security - Android Community

Tagged: security

O2 exposes customer phone numbers before plugging security hole [UPDATE]

By Michael Crider
on 25 Jan, 2012

UK citizens who use O2's wireless network got a nasty shock this morning, when reports around the web claimed that their phone numbers were being exposed to any website they visited from their mobile phones. While not a malicious attack, a setting in O2's network was broadcasting its customers phone number in addition to standard browser data like user agents, device type and screen size. This morning Android phones and other O2 devices stopped broadcasting mobile phone numbers, indicating that the security hole has been patched. O2 still hasn't spoken publicly on the issue.

NSA releases ultra-secure open source Android derivative

By Michael Crider
on 17 Jan, 2012

Rejoice, paranoid security fanatics! There's finally a version of Android that enables your obsessive need to lock and control each and every file on your mobile device. There's just one catch: you've got to trust the National Security Agency to use it. The NSA has released its security-enhanced version of Android, named SE Android... because G-men have slightly less imagination than your average sea sponge. You can download the source code now and compile it on any operating system you want, so long as you want to compile it on Fedora Linux. Other operating systems should work, but haven't been tested.

Android.Arspam is the latest malware threat, says Symantec

By Michael Crider
on 30 Dec, 2011

There's been a lot of news in the last few months about Trojans and other malware aimed at Android devices, and with millions of new phones and tablets being sold every week, that's not likely to change any time soon. Security software vendor Symantec has identified the latest Trojan to gain a major foothold, called "Android.Arspam". The Trojan imitates a legitimate app in the Android Market designed to aid Islamic prayers with a compass pointing towards Mecca, and has found its way onto an increasing number of Middle Eastern Android phones.

Star Wars: The Old Republic comes to Android… as a security key

By Michael Crider
on 29 Dec, 2011

Jedis! Sith! Droids! And not a Gungan in sight! The wildly anticipated Star Wars: The Old Republic, a massively multiplayer entry into BioWare's amazing Knights of the Old Republic series, is making records and headlines all over the gaming world this holiday season. And now you can get a piece of that awesome experience on your Android phone! Except that you can't. Because it's a lousy confirmation app.

Security hole found in all GSM networks by hacker

By Sam Koutroulakis
on 27 Dec, 2011

During a hacking convention in Berlin conducted by Germany's Security Research Labs, a hacker discovered a security hole within the GSM mobile network. In Mr. Karsten Nohl's own words:

Researcher demonstrates an app taking over Android with zero permissions

By Michael Crider
on 20 Dec, 2011

The first line of defense in computer security is the user, or at least that's the way it works on Android. Whenever you install an APK from the Android Market or via an SD card or download, you're presented with a list of permissions detailing what hardware and software the app can take advantage of. Wary users often opt to skips apps that take more permissions than are needed, and smart developers often post reasons for requested permissions in the Market. But it looks as if there's at least one critical flaw in the Android permission system. An R&D director with ViaForensics has proven that the system can be bypassed, by installing an app with no permissions at all that can nonetheless completely control the Android shell.

viaForensics claims Google Wallet has security issues

By Shane McGlaun
on 13 Dec, 2011

Google Wallet famously won't work on the slick Galaxy Nexus, which may bother some folks when that phone finally lands in the US. However, if you are the security-conscious sort that may not be a big deal to you in the wake of a recent report by a security firm called viaForensics that is claiming that the Google Wallet app isn't secure enough. American Banker reports that viaForensics found that app stores enough data on the phone itself that a well-crafted email from a nefarious sort could fool many users into giving up more credit card details.

Carrier IQ busted on video: records keystrokes, web traffic

By Michael Crider
on 30 Nov, 2011

Carrier IQ's support software has been monitored closely by Android security watchdogs for the last few weeks. After an embarrassing public relations snafu, the company stated that their software does not record personal information, despite the findings of an independent security analyst. But The Register reports that same analyst has now shown the Carrier IQ software logging keystrokes in real time, and transmitting them over an unsecure wireless connection. Carrier IQ is, in a word, busted.

BlackBerry Mobile Fusion manages corporate assets on Android

By Michael Crider
on 29 Nov, 2011

RIM is having a tough time right now. They're being squeezed from the top with iOS and from the bottom (well, bottom, top, sides and everywhere else) with Android. But the BlackBerry hardware is only part of RIM's overall business, and they're making a major effort to expand even more into the corporate services space. BlackBerry Mobile Fusion will allow IT managers to access and control company assets on BlackBerry, Android and iOS devices, essentially making the existing Enterprise Server cross-platform.

Twitter acquires Android security firm Whisper Systems

By Michael Crider
on 28 Nov, 2011

Here's an odd bit of M&A news. Wired reports that Twitter's latest acquisition is a tiny Middle Eastern company whose sole focus is enterprise-grade security for Android phones. Whisper Systems, made up of notable computer security guru Moxie Marlinspike and CTO Stuart Anderson, gained the public's interest when it developed a secure, encrypted calling service called RedPhone in the wake of the revolution in Egypt.