Related
Do you know that the Android Market Place too has some serious loop holes as some of the applications in the Android Market Place steals the banking passwords? Yes, for all those who thought that the Android as a platform is safe might just have to give this a thought as its not safe at all as the market has a malware which really is responsible for the stealing of banking passwords data. Basically there are two Android Malware types which are available as of now, one is the Droid Dream Light and another one is the Zitmo out of which both has the ability to steal the banking data or can also intercept the data from the non suspected users and then the data can be fetched to misuse it. Though these both malwares can be caught by using the recognized Antivirus, its still a big question mark on howm many more such malwares are there which cause damage to the privacy of the users confidential data.
Since these two malawares were caught by the LookOut mobile security, we could knew on what consequences it can make, so always ensure that you use a trusted antivirus or the anti malware softwares like the Lookout Mobile Security or else it will be very difficult to track, find and kill such malwares.
According to the release by LookOut, it was reported that the four applications that are Mobnet: Quick FallDown, Scientific Calculator, Bubble Buster and a clone of Best Compass & Leveler pulled the user data and were stealing the udser passwords, so its better that immediately you should uninstall these applications which are mentioned above. Please note that, always you will have to ensure that the unwanted apps should be removed or uninstalled from your device or else such consequences can get aroused. Also, we can hope that since al these things are Anti-Google Policies, Google will surely look out for the same and will ensure that such things are not repeated again. In the above 4 applications which are listed, there was a threat of Droid Dream Light which was found and also this one contnously performs the unwanted tasks in the background without our consent which is the most worst thing as it not only drains the data but also steals the data from our Android Phones like Passwords and other crucial data.
Another malware which is named as the Zitmo is basically a malware which has recently plagued other mobile OS formats like Windows and even the Symbian and was known for stealing the passwords. Also, this on eis very popular on all variants of the Videocon Zeus handsets as this malware is made for all the Zeus variants phones. Adding to the Worst its event like that it tracks all the incoming messages and captures the crucial data like the authentification codes which the bank sends to the users and also it has the capability to perform the transactions on the users behalf. Also, additionally, the apk file size is of around 19KB and it passes itself as the security tool with the name of Trusteer and if te user installs any malicious application, then then trusteer report will be appearing on the main menu and then this will take over the screen after clicking on the application link which is again the bad part of this application and how it works to capture all the important data.
So, all in all if you look to protect yourself from all such malicious threats, then you will have to make sure that you use a good antivirus as well as a good anti malware solutions like AVG Security Suite or even say Look Out Mobile security tool.
Do, let us know if you want to share any such experiences in the comments section below so that all other users will get benefitted with the same.
Source? 10char
tl;dr
However, I'm not stupid enough to enter my details into my phone willy nilly, or at all infact.
source please
Reads like an advertisement for lookout security, an app that has questionable permissions in itself, lol
Sent from my ADR6300 using Tapatalk
1. i dont download app under 300 reviews and rating.
2. i do research before i download app.
3. read step 1 & 2.
techrepublic has a little info on the Zeus/Zitmo and android, stating that:
Security researchers at Fortinet, S21sec, and McAfee are following the Zeus/Zitmo saga closely. They have examples of Zitmo code for Symbian, Blackberry, and Windows mobile operating systems–three out of the big four. What about Android? (...) According to this Nielsen report, Android is favored by a third of all smartphone users. Seems to me, the bad guys are missing or avoiding the largest segment of mobile-device users. Puzzling.
Anyway, for now I think that combo of DroidWall, LBE and Permission Denied provides some level of security
phoenixs4r said:
Reads like an advertisement for lookout security, an app that has questionable permissions in itself, lol
Sent from my ADR6300 using Tapatalk
Click to expand...
Click to collapse
I agree with that, I actually think Lookout itself is the part of malware. I'm curious what it is actually doing while it's scanning apps.
Closed - OP request
I found this on a site, does any one else know about this or have they been infected by it? It states that it works better on older versions of android so hopefully it cant infect us. so i thought i would share this. It sounds like fun lol
Security experts from NQ Mobile have recently detected new Android malware which is controlled through SMS messages. The malware, dubbed TigerBot, is able to record calls and surrounding noise.
TigerBot was detected while circulating in the wild through non-official Android channels.
The malware is wise: it can hide itself on a targeted device. TigerBot refuses to install an icon on the home screen, and masks itself with an ordinary application name like Flash or System.
Once active, TigerBot registers a receiver marked as a high priority in order to listen to the intent with action “android.provider.Telephony.SMS_RECEIVED”.
NQ Mobile explained that when a user receives a new SMS message, the malware would run a check to find out whether the message is a specific bot command. In the event it is TigerBot will prevent it from being seen by the user, after which it will execute the command.
The malware is able to record sounds in the immediate area of the device, along with the calls themselves. It is also able to alter network settings and report the current GPS coordinates of the device. TigerBot was proved to manage capturing and uploading pictures, killing other processes and rebooting the infected device.
However, the malware isn’t written perfectly enough. For instance, some of its commands aren’t routinely supported: the command to kill other processes can only be performed on early Android versions. Still, the mobile security company points out that the fact that this piece of malware and any of its variants might be controlled without your knowledge does mean that it is a serious threat. The insecurity specialists added that users are recommended to always reject unknown application requests and attentively monitor permissions requested by any program.
how to detect this malware infection?
Not sure how to yet, just be careful what apps you install, check permission, don't worry about apps from the android market or dev on here. So just be wise in what you install.
Sent from my R800i using xda premium
Hey XDAian...:laugh:
Here I am back again for few suggestions & discussion.
Based on some pretty interesting facts about "mobile in general", The smartphone segment has brought accessibility to millions around the world, at work and at home. Naturally, all the data in those devices, wirelessly accessible, becomes a gold mine for those with nefarious motives to exploit.
On the work front, smartphones are a huge contributor to productivity. At home, they provide meaningful and useful (and sometimes redundant) ways to stay in touch with friends and family. The more of these devices we buy, the bigger the opportunity is for criminals, because there are so many ways to get the data. We might lose a device, or its is stolen, we might download a bad application, or soon brush against an NFC tag or visit a bad web-page. The possibilities are so diverse compared to a PC or server farm hardwired to the internet.
With the tremendous growth of the smartphone market not expected to slow down anytime soon, people and organizations must be vigilant in guarding against breaches of their data and/or personal information. Even as organized hackers work on ways to score the high-value breach, they are working on high-volume, low-risk attacks against weaker targets as well.
In addition to some tips about securing mobile devices, the infographic has some interesting facts from 2011 in there as well, such as 855 breaches resulted in the theft of 174 million records.
We Need some Security Applications for preventing our valuable data (like Msgs, Contacts, Pin codes etc). Therefore, from my side this thread belong to all XDAians.
Please suggest the latest, finest Applications & few tremendous suggestion from all Devs, RC, RD & Members.
I like a Security based Application called LBE Privacy Guard to Prevent sending data through various applications installed at our Mobile.:good:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Some Great Ideas Received from Our XDA Members. Which are here follows:
As this OP thread may become too long so, for Batter view just press "Show Contents" for there suggestions.
This One is provided by Our Great Sr.MOD Justin:
Personally, I place little emphasis on mobile security. Things like antivirus, password protectors etc. make sense if you store a lot of mission-critical, sensitive data on your phone, or frequent a lot of open hotspots, leave your Bluetooth on and 'visible' in public places, but otherwise just chew battery, CPU cycles and money.
