It’s been awhile since we’ve heard of any major security exploits in Android, but it looks like another pretty massive security vulnerability has been uncovered by Bluebox Security. The latest exploit takes advantage of Android’s failure to check the authenticity of digital certificates, allowing some apps to gain access to the OS and resources that they otherwise should not have access to.
During Google I/O 2014 today, some time was spent sharing the role that Google Play Services holds in keeping all users up-to-date and secure against malicious attacks. According to Google, Google Play Services gets updated every six weeks and is one of the few frameworks that they actively monitor to make sure it stays on that schedule. With these updates rolling out regularly, Google says 93% of all Google users are on the latest version.
Computer security giant Symantec has found a new piece of malware that targets Android devices through a Windows computer that have been infected. The malware goes by “Trojan.Droidpak” and uses ADB as its way of entry. An app will appear like the Google Play Store; however, it is called the “Google App Store.” After starting the malicious app, it will search for Korean banking apps. After that, it will prompt the user to install malicious ones over the originals. Also, it can intercept emails so users will miss fraud protection notices. It is unknown if this is widespread or just limited to Korea at this time.
As usual, you should be smart and only connect your Android device to a computer that you trust. Disabling “USB Debugging” and enabling “Verify apps” is likely your best choice. Hit the source link to see Symantec’s detailed breakdown.
A new security report published by Cisco has found that 99% of all mobile malware attacks are targeted at Android devices. On top of that, the report says Android suffered 91% of all Java-based web exploits and 71% of all overall web-based exploits. Ouch. This is compared to Cisco finding that Apple’s iOS only encountered 17% of web exploits.
Eric Schmidt has publicly claimed that Android is more secure than iOS, but despite all of Android’s jumps in security and privacy over the past few years, that’s still not quite true. Obviously this doesn’t mean all Android devices are infested pits of malware, but just that you’re more likely to encounter malware attacks on an Android device.
You can check out the full security report below.
One of the main complaints Apple fanboys will make about Android is that it’s more susceptible to malware, and thereby a more risky choice for a phone, for obvious security reasons.
Google is now making an effort to quell these false claims, and recently released some graphics showing how hard it is to actually have malware damage your device and infiltrate your secure information. Note that their numbers only include devices that have Google Play Services— many phones without Google Play, such as those from China and Russia, are more at risk for malware.
Google’s Android Security chief Adrian Ludwig says that there are many layers of Android security constantly at work, and because of this, only .001% of all malware is even able to attempt to evade security, let alone actually get through.
The numbers get lower and lower as you pass through the multiple layers, as you can see from the graphic above.
This is not to say you should always be careful, especially when sideloading applicatoins, or if you have an untrusted app store on your device, which are the most common ways to get any type of malware on your device.
While good things come out of Android being the most used mobile operating system around, bad things also come. Like malware. A new survey by the U.S. Department of Homeland security reveals that the majority of malware targeting operating systems in 2012 were intended for Android. An incredible 79% of all smartphone malware last year was meant for Android users, followed by 17% for Symbian phones, 0.7% for iOS users, and 0.3% for Windows Phone.
In a memo, the DHS and FBI say it is because so many Android users continue to run older versions of Android, making their devices open to a number of security vulnerabilities. Google chose not to comment.
Source: All Things D
Mobile security is a big deal on Android devices. While it’s debatable if malware is as big of a problem on Android as security analysts say it is, it’s still very important to keep your devices protected, just in case. Usually, Google does an excellent job of patching most vulnerabilities in their software, the problem is that carriers take way, way too long to get those security patches onto consumer handsets. Activist Chris Soghoian, known for his work with consumer security and privacy, has recently called out wireless carriers on their poor practices with updating these devices.
He’s saying what we’ve all been thinking, but he definitely brings to light some of the less thought about problems of slow updates. Most people complain about being stuck on old software because it’s slower or lacks cooler features, but that outdated software also lacks the updated protection that current software would provide. The antivirus on your computer wouldn’t do much good if it was looking for malware from 2010, would it? He also talks about the stock Android browser, which is one of the more popular browsers simply because it’s preloaded on the device. Unlike Firefox, Chrome, or any other browser you can download from the Play Store, the stock browser lacks constant updates and new malware protection like updateable apps have.
It’s definitely a good read, and definitely a situation that needs to change. Read on past the source to see what Soghoian has to say.
source: Threat Post
McAfee is one of the more popular antivirus protections available to PC users, and with the malware on Android devices, they’ve stepped in to provide their trusted protection on smartphones and tablets, too. Recently, McAfee updated their Android application with a refreshed user interface and an innovative new App Lock feature. McAfee claims that since apps like Twitter and Gmail don’t require a password each time you open the app, it’s a possible security threat on your device. App Lock protects against this threat by requiring a pin number each time you want to use one of these applications, protecting you from someone digging through your phone for personal information or even just some nosy friends. This feature can also be used to protect children from having access to certain apps on your device, like the browser or your banking app.
McAfee offers a free trial of the app on Google Play, and offers the paid version at $29.99. Hit the break for the press release and download links.
It’s no secret that competition between the major phone platforms (Android, IOS, and Windows Phone) is pretty stiff, with each company doing whatever it can to get a leg up on the competition. Things can get pretty ugly sometimes, with competitors trashing one another and tarnishing each other’s reputation in whatever way they can. Tonight Microsoft joined the fire-fight with a tweet from their Windows Phone twitter account. In it they are calling for their followers to send tweets telling the world about their worst malware story while using an Android phone. These tweets should also include the hashtag #DroidRage. Something tells me that the very vocal Android community won’t take this sitting down and will turn Microsoft’s provoking tweet on its head. After all…when you think of viruses and malware, you tend to think of Microsoft products. Let’s see how this unfolds. If you want to reply to the tweet yourself, check it out at the source link below.
Source: Windows Phone Twitter