Android ui inference attack - Security Discussion

Basically, an app can use android permissions to infer when sensitive activity is happening in popular apps. Like a logon occurs, and overlays a phishing logon screen, or a picture of a check is shot from a banking app, and replays the process for itself to acquire sensitive data.
http://www.securityweek.com/researchers-target-shared-memory-hack-android-apps
Thoughts?

Related

[Q] Do Android apps like twitter, dropbox encrypt passwords?

On a browser, you can initiate an SSL connection to log into your facebook or twitter account by using https...what about these apps on Android? Do I need to worry about people intercepting my passwords??
That's entirely dependent on the application. Dropbox can use a secure channel of communication or it could communicate in the open. Based on it's methods, I'm inclined to believe it's secure but I've not tested it.
Twitter had a large push towards it's OAuth login mechanism. However, there are documented methods that don't require applications to use it. So, again, it entirely depends on the application. Really, regardless of how this is done, your password shouldn't be passed in the clear.

[Q] App Firewall - provide fake authorized access data?

Hi guys,
I have an idea against access-hungry apps on Android, since Android is so open, why don't we make an access emulation layer, if an trivial app asks for SMS and Contacts access, grant it, but you can feed fake data to it whatever you want, sort like a firewall to malicious apps.
This would involde several API hooks, is this idea plausible?
There is already something similar on iOS Cydia: Protect My Privacy
Not exactly what you invision but check out LBE Privacy Guard or PDroid Privacy Protect in Play Store. They both make fake response to privacy requests from apps such as Phone ID, Contacts, etc...

Facebook Records Your Off-facebook Activities - Turn It off Now!

There are a few privacy concerns about Facebook but Today I want to take a look at the Off-facebook activities. If it is called off-facebook, why do Facebook still have your data for activities carried outside of Facebook? Well, you can see a detailed video here:
What this implies is that Facebook collects (or shares) data from all third-party that uses any of their tools (this third-party ranges from App developers to advertisers). Examples of the tools are Facebook SDK, Facebook Pixel etc.
The more important or annoying part if you were, is that even Paid Android apps etc (MX player Pro) were sharing usage data with Facebook funny enough, there is nothing in the app that links it to Facebook.
To make matters worse, I tried to view the my activity data shared with Facebook by some of these App developers and there was no details at all.
Anyways, go to https://www.facebook.com/off_facebook_activity/
And turn it off for yourself or you can see the video for more details

Protect your privacy with Applock: Lock other apps your phone with a pin,pattern pass

You do not want anyone to be able to see sneak content on your phone. You need to protect information, privacy and prevent unauthorized access on the phone, Applock is a practical application for your phone.
Applock is an application with a simple interface but covers all the necessary functions to keep information confidential to users.
With the private lock app for Android, you can lock apps easily with pin codes, drawing passwords and fingerprints. You can optionally change the method to lock the application whenever you want. By downloading a security lock application, you don't have to worry about someone gains unauthorized access to your library application, banking application, etc.
Password locker app - fingerprint lock app[/URL] that can lock any application on your phone of your choice.
Lock all social networking applications, no one will be able to see sneak your private chats anymore.
Lock application system. System applications such as contacts, messages, collections, etc. can all be easily locked with one click.
All payment applications will have an extra layer of protection when you use Applock.

10 Facebook App Settings You Should Change Right Now

Whether you are concerned about Privacy or just that Facebook is consuming most of your limited mobile data, these 10 settings got you covered.
Well, if You log into the Facebook App (in this case Android App) here are my top 10 settings that you should Change and my reason for telling you to change it.
#1 SAVE YOUR LOGIN INFO (ON THIS DEVICE)
DON'T DO IT at least for security reasons. If you log out of the device, your login info still remains there if you didn't wipe Facebook app data and that could lead to a security breach.
#2 TURN OFF LOCATION.
Facebook uses your location for mainly ads and other kind of profiling so, always turn it off. That doesn't mean that Facebook won't know your location but at least they'll have to do a little more work to Get it (as I'll show later)
#3 TURN OFF START VIDEO IN TIMELINE WITH SOUND FROM SETTINGS
Anyway, this mainly serves Facebook interest were ads that pop up on timeline plays Automatically. At least, give yourself the chance of being the one to click on an ad because the title is catchy or the thumbnail interesting.
#4 TURN ON OPEN LINKS EXTERNALLY.
You should be the one to choose which browser opens URLS from inside Facebook App. If not, Facebook will automatically track your browsing history, activities and behaviors
#5 CLEAR YOUR BROWSING HISTORY
Since you have turned on open links externally, it is important that you also clear any browsing history left on Facebook.
#6 AUTO PLAY VIDEOS ON MOBILE DATA AND WIFI
May not be bad if you are on unlimited data plan but come on, on mobile data too? by default? Not a good news if you are on limited data. Moreso, this dumps a lot of data on app cache.
#7 & #8 ADS PREFERENCES
Ads Preferences setting is interesting because it has a lot of settings on by default that makes you want to wonder why they are on by default. There are two major parts I looked at here - Your information and Ads settings you just have to turn everything off.
#9 OFF-FACEBOOK ACTIVITIES - TURN IT OFF!
This one is so deep we made a YouTube video for it you just have to turn it off.
#10 Privacy settings.
There are loads of settings in the privacy settings that you need to change by default. You really need this one...
Bolumstar said:
https://www.youtube.com/watch?v= https://youtu.be/GHlxCvJHkmY
Whether you are concerned about Privacy or just that Facebook is consuming most of your limited mobile data, these 10 settings got you covered.
Well, if You log into the Facebook App (in this case Android App) here are my top 10 settings that you should Change and my reason for telling you to change it.
#1 SAVE YOUR LOGIN INFO (ON THIS DEVICE)
DON'T DO IT at least for security reasons. If you log out of the device, your login info still remains there if you didn't wipe Facebook app data and that could lead to a security breach.
#2 TURN OFF LOCATION.
Facebook uses your location for mainly ads and other kind of profiling so, always turn it off. That doesn't mean that Facebook won't know your location but at least they'll have to do a little more work to Get it (as I'll show later)
#3 TURN OFF START VIDEO IN TIMELINE WITH SOUND FROM SETTINGS
Anyway, this mainly serves Facebook interest were ads that pop up on timeline plays Automatically. At least, give yourself the chance of being the one to click on an ad because the title is catchy or the thumbnail interesting.
#4 TURN ON OPEN LINKS EXTERNALLY.
You should be the one to choose which browser opens URLS from inside Facebook App. If not, Facebook will automatically track your browsing history, activities and behaviors
#5 CLEAR YOUR BROWSING HISTORY
Since you have turned on open links externally, it is important that you also clear any browsing history left on Facebook.
#6 AUTO PLAY VIDEOS ON MOBILE DATA AND WIFI
May not be bad if you are on unlimited data plan but come on, on mobile data too? by default? Not a good news if you are on limited data. Moreso, this dumps a lot of data on app cache.
#7 & #8 ADS PREFERENCES
Ads Preferences setting is interesting because it has a lot of settings on by default that makes you want to wonder why they are on by default. There are two major parts I looked at here - Your information and Ads settings you just have to turn everything off.
#9 OFF-FACEBOOK ACTIVITIES - TURN IT OFF!
This one is so deep we made a YouTube video for it you just have to turn it off.
#10 Privacy settings.
There are loads of settings in the privacy settings that you need to change by default. You really need this one...
Click to expand...
Click to collapse
What great advices thank you
Or else, uninstall the Facebook crap and use a browser with an ad-blocker to access. Better yet, delete the application altogether. With the number of times, Facebook has leaked user data, I would advise to not use it at all.
arsenalfan001 said:
Or else, uninstall the Facebook crap and use a browser with an ad-blocker to access. Better yet, delete the application altogether. With the number of times, Facebook has leaked user data, I would advise to not use it at all.
Click to expand...
Click to collapse
The post is actually for people who, for some reasons, still use Facebook... ?

Categories

Resources