I can appreciate the need for such things, in some instances (proper business users, etc.). I have little faith in an app to look after my security however, and would instead recommend a few lifestyle changes where possible, to improve your security:
1. Never use open, public WiFi. If you must, never use it for sites you log into, sites that control your money, or sites that contain other sensitive information. Doesn't take much for that guy outside McDonalds on his laptop to be sniffing packets.
2. Turn on Bluetooth and NFC only when you intend to use them. Not only do you save precious battery, you ensure that your close-range transmission technologies are only on when you need them, and not at other times. Also, set a unique Bluetooth passcode for your device, rather than the generic '0000'.
3. Never let your browser remember any passwords.
4. When setting passwords and PINs, never use a bank PIN, and always use 'leetspeak' for your passwords. For example, I would like my password for XDA to be 'firewood'. Rather than just typing it, try substituting letters for numbers, like this: F1r3W00d. Mix up your capital and lower-case letters, even substitute characters for letters or numbers. Do anything you can to ensure your passwords don't resemble anything from a dictionary!
I have no idea whether these steps have helped, but I haven't been the victim of online identity theft yet - even my passwords have never been compromised.
I think it's something we should always keep in mind, but never worry too much about. The risk is always there but it's a big, wide world.
This One is provided by Our Great buddy Adam77root:
Mobile security is getting more and more important nowadays. But the worst is that people don't know about and are not aware of the security issues that all pose a high threat to gadget users. There are plenty of ways for which stolen data can be used for and most of the people don't even think of themselves being impersonated by hackers.
Because of the design of the Android system it's very easy to write fully-featured malwares for this platform as the permissions are not handled on a low native (even kernel) level, but there are the Android permissions most of you are already aware of. A lot of users don't read through the permissions that the application they install asks for, making it easy to fool them.
Hackers usually give such application and package names that they are very similar to those of the inner Android system, so the users don't delete those apps after a little Google search.
Coding in Java is extremely easy, you don't even have to free memory, as the garbage collector does that for you. This opens this platform for the so-called script-kiddies who are wannabe 'hackers' and want to create the 'best malware ever'. They're dangerous as there are a lot of them. There are also a lot of prebuilt libraries for Java, which can be used for making for example network communication easy.
If such an application is installed on a system, its easy to root the victim's device, opening a new way to compromise the OS. There are methods to root a great deal of devices (of course excluding some) and plant a rootkit on them for a longer stay. For example the app is then moved to the system partition where it cannot be deleted from.
Most of the modern malwares communicate through the internet with their author. If somebody uses a 2G/3G data connection and has no or limited data plan, it may cost high amount of money for the user. For example: Here, in Hungary, lot of teenagers use 0.facebook.com which allows them to browse Facebook without paying for it. Just imagine their parents when they get the bill because of a hacker.
I, personally, do not use any antiviruses on my phone. Even, I use only a free AVG on my Windows PC and nothing on my Linux box. Every system can be hacked and all AV-s can be bypassed. Sometimes I check the autorun apps to see if there isn't any suspicious.
To sum up: I advise you not to download/install any suspicious app on your phones and if you notice some strange network activity, do a deeper inspection on it and wipe your data (very important as most of the malwares are still installed there) or reflash your system if you want to make sure everything.
Here is few more points from our great RC Selva.simple.
Mobile security not only matters about protecting our data from phising and virus attacks but also protecting it when v lost our device. Because a smartphone falling into wrong hands can cause so much of trouble. So just wanna list down following points interms of mobile security
* When u buy a new smartphone, take a mobile-insurance along with it (atleast for an year). We may sometime doesn't know its importance. But it matters a lot. It comes around of 3% of mobile cost. Keep your bills and insurance papers safely.
* For all important personal contents (Contacts, Pics, Videos, Docs, Messages) you store in smartphone, have a secondary backup in your system or hard disk. It comes in handy when ur phone is totally dead or lost. Take this backup atleast once in two months. Lots of software available for this.
* Use personal lock apps like "Keep safe" to lock/hide your personal data.
* Use Mobile security apps like "Lookup" or "Avast". Even if not for its ant-virus feature, but must for its features of "Anti-theft" features. Apps that help in locating the device if in case the mobile is stolen and kept on.Or when your sim card is replaced with a new sim, sending out a sms from the new sim to a pre-configured number.
* Apart from all these, an important feature is to destroy all your personal contents (complete Erase) in your mobile if in case it is stolen. This will prevent our data falling in hands of wrong people.More than device, our data matters a lot.
I'm a personal victim of a stolen mobile phone, my Wave II. Since that was the time, i flashed a leaked Bada 2.0, no data was there in my mobile. So atleast i was happy with that. I had my mobile insurance which got me the 80% of money which led my way to Android world via Galaxy R.
Source of this amazing ad is Phone Arena.
"How to secure your Android phone and protect your data"
Just Go to this thread for the same ->How to secure your Android phone and protect your data
Download LBE privacy Gaurd / master for mobile -> Click here for thread.
FOA, good thread (Y)
i know two apps which are good in security...
one is APPLOCK - https://play.google.com/store/apps/details?id=com.domobile.applock&feature=search_result
another AFARIA - my bro uses this on his note, its suggested by his company to maintain their mails and lot other office stuff store on the phone-
https://play.google.com/store/apps/details?id=com.Android.Afaria&feature=search_result
U brought to my attention the importance of security...
Till nw i was least bothered n never paid attention...
Bt thanks...
Sent from my GT-I9103 using Tapatalk 2
vipul12389mehta said:
U brought to my attention the importance of security...
Till nw i was least bothered n never paid attention...
Bt thanks...
Sent from my GT-I9103 using Tapatalk 2
Click to expand...
Click to collapse
security is important man!! how can you let others read your messages or your mails or even look at your gallery ???
security is must!!
chandrus1983 said:
FOA, good thread (Y)
i know two apps which are good in security...
one is APPLOCK - https://play.google.com/store/apps/details?id=com.domobile.applock&feature=search_result
another AFARIA - my bro uses this on his note, its suggested by his company to maintain their mails and lot other office stuff store on the phone-
https://play.google.com/store/apps/details?id=com.Android.Afaria&feature=search_result
Click to expand...
Click to collapse
Thanks buddy. U r like my bro.. :thumbup:can u pls add few more lines abt these two application. I will add both of it in OP.
Sent from my GT-I9103 using xda premium
vipul12389mehta said:
U brought to my attention the importance of security...
Till nw i was least bothered n never paid attention...
Bt thanks...
Sent from my GT-I9103 using Tapatalk 2
Click to expand...
Click to collapse
Buddy if u will PM me then i will disclose u few points of applications.. bt security is highly recommended over android mobiles.
Sent from my GT-I9103 using xda premium
chandrus1983 said:
security is important man!! how can you let others read your messages or your mails or even look at your gallery ???
security is must!!
Click to expand...
Click to collapse
This is what i was telling in whole thread buddy. Security is as much as essential like security of ur bank account. If a unknown person is having ur personal data, it means u are in big trouble. So, for security point of view we must have knowledge abt the same.
Edit: thats why i asked fron Devs/RC/RD to come ahead and provide us the right path of security.
Sent from my GT-I9103 using xda premium
kataria.vikesh said:
Thanks buddy. U r like my bro.. :thumbup:can u pls add few more lines abt these two application. I will add both of it in OP.
Sent from my GT-I9103 using xda premium
Click to expand...
Click to collapse
Yes I will write when I get on pc, and ask more info about the afaria app from my brother.and update it.
