Security Hole - Android Community

Verizon Galaxy Note II Exynos flaw fixed with latest update

By Eric Abent
on 18 Jan, 2013

It would appear that worries about the recently-discovered Exynos security hole are over for Verizon Galaxy Note II owners. An update is being sent out today that supposedly fixes the security flaw that had so many Samsung owners on edge, so Verizon Galaxy Note II owners can rest easy. Be sure to check your notification panel to see if there's an update waiting for you, and if there is, install that bad boy to bolster your phone's defenses against malware.

Duo Security releases X-Ray security app for Android

By Eric Abent
on 24 Jul, 2012

It takes a dedicated person to stay up-to-date on all of the security vulnerabilities in any given system, and that isn't any different on Android. Thankfully for Android users, Duo Security has released a new DARPA-funded security app called X-Ray that will assist in identifying security holes on your Android device, because hey, who else is going to do it? Duo Security writes on the X-Ray official site that it developed this app in part because carriers typically drag their feet when it comes to pushing an update that will fix security flaws in Android, so with this app, they're giving users the ability to test for these flaws themselves.

HTC begins OTA rollout for Sense security flaw fixes

By Michael Crider
on 25 Oct, 2011

A few weeks ago news broke about a massive security flaw in nearly all of HTC's current Android devices, stemming from customizations that the manufacturer made to the core Android files. Shortly after the flaw came to light, HTC vowed to fix the issue, and today some of its high-profile device are receiving their first updates. According to Android Police (Who broke the security story in the first place) the Evo 3D, Evo 4G, Evo View 4G and the new EVO Design 4G are all being updated now.

“Massive” security/privacy issues found in HTC phones

By Michael Crider
on 2 Oct, 2011

The Android world had a major shock earlier today when several members of Android Police (appropriate, no?) published a "massive" security flaw found on several high-profile devices from HTC. The problem comes from a customization that HTC has implemented on the core Android system, allowing any app that asks for the right permission access to a staggering amount of users' private and technical data. Even more disturbing, it seems to be the case that some of this information can be retrieved remotely by HTC or anyone else due to an HTC app opening up a network port on any affected phone. The primary issue stems from the "android.permission.INTERNET" permission. Once an app calls this permission into effect, it has access to all sorts of disturbing information on both rooted and non-rooted phones. The private information which any app can access includes email addresses, GPS locations and at least some former locations, call logs, SMS logs, and information from running apps. The HTC app "HtcLoggers.apk" is capable of collecting much of this data and then supplying it to anyone who opens up a network port on the phone. Theoretically, it's possible to duplicate a user's entire phone using these vulnerabilities. Trevor Eckhart originally discovered these vulnerabilities, and the flaws have been verified and cataloged by Artem Russakovskii and Justin Case of Android Police. According to these three, the problems effect a wide range of HTC Android devices across all major carriers. The EVO 4G, EVO 3D, EVO Shift 4G, MyTouch 4G Slide and Thunderbolt were mentioned specifically, so it's a fair bet that anything running similar hardware and software is likewise affected. The whistle-blowers have created a proof-of-concept app which allows any user (no root required) to examine the data being collected in real-time. You can find their exhaustive research and the proof of concept app at the source link. Though Eckhart said that he alerted HTC of these security issues more than a week ago, no official response has been made. Update: HTC has made the following statement: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken"

AT&T Samsung Galaxy S II lock screen security flaw, and how to fix it

By Michael Crider
on 30 Sep, 2011

It seems like the shiny new AT&T version of the Samsung Galaxy S II has at least one dull spot. There's an easy work-around that will let anyone access your phone if you've implemented Android's unique pattern-based or PIN lock screen. Don't worry, though, an industrious early adopter has already found a way to secure the Galaxy S II while keeping the lock screen in place.

Android Virus Alert! SW.SecurePhone and SW.Qieting in the background

By Cory Gunther
on 25 Feb, 2011

Attention Android Users, looks like we may have another small virus issue at hand. Reports like this have came out before. Whether you think phones can get viruses or not. It's better to be safe than sorry. Our mobile phone Anti-Virus friends over at NetQin Mobile have spotted not one, but two issues that need to be brought to everyone's attention. NetQin said they have found two Malicious Viruses stemming from apps that come from the dark alley side of the Android Market.

Android Market Web Store Backdoor Discovered by Naked Security

By Chris Burns
on 4 Feb, 2011

If you're familiar with the goings on with Google as of late, you know that Android has just received a significant bump with a fully functional browser-based store. Up until now, Android users had to rely on the tiny Android Marketplace based on their handheld devices - this new store allows apps to be downloaded simultaneously to each and every one of these devices (if the user has several) all at once, direct from the cloud. What's the problem with this? Doesn't this all seem like flowers and candy? How about if someone grabs your password?