gizmosure

Tag: Android

  • Twitter Users on Android May Have Had Their Personal Data Compromised

    Twitter Users on Android May Have Had Their Personal Data Compromised

    Twitter and Facebook have announced that personal data of hundreds of users may have been compromised after they used their accounts to log in to certain third-party apps. This includes their names, gender, email addresses, usernames, and possibly their most recent tweets.

    Both companies received a report from security researchers who found that a software development kit called One Audience, allowed third party developers to access personal data.

    “We recently received a report about a malicious mobile software development kit (SDK) maintained by oneAudience. We are informing you about this today because we believe we have a responsibility to inform you of incidents that may impact the safety of your personal data or Twitter account,” Twitter wrote in a blog post on Monday.

    Apps usually ask for access to users’ social media accounts such as Facebook and Twitter to offer extra features such as the ability to share achievements and in-game leaderboards. However, apps using this SDK potentially allowed third-party developers to access much more data than users originally intended to.

    The company also notes that it might have been possible for someone to take control of someone else’s Twitter account using this vulnerability, however, no evidence in this regard has been found yet.

    “We think it’s important for people to be aware that this exists out there and that they review the apps that they use to connect to their accounts,” said Lindsay McCallum, a Twitter spokeswoman.

    For now, the vulnerability only seems to affect Twitter users on Android, as no evidence has been found yet that suggests iOS users were also impacted.

    Twitter said it has informed Google and Apple about the vulnerability so that they can take evasive measures. The company also said it will be informing Twitter users impacted by this vulnerability.

  • Google Increases Bounty for Its Android Security Rewards Program

    Google Increases Bounty for Its Android Security Rewards Program

    Google recently confirmed that the total bounty for its Android Security Rewards program would be expanded, with rewards reaching up to $1.5 million. The company said that if you happen to find a security bug that can compromise the Titan M secure element used in its Pixel 3 handsets, you’ll be rewarded with $1 million.

    Though if you find a bug that can be replicated on specific developer preview versions of Android, you’re entitled to a 50 per cent bonus, implying the total bounty reaches a staggering $1.5 million. Put simply, if you happen to find a security bug that meets these requirements, you’ll be rewarded with one of the biggest bounties in the industry.

    “In 2019 Gartner rated the Pixel 3 with Titan M as having the most ‘strong’ ratings in the built-in security section out of all devices evaluated. This is why we’ve created a dedicated prize to reward researchers for exploits found to circumvent the secure elements protections,” said Jessica Lin from the Android security team in a blog post. “

    Google explained that the bug report must reveal a full chain remote code execution exploit with persistence which compromises the Titan M secure element available on Pixel 3 devices. On the other hand, lock screen bypass and data exfiltration will be rewarded with a maximum of $500,000.

    Launched back in 2015, the Android Security Rewards program is a bug bounty program where white hat hackers receive rewards for finding bugs in Google’s Android OS. The company claims it has paid more than $ 4 million in rewards based on 1800 reports, since the program’s introduction four ago. Besides, Google also added that the company has given away more than $1.5 million in the last 12 months, with top reward this year reaching $161,337.

    “Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year). On average, this means we paid out over $15,000 (20% increase from last year) per researcher!” Lin added.

    It’s also worth noting that the changes in bounty program have already gone live on November 21, 2019. You can find more details about the Android Security Rewards Program rules here.

  • Google Releases Android Security Patch for November 2019

    Google Releases Android Security Patch for November 2019

    Today, Google rolled out the newest Android security patch for November 2019 to address several security vulnerabilities and bug fixes in the latest Android 10 OS. The new Android security patch fixes as many as 38 security vulnerabilities in various of Android’s core components such as Android Framework, Android Library, Media framework, Android System, Kernel components, and Android components. Therefore, users are advised to install the Android Security Patch for November 2019 on their devices as soon as possible.

