Tag Archives: Android

Snowden’s new app turns your spare Android phone into a pocket-sized security system

Source: Gizmodo

“NSA whistleblower Edward Snowden has helped create a new way to protect you from potential snoops. Snowden joined with the Freedom of the Press Foundation to create an open-source Android app called Haven, which turns your phone into a pocket-sized security system. All you need is a spare phone and a healthy dose of paranoia. … The problem Haven aims to address is known as an ‘evil maid’ attack. Basically, many of the precautions you might take to protect your cybersecurity can go out the window if someone gains physical access to your device. If that happens without your knowledge, a malicious actor could have eyes and ears on all your private files and you’re none the wiser. Haven’s primary purpose, then, is to guard your laptop or other devices against anyone who might try to tamper with them. But the app can be helpful in other scenarios as well.” (12/22/17)


Google collects Android users’ locations even when location services are disabled

Source: Quartz

“Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card? Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed. Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers — even when location services are disabled — and sending that data back to Google.” (11/21/17)


Google removes 300 apps used to launch DDoS attacks From Play Store

Source: Gizmodo

“Google has removed roughly 300 apps from its Play Store after security researchers from several internet infrastructure companies discovered that the seemingly harmless apps — offering video players and ringtones, among other features — were secretly hijacking Android devices to provide traffic for large-scale distributed denial of service (DDoS) attacks. The botnet, nicknamed WireX, caught the attention of security researchers at the content delivery network Akamai when it was used to attack one of its clients earlier this month. Akamai’s client, a multinational hospitality company, was hit with traffic from hundreds of thousands of IP addresses.” (08/28/17)


Report: Messaging apps with surveillance malware made it onto Google Play store

Source: Fortune

“Researchers at the security firm Lookout have identified a family of malicious smartphone apps, referred to as SonicSpy. At least three versions of the malware, which is able to remotely control infected phones, made it onto Google’s Play store. Anyone who installs the compromised apps will find they have full messaging functionality. But in the background, according to Lookout, the apps are able to hijack a variety of basic phone functions. That includes making outbound calls, sending text messages, and harvesting call logs, contacts, and Wi-Fi data.” (08/13/17)


Amazon suspends sales of BLU phones due to alleged spyware; BLU denies wrongdoing

Source: Android Police

“BLU is one of many low-end phone manufacturers, known for its dirt-cheap unlocked Android phones. But back in November, a security firm discovered spyware on some BLU phones sold in the United States, prompting Amazon to stop selling the affected devices until the issue was resolved. But it looks like BLU is, once again, in trouble with Amazon. The retailer is ceasing sales of some BLU devices (there are still some available for purchase, at the time of writing) following an announcement from security firm Kryptowire at the recent Black Hat security conference. You might remember Kryptowire — it’s the group that found spyware on BLU phones last year. The firm revealed that the original spyware, developed by Chinese company Adups Technology, is still present on BLU phones.” (07/31/17)


Vault 7: New WikiLeaks dump details Android SMS snooping malware

Source: Naked Security

“Since launching its Vault 7 project in March, WikiLeaks has dumped documents outlining the CIA’s efforts to exploit Microsoft and Apple technology. In this week’s latest release, it focuses on malware called HighRise, which the agency used to target Android devices. WikiLeaks describes HighRise this way on its website: ‘HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts.'” (07/14/17)


Russia: Google to open up Android devices, pay $7.8 million bribe

Source: TechCrunch

“Google has reached a settlement with Russia’s Federal Antimonopoly Service (FAS) agency in the antitrust case the Russian search rival Yandex had originally filed, claiming Google had violated local competition rules. The case revolved around how Google had required handset makers to pre-load their devices with Google apps and services in order to also gain access the Google Play Store application. FAS had imposed a fine of 438M RUB (~$7.8M) on Google …. Per the terms of the agreement, Google will no longer demand exclusivity of its applications on Android devices in Russia, and it will not restrict the pre-installation of any competing search engines and applications — including on the Android home screen, FAS states.” (04/17/17)