It was reported by Talk Android’s Jeff Causey on the 12th of January (link here) that Google would no longer be providing security updates to WebView on devices running Android 4.3 (Jelly Bean) and earlier. In fact, it is even deeper than that: Google will not be managing the entire WebKit for these versions any longer, from which WebView is derived.
In a post on Google+ today, Android Security’s lead engineer, Adrian Ludwig, provided clarification and guidance to those nearly 1 billion device owners running Jelly Bean or earlier Android versions. Read more
A new report that surfaced today claims that Google has ended support for WebView on Android devices running Android 4.3 or older, a move that could leave users exposed to malicious attacks. WebView is considered a “core component” of Android and is used by applications to display web pages without opening an actual browser session. Starting with Android 5.0 Lollipop, Google decided to unbundle WebView from the core system so updates could be pushed out via the Google Play Store.
The source of the news regarding a lack of updates for Android versions 4.3 or older came from a response by Google’s Android security team to a report of a bug in the AOSP browser which is based on WebView. According to the response to Joe Vennix of Rapid7 and independent researcher Rafay Baloch: Read more
Mobile device security was a hot issue in 2014, and it’s likely going to stay that way in 2015. Many device manufacturers looked into adding kill switches to their phones, and Google has even worked on their implementation.
On the hardware side of things, Qualcomm has announced they are working on a solution for stolen and lost devices called SafeSwitch, which will allow users to remotely lock their devices to secure personal information. Once the device is found, it can then be unlocked and re-activated. Read more
Are you envious of the Trusted Devices feature introduced in Lollipop? Not content to wait until your OEM updates your phone to Android 5.0? Good news, everybody, XDA recognized developer, hazex, has recently released an app to the Play Store that can bring this functionality to any Android device running 4.1 and above. Furthermore, if you’re shy of rooting your device, this app will not require you to be rooted!
Hazex and his company, Loading Home, not to be one-upped by Google, are also adding in the ability to add WiFi routers to your list of trusted devices. So even if you’re running Android 5.0, you may want to check out this app simply for that feature. Check out the rest of this article after the break for the app’s link to the Play Store, plus some added information if you’re not quite sure what the Trusted Devices feature is. Read more
With over 50 million users, Lookout has always been the leader when it comes to protecting our smartphones and tablets. The app has always been free, but if you want the ultimate protection, than look no further than a Lookout Premium Subscription. With Lookout Premium, you don’t have to worry about losing your data in the event that you lose your phone or tablet since it will automatically backup the important things like photos and call history. What happens if a thief steals your phone? You know they will try to remove the SIM card or enable Airplane Mode so you can’t track the device. Lookout will alert you of such actions and capture the last known location. This stuff is only the tip of the iceberg. How many apps do you think you have installed on your device that can track your personal information? Lookout can tell you instantly. Let’s not forget safe Web surfing and the ability to remotely lock or wipe your device.
Blackphone has announced an update to their PrivatOS software that brings in several new features focused on enhancing user security and privacy. The update brings the highly tweaked Android OS fork to version 1.1 and is due out sometime in early 2015. Read more
Today, Google announced new security tools to keep track of the devices attached to an account. The Devices and Activity Dashboard is a hub for connected hardware. It monitors phones, tablets, computers, and Chromebooks to show activity. Where was the device used? When was it used? What browser was used? All of these questions are answered by the Devices and Activity Dashboard. If a user notices something suspicious, he or she can hit the dedicated “Secure your account” button.
A password manager is expected to be secure, right? Just because it is expected does not mean that is necessarily the truth. There are password managers on Android that have a security flaw in which usernames and passwords can be picked up. It happens when the password manager uses the device’s clipboard to enter information. The security flaw was identified in early 2013 and a fix has yet to be issued.
Android 5.0 Lollipop brought a new feature called Smart Lock, which allows you to set certain locations or Bluetooth devices as trusted so that you don’t have to constantly enter your security PIN, Password, or pattern to unlock your phone or tablet. Third party apps such as Delayed Lock, SkipLock and Secure Settings have already been giving users this ability for a couple of years now. Unfortunately, these apps will not work in Lollipop due to the fact that Google has changed the security in that third party apps can no longer unlock the device.
Prior to the launch of the Nexus 6 and Android 5.0, we knew Google was moving to making device encryption mandatory for all new devices shipping with Lollipop. As far as security goes, that’s a great move, but it looks like it’s actually having some negative effects on the Nexus 6.
Early benchmarks seem to show that Lollipop’s full disk encryption (FDE) are having some fairly significant performance impacts on the Nexus 6. This is especially unfortunate since the Nexus 6 encrypts itself on first boot and there’s no way to turn it off, outside of flashing custom boot images. That’s not exactly a user friendly solution. Read more