If you’ve been highly concerned or even hesitant to jump on HTC’s One Max or any other device that may use your fingerprint data to access it, be at rest, HTC assures you they have no access to it and the info will not be sent to third party companies. This should reassure many who weren’t positive how HTC was handling their saved fingerprint characteristics. Well, rest assured, as the company was posed the security question by the staff over at Phonearena and this is what the Taiwanese manufacturer had to say:
The fingerprint data is stored in local memory. It is encrypted and stored in the system partition, which can’t be readily accessed or copied. The fingerprint data is not an actual image but fingerprint characteristics that have been identified by a proprietary algorithm. No, HTC does not have access to the information and the fingerprint cannot be used by a third party.
According to a recent study, 72 percent of all Android applications in the Google Play Store request access to at least one extraneous permission that it doesn’t inherently need to function properly. This number may seem alarming, but let’s break down some of the research firm’s so-called “results.”
According to the published findings:
- 72 percent of all Android apps (more than 290,000) access at least one high-risk permission.
- 21 percent (more than 86,000) access five or more.
- 2 percent (more than 8,000) access 10 or more permissions flagged as potentially dangerous. Read more
Amongst the many other additions that will be part of Android 4.2, it looks like keeping your device secure will be a priority as well. I know we don’t like the idea of malware on our Android devices, but the fact is, it’s out there. Google is looking to combat that in 4.2 by offering the option of scanning an application before it’s fully installed. Once the app is scanned, if it finds something suspicious within the app, it’ll then prompt you and inform you as such and give you the option to continue. Additionally, the scanner will block the installation completely if the fingerprint matches existing malware.
Google isn’t forcing this however. This is an opt-in type of setup and option. I think it’s a good start by Google offering this option. Our devices these days are worth quite a bit of change and hold some valuable information on them, so keeping everything on the up and up is definitely on the top of my list when talking about my mobile device.
source: Android Central
Android is a platform that can simply make our lives easier– and I’m not just talking about smartphone use either. Lockitron is a company well known for security at a residence or business. How it works is simple: there’s a smart deadbolt system that will unlock and lock doors all by using your smartphone and a WiFi network. The great thing is that Lockitron is a unit that fits over an existing deadbolt, meaning there’s no complicated installation for the unit to work. In addition, there’s an app that’s available which allows for one or multiple users and their access levels.
The new unit is available for pre-order at a reasonable $150, with the first batches being shipped out by March. If you’re itching to get in on the action, hit the source link for more details.
As Android continues to become more and more popular, coupled with the open-source nature of the software, the need for higher security is on everyone’s mind. In the past, flashing a custom ROM, such as CyanogenMod 7, would automatically enable root access to your phone, leaving your phone immediately vulnerable to potential security threats. Along with the risks came the freedom to customize your phone like no other mobile software could offer. Now with the most recent CyanogenMod 9, CM has merged 3 patches into their latest ROM that will disable automatic root access as default. Users will now have the following root options:
- Enabled for ADB only
- Enabled for apps only
- Enabled for both
So will this be a welcome change in the root community? In what situations would you make use of this new function? Let us know what’s on your mind in the comments.
Android security tends to be a popular subject of discussion when looking for an area to criticise Android. Whether it be the much maligned Face Unlock or long-standing Pattern Lock, many tech sites enjoy nitpicking at every available opportunity. There is however one major organisation who might just disagree with the naysayers, the FBI.
Dante Dears, a San Diego based pimp was recently released from prison after serving time for trafficking prostitutes. Dears immediately violated the term of his parole by owning a cell phone which informants claim he was using to continue his pimping remotely. Naturally the FBI seized the phone and it was then that the problems began.
Dears refused to unlock the phone so the FBI promptly sent it off to the Computer Forensics Lab. Technicians at the lab succeeded only in locking the phone after too many unsuccessful unlock attempts. The phone then prompted the technicians for Dears’ Google login details which , of course, he refused to hand over. At this point the FBI had little option but to head cap-in-hand to Google to request the information. A warrant was served that asked Google for the following information :
- The subscriber’s name, address, Social Security number, account login and password
- “All e-mail and personal contact list information on file for cellular telephone”
- The times and duration of every webpage visited
- All text messages sent and received from the phone, including photo and video messages
- Any e-mail addresses or instant messenger accounts used on the phone
- “Verbal and/or written instructions for overriding the ‘pattern lock’ installed on the” phone
- All search terms, Internet history, and GPS data that Google has stored for the phone
Google responded with the following statement : “Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. If we believe a request is overly broad, we will seek to narrow it.”
How is it the phrase goes? “Pimpin’ ain’t easy”, well it seems that advances in mobile technology inadvertently made it a little easier. It goes without saying that TalkAndroid absolutely does not condone the behaviour of Dears although it is reassuring to know that the average Android owner is well protected. Perhaps the FBI will be hoping that the adoption of Ice Cream Sandwich brings an increase in Face Unlock usage, at least then they might be able to get into the phone with mugshot photos.
source : ars technica
This project has been a bit of a slow burner for Google. We reported early in 2011 that the US Military was looking into Android and a Dell Android 2.2 build gained military approval late in 2011. This recent news is a clear indication of the progress being made in what has long been a market dominated by RIM devices and software
The specially modified version of Android has been designed to run on commercially available smartphones, a move that will keep costs down whilst allowing the government to upgrade to that shiny new Galaxy SIII when it finally arrives!
US soldiers will be the first to receive these devices, having been involved in the project from the early stages. Federal agencies will then receive the second batch of phones for sending and receiving confidential government informations whilst on the move.
Currently, US Government and Military workers are not permitted to use smartphones for sending classified information as (up until now) there has been no devices that have met the high security certifications. There’s hardly a week that goes by without a high profile, blue chip organization finding their data compromised by the likes of wikileaks or some other anonymous source. With this in mind, it’s absolutely imperative that the Government is more vigilant than ever before.
Michael McCarthy, director for the Army’s Brigade Modernization Command has been overseeing the testing of touchscreen devices for over 2 years now. He confirmed that his division shipped over 40 phones to overseas fighters last year with another 50 phones and 75 tablets due to be shipped in March of this year.
Source : CNN
We knew the security fix was coming. While the details are scarce, the new 2.08.651.3 update will include security improvements for the EVO 3D. What the exact security improvements are is anyone’s guess, but it’s nice to see that HTC & Sprint are being proactive with the security of its customers. Hopefully the update will give us piece of mind for our Sense-powered handsets. If you can’t wait, you can get the software update manually now by forcing a software update. The rest of the EVO 3D owners should receive the update OTA within the next few days.
[via Sprint Community]
Earlier this week, Lookout Mobile Security announced a premium service to go along with their popular free Android security suite. The free version is already pretty loaded with features, including the ability to scan your apps for spyware and malware, backup and restore your contacts, and help locate your phone if you lose it.
Lookout Premium, which runs for $2.99 a month, adds increased privacy with the new “Privacy Advisor”, the ability to lock and wipe your phone remotely, and the ability to backup photos and call logs. This all sounds pretty good in theory, but how does it actually measure up? Continue reading below to find out in our official review of the new Lookout Premium.
Adobe has issued a statement regarding a critical vulnerability which they discovered effecting multiple versions of the Flash Player, including 10.1.92.10 for Android. The exploit can potentially allow an attacker to compromise the affected system,with reports of this happening on Windows machines. From the official post by Adobe:
A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010. We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.
No word yet as to when this update is expected to roll out, but given the severity of the situation, we expect it will be coming shortly.