POSTS TAGGED: security
Posted July 18, 2014 at 02:30 am by Jimmy McGee
We’ve already reported on two of the speakers scheduled for XDA:DevCon 2014. Sony’s Alin Jerpelea and Mozilla’s Alex Lakatos are joining us, as we go international with xda:devcon ’14. If you haven’t heard, it will be held in Manchester, UK on the weekend of September 26-28.
Today, we are happy to announce another great speaker that will be at xda:devcon ’14. With many different governments spying on you, Android security is a big topic. So to cover the important information of Android security, full-time master student engineering at the department of Computer Science at the KU Leuven University Dario Incalza will be presenting. Incalza has been involved with Android development for fo. . . READ ON »
Posted June 25, 2014 at 04:30 pm by Pulser_G2
With the announcement of Android L now finished at Google I/O, there are still a number of unanswered questions as to what’s actually likely to be coming in Android L. We mentioned some of the changes we know are coming earlier, as well as a bit more about the new design philosophy on the way, but there wasn’t much detail given over some of the new changes.
We’ve been taking a look to see what we could find, and XDA Senior Recognized Developer XpLoDWilD helped us root out what looks to be an interesting new feature–tucked away among all the other information about Android L and the new design philosophy are a few interesting gems. One of these gems comes in the form of a screenshot, which a. . . READ ON »
Application Signature Verification: How It Works, How to Disable It with Xposed, and Why You Shouldn’t
Posted June 16, 2014 at 12:00 am by Will Verduzco
If you’ve ever tried to modify and reinstall a system application, you probably encountered application signature checks in one form or another. Either you removed the original app before proceeding, or you gave your modified APK another package name in order to get it to install without first removing the old application. And in either case, you also had to re-sign the application yourself in order to get it to install in the first place.
You can get around all of these behaviors by temporarily disabling application signature checks. But before we get into the metaphorical meat and potatoes of this article and tell you how to do so, it’s critical that we talk a little bit about ap. . . READ ON »
Posted June 11, 2014 at 07:00 am by Pulser_G2
After yesterday’s article about Google’s recent changes to the Play Store that post a number of privacy concerns for users, today we are going to look at the three most popular options for users to protect their own privacy on their Android devices. First though, let’s take a look at how they work, and what they are for.
Why Should I Care?
Since the start, Android has had a permissions system, to allow users to control what apps are able to do on their device. When an application is installed, the user is prompted to agree to the permissions that an app requires. The Android operating system ensures apps cannot use permissions they have not requested, and the user is responsible for deci. . . READ ON »
Posted June 6, 2014 at 11:00 am by Tomek Kondrat
A good developer is always concerned about the security of his/her users. Revealing your app’s private data to the public is generally a bad thing, and should almost always be avoided. As such, there are various ways to strengthen your app’s privacy, and every new method should be evaluated. Privacy protection is especially important with Android applications, as there are frequent reports of app-related phishing and similar shady activities.
You application’s private data can now be stored a bit safer, thanks to XDA Forum Moderator Jonny. He provides a Java class that protects your app’s data using the SHA-512 hashing algorithm to convert a string into a r. . . READ ON »
Posted April 11, 2014 at 05:00 am by Will Verduzco
Smartphones are undoubtedly the most “personal” of our personal computers. We use them to access our Email, banking information, and pretty much the rest of our private data. Luckily, there are quite a few file locker applications available to help keep prying eyes away from our Gmail. However, things get a bit trickier if you’re looking to hide files that reside on your device’s storage.
Sure, you can easily encrypt your internal storage through Android’s security settings menu, but what about your external storage? And what about those who want to let others casually access their devices but don’t want their tech savvy friends viewing their naughty selfies? Luck. . . READ ON »
Posted April 10, 2014 at 03:00 pm by Will Verduzco
Back in October of last year, we talked in depth about malware on Android and the platform’s multiple layers of defense. One of the final pieces of puzzle is of course Android’s Verify Apps feature. And while only around 0.5% of applications end up triggering this security mechanism, it’s still a great safety net to have when dealing with closed source applications of untrusted origin.
The Verify Apps feature, which is available on devices running Android 2.3 Gingerbread or later, has traditionally scanned apps against known malware signatures as they are installed. Now, Google has expanded the functionality of Verify Apps with constant device monitoring. This means that in ad. . . READ ON »
Posted March 13, 2014 at 02:30 pm by Will Verduzco
Earlier today, we talked about how the Replicant team found a potential backdoor in Samsung’s proprietary radio software. As demonstrated in a proof-of-concept attack, this allowed certain baseband code to gain access to a device’s storage under a specific set of circumstances. But upon closer inspection, this backdoor is most likely not as bad as it was initially made out to be.
A few hours after posting our previous article on the alleged backdoor, a highly respected security expert who wishes to remain anonymous approached us, stating that the way in which the proof-of-concept attack was framed by the Replicant team was a bit misleading. Essentially, it boils down to the POC requiring a m. . . READ ON »
Posted February 16, 2014 at 05:00 pm by Will Verduzco
Google has been on a roll with a few high profile acquisitions and sales in the past month. Not too long ago, we talked about how the company had acquired the smart thermostat and carbon monoxide detector manufacturer Nest for $3.2 billion, and how this could signal the coming of future home automation products from the Mountain View company. Then, we were all relatively surprised when we saw Lenovo take money pit Motorola from their hands for a cool $2.91 billion. Now, Google has gone ahead and acquired the SlickLogin team.
For the unaware, Israeli-based SlickLogin pioneered a unique authentication method designed to make traditional security measures a thing of the past. Rather than using traditional . . . READ ON »