From my Limited Edition SGR
Mobile security is getting more and more important nowadays. But the worst is that people don't know about and are not aware of the security issues that all pose a high threat to gadget users. There are plenty of ways for which stolen data can be used for and most of the people don't even think of themselves being impersonated by hackers.
Because of the design of the Android system it's very easy to write fully-featured malwares for this platform as the permissions are not handled on a low native (even kernel) level, but there are the Android permissions most of you are already aware of. A lot of users don't read through the permissions that the application they install asks for, making it easy to fool them.
Hackers usually give such application and package names that they are very similar to those of the inner Android system, so the users don't delete those apps after a little Google search.
Coding in Java is extremely easy, you don't even have to free memory, as the garbage collector does that for you. This opens this platform for the so-called script-kiddies who are wannabe 'hackers' and want to create the 'best malware ever'. They're dangerous as there are a lot of them. There are also a lot of prebuilt libraries for Java, which can be used for making for example network communication easy.
If such an application is installed on a system, its easy to root the victim's device, opening a new way to compromise the OS. There are methods to root a great deal of devices (of course excluding some) and plant a rootkit on them for a longer stay. For example the app is then moved to the system partition where it cannot be deleted from.
Most of the modern malwares communicate through the internet with their author. If somebody uses a 2G/3G data connection and has no or limited data plan, it may cost high amount of money for the user. For example: Here, in Hungary, lot of teenagers use 0.facebook.com which allows them to browse Facebook without paying for it. Just imagine their parents when they get the bill because of a hacker.
I, personally, do not use any antiviruses on my phone. Even, I use only a free AVG on my Windows PC and nothing on my Linux box. Every system can be hacked and all AV-s can be bypassed. Sometimes I check the autorun apps to see if there isn't any suspicious.
To sum up: I advise you not to download/install any suspicious app on your phones and if you notice some strange network activity, do a deeper inspection on it and wipe your data (very important as most of the malwares are still installed there) or reflash your system if you want to make sure everything.
I never thought this but after reading this i am also thinking .....
Yep buddy you are correct, we need to think about this very seriously ....
Sent from my GT-I9103 using xda premium
mj.vikram said:
I never thought this but after reading this i am also thinking .....
Yep buddy you are correct, we need to think about this very seriously ....
Sent from my GT-I9103 using xda premium
Click to expand...
Click to collapse
Yup MJ buddy, I wasn't so much aware but when I saw that my installed applications is getting access to my device & sharing the data, I jst start searching the help.
Nice thread Vikesh, great idea.
Personally, I place little emphasis on mobile security. Things like antivirus, password protectors etc. make sense if you store a lot of mission-critical, sensitive data on your phone, or frequent a lot of open hotspots, leave your Bluetooth on and 'visible' in public places, but otherwise just chew battery, CPU cycles and money.
I can appreciate the need for such things, in some instances (proper business users, etc.). I have little faith in an app to look after my security however, and would instead recommend a few lifestyle changes where possible, to improve your security:
1. Never use open, public WiFi. If you must, never use it for sites you log into, sites that control your money, or sites that contain other sensitive information. Doesn't take much for that guy outside McDonalds on his laptop to be sniffing packets.
2. Turn on Bluetooth and NFC only when you intend to use them. Not only do you save precious battery, you ensure that your close-range transmission technologies are only on when you need them, and not at other times. Also, set a unique Bluetooth passcode for your device, rather than the generic '0000'.
3. Never let your browser remember any passwords.
4. When setting passwords and PINs, never use a bank PIN, and always use 'leetspeak' for your passwords. For example, I would like my password for XDA to be 'firewood'. Rather than just typing it, try substituting letters for numbers, like this: F1r3W00d. Mix up your capital and lower-case letters, even substitute characters for letters or numbers. Do anything you can to ensure your passwords don't resemble anything from a dictionary!
I have no idea whether these steps have helped, but I haven't been the victim of online identity theft yet - even my passwords have never been compromised.
I think it's something we should always keep in mind, but never worry too much about. The risk is always there but it's a big, wide world
juzz86 said:
. I have little faith in an app to look after my security however, and would instead recommend a few lifestyle changes where possible, to improve your security:
Click to expand...
Click to collapse
Happy to see u again juzz Yes thats true, more than an app, we shud be more conscious in our lifestyle and trend towards using our smartphone. And Congrats that u r part of "DEVELOPER COMMITEE".. Or is it u were already there in it and am i just noticing it now
juzz86 said:
Nice thread Vikesh, great idea.
I have no idea whether these steps have helped, but I haven't been the victim of online identity theft yet - even my passwords have never been compromised.
I think it's something we should always keep in mind, but never worry too much about. The risk is always there but it's a big, wide world
Click to expand...
Click to collapse
Thanks Buddy. You suggestion is marvelous as like always.:good: But finest one is password setting in Alphanumeric ("Mix up your capital and lower-case letters, even substitute characters for letters or numbers"). I must add your suggestion & Adam one in OP. Thanks buddy.
You're welcome. Thank you both for the kind words always happy to catch up with my Royal friends!
chandrus1983 said:
Yes I will write when I get on pc, and ask more info about the afaria app from my brother.and update it.
From my Limited Edition SGR
Click to expand...
Click to collapse
AppLocker is a SW which lets you Lock ANYTHING n EVERYTHING in your phone,
you can lock, Messages,Contacts,Mail,Gallaery, etc etc, if you wish, you can lock all the apps, by just selecting LOCK ALL option, which is there in the App.
AFARIA is a device administrator, it is used by professionals whose mails and calender events strictly private/confidential,
my brother works for HP, he uses this app, and ofc it is recommended by the company,
he cannot access his mails and events, if this app is disable or enabled,
in his Galaxy Note he has installed it, and all the security options like swipe,number lock is disabled...
only Password is available, you cant set anyother lock other than Password...
If you try to remove this app, all your mails,events and personal data will be deleted
APP Lock - https://play.google.com/store/apps/details?id=com.domobile.applock&feature=search_result
Afaria - https://play.google.com/store/apps/details?id=com.Android.Afaria&feature=search_result
Mobile security not only matters about protecting our data from phising and virus attacks but also protecting it when v lost our device. Because a smartphone falling into wrong hands can cause so much of trouble. So just wanna list down following points interms of mobile security
When u buy a new smartphone, take a mobile-insurance along with it (atleast for an year). We may sometime doesn't know its importance. But it matters a lot. It comes around of 3% of mobile cost. Keep your bills and insurance papers safely.
For all important personal contents (Contacts, Pics, Videos, Docs, Messages) you store in smartphone, have a secondary backup in your system or hard disk. It comes in handy when ur phone is totally dead or lost. Take this backup atleast once in two months. Lots of software available for this.
Use personal lock apps like "Keep safe" to lock/hide your personal data.
Use Mobile security apps like "Lookup" or "Avast". Even if not for its ant-virus feature, but must for its features of "Anti-theft" features. Apps that help in locating the device if in case the mobile is stolen and kept on.Or when your sim card is replaced with a new sim, sending out a sms from the new sim to a pre-configured number.
Apart from all these, an important feature is to destroy all your personal contents (complete Erase) in your mobile if in case it is stolen. This will prevent our data falling in hands of wrong people.More than device, our data matters a lot.
I'm a personal victim of a stolen mobile phone, my Wave II. Since that was the time, i flashed a leaked Bada 2.0, no data was there in my mobile. So atleast i was happy with that. I had my mobile insurance which got me the 80% of money which led my way to Android world via Galaxy R.
