Archives for Android

Android users are vulnerable to these scams

Every minute, twenty three American Android users will access a malicious URL. These are the statistics from Q1 of 2018 according to a report from PSafe’s dfndr lab, which analyzed 200 million digital files from more than 21 million active users of its security application. According to Tech.Co these URLs include “fake virus alerts to phony dating sites, [and] new Android scams.”

Tech.Co put together a list of which scams Android users are most likely to fall for, based on the data PSafe released. If you’re an Android user, from the United States or elsewhere, keep an eye out for anything you feel might fit into these categories.

The third most likely scam is “fake giveaways.” Tech.Co says that fake promotional stunts and sweepstakes are a very popular method to phish for personal data. “The scam — which has been detected by dfndr lab 108,106 times — works by dangling an impressive prize in front of the phone users. It urges potential victims to take an action in order to qualify for a shot at winning. Users might be asked to download an app, click through a malicious link, or subscribe to an SMS service with hidden costs.”

In other words, do not sign up for any giveaway or promotional material unless it is from a brand, person, or website that you know is secure, and that you trust with your personal data.

The second most likely scam, believe it or not, is “adult dating sites.” PSafe’s dfndr lab found 175,423 instances of malicious activity from adult dating sites in Q1.

Tech.Co says, “Users might be scammed in one of two different ways by these shady dating sites. One possibility is that they’ll redirect users to advertisement pages that earn a clickthrough-based commission. This also scams those trying to advertise through them, as well as mobile users who inadvertently click on the ads. The other option is the sites ask for the ability to send notifications, and then abuse that ability by asking users for the chance to install malware.”

And the big winner for Android scams is “fake virus alerts.” Essentially, this is when a banner ad pops up on a phone masquerading as a system alert. Usually, these will say that your phone is infected and that the only way to solve this problem is to download a specific antivirus app, which as you can guess, was really the malware all along.

Tech.Co says, “Perhaps the recent security scandals at Facebook have made Android mobile users fearful enough for such scams to work. Fake virus alerts have been detected a whopping 558,221 by dfndr lab.”

You might be wondering why these scams are so prevalent for smartphone users. PSafe CEO Marco DeMello told Tech.Co it’s all about money. “All scams we see are motivated by profit. Whether it is a hacker stealing personal data or an affiliate advertising network using deceptive ads to get their clients high conversion rates, the bad actor is looking to make money.”

PSafe also revealed that the demographic likely to be scammed is actually men. According to the research, men are twice as likely to click on scams as women. And while women are more likely to fall for the fake giveaways, men tend to fall for messenger schemes.

Source: The Top Scams that Android Users Fall For
Published: June 11, 2018

Frightening new Android malware causes concern for users

If you’re an Android user, you might want to pay attention to news of the recent, aggressive form of malware known as RedDrop. This Android-exclusive bug can steal a device’s photos, contacts, files, and other data, and is also able to record live audio and rack up massive phone bills for the victim, according to Tech Spot.

RedDrop was discovered by UK mobile security and data management firm, Wandera. Wandera said it found RedDrop was present on the phones of employees at several global consultancy firms, and that it is “one of the most sophisticated pieces of Android malware.”

Wandera researchers explained that users became vulnerable after clicking an ad that redirected them to a distribution site, which encourages visitors to download one of the 53 malicious RedDrop apps. Wandera explained that, “The malware’s creators use a content distribution network of over 4000 domains to distribute the applications, which are disguised as calculators, image editors, language learning aids, games, and adult content.”

“We believe the group developed this complex CDN [content distribution network] to obfuscate where the malware was served from, making it harder for security teams to detect the source of the threat,” the researchers told Tech Spot.

If you install one of the malicious RedDrop apps, you’ll be asked to interact with it in some way. For example, one app, called “CuteActress,” asks users to rub the screen and reveal a seductively-dressed woman. Well, for every rub, your device is unwittingly sending an SMS message to a premium-rate service. Meanwhile, the malware deletes all records of the message being sent, so you’re not likely to become keen to the scam.

According to Tech Spot, RedDrop malware will “harvest data such as local files (photos/contact etc.), SIM info, app and WiFi info, and device details. It can also grab live audio recordings of local surroundings using a device’s microphone. The data is then sent back to the attackers’ Dropbox or Drive folders to use for extortion purposes or launch further attacks.”

