Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android Security. Show all posts
Telecom Fraud
Android Security Data Permissions Device Surveillance DoTCyber Policy Government Spyware IMEI Verification Mobile Security Telecom Fraud

India’s Spyware Policy Could Reshape Tech Governance Norms


 

Several months ago, India's digital governance landscape was jolted by an unusual experiment in the control of state-controlled devices, one that briefly shifted the conversation from telecommunication networks to the mobile phones carried in consumers' pockets during the conversation. 

It has been instructed that all mobile handsets intended for the Indian market be shipped with a pre-installed government-developed security application called Sanchar Saathi, which is a technology shield against the use of cell phones. This was an initiative that is being positioned by the Indian Government as a technological protection against cell phone crimes. 

According to the app's promotional materials, Communication Partner (which translates to Communication Partner) was created to help users, particularly those in the mobile sector, counter mobile phone theft, financial fraud, spam, and other mobile-led scams that, as a result, have outpaced traditional police efforts. 

Further, the Department of Telecommunications (DoT), the regulatory authority responsible for overseeing the mandate, stated that the application’s core functionalities could neither be disabled nor restricted by end users, effectively making the application a permanent component of the operating environment, effectively classifying it as such. 

A 120-day deadline had been set for device makers to submit a detailed compliance report, including a system-level integration assessment, an audit confirmation and a detailed compliance report. It is important to note, however, that the order, which was originally defended on the basis of cybersecurity, quickly encountered a wave of public and political opposition. 

Leaders of opposition, privacy advocates, and digital-rights organizations questioned the proportionality of this measure as well as the inherent risks associated with compulsory, non-removable state applications on personal devices, as well as stating that such software could be used to collect mass data, track real-time locations, and continuously profile people's behavior.

It did not take long for the Department of Transportation to retract the mandatory installation requirement after a short period of time, stating that users had already accepted the application and that mandatory pre-installation was not required. Despite the swift withdrawal, the policy failed to quell wider unrest, amplifying fears that the policy reflected a deeper intention to normalize state access to private hardware with the rhetorical background of crime prevention, rather than quell it. 

Many commentators pointed out the uneasy similarities between this situation and the surveillance state described in George Orwell's 1984, where oversight is not only a default state of affairs but a matter of course. Several commentators feared that the episode was a sign that an eventual future where the individual might lose control over their personal technology to government-defined security priorities could be envisioned. 

Many experts, however, believe that the controversy involves not just a single application, but rather a precedent that the application tries to set-one that raises fundamental questions about the role of technology in society, whether this is a legitimate right, and the limits of privacy of citizens in the largest democracy in the world. 

Additionally, the mandate extends beyond new inventory, in that already in circulation handsets must be updated to accommodate the government application through software updates. As a result of the accompanying provisions, it is explicit that users and manufacturers cannot disable, limit, or obstruct its core functionalities. 

The directive, which was conceived as a measure to strengthen cyber intelligence and combat cyber fraud, has sparked a widening discussion among security researchers, civil-rights activists, and technology policy experts over the past few months. 

It has been reported that some security researchers, civil-rights advocates, and technology policy experts are warning that such state applications, which are compulsory and non-removable, will markedly alter India's approach to digital governance in a profound way, blurring longstanding boundaries between security objectives and individual control over private technology. 

After abruptly reversing its policy on Wednesday, the Indian government withdrew the directive that had instructed global smartphones manufacturers such as Apple and Samsung to embed a state-developed security application into all mobile handsets sold in the country. 

Several opposition lawmakers and digital-rights organizations, including those from the opposition party, reacted violently to the decision following a two-day backlash in which it was claimed that the Sanchar Saathi application, which means "Communication Partner" in Hindi, was not intended for security purposes but rather for surveillance purposes by the state.

In response to the mandate, critics from across the political aisle and privacy advocacy groups had publicly attacked the directive as an excessive intrusion into personal devices, claiming that the government was planning to "snoop on citizens through their phones." 

In response to mounting criticism, the Ministry of Communications issued a statement Wednesday afternoon confirming that the government had decided not to impose mandatory pre-installation, clarifying that manufacturers would no longer be bound by the order. As it was first circulated confidentially to device makers late last month, the original directive came into public discussion only after it was leaked to domestic media on Monday. 

According to the order, new handsets were required to comply with the requirement within 90 days of its release, and previously sold devices were also required to comply via software updates. This order was explicitly stating that key functions of the app cannot be disabled or restricted in order for them to be compliant with the rules. 

Despite the fact that the ministry had positioned the policy in a way that was supposed to protect the nation's digital security, its quiet withdrawal signifies a rare moment in which external scrutiny reshaped the state's digital policy calculus, emphasizing the importance of controlling personal technology, especially in the world's second largest mobile market. 

When the directive was first circulated to industry stakeholders, it was positioned to provide a narrow compliance window for new devices, but set a much more stringent requirement for handsets already in use. For manufacturers to ensure that all new units, whether they were manufactured in the factory or imported into India, carried the Sanchar Saathi application by default, they were given 90 days to do so. 

When the unsold devices had already been positioned in retail and distribution pipelines, companies were instructed to deliver the software retroactively through system updates to ensure that the devices were present throughout the supply chain, ensuring that they were present across supply chains. The policy, if it had been enforced, would have standardized the tool throughout one of the world’s largest mobile markets. 

Over 735 million people use smartphones every day. Government officials defended the mandate as a consumer protection imperative, arguing that it was necessary to protect consumers from telecom fraud based on duplicate or cloned IMEI numbers - 14 to 17 digit identification codes for mobile phones - which are the primary authentication codes on mobile networks. 

With the Sanchar Saathi platform, linked to a centralized registry, users can report missing smartphones, block stolen devices, block suspicious network access, and flag fraudulent mobile communications that have been sent. 

There was also evidence that it was necessary to launch the app in the first place: according to government data, since the app was launched in January, it has been able to block more than 3.7 million lost or stolen phones, and over 30 million illicit mobile connections have been terminated, including scams involving telecom companies and identity frauds associated with the app. 

Despite this, the mandate put India at odds with Apple, a company whose history is characterized by a reluctance to preload government and third party applications on its products, citing ecosystem integrity and operating system security as key concerns. 

In spite of Apple's relatively small share of the India smartphone market share of 4.5%, it holds a disproportionate amount of weight in global discussions about secure device architectures. Several industry insiders have noted that Apple's internal policies prohibit the inclusion of external software before the retail sale of the product, making regulatory friction a probable outcome. 

It was believed in the beginning that New Delhi would eventually sway Apple's pre-installation requirement, replacing it with optional installation prompts or software nudges which could be delivered at the operating system level, replacing mandatory pre-installation. A security researcher who spoke on condition of anonymity argued that negotiations could lead to a midpoint. 

Rather than imposing a mandate, they might settle for a nudge, the researcher said, echoing broader industry assumptions that the policy would prove to be more malleable in practice than it initially appeared. Privacy advocates, however, felt that the short lifespan of the order did not diminish its significance despite the fact that its duration was relatively short. 

Organizations that represent civil society have warned that non-removable, mandatory state applications - even when they present themselves as essential tools to combat fraud - may affect the normalization of a level of technical authority over individual devices that extends well beyond the prevention of telecom crimes. 