This seems so fine when our mods and RC buddies are giving there time for issues which we usually neglect. Thanks selva buddy. Added ur suggestion in OP.:thumbup:
Sent from my GT-I9103 using xda premium
FAQ
below are few questions which might help you to update FAQ in OP :
1) Can we change/contol the permissions of an application in a rooted/non-rooted phone dynamically ? could any adverse effect if i do this ?
2) I there any encryption software which encrypt stored data/password (remembered password etc)? is this required ( or android inharit encryption is sufficient ) ?
3) what is meaning of basic permissions in layman's terms ?
4) if i trust application A and give it sensitive permissions and application B does not required major permission ; is it possible application B gain access of application A's data instead of direct access of system data ? how dangerous it is and if there any example out there?
5) any indication on device (behaviour) through which i can find out if my device is hacked/leaking information etc ??
6) is andorid secure then windos in normal uses terms ? for example is it more secure if i use a bank website on my android phone insted of my anti-virous protected windows machine or vice-versa ?
ashvyas said:
below are few questions which might help you to update FAQ in OP :
Click to expand...
Click to collapse
Hey buddy. Nice suggestion.:good: But we Need answer of these Question first. So, I think we must find them. What do you say.?:fingers-crossed:
Okay, so, I summed up some 5 articles on this subject - in the hope of starting a discussion about device security. I hope you will find this interesting and meaningful and perhaps you will find out about some of the risks of using Android.
2 months ago Juniper Networks, one of the two biggest network equipment manufactures, published a blog post (1) about an intensive research their mobile threat department had on the Android market place.
In essence they analyzed over 1.7 million apps in Google Play, revealing frightening results and prompting a hard reality check for all of us.
One of the worrying findings is that a significant number of applications contain capabilities that could expose sensitive information to 3rd parties. For example, neither Apple nor Google requires apps to ask permission to access some forms of the device ID, or to send it to outsiders. A Wall Street Journal examination (2) of 101 popular Android (and iPhone) apps found that showed that 56 — that's half — of the apps tested transmitted the phone's unique device ID to other companies without users' awareness or consent. 47 apps — again, almost a half — transmitted the phone's location to other companies.
That means that the apps installed in your phone are 50% likely to clandestinely collect and sell information about you without your knowledge nor your consent. For example when you give permission to an app to see your location, most apps don't disclose if they will pass the location to ad companies.
Moving on to more severe Android vulnerabilities. Many applications perform functions not needed for the apps to work — and they do it under the radar! The lack of transparency about who is collecting information and how it is used is a big problem for us.
Juniper warns, that some apps request permission to clandestinely initiate outgoing calls, send SMS messages and use a device camera. An application that can clandestinely initiate a phone call could be used to silently listen to ambient conversations within hearing distance of a mobile device. I am of course talking about the famous and infamous US Navy PlaceRaider (3).
Thankfully the Navy hasn't released this code but who knows if someone hadn't already jumped on the wagon and started making their own pocket sp?. CIO magazine (4) somewhat reassures us though, that the "highly curated nature of [smartphone] application stores makes it far less likely that such an app would "sneak through" and be available for download."
A summary by The Register (5) of the Juniper Networks audit reads that Juniper discovered that free applications are five times more likely to track user location and a whopping 314 percent more likely to access user address books than paid counterparts. 314%!!!
1 in 40 (2.64%) of free apps request permission to send text messages without notifying users, 5.53 per cent of free apps have permission to access the device camera and 6.4 per cent of free apps have permission to clandestinely initiate background calls. Who knows, someone might just be recording you right now, or submitting your photo to some covert database in Czech Republic — without you even knowing that your personal identity is being compromised.
Google, by the way, is the biggest data recipient — so says The Wall Street Journal. Its AdMob, AdSense, Analytics and DoubleClick units collected data from 40% of the apps they audited. Google's main mobile-ad network is AdMob, which lets advertisers target phone users by location, type of device and "demographic data," including gender or age group.
To quote the The Register on the subjec, the issue of mobile app privacy is not new. However Juniper's research is one of the most comprehensive looks at the state of privacy across the entire Google Android application ecosystem. Don't get me wrong. I love using Google's services and I appreciate the positive effect this company has had over how I live my life. However, with a shady reputation like Google's and with it's troubling attitude towards privacy (Google Maps/Earth, Picasa's nonexistent privacy and the list goes on) I sincerely hope that after reading this you will at least think twice before installing any app.
Links: (please excuse my links I'm a new user and cannot post links)
(1) forums.juniper net/t5/Security-Mobility-Now/Exposing-Your-Personal-Information-There-s-An-App-for-That/ba-p/166058
(2) online.wsj com/article/SB10001424052748704694004576020083703574602.html
(3) technologyreview com/view/509116/best-of-2012-placeraider-the-military-smartphone-malware-designed-to-steal-your-life/
(4) cio com/article/718580/PlaceRaider_Shows_Why_Android_Phones_Are_a_Major_Security_Risk?page=2&taxonomyId=3067
(5) theregister co.uk/2012/11/01/android_app_privacy_audit/
____________________________________________________________________________________________
Now I am proposing a discussion. Starting with - do we have the possibility to monitor device activity on the phone? By monitoring device activity, such as outgoing SMSs and phone calls in the background, the camera functions and so on we can tell if our phone is being abused under the radar and against our consent. What do you think?
.
I am finding it sad and troubling but even more so ironic that nobody here cares about this stuff.
Pdroid allows you to tailor your apps and what permissions your device actually allows on a per app basis. Requires some setup, and the GUI is nothing fancy.. but for those worried about permissions, it is quite ideal.
Edit : http://forum.xda-developers.com/showthread.php?t=1357056
Great project, be sure to thank the dev
Sent from my ADR6425LVW using Tapatalk 2
DontPushButtons said:
Pdroid allows you to tailor your apps and what permissions your device actually allows on a per app basis
Click to expand...
Click to collapse
Sounds good for a start, I'll look it up
pilau said:
Sounds good for a start, I'll look it up
Click to expand...
Click to collapse
Okay, so I looked it up, and Pdroid does look like a fantastic solution to control what apps have access to what information on your droid.
However, it doesn't cover monitoring hardware functions such as texts being sent, calls being placed etc. as described in the OP. Besides, it only works in Gingerbread as far as I could gather.
EDIT: looking at PDroid 2.0, it does exactly what I originally asked
pilau said:
Okay, so I looked it up, and Pdroid does look like a fantastic solution a control what apps have access to what information on you droid.
However, it doesn't cover monitoring hardware functions such as texts being sent, calls being placed etc. as described in the OP. Besides, it only works in Gingerbread as far as I could gather.
Click to expand...
Click to collapse
I actually first found out about it on an ics rom, so it's definitely not just gb. As for monitoring, no clue. Any sort of extra process logging would likely bog down resources or space eventually.
Sent from my ADR6425LVW using Tapatalk 2
DontPushButtons said:
Any sort of extra process logging would likely bog down resources or space eventually.
Click to expand...
Click to collapse
I definitely wouldn't know. This solution looks very complicated in first impression but on the Google play page it says 100% no performance effects.
