XDA News Articles

Will Verduzco · Apr 11, 2014

Safeguard Your Naughty Files with Secrecy

Smartphones are undoubtedly the most "personal" of our personal computers. We use them to access our Email, banking information, and pretty much the rest of our private data. Luckily, there are quite a few file locker applications available to help keep prying eyes away from our Gmail. However, things get a bit trickier if you're looking to hide files that reside on your device's storage. Sure, you can easily encrypt your internal storage through Android's security settings menu, but what...

XDA NEWS
Will Verduzco · Apr 10, 2014

Google’s Verify Apps Feature to Constantly Monitor Apps

Back in October of last year, we talked in depth about malware on Android and the platform's multiple layers of defense. One of the final pieces of puzzle is of course Android's Verify Apps feature. And while only around 0.5% of applications end up triggering this security mechanism, it's still a great safety net to have when dealing with closed source applications of untrusted origin. The Verify Apps feature, which is available on devices running Android 2.3 Gingerbread or later, has traditionally...

XDA NEWS
Will Verduzco · Mar 13, 2014

Samsung Backdoor May Not Be as Wide Open as Initially Thought

Earlier today, we talked about how the Replicant team found a potential backdoor in Samsung's proprietary radio software. As demonstrated in a proof-of-concept attack, this allowed certain baseband code to gain access to a device's storage under a specific set of circumstances. But upon closer inspection, this backdoor is most likely not as bad as it was initially made out to be. A few hours after posting our previous article on the alleged backdoor, a highly respected security expert who wishes...

XDA NEWS
Will Verduzco · Feb 16, 2014

Google Acquires SlickLogin, Sound-based Login Coming to Android?

Google has been on a roll with a few high profile acquisitions and sales in the past month. Not too long ago, we talked about how the company had acquired the smart thermostat and carbon monoxide detector manufacturer Nest for $3.2 billion, and how this could signal the coming of future home automation products from the Mountain View company. Then, we were all relatively surprised when we saw Lenovo take money pit Motorola from their hands for a cool $2.91 billion....

XDA NEWS
Will Verduzco · Feb 9, 2014

Thwart Password-Stealing Eyes with TimePIN

Don't you hate it when you are stuck in a crowd and you need to unlock your mobile device? Sure, the vast majority of the time, nobody's genuinely trying to sneak a peek at your lock screen code---but you never truly know who's watching. Because of the potential danger of having others learn our lock screen codes, we all try various "techniques" to thwart would-be prying eyes. But let's face it---if somebody really wants to stealthily learn your lock screen code,...

XDA NEWS
egzthunder1 · Jan 28, 2014

Yet Another Reason to NOT Trust “Trusted” Companies: Facebook Can Now Read Your Text Messages

Remember all those times when we here at the XDA Portal have told you that privacy is important? Despite many people thinking that we are all just a bunch of nerds wearing tinfoil hats, we do have our reasons to be somewhat paranoid. After all, we're quite sure that you wouldn't like the idea of having somebody snoop around your cell phone for all the naughty pictures and messages sent to and from your significant other. If you couldn't care...

XDA NEWS
Will Verduzco · Jan 10, 2014

Samsung Responds to KNOX MitM Attack “Vulnerability”

About a month ago, we talked about a recent study (PDF) stating that most security vulnerabilities on Android are ultimately due to OEM customizations. And surprise, surprise---this can even happen on devices with technologies designed to protect users. Late last month, security researchers at Israel’s Ben-Gurion University of the Negev discovered a security vulnerability that allowed a user-installed application to intercept unencrypted network traffic. Rather than describing this as a flaw or bug, Samsung labels the vulnerability a classic Man in...

XDA NEWS
Pulser_G2 · Jan 3, 2014

Snapchat: A Lesson in How NOT to do Security

Here at XDA, we focus on bringing you news about what developers are up to on the forums or significant changes in the mobile industry. Today though, I bring an analysis of some recent news about goings-on in the security world in relation to a particular mobile application you may or not have heard of: Snapchat. Snapchat is best described as a gimmick application, widely used by teens to send each other photos and short videos, which "self destruct" after...

XDA NEWS
Will Verduzco · Dec 10, 2013

CyanogenMod Adds WhisperPush Secure Messaging into CM10.2 Nightlies, CM11 Integration Soon!

While secure text messaging systems have been available on Android for quite some time, many users (even power users) have failed to set them up on their devices. This isn't because privacy isn't important, but it's often one of those things you don't think of until it's too late. Now, CyanogenMod is taking a great first step by incorporating an existing and open source secure text messaging platform into CyanogenMod. The integration comes in the form of TextSecure, which is maintained...

XDA NEWS
Will Verduzco · Dec 4, 2013

Google Pulls HushSMS after Flash SMS DoS Info

Not too long ago, we talked about the Flash SMS (class 0) DoS vulnerability affecting the current lineup of Nexus devices. Discovered by Romanian security researcher Bogdan Alec, the vulnerability was such that Flash SMS (class 0) messages sent in rapid succession would cause unexpected behavior on various Nexus devices. Curiously, though, the bug only affected Nexus device owners. Luckily, the vulnerability was never all that damaging. After all, the worst outcome that has been seen so far is data loss...