    One of the critical issues addressed by the latest security patch is a flaw that could allow a locally installed malicious app to bypass user permissions to gain access to additional app permissions. This vulnerability could allow a remote hacker to execute arbitrary code using a specifically crafted file, allowing the hacker to gain access to additional permissions.

    “The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device,” explains the security bulletin.

    Google also released the Pixel Update for November 2019, which addresses as many as 21 vulnerabilities in the Linux Kernel components, Qualcomm components, LG components, and Android framework specific to Pixel devices. Besides, the latest update brings functional patches to offer various improvements to supported Pixel handsets. These include Smooth Display and Camera quality improvements for the Pixel 4 and Pixel 4 XL.

    Besides, there’s additional support for Xbox Bluetooth controller mapping on Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, and Pixel 4 XL. Elsewhere, the latest patch brings improvements for bottom speaker audio quality on Pixel 3, along with improvements for Google Assistant keyword on Pixel 2, Pixel 2 XL, Pixel 3, and Pixel 3 XL.

  • League of Legends Wild Rift to launch on iOS and Android in 2020

    League of Legends Wild Rift to launch on iOS and Android in 2020

    Rumors about ‘League of Legends’ making its way to smartphones initially surfaced in May. Now, Riot Games has officially confirmed that League of Legends: Wild Rift will launch on iOS and Android in 2020. The company gave the official confirmation during a bunch of announcements posted on YouTube to celebrate the game’s 10th anniversary.

    According to Riot Games, the mobile version of League of Legends is inspired by the wildly popular original MOBA title, which was released on the PC ten years ago. It’ll be built from scratch and will feature a similar five-on-five gameplay that made the original title so popular. However, the company adds that individual matches are much shorter at around 15-20 minutes. Besides, there’s a twin-stick control scheme which Riot says will allow for faster responses during battles.

    “Wild Rift is not a port of LoL on PC.It is a new game built from scratch to ensure it is a polished, legitimate LoL experience that’s worth players’ time,” the company said.

    Apart from these changes, the mobile version of the game will remain largely similar. It’ll have the same 5v5 maps alongside a huge character roster.

    Launched nearly ten years ago, League of Legends is still one of the most popular PC game in the world. However, sources indicate that compared to 2017, the game’s revenue dipped by 21 percent last year. Therefore, it appears Riot Games wants to cash in on the growing popularity of mobile games. Games like Fortnite and PUBG have enjoyed massive success on both iOS and Android, hence it’s not surprising that Riot Games is looking to jump onto the mobile platform.

    Riot plans to launch the mobile version of League of Legends across the globe by the end of 2020. Not to mention, the game is slated for a debut on consoles next year.

    Are you excited about League of Legends coming to iOS, Android, and consoles? Let us know in the comments below.

  • Android Q renamed Android 10, Google ditches dessert names

    Android Q renamed Android 10, Google ditches dessert names

    Until now, Google has named its Android operating system after treats or desserts in alphabetical order. After their alpha and beta versions, the company released Android Cupcake, Donut, Eclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jellybean, KitKat, Lollipop, Marshmallow, Nougat, Oreo, and Pie.

    That said, that’ll change with the forthcoming release of Android. As after nearly ten years, Google has decided to ditched dessert-themed names for its Android operating system. The company’s next version, earlier known as Android Q, has been renamed Android 10. The move comes as Google believes that switching from dessert names to numbers won’t be confusing for global users, as numbers as easier to understand and remember.

    “We are changing the way we name our releases. Our engineering team has always used internal code names for each version, based on tasty treats, or desserts, in alphabetical order. This naming tradition has become a fun part of the release each year externally, too. But we’ve heard feedback over the years that the names weren’t always understood by everyone in the global community.” said Google in a blog post.

    The company also added that the change comes after feedback over several years. According to Google, some alphabets such as L and R aren’t easily distinguishable when spoken aloud in certain languages.

    “As a global operating system, it’s important that these names are clear and relatable for everyone in the world,” further added Google.