A quick comparison was drawn between Russia's recent requirement that a state-backed message application be embedded into smartphones and similar software standardization efforts in Russia and Russia-aligned regulatory environments, among other examples. According to Mishi Choudhary, a lawyer specializing in technology rights, "The government removes user consent as a meaningful choice, encapsulating the core argument from digital rights groups," he said.

Prior to the order being leaked to Indian media, the Ministry of Communications, which issued it on a confidential basis, declined to publicly release the entire directive or make any substantive comments regarding privacy issues. Critics contend that this silence compounded fears by leaving behind an impression of regulatory overreach that was not tempered by clarified safeguards, but by political optics. 

The episode of the cybercrime crisis continued to evoke questions about the transparency in cybersecurity policymaking, the future of digital consent, and the precedent that would be set when state security frameworks began to reach into the software layer of personal hardware in a democracy already struggling with rapid digitization and fragile public trust, even after the government announced it would not enforce pre-installation requirements anymore. 

A number of technology policy analysts also issued important warnings about the mandate, arguing that the risks lay not just in the stated purpose of the application but in the level of access it may be able to command in the future. 

Prasanto K. Roy, a specialist in India's digital infrastructure, who maintains a long-term study of the country's regulatory impulses, characterized the directive as an example of a larger problem: the lack of transparency about what state-mandated software might ultimately be allowed to do on the hardware of individual users. 

During an interview, Roy commented on the report that while Sanchar Saathi's internal workings are still unclear to the public, the permissions it seeks indicate that it is worth exercising caution. Despite the fact that we are not sure exactly what it is doing, we can see that it is asking for a lot of permissions from the flashlight to the camera which suggests that it has the potential to access almost everything. 

“That alone is problematic,” he added, reflecting a growing consensus among cybersecurity researchers that expansive access requests carry structural risks when they are connected to applications that aren’t subject to independent audits or external oversight, even when explained as security prerequisites. 

According to the Google Play Store's declaration, the application does not collect nor share user data, a statement which the government cited in its initial defense of the policy. The government, however, has limited its public communication around the order itself, which has exacerbated questions about consent and scope. 

A BBC spokesperson confirmed that the company has formally contacted the Department of Telecommunications seeking clarification on both the privacy posture of the application as well as what safeguards if any might apply to future updates and changes to the backend capabilities of the application. 

Roy, in addition, highlighted the fact that the requirements for compliance tend to conflict directly with long-standing policies maintained by most global handset manufacturers, particularly Apple, which in the past has resisted embedding government or third-party applications at the point of sale, and isn't likely to do so in the future either. 

The vast majority of handset manufacturers prohibit the installation of any government app or any external app before a handset is sold - except for the Chinese and Russian companies, Roy stated, adding that the Indian order effectively forbade manufacturers from deviating from long-established operating norms. 

Even though Android is the most prevalent smartphone in India, Apple's market share has become a crucial part of the policy's geopolitical undertones estimated at 4.5 percent by mid-2025 which has been attributed to the policy's geopolitical undertones. Apple has not yet issued a public statement about compliance, but it has been reported that they plan not to. 

Apple is planning to communicate its concerns with Delhi, according to sources cited by Reuters, while a Reuters report said the company would register its objections with the Indian government in writing. Apple was reported to not intend to comply with India's directive, and was planning on raising its concerns with the Indian government, as suggested in another Reuters report. 

Even though the comparison did little to soften its reception, the Indian directive is not completely without international precedent. According to a report published by the Russian media in August 2025, all Russian mobile phones and tablets sold domestically must carry the MAX messenger application endorsed by the government, sparking a similar debate around surveillance risks and digital autonomy. 

In this episode, India was placed along with a small but notable group of nations that have tightened device verification rules through a software-based approach to enforcement, rather than relying on telecom operators or network intermediaries for oversight. That parallel underscored the concerns of privacy advocates rather than eased them. 

This reinforced the belief that cybersecurity policies that rely on mandatory software, broad permissions, and silent updates - without transparent guardrails risk recalibrating the balance between fraud prevention and digital sovereignty for individuals.

Indian spyware mandate's brief rise and fall will probably outlast the order itself, leaving a policy inflection point that legislators, courts, and technology companies cannot ignore for the foreseeable future. This episode illustrates one of the most important aspects of modern security the debate shifts from intention to capability once software is a regulation instrument, instead of reassurance to verification once it becomes a regulatory instrument. 

The government globally faces legitimate pressure to curb digital fraud, secure device identities, and defend the telecom infrastructure. However, experts claim that trust isn't strengthened by force but by transparency, technical auditability, and clearly defined mandates anchored in law rather than ambiguity that strengthen trust.

For India, the controversy presents an opportunity not to retreat but instead to recalibrate. According to analysts, cybersecurity frameworks governing consumer devices should also contain public rule disclosures, third-party security assessments, granular consent architectures, sunset clauses for software updates from the state, and granular consent architectures. 

The groups who are representing the rights of digital citizens have also urged that future antifraud tools be activated with opt-ins, data minimization standards, local processing on devices, and not silent updates to the server without notification to the user.

However, the Sanchar Saathi debate has raised larger questions for democracies that are navigating mass digitization in the future who owns the software layer on personal hardware and how far can security imperatives extend before autonomy contracts are imposed? 

There is a growing consensus that the next decade of India's digital social contract will be defined by the answers, which will determine how innovation, security, and privacy coexist not just through negotiation, but through design as well.
Read more »
Wireless Encryption
AirPods Security Android Security Bluetooth Protocols Cross-Platform Integration Device Spoofing Ecosystem Bypass Firmware Access Open-Source Tools Technology Wireless Encryption

Indian Teen Enables Apple-Exclusive AirPods Features on Android


 As Apple's AirPods have long been known, they offer a wide range of intelligent features, such as seamless device switching, adaptive noise control, and detailed battery indicators, but only if they are paired with an iPhone. This has left Android users with little more than basic audio functions, despite the fact that they are available to Android users. 


It is now being challenged by an 18-year-old developer from Gurugram, who is regarded as an intentional reinforcement of Apple's closed ecosystem. The latest creation from Kavish Devar, LibrePods, is a significant breakthrough in the field of mobile devices: an open-source, completely free tool designed to replicate the experience of AirPods on Android or even Linux systems with striking accuracy. 

LibrePods removes the limitations previously accepted by Apple that restricted the full potential of AirPods outside Apple's ecosystem, enabling the earbuds to perform almost identically to the way they perform when paired with Apple's iOS devices. With this upgrade, Android users who rely on AirPods will experience a markedly enhanced and seamless user experience, which will include core functionalities, polished integration, and an unexpectedly familiar fluidity that will surprise them. 

The earlier efforts of the community, including OpenPods and MaterialPods, provided limited capabilities, including battery readings, but LibrePods goes a much further than these. With its near-complete control suite, Android users can quickly and easily access the functions normally reserved for Apple devices, effectively narrowing a gap that has existed for many years among Android devices. 

During his high school years, Devar is still a self-taught programmer who developed LibrePods after studying earlier attempts at improving Android users such as OpenPods and MaterialPods, both of whom provided very limited improvements. 

