The Chrome browser is a most versatile piece of software, one can find an extension to satisfy almost any need via the Chrome Web Store. Because of its rising popularity though, Google was forced to take the step of disabling the side-loading of extensions for Windows users in May of last year. Following on from that, Google has just announced on its blog that from July onwards, both Mac and Windows users will only be able to install extensions for its web browser directly from the official Chrome Web Store.
Google’s crackdown on malware has been working, at least according to them. In a new Android Security Report, Google says that the global rate of malware installs fell by 50 percent in 2014.
According to Google, only 1 percent of all Android devices had a harmful application in 2014. There’s even better news for those that only install applications from the Play Store as that number drops to .15 percent.
It’s been awhile since we’ve heard of any major security exploits in Android, but it looks like another pretty massive security vulnerability has been uncovered by Bluebox Security. The latest exploit takes advantage of Android’s failure to check the authenticity of digital certificates, allowing some apps to gain access to the OS and resources that they otherwise should not have access to. Read more
During Google I/O 2014 today, some time was spent sharing the role that Google Play Services holds in keeping all users up-to-date and secure against malicious attacks. According to Google, Google Play Services gets updated every six weeks and is one of the few frameworks that they actively monitor to make sure it stays on that schedule. With these updates rolling out regularly, Google says 93% of all Google users are on the latest version. Read more
Computer security giant Symantec has found a new piece of malware that targets Android devices through a Windows computer that have been infected. The malware goes by “Trojan.Droidpak” and uses ADB as its way of entry. An app will appear like the Google Play Store; however, it is called the “Google App Store.” After starting the malicious app, it will search for Korean banking apps. After that, it will prompt the user to install malicious ones over the originals. Also, it can intercept emails so users will miss fraud protection notices. It is unknown if this is widespread or just limited to Korea at this time.
As usual, you should be smart and only connect your Android device to a computer that you trust. Disabling “USB Debugging” and enabling “Verify apps” is likely your best choice. Hit the source link to see Symantec’s detailed breakdown.
A new security report published by Cisco has found that 99% of all mobile malware attacks are targeted at Android devices. On top of that, the report says Android suffered 91% of all Java-based web exploits and 71% of all overall web-based exploits. Ouch. This is compared to Cisco finding that Apple’s iOS only encountered 17% of web exploits.
Eric Schmidt has publicly claimed that Android is more secure than iOS, but despite all of Android’s jumps in security and privacy over the past few years, that’s still not quite true. Obviously this doesn’t mean all Android devices are infested pits of malware, but just that you’re more likely to encounter malware attacks on an Android device.
You can check out the full security report below.
One of the main complaints Apple fanboys will make about Android is that it’s more susceptible to malware, and thereby a more risky choice for a phone, for obvious security reasons.
Google is now making an effort to quell these false claims, and recently released some graphics showing how hard it is to actually have malware damage your device and infiltrate your secure information. Note that their numbers only include devices that have Google Play Services— many phones without Google Play, such as those from China and Russia, are more at risk for malware.
Google’s Android Security chief Adrian Ludwig says that there are many layers of Android security constantly at work, and because of this, only .001% of all malware is even able to attempt to evade security, let alone actually get through.
The numbers get lower and lower as you pass through the multiple layers, as you can see from the graphic above.
This is not to say you should always be careful, especially when sideloading applicatoins, or if you have an untrusted app store on your device, which are the most common ways to get any type of malware on your device.
While good things come out of Android being the most used mobile operating system around, bad things also come. Like malware. A new survey by the U.S. Department of Homeland security reveals that the majority of malware targeting operating systems in 2012 were intended for Android. An incredible 79% of all smartphone malware last year was meant for Android users, followed by 17% for Symbian phones, 0.7% for iOS users, and 0.3% for Windows Phone.
In a memo, the DHS and FBI say it is because so many Android users continue to run older versions of Android, making their devices open to a number of security vulnerabilities. Google chose not to comment.
Source: All Things D
Mobile security is a big deal on Android devices. While it’s debatable if malware is as big of a problem on Android as security analysts say it is, it’s still very important to keep your devices protected, just in case. Usually, Google does an excellent job of patching most vulnerabilities in their software, the problem is that carriers take way, way too long to get those security patches onto consumer handsets. Activist Chris Soghoian, known for his work with consumer security and privacy, has recently called out wireless carriers on their poor practices with updating these devices.
He’s saying what we’ve all been thinking, but he definitely brings to light some of the less thought about problems of slow updates. Most people complain about being stuck on old software because it’s slower or lacks cooler features, but that outdated software also lacks the updated protection that current software would provide. The antivirus on your computer wouldn’t do much good if it was looking for malware from 2010, would it? He also talks about the stock Android browser, which is one of the more popular browsers simply because it’s preloaded on the device. Unlike Firefox, Chrome, or any other browser you can download from the Play Store, the stock browser lacks constant updates and new malware protection like updateable apps have.
It’s definitely a good read, and definitely a situation that needs to change. Read on past the source to see what Soghoian has to say.
source: Threat Post