    Apart from the name, the Android logo also got a slight refresh. The green Android mascot now only shows the head instead of the full body. Besides, the Android name, which was earlier in green, is now in black. It’s only a slight tweak, and still, very much easily recognizable, something users might not even notice.

    Currently, in beta, Google is expected to release Android 10 in Q3 2019, most probably by the end of August.

  • Huawei announces Harmony OS after US ban

    Huawei announces Harmony OS after US ban

    Huawei has finally announced Harmony OS, the official Android replacement following its ban in the United States. The new OS is supposed to run on all of Huawei’s consumer gadgets and smartphones. The move comes following a trade war between the US and China.

    To recall, the United States government blacklisted Huawei in mid-May. Back then, the President of the United States signed an executive order in which the Chinese brand was banned to do any business with American firms. This restricted Huawei to use American products like Android and Windows, which means that its new consumer gadgets would have remained without an operating system to run them.

    The main issue with Huawei has been about its close ties with the Chinese government. Now, this triggered fears in the US that its equipment could be used to spy on other nations and companies, which banned companies from using Huawei networking equipment in 2012. Following this, Huawei was added to the US Department of Commerce’s Bureau of Industry and Security Entity List in May after an executive order from President Donald Trump, effectively banning Huawei from United States communications networks.

    Huawei then started working on an internal operating system to replace Android on its own devices. Sources indicate that Huawei has been working on the new Harmony OS for quite sometime now, and recent developments forced Huawei to accelerate its development. The Chinese brand finally announced the OS during the Huawei developers conference.

    Just like Android, Huawei’s new Harmony OS uses micro-kernel, implying that kernel is developed using only the necessary drivers. This would allow Huawei to deploy the OS swiftly on multiple devices. The Chinese brand also added that Harmony OS is faster than Android because the connections between the phone’s hardware and several parts of the OS is made through a single layer. Besides, the company also plans to make Harmony an open-source OS in the near future, which would allow developers to create apps easily for this OS.

  • Google gets rid of 85 malicious apps from the Play Store

    Google gets rid of 85 malicious apps from the Play Store

    Google has removed 85 dangerous apps from the PlayStore, after security experts found such apps to contain adware. According to researchers at TrendMicro, these apps were available on the Play Store as games, TV, and remote control simulator apps.

    “This adware is capable of displaying full-screen ads, hiding itself, monitoring a device’s screen unlocking functionality, and running in the mobile device’s background,” explained the researchers at Trend Micro in the blog.

    The report further notes that these malicious apps have witnessed over nine million downloads on the Android PlayStore. One of these apps, called ‘Easy Universal TV Remote’, was the most downloaded among the 85 malicious apps, with over 5 million downloads.

    It’s also worth noting that these apps showed and shared the same source code, despite coming from different developers and different APK certificates. Once installed, as soon as the user launched these apps, a full-screen pop-up would appear asking users to perpetually press several buttons to continue.

    Every button press would then open a new ad page, and this kept on happening until the app finally crashed. That said, they would still run in the background and suddenly show up after every hour or so on the device. For more information, click on the source link below.

    Well, this isn’t the first time Google has removed malcious apps from the PlayStore. In November 2018, Google removed 13 malware-infested apps from the PlayStore. Back then, popular malware researcher researcher, Lukas Stefanko, found 13 malicious apps on the Play Store, which tricked users to install malware on their handsets.

    Besides, Stefanko also found 29 other malicious apps on the PlayStore between August until early October 2018 in the Google Play store, which also masked themselves as authentic banking apps and used phishing forms to collect a user’s personal banking information.

  • WhatsApp working on fingerprint authentication feature for Android

    WhatsApp working on fingerprint authentication feature for Android

    Facebook-owned instant messaging app WhatsApp is reportedly working on a fingerprint authentication feature for chats on Android. The feature is essentially designed to protect users’ chats from being seen by others. Once the authentication is enabled, users will be required to use their fingerprint to access chats.

