POSTS TAGGED: security
Posted November 13, 2013 at 07:00 pm by Will Verduzco
Along with the various user-facing features added in Android 4.4 KitKat, Google significantly bolstered the overall security of the platform with a number of key changes. Among other things, one of the key changes related to SELinux, which was previously introduced in Android 4.3. Android 4.4, however, shifted the SELinux status from Permissive to Enforce Mode.
To quote our security expert Pulser_G2 on the matter:
. . . READ ON »
SELinux in Enforce Mode
In Android 4.4, SELinux has moved from running in permissive mode (which simply logs failures), into enforcing mode. SELinux, which was introduced in Android 4.3, is a mandatory access control system built into the Linux kernel, in order to help enforce the existing acc
Posted November 2, 2013 at 02:30 pm by Pulser_G2
In addition to the many user-facing improvements in the latest incarnation of Android announced yesterday, there are a number of interesting security improvements, which seem to indicate that Google have not totally neglected platform security in this new release. This article will run through what’s new, and what it means for you.
SELinux in Enforce Mode
In Android 4.4, SELinux has moved from running in permissive mode (which simply logs failures), into enforcing mode. SELinux, which was introduced in Android 4.3, is a mandatory access control system built into the Linux kernel, in order to help enforce the existing access control rights (i.e. permissions), and to attempt to prevent privilege e. . . READ ON »
Posted November 1, 2013 at 06:30 pm by Pulser_G2
Android 4.4 introduces a number of changes intended to reduce the risks of rootkits on the platform. In addition to SELinux, the dm-verity kernel feature is also used on boot. The dm-verity feature is used to verify the filesystem storage, and detect modifications to the device at block level (rather than file level). In essence, dm-verity aims to prevent root software from modifying the device file system. This is done by detecting the modifications made to the filesystem, which will no longer match the expected configuration.
In dm-verity, each block of the storage device has a SHA-256 hash associated with it. (For reference, a block is simply a unit of address for storage, typically around 4 KB on flas. . . READ ON »
Posted October 31, 2013 at 11:30 am by Jimmy McGee
If you’ve ever handed someone your phone to someone, whether to show them a funny picture or if they ask to check it out, you know the terror that runs through your mind thinking of what they could stumble upon: your usernames and passwords for different sites, your special ‘recipe,’ your mistress’s phone number, anything.
Well, XDA Forum Member msappz offers a new way to keep your secret life private. In this video, XDA Developer TV Producer Walter White TK reviews Safe N Secure Notepad. TK shows off the application and gives his thoughts, so check out this app review.. . . READ ON »
Posted October 13, 2013 at 11:30 pm by Will Verduzco
The answer to the question above, as security researcher Philip Marquardt demonstrated, is “yes.” However, it’s not all that likely in practice, and there are several simple ways to protect yourself.
Data security is a rapidly growing concern in our increasingly digital world. In order to help bring these concerns to light, we recently launched a Security forum specifically for discussion of various security-related topics. Not too long ago, we also talked about malware on Android and how this is largely an overstated problem for those running relatively recent builds of the OS. However, when most people think of mobile security, they think of protecting their own device from . . . READ ON »
Posted October 12, 2013 at 01:30 pm by Will Verduzco
A little over a year ago, we took at Anti Spy Mobile, an application by XDA Senior Member pandata000 that was aimed at helping users make sure that their applications’ permissions were in check. The previously mentioned app worked by figuring out which applications are installed, searching for well known spyware, analyzing permissions and Android intents, and giving an easily understandable output to the user listing potential trouble spots. Anti Spy Mobile unfortunately is not able to track the actual connections made by spyware.
In response to user request, pandataooo has now created a new application aimed at showing all of your current connections. Aptly titled Network Connections, pan. . . READ ON »
Posted October 4, 2013 at 11:30 pm by Will Verduzco
We’ve all heard about the Android malware problem. After all, proponents of other mobile operating systems love to spread FUD stating that Android’s malware situation is out of control. Further, there are various entities such as antivirus firms with vested interests in demonstrating that there is indeed an issue.
Who’s to blame the companies using these unscrupulous tactics? After all, it’s simply good business to undermine your mobile OS competitors or create demand for your product in the case of security solution providers. And up until very recently, Google unfortunately lacked a reliable way of determining and tracking the scope of the problem. That changed recentl. . . READ ON »
Posted September 24, 2013 at 04:30 am by Jimmy McGee
We have talked about app development, Ubuntu Touch development, NFC and Firefox OS presentations from XDA:DevCon 2013. All of these presentations are of great value for developers and enthusiasts. However, there is a dark secret in your pocket: exploits. These exploits can be used for good, gaining root or unlocking. However, they can also be used for bad, such as stealing your chickens or texting curse words to your mother, or worse.
This presentation has a simple title, but the content is not simple. “Android Security Vulnerabilities and Exploits” presented by XDA Elite Recognized Developer jcase. Jcase is a mobile security researcher and the developer of many Android exploits. There is great reas. . . READ ON »
Posted August 12, 2013 at 07:00 am by TheRomMistress