POSTS TAGGED: security

Easily Change Your Android SELinux Mode

Capture

Along with the various user-facing features added in Android 4.4 KitKat, Google significantly bolstered the overall security of the platform with a number of key changes. Among other things, one of the key changes related to SELinux, which was previously introduced in Android 4.3. Android 4.4, however, shifted the SELinux status from Permissive to Enforce Mode.

To quote our security expert Pulser_G2 on the matter:

SELinux in Enforce Mode

In Android 4.4, SELinux has moved from running in permissive mode (which simply logs failures), into enforcing mode. SELinux, which was introduced in Android 4.3, is a mandatory access control system built into the Linux kernel, in order to help enforce the existing acc

. . . READ ON »
1 comment Read On

Android 4.4 KitKat Security Enhancements

Android KitKat

In addition to the many user-facing improvements in the latest incarnation of Android announced yesterday, there are a number of interesting security improvements, which seem to indicate that Google have not totally neglected platform security in this new release. This article will run through what’s new, and what it means for you.

SELinux in Enforce Mode

In Android 4.4, SELinux has moved from running in permissive mode (which simply logs failures), into enforcing mode. SELinux, which was introduced in Android 4.3, is a mandatory access control system built into the Linux kernel, in order to help enforce the existing access control rights (i.e. permissions), and to attempt to prevent privilege e. . . READ ON »

30 comments Read On

Google Taking Aim at Device Modders in Android 4.4 KitKat

Capture

Android 4.4 introduces a number of changes intended to reduce the risks of rootkits on the platform. In addition to SELinux, the dm-verity kernel feature is also used on boot. The dm-verity feature is used to verify the filesystem storage, and detect modifications to the device at block level (rather than file level). In essence, dm-verity aims to prevent root software from modifying the device file system. This is done by detecting the modifications made to the filesystem, which will no longer match the expected configuration.

In dm-verity, each block of the storage device has a SHA-256 hash associated with it. (For reference, a block is simply a unit of address for storage, typically around 4 KB on flas. . . READ ON »

33 comments Read On

Android App Review: Secure Your ‘Recipe’ with Safe N Secure Notepad – XDA Developer TV

reviewingapps2

If you’ve ever handed someone your phone to someone, whether to show them a funny picture or if they ask to check it out, you know the terror that runs through your mind thinking of what they could stumble upon: your usernames and passwords for different sites, your special ‘recipe,’ your mistress’s phone number, anything.

Well, XDA Forum Member msappz offers a new way to keep your secret life private. In this video, XDA Developer TV Producer Walter White TK reviews Safe N Secure Notepad. TK shows off the application and gives his thoughts, so check out this app review.. . . READ ON »

1 comment Read On

Can Mobile Accelerometers Spy on Your Desktop Keystrokes?

keyboardspy

The answer to the question above, as security researcher Philip Marquardt demonstrated, is “yes.” However, it’s not all that likely in practice, and there are several simple ways to protect yourself.

Data security is a rapidly growing concern in our increasingly digital world. In order to help bring these concerns to light, we recently launched a Security forum specifically for discussion of various security-related topics. Not too long ago, we also talked about malware on Android and how this is largely an overstated problem for those running relatively recent builds of the OS. However, when most people think of mobile security, they think of protecting their own device from . . . READ ON »

Tags:

2 comments Read On

Monitor Your Device’s Network Connections

unnamed

A little over a year ago, we took at Anti Spy Mobile, an application by XDA Senior Member pandata000 that was aimed at helping users make sure that their applications’ permissions were in check. The previously mentioned app worked by figuring out which applications are installed, searching for well known spyware, analyzing permissions and Android intents, and giving an easily understandable output to the user listing potential trouble spots. Anti Spy Mobile unfortunately is not able to track the actual connections made by spyware.

In response to user request, pandataooo has now created a new application aimed at showing all of your current connections. Aptly titled Network Connections, pan. . . READ ON »

no comments Read On

Just How Safe is “Safe” in Android?

1

We’ve all heard about the Android malware problem. After all, proponents of other mobile operating systems love to spread FUD stating that Android’s malware situation is out of control. Further, there are various entities such as antivirus firms with vested interests in demonstrating that there is indeed an issue.

Who’s to blame the companies using these unscrupulous tactics? After all, it’s simply good business to undermine your mobile OS competitors or create demand for your product in the case of security solution providers. And up until very recently, Google unfortunately lacked a reliable way of determining and tracking the scope of the problem. That changed recentl. . . READ ON »

24 comments Read On

Android Security Presentation Makes you Think Twice about Your Actions

Root

We have talked about app development, Ubuntu Touch development, NFC and Firefox OS presentations from XDA:DevCon 2013. All of these presentations are of great value for developers and enthusiasts. However, there is a dark secret in your pocket: exploits. These exploits can be used for good, gaining root or unlocking. However, they can also be used for bad, such as stealing your chickens or texting curse words to your mother, or worse.

This presentation has a simple title, but the content is not simple. “Android Security Vulnerabilities and Exploits” presented by XDA Elite Recognized Developer jcase. Jcase is a mobile security researcher and the developer of many Android exploits. There is great reas. . . READ ON »

6 comments Read On

Security Vulnerability in Android Creates Bitcoin Fraud Threat

bitcoin-logo-3d Despite previous claims by Bitcoin developers that its open-source wallet application provides "a strong level of protection against many types of fraud," developers announced Sunday that weaknesses within the Android operating system are responsible for rendering all Android wallets generated to date vulnerable to theft. The issue lies within the area of the OS that should be generating secure and random key codes, which is why the problem only affects wallets generated by Android applications. Some applications affected include Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet. Front-end applications such as Coinbase or MtGox are not vulnerable since private keys are not generated on the Android device.
11 comments Read On