    “After working to implement Face ID and Touch ID features on iOS (that aren’t available yet for development reasons), WhatsApp has finally started to work on the Authentication feature on Android, using your Fingerprint!” said a report by WABetaInfo.

    Once the fingerprint feature is activated, your chats will be completely secure from others. The fingerprint authentication feature on WhatsApp can be found under Settings>Account>Privacy.

    whatsapp
    Image Source: WABetaInfo

    “The user will need to authenticate his identity in order to open WhatsApp (from the app icon, from the notification or from external pickers). It will protect the entire app, so it’s not used to lock specific conversations,” further added the report.

    The feature is expected to arrive for both Android and iOS users in the near future. In other related news, WhatsApp has also started working on several new features for iOS. Sources indicate that the update would allow users to add stickers in images. Besides, the upcoming update should allow iPhone users to edit a sent image by adding a drawing or emoji.

  • Facebook tracks Android users who don’t even use the app: Report

    Facebook tracks Android users who don’t even use the app: Report

    Lately, Facebook has received a lot of criticism over user privacy and trust. Come 2019, and the social networking giant has been found to routinely track Android users even if they don’t use the app. According to a study by UK-based charity Privacy International, Facebook tracks users, non-users, and even logged out users. The study further found that after Google, the social network giant is the second most prevalent thrid-party tracking app.

    “Data from different apps can paint a fine-grained and intimate picture of people’s activities, interests, behaviors and routines, some of which can reveal special category data, including information about people’s health or religion,” the report said.

    Privacy International has unearthed a total of 34 Android apps with 10 to 500 million installs. These include apps such as TripAdvisor and Duolingo. The research suggests that app developers share data with the network via Facebook Software Development Kit (SDK). As many as 61 percent of the apps that Privacy International tested automatically transfer data to Facebook as soon as a user opens the app.

    “At least 61 percent of the tested apps automatically transfer data to Facebook the moment a user opens the app. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not,” explained the study.

    Facebook says it’s OK to share user data

    In response, the network told Privacy Interntaional that sharing data is a common partice for most companies, as it turns out to be useful for both users as well as comapnies.

    “This information is important for helping developers understand how to improve their apps and for helping people receive relevant advertising in a privacy-protective way. We do this in a transparent manner by explaining the practice through our Data Policy and Cookies Policy, and by using Google’s advertising identifier, which can be controlled centrally by people using their device settings,” the social networking giant told Independent.

    As already mentioned, Facebook has been embroiled in several controversies off late. Last year, it was critcised for harvesting personal data which resulted in election interference. A survey conducted by also Uber found that users trusted Facebook the least with their personal information, followed by Twitter and Amazon.

  • Google releases Android November security patch

    Google releases Android November security patch

    Google rolls out the November security update for Pixel, Nexus, and Essential devices. The latest Android security patch arrives with fixes for 17 security vulnerabilities.

    However, Android’s November Security patch includes bugs and fixes specifically aimed at Pixel devices. According to Google, the new patch is likely to improve notification stability and picture-in-picture performance on Pixel 2 and Pixel 3 devices.

    In addition, this update also brings the Pixel launcher button, which allows Pixel 2 and Pixel 2 XL users to launch Assistant much faster. Users can now squeeze Active Edge and easily trigger Google Assistant on their Pixel 2 handsets.

    Users are also reminded that the new update does not resolve memory management issues with the Google Pixel 3. An issue which causes background apps to spontaneously close. However, Google is aware of the issue and a fix for the same is expected to roll out in the coming weeks.

    It’s also worth noting that Google’s November Security patch will possibly be the last update rolling out to Pixel C, Nexus 6P, and Nexus 5X smartphones. As Google usually has a two year firmware upgrade cycle after a device is released. With that being said, it shouldn’t be a cause for concern thanks to dedicated developer communities who build ROMs that bring the latest security patches and Android features to most of Google’s older devices.