Skip navigation
Help

Smartphones

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

darthcamaro writes "Last week, Rain Forrest Puppy (aka Jeff Forristal) first disclosed the initial public report about an Android Master Key flaw. Code was released earlier this week for attackers to exploit the flaw — but what about users? Google has claimed that it has patched the issue but how do you know if your phone/carrier is safe? Forristal's company now has an app for that. But even if your phone is not patched, don't be too worried that risks are limited if you still to a 'safe' app store like Google Play. 'The only way an Android user can be attacked via this master key flaw is if they download a vulnerable application.

"It all comes down to where you get your applications from," Forristal said.'"

0
Your rating: None

Jan "Starbug" Krissler, the Chaos Computer Club researcher who broke the fingerprint reader security on the new Iphone, had given a long interview to Zeit Online explaining his process and his thoughts on biometrics in general. The CCC's Alex Antener was good enough to translate the interview for us; I've included some of the most interesting bits after the jump.

0
Your rating: None
Original author: 
Florence Ion


What if you could privately use an application and manage its permissions to keep ill-intending apps from accessing your data? That’s exactly what Steve Kondik at CyanogenMod—the aftermarket, community-based firmware for Android devices—hopes to bring to the operating system. It’s called Incognito Mode, and it’s designed to help keep your personal data under control.

Kondik, a lead developer with the CyanogenMod team, published a post on his Google Plus profile last week about Incognito Mode. He offered more details on the feature:

I've added a per-application flag which is exposed via a simple API. This flag can be used by content providers to decide if they should return a full or limited dataset. In the implementation I'm working on, I am using the flag to provide these privacy features in the base system:

  • Return empty lists for contacts, calendar, browser history, and messages.
  • GPS will appear to always be disabled to the running application.
  • When an app is running incognito, a quick panel item is displayed in order to turn it off easily.
  • No fine-grained permissions controls as you saw in CM7. It's a single option available under application details.

The API provides a simple isIncognito() call which will tell you if incognito is enabled for the process (or the calling process). Third party applications can honor the feature using this API, or they can choose to display pictures of cats instead of running normally.

Every time you install a new application on Android, the operating system asks you to review the permissions the app requests before it can install. This approach to user data is certainly precarious because users can't deny individual permissions to pick and choose what an application has access to, even if they still want to use that app. Incognito Mode could potentially fix this conundrum, enabling users to restrict their data to certain applications.

Read 9 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Florence Ion

Sometimes, we're not always satisfied with the experience that Android offers us. However, the beauty of being an Android user is that you can make a choice to do something different. Before you head off into the weekend, check out Everything.me and its unique Home screen experience. Or, if you've been envious of Facebook's Chat Heads and wish they existed for other apps, download Floating Notifications to get a similar experience.

The Google Play store is chock full of applications that allow us to customize our phones, tack on new features, or just check the score for our favorite team. Here are just a few of those apps we discovered this week that can make those things happen.

Everything.me, Free

Read 14 remaining paragraphs | Comments

0
Your rating: None
Original author: 
By THE NEW YORK TIMES

With more people reading the Times on smart phones, you can now experience Lens on the New York Times iPad/iPhone or Android app.

0
Your rating: None
Original author: 
Dan Goodin

greyweed

Recently discovered malware targeting Android smartphones exploits previously unknown vulnerabilities in the Google operating system and borrows highly advanced functionality more typical of malicious Windows applications, making it the world's most sophisticated Android Trojan, a security researcher said.

The infection, named Backdoor.AndroidOS.Obad.a, isn't very widespread at the moment. The malware gives an idea of the types of smartphone malware that are possible, however, according to Kaspersky Lab expert Roman Unuchek in a blog post published Thursday. Sharply contrasting with mostly rudimentary Android malware circulating today, the highly stealthy Obad.a exploits previously unknown Android bugs, uses Bluetooth and Wi-Fi connections to spread to near-by handsets, and allows attackers to issue malicious commands using standard SMS text messages.

"To conclude this review, we would like to add that Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits," Unuchek wrote. "This means that the complexity of Android malware programs is growing rapidly alongside their numbers."

Read 6 remaining paragraphs | Comments

0
Your rating: None
Original author: 
samzenpus

chicksdaddy writes "A new malicious program that runs on Android mobile devices exploits vulnerabilities in Google's mobile operating system to extend the application's permissions on the infected device, and to block attempts to remove the malicious application, The Security Ledger reports. The malware, dubbed Backdoor.AndroidOS.Obad.a, is described as a 'multi function Trojan.' Like most profit-oriented mobile malware, Obad is primarily an SMS Trojan, which surreptitiously sends short message service (SMS) messages to premium numbers. However, it is capable of downloading additional modules and of spreading via Bluetooth connections. Writing on the Securelist blog, malware researcher Roman Unuchek called the newly discovered Trojan the 'most sophisticated' malicious program yet for Android phones. He cited the Trojan's advanced features, including complex code obfuscation techniques that complicated analysis of the code, and the use of a previously unknown vulnerability in Android that allows Obad to elevate its privileges on infected devices and block removal."

Share on Google+

Read more of this story at Slashdot.

0
Your rating: None
Original author: 
Aaron Souppouris

8882075622_c8fec6011d_z_large

Security researchers have discovered a way to push software onto an iOS device using a modified charger. The team at Georgia Institute of Technology says its charger was able to upload arbitrary software to an iOS device within one minute of it being plugged in. According to the researchers, "all users" are at risk, as the hack doesn't require any user interaction. Hackers are even capable of hiding the applications, so they don't show up in the device's app list. It's not clear if the charger is able to upload malicious code — Apple's iOS devices, by default, are "sandboxed" and will only install and run properly signed apps — but this is a worrying development regardless.

Continue reading…

0
Your rating: None
Original author: 
Aaron Souppouris

1672657-inline-screen-shot-2013-05-23-at-51529-pm_large

According to the noted psychologist Dr. Barbara Fredrickson, it takes three positive emotions to balance out a single negative. As Fast Company reports, Fredrickson's findings are at the heart of Google's Android design philosophy. When considering any user interface decision, designers working on Android have to work out how to inform users of an issue — such as reaching the final homescreen — without making them feel like they've done something wrong, meaning that means pop-ups and other invasive techniques are a no-go. For the homescreen problem, Google settled on the now-familiar glimmering animation, which subtly shows that a user has no more homescreens to swipe across to, while rewarding them with an artistic flourish.

Continue reading…

0
Your rating: None