Anyway, I looked up PDroid 2.0 here on XDA, which is the rightful successor of the original app. It does everything the original app does and also monitors many device activities! Here is the full list of features. I would add a working link but I'm still a n00b and I am restricted from doing so. Sigh....
forum.xda-developers com/showthread.php?t=1923576
PDroid 2.0 allows blocking access for any installed application to the following data separately:
Device ID (IMEI/MEID/ESN)
Subscriber ID (IMSI)
SIM serial (ICCID)
Phone and mailbox number
Incoming call number
Outgoing call number
GPS location
Network location
List of accounts (including your google e-mail address)
Account auth tokens
Contacts
Call logs
Calendar
SMS
MMS
Browser bookmarks and history
System logs
SIM info (operator, country)
Network info (operator, country)
IP Tables(until now only for Java process)
Android ID
Call Phone
Send SMS
Send MMS
Record Audio
Access Camera
Force online state (fake online state to permanent online)
Wifi Info
ICC Access (integrated circuit-card access, for reading/writing sms on ICC)
Switch network state (e.g. mobile network)
Switch Wifi State
Start on Boot (prevents that application gets the INTENT_BOOT_COMPLETE Broadcast)
I've always had the luxury of someone else integrating it into the Rom, then I just had to set it up through the app. It is time-consuming, but not very difficult at all. I say give it a shot and see if that's what you had in mind. Maybe the logging is less detrimental than I had previously thought.
I'm sure you could get your post count up by asking for some tips in that thread. Every forum on xda has at least one person that's EXCESSIVELY helpful, frequently more. So have a ball
Sent from my ADR6425LVW using Tapatalk 2
Hey XDAian...:laugh:
Get ready for few suggestions & discussion.
Based on some pretty interesting facts about "mobile in general", The smartphone segment has brought accessibility to millions around the world, at work and at home. Naturally, all the data in those devices, wirelessly accessible, becomes a gold mine for those with nefarious motives to exploit.
On the work front, smartphones are a huge contributor to productivity. At home, they provide meaningful and useful (and sometimes redundant) ways to stay in touch with friends and family. The more of these devices we buy, the bigger the opportunity is for criminals, because there are so many ways to get the data. We might lose a device, or its is stolen, we might download a bad application, or soon brush against an NFC tag or visit a bad web-page. The possibilities are so diverse compared to a PC or server farm hardwired to the internet.
With the tremendous growth of the smartphone market not expected to slow down anytime soon, people and organizations must be vigilant in guarding against breaches of their data and/or personal information. Even as organized hackers work on ways to score the high-value breach, they are working on high-volume, low-risk attacks against weaker targets as well.
In addition to some tips about securing mobile devices, the infographic has some interesting facts from 2011 in there as well, such as 855 breaches resulted in the theft of 174 million records.
We Need some Security Applications for preventing our valuable data (like Msgs, Contacts, Pin codes etc). Therefore, from my side this thread belong to all XDAians.
Please suggest the latest, finest Applications & few tremendous suggestion from all Devs, RC, RD & Members.
I like a Security based Application called LBE Privacy Guard to Prevent sending data through various applications installed at our Mobile.:good:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Some Great Ideas Received from Our XDA Members. Which are here follows:
As this OP thread may become too long so, for Batter view just press "Show Contents" for there suggestions.
A Very Big thanks to Android Police, Phone Arena & Android Authority for survey about malwares & security.
How to secure your Android phone and protect your data
All software has security vulnerabilities. It is a fact. You only need to look at the software updates that are issued by the big companies like Microsoft, Adobe, Apple and Google to see how prevalent is this security problem. Smartphones aren’t immune, not iPhones, not Windows Phones and not Android. But there are some simple things you can do that will drastically reduce your exposure and help secure your Android phone or tablet, as well as protect your data.
A recent report by Check Point, the firewall maker, estimated that €36+ million has been stolen from corporate and private bank accounts in Europe by a group running a campaign of attacks known as “Eurograbber”. The campaign infected victim’s mobile phones with a piece of malware which could intercept SMS messages. When the victim used their online banking the SMS authentication code sent to the phone was intercepted. This then allowed the attackers to access the victim’s account.
Securing your smartphone and protecting yourself against malware isn’t about stopping some annoying virus getting on your device, it is about protecting your money, data and privacy.
There are several different areas in which you can improve your phone’s security including physical access, malware protection and encryption.
Who has access to your phone?
RULE #1 – Never leave your phone laying around where uninvited guests can access it
Before looking at things like malware and data stealing apps, the simplest form of security is to limit physical access to your phone. There maybe lots of sophisticated remote attacks out there but if all I need to do is quickly pickup your phone and access your emails, PayPal, eBay or Amazon account while you pop off to get a coffee then all the security software in the world won’t do you any good.
RULE #2 – Use a lock screen
It is also essential that you use a lock screen. This stops everyone from small kids to determined snoopers from sneakily accessing your device. Modern Android versions have a whole gamut of lock screen options including pattern unlock, PIN numbers and password protection. To set these go to Settings and then tap Security. You can also customize how quickly the lock is automatically applied.
RULE #3 - Set a PIN to protect purchases on Google Play
It is also possible to set a PIN for purchases in Google Play. With the PIN any would-be trickster (or small child) won’t be able to buy content from Google’s app store. To set it, start the Google Play app, go to setting and then tap “Set or change PIN”. After the PIN is set, tap “Use PIN for purchases” to require the PIN before purchasing anything from the store.
RULE #4 – Install a phone location app or use a security app with an anti-theft component
Keeping your phone nearby and using a lock screen will thwart snoopers but the determined criminal will simply just walk away with your phone and try to extract the data later or simple wipe your phone and try and selling it. The first few hours after you phone has been taken are the most critical. To find your phone it is important to use a phone location service like Where’s My Droid or install a security app with an anti-theft option like avast! Mobile Security.
Malware
RULE #5 – Don’t install apps from dodgy third party sites, stick to places like Google Play or the Amazon appstore
Because Android is so popular, it is normal for it to become a malware target. Malware authors don’t waste their time writing malware for a phone operating system that no one is using. This means that there is lots of Android malware out there. But here is thing, how does Android malware spread? Unlike worms, which spread automatically over the network or viruses which tend to spread via USB flash drives etc., the majority of Android malware needs to be installed manually. There have been some exceptions but in general it is unsuspecting users that install the malware themselves onto their own phones.
The malware authors have lots of dirty tricks to try and fool potential victims into installing their malware. One very common approach is to offer a free version of a popular non-free app with the malware hidden inside the app. Greedy users who think they are getting a bargain because they have managed to save $0.69, but in fact are infecting their devices with malware. Over 99% of Android malware is spread via third party app sites. Don’t use them.
RULE #6 – Always read the reviews of apps before installing them
RULE #7 – Check the permissions the app needs. Games generally don’t need to send SMS messages etc
A small percentage of malware is spread via Google Play, but the apps in question normally only survive a few hours on the store before being removed. To avoid such rare cases it is always important to read the reviews of other users and always check the app permissions.
RULE #8 – Never follow links in unsolicited emails or text messages to install an app
If the malware authors can’t get you via a third party store or their apps are taken down from Google Play, they have one more trick, unsolicited emails and text messages asking you to install an app. In the “Eurograbber” campaign, what the attackers did was infect the victim’s PC with a piece a malware (something which is a lot easier than infecting an Android phone) and then via that malware they tricked the user into installing their “enhanced security” app on their phone. The PC malware monitored the victim’s Internet usage and when they went to an online banking site the malware pretended to be a warning from the bank telling them to install an app on their smartphone. It was all downhill from there for the poor victim.
