latest
Mozilla can now monitor the dark web for your personal data for a fee
Mozilla wants to help keep your sensitive information out of the wrong hands
Identity theft is now a persistent threat in the digital age, and your personal data has only become more widely available as the internet has evolved. Even if you’ve only used your email address on a few websites, for example, your information is at risk. The dark web — the portion of the internet that is not indexed by search engines — has become an area where this type of information is sold and exchanged. Everything from your home address to your credit card numbers can circulate on the dark web, but there are services designed to reduce the risk. One organization that prioritizes privacy is Mozilla, and it’s rolling out a new paid service to do just that.
Western Digital suffered network breach that led to data being stolen
The company suffered a breach last month, losing data in the process.
Every month, we seem to hear about a new data breach, showing us that not even large companies are immune to having its information or systems compromised. Today, Western Digital has released a statement, sharing that it experienced a "network security incident involving some of its systems" on March 26.
T-Mobile suffered another massive data breach that compromised 37 million accounts
It's happened again. T-Mobile has suffered another data breach that exposed the personal information of 37 million customers.
T-Mobile has once again suffered a data breach that exposed the personal information of 37 million of its customers. At this point, if you're a T-Mobile customer, you're really not surprised, as data breaches seem like such a common occurrence with the wireless carrier. The last major data breach it suffered was just a couple of years ago in 2021.
Twitter fined 450,000 Euros by Irish regulator for GDPR fail
Ireland's data regulator has handed down a 450,000 Euro fine on behalf of the European Union, for a 2018 data breach of Twitter's Android app
Twitter has been clobbered with a fine of €450,000 (~$546,300) after Irish courts found it had breached Europe’s strong data protection laws, known as GDPR. The fine was brought by Ireland’s data regulator, making it the first scalp for US big tech under the legislation.
BraveDNS is an open-source DNS-over-HTTPS client, firewall, and adblocker for Android
BraveDNS is a free and open-source app that offers a full-fledged DNS-over-HTTPS client, firewall, and adblocker for Android. Read on!
Replacing the factory-installed OS with an aftermarket ROM isn't just limited to the Android ecosystem. People started modding Linux-powered wireless routers and access points long before the rise of Android smartphones in order to enable functionalities such as packet filtering, firewalls, or adblocking that aren't otherwise present in the stock firmware. Unsurprisingly, such features are much requested in the world of Android as well. While it is possible to configure Private DNS (or DNS-over-HTTPS) and subsequently block ads on an Android device since Android Pie, end-users still need to rely on third-party apps to set up a proper firewall. If you are looking for an all-in-one app that can act as a firewall, adblocker, and even a DNS-over-HTTPS client, BraveDNS might interest you.
Google will now automatically delete Web & App activity, Location history, and YouTube search history for new users
Last year, Google made it possible to automatically delete personal data every 3 or 18 months. Now, that feature will be enabled by default for new users.
Whether it's fair or not, Google has a reputation for collecting a lot of data about people. To its credit, Google has been making improvements in how it lets users control their privacy. Today, CEO Sundar Pichai announced some changes in how the company handles data for new users.
[Update 3: Clearer Toggle Language] Researchers accuse Xiaomi web browsers of collecting browsing data - even in Incognito mode
Cybersecurity researchers have found evidence that Xiaomi's browsers have been collecting browsing data info even in Incognito mode. Read on to know more!
Xiaomi smartphones are unanimously agreed to be one of the best value purchases available in the market at any point in time. Packing some insane hardware at some very lucrative price points, especially at the lower end of the smartphone market, these phones make an offer that a lot of people just can't refuse. Xiaomi has also been receptive to the needs of the developer community, with decisions such as allowing bootloader unlocking without sacrificing the manufacturer's warranty -- a combination that a lot of other popular OEMs discard, as well as vastly improving upon their kernel source releases. These reasons make them one of the most popular devices in our forums, and they have rightfully earned that spot of popularity.
Study: Over 1000 Android apps on Google Play accessed user data without proper permissions
Researchers found that many Android apps on the Google Play Store had ways to bypass Android's permission model to harvest user data.
Despite user perception, Android is actually quite secure as a mobile OS. We generally accept the premise that the weakest link is the user; so long as you watch what you install and what permissions you grant, you should be safe from unauthorized access and distribution of your data. If you deny an Android app access to your location, then that app shouldn't have any way to figure out where you are or where you've been. However, some app developers have figured out ways to get around Android's permission model, according to researchers from the International Computer Science Institute (ICSI).
[Update 2: Wi-Fi Easy Connect in Android Q] WPS disappeared in Android P and may never come back
WPS disappeared in Android Pie and has been marked deprecated, but it has a replacement in Android Q called Wi-Fi Easy Connect.