A much more ambitious approach is taken by his project, according to the detailed notes on its GitHub page. As it enables Apple to unlock AirPods' otherwise exclusive features on non-Apple platforms, LibrePods was designed to achieve this purpose. Among the features offered by Apple are noise-control features, adaptive transparency, hearing-assistance functions, ear-detection, personalized transparency settings, and precise battery information, all of which are traditionally exclusive to Apple's ecosystem. 

By making use of an app that emulates the behavior of an authorized Apple endpoint, the app is able to accomplish what it aims to accomplish: Android devices can communicate with AirPods almost exactly as iPhones would if they were connected to an authorized Apple device. 

A full range of features is most effective on the second- and third-generation AirPod Pros that are rooted via the Xposed framework and can be accessed through rooted Android devices. OnePlus and Oppo models running OxygenOS 16 or ColorOS 16 are also able to use LibrePods without rooting, which means Devar has ensured that LibrePods are accessible to a broader range of devices. 

Even though the older models of AirPods are not as customizable as those in the newer generations, they still have the advantage of accurate battery reporting, which makes them a good option for anyone who wants accurate battery data. 

Having these features unlocked will allow users to switch effortlessly between the Noise Cancellation, the Adaptive Audio, and the Transparency modes, rename their earbuds so they can be managed more easily, enable automatic play-and-pause functions, assign long-press actions to toggle ANC or trigger a voice assistant, as well as use head gesture controls to answer calls. This is an entirely new way to experience the AirPods on Android, bringing it to the next level of functionality and convenience. 

A meticulous reverse-engineering effort by Devar enabled AirPods to recognize Android handsets as if they were iPhones or iPads, and enabled them to recognize them as if they were an iPhone or iPad, enabling this level of cross-platform functionality. By using this technical trick, Apple is able to share the status data and advanced controls within the earphones that it typically confines to its own ecosystem. 

LibrePods, however, is not without some conditions, owing to what Devar describes as a persistent limitation in the Android Bluetooth stack, which leads to it currently needing to be connected to a rooted device which runs the Xposed framework, in order to achieve full functionality.

OnePlus and Oppo smartphones running OxygenOS 16 or ColorOS 16 can run the app without rooting, but certain advanced features—such as fine-tuning the Transparency mode adjustments—which require elevated system access are still available to those using these devices. This is a partial exception, but users on OnePlus and Oppo smartphones can still make use of the app without rooting. 

A central priority remains that of ensuring wide compatibility, with support extended across all the AirPods devices, including AirPods Max, the second- and third-generation AirPods Pro, though older models are naturally equipped with a dwindling range of features. The extensive documentation found on the project's GitHub repository may be helpful to those interested in exploring it further, as well as downloading the APK and installing it on their own computers. 

The LibrePods continues to receive widespread attention, and Devar's work reveals a broader shift in how users expect technology to work, namely the ability to choose, be open, and use it in a way that is more useful to them. In addition to restoring functionality lost to Android users who had to settle for a diluted AirPods experience, this project demonstrates the power of community-driven innovation in challenging established norms and challenging established expectations. 

The tool still comes with technical caveats, but its rapid evolution makes it more likely that further refinements will be added in the future. LibrePods, therefore, shows great promise of an improved, more flexible multi-platform audio future, one which is user-centric rather than platform-centric.
Read more »
Spyware
Android Security Data Theft malware Payment Faud Spyware

Android Malware Hits 42 Million Downloads, Risking Mobile Payments

 

Android malware is surging globally, with attackers increasingly targeting mobile payments and IoT devices, exposing critical vulnerabilities in systems heavily relied upon for communication, work, and financial activity. 

Recent findings from Zscaler indicate that 239 malicious Android apps were discovered on Google Play, amassing a staggering 42 million downloads, mainly by users seeking productivity and workflow solutions trusted in hybrid work settings. This reflects a pronounced shift away from traditional card-based fraud toward abuse of mobile payment channels using various social engineering tactics—such as phishing, smishing, and SIM-swapping.

Mobile compromise incidents are escalating rapidly, highlighted by a 67% year-over-year spike in Android malware transactions. Spyware, banking trojans, and adware are the dominant threats, with adware constituting 69% of all malware detections, indicating evolving monetization strategies among cybercriminals while the notorious 'Joker' family has sharply declined to only 23% of activity. The report outlines a trend of attackers focusing on high-value sectors, with the energy industry experiencing a dramatic 387% increase in attack attempts compared to the previous year.

IoT environments remain highly vulnerable, particularly in manufacturing and transportation, which saw over 40% of IoT-related malware activity. IoT attacks are primarily driven by botnet malware families such as Mirai, Mozi, and Gafgyt—collectively responsible for about 75% of observed malicious payloads within this space. Routers, in particular, are heavily targeted, making up 75% of all IoT attacks, as attackers use them for botnet building and proxy networks.

Geographically, India is the prime target for mobile malware, receiving 26% of analyzed attacks, followed by the United States (15%) and Canada (14%). In IoT, the United States is most affected, seeing 54.1% of all malicious traffic. Certain threats like the Android Void backdoor have infected at least 1.6 million Android TV boxes, mostly in India and Brazil, exposing the dangers linked to widespread use of inexpensive devices and outdated software. Malware families like Anatsa and Xnotice continue to refine tactics for financial theft and regional targeting.

To defend against these threats, experts recommend maintaining regularly updated devices, using reputable antivirus apps, enabling ransomware protection, limiting unnecessary app installations, scrutinizing permissions, running frequent malware scans, and utilizing Google Play Protect. The article stresses the need for a "zero trust everywhere" approach combined with AI-driven threat detection to counter the evolving cyber landscape.
Read more »
Security Bulletin
Android Ecosystem Android Security Cybersecurity Threats device protection Google Security Strategy Mobile Security Mobile Vulnerabilities OEM Patching Risk-Based Updates Security Bulletin

Google plans shift to risk-based security updates for Android phones


 

The Google Android ecosystem is set to undergo a significant transformation in its security posture, with Google preparing to overhaul the method it utilizes to address software vulnerabilities. Google is aiming to strengthen this. 

According to reports by Android Authority, the company plans to develop a new framework known as the Risk-Based Update System (RBUS) which will streamline patching processes for device manufacturers and help end users receive faster protection. According to Google, at present, Android Security Bulletins (ASBs) are published every month, which contain fixes for a variety of vulnerabilities, from minor flaws to severe exploits. 

A notification of hardware partners and Original Equipment Manufacturers (OEMs) is given at least one month in advance. Updates, however, will no longer be bundled together indiscriminately under the new approach. Google intends, instead, to prioritize real-world threats. 

As part of this initiative, Google will ensure vulnerabilities that are actively exploited or that pose the greatest risk to user privacy and data security are patched at the earliest possible opportunity. There will be no longer any delays in the release of essential protections due to less critical issues like low-level denial-of-service bugs. 

If this initiative is fully implemented, not only will OEMs be relieved from the burden of updating their devices, but it also shows Google's commitment to ensuring the safety of Android users by creating an intelligent and responsive update cycle. 