Moral of the story? Be careful where you download your apps, and pay attention to what they’re asking. Wandera says concerned users should disallow third-party downloads, avoid rooting your device, and check which permissions apps request, and use a security solution that can monitor and block C&C traffic at the device level.

Source: techspot.com – New Android malware can steal data, record audio, and send SMS messages to premium services
Published: February 28, 2018

Android P promises to stop apps from listening to you through your phone

We posted back in January about the scandal that broke regarding some apps in the Google Play Store which were using users’ microphones to listen to their conversations without clear consent. It looks like Google has heard the complaints about the issue, and made a move to remedy the situation. The next version of the company’s mobile OS, Android P, will include new privacy protections that prevent apps from using a phone’s camera and microphone in the background.

According to ZD Net, the Android Open Source Project (AOSP) said in a developers note for the OS that “once an app has run in the background for a certain amount of time, it should not be able to use the camera.” The same goes for the microphone, of course. The policy notes for Android P say that if an app is in “idle state we don’t allow recording to protect user’s privacy.”

If you’re updating your device to use Android P, this should give you some comfort that the apps you’ve installed will not be spying on you while running in the background. Only when the app is in active use will it be enabled with microphone and camera functionality.

Source: zdnet.com – Android P will stop apps from silently using your phone’s camera and mic
Published: February 22, 2018

Some Android apps are listening to you without your clear consent

A recent scandal has broken in the news, reporting that certain smartphone games downloaded via the Google Play Store are listening to you through your microphone. Perhaps even more strangely, the apps aren’t listening to what you are saying; they are listening to your TV, computer, or whichever device you use to consume media. The apps even listen through the microphone while not in use.

The apps use microphone access to collect data on “what shows you watch, which ads you hear, and even what movies you see,” according to The Verge.  This is a particularly shady practice, especially considering the Federal Trade Commission has warned companies against undisclosed data collection. In 2016, it even forced certain developers to notify users.

A report in The New York Times identified more than 250 games on the Google Play Store that include a “specific type of software for monitoring users’ TV habits.” It was developed by a company called Alphonso. When apps use Alphonso’s software – or when they admit to it – it’s often without clarity. They hide their disclosure in the application description, always beneath the option to “read more.” And, as you might guess, it is very easy to miss that warning.

Some apps are a bit more forward. For example, according to The Verge, a game called Endless 9*9 puzzle by Imobile Game Studios asks for location and microphone access once installed, with no explanation as to why this information is needed. It’s only when you go into the game settings that the app discloses tracking “TV viewership details” in order to “show you TV related content and ads.” Because it does not say this when asking for access, users don’t truly consent to the practice.

So how should users be notified? The FTC has some suggested guidelines. As The Verge explains, “the commission has said that only including disclosures in, say, a YouTube video description isn’t acceptable, since not every viewer may see it. Since people can download these games without viewing the disclosure, the same issues could come up here.” Basically, the notification needs to be viewed by everyone downloading the app in a clear and unmistakable fashion.

Although more apps using the Alphonso software run through the Google Play Store, some do exist for iOS as well. If you’d like to double check to see which 250 games run Alphonso, the list is available here.

Google Cutting Out the Android Middleman

androidGoogle reportedly has its own smartphones and smartwatches ready for release by the end of 2016. With the widespread global success of Android OS, it makes sense that Google would want to keep more of the profits for itself.

Google started by partnering with manufacturers like Samsung or HTC to sell Android-based third-party devices. It has also recently relied on Nexus devices, which were manufactured in collaboration with a number of tech firms. But now Google is cutting out the middlemen and selling in-house devices under the Google brand. The first, Android Nougat, is set for release this fall.

Google’s devices will likely be modular in design, meaning they will use interchangeable blocks to boost performance or replace faulty blocks.

According to the Android Police website, Google might also be working on two watches that feature Google Assistant. Again, these would be released under the Google brand with the wearable OS, Android Wear 2.0.

*Source: CTV News

Save

Dell Ditches Android Tablets

dell-logoDell has decided to stop selling tablets that run on Android OS, focusing instead on Windows two-in-one devices. Dell has been discontinuing a number of Android-run devices for a while. Now, the Venue line of tablets and the Wyse Cloud Connect computer will no longer be available.

“The slate tablet market is over-saturated and is experiencing declining demand from consumers, so we’ve decided to discontinue the Android-based Venue tablet line,” a Dell spokesperson was quoted as saying in a Network World article.

