Given that as we’re moving away from Desktop computers to a mobile web browsing experience it’s only a logical step that malware should do the same. Well Lookout Mobile Security has found this to be the case as they have recently discovered new sites that act as a drive-by malware node. What this means is that if an Android device that isn’t fully patched visits one of these sites, the site would download and install malware without your knowing. This Trojan could then pose as a system update file which in turn acts like a proxy redirect. This could cause problems for IT and Network folk should that device be connected to their network as once secure information could be now accessible.
The Trojan, known as “NotCompatible” shouldn’t be a problem if you have your devices updated and any one of the various virus scanners out there, like AVG or Lookout for example. Like I said, the risk is low as these sites are few and far between. However, while the risk is low now, the risk is out there and it could potentially grow. But if you make sure to have the “Install from Unknown Sources” unchecked combined with a virus scanner, you should be more than alright as Lookout is working on an update as you read this. They say:
We’re big fans of Lookout Mobile Security here at Talk Android. They just keep getting better. Today they announced two new services: File System Monitoring and Install Monitoring. These two services are aimed at those of you that like to download apps from alternative markets, forums, or any other means. Lookout already has protection for scanning apps after installation, but this update will scan these 3rd party apps before installation. That’s the ultimate form of protection because there’s no sense installing something that’s malware to begin with.
Sure the filter enhanced social photo app Instagram is apparently worth 1 billion dollars and now owned by Facebook, but no amount of cabbage will protect it from being faked and infected with malware. This application which was originally an iOS exclusive was recently ported to Android, and became an instant hit. Somewhere around 5 million+ downloads in the first week. These malware creators took swift advantage of the photo apps popularity and created a fake version of Instagram and it is now infecting unsuspecting Android users.
Finding from Sophos, an IT security and data protection company, spoke about the malware called Andr/Boxer-F:
“In our tests, the app didn’t do a very good job of emulating the genuine Instagram app, but that may be because it failed to find the correct network operator. Because this is a malicious app that seems to be relying in the sending of background SMS messages to earn its creators revenue.”
We all need to be cautious as of course this isn’t the first time malware has raised its ugly head in the Android community, and won’t be the last. Your safest bet to decrease your chances of malware is to stay away from third party android markets where the security isn’t monitored as well (if at all) as it is with Google Play. On another note, if you chose to just stay away from Instagram all together, our own Ed Caggiani put together a great article listing and discussing 7 free Instagram Alternatives.
Hit the source for more information on this malicious software.
For those of you who are worried about the increasing concern of malware hidden in select apps that make it into the Google Play store, you can rest easier knowing that Google and Symantec are hard at work trying to spot the culprits. Symantec has recently identified 29 apps containing malware that ultimately targeted Japanese markets. All the apps were removed by Google and seemed to have a common code so it is believed that one group is culpable for the offence.
Once the corrupt app was installed to a users device, it would connect to a server to download the apps content but at the same time upload all the content in the users address book. It is assumed that the app creators sold off this information to be used by various spammers and was possibly even used for financial fraud. Luckily for the markets that were targeted by these apps, the Tokyo police are looking into the case and plan to track down the suspects soon. It’s nice to know Google is at least making an attempt to weed out these malicious apps and that law enforcement is wiling to take action. As always, it’s good to use discretion and to pay attention to device permissions when when downloading apps to try and spot any fishy requests.
via: Android Authority
The latest security threat for the Android world deals with apps that don’t require permissions. Paul Brodeur from Leviathan reported about the possibility that an app with no permissions could actually access your data from your physical or internal SD card. An app such as this could access all non-hidden files and scan them for any information, including any sensitive info. Since the app itself doesn’t have permission to access the internet, it would have to open the browser to send the information. Not an easy task without you knowing it’s being done, but someone could come up with some sort of trick.
Lets be honest folks, should you be keeping any data on your SD card that is sensitive? Forget about apps, what happens if you misplace your phone or it gets into the wrong hands? Anybody could access your SD card to get to those contents. Okay so you’re not saving anything sensitive to your SD card, is there any other potential?
American multinational aerospace and defense corporation, Boeing, has just recently announced plans for the manufacture of a high security Android device for their military and government personnel. This will be the company’s first time to offer a communications device that will function from the use of cellular networks. Boeing has stated that the company recognizes that mobile technology is the future and they want to provide more secure options for their employees rather than restrict them with limited mobile capabilities.