Over the last decade, Google has maintained a consistent rhythm with publishing the Android Security Bulletins on a monthly basis, regardless of whether or not updates for its Pixel devices had yet been released. There has been a tradition for each bulletin to outline a wide range of vulnerabilities, ranging from relatively minor issues to critical ones, with the sheer complexity of Android often leading to a dozen or more vulnerabilities being reported every month as a result of its sheer complexity. 

In July 2025, however, Google disrupted this cadence by publishing an update for the first time in 120 consecutive bulletins that did not document a single vulnerability for the first time. A break in precedent did not mean there were no issues, rather it signaled that Google was shifting how they communicate and distribute security updates in a strategic manner. 

In September 2025, the bulletin recorded an unusually high number of 119 vulnerabilities, underscoring the change in how they communicate and distribute security fixes. According to this contrast, Google has taken steps toward prioritizing high-risk vulnerabilities and ensuring that the device manufacturers are able to respond to emerging threats as quickly as possible, so that users can be shielded from active exploit. 

In spite of the fact that Original Equipment Manufacturers (OEMs) are largely dependent on the Android operating system to power their devices, they frequently operate on separate patch cycles and publish individual security bulletins, which has historically led to a degree of inconsistency across all ecosystems. 

With Google's aim to streamline the number of fixes the manufacturer must deploy each month, it appears Google wants to alleviate the burden on manufacturers, reducing the amount of patches that must be tested and deployed, as well as giving OEMs greater flexibility when and how firmware updates should be rolled out. 

It is possible for device makers to gain a greater sense of control by prioritizing high-risk vulnerabilities, but it also raises concern about possible delays in addressing less severe vulnerabilities that could be exploited if left uncorrected. The larger quarterly bulletins will be able to offset this new cadence. 

The September 2025 bulletin, which included more than 100 vulnerabilities in comparison to the empty or minimal lists of July and August, is indicative of this. According to Google spokesperson, in a statement to ZDNET, Android and Pixel both continuously address known security vulnerabilities, putting an emphasis on the most vulnerable to be fixed. 

In this way, Google emphasizes the platform's hardened protections, such as the adoption of memory-safe programming languages like Rust and the use of advanced anti-exploitation measures built into the platform. It is also being announced that Google will be extending its security posture beyond its system updates. 

Starting next year, developers of Android-certified apps will be required to provide their identities in order to distribute their software, as well as restrictions on sideloading, which are designed to combat fraudulent and malicious app development. There will also be increased pressure on major Android partners, such as Samsung, OnePlus, and other Original Equipment Manufacturers (OEMs) to adjust their update pipelines as a result of the switch to a risk-based update framework. 

According to Android Authority, which was the first to report about Google's plans, Google is actively negotiating with partners in an attempt to ease this shift, potentially reducing the burden on manufacturers who have historically struggled to provide timely updates. Sources cited by the company indicate that the company is actively in discussions with partners in order to ease this transition. 

The model offers users a more robust level of protection against active threats as well as minimizing interruptions from less urgent fixes, which will lead to a better device experience for users. Nevertheless, Google's approach raises some questions about transparency, including how it will determine what constitutes a high-risk flaw, and how it will communicate those judgments in a transparent manner. 

There are critics who warn against the risks of deprioritizing lower-severity vulnerabilities, which, while effective short-term, risks leaving cumulative holes in long-term device security. According to Google’s strategy, outlined in Android Headlines, which was designed to counter mobile exploits with data-driven strategies that aim to outpace attackers who are increasingly targeting smartphones, Google's strategy is a data-driven response. 

There are implications for more than Android phones. It is possible that the decision could be used as a model for rival operating systems, especially as regulators in regions like the European Union push for more consistent and timely patches for consumer devices. Consequently, enterprises and developers need to rethink how patch management works, and OEMs that adopt patch management early may be able to gain an advantage in markets that are sensitive to security. 

Despite a streamlined schedule, smaller manufacturers may be unable to keep up with the pace, underscoring the fragmentation that has long plagued the Android ecosystem. In an effort to mitigate these risks, Google has already signaled plans for providing tools and guidelines, and some industry observers are speculating that future Android versions might even include AI-powered predictive security tools that identify and prevent threats before they occur. 

With the successful implementation of this initiative, a new era of mobile security standards might be dawning and a balance between urgency and efficiency would be established in an era where cyber-attacks are escalating. For the average Android user, it is expected that the practical impact of Google's risk-based approach will be overwhelmingly positive. 

A device owner who receives a monthly patch may not notice much change, but a device owner with a handset that isn't updated regularly will benefit from manufacturers being able to push out fixes in a more structured fashion—particularly quarterly bulletins, which are now responsible for the bulk of security updates. 

There are, however, critics who caution that the consolidation of patches on a quarterly basis could, in theory, create an opportunity for malicious actors to exploit if details of upcoming fixes were leaked. However, industry analysts caution that this is still a very hypothetical risk, as the system is designed to accelerate the vulnerability discovery process in order to make sure that the most dangerous vulnerabilities are quickly exploited before they are widely abused. 

In the aggregate, the strategy demonstrates that Google is taking steps to enhance Android's defenses by prioritizing urgent threats, which aims to improve Android's security and stability across its wide range of devices in order to deliver a more reliable and stable experience for its users. 

Ultimately, the success of Google's risk-based update strategy will be determined not only by how quickly vulnerabilities are identified and patched, but also by how well manufacturers, regulators, and a broader developer community cooperate with Google. Since the Android ecosystem remains among the most fragmented, diverse, and diverse in the world, the effectiveness of this model will ultimately be evaluated based on the consistency and timeliness with which it provides protection across billions of devices, from flagship smartphones to budget models in emerging markets, within a timely manner. 

There are a number of questions that users need to keep in mind in order to get the most out of security: Enabling automatic updates, limiting the use of sideloaded applications, and choosing devices from OEMs that are known for providing timely patches are all ways to make sure users are protected.

The framework offers enterprises a chance to re-calibrate their device management policies, emphasizing risk management and aligning them with quarterly cycles more than ever before. As a result of Google's move, security will become much more than a static checklist. 

Instead, it will become an adaptive, dynamic process that anticipates threats rather than simply responds to them. Obviously, if this approach is executed effectively, it is going to change the landscape in terms of mobile security around the world, turning Android's vast reach from a vulnerability into one of its greatest assets.
Read more »
User Privacy
Android Security Cyber Scams Mobile Security Security Update User Privacy

Android Latest Security Feature Protects Users from Cyber Scams

 

Google is developing a new security feature for Android that prevents users from updating sensitive settings while a phone call is in process. The in-call anti-scammer measures include prohibiting users from enabling settings to install apps from unidentified sources and providing accessibility access. The development was initially reported by Android Authority. 

Users who attempt to do so during phone calls receive the following message: "Scammers frequently request this type of action during phone calls, thus it is blocked to protect you. If you are being directed to take this activity by someone you do not know, it could be a scam.” 

Furthermore, it prevents users from granting an app access to accessibility services during a phone call. The feature is now active in Android 16 Beta 2, which was released earlier this week. With this latest update, the goal is to increase friction to a technique that malicious actors frequently utilise to propagate malware. 

