Users reporting new “On Body Detection” lock mode in Android

on_body_detection_01

Based on reports starting to be made by users, Google is either testing or slowly rolling out a new lock mode for Android devices designed to detect when a device is physically in a user’s possession. The lock mode, called “On Body Detection” uses a device’s sensors to detect whether a device is being held in a person’s hand or is in their pocket and will keep the device unlocked. If the device is set on a table or something similar, the device will lock, requiring a user to employ their normal unlock method.
Read more

Googles takes step back from default encryption on new Android Lollipop devices

Samsung-Galaxy-S5-Note-4-Android-5.0-Lollipop-b

Last fall in the lead up to the release of Android Lollipop, Google let it out that they were planning to enable encryption of storage by default on new devices. This was going to be a change from previous versions of the Android operating system which had the capability of encrypting storage space, but left it up to the user to enable the encryption. As several new devices are starting to finally come to market loaded with Android Lollipop out of the box, Google has apparently decided not to make encryption the default, at least not for their partners manufacturing mobile devices.
Read more

Beta channel for Android WebView open to Android 5.0 Lollipop devices

google_android_system_webview_play_store_listing

Many were concerned with Google’s decision to unbundle WebView from the core system starting with Android 5.0 Lollipop. Older devices would be left behind, too, without updates and that means compromised security. Fortunately, Google has realized so many Android apps take advantage of WebView that it only makes sense to further support. With the latest version of Android, Google will be able to update WebView independently. Right now, developers can join the new beta channel to gain access to new APIs and other items. Developers will be able to become familiar with the updates before users get to see them.

You can join the beta channel of Android System WebView by clicking here.

Source: Android Developers Blog

Samsung Knox customers will get a complementary free 3 months of Google Drive for Work

Samsung_Knox_456Right on the heels of adding in new features to Knox, Samsung has announced an offer for customers that use the security service. Any customers that sign up for Knox will get a free 3 month trial of Google Drive for Work, which is obviously Google’s own cloud storage service that’s centered around business security.

The offer nets customers a full 1 TB of storage, and if more than 5 users take part, that gets bumped up to unlimited storage. The encryption on the service is top notch, which goes hand-in-hand with Samsung’s take on Knox, so this might be a worthwhile offer for many people.
Read more

Smart Lock for Chrome open to all Chrome OS users

chrome_os_smart_lock_example

Prior to today, Smart Lock was only available to users of the Chrome OS Dev Channel. Today, that is no more as the feature is open to any and every Chrome OS user (with a Bluetooth connection). Smart Lock allows Android 5.0 Lollipop devices to unlock nearby Chromebooks seamlessly. The Chrome OS device will recognize the user is already signed in on their phone and bypass the lock screen.


Read more

Flaw in Marriott app puts company back in the news and not in a good way

marriott_logo

Marriott has recently been in the tech news lately due to plans to block customers’ personal Wi-Fi hotspots when visiting one of the company’s properties. That move earned them a lot of negative press and pressure from the likes of the FCC and eventually caused them to reverse their course. Now it has been discovered that Marriott’s app for Android may have exposed customer data, including credit card information, to possible attack and pilfering ever since its launch in 2011. The flaw was discovered by Randy Westergren, a senior software developer with XDA-Developers, who also found a major hole in Verizon’s mobile app.
Read more

Android Security lead engineer provides further insight to WebView security issues on devices running Jelly Bean and older versions

adrian_ludwig_picture1

It was reported by Talk Android’s Jeff Causey on the 12th of January (link here) that Google would no longer be providing security updates to WebView on devices running Android 4.3 (Jelly Bean) and earlier. In fact, it is even deeper than that: Google will not be managing the entire WebKit for these versions any longer, from which WebView is derived.

In a post on Google+ today, Android Security’s lead engineer, Adrian Ludwig, provided clarification and guidance to those nearly 1 billion device owners running Jelly Bean or earlier Android versions.
Read more

Samsung wants to work with BlackBerry, not purchase it

Samsung_Galaxy_Tab_S_8.4_Back_Slanted_Camera_Samsung_Logo_TA

Last week, a report was published that stated Samsung made an offer to purchase BlackBerry. The obvious reason for Samsung to go after BlackBerry would be for patents with the intent to bolster enterprise and security platform Knox. Both companies, however, moved very quickly to deny the validity of the report. Now, the leader of the mobile division at Samsung has gotten in front of the rumors to state that the company does not intend to purchase BlackBerry.


Read more

Report claims Google not patching older versions of WebView leaving users exposed

android-security

A new report that surfaced today claims that Google has ended support for WebView on Android devices running Android 4.3 or older, a move that could leave users exposed to malicious attacks. WebView is considered a “core component” of Android and is used by applications to display web pages without opening an actual browser session. Starting with Android 5.0 Lollipop, Google decided to unbundle WebView from the core system so updates could be pushed out via the Google Play Store.

The source of the news regarding a lack of updates for Android versions 4.3 or older came from a response by Google’s Android security team to a report of a bug in the AOSP browser which is based on WebView. According to the response to Joe Vennix of Rapid7 and independent researcher Rafay Baloch:
Read more