With Android P on the horizon, we're all excited to see what the final release brings us. We can expect to see performance improvements and new features like gesture navigation and a new UI. However, we can also expect a myriad of security enhancements, some of which may infuriate users at first. As first reported by AndroidPolice, it appears that Google may be deprecating WPS (Wi-Fi Protected Setup) support when Android P releases. For those who aren't aware, WPS allows you to connect a device to your router simply by pressing a designated button on your router. Some configurations then require you to enter a PIN code on your device.
[Update 3: It's Dead] Google+ is shutting down for consumers after potential major data breach
After a massive data breach that reportedly affected over 500,000 users, Google is set to shut down the consumer version of Google+ for good.
Google+ was introduced in 2011 as the tech giant's response to the rising social network phenomenon and as a rival to Facebook, Twitter, and other social networks. Unfortunately, though, it failed to gain traction despite Google's unmeasurable efforts and backing to bring it up and boost its adoption. Today, after over 7 years of existence, Google is shutting down Google+ for good--although its low user base surprisingly wasn't the main factor behind this decision.
Shelter is an open source sandboxing app to isolate apps from your data
For those cautious about personal data, there is a new open source app called Shelter that lets you sandbox applications to isolate them from your data.
Big data is a big business right now and this can come in the form of just about any type of information that someone can get their hands on. Whether it's a business tracking your location for monetization or a malicious application abusing various permissions to gain access to as much of your data as possible. For those who are very cautious about their personal data, you should know there is a new open source application called Shelter that lets you sandbox applications to isolate them from your data.
Millions of users' data leaked through misconfigured Firebase backends
Millions of users' data have leaked through misconfigured Firebase backends, leaving plaintext passwords and more publicly viewable.
Millions of users' data have been leaked because of misconfigured Firebase backends, according to a report from Appthority. Around 113GB of data over 2,271 databases were exposed publicly as a result of being misconfigured. Firebase is a Backend-as-a-Service offering by Google which was reported to be the fastest growing SDK in 2017. The service is hugely popular among the top Android developers. It provides cloud messaging, push notifications, databases, analytics, advertising and a lot more that developers can utilize, all powered by Google's high-performance servers. However, it seems that many developers are misusing it.
Every Android device is susceptible to a hardware vulnerability called RAMpage
Every Android device is susceptible to a hardware vulnerability called RAMpage. You can read all about it here, and how to test your own Android device.
We have consistently seen various vectors of attack rear their head when it comes to Android smartphones. We've seen Shattered Trust, Cloak and Dagger, and Rowhammer, just to name a few. RAMpage is the latest one on the block, and while it is a hardware vulnerability, it doesn't necessarily need physical access to your device to exploit. How it works is relatively simple.
LineageOS Introduces "Trust" - A Centralized Interface for Security and Privacy
The developers over at LineageOS have introduced Trust: a centralized interface for security and privacy features in the ROM. Read on to know more!
The introduction of monthly security patches for Android was a welcome and much-needed move from Google. At that time, Android was infamous for its fragmentation issues, which negatively impacted how security vulnerabilities could be patched and then quickly distributed to devices. Monthly security patches provided a quick way for concerned users to judge how "secure" and "up-to-date" their device really was.
[Update: Fix] Bootloader Protection Bypass Discovered on OnePlus 6 (requires physical access)
A serious vulnerability in the OnePlus 6 bootloader has been discovered. This exploit, which requires physical access, bypasses all security measures.
The OnePlus 6 was made official in the middle of last month. The device has only recently started to make its way into the hands of consumers and developers on our forums, and already we're hearing about the work that's being done. An official build of TWRP is already available and work is progressing nicely on an unofficial LineageOS 15.1 GSI. The OnePlus 6 isn't only receiving attention from users interested in the device for their personal use or projects, however, as security researchers are starting to take a closer look at the device to see what they can find.
Capillary is an open source library to help developers implement end-to-end encryption for push notifications
Capillary is an open-source library that helps developers implement end-to-end encryption for push messages in their applications.
If you're a developer that implements push notifications in your app and you or your users care about data privacy, then it's important that you transmit these push messages securely. For those of you who are already into data security, then implementing strong encryption measures is a no-brainer. For others, it's a difficult feature to implement. Google's Firebase Cloud Messaging (FCM) pushes messages over TLS so you can send your messages securely through Google's servers, but by doing so you aren't meeting the gold standard which is end-to-end encryption. Without end-to-end encryption, a theoretical third party could compromise the data; with it, only the end user's device can decrypt the data. Implementing E2E encryption can be difficult for new developers, so that's why Google is introducing Project Capillary. It is an open-source library that facilitates implementing E2E encryption between developers' servers and clients' devices.