These tactics, known as telephone-oriented attack delivery (TOAD), entail sending SMS messages to potential targets and encouraging them to contact a number by creating a false feeling of urgency.

Last year, NCC Group and Finland's National Cyber Security Centre (NCSC-FI) revealed that fraudsters were distributing dropper programs via SMS messages and phone calls to deceive users into installing malware like Vultr. 

The development comes after Google increased restricted settings to cover more permission categories, preventing sideloaded applications from accessing sensitive data. To combat fraud, it has also enabled the automated blocking of potentially unsafe app sideloading in markets such as Brazil, Hong Kong, India, Kenya, Nigeria, the Philippines, Singapore, South Africa, Thailand, and Vietnam. 

Sideloading the safe way 

By following certain guidelines and best practices, you can sideload apps in a safer manner. To reduce the risks of sideloading, you can take the following actions. 

Verify the source: Only download apps from reliable and trustworthy sources. Avoid downloading applications from random websites, torrents, or file-sharing services. 

Check app authenticity: Ensure that the sideloading app is the original, unaltered version from the developer. Verify the app's digital signature if possible. 

Enable unknown sources selectively: On Android, you must allow "Unknown Sources." This enables you to sideload apps. This should be switched off when not in use. 

Employ a reputable APK repository: Aptoide and APKMirror are two trustworthy third-party app stores to use when sideloading Android apps. These programs select apps and examine them for malware. 

Use mobile security software: To safeguard your smartphone from possible dangers, use a trustworthy mobile security application. Malicious sideloaded apps can also be detected by many security applications.
Read more »
Theft Prevention
AI technology Android Android devices Android Security Cyber Security Data protection Google Theft Prevention

Google Introduces Advanced Anti-Theft and Data Protection Features for Android Devices

 

Google is set to introduce multiple anti-theft and data protection features later this year, targeting devices from Android 10 up to the upcoming Android 15. These new security measures aim to enhance user protection in cases of device theft or loss, combining AI and new authentication protocols to safeguard sensitive data. 

One of the standout features is the AI-powered Theft Detection Lock. This innovation will lock your device's screen if it detects abrupt motions typically associated with theft attempts, such as a thief snatching the device out of your hand. Another feature, the Offline Device Lock, ensures that your device will automatically lock if it is disconnected from the network or if there are too many failed authentication attempts, preventing unauthorized access. 

Google also introduced the Remote Lock feature, allowing users to lock their stolen devices remotely via android.com/lock. This function requires only the phone number and a security challenge, giving users time to recover their account details and utilize additional options in Find My Device, such as initiating a full factory reset to wipe the device clean. 

According to Google Vice President Suzanne Frey, these features aim to make it significantly harder for thieves to access stolen devices. All these features—Theft Detection Lock, Offline Device Lock, and Remote Lock—will be available through a Google Play services update for devices running Android 10 or later. Additionally, the new Android 15 release will bring enhanced factory reset protection. This upgrade will require Google account credentials during the setup process if a stolen device undergoes a factory reset. 

This step renders stolen devices unsellable, thereby reducing incentives for phone theft. Frey explained that without the device or Google account credentials, a thief won't be able to set up the device post-reset, essentially bricking the stolen device. To further bolster security, Android 15 will mandate the use of PIN, password, or biometric authentication when accessing or changing critical Google account and device settings from untrusted locations. This includes actions like changing your PIN, accessing Passkeys, or disabling theft protection. 

Similarly, disabling Find My Device or extending the screen timeout will also require authentication, adding another layer of security against criminals attempting to render a stolen device untrackable. Android 15 will also introduce "private spaces," which can be locked using a user-chosen PIN. This feature is designed to protect sensitive data stored in apps, such as health or financial information, from being accessed by thieves.                                                                           
These updates, including factory reset protection and private spaces, will be part of the Android 15 launch this fall. Enhanced authentication protections will roll out to select devices later this year. 
Google also announced at Google I/O 2024 new features in Android 15 and Google Play Protect aimed at combating scams, fraud, spyware, and banking malware. These comprehensive updates underline Google's commitment to user security in the increasingly digital age.
Read more »
Threat actors
Android Security Cyber Security Kaspersky Malicious Files Ransomware Threat actors

Threat Actors Distribute Around 400K Malicious Files Every-day to Attack Users


According to one of the latest reports, nearly 4,00,000 new malicious files were apparently distributed every day by threat actors in the year 2022, in order to deceive and attack online users. The report shows a significant 5 percent growth compared to the 2021 data of the same. 

An estimate shared by cybersecurity company Kaspersky reports that almost 3,80,000 of these malicious files were detected daily in 2021, and 122 million harmful files were detected in 2022, an increase of six million from the year before. 

“Considering how quickly the threat landscape is expanding its boundaries and the number of new devices appearing in users' daily lives, it's quite possible that next year we'll be detecting not 4,00,000 malicious files per day, but half a million,” says Vladimir Kuskov, head of anti-malware research, Kaspersky. 

"Even more dangerous is that, with the development of Malware-as-a-Service, any novice fraudster can now attack devices without any technical knowledge in programming," Kuskov continues. 

The research conducted by Kaspersky indicates that the estimated number of ransomwares detected every day grew by 181%, encrypting 9,500 files every day. This is in comparison to the year 2021.  

Kaspersky as well detected a 142 percent hike in the number of Downloaders, which are malware programs designed in order to install malicious and unwanted applications in a device. Windows, among all platforms, remained the most common platform used by threat actors that are affected by the threat families. 

Experts at Kaspersky, on the other hand, have detected 3,20,000 new malicious files that are responsible for attacks on Windows devices, in 2022, the report added.

Moreover, the Kaspersky experts have witnessed a 10 percent hike in the distribution of malicious files, attacking Android platforms and devices each day in the year 2022.  

Read more »
Vulnerability and Exploits
Android Security CVE vulnerability EOL Google Pixel Phones Kernel Qualcomm Vulnerability and Exploits

Google: Two Major Pixel Vulnerabilities Patched

 

Google has published updates for Android 10, 11, 12, and 12L which include Pixel security patches. The Android Security Bulletin for May offers information about security flaws could affect Android devices. 
 
The Pixel Update Bulletin offers information about security flaws and functional enhancements for concerned Pixel devices. Google Pixel phones are "pure Android" devices. The two bulletins identify significant vulnerabilities as follows : 

  • CVE-2022-20120—Bootloader [Critical] The bootloader has a remote code execution (RCE) flaw. The bootloader on Android is a software program that loads the operating system every time users turn on the phone. It can only load software which has been signed by Google by default. If users unlock the bootloader, though, it will run whatever software you specify. The precise problem hasn't been revealed yet, but based on the scale of access required to exploit it, it may be very serious.
  • CVE-2022-20117— Titan-M[Critical] Titan M has an information disclosure (ID) flaw. Titan M is a security management chip designed specifically for Pixel phones to protect the most sensitive data and os version on the device. Titan M aids the bootloader in ensuring users running the correct Android version. . However, being able to steal data from the portion which is supposed to protect the most sensitive information does not look well. 
  • CVE-2021-35090: Qualcomm[Moderate] Qualcomm chips are the most extensively used in Android smartphones. 9.3 out of 10 for CVSS. Qualcomm has recognized this race condition in Kernel as a Time-of-check Time-of-use (TOC TOU). A potential hypervisor memory corruption owing to a TOC TOU race scenario when changing address mappings was also mentioned. A TOC TOU occurs whenever a resource is tested for a specific value, such as whether or not a file exists, and then the value alters before the asset is utilized, invalidating the check's results. When multiple threads have access to shared data and attempt to update it at the same time, a race condition occurs.
  • CVE-2022-20119 Display/Graphics[High] 
  • CVE-2022-20121 USCCDMService[High] 

The most serious of these issues, according to Google, is a highly secure vulnerability in the Framework component which might lead to local elevation of privilege (EoP) with user execution rights required, although the company does not specify which of the four candidates it is. 

