Mozilla's new Android browser blocks ads and trackers

Mozilla has extended and improved its Firefox Focus browser, heretofore an Ios product, bringing it to Android, with auto-blocking of trackers and ads and making it easy to erase your browser history. Read the rest

Netflix app will no longer run on rooted Android devices

Netflix has become one of the main forces for DRM in the world, a driver behind the W3C's dangerous, web-scale DRM project, and now they've announced that their app will no longer run on rooted/bootloader unlocked Android devices, because these devices can run code that overrides Google Widevine DRM (Widevine doesn't work well under the best of circumstances, and it harbored unpatched, showstopper bugs since its very inception). Read the rest

235 apps attempt to secretly track users with ultrasonic audio

Ultrasonic beacons (previously, previously) let advertisers build an idea of when and where you use your devices: the sound plays in an ad on one device, and is heard by other devices. This way, they can associate two gadgets with a single user, precisely geolocate devices without aGPS, or even build graphs of real-world social networks. The threat was considered more academic than some, but more than 200 Android apps were found in the wild using the technique.

In research sponsored by the German government [PDF], a team of researchers conducted extensive tests across the EU to better understand how widespread this practice is in the real world.

Their results revealed Shopkick ultrasonic beacons at 4 of 35 stores in two European cities. The situation isn't that worrisome, as users have to open an app with the Shopkick SDK for the beacon to be picked up.

In the real world, this isn't an issue, as store owners, advertisers, or product manufactures could incentivize users to open various apps as a way to get discounts.

From the paper:

While in April 2015 only six instances were known, we have been able to identify 39 further instances in a dataset of about 1,3 million applications in December 2015, and until now, a total of 234 samples containing SilverPush has been discovered. We conclude that even if the tracking through TV content is not actively used yet, the monitoring functionality is already deployed in mobile applications and might become a serious privacy threat in the near future

Apparently it's not very effective—consumer speakers and mics aren't designed with ultrasonic use in mind and the authors say noise, audio compression and other factors "significantly affects the feasibility" of the technology—but the intent is clearly there on the part of advertisers and appmakers to make a stab at it. Read the rest

Even by North Korean standards, the DPRK's Ullim tablet is creepily surveillant

The Ullim Tablet is the latest mobile device from North Korea to be subjected to independent analysis, and it takes the surveilling, creepy nature of the country's notoriously surveillant Android devices to new heights of badness. Read the rest

Poisoned wifi signals can take over all Android devices in range, no user intervention required

Vulnerabilities in the Broadcom system-on-a-chip that provides wifi for many Android devices mean that simply lighting up a malicious wifi access point can allow an attacker to compromise every vulnerable device in range, without the users having to take any action -- they don't have to try to connect to the malicious network. Read the rest

Verizon mandates pre-installed spyware for all its Android customers

"Appflash" will come pre-installed on all Verizon Android handsets; it's a Google search-bar replacement, but instead of feeding telemetry about your searches, handset, apps and activities to Google, it will send them to Verizon. Read the rest

What it's like to be spied on by Android stalkerware marketed to suspicious spouses

For $170, Motherboard's Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target's phone (the software's manufacturer sells passcode-defeating apps that help you do this); once it's loaded, you activate it with an SMS and then you can covertly operate the phone's mic, steal its photos, and track its location. Read the rest

Bad Android security makes it easy to break into and steal millions of "smart" cars

Securelist's report on the security vulnerabilities in Android-based "connected cars" describes how custom Android apps could be used to find out where the car is, follow it around, unlock its doors, start its engine, and drive it away. Read the rest

Meitu's anime makeover app is a permission-grabbing privacy disaster

Meitu is one of Google Play's "Sand Hill" apps, part of the company's accelerator for apps with "viral potential" -- take a pic of yourself and Meitu will make you over to look like an anime character, and all they ask in return is every salient fact about you that can be gleaned from your mobile device. Read the rest

Company announces phone based on crowdsourced feature requests: eye-tracking and a sticky case

Last August, ZTE used Kickstarter to poll internet users for their wish-lists for an Android handset, and now they're taking pre-orders for Hawkeye, a $200 phone whose interface is controlled by gaze-tracking using the front-facing camera, and whose case will allow users to stick the phone to various surfaces for easy use. Read the rest

Here's a TV set turned into a useless brick by Android malware

Darren Cauthon, annoyed at LG's refusal to fix a family member's broken TV, went public with the problem.

Read the rest

Barnes & Noble's releasing a $50 Android tablet that does all the things Amazon won't let Kindles do

Chris Meadows writes, "Barnes & Noble is coming out with a $50 Nook Android tablet, with hardware specs similar to Amazon's $50 Fire. The kicker is, this new Nook tablet will run plain-vanilla Android 6.0 Marshmallow and include the full suite of Google Play apps--unlike the Fire, which only permits installation of those apps Amazon deems suitable. Will this be enough to rescue the ailing Nook brand?" Read the rest

Your user data is secretly sent to China through a backdoor on some U.S. Android phones

Included for free with some Android phones: “a backdoor that sends all your text messages to China every 72 hours.”

Read the rest

Every Android device potentially vulnerable to "most serious" Linux escalation attack, ever

The Dirty Cow vulnerability dates back to code included in the Linux kernel in 2007, and it can be trivially weaponized into an easy-to-run exploit that allows user-space programs to execute as root, meaning that attackers can take over the entire device by getting their targets to run apps without administrator privileges. Read the rest

Xiaomi phones are pre-backdoored; your apps can be silently overwritten

Thijs Broenink audited the AnalyticsCore.apk app that ships pre-installed on all Xiaomi phones (Xiaomi has their own Android fork with a different set of preinstalled apps) and discovered that the app, which seemingly serves no useful purpose, allows the manufacturer to silently install other code on your phone, with unlimited privileges and access. Read the rest

Hotel's Android-based lightswitches are predictably, horribly insecure

Matthew Garrett checked into a London hotel and discovered that the proprietors had decided that "light switches are unfashionable and replaced them with a series of Android tablets." Read the rest

Ultra thin BLU Vivo Air unlocked Android phone on sale for $100

The BLU Vivo Air, a GSM 4G phone, has just 16GB of internal storage (with no microSD expansion), but at $100, this unlocked 0.2-inch thick phone with a 4.8-inch display is a great deal. A newer LTE version is available for $144. Read the rest

More posts