RULE #9 – Use an anti-virus / anti-malware app
Even with diligence it is possible for malware to find its way on to your device. It is therefore important that you install an anti-virus / anti-malware app. This best antivirus apps for Android article will help you choose one, but if you don’t have time right now then go for Kaspersky Mobile Security (paid) or avast! Mobile Security (free)
Rooting
RULE #10 – Don’t root your phone unless you absolutely need to
Some of my colleagues here at Android Authority are very keen on rooting and I can understand why. The lure of custom ROMs and the ability to tweak different parts of the OS are all part of what makes Android great. But, Android was designed with a very particular security model which limits what an app can do. By rooting a device this security model breaks. Even the CyanogenMod team acknowledged that there are limited uses for root and none that warrant shipping the OS defaulted to unsecured. The problem is there are specific types of Android malware that circumvent Android’s security mechanisms by using the existing root access. With root access, the malware can access parts of Android that are supposed to be protected by the permissions system.
Encryption
RULE #11 - If your device has valuable data on it then use encryption
Since Android 3 it is possible to use full encryption on a phone or tablet. By encrypting your device all the data including your Google Accounts, application data, media and downloaded information etc. becomes inaccessible without the right password or PIN. Every time you boot the device you must enter the PIN or password to decrypt it. If your device has valuable data on it using this encryption is a must. NASA recently had an embarrassing episode where a laptop was taken that held personally identifiable information of “at least” 10,000 NASA employees and contractors. After the incident NASA decided that any devices that leave a NASA building need to use full disk encryption.
RULE #12 – Use a VPN on unsecured Wi-Fi connections
While on the subject of encryption it is worth remembering that if you are using a public unsecured Wi-Fi hot spot all of the data that is send using http:// (rather than https://) can be seen my any network snooper. In the past security researchers have shown how easy can be to steal passwords to the popular social networking sites just by using a laptop and waiting around near a public open hot spot. To avoid revealing your password and other data, don’t use open Wi-Fi hot spots or use a virtual private network (VPN) to secure your connection.
Conclusion
If you follow these twelve rules and remain vigilant you should never have any security troubles with malware, thieves, hackers or any small furry animals! OK, that last part isn’t true, but the rest is!
Source: Android policereserved for articles
Android malware perspective: only 0.5% comes from the Play Store
Are Android apps secure enough for us to let them handle our finances and personal information? Quite a few of them aren't, according to a recent research that analyzed how well various applications protect the user's sensitive data. The study was conducted by the Leibniz University of Hannover, Germany, in partnership with the Philipps University of Marburg, the researchers came up with a list of 41 Android apps that should use tighter security measures.
In particular, these apps were discovered to expose the user's data at risk while a device running Android 4.0 is communicating with a web server. What's even more worrying is that these insecure apps were among the most popular ones on Google Play, being downloaded between 39.5 million and 185 million times already. The names of the applications were not disclosed.
"We could gather bank account information, payment credentials for PayPal, American Express and others," the researchers wrote after conducting their study. "Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted." The contents of e-mails and instant messages could also be accessed.
But how could one use these apps' security flaws to their advantage? Simply put, if an Android smartphone or a tablet is connected to a vulnerable local area network, such as a Wi-Fi hotspot, an attacker could potentially crack the security protocols used by the apps and snoop on the data they exchange. Sure, the attacker will need to have a certain exploit monitoring the activity on the network, but obtaining access to such a tool isn't as hard as it may seem.
Scary stuff, we know, which is why there should be more awareness amongst developers about implementing proper security features within apps, as the researchers suggest. There are certain methods that can make security protocols tougher to crack, or the apps could simply be checked for vulnerabilities at the time they are being installed. In fact, Google is said to have ramped up security in Android 4.2, thus likely making the platform more resistant to hacks like the one described above. What measures have been taken, however, will be known with certainty in a few days – On October 29, to be more specific, which is when a new Android release is probably going to be unveiled.
For more in Deep: check out here: Click Here
Over 60% of Android malware steals your money via premium SMS, hides in fake forms of popular apps
Over 60% of Android malware steals your money via premium SMS, hides in fake forms of popular apps
Like any popular platform, Android has malware. Google’s mobile operating system is relatively new, however, so the problem is still taking form. In fact, it turns out that the larger majority of threats on Android come from a single malware family: Android.FakeInstaller, also known as OpFake, which generates revenue by silently sending expensive text messages in the background.
McAfee says that the malware family makes up more than 60 percent of Android samples the company processes. So now the question is: why is this malware so popular amongst cybercriminals?
The reason is simple: it’s extremely effective. Android users seem to fall for fake apps on a regular basis. Furthermore, since the whole of the malware appears to make money, it’s not surprising that those behind this one continue to keep it updated. McAfee agrees:
Malware authors appear to make lots of money with this type of fraud, so they are determined to continue improving their infrastructure, code, and techniques to try to avoid antivirus software. It’s an ongoing struggle, but we are constantly working to keep up with their advances.
This malware type has been in the news for months, mainly because there have been so many fake apps created, including for popular ones like Instagram and Skype. On top of that, those behind it seem to keep adding various types of functionality to avoid detection by antimalware solutions, including server-side polymorphism, obfuscation, antireversing techniques, and frequent recompilation.
How it works
Cybercriminals typically create fake versions of a given popular Android app to earn money from unsuspecting users. There have also been instances of the malware being bundled with a legitimate version of popular apps. The apps appear to be legitimate, including screenshots, descriptions, user reviews, videos, and so on. Users never get the app they want, but instead get a lot more than they bargained for.
The malware authors often set up fake websites advertising the fake version of the app. Many of these are shared on questionable websites, but many are also shared on fake Facebook and Twitter accounts that spam legitimate users on social networks.
Upon installation, the malware often displays a service agreement that tells the user that one or more SMS messages will be sent. The user is forced to click an Agree or Next button, but some versions send the messages before the victim even taps the button. There are often fake progress bars to keep the user further in the dark.
Either way, the devil is in the details. In the background, the malicious app sends expensive international text messages to earn its creators revenue. Some variants even connect to a Command & Control (C&C) server to send and retrieve data, as well as await further instructions.
Early versions of FakeInstaller were created only for Eastern European users, but malware developers have expanded their fraud to other countries by adding instructions to get the device’s Mobile Country Code and Mobile Network Code. Based on that information, the malware selects a corresponding premium-rate numbers.
How to protect yourself
The good news here is that since this malware family is so prevalent, it’s rather easy to avoid it: just don’t download fake apps. Android lets you download and install apps from anywhere, but unless you know what you’re doing, you shouldn’t be installing anything and everything you can on your phone or tablet.
If you want to significantly reduce your chance of getting malware such as this one, only install apps from the official Google Play store. That being said, malware has snuck into the store before, so it can happen again.
As a result, the way to protect yourself is the same as on any other platform: don’t click on questionable links and don’t download random apps. Always check to see if what you’re getting is legitimate and you should be fine.
Android’s malware problem is getting worse, and only users of the latest version are safe from harm
Earlier this year, we saw a report that said there was a 163% rise in the number of malware-infected Android devices in 2012. As shocking as that figure might be, we have a new report now that says the problem has blown up even further.
According to a recently published report[1] from networking vendor Juniper Networks, the number of mobile threats grew an astonishing 614% from March 2012 to March 2013. This equates to a grand total of 276,259 malicious samples, according to research done by the company's Mobile Threat Center or MTC.
What exactly constitutes such a large amount of mobile threats? It is said that the majority of these mobile threats — 77% of the total — come in the form of money-siphoning applications that either force users to send SMS messages to so-called premium-rate numbers or somehow manage to perform the sending of SMS messages all on their own.
They go virtually undetected as they are normally bundled with pirated apps and appear as normal applications. Typically, these malicious apps can net their creators an average profit of about $10 per user, according to Juniper Networks.