All problems in these bulletins are addressed in security patch versions 2022-05-05 or later for Google and other Android devices. Check and update one Android version to discover how to check a device's security patch level. Experts advise all Android users to update to the most recent version. 

This week, the Pixel 3a and Pixel 3a XL series will acquire its final security updates. When it comes to support, they then reach the End-of-Life (EOL)
Read more »
Vulnerability and Exploits
Android Security Google Linux Kernel Linux Shell Scripts Security flaw Vulnerability and Exploits

 'Dirty Pipe' Kernel Bug Enables Root Patched via Linux Distros

 

Dirty Pipe is a Linux local privilege escalation problem that has been found and publicly released, together with proof-of-concept vulnerability. The 'Dirty Pipe' vulnerability was responsibly disclosed by security researcher Max Kellermann, who indicated it impacts Linux Kernel 5.8 and later versions, as well as Android devices. 

CVE-2022-0847 is a weakness in the Linux kernel which was introduced in version 5.8 and resolved in versions 5.16.11, 5.15.25, and 5.10.102.

Kellerman discovered the flaw while investigating a bug that was causing one of his customer's web server access records to be corrupted. The vulnerability, according to Kellerman, is similar to the Dirty COW vulnerability (CVE-2016-5195), which was addressed in 2016.

A bug in the kernel's pipe handling code allows a user program to rewrite the information of the page cache, which ultimately makes its way into the file system, thanks to a refactoring error. It is identical to Dirty COW, but it is relatively easier to use. 

While using Linux, check for and install security updates from the distro. Wait for Google (and maybe your maker and/or carrier) to send you an update if you're using Android; because it runs a kernel older than 5.8, the current version of Android for the Google Pixel 6 and the Samsung Galaxy S22 is currently in jeopardy. 

Kellerman revealed a proof-of-concept (PoC) vulnerability as part of the Dirty Pipe disclosure which essentially allows users to inject their own content into sensitive read-only files, removing limitations or modifying settings to provide wider access than they would normally have. 

However, security researcher BLASTY disclosed an improved vulnerability today which makes gaining root privileges easier by altering the /usr/bin/su command to dump a root shell at /tmp/sh and then invoking the script. 

Starting on February 20th, 2022, the vulnerability was responsibly revealed to several Linux maintainers, including the Linux kernel security team and the Android Security Team. Despite the fact that the defect has been resolved in Linux kernels 5.16.11, 5.15.25, and 5.10.102, numerous servers continue to use outdated kernels, making the release of this vulnerability a major concern for server admins. 

Furthermore, due to the ease with which these vulnerabilities may be used to acquire root access, it will only be a matter of time before threat actors start exploiting the vulnerability in upcoming attacks. The malware had previously used the comparable Dirty COW vulnerability, which was more difficult to attack.  

This flaw is particularly concerning for web hosting companies that provide Linux shell access, as well as colleges that frequently provide shell access to multi-user Linux systems. It has been a difficult year for Linux, with a slew of high-profile privilege-escalation flaws exposed.
Read more »
Wifi vulnerability
Android Android Security Android Users Data Breach Educational Institute User Credentials User Data User Privacy Wifi vulnerability

Thousands of University Wi-Fi Networks Dislcose Log-In Credentials

 

Multiple configuration vulnerabilities in a free Wi-Fi network used by several colleges can enable access to the usernames and passwords of students and teachers who connect to the system using Android and Windows devices, according to the findings by researchers. 

WizCase researchers lead by researcher Ata Hakçl evaluated 3,100 Eduroam setups at universities throughout Europe and discovered that more than half of them have vulnerabilities that threat actors might exploit. 

They noted that the risk of misconfiguration might spread to other companies throughout the world. Eduroam offers free Wi-Fi access at participating institutions. It provides log-in credentials to students, researchers, and faculty members, allowing them to access the internet across many universities by utilizing credentials from their own university. 

Researchers found vulnerabilities in the execution of the Extensible Authentication Protocol (EAP) used by Eduroam, which offers numerous levels of authentication when individuals connect to the network. Some of these authentication steps are not implemented properly in some colleges, causing security flaws.

Researchers wrote in a report posted Wednesday, “Any students or faculty members using Eduroam or similar EAP-based Wi-Fi networks in their faculties with the wrong configuration are at risk.” 

“If you are using an Android device and have Eduroam Wi-Fi set to auto-connect, malicious people could capture your plaintext username and password by only getting 20 or so meters in the range of you.” 

WizCase evaluated several configuration guidelines and built a test environment with multiple attack scenarios for the study. Overall, their analysis indicated that in the majority of institutions with misconfigured networks, threat actors may establish an “evil twin”, Eduroam network that a user would mistake for the actual network, especially on Android devices. 

Referring to Eduroam's catalogue application that performs certificate checks, researchers stated, “This could result in these devices automatically sending their stored credentials in order to connect to the evil twin Wi-Fi network for users not using eduroamCAT.” 

Researchers emphasized that the issue is not due to any technical flaw in Eduroam's services or technology, but rather due to improper setup instructions provided by the institutions' own network administrators to those setting up access. 

Moreover, while each institution supplies resources and personnel to assist Eduroam functioning, researchers discovered that there is no centralized management for the network – either as a whole or at each university where the system is in place. This signifies that a minor misconfiguration may make it a target for hackers. 

Researchers narrowed down the issue further by dissecting the numerous consecutive steps of EAP authentication, discovering that inadequate implementation of the last level of this authentication, known as "Inner Authentication," is at the foundation of the problem. Inner Authentication is accomplished in one of two methods in EAP. 

One method is to utilize the Plain Authentication Protocol (PAP), which sends users' credentials to the authentication server in plaintext and relies on Outer Authentication to completely encrypt the traffic with a server certificate. 

The alternative method utilizes Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2), which understands that there may be errors in the “Outer Authentication stage, and transfers the password in a hashed, non-plaintext form. 

Mismanaged Certificate Checks 
“When a network with the same Wi-Fi name appears, Android devices will not check whether this certificate is trustworthy or not, and will not even notify the user about the certificate before connecting,” they explained. 

Even an operating system that properly performs certificate checks can disclose data since many users do not understand what a certificate check implies and will permit the connection to proceed even if they get an alert concerning the certificate. 

According to the researchers, this indicates that the problem can arise on Windows as well if a system is misconfigured. iOS devices are not vulnerable to the vulnerability since they do not enable connections to EAP networks without first installing the EAP configuration file, which ensures the validity of the server-side certificate. 