XDA NEWS
Tomek Kondrat · Nov 30, 2013

Google Nexus Devices Vulnerable to DoS Attacks, Protect Yourself with Simple App

Due to their expedient updates and lack of potentially vulnerable carrier and OEM addons, Nexus devices are considered to be among the safest Android devices. Being certified by Google mean a lot, but everything has some vulnerabilities, and newest Nexus devices are no exemption. According to Romanian security researcher Bogdan Alecu, the Nexus lineup is vulnerable to a denial-of-service attacks based on a special type of SMS. This attack relies on Flash SMS, short messages displayed on the screen without being...

XDA NEWS
Tomek Kondrat · Nov 20, 2013

How to Disable the Annoying Certificate Popup in KitKat

My mother always told me that security matters. And she was right. Security is important, as right now, devices can be hacked, phished, or scammed in multiple ways. That's why protections are so important, especially in public areas. Security certificates were invented and widely used to prevent thieves from stealing our data. It appears that security matters to XDA Forum Member forceu as well, as he wrote a guide on installing a custom security certificate to bypass the "Your network could...

XDA NEWS
jerdog · Nov 14, 2013

Shock and Awe: OEMs Cause Android Security Issues

It should come as no surprise that here at XDA, we are always calling on the OEMs to do a better job of removing the bloat of their custom UIs (Samsung - we're looking at you and your now insane TouchWiz size) and improving the overall user experience. What may come as a shock to some, though, is that a recent study by researchers at North Carolina State University says that those same OEMs, and their incessant need to have a custom...

XDA NEWS
Will Verduzco · Nov 13, 2013

Easily Change Your Android SELinux Mode

Along with the various user-facing features added in Android 4.4 KitKat, Google significantly bolstered the overall security of the platform with a number of key changes. Among other things, one of the key changes related to SELinux, which was previously introduced in Android 4.3. Android 4.4, however, shifted the SELinux status from Permissive to Enforce Mode. To quote our security expert Pulser_G2 on the matter: SELinux in Enforce Mode In Android 4.4, SELinux has moved from running in permissive mode...

XDA NEWS
Pulser_G2 · Nov 2, 2013

Android 4.4 KitKat Security Enhancements

In addition to the many user-facing improvements in the latest incarnation of Android announced yesterday, there are a number of interesting security improvements, which seem to indicate that Google have not totally neglected platform security in this new release. This article will run through what's new, and what it means for you. SELinux in Enforce Mode In Android 4.4, SELinux has moved from running in permissive mode (which simply logs failures), into enforcing mode. SELinux, which was introduced in Android...

XDA NEWS
Pulser_G2 · Nov 1, 2013

Google Taking Aim at Device Modders in Android 4.4 KitKat

Android 4.4 introduces a number of changes intended to reduce the risks of rootkits on the platform. In addition to SELinux, the dm-verity kernel feature is also used on boot. The dm-verity feature is used to verify the filesystem storage, and detect modifications to the device at block level (rather than file level). In essence, dm-verity aims to prevent root software from modifying the device file system. This is done by detecting the modifications made to the filesystem, which will no longer...

XDA NEWS
Jimmy McGee · Oct 31, 2013

Android App Review: Secure Your ‘Recipe’ with Safe N Secure Notepad – XDA Developer TV

If you’ve ever handed someone your phone to someone, whether to show them a funny picture or if they ask to check it out, you know the terror that runs through your mind thinking of what they could stumble upon: your usernames and passwords for different sites, your special ‘recipe,’ your mistress's phone number, anything. Well, XDA Forum Member msappz offers a new way to keep your secret life private. In this video, XDA Developer TV Producer Walter White TK...

XDA NEWS
Will Verduzco · Oct 13, 2013

Can Mobile Accelerometers Spy on Your Desktop Keystrokes?

The answer to the question above, as security researcher Philip Marquardt demonstrated, is "yes." However, it's not all that likely in practice, and there are several simple ways to protect yourself. Data security is a rapidly growing concern in our increasingly digital world. In order to help bring these concerns to light, we recently launched a Security forum specifically for discussion of various security-related topics. Not too long ago, we also talked about malware on Android and how this is largely an overstated...

XDA NEWS
Will Verduzco · Oct 12, 2013

Monitor Your Device’s Network Connections

A little over a year ago, we took at Anti Spy Mobile, an application by XDA Senior Member pandata000 that was aimed at helping users make sure that their applications' permissions were in check. The previously mentioned app worked by figuring out which applications are installed, searching for well known spyware, analyzing permissions and Android intents, and giving an easily understandable output to the user listing potential trouble spots. Anti Spy Mobile unfortunately is not able to track the actual connections made...

XDA NEWS
Will Verduzco · Oct 4, 2013

Just How Safe is “Safe” in Android?

We've all heard about the Android malware problem. After all, proponents of other mobile operating systems love to spread FUD stating that Android's malware situation is out of control. Further, there are various entities such as antivirus firms with vested interests in demonstrating that there is indeed an issue. Who's to blame the companies using these unscrupulous tactics? After all, it's simply good business to undermine your mobile OS competitors or create demand for your product in the case of security...

XDA NEWS