SECURITY Posts on XDA

WPA2 WiFi Protocol Vulnerability KRACK Leaves 41% of Android Phones Open to Attack

Security is a major talking point in recent years, which can be applied to many forms of technology. It can refer to things such as the Heartbeat SSL bug, game console hacking or the safety of your data. On our devices, security may refer to the ease of gaining root access, or the potential for...

OxygenOS is Allegedly Data-mining Personally Identifiable Information for Analytics

While the OnePlus phones have a good reputation for their price and openness to development, the company itself has made some questionable decisions in the past with regards to how they handle user data. At the time, we discovered that OxygenOS would leak your device's IMEI onto the network while your device checks for an update....

Google CEO Recognises Danger of Data Monopoly, Outlines Plan for Expansion into China

Very few companies (in the grand scheme of things) have access to your data, and even fewer have the same amount of access to all of your data. Google probably has the most data on its users out of all companies, tracking page usage through its adverts program of users and being able to tailor...

Google Reportedly Retooling User Security with Optional USB Security Keys

Google, a subsidiary of Alphabet Inc., plans to implement the Advanced Protection Program next month according to a report from Bloomberg. This is a system designed to fully replace two factor authentication and is seen as much more secure. It is specifically going to be marketed at those with security concerns, such as corporate executives...

Dirty COW, an Exploit in the Linux Kernel, is Now Being Abused on Android by ZNIU

Dirty COW (Dirty Copy-On-Write), or CVE-2016-5195, is a 9-year-old Linux bug that was discovered in October last year. It is one of the most serious bugs to have ever been found within the Linux kernel, and now malware dubbed ZNIU has been found in the wild. The bug was patched in the December 2016 security update, but...

Android Toast Messages can be Abused to Grant Accessibility or Device Admin Privileges

Android is a pretty open platform with a fantastic developer community. Many of these developers will create apps, custom ROMs and more. Some organizations also engage in security testing, such as Palo Alto Networks Unit 42. This group has discovered a vulnerability within the Android Toast Message system, which allows the attacker to create a...

Google Introduces Runtime-Only Permissions in Android 8.0 for Better Security

One of the best security-oriented changes included in Android 6.0 Marshmallow was runtime permissions. Before the advent of runtime permissions, developers would define permissions in their AndroidManifest file that would be granted automatically upon installation. On Android 6.0 and newer, runtime permissions required the user to explicitly grant or deny a permission through a dialog....

“Shattered Trust” Paper Shows How Replacement Smartphone Components Can Carry Security Vulnerabilities

A recent paper entitled "Shattered Trust" by Omer Shwartz, Amir Cohen, Asaf Shabtai and Yossi Oren has emerged. This paper shows how a replacement touchscreen for a Nexus 6P coupled by exploiting the Synaptics S3718 touchscreen driver led to an ability to entirely control the device via kernel execution. With one simple idea and a...

Latest WebView Introduces Isolated Renderer Process And In-App Safe Browsing

Google released a short review of the changes in the latest version of WebView. Android WebView is a system component for Android allows Android apps to display content from the web directly inside an application. Starting with Android Lollipop, Google decided to distribute WebView as an independent APK updated from the Play Store every six weeks. The goal...

Google Play Protect, A New Solution To Keep your Android Device Secure

There are over one billion active Android devices around the world. This number is growing each day as devices become more affordable. The increasing popularity of Android comes with a larger number of applications added to the Play Store on a daily basis. During Google I/O 2017, Google has announced Google Play Protect - a...

Wikileaks Reveals CIA Collects Zero-Day Android Exploits, but the Leaked Vulnerabilities are All Dated

If you regularly follow international news, you might have heard of WikiLeaks. WikiLeaks is a non-profit organization that focuses on publishing leaks, in particular those related to governments and politicians. A lot of what WikiLeaks publishes reaches front pages around the world, and for good reason. Today, WikiLeaks has begun a new series of leaks code-named "Vault 7",...

Google Announces Better Payouts in Vulnerability Rewards Program at Nullcon India

Google is joining the security research community at Nullcon India this week in Goa. To mark the occasion, Google is announcing better payouts at the higher levels in the Google Vulnerability Rewards Program. The increase in rewards focuses on the upper-ends of severity, where finding such vulnerability takes significantly more time, effort and commitment. The reward payout...