As per the researchers, 2,100 of the 3,100 Eduroam participating university setups examined by WizCase are possibly impacted by the issue. 

According to the firm, it may be prevented by returning to the second technique of Inner Authentication. WizCase contacted Eduroam in December to share their results and received a response the same day. 

In accordance with WizCase, Eduroam officials stated that they are aware of “Eduroam identity providers who do not follow the requirements of the Eduroam policy and leave their own users unprotected,” agreeing with researchers that this conduct is “unacceptable.” It is unknown whether Eduroam contacted its customers to alert them about the issue.
Read more »
SMS
Android Android Security malware Malware Attack McAfee SMS

Smishing Campaign: Roaming Mantis Attacks OS Android Systems With Malware

A smishing campaign which goes by the name Roaming Mantis is imitating a logistics firm to hack SMS messages and contact list of Android users from Asia since 2018. Last year, Roaming Mantis advanced its campaign impact by sending phishing URL messages and dynamic DNS services that attacked targets with duplicate Chrome extension "MoqHao." From the start of 2021, Mcafee Mobile Research Team has confirmed that the group is attacking users from Japan with the latest malware named SmsSpy. 

The corrupted code infects Android users that use either one of the two versions that depend upon variants of operating systems used by attacked systems. The phishing technique incorporated here shares similarities with earlier campaigns, still, the Roaming Mantis URL has the title "post" in composition. A different phishing message impersonates to be a Bitcoin handler and then takes the target to a malicious site (phishing) where the victim is requested to allow an unauthorized login attempt. 

McAfee reports, "During our investigation, we observed the phishing website hxxps://bitfiye[.]com redirect to hxxps://post.hygvv[.]com. The redirected URL contains the word “post” as well and follows the same format as the first screenshot. In this way, the actors behind the attack attempt to expand the variation of the SMS phishing campaign by redirecting from a domain that resembles a target company and service." Different malware, as a characteristic of the Malware distribution program, is sent which depends upon the Android OS variant that gained login to the phishing site. In Android OS 10 and later variants, malicious Google Play applications will get downloaded. In Android OS 9 and earlier variants, malicious Chrome applications will get downloaded. 

Because the infected code needs to be updated with each Android OS update, the malware actor targets more systems by spreading the malware that finds OS, instead of just trying to gain a small set with a single malware type. "The main purpose of this malware is to steal phone numbers and SMS messages from infected devices. After it runs, the malware pretends to be a Chrome or Google Play app that then requests the default messaging application to read the victim’s contacts and SMS messages," said McAfee.
Read more »
Mobile Security
Android Applications Android Security Fleeceware Google Play Store Mobile Security

Over 600 Million Users Download 25 'Fleeceware' Apps from the Play Store


Researchers at security firm Sophos has discovered a new set of Android apps present on the Google Play Store that contain fleeceware. Notably, these apps have been downloaded and installed by over 600 million unsuspecting Android users.

The term 'Fleeceware' was first coined in September 2019 by cybersecurity firm Sophos in aftermath of an investigation that led to a new kind of financial fraud on the authentic Google Play Store.

Fleeceware is a new addition to the cybersecurity ecosystem, referring to the exploitation of the trial period mechanism in Android apps which generally is provided before one is charged for the full version from his signed up account.

Normally, users who register for an Android app's trial period are required to cancel the same manually in order to avoid being charged. However, it's common among users to simply stop using the app by uninstalling it in case they don't like it. The action of uninstalling is read by the developers as trial period being canceled and hence it doesn't result in the due amount being charged from the user account.

The UK based, a cybersecurity company, Sophos told that it identified over two-dozen android apps containing fleeceware, these apps were charging somewhere around $100 and $240 per year for apps as basic and mainstream as barcode readers, calculators, and QR scanners.

Suspecting the unusually high number of downloads on these apps, analyst Jagadeesh Chandraiah says, it's likely that these apps have resorted to third-party pay-per-install services to raise up the download counts. He also suspects the five-star reviews being fake and bought in order to better the apps ranking on the Play store and hence lure a large number of users.

Warning the users in their report, Sophos told, "If you have an Android device and use the Google Play Store for apps, you should rigorously avoid installing these types of “free trial” apps that offer subscription-based charges after a short trial."

"If you do happen to have a free trial, make sure you understand that merely uninstalling the app does not cancel the trial period. Some publishers require you to send a specific email or follow other complicated instructions to end the free trial before you are charged, though you might just need to log into your Google Pay to cancel. Keep copies of all correspondence with the publisher, and be prepared to share that with Google if you end up disputing the charges." the report further read.
Read more »
Mobile Security
Adware Android Applications Android Security Mobile Security

Researchers Found Android Apps on Google Play that Steal Personal Data of Victims and Pose Other Threats



Security researchers identified seven new malicious apps present on Google Play Store that infect devices with adware and malware while laying open the system's backdoor access which ensures a smooth installation of any new functionality that comes along with the application. Other threats include battery drainage and excessive consumption of mobile data.

In recent times, with the mobile malware penetrating its roots in the cyber world, there have been a number of new discoveries from security researchers where they warn of malicious android apps that request sketchy permissions and contain malware. Android platform's openness, flexibility, and excess control are the key factors which make it all the more attractive to the users and likewise, cybercriminals. As a downside, it also provides a more vulnerable space for criminals to exploit by posting adware infected apps to serve marketing interests and steal sensitive user data. These apps can take different forms and mostly, share a similar code structure which indicates a direct link between the developers.

These malicious apps are configured to download and consequently install APKs from a GitHub repository, hence attackers are handling the GitHub communication very sophisticatedly, as a part of which they effectively wait to bypass detection by security officers and malware detection agencies.

Attackers have embedded a GitHub URL within the malicious app code which sets the basis for evading Google Play protect scan. However, while security researchers somehow managed to unearth the configuration data of the malicious apps and related URLs, they were directed to Adware APK which is triggered right after the installation of the infected app. The APK halts for a timeframe of 10 minutes after being triggered to execute the malicious motives.

Here, the aforementioned malicious apps have been posted by three different developers as listed below:

iSoft LLC (Developer) – Alarm Clock, Calculator, Free Magnifying Glass
PumpApp (Developer) – Magnifying Glass, Super Bright LED Flashlight
LizotMitis (Developer) – Magnifier, Magnifying Glass with Flashlight, Super-bright Flashlight

As a security measure for the continuously expanding mobile malware, Google tied up with various mobile security companies that would assist them in detecting bad apps before they hit a download mark over million. Users who have already installed these dropper apps are recommended to uninstall them manually.
Read more »
WhatsApp Call
Android Security App vulnerability Mobile Spyware Phone hacking WhatsApp WhatsApp Call

All it takes a WhatsApp call for the spyware to enter your phone


It’s been a day of high-profile security incidents. First there was news the popular WhatsApp messenger app was hacked. Updated versions of WhatsApp have been released, which you should install if you’re one of the more than one billion people who use the app.

WhatsApp has confirmed that a security flaw in the app let attackers install spy software on their targets' smartphones. The spyware install on a host phone via a WhatsApp call. The spyware deletes all WhatsApp call logs to become untraceable.

