Verizon has teamed up with McAfee to launch a security tool to help beef up your security system on your Android powered handset. While the free version provides protection against spyware key-loggers and potentially harmful sites that are visited in the browser, $1.99 per month (or $1/month if you have Total Equipment Coverage already) gets you remote tracking, audible alarm sounding, locking, wiping your device and App Alert which flags apps that are accessing personal data.
While I feel most of these aren’t needed on an Android device, there are many that feel every precautionary step is worth it. If you’re one of those people, then head on over to the source link to find out more!
source: Verizon Mobile Security
At a developer conference earlier today, Google Wallet development manager Robin Dua announced that the mobile payment service will begin opening up the platform to allow businesses to integrate their services. Dua made it clear that the inevitable goal is for users to be able to go about their day without the need to lug around a wallet.
“One of the types of things we’re trying to do is make it easy for airlines, transit providers, and other types of issuers of credentials to make it super simple for them to get their credentials stored in the wallet…That’s the goal. We want you to be able to leave your leather wallet at home and carry your phone and transact with that as your primary transaction device.”
Additionally, Google wants to add geo-targeting to its Wallet service, potentially allowing for automatic loading of relevant tickets or passes as you arrive at a certain location. A release date for the new features wasn’t given, but with other mobile payment systems creeping up, we’d imagine Google would want to implement these ideas soon. For the full run-down, you can catch the full video after the break.
Android device sales continue to surge in China, with over 683 million subscribers. A large market like that attracts a lot of attention, some good and some bad. An example of bad attention came to light with the discovery of a new malware/virus infecting over 500,000 owners of Android devices. TrustGo, an anti-virus specialist company, identified the malware on July 25th and it has since been dubbed Trojan!SMSZombie.
You can also expect the addition of a brightness slide bar in the notification shade, a new radio/modem and a new kernel that’s been on the new batches of S III’s that have been recently arriving at T-Mobile. While there’s no full proof verification on this, there is a strong possibility that this update will take away the Universal Search feature out of the S III. If you don’t remember, this is the feature that Apple has been trying to take away from numerous Android devices so it wouldn’t surprise me if Samsung took it out as a precaution.
As we get more details on this impending update, we’ll be sure to let you all know.
Lookout Security and Antivirus has always been a great security suite that keeps your phone virus-free, helps you find lost phones, and securely backs up your data to the cloud. Now it got even better with the newly-revamped mobile web site, which allows you to find a lost or stolen device from any browser. The site has always had the ability to find a lost device, but the new layout makes it simpler than ever.
The new mobile site allows you to view your contacts, locate your phone through Google Maps, and remotely wipe and lock your device if you’re a Premium user. The redesign makes it very touch friendly since most people locate their lost phones from other mobile devices (usually a nearby friend’s phone as soon as the user first notices his phone is missing). You can even force your phone to “scream”, even if the sound is off, in case you lost your phone nearby.
So if you’re prone to losing things, or if you just want to be ultra-safe, download Lookout from the Play Store link or QR code below, and be sure to visit mylookout.com from a mobile device to check out the new site.
Play Store Download Link
source: lookout blog
As much as I love Android, I’ve always felt the face unlock feature that was introduced in Ice Cream Sandwich is more of a gimmick than anything. While it’s cool to show off to non-Android users, it isn’t practical and can be bypassed rather easily if one were to try. In my opinion, using the pattern or pin unlock system provides a faster and safer way to lock your phone from others.
In Android 4.1 Jelly Bean, Google developers attempted to make the face unlock feature more secure by adding a “liveness check” feature. The problem with face unlock was that one could easily use a picture of the person to unlock the phone. With liveness check enabled, the owner is required to blink for the phone to unlock. This adds another element into the security of face unlock which fixes the issue of simply using ones picture.
Of course, it never takes too long before people figure out a way to bypass that as well. The YouTube video below, uploaded by idaka82, shows a group of guys quickly showing you how to do just that. They simply took a picture and hastily photo-shopped his eyes so that it looks like he’s blinking. Then by transitioning the original and edited photo simultaneously, it gives the effect it’s blinking.
Needless to say, while it can be done rather quickly, it does take a bit of effort. Nonetheless, I’ll always suggest Android users to stick with the pattern or pin unlock system if you wish to secure your phone.
You can head over to the video after the break!
It’s no secret some Android devices may have a security hole or two, but what about a device’s software application on a desktop computer? Well apparently, Samsung’s Kies desktop software contains a security vulnerability which could allow malicious applications to be installed and may affect devices such as your brand-new Samsung Galaxy S III smartphone. As highlighted in Andre Moulu’s blog post, what looks like an official or legitimate app could be downloaded from the Play Store (Angry Birds Cheats, Japanese Squid Girls, etc.) for use. As a user installs the certain apps, the apps could manipulate and overtake the install_packages permission found inside the Samsung Kies application. Once the action is done, the malicious app or apps could then have an even further effect by installing more applications without the user being fully aware.
The scary thing is how simple the security vulnerability is pronounced. It seems the vulnerability was easy to pull off using little more than a few lines of Java and more specifically— this is a common vulnerability found in many system applications that come pre-installed on users’ devices thanks to custom UIs. Let’s hope Samsung (and all of the other smartphone manufacturers for that matter) will take note of this and take preventative measures to protect their devices… and quickly.
If you’re ready to see the vulnerability in action, be sure to hit the break in order to see the video.
For the third time in less than a month, Sprint is rolling out an update for the Samsung Galaxy S III phone. The last two updates consisted of security updates and another security update is included in this latest round. According to Sprint, this update also includes or addresses:
Everyone is looking for something to put fear into people and the latest is NFC. Security researcher Charlie Miller recently showed flaws in the way Android (and MeeGo) handles NFC. He designed an NFC tag that was able to execute malicious code on a device. Obviously this tag could be place anywhere like a point-of-sale terminal.
The issue is not NFC in general, but more of the software implementation. The Android Beam specification allows NFC to automatically launch the web browser which allows for a wide range of web-based exploits. A lot of the browser bugs that were in older versions of Android have been fixed, but early Ice Cream Sandwich builds still have a lot of security holes related to the WebKit-based stock browser. A simple fix to this would be a pop up notifying the user that NFC is trying to open the browser and to either give or deny permission.
Older Android phones are still an issue in that Miller was able to hijack the application daemon that controls NFC functions in Android 2.3, in a sense bypassing the browser. Thankfully there really isn’t too many devices on Android 2.3 that have NFC. Miller used a Nexus S to demonstrate.
So there you have it folks. Is this the next big scare? I would assume Google will make software fixes accordingly, but the bottomline is that for anyone to exploit your phone (or tablet) with this method, they have to be really close to you.
Ever heard of ASLR? It’s a security feature that is used in many different opearting systems such as Windows XP or iOS6. For quite a while Android has been avoiding it and then used a little bit of it in Android 4.0. Now with the release of Jelly Bean it is being used to its fullest, but this implementation of ASLR still lags behind the security of the soon to be released, iOS 6.
Wikipedia defines ASLR quite well: