Related
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
BitDefender Mobile Security (BETA) is a next-gen security solution for Android devices focused on little (to zero) system or battery impact while providing access to a number of security functions in order to help you have a safer and more informed Android experience.
Currently in BETA, we’re aiming at validating a small array of features while, in background, we’re working hard on adding a host of new functionalities to add extra layers of security for your device. Our main focus is to provide as much as possible while sticking to a very strict policy in terms of performance and battery impact.
Key Features:
- Very small battery or performance impact
- On-demand malware scanner, relying fully on Cloud technology (read: no updates required)
- On-install scan - a hook on the application install event allows us to scan each application the moment it gets installed
- Security Audit - Have you ever wondered how many applications installed on your device have been granted permission to access your private data ? Or connect to the internet ? Or send text messages ? The Security Audit screen grants you the possibility to have an overview on what applications match various permissions.
FAQ:
Q: Where do I send my compliments, suggestions, bug reports and feedback ?
A: http://bdmobilesecurity.betaeasy.com
Q: Will BitDefender Mobile Security work on my device?
A: BitDefender Mobile Security works on any device running Android 2.0 and up.
Q: Does BitDefender Mobile Security require an Internet connection?
A: The application needs to communicate with the BitDefender servers in order to determine the security status of the applications which are being scanned. Therefore, it only connects to the Internet when an on-install or on-demand malware scan is performed.
Q: How will BitDefender Mobile Security impact my device’s performance and battery autonomy?
A: The impact on both parameters is very low because the application only runs when it absolutely has to - during on-install or on-demand scans and when you are browsing the application interface. BitDefender does not run in the background when you call your buddies, type a message or play a game on your device.
Q: I have A LOT of apps (and a not so powerful phone). How long will a scan usually take ?
A: It doesn’t matter how powerful your phone is since all the processing is done in the cloud. It took about 30seconds on a device with roughly 100 apps installed during our tests
Q: What does the Security Audit tell me about the applications I installed?
A: By tapping Security Audit in the application interface you can see the permissions required by each of the applications installed on your device. The permissions are grouped into three categories and you can filter the applications using any combination of the three:
- applications that require Internet access.
- applications that require access to sensitive data such as your contacts, messages, calendar entries or photo gallery.
- applications that may produce additional charges on your phone bill by sending messages or initiating phone calls.
Q: What kind of information can I see in the Event Viewer?
A: BitDefender Mobile Security keeps a log of all important actions, status changes and other critical messages related to its activity. You can access this information at any time by tapping Event Viewer in the application interface.
Screenshots:
Full album on imgur: http://imgur.com/a/1oJvi
Download http://m.bitdefender.com or from the Android market https://market.android.com/details?id=com.bitdefender.security
Since yesterday, the Bitdefender Mobile Security for Android application benefits from 2 new key features: Anti-Theft and SD Card Scanning. All the current installations will benefit from this update automatically through Android Market. Right now, Bitdefender Mobile Security sports the following functionalities:
On Demand Anti-Malware scan for the installed applications and SD Card
On install scan for applications
On mount scan for SD Card
Privacy Audit - detailing key permission-related information about installed applications
Web Security - preventing access to dangerous web content (phishing, malware, etc) by making use of the Bitdefender cloud
Anti-Theft - allowing the remote locate or wipe of a device
Anti-Theft:
In the simplest of terms, the user only has to link the device with his (or her) Bitdefender account. Once that's set, when accessing https://my.bitdefender.com, the device will be present in his "Mobile Security" area and the "Remotely wipe" and "Remotely locate" buttons will be available, as in the screenshot below
2) SD Card scanning is also a new function added in this release. Whenever an on-demand scan is performed, BMS will also check the SD Card for apps that may pose a threat to the system. Optional, the SD Card will also be scanned "on-mount" (whenever a new sd card is inserted or mounted after being connected to a computer)
Right now, the application has over 60 thousand total installations with an average of 4.4 stars rating on Android Market.
If you have any questions, don't hesitate to ask here or via private message.
Hi, i've just installed this app, i've created mu account on bitdefender website, now i think i was suppose to assigned my phone to my account...i just don't find the place to do it...can anyone help me out?
Thx
Hello,
Sorry for my late response. You can do like this:
On your Android device, start Mobile Security and click on the Anti-Theft button (the 4th button). Then, click on the Login button and enter the username and password from my bitdefender.
There you go.
Hi, thank you for the reply, well i've done that and i allways get Login failed even though i enter my credentials correctly...
For the moment there is a problem with the Bitdefender cloud servers. I will post further informations later.
okay, thank you once again, will wait for an update
It's up and ready now.
Sorry for the inconvenience.
thank you, login worked
Was looking at this, but I am still torn on whether or not Mobile Antivirus does anything beneficial or just wastes batteries.
ddemlong said:
Was looking at this, but I am still torn on whether or not Mobile Antivirus does anything beneficial or just wastes batteries.
Click to expand...
Click to collapse
the day your phone gets a virus will be the day you will regret asking this question. its better to be safe than sorry. (im not assuming that you dont have mobile security; im just saying this because i just am )
and apps like this hardly waste battery. even if they do, it doesnt hurt to charge your phone
sweetnsour said:
the day your phone gets a virus will be the day you will regret asking this question. its better to be safe than sorry. (im not assuming that you dont have mobile security; im just saying this because i just am )
and apps like this hardly waste battery. even if they do, it doesnt hurt to charge your phone
Click to expand...
Click to collapse
Well, when they find an actual Virus, I will definitely get one. Until then I think just watching what u install is doing to do just as good as long as Google still manages the market and controls remote delete.
Just 10-20mb of ram running in the background all the time is a little much.
Bitdefender Mobile Security doesn't run actively. So, it doesn't occupy the resources all the time.
Also, Bitdefender Mobile Security doesn't scan only for Android viruses but also searches for Windows viruses which can affect your PC when you connect your phone at it.
The Android viruses can do a lot of "damages" (visible or not):
- access your phone functions: send SMS, make calls;
- access your privacy: search for accounts from Google, Facebook etc.
- access your email messages and so your personal things can get to a possible "hacker"
- etc.
I have a Motorola Milestone with only 256mb ram and Bitdefender Mobile Security doesn't affect the performance of my phone.
If you login to mybitdefender using your Gmail acct what is your user name and password? I tried my email address and the password associated with it and it tells me that login failed...
Hello All,
It gives me great pleasure to announce that as of today, Bitdefender Mobile Security has been updated with new features along with several bugfixes. All Bitdefender Mobile Security users should receive notifications from their Market application and will be able to easily upgrade to the latest version. If there are still people who don't have it installed, you can get it here or by scanning the QR Code below
The current list of features included in BMS is
- NEW!!! Remotely Lock the device
- NEW!!! Remotely make the device play a sound
- NEW!!! Remotely send a message to the device
- Remotely locate the device
- Remotely wipe the device
- On-demand (and fully cloud accelerated) malware scanning for all installed applications and SD Card contents
- On-install scanning for each newly installed app
- On-Mount scanning for SD Cards in order to make sure no malware is transmitted when the device is connected to a PC
- Security Audit - outlining and classifying the applications based on the granted permissions
- Web Security - seamlessly integrated with the Android Default browser, providing cloud-based phishing and fraud protection
- Little to zero battery impact. Bitdefender Mobile Security is currently ranked as being the lightest and with the least (not sensible) impact on the device's battery performance
What's next ?
- OAUTH support in order to allow all Android users to login into MyBitdefender by using their already linked Google account
- BETA EXIT & Feature splitting into Free and Premium (more details on this soon)
Known Issues:
- The Antitheft section isn't protected (yet). We're considering adding support for password protecting the application or just the anti-theft module
- The interface is starting to get a bit cluttered. We've started talks with the UX/UI team(s) in order to adjust the interface and beautify it a bit
Here are some screenshots with the new features available through MyBitdefender (our ongoing thanks to the MyBitdefender team for their continued support)
Login not working
Login isn't working for me. I did exactly as described - created an account, then inserted the credentials in bitdefender mobile but to no avail - error message: login failed.
Would be nice if you could help!
Love this app but the malware scanner is not working on my 3g moto xoom. it starts the scan but when it gets to querying the server it fails. it said to check my Internet conn. but have tried 3g an wifi, same result. any ideas?
- NEW!!! Remotely Lock the device
- NEW!!! Remotely make the device play a sound
- NEW!!! Remotely send a message to the device
The new features are not appear in my.bitdefender.com , why?
thanks
Frogkiller
Did you activate the options in the installed application?
Sent from my Optimus 2X using xda premium
m0fizor said:
Did you activate the options in the installed application?
Sent from my Optimus 2X using xda premium
Click to expand...
Click to collapse
Yes
Figured out where is the problem is in the my.bitdefender.com
If I switch from Portuguese to English as everything appears
Hey XDAian...:laugh:
Get ready for few suggestions & discussion.
Based on some pretty interesting facts about "mobile in general", The smartphone segment has brought accessibility to millions around the world, at work and at home. Naturally, all the data in those devices, wirelessly accessible, becomes a gold mine for those with nefarious motives to exploit.
On the work front, smartphones are a huge contributor to productivity. At home, they provide meaningful and useful (and sometimes redundant) ways to stay in touch with friends and family. The more of these devices we buy, the bigger the opportunity is for criminals, because there are so many ways to get the data. We might lose a device, or its is stolen, we might download a bad application, or soon brush against an NFC tag or visit a bad web-page. The possibilities are so diverse compared to a PC or server farm hardwired to the internet.
With the tremendous growth of the smartphone market not expected to slow down anytime soon, people and organizations must be vigilant in guarding against breaches of their data and/or personal information. Even as organized hackers work on ways to score the high-value breach, they are working on high-volume, low-risk attacks against weaker targets as well.
In addition to some tips about securing mobile devices, the infographic has some interesting facts from 2011 in there as well, such as 855 breaches resulted in the theft of 174 million records.
We Need some Security Applications for preventing our valuable data (like Msgs, Contacts, Pin codes etc). Therefore, from my side this thread belong to all XDAians.
Please suggest the latest, finest Applications & few tremendous suggestion from all Devs, RC, RD & Members.
I like a Security based Application called LBE Privacy Guard to Prevent sending data through various applications installed at our Mobile.:good:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Some Great Ideas Received from Our XDA Members. Which are here follows:
As this OP thread may become too long so, for Batter view just press "Show Contents" for there suggestions.
A Very Big thanks to Android Police, Phone Arena & Android Authority for survey about malwares & security.
How to secure your Android phone and protect your data
All software has security vulnerabilities. It is a fact. You only need to look at the software updates that are issued by the big companies like Microsoft, Adobe, Apple and Google to see how prevalent is this security problem. Smartphones aren’t immune, not iPhones, not Windows Phones and not Android. But there are some simple things you can do that will drastically reduce your exposure and help secure your Android phone or tablet, as well as protect your data.
A recent report by Check Point, the firewall maker, estimated that €36+ million has been stolen from corporate and private bank accounts in Europe by a group running a campaign of attacks known as “Eurograbber”. The campaign infected victim’s mobile phones with a piece of malware which could intercept SMS messages. When the victim used their online banking the SMS authentication code sent to the phone was intercepted. This then allowed the attackers to access the victim’s account.
Securing your smartphone and protecting yourself against malware isn’t about stopping some annoying virus getting on your device, it is about protecting your money, data and privacy.
There are several different areas in which you can improve your phone’s security including physical access, malware protection and encryption.
Who has access to your phone?
RULE #1 – Never leave your phone laying around where uninvited guests can access it
Before looking at things like malware and data stealing apps, the simplest form of security is to limit physical access to your phone. There maybe lots of sophisticated remote attacks out there but if all I need to do is quickly pickup your phone and access your emails, PayPal, eBay or Amazon account while you pop off to get a coffee then all the security software in the world won’t do you any good.
RULE #2 – Use a lock screen
It is also essential that you use a lock screen. This stops everyone from small kids to determined snoopers from sneakily accessing your device. Modern Android versions have a whole gamut of lock screen options including pattern unlock, PIN numbers and password protection. To set these go to Settings and then tap Security. You can also customize how quickly the lock is automatically applied.
RULE #3 - Set a PIN to protect purchases on Google Play
It is also possible to set a PIN for purchases in Google Play. With the PIN any would-be trickster (or small child) won’t be able to buy content from Google’s app store. To set it, start the Google Play app, go to setting and then tap “Set or change PIN”. After the PIN is set, tap “Use PIN for purchases” to require the PIN before purchasing anything from the store.
RULE #4 – Install a phone location app or use a security app with an anti-theft component
Keeping your phone nearby and using a lock screen will thwart snoopers but the determined criminal will simply just walk away with your phone and try to extract the data later or simple wipe your phone and try and selling it. The first few hours after you phone has been taken are the most critical. To find your phone it is important to use a phone location service like Where’s My Droid or install a security app with an anti-theft option like avast! Mobile Security.
Malware
RULE #5 – Don’t install apps from dodgy third party sites, stick to places like Google Play or the Amazon appstore
Because Android is so popular, it is normal for it to become a malware target. Malware authors don’t waste their time writing malware for a phone operating system that no one is using. This means that there is lots of Android malware out there. But here is thing, how does Android malware spread? Unlike worms, which spread automatically over the network or viruses which tend to spread via USB flash drives etc., the majority of Android malware needs to be installed manually. There have been some exceptions but in general it is unsuspecting users that install the malware themselves onto their own phones.
The malware authors have lots of dirty tricks to try and fool potential victims into installing their malware. One very common approach is to offer a free version of a popular non-free app with the malware hidden inside the app. Greedy users who think they are getting a bargain because they have managed to save $0.69, but in fact are infecting their devices with malware. Over 99% of Android malware is spread via third party app sites. Don’t use them.
RULE #6 – Always read the reviews of apps before installing them
RULE #7 – Check the permissions the app needs. Games generally don’t need to send SMS messages etc
A small percentage of malware is spread via Google Play, but the apps in question normally only survive a few hours on the store before being removed. To avoid such rare cases it is always important to read the reviews of other users and always check the app permissions.
RULE #8 – Never follow links in unsolicited emails or text messages to install an app
If the malware authors can’t get you via a third party store or their apps are taken down from Google Play, they have one more trick, unsolicited emails and text messages asking you to install an app. In the “Eurograbber” campaign, what the attackers did was infect the victim’s PC with a piece a malware (something which is a lot easier than infecting an Android phone) and then via that malware they tricked the user into installing their “enhanced security” app on their phone. The PC malware monitored the victim’s Internet usage and when they went to an online banking site the malware pretended to be a warning from the bank telling them to install an app on their smartphone. It was all downhill from there for the poor victim.
RULE #9 – Use an anti-virus / anti-malware app
Even with diligence it is possible for malware to find its way on to your device. It is therefore important that you install an anti-virus / anti-malware app. This best antivirus apps for Android article will help you choose one, but if you don’t have time right now then go for Kaspersky Mobile Security (paid) or avast! Mobile Security (free)
Rooting
RULE #10 – Don’t root your phone unless you absolutely need to
Some of my colleagues here at Android Authority are very keen on rooting and I can understand why. The lure of custom ROMs and the ability to tweak different parts of the OS are all part of what makes Android great. But, Android was designed with a very particular security model which limits what an app can do. By rooting a device this security model breaks. Even the CyanogenMod team acknowledged that there are limited uses for root and none that warrant shipping the OS defaulted to unsecured. The problem is there are specific types of Android malware that circumvent Android’s security mechanisms by using the existing root access. With root access, the malware can access parts of Android that are supposed to be protected by the permissions system.
Encryption
RULE #11 - If your device has valuable data on it then use encryption
Since Android 3 it is possible to use full encryption on a phone or tablet. By encrypting your device all the data including your Google Accounts, application data, media and downloaded information etc. becomes inaccessible without the right password or PIN. Every time you boot the device you must enter the PIN or password to decrypt it. If your device has valuable data on it using this encryption is a must. NASA recently had an embarrassing episode where a laptop was taken that held personally identifiable information of “at least” 10,000 NASA employees and contractors. After the incident NASA decided that any devices that leave a NASA building need to use full disk encryption.
RULE #12 – Use a VPN on unsecured Wi-Fi connections
While on the subject of encryption it is worth remembering that if you are using a public unsecured Wi-Fi hot spot all of the data that is send using http:// (rather than https://) can be seen my any network snooper. In the past security researchers have shown how easy can be to steal passwords to the popular social networking sites just by using a laptop and waiting around near a public open hot spot. To avoid revealing your password and other data, don’t use open Wi-Fi hot spots or use a virtual private network (VPN) to secure your connection.
Conclusion
If you follow these twelve rules and remain vigilant you should never have any security troubles with malware, thieves, hackers or any small furry animals! OK, that last part isn’t true, but the rest is!
Source: Android policereserved for articles
Android malware perspective: only 0.5% comes from the Play Store
Are Android apps secure enough for us to let them handle our finances and personal information? Quite a few of them aren't, according to a recent research that analyzed how well various applications protect the user's sensitive data. The study was conducted by the Leibniz University of Hannover, Germany, in partnership with the Philipps University of Marburg, the researchers came up with a list of 41 Android apps that should use tighter security measures.
In particular, these apps were discovered to expose the user's data at risk while a device running Android 4.0 is communicating with a web server. What's even more worrying is that these insecure apps were among the most popular ones on Google Play, being downloaded between 39.5 million and 185 million times already. The names of the applications were not disclosed.
"We could gather bank account information, payment credentials for PayPal, American Express and others," the researchers wrote after conducting their study. "Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted." The contents of e-mails and instant messages could also be accessed.
But how could one use these apps' security flaws to their advantage? Simply put, if an Android smartphone or a tablet is connected to a vulnerable local area network, such as a Wi-Fi hotspot, an attacker could potentially crack the security protocols used by the apps and snoop on the data they exchange. Sure, the attacker will need to have a certain exploit monitoring the activity on the network, but obtaining access to such a tool isn't as hard as it may seem.
Scary stuff, we know, which is why there should be more awareness amongst developers about implementing proper security features within apps, as the researchers suggest. There are certain methods that can make security protocols tougher to crack, or the apps could simply be checked for vulnerabilities at the time they are being installed. In fact, Google is said to have ramped up security in Android 4.2, thus likely making the platform more resistant to hacks like the one described above. What measures have been taken, however, will be known with certainty in a few days – On October 29, to be more specific, which is when a new Android release is probably going to be unveiled.
For more in Deep: check out here: Click Here
Over 60% of Android malware steals your money via premium SMS, hides in fake forms of popular apps
Over 60% of Android malware steals your money via premium SMS, hides in fake forms of popular apps
Like any popular platform, Android has malware. Google’s mobile operating system is relatively new, however, so the problem is still taking form. In fact, it turns out that the larger majority of threats on Android come from a single malware family: Android.FakeInstaller, also known as OpFake, which generates revenue by silently sending expensive text messages in the background.
McAfee says that the malware family makes up more than 60 percent of Android samples the company processes. So now the question is: why is this malware so popular amongst cybercriminals?
The reason is simple: it’s extremely effective. Android users seem to fall for fake apps on a regular basis. Furthermore, since the whole of the malware appears to make money, it’s not surprising that those behind this one continue to keep it updated. McAfee agrees:
Malware authors appear to make lots of money with this type of fraud, so they are determined to continue improving their infrastructure, code, and techniques to try to avoid antivirus software. It’s an ongoing struggle, but we are constantly working to keep up with their advances.
This malware type has been in the news for months, mainly because there have been so many fake apps created, including for popular ones like Instagram and Skype. On top of that, those behind it seem to keep adding various types of functionality to avoid detection by antimalware solutions, including server-side polymorphism, obfuscation, antireversing techniques, and frequent recompilation.
How it works
Cybercriminals typically create fake versions of a given popular Android app to earn money from unsuspecting users. There have also been instances of the malware being bundled with a legitimate version of popular apps. The apps appear to be legitimate, including screenshots, descriptions, user reviews, videos, and so on. Users never get the app they want, but instead get a lot more than they bargained for.
The malware authors often set up fake websites advertising the fake version of the app. Many of these are shared on questionable websites, but many are also shared on fake Facebook and Twitter accounts that spam legitimate users on social networks.
Upon installation, the malware often displays a service agreement that tells the user that one or more SMS messages will be sent. The user is forced to click an Agree or Next button, but some versions send the messages before the victim even taps the button. There are often fake progress bars to keep the user further in the dark.
Either way, the devil is in the details. In the background, the malicious app sends expensive international text messages to earn its creators revenue. Some variants even connect to a Command & Control (C&C) server to send and retrieve data, as well as await further instructions.
Early versions of FakeInstaller were created only for Eastern European users, but malware developers have expanded their fraud to other countries by adding instructions to get the device’s Mobile Country Code and Mobile Network Code. Based on that information, the malware selects a corresponding premium-rate numbers.
How to protect yourself
The good news here is that since this malware family is so prevalent, it’s rather easy to avoid it: just don’t download fake apps. Android lets you download and install apps from anywhere, but unless you know what you’re doing, you shouldn’t be installing anything and everything you can on your phone or tablet.
If you want to significantly reduce your chance of getting malware such as this one, only install apps from the official Google Play store. That being said, malware has snuck into the store before, so it can happen again.
As a result, the way to protect yourself is the same as on any other platform: don’t click on questionable links and don’t download random apps. Always check to see if what you’re getting is legitimate and you should be fine.
Android’s malware problem is getting worse, and only users of the latest version are safe from harm
Earlier this year, we saw a report that said there was a 163% rise in the number of malware-infected Android devices in 2012. As shocking as that figure might be, we have a new report now that says the problem has blown up even further.
According to a recently published report[1] from networking vendor Juniper Networks, the number of mobile threats grew an astonishing 614% from March 2012 to March 2013. This equates to a grand total of 276,259 malicious samples, according to research done by the company's Mobile Threat Center or MTC.
What exactly constitutes such a large amount of mobile threats? It is said that the majority of these mobile threats — 77% of the total — come in the form of money-siphoning applications that either force users to send SMS messages to so-called premium-rate numbers or somehow manage to perform the sending of SMS messages all on their own.
They go virtually undetected as they are normally bundled with pirated apps and appear as normal applications. Typically, these malicious apps can net their creators an average profit of about $10 per user, according to Juniper Networks.
As it is currently the most popular mobile device platform in the world, it's easy to see why Android would be targeted with such malicious activities. But perhaps you're wondering, is there anything that can be done to combat this problem?
ndeed, there is. In Android 4.2 Jelly Bean, a new safety feature was introduced in order to stop wayward SMS messages dead in their tracks. But that in itself is a huge problem: Android 4.2, the latest version of the Google mobile operating system, is only available on a tiny fraction of all Android-powered devices out on the market. In fact, many of today's newer devices don't even ship with it. So the relevant safety features, as useful as they might be, becomes pretty much useless.
Even worse, the money-making malware mentioned above represents only one type of mobile threat on Android. Android spyware is also present, accounting for 19% of the total malicious samples collected in the above-mentioned research. These could potentially put a user's privacy at risk, collecting sensitive data and all kinds of information then relaying them to the spyware's creator.
Trojan apps have also been discovered to be part of the overall Android ecosystem. Although they form a very small part of the entire body of mobile threats on Android right now, it is possible for them to become more widespread in the future. If the fix really only lies in having the latest version of Android installed on a device, and the issue of fragmentation — not to mention the slow software updates from carriers and OEMs — persists, that's almost a certainty.
What do you think could be done to finally overcome these kinds of problems? Will it be the end of Android as we know it? Let us hear your thoughts in the comments.
Mobile malware getting out of control? Study claims 614% increase on year, Android accounts for 92% of total infections
A terrifying report was released two days ago by the Mobile Threat Center arm (MTC) of Juniper Networks – a manufacturer of network equipment with a hefty stake in enterprise security. According to Juniper, its MTC research facility is dedicated to 'around-the-clock mobile security and privacy research'. The MTC found mobile malware growing exponentially at an alarming rate – a 614% on year increase reaching a total of just about 280,000 malicious apps.
Read full article here
A major app vulnerability has been found which can be effect 99 percent of the Android smartphones on the planet.
A major app vulnerability has been found which can be effect 99 percent of the Android smartphones on the planet. The issue was unraveled by Bluebox security, which claimed to have found an ‘Android Master Key’ that could allow a hacker to turn any Android app into a malicious zombie.
This basically means that an app could allow hackers to capture data and control a device remotely, without the owner and the app developer knowing about it.
And the kicker is that, this is not a new vulnerability as Bluebox has discovered that it has existed since Android 1.6 Donut, which is four years old.
Jeff Forristal, CTO of Bluebox securities revealed that his company had found a way where in a hacker could possibly load an app with malware and still make it appear to be a legitimate file. This bit is important because verified apps are granted full access by default on the Android system.
However, on the bright side apps on the Google Play store are impervious to this problem, so if one sticks to downloading apps from the Play store then one is in the clear. That said, there are a number of third party app stores and users can even download APKs directly off the web and here’s where the danger lies as it is possible for users to download tampered apps.
This problem is accentuated more in countries like China where users like to use local app store over the Google Play store and many OEMs like Xiaomi don’t even bundle the Google Play store on the device by default.
Bluebox securities claims that it reported the problem to Google way back in February and the issue has already been resolved for the Galaxy S4 and currently Google is taking a look at the Nexus range of hardware.
Cryptographic bug in Android lets hackers create malicious apps with system access
Security researchers have found a bug in Android which allows them to create malicious Android apps which appear to be genuine with the correct digital signatures. In computing, digital signatures allow any piece of data, including an app, to be checked to see that it is genuine and actually comes from the author. Now, due to a bug in Android, it is possible to create a fake app and sign it so it looks like a real app from any author including Google, or others like Samsung, HTC and Sony.
Since the digital signatures of Google and handset manufacturers can be faked it is possible to create a low level system app which has absolute access to the device. These system apps, which have what is known as 'System UID access' can perform any function on the phone including modifying system-level software and system-level parameters.
If such an app is installed on an Android phone, the user would be completely vulnerable to a multitude of attacks including key-logging and password sniffing. The researchers at Bluebox Security informed Google about the flaw (Android security bug 8219321) back in February and are now planning to reveal details of the bug at an upcoming security conference.
More details -> here
Survey: Juniper Networks Whitepaper (Warning: PDF)
reserved.
Thanks for this thread buddy
Sent from my GT-N7100 using xda app-developers app
Tha TechnoCrat said:
Thanks for this thread buddy
Sent from my GT-N7100 using xda app-developers app
Click to expand...
Click to collapse
Great to see you here buddy. Actually I wanted to shift my whole thread here but MOD denied and ask me to carry on with new phase. So here I am.
Thank you Vikesh for creating this thread.
In my view
Everyday every hour and every minute hackers are coming up with new viruses and malware
Not only they can corrupt your phone but also steal confidential information like credit card number, password and other important data.So every Android user should spend some money on the anti viruses to save your confidential information and money of course.
Sent from my GT-I9103 using xda app-developers app
Major app vulnerability found, could effect 99 percent Android smartphones
A major app vulnerability has been found which can be effect 99 percent of the Android smartphones on the planet. The issue was unraveled by Bluebox security, which claimed to have found an ‘Android Master Key’ that could allow a hacker to turn any Android app into a malicious zombie.
Continue in post 3
Cryptographic bug in Android lets hackers create malicious apps with system access
Security researchers have found a bug in Android which allows them to create malicious Android apps which appear to be genuine with the correct digital signatures. In computing, digital signatures allow any piece of data, including an app, to be checked to see that it is genuine and actually comes from the author. Now, due to a bug in Android, it is possible to create a fake app and sign it so it looks like a real app from any author including Google, or others like Samsung, HTC and Sony.
continue in Post 3
Every GSM phone needs a SIM card, and you'd think such a ubiquitous standard would be immune to any hijack attempts. Evidently not, as Karsten Nohl of Security Research Labs -- who found a hole in GSM call encryption several years ago -- has uncovered a flaw that allows some SIM cards to be hacked with only a couple of text messages. By cloaking an SMS so it appears to have come from a carrier, Nohl said that in around a quarter of cases, he receives an error message back containing the necessary info to work out the SIM's digital key. With that knowledge, another text can be sent that opens it up so one can listen in on calls, send messages, make mobile purchases and steal all manner of data.
Apparently, this can all be done "in about two minutes, using a simple personal computer," but only affects SIMs running the older data encryption standard (DES). Cards with the newer Triple DES aren't affected; also, the other three quarters of SIMs with DES Nohl probed recognized his initial message as a fraud. There's no firm figure on how many SIMs are at risk, but Nohl estimates the number at up to 750 million. The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. Nohl plans to spill the beans at the upcoming Black Hat meeting. If you're listening, fine folks at the NSA, tickets are still available.
Source-Tech Geek
"Thanks button is just to avoid "THANKS" posts in threads. Nothing more than that. Don't ask in signature or post for it and defeat the purpose why it was introduced"
Great info buddy. :good:
Thanks,
Disturbed™
Sent from my Disturbed™ Galaxy S4 using Tapatalk (VIP)
______________________________________________________
Wait for my time, U gonna pay for what U have done. - Disturbed™
Informative read. You also understand why the stores charge their Developer fees now. Not all third party sites host malware however. A lot of the buying community is ignorant (and understandably so) in detecting if malware has been applied. It's up to the community of ubiquitous OSs to report
JeffM123 said:
Informative read. You also understand why the stores charge their Developer fees now. Not all third party sites host malware however. A lot of the buying community is ignorant (and understandably so) in detecting if malware has been applied. It's up to the community of ubiquitous OSs to report
Click to expand...
Click to collapse
can provide more info for it?
Thanks,
Disturbed™
Sent from my Disturbed™ Galaxy S4 using Tapatalk (VIP)
______________________________________________________
Wait for my time, U gonna pay for what U have done. - Disturbed™
Malware using the Android Master Key intercepted in the wild, here's how to protect i
Malware using the Android Master Key intercepted in the wild, here's how to protect yourself
It was back at the beginning of the month when we first broke for you the news of a new, massive vulnerability, plaguing 99% of Android devices. First discovered by mobile security company Bluebox, the flaw was reported to Google back in February. Since then, Google has patched the Play Store and has provided its OEM partners with a patch for it.
Yet here we are again. And now it's official – the first detected malware taking advantage of the vulnerability has been intercepted by Symantec whilst running amok in China. The security giant reports that the code has been implanted in otherwise legit apps that help you find and appoint a meeting with a doctor. The source of the infected app? A third-party store, of course.
We won't get into the tech lingo, instead we'll just report that according to Symantec, the exploit grants said malicious code remote access to infected devices. This leaves the gates wide open, the company claims, for a wrongdoer to steal sensitive information such as your IMEI, phone number, and also send premium SMS messages and execute root commands.
Click here to know more
what is the best antivirus?
lolmann101 said:
what is the best antivirus?
Click to expand...
Click to collapse
For android, I may say your awareness is the best. First install the LBE Security Master. Let you know which application is gaining which privilege .
But if you want then you can check the first 1 to 4 posts. its in that.
How Google has been making Android a safer place since 2012
Last year in June, Google brought Android Jelly Bean 4.1 to the world. It was a wonderful day, too. It brought with it Project Butter, which spelled the end for lag for a lot of people. Android was running smoother and more complete than ever. Who’d have known that just a year later, we’d be introduced to Jelly Bean not for the second time, but for the third time. Android 4.3 was a mixed bag. Some people were disappointed that it wasn’t Key Lime Pie, but most were happy to see a plethora of improvements, some new features, and even more optimizations. One little footnote that most people have skimmed over so far, though, has been the added security.
It’s not news that malware stories are everywhere. Some of them are no big deal and some are completely ridiculous. Thanks to that, anti-virus companies have been cleaning up. People are more scared of malware on Android now than ever before and they’re flocking to anti-virus apps by the millions. It’s getting to the point where apps like Lookout are coming pre-installed on many devices when they’re shipped out. All because of some malware that, most of the time, is impossible to get unless you download apps from outside the approved channels.
Well, apparently Google is going to fix this problem themselves. JR Raphael over at Computer World has written up an excellent post about how Google is quietly keeping us safe. As it turns out, that little footnote that says that Android 4.3 contains security improvements probably shouldn’t have remained a footnote. It should’ve been printed on billboards and discussed everywhere.
You may have seen inklings of these security features already. We’ve covered one of them, the Android 4.3 Permission Manager, commonly known as Apps Ops. This nifty little feature lets you control what permissions your apps can use. It’s a lovely and powerful feature that’s baked right into Android 4.3. It’s still in beta right now, but eventually that’ll be a part of everyone’s Android experience.
So what other security enhancements does Google have in store for Android 4.3?
We are glad you asked. According to JR Raphael, Google has been working on these security features for years. We’ll do a quick breakdown.
Starting with Android 4.2, there was a feature called Verify Apps that was added. This scans phones both downloaded and side-loaded to make sure they didn’t contain malware or pose a threat.
Verify Apps was eventually made available to all devices from 2.3 onward. According to JR Raphael, that’s 95% of Android devices running currently.
This now works in tandem with another older feature, the app scanner in the Google Play Store that scans apps as they’re submitted to Google Play to make sure they aren’t malicious. This is why you can always download from Google Play without worries.
All of these features are currently on Android devices right now.
But wait, there’s more. In Android 4.3 specifically, they have added yet another security feature called SELinux. This stands for Security-Enhanced Linux and it essentially keeps the important parts of your phone safe. Most notably the operating system. So there is protection everywhere.
So we’ll add this up one more time. In the last two years, Google has implemented,
An app scanner in the Google Play Store that scans every single app uploaded and submitted. It rejects the bad apps and keeps the good ones.
A system on devices from Android 2.3 and up called Verify Apps that scans every app that gets installed on your device to make sure it’s not malicious. Keep in mind that if you download an app from the Google Play Store, it gets scanned twice.
Apps Ops –which is still in beta– that will let you control the individual permissions of any application you download and install. So if you don’t want, say, Facebook to see your location, you can prevent that from happening.
SELinux, a Linux security feature that protects the core operation system functionality.
Let’s not forget what you, the consumer can do to protect yourself,
Only download apps from known and trusted sources. These include the Play Store and the Amazon App Store, among others.
Use your common sense. In most cases, malware apps are easy to spot. If you download the free Angry Birds cheat app from GivingYouMalware.com, the end result is rather predictable.
So without an anti-virus app, there are 6 things that are protecting you from the big bad malware threats. That’s a whole lot more than most people realize and it’s an ever expanding project from Google to keep everyone safe from garbage applications. Now here’s the big question. Do you think it’s enough? Or should Google keep going?
@Disturbed™ buddy could you post that new KNOX feature here?
Sent from my GT-I9103 using xda app-developers app
Few words from Wikipedia:
Samsung Knox (trademarked Samsung KNOX) is an enterprise mobile security solution that addresses the needs of enterprise IT without invading its employees' privacy. The service, first released on the Samsung Galaxy S4 mobile device, provides security features that enable business and personal content to coexist on the same mobile device. Samsung Knox is an Android-based platform that uses container technology, among other features, to allow for separation of work and personal life on mobile devices.
Services
Samsung Knox provides enterprise security features that enable business and personal content to coexist on the same handset. The user presses an icon that switches from Personal to Work use with no delay or reboot wait time. Knox will be fully compatible with Android and Google and will provide full separation of work and personal data on mobile devices. Samsung claims that the Knox service "addresses all major security gaps in Android."
The Knox service is part of the company's Samsung for Enterprise (SAFE) offerings for smartphones and tablets. Samsung Knox’s primary competitor is Blackberry Balance, a service that separates personal and work data, but BlackBerry’s service does not include management of work space through containers in Active Directory and other features such as direct Office 365 and Exchange 2010, ActiveSync, iOS management, Single Sign-On, and complete customization for operability on Samsung device settings.
The service's name, Samsung Knox, is inspired by Fort Knox.
From Engadget:
Samsung's Knox security solution has tended to mostly garner headlines when the company's phones get approval from the likes of the US Defense Department, but it's now set to broaden its user base considerably. In addition to announcing that it's bolstering the offering with some help from Lookout, Samsung has also confirmed today that its opening the platform up to all consumers. That will give security-minded users an added layer of protection, with Knox letting you store personal data and run a set of pre-screened apps in a so-called container -- other apps can still be run outside the container, but with only limited access to your personal information. Naturally, you'll need a Samsung device to take advantage of it.
For more information : http://www.samsungknox.com.
Thanks: Wiki & Engadget
Almost 1,000 fraudulent apps published on Google Play in August alone
Almost 1,000 fraudulent apps published on Google Play in August alone
Yes, there are downsides to Google’s policy of letting anyone publish their apps on Google Play. Symantec has found that scammers published almost 1,000 fraudulent apps on Google Play in August alone, most of which were deleted within hours of posting on the store.
But even though Google was quick to delete the fraudulent Android apps, Symantec estimates that they were still downloaded more than 10,000 times. Symantec also says that one group is responsible for 97 percent of the fraudulent apps, which typically “include numerous links to various online adult-related sites, but one or two links actually lead to fraudulent sites that attempt to con people into paying a fee without properly signing them up for the paid service.”
Source:BGR.in
Guys,
As Google has released the latest version of Android i.e. JB 4.3. Still we haven't fully aware what does it have.?
So i have collected few information about the same & sharing with you guys. Please help me to share more about the Android 4.3.:highfive:
This thread can be used as General Discussion Thread of Android 4.3.
- Android 4.3 restricted profiles explained
- What is virtual surround sound in Android 4.3?
- Improved photo-spheres will make their way to Android 4.3
- will add as and when receive any new about Android 4.3
Android 4.3 restricted profiles explained
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Android 4.3 might not be the most monumental update to Google’s operating system, but one of the more notable improvements heading our way in Android 4.3 is the upgraded features available in the user profiles section, which was first introduced for tablets in Android 4.2.
Essentially, restricted profiles will allow the device administrator to control exactly what each profile has access to. Google states that restricted profiles are ideal for “friends and family, guest users, kiosks, point-of-sale devices, and more”, so don’t expect to have unfettered access to store demo devices any more.
But the main benefit is definitely going to be seen by families, especially for those who are concerned that their kids could run up an expensive Play Store bill. Restricted profiles will allow concerned parents to turn off access to the Google Play Store or in-app purchases on their child’s profile, whilst keeping full access available for themselves.
The setup process seems simple enough, and is done in much the same way as setting multiple accounts in the older Android 4.2. Heading on over to Settings, then Users, will take you to the screen where you can add new users and edit the permission of existing ones.
From there, various results can be achieved by toggling the on/off options, such as restricted access to certain applications, and some apps have a wider variety of control available via a familiar settings button. This fine tuning allows you to adjust what Settings options can be seen and which apps can be accessed, which is helping if you want to keep the little tykes from messing around with some of Android’s more advanced features.
But the profiles aren’t just about controlling applications, each profile is granted an isolated space with its own local storage, uniquely customized home screen, widgets, and will store various other settings unique to each user, just like with the old user profiles.
What is virtual surround sound in Android 4.3?
Fraunhofer isn’t exactly a household name, but it should be, as the company is responsible for the invention of the ever-so popular MP3 format. But perhaps the company can earn some much deserved recognition with its latest venture, bringing theater quality surround sound to the palm of your hand.
The new Nexus 7 will be the first device to make use of Fraunhofer’s new technology, which will give users a cinema-esque surround sound experience through their headphones, internal stereo speakers, or with an HDMI output to their home theater surround systems. But why is this such a big deal?
You’ve probably noticed, when listening to stuff through your headphones, that although you easily have a sense of left and right panning, it’s very difficult to determine the depth of a sound. In other words, it’s sometimes hard to tell how far in front or behind you that sound originated from, which can ruin the experience when watching a high-quality movie on your tablet.
How it works
The best way to explain the theory and implementation behind this is to imagine a scene in real life. Each source of sound, such as a passing car or your TV, travels a different distance, reflects off different surfaces, and reaches your outer ear at a different angle to every other source nearby. These minor delays, reflections, and frequency differences, created by the shape of our heads and ears, allows our brains to pick out the location of the sound, giving it “depth”.
Cingo essentially creates a “digital space” for multiple sound channels (sources), by applying various digital filters, and other algorithms, to each sound, in order to replicate the experience that our environment creates in the real world. This process is called “binaural audio processing”, which is then combined with more traditional loudness optimization and equalization techniques, such as enhanced bass for headphones, to provide a more optimal listening experience.
Bringing it to Android
From the looks of things, Cingo will be heading to Android in the new 4.3 update, coming pre-installed with the new Nexus 7, and then heading to the Nexus 10, and hopefully other Android devices, once the new update starts rolling out.
Fortunately, Cingo should work will all Android devices which use the High Efficiency AAC (HE-AAC) audio codec, as this is what allows for the management of multiple audio sources on our handheld devices.
However, surround sound will only work with source files that contain multiple audio channels. In other words, we need 5.1 surround sound movies on our devices, it just won’t work with any old video or audio file. Fortunately, Google will be offering feature films through the Google Play Movies & TV service that support HE-ACC Multichannel in the near future.
If you want to know just how awesome surround sound and binaural audio can be, I’ll just leave this video link here for your listening pleasure.
Improved photospheres will make their way to Android 4.3
If photospheres are one of your favorite things about Android Jelly Bean, I’m right there with you. Taking a 360-degree shot is one of the coolest things about Android, and really sets it apart from other cameras on other platforms.
If photospheres are also one of your biggest annoyances with Android Jelly Bean, I’m right there with you. The photos don’t stitch together properly, and they often seem like you took them too fast or slow. It’s great when you get it right, but when you don’t, it’s an embarrassing headache.
Evan Rapoport, a project manager for Google Maps, announced today via a Google+ post that photospheres are greatly improved in Android 4.3. Stitching would be cleaner, and overall clarity will improve.
From the post:
First, alignment and stitching are much better, giving you more level horizons and fewer errors throughout the image. While environments with lots of moving things are always challenging, scenes like the one attached here with a long flat horizon are now much better. Second, we've improved exposure compensation for each individual frame, producing a beautifully exposed photo sphere. You can compare this to the previous versions that produced gray areas and inconsistent coloring in areas of high contrast (near the sun, horizons, buildings against blue sky, etc.).
Credit:
XDA users
Android Authority
Gsmarena
Phonearena
There are new stuffs not mentioned on the recent press event:
"Faster, Smoother, More Responsive
Android 4.3 builds on the performance improvements already included in Jelly Bean — vsync timing, triple buffering, reduced touch latency, CPU input boost, and hardware-accelerated 2D rendering — and adds new optimizations that make Android even faster.
For a graphics performance boost, the hardware-accelerated 2D renderer now optimizes the stream of drawing commands, transforming it into a more efficient GPU format by rearranging and merging draw operations. For multithreaded processing, the renderer can also now use multithreading across multiple CPU cores to perform certain tasks."
Source:http://developer.android.com/about/versions/jelly-bean.html
Do take note that it's the developer page and most changes listed are under the hood stuffs for developers. But yeah we're on xda so..
Sent from my GT-I9505 using Tapatalk 4 Beta
Hidden Android 4.3 Jelly Bean codes reveal possible permissions manager and 4K video support in the future
Earlier this week, Google announced Android 4.3 Jelly Bean and as developers have spent time with it, they have come across hidden features that might be a sign of what could arrive in future iterations of the OS. The folks at AndroidPolice report about two such features, one which lets users control app permissions and the other is 4K video support.
The first feature is called ‘App Ops’, which essentially will allow users to control what settings or information a particular app will have access to. It sounds similar to the granular app controls available on iOS for some time, but the report says that Google’s version of permissions manager is far better.
Additionally, the report also talks about a couple of lines of codes that indicate possible support for XXXHDPI (640ppi) settings and assets in the near future. Now it is unlikely that tablets or smartphones which look good enough on 480ppi displays will get require XXXHDPI support. But it is good to see Google readying itself for next-generation HD displays.
Thanks to AP
[HOWTO]
Android 4.3 permission manager; what it is and how it works.
ndroid 4.3 is out! Even though it’s an incremental update at best, it still brought with it a number of enhancements and features, including support for 4k displays. However, that’s not all Android 4.3 was packing. Underneath the improvements we could see in Android 4.3 was a secret feature that is, for the time being, hidden. Much like the multi-user feature in earlier versions of Android, this hidden feature can only be accessed if you know where to look for it. So what is it exactly? It’s a Permissions Manager.
Okay, here’s some Android 101. When you download an app, the app usually requires permissions. GPS apps need to access your GPS so it can find your location. Most of the time, they make sense. Sometimes, they do not make sense. For instance, Facebook wants to read your call logs. We have no idea why Facebook would want to read your call log, but it does. The idea behind this Permission Manager hidden in Android 4.3 is to give you control over what permissions apps are allowed to have. So if you don’t want Facebook to see your call logs, you can tell it to stop.
As Android Police reports, this hidden feature is actually accessible to anyone who is running Android 4.3. So if you have that lovely update, this is available to you right now. Don’t know how to use it? That’s okay, we’ll tell you. If you have Android 4.3 and you want to try out this permission manager, here’s our how-to.
Step 1 – Have Android 4.3.
Step 2 – Download this application. This app will give you access to what is called “App ops”, which is the Permission Manager.
Step 3 – …
Step 4 – Profit!
I’m in the Android 4.3 Permission Manager. Now what?
That was easier than expected, right? So once you’re in the Permission Manager, you’ll need to know how to use it. The first thing you’ll see is a list of apps and 4 tabs. The tabs are Location, Personal, Messaging, and Device. These organize your apps based on what permissions they use. If you download Google Hangouts, it’s probably in the messaging list. Things like your camera app will likely be in device. You get the idea.
From there, you can select any app on the list. You’ll then be presented by every permission that app uses with a handy on-off switch. From here, you can turn various permissions on and off. Don’t want Facebook to read your call logs? Turn it off! Don’t want it to know where you are? Turn off the location permission. Keep in mind that the app will still work, it just won’t be able to do those things. So if you, for instance, check into places over Facebook, turning off the location permissions will likely make that feature much more difficult to use.
The last thing we’ll talk about is what the Permission Manager can see. As Ron Amadeo reports, some permissions don’t even show up until you use them in the app. In his example, the “Camera” and “read call log” permissions didn’t even show up until he imported his contacts into Facebook and then posted something with his camera. So keep in mind if you try it out, you may have to fiddle with the app a little bit to get all the permissions to show up.
Lastly, as you can probably imagine, this isn’t a fully working feature yet. While something simple like disabling “read call log” won’t do much of anything, other permissions in other apps can. If you disable the Camera permission in your camera app, your camera app will cease to function properly. If you disable Location in Google Maps, it won’t be able to find you in order to give you directions. There is a reason this is a hidden feature and that is because it is not ready yet. So if you do use the Permission Manager, you do so at your own risk.
Standard boilerplate aside, is there anyone who will be checking this functionality out? Or would you rather wait until it’s a live feature? If you want to discuss it, feel free to do so in our comment section.
So what other security enhancements does Google have in store for Android 4.3?
So what other security enhancements does Google have in store for Android 4.3?
We are glad you asked. According to JR Raphael, Google has been working on these security features for years. We’ll do a quick breakdown.
Starting with Android 4.2, there was a feature called Verify Apps that was added. This scans phones both downloaded and side-loaded to make sure they didn’t contain malware or pose a threat.
Verify Apps was eventually made available to all devices from 2.3 onward. According to JR Raphael, that’s 95% of Android devices running currently.
This now works in tandem with another older feature, the app scanner in the Google Play Store that scans apps as they’re submitted to Google Play to make sure they aren’t malicious. This is why you can always download from Google Play without worries.
All of these features are currently on Android devices right now.
But wait, there’s more. In Android 4.3 specifically, they have added yet another security feature called SELinux. This stands for Security-Enhanced Linux and it essentially keeps the important parts of your phone safe. Most notably the operating system. So there is protection everywhere.
Thanks to AP
https://plus.google.com/114519877662741226877/posts/Eay4Y5ikYcc
This is not written anywhere but JBQ was the one mentioned it.
Sent using GT-i9505~
override182 said:
https://plus.google.com/114519877662741226877/posts/Eay4Y5ikYcc
This is not written anywhere but JBQ was the one mentioned it.
Sent using GT-i9505~
Click to expand...
Click to collapse
Yes, the significant performance boost in 4.3 is probably bec. of this:
The new Nexus 7 (2013) with Android 4.3 includes support for fstrim, essentially idle garbage collection, which TRIMs the eMMC when a few conditions are met – the device is idle, screen off, and battery above roughly 70-percent. I’m told that TRIM support has been part of the eMMC standard since around version 4.2, it was just a matter of enabling it in software. The result is that the new Nexus 7 shouldn’t have these aging affects at all. Better yet, fstrim support has also been added to the old Nexus 7 with as of the Android 4.3 update, so if you’ve got a Nexus 7 that feels slow, I/O performance should get better after fstrim runs in the background. I'm checking on whether the other Nexus devices have also had TRIM support added. I would consider the slow storage aging problem fixed as of now, and Google took the eMMC and storage I/O performance issues with the previous Nexus 7 to heart for this version.
Click to expand...
Click to collapse
Source: http://www.anandtech.com/show/7176/nexus-7-2013-mini-review/4
Review was about the 2013 Nexus 7 but the TRIM support is not just for that device but probably 4.3 itself. I have a Galaxy Nexus as well but haven't had the time to update it(wife has it), based on user feedbacks that I've been reading from the Gnex forums, 4.3 made it like it's JB 4.1.2 again and if you have a galaxy nexus you'll know that 4.2 made the device lag at some point. Having tested 4.3 leaks for about a day on the S4 I'm starting to think that the update really made significant boost in performance and definitely not placebo :good:
Thanks for all of the information
One thing is bugging me though.. I created a user profile and switched to it. Later I am not able to go back to the primary profile.
Sent from my Nexus 4 using Tapatalk 4
debnath said:
Thanks for all of the information
One thing is bugging me though.. I created a user profile and switched to it. Later I am not able to go back to the primary profile.
Sent from my Nexus 4 using Tapatalk 4
Click to expand...
Click to collapse
Is App OPS only available in Google Play edition on the HTC One?
Because I have 4.3 Dev edition and cant seem to find activities in the settings menu.
The Android M developer preview was launched today at Google I/O 2015 in San Francisco. Sundar Pichai, senior vice president of products at Google, introduced the conference and said that the company had "gone back to basics" with the new version of Android. While Android Lollipop introduced a brand new design and aesthetic, Android M is bringing some much-needed stability and usability improvements, which might not be as immediately arresting, but may prove to be significant long-term additions.
Dave Burke, vice president of engineering at Google, followed Pichai on stage to outline six of the major new features you can expect to see in Android M.
Which phones will get the Android M update first?
1. App permissions
First up, app permissions. As had previously been speculated, app permissions have been overhauled in Android M, with users now being able to choose to accept or deny individual permissions as they see fit. Permissions have also been simplified.
Permissions will now be requested the first time you try to use a feature, not at the point of installation. "You don't have to agree to permissions that don't make sense to you," Burke said, and used WhatsApp to give an example of how this works.
If you want to record a voice message, WhatsApp will prompt you with a one-time request for permission to use your mic: if you still wish to give it access and record the message, you can, but you don't have to. Android M is giving users greater control of the information apps can access, and this is a truly positive step forward for Android.
You can modify the permissions granted to apps at a later date in your Settings, or you can view permissions by type and see which apps have that permission granted. It's all about giving the user complete control over their Android.
2. Web experience
Google has been exploring trends in the way web content is consumed to provide a better user-experience when interacting with websites and apps. "Chrome Custom Tabs is a new feature that gives developers a way to harness all of Chrome's capabilities, while still keeping control of the look and feel of the experience," said Burke.
Chrome Custom Tabs will allow apps to open a customized Chrome window on top of the active app, instead of launching the Chrome app separately. This will provide a faster and more intuitive user-experience when navigating between apps and the web.
Chrome Custom Tabs supports automatic sign-in, saved passwords, autofill, and multi-process security to assist the integration of the app and web experience. So, for example, a Pinterest custom tab will have a Pinterest share button embedded in it, can include custom overflow menu options and doesn't require the Pinterest developers to build their own web browser.
3. Fingerprint support
Google will "standardize support" for fingerprint scanners on phones running Android M. The new functionality will allow fingerprint scanners to be used not only to unlock phones, but to make purchases shopping in real-life or within Play Store apps.
Of course, your device will need a hardware fingerprint scanner to begin with, but with Google's full support, expect to see these appear on many more devices in the future.
4. Mobile payments
Android Pay is Google's new mobile payments system designed to make the checkout process easier and faster. Google is aiming to provide "simplicity, security, and choice," with Android Pay, allowing you to use your existing credit cards to pay for products in more than 700,000 stores in the US.
Compatible with any device housing NFC capabilities (and running 4.4 KitKat or above), the Android Pay platform is being supported by American Express, Visa, Mastercard, and Discover, as well as carriers such as AT&T, Verizon and T-Mobile. Google's response to Apple pay is here.
5. App links
"When a user selects a weblink from somewhere, Android doesn't know whether to show it in a web-browser, or some other app that claims support for the link," this was the problem facing the Google developers before Android M.
You may be familiar with the "Open with" dialogue box which appears when you try to open a link within an app on Android. You might be asked if you want to open a link with YouTube, or with Chrome, for example.
App links are being changed in M so that Android has a greater awareness of which apps can open content directly, instead of stopping users every time with the dialog box. If you tap a Twitter link in an email, for example, the Twitter app will open automatically instead of prompting you to ask if you want to use Twitter to view it.
This is almost a blink-and-you'll-miss-it improvement, but it's representative of Google's attention to detail: Android M is probably going to feel more usable without the user ever understanding why.
6. Power and charging
Android M makes use of a new function known as Doze to improve device standby time. By using motion detectors, Android will recognize when devices haven’t been interacted with for a while, such as when a person is asleep or a device has been left on a table, to reduce background processes.
Burke said that Google tested two Nexus 9 devices, one running Lollipop and one running the Android M preview, and learned that M will provide up to two-times longer standby time. Even in Doze mode, your Android can still start alarms or notify you of priority notifications.
Android M also supports USB Type-C which provides faster charging, and lets users charge other devices with their phone.
Android M release date
The Android M Developer Preview is available today for Nexus 5, Nexus 6, Nexus 9 and Nexus Player, and the final version is due to launch in Q3, 2015.
What else is in new in Android M?
Auto Backup and Restore for Apps
Possibly the most interesting aspect of Android M not discussed in Google’s I/O keynote speech was Android Auto Backup and Restore for Apps. This feature will be used in conjunction with Google Drive to automatically backup app data and settings with a file size of 25 MB or less.
These backups occur no more than once per day, and run only when the device is idle and connected to Wi-Fi and power. The uploaded data does not count towards your Google Drive storage quota, and is encrypted.
If you lose your device or delete the app, your previous progress will be restored the next time you install it, and it even works with apps which are side-loaded or accessed through a third-party app store.
New app drawer
One of the most immediately noticeable visual changes to Android M is the new app drawer. This now scrolls vertically instead of horizontally, and is held against a white background, rather than a muted shade of your homepage wallpaper. Across the top of the menu you will see your four most recently used apps, and down the left-hand side are the letters of the alphabet.
Android M RAM manager
Google has introduced a new RAM manager to Android M with the aim of providing users with more accurate and comprehensible information regarding the maximum and average RAM usage of apps.
The menu can be found in Settings > Apps > Options (three dots button) > Advanced > Memory. Though it's a little hard to navigate to, the page offers a far clearer insight into app demands, and the overall effect they will have on your device.
With a reading of an individual app's RAM consumption, as well as how often it is running in the background, users will be able to better determine which apps should be removed in endless bid to increase device performance and battery life.
Android M even includes a simple bar at the top of the page displaying the current performance status of a person's handset; if it says "good performance", you're likely running an efficient set of apps.
Adoptable Storage Devices
Though Google has in the past tried to step away from external storage use (the reason why none of its Nexus devices house a microSD card slot), it appears that Android M is striking a compromise.
Adoptable Storage Devices is Google's new storage feature which essentially takes an external storage source (such as an SD card or USB drive) and formats it like an internal storage space. This means that app and personal data can be moved freely between a devices internal storage and its "adopted" storage source.
Adopted storage devices are wrapped in a layer of encryption to soothe security concerns and both microSD cards and USB OTG drives are currently supported.
Google Now
Google Now has been improved upon once again in Android M. Focusing on three key ares: being aware of different contexts, providing answers and helping you take action, Google Now is now smarter than ever.
Google Now's context awareness understand over 100 million different places, so when you ask ''How far is it to there?'' Google Now know exactly which ''there'' you're referring to. This awareness is compounded by Google's Knowledge Graph, which understands one billion different entities, from sports teams to gas stations, TV shows to recipes.
Google Now is also rolling out a pilot program called ''Now on Tap'' with 100 popular apps. Now on Tap provides Google Now-like content right where you are, without having to leave the app you're in. So if you're in Spotify and say ''Ok Google, what is his real name?'' Now on Tap will know you're talking about the musician you're listening to and provide search results right there an then.
The same goes for content in emails. If someone asks you a question about a restaurant and to not forget something on your way home, Now on Tap can automatically pop up a restaurant card with Maps info, Yelp, OpenTable and the dialer, as well as offer to set a reminder for whatever it was you were supposed to not forget.
Google Chrome
Chrome is also leaner and faster than ever before. Initially revamped with Android One devices in mind, where stable and speedy internet connections are not always possible, Chrome's new optimizations are set to arrive for everyone.
Chrome is now aware of network strength and can modify what you see as a result. For example, if your connection is bad, you might see colored squares rather than preview images in Search results. Optimized web pages will load four times faster and use 80 percent fewer bytes. You'll also see a memory usage reduction of up to 80 MB. Chrome will also support offline mode.
Google Photos
As expected, Google pulled the wraps off its new Google Photos service. Previously a part of Google+, Google Photos is now standalone photo and video storage and sharing service that provides unlimited free storage for up to 16 MP photos and 1080p video. That is seriously impressive.
The Google Photos service stores high-quality compressed versions of your photos and movies but doesn't store anything on your device, so you can search through thousands of photos at high speed and without bogging your device down with gigabytes of photos.
Popular features like Auto-Awesome and Stories are a key highlight, accessible through a new Assistant feature, which will automatically suggest creative uses of your images and footage. Through simple pinch gestures you can see tiled images for particular days, weeks, months or even years and then zoom right back in at any point you like.
Google Photos is also powerful for search, as you'd expect. You can search by People, Places, Things and Types, which are all automatically created, and you can drill down in each of those categories to see, for example, every picture you have of a particular person, all without ever tagging them.
Sharing is also a breeze. You don't even need you contacts to have the Google Photos app. You can simply share a link that they can view in Chrome. If they are logged in they can easily download an entire album in seconds.
Are you impressed by what Google has been up to in Android M? What would you have liked to have seen?
First off, if you're going to copy & paste something from another Android site, it helps to at least give credit to the original writer of the article (I have supplied a link to the original article below). Second, please post in the correct forum. The Apps & Games forum is the wrong place for this sort of post.
http://www.androidpit.com/android-m-release-date-news-features-name
Thread closed.
Truvark is a modern file encryption app for Android. You might be wondering why building another vault app as there are already a lot of options. The difference is that Truvark is built around security by design and privacy by default. To proof that I take that serious, this is an offline app, it does not have/requests Android's Internet permission. Features like cloud synchronization are not compatible with the mentioned paradigms. However, that does not mean that you cannot sync or backup your data through a third-party app (on your own risk). Read more about (unique) features below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
FeaturesMultiple vaultsYou can create multiple vaults on your device. Any empty folder can become a vault. All your data remains on the shared device storage, means you can access the encrypted files from a file manager e.g. for backups.
This is a major difference to alternatives. Some apps don't even encrypt your files, they just move them to the app's internal storage. These often speak about "hiding data" instead of encrypting. Others using encryption still prohibit access. You fully rely on their export feature.
Deep folder structuresTruvark is not an encrypted gallery that just lets you group your pictures into albums. It is a file encryption app providing full support for creating folders inside folders. You are not limited in organizing your files.
View encrypted filesThe aim is to be able to view common file types in the app. Currently supported are images, videos and audio. The decryption takes place "on the fly" means the required data is decrypted in memory while needed. This is especially important for long videos that would not fit into memory. The image viewer supports high-res pictures and shows more details when zooming in instead of becoming pixelated.
Here are more differences to alternatives to spot. While I analyzed a wide range of vault apps from multimillion downloads to open source ones I found many flaws. Apps decrypting the full file to disk before showing it, scarify performance and possibly put that file on a risk. Others don't encrypt thumbnails, just the original files.
Privacy by defaultTo make it short this app has no Internet permission. There are no analytics, ads, telemetry or requirements for an account. However, there is an option for logging that is turned off by default. Logging is required to be able to help any user that has an issue with my app. The user needs to provide these logs, they are not automatically sent (what is technically impossible because of the missing Internet permission).
Security by designTruvark is using a component (library) for encryption that is built by Google engineers and used in Google Pay. It's called Tink and has the following promise:
A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Click to expand...
Click to collapse
The last part is important. In cryptography it is enough to get a single parameter wrong to make an encryption insecure. Therefor I decided to rely on a popular open source library.
Additionally, Argon2(id) is used for key derivation. It won the Password Hashing Competition back in 2015 and is one of the best (if not the best) algorithm for that task out there.
The cryptographic core of Truvark (the combination of both libraries) is open source and available on GitHub.
The database is a Realm database. Realm can feature encrypted databases and of course that is in use. I have seen a lot of vault apps without encrypted database during my analysis.
Furthermore, Truvark supports biometric (e.g. fingerprint) authentication for unlocking a single vault. That feature is backed by the Android Keystore and might not be available on devices even though they offer biometric authentication because a strong authentication is required that not every device supports.
Partly open source, fully in futureAs mentioned above the cryptographic core is already open source and available on GitHub. You can see that this is not my first open source project. Because I'm committed to open source, I plan to publish the full source code sometime in future. The idea is to do that when the app leaves early access but all in all I will do that when I think it's ready.
About developmentOn the one hand I want to let you know that I'm a professional software developer and not coding as hobby only, on the other hand I have to put a disclaimer here that I'm not a cryptography expert. However this app was carefully build over time and not in a hastle. Although this app is in early access, it is not a prototype or minimal valuable product. Every release is going trough automated and manual tests. For the manual tests I'm using multiple devices. Nevertheless I'm not afraid to say that bugs can happen. I personally lost data using alternatives in the past, so I am very aware of that issue. Therefor this app stores many information redundant. For example in near future a corrupted or deleted database can be almost fully restored (only some information about the folder structure will be lost but you don't need to organize all files again). The app is already designed to support featues like this in future. Furthermore to backup your encrypted files all you need to do is copy the vault folder.
Upcoming features
Move files and folders to different folders
Rename folders
Rename vault
Material3, followed by many UI and UX improvements
Performance improvements
Future plans
Support more file types (like text and PDF)
Fully open source
Provide desktop clients (cross platform)
DownloadDownload from Google Play
Changelog:
0.4.0:
Target Android 13
Handle new notification permission (first and only required permission)
Support themed icons (Android 13)
Update dependencies
0.3.2:
Replace prebuild Argon2 (used for password derivation) with own build from official source
Update various dependencies (including improvements to the in-app file presenter)
0.3.1:
Fix a bug during biometric setup
Thanks for this, I noticed in recents I did not have to relog in to open, pixel as far as I understand doesn't close recents and clearing them also doesn't actually end the process losing a security risk. Great app though!
7h3DuD3 said:
Thanks for this, I noticed in recents I did not have to relog in to open, pixel as far as I understand doesn't close recents and clearing them also doesn't actually end the process losing a security risk. Great app though!
Click to expand...
Click to collapse
Hi,
many thanks for giving Truvark a try and for providing feedback. Indeed there is no mechanism automatically closing a vault or the app itself. Actually I spend a bunch of hours on this feature already and haven't found a solution yet that significantly improves security while keeping encryption/decryption/etc reliable.
You might have noticed that this app makes heavy use of background scheduling. Other apps show a dialog forcing you to wait while they encrypt one file after another, where Truvark runs encryption parallel in background and you still can view your already encrypted files. This is one of the reasons why the feature you mentioned is not available yet, closing a vault would cancel background operations that cannot be automatically started again when the vault is opened next time, because of storage permissions.
Truvark is completely build on Android's "new" storage design (that Google enforced in Android 10/11) by using the storage access framework (SAF).
Therefor I cannot grantee that automatically closing a vault will ever be available, however likely there will be at least a button to close a vault inside the app or maybe a login screen to prevent access to the UI while still having that vault open in background. Actually I’m planning bigger changes on how the vaults are opened with the goal to make it possible having multiple vaults open at the same time. During that process I will reevaluate if it is easier to implement that feature.
@7h3DuD3 did my post answered your questions or are you looking for different information? Happy to answer any question or feedback.
May I ask you in case you regularly use a vault/encryption app what app you're using? What you like about it and what could be improved in your opinion?
Furthermore, I might be able to give insights about the security and privacy of alternative apps if they were part of my analysis. Hoping to analyze more vault apps soon, possibly on request.
Actually don't use one ever for more than a few days, however I've been using this for a bit and find it adequate. Perhaps a triggered deletion of the vault, say recieve an email or text, but I'm fairly certain tasker could do that or multiple other apps not to mention the security risk of having something like that poses a security risk in itself. But overall I'd say it's better then what I've used in the past and files I carry on my personal thumbdrive are vaulted which feels better knowing should I lose it my personal information won't just be in a .hiddenpasswords.txt file lol that's been the main thing is bs where they hide the file like no one's gonna see that or rename the extension with no encryption. I haven't tried a brute force, might be kinda fun to do. Suggestion, Better variety of file types *
7h3DuD3 said:
I haven't tried a brute force, might be kinda fun to do.
Click to expand...
Click to collapse
Starting with your last sentence, I wish you good luck with that. Of course it depends on your password. Assuming you picked a good password (Truvark requires 8 character at the moment) brute force is by far the worst attack you could try. For hashing Argon2id is used with a configuration above the minimal recommendations by OWASP and for encryption Google's Tink library is used that "has been deployed in hundreds of products and systems" (quote from their readme file) including Google Pay.
I think you should try attacking the implementation instead of globaly used algorithms.
7h3DuD3 said:
Actually don't use one ever for more than a few days, however I've been using this for a bit and find it adequate. Perhaps a triggered deletion of the vault, say recieve an email or text, but I'm fairly certain tasker could do that or multiple other apps not to mention the security risk of having something like that poses a security risk in itself. But overall I'd say it's better then what I've used in the past and files I carry on my personal thumbdrive are vaulted which feels better knowing should I lose it my personal information won't just be in a .hiddenpasswords.txt file lol that's been the main thing is bs where they hide the file like no one's gonna see that or rename the extension with no encryption. I haven't tried a brute force, might be kinda fun to do. Suggestion, Better variety of file types *
Click to expand...
Click to collapse
Thanks that you overall seem to like my app. I don't plan to implement a remote deletion because I believe that strong cryptography does not need that. If you really want to build that yourself in a first step you could just delete the file with the name "vault". It contains a so called salt and the encrypted database key, without the file the attack surface is reduced (and you lose access to your files even with correct password btw).
Because you mentioned a thumb drive, that is one of the benefits of the new storage APIs. Truvark fully supports sdcards and external USB devices without workarounds or the need to move data manually from time to time. I have seen lots of vault apps with bad sdcard support.
What file support are you looking for? I plan GIFs, basic text files and PDFs next.
0.3.2:
Replace prebuild Argon2 (used for password derivation) with own build from official source
Update various dependencies (including improvements to the in-app file presenter)
Development is currently a little slow or let's say less visible to users because of many under the hood changes. Furthermore, I'm waiting for improvements/new features in some dependencies. Next will be various improvements to the database. After that I plan to work on Material3 design.
0.4.0:
Target Android 13
Handle new notification permission (first and only required permission)
Support themed icons (Android 13)
Update dependencies
Was quiet in the last months, also because I had little time, the development will progress much faster in the next weeks. I am still working on the replacement of the database implementation. Afterwards it goes on with the Material3 redesign that will come with many new features.
0.5.0:
Fix lags affecting the in-app file viewer
Loop video/audio playback
Update various dependencies
Drop a dependency in favor of official implementation
Obviously, my plans (see above) didn't work out. Unfortunately I'm still waiting for a final feature for database migration, which is finally in development upstream. So here is another small update.
I commit to continue improving this app and bring it out of early access status, as well as go fully open source in future.