On Wednesday, chip-maker Intel confirmed that new problems discovered with some of its processors could reveal secret information to attacks.

What's scary about this spyware is that it can slip on any WhatsApp users' smartphone without giving the slightest clue that their devices have been infected. All it takes is a WhatsApp call.

The WhatsApp news was revealed first by the Financial Times, which says the bug was used in an attempt to access content on the phone of a UK-based human rights lawyer.

That has left many of its 1.5 billion users wondering how safe the "simple and secure" messaging app really is. How trustworthy are apps and devices?

No. Messages on WhatsApp are end-to-end encrypted, meaning they are scrambled when they leave the sender's device. The messages can be decrypted by the recipient's device only.

WhatsApp is arguably one of the most popular social messaging apps in the world. In the recent times, the Facebook-owned social messaging app has been under fire owing to the rampant spread of misinformation on its platform. But never has the app been under seige by a malware. That is until now.

WhatsApp has rolled out an update to its servers. It has also rolled out a security patch on to its Android and iOS apps to safeguard your phone data. Software patches have been released by several vendors, including Microsoft. You should install security updates from vendors promptly, including these.
Read more »
App vulnerability
Android Applications Android Security App vulnerability

Qualcomm Chip Security Flaw Poses Risk to App Account Security



Qualcomm technology which was manufactured to safely store private cryptographic keys has been found to be plagued with a security bug. The bug has been found in Qualcomm chipsets and is said to be paving way for Android malware which can potentially steal access to victims' online accounts.

The implemention of the technology should be such that even if the Android's OS has been exploited, the Qualcomm Secure Execution Environment, also known as QSEE should be beyond the reach of exploit and hence, unassailable. However, due to some imperfections in the implementation, such is not the case.

One can go about manipulating the system and leaking the private stored keys into the QSEE, as per a researcher with cybersecurity firm NCC Group, Keegan Ryan.

Ryan documented the vulnerability and came out with a conclusion that the flaw could bave been used by a hacker to exploit the way mobile apps let users sign in on smartphones. After entering the password, a cryptographic key pair would be generated by the app, which can be employed to make sure that all login attempts in the future are from the same device.

Referenced from the statements given by Ryan to PCMag,
"However, if an attacker uses this vulnerability to steal the key pair, the attacker can impersonate the user's device from anywhere in the world, and the user cannot stop it by powering down or destroying their device,"

"The attacker can run the malware one time, and extract the key. They now have permanent and unrestricted ability to create (authentication) signatures," he further added.

The patch is expected to roll out in April itself along with Android's security update.






Read more »
Smartphone Hacks
Android Security App vulnerability Google Google Play Store Smartphone Hacks

Google’s security program has caught issues in 1 million apps in 5 years

Security is a common concern when it comes to smartphones and it has always been especially important for Android. Google has done a lot over the years to change Android’s reputation and improve security. Monthly Android security patches are just one part of the puzzle. Five years ago, the company launched the Application Security Improvement Program. Recently, they shared some of the success they’ve had.

First, a little information on the program. When an app is submitted to the Play Store, it gets scanned to detect a variety of vulnerabilities. If something is found, the app gets flagged and the developer is notified (above). Diagnosis is provided to help get the app back in good standing. Google doesn’t distribute those apps to Android users until the issues are resolved.

Google likens the process to a doctor performing a routine physical.

Google recently offered an update on its Application Security Improvement Program. First launched five years ago, the program has now helped more than 300,000 developers fix more than 1 million apps on Google Play. In 2018 alone, it resulted in over 30,000 developers fixing over 75,000 apps.

In the same year, Google says it deployed the following six additional security vulnerability classes:

▬ SQL Injection

▬ File-based Cross-Site Scripting

▬ Cross-App Scripting

▬ Leaked Third-Party Credentials

▬ Scheme Hijacking

▬ JavaScript Interface Injection

The list is always growing as Google continues to monitor and improve the capabilities of the program.

Google originally created the Application Security Improvement Program to harden Android apps. The goal was simple: help Android developers build apps without known vulnerabilities, thus improving the overall ecosystem.

Google understands that developers can make mistakes sometimes and they hope to help catch those issues for years to come. Security will continue to be a big talking point as technology evolves. It’s important for users to be able to trust the apps on their phones.
Read more »
iOS
Android Applications Android Security Hacking iOS

Threatening Frailty in the Indian Mobile Security



 Compromising your phones has become quite an easy task for the hackers these days as it is convenient for them to do so without much hard work .There are numerous ways already available like the hackers can change passwords and get access to confidential corporate and private data on your phone or better yet they can either install malicious code on your phone that allows them to read your messages, access your photos or could even turn on your microphone.

In other words, once hackers access your device, they can easily use your microphone or camera to record you, and thanks to GPS, they’ll even get to know your location.

In case of companies that make operating systems (OS) for mobile phones, they are used to plugging known vulnerabilities and loopholes by periodically updating their operating systems and release newer versions of it by even issuing security patches.

But in the case of Android, there exists a unique problem. Android being a foundational OS releases an update or a security patch and it’s unclear who is responsible for updating the OS that’s actually running on the device.

There are hundreds of companies that are currently making Android based devices and selling more than 60,000 models worldwide. It’s a complex ecosystem, with no one quite tracking the updates and vulnerabilities.

A third of the Android phones in India are running a version of the OS released in March 2015 or before. This leaves now some 300 million smart phone users in India potentially vulnerable.
Nobody presently knows how they are utilizing the internet and what applications are being installed on these devices. They are additionally liable to be less attentive about imparting information to application developers. Most terms and conditions that users consent to have a tendency to be in English. And that in itself is reasonable enough for assuming that numerous Indian mobile users are consenting to things without quite understanding what they are consenting to.

Saket Modi, the CEO of Lucideus Tech as well as a well-known ethical hacker says,
“It is relatively harder to install malware on Apple’s iPhones as to install a hacking app on an iPhone, you need the unique device identifier — a sequence of 40 letters and numbers, which can only be accessed by connecting the phone to a computer via Apple’s iTunes software. It is far easier however to install an app from an unknown source on an Android phone than on an iPhone,”

According to data aggregated by Lucideus, Android (all versions combined) has 1,855 known vulnerabilities, compared with 1,495 for iOS.

The Outdated privacy laws in India add to the troubles of mobile phone users. Shiv Putcha, founder of telecom consultancy Mandala Insights says..

 “In India, the regulations are weak at best, you don’t have a privacy law, no regulations around data storage or access to private data. If they (mobile phone makers and service providers) aren’t storing data here, how can we be sure how secure our data is?”

Nevertheless the government though did respond to this issue by highlighting the need for a strong data protection law, along the lines of the General Data Protection Regulation (GDPR) in the EU, and has even set up a committee to look into it.


Although according to Google, in 2017, India still ranks third in the highest percentage of phones with potentially harmful applications (PHAs) among the major Android markets, with 1% of the total Android phones in the country affected, though the figure had dropped by a third from 2016 but Google still says that devices that install apps from outside the Google Play app store are nine times more likely to have PHAs.





Read more »
Subscribe to: Comments (Atom)