released new research today detailing the biggest threats faced by Android users, and while most of it is familiar information, there are some fiendishly innovative new forms of malware and other malicious apps that users should be aware of. Chief among them is the "Premium rate number billing scam".
security vulnerability in its Android smartphones is in the pipeline, addressing what some security experts suggested was a "massive" privacy issue. "In our ongoing investigation into this recent claim," the company told Engadget, "we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application" However, HTC also insists that it has seen no reports of the loophole actually being taken advantage of, with the potential for harm seemingly more theoretical than practical at this stage. Nonetheless, a security update is being worked on now, and which - after some carrier testing - will be delivered OTA to HTC Android phones. There's no timeline for its release - HTC says the carrier testing period will be "short" though that's presumably up to the networks themselves to deliver on - so until then the company points out that people should "use caution when downloading, using, installing and updating applications from untrusted sources." That's pretty sensible advice no matter what the situation. Full HTC Statement:
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability. HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
Android Police (appropriate, no?) published a "massive" security flaw found on several high-profile devices from HTC. The problem comes from a customization that HTC has implemented on the core Android system, allowing any app that asks for the right permission access to a staggering amount of users' private and technical data. Even more disturbing, it seems to be the case that some of this information can be retrieved remotely by HTC or anyone else due to an HTC app opening up a network port on any affected phone. The primary issue stems from the "android.permission.INTERNET" permission. Once an app calls this permission into effect, it has access to all sorts of disturbing information on both rooted and non-rooted phones. The private information which any app can access includes email addresses, GPS locations and at least some former locations, call logs, SMS logs, and information from running apps. The HTC app "HtcLoggers.apk" is capable of collecting much of this data and then supplying it to anyone who opens up a network port on the phone. Theoretically, it's possible to duplicate a user's entire phone using these vulnerabilities. Trevor Eckhart originally discovered these vulnerabilities, and the flaws have been verified and cataloged by Artem Russakovskii and Justin Case of Android Police. According to these three, the problems effect a wide range of HTC Android devices across all major carriers. The EVO 4G, EVO 3D, EVO Shift 4G, MyTouch 4G Slide and Thunderbolt were mentioned specifically, so it's a fair bet that anything running similar hardware and software is likewise affected. The whistle-blowers have created a proof-of-concept app which allows any user (no root required) to examine the data being collected in real-time. You can find their exhaustive research and the proof of concept app at the source link. Though Eckhart said that he alerted HTC of these security issues more than a week ago, no official response has been made. Update: HTC has made the following statement: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken"
Samsung Galaxy S II has at least one dull spot. There's an easy work-around that will let anyone access your phone if you've implemented Android's unique pattern-based or PIN lock screen. Don't worry, though, an industrious early adopter has already found a way to secure the Galaxy S II while keeping the lock screen in place.
TekTrak app will help you find your phone in your house or anywhere else if you lose it.
app for Android users that allows the Android device to access the Nessus server and read reports on the network.
we reported that Skype for Android had a vulnerability which allowed a third party to harvest a user's data without their consent. Skype replied that they were taking action, but didn't tell us what it was. Now we know. Skype has solved the issue for now by removing the ability of a hacker to do so. And there's more ...