POSTS TAGGED: security

Android Security Engineer Dario Incalza to Talk Android Security at XDA:DevCon 2014

profilepic_incalzadario-e1404324244365

We’ve already reported on two of the speakers scheduled for XDA:DevCon 2014. Sony’s Alin Jerpelea and Mozilla’s Alex Lakatos are joining us, as we go international with xda:devcon ’14. If you haven’t heard, it will be held in Manchester, UK on the weekend of September 26-28.

Today, we are happy to announce another great speaker that will be at xda:devcon ’14. With many different governments spying on you, Android security is a big topic. So to cover the important information of Android security, full-time master student engineering at the department of Computer Science at the KU Leuven University Dario Incalza will be presenting. Incalza has been involved with Android development for fo. . . READ ON »

16 comments Read On

Exclusive: Android L to Add Granular Permissions Prompts

Android L Permissions Prompt

With the announcement of Android L now finished at Google I/O, there are still a number of unanswered questions as to what’s actually likely to be coming in Android L. We mentioned some of the changes we know are coming earlier, as well as a bit more about the new design philosophy on the way, but there wasn’t much detail given over some of the new changes.

We’ve been taking a look to see what we could find, and XDA Senior Recognized Developer XpLoDWilD helped us root out what looks to be an interesting new feature–tucked away among all the other information about Android L and the new design philosophy are a few interesting gems. One of these gems comes in the form of a screenshot, which a. . . READ ON »

14 comments Read On

Application Signature Verification: How It Works, How to Disable It with Xposed, and Why You Shouldn’t

signature verification

If you’ve ever tried to modify and reinstall a system application, you probably encountered application signature checks in one form or another. Either you removed the original app before proceeding, or you gave your modified APK another package name in order to get it to install without first removing the old application. And in either case, you also had to re-sign the application yourself in order to get it to install in the first place.

You can get around all of these behaviors by temporarily disabling application signature checks. But before we get into the metaphorical meat and potatoes of this article and tell you how to do so, it’s critical that we talk a little bit about ap. . . READ ON »

1 comment Read On

Protecting Your Privacy: App Ops, Privacy Guard, and XPrivacy

PrivacyPolicyButton

After yesterday’s article about Google’s recent changes to the Play Store that post a number of privacy concerns for users, today we are going to look at the three most popular options for users to protect their own privacy on their Android devices. First though, let’s take a look at how they work, and what they are for.

Why Should I Care?

Since the start, Android has had a permissions system, to allow users to control what apps are able to do on their device. When an application is installed, the user is prompted to agree to the permissions that an app requires. The Android operating system ensures apps cannot use permissions they have not requested, and the user is responsible for deci. . . READ ON »

4 comments Read On

Building an Android App? Protect Your User’s Private Application Data

encryption

A good developer is always concerned about the security of his/her users. Revealing your app’s private data to the public is generally a bad thing, and should almost always be avoided. As such, there are various ways to strengthen your app’s privacy, and every new method should be evaluated. Privacy protection is especially important with Android applications, as there are frequent reports of app-related phishing and similar shady activities.

You application’s private data can now be stored a bit safer, thanks to XDA Forum Moderator Jonny. He provides a Java class that protects your app’s data using the SHA-512 hashing algorithm to convert a string into a r. . . READ ON »

4 comments Read On

Safeguard Your Naughty Files with Secrecy

screenshot_(1)

Smartphones are undoubtedly the most “personal” of our personal computers. We use them to access our Email, banking information, and pretty much the rest of our private data. Luckily, there are quite a few file locker applications available to help keep prying eyes away from our Gmail. However, things get a bit trickier if you’re looking to hide files that reside on your device’s storage.

Sure, you can easily encrypt your internal storage through Android’s security settings menu, but what about your external storage? And what about those who want to let others casually access their devices but don’t want their tech savvy friends viewing their naughty selfies? Luck. . . READ ON »

3 comments Read On

Google’s Verify Apps Feature to Constantly Monitor Apps

Screenshot 2014-04-09 at 17.15.06

Screenshot 2014-04-09 at 17.15.06Back in October of last year, we talked in depth about malware on Android and the platform’s multiple layers of defense. One of the final pieces of puzzle is of course Android’s Verify Apps feature. And while only around 0.5% of applications end up triggering this security mechanism, it’s still a great safety net to have when dealing with closed source applications of untrusted origin.

The Verify Apps feature, which is available on devices running Android 2.3 Gingerbread or later, has traditionally scanned apps against known malware signatures as they are installed. Now, Google has expanded the functionality of Verify Apps with constant device monitoring. This means that in ad. . . READ ON »

2 comments Read On

Samsung Backdoor May Not Be as Wide Open as Initially Thought

Untitled-1

Earlier today, we talked about how the Replicant team found a potential backdoor in Samsung’s proprietary radio software. As demonstrated in a proof-of-concept attack, this allowed certain baseband code to gain access to a device’s storage under a specific set of circumstances. But upon closer inspection, this backdoor is most likely not as bad as it was initially made out to be.

A few hours after posting our previous article on the alleged backdoor, a highly respected security expert who wishes to remain anonymous approached us, stating that the way in which the proof-of-concept attack was framed by the Replicant team was a bit misleading. Essentially, it boils down to the POC requiring a m. . . READ ON »

7 comments Read On

Google Acquires SlickLogin, Sound-based Login Coming to Android?

slick

Google has been on a roll with a few high profile acquisitions and sales in the past month. Not too long ago, we talked about how the company had acquired the smart thermostat and carbon monoxide detector manufacturer Nest for $3.2 billion, and how this could signal the coming of future home automation products from the Mountain View company. Then, we were all relatively surprised when we saw Lenovo take money pit Motorola from their hands for a cool $2.91 billion. Now, Google has gone ahead and acquired the SlickLogin team.

For the unaware, Israeli-based SlickLogin pioneered a unique authentication method designed to make traditional security measures a thing of the past. Rather than using traditional . . . READ ON »

11 comments Read On