As it is currently the most popular mobile device platform in the world, it's easy to see why Android would be targeted with such malicious activities. But perhaps you're wondering, is there anything that can be done to combat this problem?
ndeed, there is. In Android 4.2 Jelly Bean, a new safety feature was introduced in order to stop wayward SMS messages dead in their tracks. But that in itself is a huge problem: Android 4.2, the latest version of the Google mobile operating system, is only available on a tiny fraction of all Android-powered devices out on the market. In fact, many of today's newer devices don't even ship with it. So the relevant safety features, as useful as they might be, becomes pretty much useless.
Even worse, the money-making malware mentioned above represents only one type of mobile threat on Android. Android spyware is also present, accounting for 19% of the total malicious samples collected in the above-mentioned research. These could potentially put a user's privacy at risk, collecting sensitive data and all kinds of information then relaying them to the spyware's creator.
Trojan apps have also been discovered to be part of the overall Android ecosystem. Although they form a very small part of the entire body of mobile threats on Android right now, it is possible for them to become more widespread in the future. If the fix really only lies in having the latest version of Android installed on a device, and the issue of fragmentation — not to mention the slow software updates from carriers and OEMs — persists, that's almost a certainty.
What do you think could be done to finally overcome these kinds of problems? Will it be the end of Android as we know it? Let us hear your thoughts in the comments.
Mobile malware getting out of control? Study claims 614% increase on year, Android accounts for 92% of total infections
A terrifying report was released two days ago by the Mobile Threat Center arm (MTC) of Juniper Networks – a manufacturer of network equipment with a hefty stake in enterprise security. According to Juniper, its MTC research facility is dedicated to 'around-the-clock mobile security and privacy research'. The MTC found mobile malware growing exponentially at an alarming rate – a 614% on year increase reaching a total of just about 280,000 malicious apps.
Read full article here
A major app vulnerability has been found which can be effect 99 percent of the Android smartphones on the planet.
A major app vulnerability has been found which can be effect 99 percent of the Android smartphones on the planet. The issue was unraveled by Bluebox security, which claimed to have found an ‘Android Master Key’ that could allow a hacker to turn any Android app into a malicious zombie.
This basically means that an app could allow hackers to capture data and control a device remotely, without the owner and the app developer knowing about it.
And the kicker is that, this is not a new vulnerability as Bluebox has discovered that it has existed since Android 1.6 Donut, which is four years old.
Jeff Forristal, CTO of Bluebox securities revealed that his company had found a way where in a hacker could possibly load an app with malware and still make it appear to be a legitimate file. This bit is important because verified apps are granted full access by default on the Android system.
However, on the bright side apps on the Google Play store are impervious to this problem, so if one sticks to downloading apps from the Play store then one is in the clear. That said, there are a number of third party app stores and users can even download APKs directly off the web and here’s where the danger lies as it is possible for users to download tampered apps.
This problem is accentuated more in countries like China where users like to use local app store over the Google Play store and many OEMs like Xiaomi don’t even bundle the Google Play store on the device by default.
Bluebox securities claims that it reported the problem to Google way back in February and the issue has already been resolved for the Galaxy S4 and currently Google is taking a look at the Nexus range of hardware.
Cryptographic bug in Android lets hackers create malicious apps with system access
Security researchers have found a bug in Android which allows them to create malicious Android apps which appear to be genuine with the correct digital signatures. In computing, digital signatures allow any piece of data, including an app, to be checked to see that it is genuine and actually comes from the author. Now, due to a bug in Android, it is possible to create a fake app and sign it so it looks like a real app from any author including Google, or others like Samsung, HTC and Sony.
Since the digital signatures of Google and handset manufacturers can be faked it is possible to create a low level system app which has absolute access to the device. These system apps, which have what is known as 'System UID access' can perform any function on the phone including modifying system-level software and system-level parameters.
If such an app is installed on an Android phone, the user would be completely vulnerable to a multitude of attacks including key-logging and password sniffing. The researchers at Bluebox Security informed Google about the flaw (Android security bug 8219321) back in February and are now planning to reveal details of the bug at an upcoming security conference.
More details -> here
Survey: Juniper Networks Whitepaper (Warning: PDF)
reserved.
Thanks for this thread buddy
Sent from my GT-N7100 using xda app-developers app
Tha TechnoCrat said:
Thanks for this thread buddy
Sent from my GT-N7100 using xda app-developers app
Click to expand...
Click to collapse
Great to see you here buddy. Actually I wanted to shift my whole thread here but MOD denied and ask me to carry on with new phase. So here I am.
Thank you Vikesh for creating this thread.
In my view
Everyday every hour and every minute hackers are coming up with new viruses and malware
Not only they can corrupt your phone but also steal confidential information like credit card number, password and other important data.So every Android user should spend some money on the anti viruses to save your confidential information and money of course.
Sent from my GT-I9103 using xda app-developers app
Major app vulnerability found, could effect 99 percent Android smartphones
A major app vulnerability has been found which can be effect 99 percent of the Android smartphones on the planet. The issue was unraveled by Bluebox security, which claimed to have found an ‘Android Master Key’ that could allow a hacker to turn any Android app into a malicious zombie.
Continue in post 3
Cryptographic bug in Android lets hackers create malicious apps with system access
Security researchers have found a bug in Android which allows them to create malicious Android apps which appear to be genuine with the correct digital signatures. In computing, digital signatures allow any piece of data, including an app, to be checked to see that it is genuine and actually comes from the author. Now, due to a bug in Android, it is possible to create a fake app and sign it so it looks like a real app from any author including Google, or others like Samsung, HTC and Sony.
continue in Post 3
Every GSM phone needs a SIM card, and you'd think such a ubiquitous standard would be immune to any hijack attempts. Evidently not, as Karsten Nohl of Security Research Labs -- who found a hole in GSM call encryption several years ago -- has uncovered a flaw that allows some SIM cards to be hacked with only a couple of text messages. By cloaking an SMS so it appears to have come from a carrier, Nohl said that in around a quarter of cases, he receives an error message back containing the necessary info to work out the SIM's digital key. With that knowledge, another text can be sent that opens it up so one can listen in on calls, send messages, make mobile purchases and steal all manner of data.
Apparently, this can all be done "in about two minutes, using a simple personal computer," but only affects SIMs running the older data encryption standard (DES). Cards with the newer Triple DES aren't affected; also, the other three quarters of SIMs with DES Nohl probed recognized his initial message as a fraud. There's no firm figure on how many SIMs are at risk, but Nohl estimates the number at up to 750 million. The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. Nohl plans to spill the beans at the upcoming Black Hat meeting. If you're listening, fine folks at the NSA, tickets are still available.
Source-Tech Geek
"Thanks button is just to avoid "THANKS" posts in threads. Nothing more than that. Don't ask in signature or post for it and defeat the purpose why it was introduced"
Great info buddy. :good:
Thanks,
Disturbed™
Sent from my Disturbed™ Galaxy S4 using Tapatalk (VIP)
______________________________________________________
Wait for my time, U gonna pay for what U have done. - Disturbed™
Informative read. You also understand why the stores charge their Developer fees now. Not all third party sites host malware however. A lot of the buying community is ignorant (and understandably so) in detecting if malware has been applied. It's up to the community of ubiquitous OSs to report
JeffM123 said:
Informative read. You also understand why the stores charge their Developer fees now. Not all third party sites host malware however. A lot of the buying community is ignorant (and understandably so) in detecting if malware has been applied. It's up to the community of ubiquitous OSs to report
Click to expand...
Click to collapse
can provide more info for it?