Vice President of Boeing’s secure infrastructure group, Brian Palma, told reporters that “this is why an Android-based system was chosen. The users of these high-end phones want the same ability to use popular applications while knowing that their business communications are secure. The phone will give them what they are used to seeing (on consumer market smartphones) and give them the functionality from the security perspective“.
The price of similar encrypted phones from competitor manufacturers are astronomical, however Boeing aims to keep their price much lower and more affordable in hopes of becoming the more financially wise choice. Feel free to click on the source link below for more details on Boeing’s future smartphone agenda.
source: National Defense Magazine
Reasearch In Motion has decided to drop the major bombshell and stop the ability to sideload Android apps on the Blackberry PlayBook. It’s reasoning? RIM highlights 53 percent of surveyed Android developers believe app piracy is either somewhat of a problem or a huge problem. This seems to fall in line with recent findings showing apps being published without (Android) developer consent. Here’s Alec Saunders, VP of Developer Relations summing it up best:
“[P]iracy is a huge problem for Android devs, and we don’t want to duplicate the chaotic cesspool of Android market.”
While it seems like it’s a direct attack on the Android platform, there’s actually some reasoning to his statement. The
Android Market Play Store has a number of quality apps available, but every now and then users will have to search through a multitude of poorly developed apps in order to find the real jewels. RIM wants to keep the integrity of its own app store by keeping its app ecosystem full of quality apps— even if the number is dwarfed by what is found in the Play Store. That means reducing the number of unofficially ported apps to the PlayBook in favor of a smaller number of apps that were developed, tested and certified by developers and RIM.
The Google Play Store has ran into one or two teething problem since it replaced the long-standing Android Market. Google has already pushed out a couple of updates in a short space of the time with the most recent seemingly causing more issues than it fixed. Frustrated users have been reporting a series of force closes, glitches whilst browsing and disappearing paid apps.
Fret no more as Google has started rolling out v3.5.16 which promises to fix the reported issues. There doesn’t appear to be a major overhaul here, it’s primarily just bug fixes. Paid apps are back, force closes fixed and early feedback suggests that navigating the menus is quicker and smoother.
If you don’t want to hang around until Google gets round to pushing the update then why not fetch it yourself. Click any one of the links below to get going.
source : Android Police
Download mirror 1
Download mirror 2
Download mirror 3
Samsung today announced new features that were added to the ICS update that is scheduled to hit select Galaxy devices. Samsung’s Product Planning Team, the folks in charge of creating the update, spoke with Samsung Tomorrow detailing what is to be expected in the Galaxy S II and Galaxy S firmware updates.
The man in charge of the Galaxy S “value pack” update, SangHyuck Nam, says the device’s firmware update will contain five additional functions and expects customers to be happy with the upgrade since they “tried to make functions as similar to those found in ICS as possible.” One of the more notable features included is the more secure ‘Face Unlock’ function, requiring the user to blink to prove that in fact it isn’t just some ne’er-do-well using a picture of the owner in an effort to unlock the device. Another big addition is a custom version of Go Launcher, called S Go Launcher. This new launcher will allow the user to further customize the phone’s home screens and to replace standard ICS icons with ones of the owners chosing. Also included is ‘Photo Editor’, ‘Beta Font’ for font sizing, and a ‘Snapshot’ feature that allows for taking pictures while filming video.
Yesterday we told you about an update that is heading for the LG Revolution. The most interesting part of this update is the included Verizon Remote Diagnostics tool, one that allows the carrier to essentially take control over your device should you ever require outside diagnostic support. As we all know, privacy has been an increasing concern lately and those tinfoil-hat types did not like the sound of this remote access tool and what VZW might be privy to. Although the tool requires user permission to enable it, it would still be nice to know what the person on the other end can see exactly.
Being that the Carrier IQ ordeal caused such a huge uproar you would think Verizon would be ultra cautious when dipping their toes into the nasty waters of customer privacy. Today, Verizon reached out to our friends at Android Central to shed a little light on the matter, in hopes to put peoples fears to rest. According to Big Red, ” no personal data like keystrokes or web history, location, etc., is logged or saved.”
As AC mentioned, I image users aren’t just going to take their word for it. You can bet that the development community will dive in head first as soon as the app is available and only then will we truly know if the diagnostic tool holds any privacy concerns for the end user.
source: Android Central