Norton discovers privacy leak in Facebook application

Norton_Mobile_Security

Norton is famous for privacy and security protection, including some work done on Android. Yesterday, they released a new version of their latest Android application that contains their new Mobile Insight technology, which analyzes different aspects of Android applications to see where major security breaches may be coming from.

One particularly surprising security leak was Facebook. Everyone’s always been pretty aware that Facebook isn’t exactly delicate with user data, but Norton found something even more alarming than a not-so-great privacy policy; actually, the Facebook application leaks phone numbers, regardless of whether or not you’ve put your phone number anywhere in the app or on your Facebook account. As soon as you start the application, your device phone number is sent to Facebook servers, with or without your permission. This even happens if you’ve just run the application and don’t actually have a Facebook account.

Norton says Facebook was made aware of the issue and is working to fix the vulnerability, which should be pushed out in their next app update. Facebook has also deleted those numbers from their servers, so fortunately it wasn’t a malicious security breach. Still, though, those privacy features in Cyanogenmod are looking better and better.

FingerQ case is designed to protect your device and the information inside using fingerprint-scanning technology

fingerq_s3case

Phone cases are a dime a dozen and range from bulletproof to flimsy decoration, and everything in between. Until now these cases only protected your physical phone, and not the valuable information stored inside.  Hong Kong company FingerQ has decided to fill that gap, releasing cases for many popular phones that feature a small fingerprint scanner on the back, which pairs with a FingerQ app on your phone. The scanner works with your mobile OS’s built-in security (pattern lock, face unlock, etc) for a comprehensive security solution.
Read more

CyanogenMod developer starts work on Secure Device-to-Device Messaging

Cyanogenmod

While it is rare for Android users to envy anything related to iOS, CyanogenMod developer Koush openly expressed his love for iMessage in a Google+ post, also revealing that he plans to build a plugin somewhat similar into future builds of CyanogenMod. The plugin will be built into the framework, working with any SMS app to send encrypted messages to compatible devices running CyanogenMod (7 million users and counting) and falling back to standard SMS when necessary.

Not much else is known about this feature but its another step in the right direction for the CM team, who’ve been hard at working making their ROM more and more secure. For now we can only ponder possible features of this plugin, but Koush is looking for feedback so hit the source to let him know what you want to see.

Source: CyanogenMod Google+

 

Samsung to allegedly release kill switch to improve mobile security and prevent device theft as soon as July

Samsung-Logo (2)

Smartphone theft is on the rise, and as these devices get more and more expensive it gets less and less easy to replace them. On top of that there is the risk of sensitive personal information going into the wrong hands (i.e. a thief). Samsung and other manufacturers recently met with New York Attorney General Erich Schneiderman to discuss the future of smartphone security and how to prevent device theft, reportedly working on a kill switch of sorts. Now, it looks like Samsung will be releasing this new feature as soon as July. 
Read more

Steve Kondik, founder of CyanogenMod, seeks to protect Android devices with a system wide ‘Incognito Mode’

13 - 1

I’m sure by now most of you are familiar with the recent news of the NSA scandal and what we once thought was private data now being accessed by the government. Obviously this doesn’t sit well with most and with smartphones being in most people’s pockets nowadays the threat of your data being exposed is dangerous. Steve Kondik, the founder of the popular 3rd party custom Android ROM CyanogenMod is figuring out a way to give Android an “incognito mode” so that it ensures no personal data can be leaked. Per Kondik:

I’m working on a new feature that will hopefully make it’s way into CM. It’s called “Run in Incognito Mode”. It’s a simple privacy feature designed to help you keep your personal data under control.


Read more

U.S. Government Gives First Concrete Details about PRISM While Arguing that the Program is Misunderstood

 PRISMNSA

This past week the internet has been a buzz with the news of an extensive U.S. Government run data collection operation known as PRISM. It was first revealed to the public when The Guardian released an article shedding light on a secret government order forcing Verizon Wireless to release all its call logs to the NSA.  The scope of just how big this program actually is ended up being later revealed as a government run initiative by the name of PRISM that has access to more than just our call logs. There have been U.S. officials that have come out and voiced support and disdain for such a program but what seemed to be missing were the details into what this program actually entailed.  However, that’s no longer the case as the U.S. Government released intricate details about what PRISM actually does and what the information collection entails. According to officials, the program “is not an undisclosed collection or data mining program,” but rather something more extensive. According to them:

“It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act.”

According to the released statement the government doesn’t collect said information unilaterally but rather with very specific permission from the secret courts who oversee these requests as dictated by FISA. According to the fact sheet:

“The government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose.”

James R. Clapper, the Director of National Intelligence released a statement defending the program while also suggesting that The Guardian and the Washington Post jumped the gun in their release of this information without understanding the full details of the program. He also went on to say that he couldn’t release the details of how the data is collected as it would give suspicious groups a “playbook” to avoid being detected. You can read the full statement below the break.

The uproar of how extensive this government initiative is has spurred an uproar on the internet, so much so in fact that even Google’s Larry Page weighed in. Even though this program as been around for years, we’re just seeing the implications of what being in an online world entails, it’s hard to believe that this isn’t only the beginning. Will we see more transparency or will we continue to see secret government programs designed only for “our safety” come to light here in the future? Only time will tell.


Read more

FBI and NSA have access to private user data with PRISM data collection

NSA_Verizon

Remember when we told you that Verizon was handing out call logs of customers to the US Government? Well, surely you didn’t think Verizon was the only one who was handing over data, right? According to the latest report from the Washington Post, Verizon isn’t the only company that’s been leaking information to the FBI and NSA, thanks to a data collection initiative called PRISM, made by the US government.

PRISM supposedly allows access to servers from popular sites, namely Google, Microsoft, Apple, Yahoo, Skype, YouTube, PalTalk, and AOL, with Dropbox access in the pipeline. That pretty much covers most of the top companies that have access to mountains of user data, so that’s a pretty scary thought. This is a great time to remind everyone that no matter how much security you think you have online, any information you put on the internet can always potentially be seen by a third party. If you don’t want that information to ever be seen by anyone else under any circumstances, don’t put it on the internet.

source: Washington Post

All-in-One Root plus recovery installer made available for Verizon Samsung Galaxy S 4

GALAXY-S-III-Product-Image-3_B2

If you’re an avid root/modder in the Android community then rooting tool-kits should be nothing new to you. Today an all-in-one root plus recovery installer has been made available for the Verizon Samsung Galaxy S 4. The instructions seems relatively easy (if you’re familiar with this kind of stuff), so just make sure you follow the directions thoroughly.


Read more

CyanogenMod wants your help in improving security and privacy

cyanogenmod_cid

Earlier today Steve Kondik took to Google+ to talk about think out loud in regards to an ever popular topic of conversation: mobile security. As we see malware threats come and go, it comes back to just how secure one’s device really is. As more apps try to take advantage of folks and security exploits, people are growing paranoid with their personal data. Some read app permissions carefully, while others, like myself, just blow through them. Earlier builds of CM even developed a way to allow users to pick and choose which app permissions they were comfortable with. This idea of permission picking was short lived however as it caused instabilities and took trust away from app developers. Some have taken to say that the CyanogenMod team really isn’t looking out for its users but as Mr. Kondik replies:

“Proponents of the patches say that CM isn’t looking out for the users. I think these patches are just more security theater and don’t really solve a problem. Why do you want to run malicious applications anyway?”

He raises a good point. Why would we want to install malicious apps? Some people may do so on accident and this permission picking could essentially be a safety net but it wouldn’t solve the bigger issue: mobile security as a whole. So with that, Cyanogen has taken to the community in hopes of hearing ideas of increasing security while avoiding “smoke and mirrors.” So if you think you have a good idea on how to do just that, hit the source link below to voice your idea. While one option would be to split CM and create a secure, martial-law style version of the ROM that only helps a small group. Your ideas may help avoid that while helping everyone.

source: Google+

LoJack launches phone recovery service with the Samsung Galaxy S4 as its first supported device

LoJack__logo_wtag

LoJack, if you’re familiar with their software for computers and laptops, have made the jump into mobile device territory with the Samsung Galaxy S4 as their first supported device. With this software you’ll be able to trace, lock, and of course, remotely wipe your device if you choose to do so. Unlike other soft wares, LoJack stays in your phone no matter what you do to it, such as factory resetting the device. More importantly you’ll get LoJack’s experience with their years of success in the laptop and computer industry, so you know their representatives are highly trained to retrieve your device.

So far no date of the release has been set, but we expect it to be around this summer. Prices have yet to be confirmed but it should range depending on the longevity of your desired subscription. Hit up the break for the full press release!


Read more