. Every now and then, hackers will find a way to take control of an app or expose private data--for money, fun, or fame. Motives varies, but these types of hackers are extremely talented, and often their potential is wasted to illegal activities. One of good guys in finding and neutralizing security flaws is Google. Current efforts have been focused mainly on their own products like Chrome OS or Chrome browser. But...

Jimmy McGee · Jul 18, 2014

Android Security Engineer Dario Incalza to Talk Android Security at XDA:DevCon 2014

We’ve already reported on two of the speakers scheduled for XDA:DevCon 2014. Sony’s Alin Jerpelea and Mozilla’s Alex Lakatos are joining us, as we go international with xda:devcon ’14. If you haven’t heard, it will be held in Manchester, UK on the weekend of September 26-28. Today, we are happy to announce another great speaker that will be at xda:devcon ’14. With many different governments spying on you, Android security is a big topic. So to cover the important information of...

Pulser_G2 · Jun 25, 2014

Exclusive: Android L to Add Granular Permissions Prompts

With the announcement of Android L now finished at Google I/O, there are still a number of unanswered questions as to what's actually likely to be coming in Android L. We mentioned some of the changes we know are coming earlier, as well as a bit more about the new design philosophy on the way, but there wasn't much detail given over some of the new changes. We've been taking a look to see what we could find, and XDA...

Will Verduzco · Jun 16, 2014

Application Signature Verification: How It Works, How to Disable It with Xposed, and Why You Shouldn’t

If you've ever tried to modify and reinstall a system application, you probably encountered application signature checks in one form or another. Either you removed the original app before proceeding, or you gave your modified APK another package name in order to get it to install without first removing the old application. And in either case, you also had to re-sign the application yourself in order to get it to install in the first place. You can get around all of these behaviors by temporarily...

Pulser_G2 · Jun 11, 2014

Protecting Your Privacy: App Ops, Privacy Guard, and XPrivacy

After yesterday's article about Google's recent changes to the Play Store that post a number of privacy concerns for users, today we are going to look at the three most popular options for users to protect their own privacy on their Android devices. First though, let's take a look at how they work, and what they are for. Why Should I Care? Since the start, Android has had a permissions system, to allow users to control what apps are able to do on...

Tomek Kondrat · Jun 6, 2014

Building an Android App? Protect Your User’s Private Application Data

A good developer is always concerned about the security of his/her users. Revealing your app's private data to the public is generally a bad thing, and should almost always be avoided. As such, there are various ways to strengthen your app's privacy, and every new method should be evaluated. Privacy protection is especially important with Android applications, as there are frequent reports of app-related phishing and similar shady activities. You application's private data can now be stored a bit safer, thanks to XDA Forum Moderator Jonny....