Although the traditional slate tablet was fun and innovative at one point in history, two-in-one devices have the potential to serve as both a tablet and a laptop, making them more desirable. The Dell spokesperson said two-in-ones are “rising in popularity” most notably in the “commercial space.”

“For customers who own Android-based Venue products, Dell will continue to support currently active warranty and service contracts until they expire, but we will not be pushing out future OS upgrades,” the spokesperson explained. Dell also made it clear this is not a vendetta against Android, and it remains open to supporting the OS in the future.

FCC, FTC to Investigate Mobile Security Updates

smartphoneThe Federal Communications Commission (FCC) and Federal Trade Commission (FTC) are launching parallel probes into the mobile industry’s security update practices. The agencies want to determine how manufacturers issue security updates for mobile devices, and how carriers review and release the patches.

“As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use,” stated an FCC press release.

“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including ‘Stagefright’ in the Android operating system, which may affect almost 1 billion Android devices globally.”

In all, the FTC has contacted eight companies – Apple, BlackBerry, Google, HTC, LG, Microsoft, Motorola and Samsung – to gain insight into how manufacturers determine if a vulnerability needs to be patched. It has also asked for a list of all devices offered for sale since 2013, with information on any bugs that have impacted them and any fixes that were issued.

The main concern is that delays in developing patches may be leaving devices unprotected. Older devices may never receive the necessary protection.

Android Updates Boost Accessibility

voice access betaSmartphones make our lives so easy we don’t often think of the challenges they pose for individuals with disabilities. Google is working to make their products more accessible, releasing a group of updates including Voice Access Beta, which allows anyone to control their phone by talking to it.

Voice Access Beta is meant for “people who have difficulty manipulating a touch screen due to paralysis, tremor, temporary injury or other reasons.” It allows users to instruct their device to perform a range of tasks, such as “open Chrome,” or “scroll down.”

At the moment, the beta version of Voice Access is still in the testing stage. However, more accessibility updates have already launched such as Android N, which assists those with visual impairments by utilizing voice commands alongside a Chrome screen reader.

“Nearly 20 percent of the U.S population will have a disability during their lifetime, which can make it hard for them to access and interact with technology, and limits the opportunity that technology can bring,” Google accessibility engineering manager Eve Andersson was quoted as saying in a PCMag article.

“That’s why it’s so important to build tools to make technology accessible to everyone – from people with visual impairments who need screen reader or larger text, to people with motor restrictions that prevent them from interacting with a touch screen, to people with hearing impairments who cannot hear their device’s sounds.”

In addition to the Android updates, Google Docs is now running voice commands to allow users to type, edit and format their work.

Android Users Can Save Apple Music to SD Card

apple-musicApple has recently released an update for the beta app of Apple Music for Android. As Android users may know, one of the perks of having an Android over an iPhone is the additional storage available through the use of an SD card – which Apple products do not support. Now it seems that Apple is choosing to recognize that perk, and are allowing Android users the option to store songs from Apple Music on their SD card.

This is a pretty decent update for a few reasons. Firstly, having the option not to store all your music on your phone, thus clearing up space for apps and whatnot, is always a bonus. And if you didn’t store your music, having the option to save to an SD card prevents potentially expensive data streaming.

If you’re an Apple Music for Android user and you’d like to start storing your music on an SD card, you only have to go your download settings and specify where you’d like your music to be saved.

*Source: CNET

BlackBerry + Android = Love

BlackBerry LogoBlackBerry is committed to developing new devices based on the Android OS, announcing plans to continue to follow the course charted by the BlackBerry Priv.

BlackBerry plans on releasing at least one, but possibly two, smartphones powered by Android in 2016. CEO John Chen told CNET the emphasis on Android should not come as a surprise to users considering BlackBerry 10 failed to gain popularity after its release in 2013. This, coupled with the fact that BlackBerry’s OS holds only a one percent market share while Android enjoys nearly 53 percent, leaves little shock in the company’s decision.

The BlackBerry Priv, while using different software, isn’t all that different from the original BlackBerry smartphone you might be used to. It has a slide out physical keyboard, keeping true to the original BlackBerry image.

BlackBerry has not given up on its current operating system. John Chen has publicly said that the company plans on releasing two updates for BlackBerry 10 users in 2016.