Thanks,
Disturbed™
Sent from my Disturbed™ Galaxy S4 using Tapatalk (VIP)
______________________________________________________
Wait for my time, U gonna pay for what U have done. - Disturbed™
Malware using the Android Master Key intercepted in the wild, here's how to protect i
Malware using the Android Master Key intercepted in the wild, here's how to protect yourself
It was back at the beginning of the month when we first broke for you the news of a new, massive vulnerability, plaguing 99% of Android devices. First discovered by mobile security company Bluebox, the flaw was reported to Google back in February. Since then, Google has patched the Play Store and has provided its OEM partners with a patch for it.
Yet here we are again. And now it's official – the first detected malware taking advantage of the vulnerability has been intercepted by Symantec whilst running amok in China. The security giant reports that the code has been implanted in otherwise legit apps that help you find and appoint a meeting with a doctor. The source of the infected app? A third-party store, of course.
We won't get into the tech lingo, instead we'll just report that according to Symantec, the exploit grants said malicious code remote access to infected devices. This leaves the gates wide open, the company claims, for a wrongdoer to steal sensitive information such as your IMEI, phone number, and also send premium SMS messages and execute root commands.
Click here to know more
what is the best antivirus?
lolmann101 said:
what is the best antivirus?
Click to expand...
Click to collapse
For android, I may say your awareness is the best. First install the LBE Security Master. Let you know which application is gaining which privilege .
But if you want then you can check the first 1 to 4 posts. its in that.
How Google has been making Android a safer place since 2012
Last year in June, Google brought Android Jelly Bean 4.1 to the world. It was a wonderful day, too. It brought with it Project Butter, which spelled the end for lag for a lot of people. Android was running smoother and more complete than ever. Who’d have known that just a year later, we’d be introduced to Jelly Bean not for the second time, but for the third time. Android 4.3 was a mixed bag. Some people were disappointed that it wasn’t Key Lime Pie, but most were happy to see a plethora of improvements, some new features, and even more optimizations. One little footnote that most people have skimmed over so far, though, has been the added security.
It’s not news that malware stories are everywhere. Some of them are no big deal and some are completely ridiculous. Thanks to that, anti-virus companies have been cleaning up. People are more scared of malware on Android now than ever before and they’re flocking to anti-virus apps by the millions. It’s getting to the point where apps like Lookout are coming pre-installed on many devices when they’re shipped out. All because of some malware that, most of the time, is impossible to get unless you download apps from outside the approved channels.
Well, apparently Google is going to fix this problem themselves. JR Raphael over at Computer World has written up an excellent post about how Google is quietly keeping us safe. As it turns out, that little footnote that says that Android 4.3 contains security improvements probably shouldn’t have remained a footnote. It should’ve been printed on billboards and discussed everywhere.
You may have seen inklings of these security features already. We’ve covered one of them, the Android 4.3 Permission Manager, commonly known as Apps Ops. This nifty little feature lets you control what permissions your apps can use. It’s a lovely and powerful feature that’s baked right into Android 4.3. It’s still in beta right now, but eventually that’ll be a part of everyone’s Android experience.
So what other security enhancements does Google have in store for Android 4.3?
We are glad you asked. According to JR Raphael, Google has been working on these security features for years. We’ll do a quick breakdown.
Starting with Android 4.2, there was a feature called Verify Apps that was added. This scans phones both downloaded and side-loaded to make sure they didn’t contain malware or pose a threat.
Verify Apps was eventually made available to all devices from 2.3 onward. According to JR Raphael, that’s 95% of Android devices running currently.
This now works in tandem with another older feature, the app scanner in the Google Play Store that scans apps as they’re submitted to Google Play to make sure they aren’t malicious. This is why you can always download from Google Play without worries.
All of these features are currently on Android devices right now.
But wait, there’s more. In Android 4.3 specifically, they have added yet another security feature called SELinux. This stands for Security-Enhanced Linux and it essentially keeps the important parts of your phone safe. Most notably the operating system. So there is protection everywhere.
So we’ll add this up one more time. In the last two years, Google has implemented,
An app scanner in the Google Play Store that scans every single app uploaded and submitted. It rejects the bad apps and keeps the good ones.
A system on devices from Android 2.3 and up called Verify Apps that scans every app that gets installed on your device to make sure it’s not malicious. Keep in mind that if you download an app from the Google Play Store, it gets scanned twice.
Apps Ops –which is still in beta– that will let you control the individual permissions of any application you download and install. So if you don’t want, say, Facebook to see your location, you can prevent that from happening.
SELinux, a Linux security feature that protects the core operation system functionality.
Let’s not forget what you, the consumer can do to protect yourself,
Only download apps from known and trusted sources. These include the Play Store and the Amazon App Store, among others.
Use your common sense. In most cases, malware apps are easy to spot. If you download the free Angry Birds cheat app from GivingYouMalware.com, the end result is rather predictable.
So without an anti-virus app, there are 6 things that are protecting you from the big bad malware threats. That’s a whole lot more than most people realize and it’s an ever expanding project from Google to keep everyone safe from garbage applications. Now here’s the big question. Do you think it’s enough? Or should Google keep going?
@Disturbed™ buddy could you post that new KNOX feature here?
Sent from my GT-I9103 using xda app-developers app
Few words from Wikipedia:
Samsung Knox (trademarked Samsung KNOX) is an enterprise mobile security solution that addresses the needs of enterprise IT without invading its employees' privacy. The service, first released on the Samsung Galaxy S4 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung Knox is an Android-based platform that uses container technology, among other features, to allow for separation of work and personal life on mobile devices.
Services
Samsung Knox provides enterprise security features that enable business and personal content to coexist on the same handset. The user presses an icon that switches from Personal to Work use with no delay or reboot wait time. Knox will be fully compatible with Android and Google and will provide full separation of work and personal data on mobile devices. Samsung claims that the Knox service "addresses all major security gaps in Android."
The Knox service is part of the company's Samsung for Enterprise (SAFE) offerings for smartphones and tablets. Samsung Knox’s primary competitor is Blackberry Balance, a service that separates personal and work data, but BlackBerry’s service does not include management of work space through containers in Active Directory and other features such as direct Office 365 and Exchange 2010, ActiveSync, iOS management, Single Sign-On, and complete customization for operability on Samsung device settings.
The service's name, Samsung Knox, is inspired by Fort Knox.
From Engadget:
Samsung's Knox security solution has tended to mostly garner headlines when the company's phones get approval from the likes of the US Defense Department, but it's now set to broaden its user base considerably. In addition to announcing that it's bolstering the offering with some help from Lookout, Samsung has also confirmed today that its opening the platform up to all consumers. That will give security-minded users an added layer of protection, with Knox letting you store personal data and run a set of pre-screened apps in a so-called container -- other apps can still be run outside the container, but with only limited access to your personal information. Naturally, you'll need a Samsung device to take advantage of it.
For more information : http://www.samsungknox.com.
Thanks: Wiki & Engadget
Almost 1,000 fraudulent apps published on Google Play in August alone
Almost 1,000 fraudulent apps published on Google Play in August alone
Yes, there are downsides to Google’s policy of letting anyone publish their apps on Google Play. Symantec has found that scammers published almost 1,000 fraudulent apps on Google Play in August alone, most of which were deleted within hours of posting on the store.
But even though Google was quick to delete the fraudulent Android apps, Symantec estimates that they were still downloaded more than 10,000 times. Symantec also says that one group is responsible for 97 percent of the fraudulent apps, which typically “include numerous links to various online adult-related sites, but one or two links actually lead to fraudulent sites that attempt to con people into paying a fee without properly signing them up for the paid service.”
Source:BGR.in