Samsung set to announce antivirus software to be installed on all new devices


According to a Wall Street Journal report, one of the announcements Samsung will be making today at the second episode of their Samsung Unpacked 2013 event is the installation of antivirus security software from Lookout Inc. on all Samsung KNOX devices in the coming month. The move appears to be part of Samsung’s attempt to protect business users from the reality that many, if not most, employees are using their personal phones for business purposes. The addition of the Lookout package is another step in that direction as the company tries to get protection out in front of the wall erected by other features on their smartphones. Samsung senior vice president Injong Rhee says, “Lookout is the leader in mobile threat protection and they are uniquely equipped to address business mobile security.”
Read more

First post-release Nexus 7 update rolling out, fixes touchscreen issues


Google has begun pushing the first-ever update to the 2013 Nexus 7 and will reportedly fix touchscreen problems that some owners were experiencing with their devices.

Google’s Paul Wilcox confirmed the plans to release new firmware on the company’s forums:

“As a couple of you have mentioned, there’s a new system update that’s started rolling out for your Nexus 7s. This update does address the touchscreen issues discussed in this thread. If you’re one of the people experiencing touchscreen issues, please let us know how it’s going after you’ve received and installed the update.”

It’s unknown as to whether the update includes other improvements/bug fixes as well, but it would make sense if it also included the security update that was pushed to other Nexus devices yesterday. Be patient and you should get the update eventually— as we all know, OTA updates are a process.

Source: Google Product Forums

2MB security update possibly rolling out to Nexus 7, 10, and Galaxy Nexus


Just yesterday an OTA update which addressed security issues was rolled out to the T-Mobile Nexus 4 and is now being pushed to other Nexus devices, including the Nexus 7, 10, and the Galaxy Nexus. The changes are unconfirmed at this point, but the update is known as JWR66Y. We do have the download link below to manually update your yakju Galaxy Nexus.

Source:  XDA – Galaxy Nexus / PhoneArena

CyanogenMod readying Device Finder app, general security improvements for CM builds


With all of the angst some device owners have over recent incidents of government agencies tapping into user computer data via carriers and major industry players, along with general distrust of what corporations may be doing with user data, the CyanogenMod team is readying some changes and apps to help users be a little more secure. The first change, CyanogenMod Account, has been submitted to the CM Github so developers can review the code and provide some feedback before it is submitted to the nightlies.
Read more

Google confirms cryptographic vulnerability in Android that resulted in $5,700 Bitcoin heist


Last week, about $5,720 of bitcoins were stolen out of a digital wallet and the reason is a weakness in Android’s Java Cryptography Architecture. Google security engineer Alex Klyubin confirmed this in a blog post earlier in the week. He also warned that other apps could be compromised unless developers change the way they access pseudo random number generators (PRNG).

“We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG,” he wrote. “Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected.”

Read more

Security researcher highlights risks of Google’s weblogin for one-click authentication in Android


At the recently held Def Con 21 security conference in Las Vegas, security researcher Craig Young with Tripwire demonstrated a proof of concept for a vulnerability in the way Android handles one-click authentication for web sites and apps. The authentication method is called “weblogin” and works by generating a unique token that is used to directly authenticate users via their Google+ accounts. Young’s proof of concept demonstrated how a rogue app could steal the weblogin tokens and redirect them to an attacker. Once they have the tokens, attackers could then impersonate victims with a variety of Google services like Gmail, Google Apps, Drive, Calendar and Voice.
Read more

FBI potentially has ability to listen in on microphones on Android devices and remotely access user data

android question

Some recent documents have emerged that detail a few slightly invasive things the FBI can do to access Android devices, and it’s some pretty scary stuff. Apparently, in an effort to keep up with criminals and technology, the FBI has developed a few techniques that blur ethical boundaries, including developing software that basically acts like malware to mine data from computers, as well as some technology that would allow them to remotely activate the microphone on a laptop or Android device without user knowledge. PRISM part 2, anyone?

Naturally, no parties involved have publicly said anything about any of these documents or accusations. A former US official did say that these techniques were generally only used in cases related to terrorism or child pornography, so there’s really no reason to think the FBI wants to listen in on your phone calls to make plans with your buddies for the weekend. Still, though, the potential is there, and that’s a pretty scary thought, especially with all the privacy concerns that have been leaking all over the internet every week. Rule of thumb: if you don’t want anyone to find out about it, don’t use your phone to tell others about it. Better safe than sorry, right?

source: Wall Street Journal

The New Nexus 7 Does Not Officially Support Google Wallet


Over the weekend news that the newest version of the popular Nexus 7 does not have official Google Wallet support.  When purchasers of the tablet went to download Wallet from the Play Store they found the download not compatible with their tablet. Now before anyone suggests that this has something to do with Android 4.3 Google’s own Director of Product Management for Google Wallet, Peter Hazlehurst told the folks over at Android Police that it’s because the tablet doesn’t have a secure element. This is needed in order for Google Wallet to protect your information. Here’s what he said:

“Hi folks, there is no Secure Element in the new Nexus 7 (or the HTC One Play Edition) which is why Google Wallet isn’t supported.”

Pretty simple and straight forward. Basically without this secure element to store your credit card and billing information safely, having the app on there isn’t safe. Whether or not this has anything to do with the LTE version coming to carriers or not is anyone’s guess. Does this mean that Google’s attempt at paying via NFC is going to go the way of Google Reader? We’re not sure. Regardless, those of you buying the newest generation of the Nexus 7 in hopes of using it as a way to pay, will sadly be disappointed.

source: Android Police

Google quietly added extra security features to all Android devices in Google Play services


Security wasn’t really a big part of Google’s Android 4.3 announcement, which might sound odd considering how big of a deal device security has been in these past few weeks. However, that doesn’t mean Google hasn’t done anything to target malicious apps; instead of loading up Android 4.3 with beefy security features, they took those security features and implemented them into Google’s Play services application that’s updated separately from Android versions.
Read more

Android 4.3 users have hidden option for granular control over app permissions


Android users are familiar with the idea of app permissions since installing or updating apps triggers a notice about what permissions an app requires. However, just knowing what permissions an app requires can be limiting since users have to accept all or none of the permissions. Android 4.3 appears to have changed that as users have found a “hidden through obscurity” setting that gives users the ability to turn individual permissions on and off for an app.
Read more