POSTS TAGGED: security
Application Signature Verification: How It Works, How to Disable It with Xposed, and Why You Shouldn’t
Posted June 16, 2014 at 12:00 am by Will Verduzco
If you’ve ever tried to modify and reinstall a system application, you probably encountered application signature checks in one form or another. Either you removed the original app before proceeding, or you gave your modified APK another package name in order to get it to install without first removing the old application. And in either case, you also had to re-sign the application yourself in order to get it to install in the first place.
You can get around all of these behaviors by temporarily disabling application signature checks. But before we get into the metaphorical meat and potatoes of this article and tell you how to do so, it’s critical that we talk a little bit about ap. . . READ ON »
Posted June 11, 2014 at 07:00 am by Pulser_G2
After yesterday’s article about Google’s recent changes to the Play Store that post a number of privacy concerns for users, today we are going to look at the three most popular options for users to protect their own privacy on their Android devices. First though, let’s take a look at how they work, and what they are for.
Why Should I Care?
Since the start, Android has had a permissions system, to allow users to control what apps are able to do on their device. When an application is installed, the user is prompted to agree to the permissions that an app requires. The Android operating system ensures apps cannot use permissions they have not requested, and the user is responsible for deci. . . READ ON »
Posted June 6, 2014 at 11:00 am by Tomek Kondrat
A good developer is always concerned about the security of his/her users. Revealing your app’s private data to the public is generally a bad thing, and should almost always be avoided. As such, there are various ways to strengthen your app’s privacy, and every new method should be evaluated. Privacy protection is especially important with Android applications, as there are frequent reports of app-related phishing and similar shady activities.
You application’s private data can now be stored a bit safer, thanks to XDA Forum Moderator Jonny. He provides a Java class that protects your app’s data using the SHA-512 hashing algorithm to convert a string into a r. . . READ ON »
Posted April 11, 2014 at 05:00 am by Will Verduzco
Smartphones are undoubtedly the most “personal” of our personal computers. We use them to access our Email, banking information, and pretty much the rest of our private data. Luckily, there are quite a few file locker applications available to help keep prying eyes away from our Gmail. However, things get a bit trickier if you’re looking to hide files that reside on your device’s storage.
Sure, you can easily encrypt your internal storage through Android’s security settings menu, but what about your external storage? And what about those who want to let others casually access their devices but don’t want their tech savvy friends viewing their naughty selfies? Luck. . . READ ON »
Posted April 10, 2014 at 03:00 pm by Will Verduzco
Back in October of last year, we talked in depth about malware on Android and the platform’s multiple layers of defense. One of the final pieces of puzzle is of course Android’s Verify Apps feature. And while only around 0.5% of applications end up triggering this security mechanism, it’s still a great safety net to have when dealing with closed source applications of untrusted origin.
The Verify Apps feature, which is available on devices running Android 2.3 Gingerbread or later, has traditionally scanned apps against known malware signatures as they are installed. Now, Google has expanded the functionality of Verify Apps with constant device monitoring. This means that in ad. . . READ ON »
Posted March 13, 2014 at 02:30 pm by Will Verduzco
Earlier today, we talked about how the Replicant team found a potential backdoor in Samsung’s proprietary radio software. As demonstrated in a proof-of-concept attack, this allowed certain baseband code to gain access to a device’s storage under a specific set of circumstances. But upon closer inspection, this backdoor is most likely not as bad as it was initially made out to be.
A few hours after posting our previous article on the alleged backdoor, a highly respected security expert who wishes to remain anonymous approached us, stating that the way in which the proof-of-concept attack was framed by the Replicant team was a bit misleading. Essentially, it boils down to the POC requiring a m. . . READ ON »
Posted February 16, 2014 at 05:00 pm by Will Verduzco
Google has been on a roll with a few high profile acquisitions and sales in the past month. Not too long ago, we talked about how the company had acquired the smart thermostat and carbon monoxide detector manufacturer Nest for $3.2 billion, and how this could signal the coming of future home automation products from the Mountain View company. Then, we were all relatively surprised when we saw Lenovo take money pit Motorola from their hands for a cool $2.91 billion. Now, Google has gone ahead and acquired the SlickLogin team.
For the unaware, Israeli-based SlickLogin pioneered a unique authentication method designed to make traditional security measures a thing of the past. Rather than using traditional . . . READ ON »
Posted February 9, 2014 at 09:00 pm by Will Verduzco
Don’t you hate it when you are stuck in a crowd and you need to unlock your mobile device? Sure, the vast majority of the time, nobody’s genuinely trying to sneak a peek at your lock screen code—but you never truly know who’s watching. Because of the potential danger of having others learn our lock screen codes, we all try various “techniques” to thwart would-be prying eyes. But let’s face it—if somebody really wants to stealthily learn your lock screen code, there’s a good chance that they’ll find it.
Rather than using a single, predefined unlock code, wouldn’t it be nice if you could have a time-based PIN that changes so that a passwor. . . READ ON »
Posted January 28, 2014 at 12:00 pm by egzthunder1
Remember all those times when we here at the XDA Portal have told you that privacy is important? Despite many people thinking that we are all just a bunch of nerds wearing tinfoil hats, we do have our reasons to be somewhat paranoid. After all, we’re quite sure that you wouldn’t like the idea of having somebody snoop around your cell phone for all the naughty pictures and messages sent to and from your significant other. If you couldn’t care less about who reads the information on your device, then you might as well just go ahead and install Facebook. Yes, the Facebook app for Android. Yes, the free one from the Play Store. But, wait… Why would this app even be highlighted here? If this caught . . . READ ON »