Category Archives: Android

The dangers of jailbreaking or rooting devices

Jailbreaking, rooting and unlocking are the processes of gaining unauthorized access or elevated privileges on a system. The terms are different between operating systems, and the differences in terminology reflect the differences in security models used by the operating systems vendors.

Here are just some of the dangers that you’re exposing your device to when rooting/jailbreaking it:

General risks:

  1. Some jailbreaking methods leave SSH enabled with a well-known default password (e.g., alpine) that attackers can use for Command & Control;
  2. The entire file system of a jailbroken device is vulnerable to a malicious user inserting or extracting files. This vulnerability is exploited by many malware programs, including Droid Kung Fu, Droid Dream and Ikee. These attacks may also affect unlocked Windows Phone devices, depending on the achieved unlocking level;
  3. Credentials to sensitive applications, such as banking or corporate applications, can be stolen using keylogging, sniffing or other malicious software and then transmitted via the internet connection.

iOS

  1. Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data contained in other apps or install malicious software negating sandboxing functionality;
  2. Jailbroken devices can allow a user to install and run self-signed applications. Since the apps do not go through the App Store, Apple does not review them. These apps may contain vulnerable or malicious code that can be used to exploit a device.

Android

  1. Android users that change the permissions on their device to grant root access to applications increase security exposure to malicious applications and potential application flaws;
  2. 3rd party Android application markets have been identified as hosting malicious applications with remote administrative (RAT) capabilities.

Android backdoor is secretly sending user data and texts to China, and no one knows why

androidsurveillanc.jpg

By Conner Forrest

A new backdoor that was recently discovered in budget Android devices is sending user location data, text message, and call logs to a server in China every 72 hours, and no one seems to know the reason why. First reported on by the New York Times on Tuesday, the backdoor was discovered by Security firm Kryptowire.

According to the New York Times report, the backdoor comes in the form of pre-installed monitoring software that collects the above-mentioned information. The Times said that American authorities are unsure if the data is being collected for advertising purposes, or if it is and actual governmental effort at surveillance.

One of the most interesting aspects of this backdoor is that it is an intentional piece of the software on these devices. That, as noted by The Verge, makes it a feature of the device and not an exploited vulnerability.

The software was developed by a Chinese company called Shanghai Adups Technology Company, which claims the code is active on more than 700 million Android devices. According to the Times, it predominantly affects international users and those who use prepaid Android devices, but the total impact of the backdoor isn’t fully known. However, the Times did note that American Android manufacturer, BLU Products, had 120,000 of its phones affected.
According to documents provided to BLU by Shanghai Adups Technology Company, the code was originally written for another Chinese company, to help them monitor phones, the Times reported. Additionally, Shanghai Adups Technology Company’s website claims they work with smartphone manufacturers ZTE and Huawei.

However, a Huawei spokesperson said: “Huawei takes our customers’ privacy and security very seriously, and we work diligently to safeguard that privacy and security. The company mentioned in this report is not on our list of approved suppliers, and we have never conducted any form of business with them.”

Additionally, an official statement from ZTE USA read: “We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not. ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected.”

A Google official told the New York Times that it had asked Shanghai Adups Technology Company to remove the software from devices running the Google Play Store. Also, Kryptowire has taken its findings to the US government.

The discovery comes at a turbulent time for Android, as recent malware discoveries claimed to put millions of devices at risk of dealing with fake advertising and other issues. The news also adds more fuel to the conversation around backdoors in smartphones, sparked by Apple’s battle with the FBI over privacy concerns earlier this year.

The 3 big takeaways for readers:
A backdoor on some Android devices is sending call logs, location data, and full text messages to a Chinese server, as reported by the New York Times.
The backdoor appears to be a feature and not an exploit, as the code was intentionally added to the operating system for the purpose of gathering information, the Times reported.
The discovery of this backdoor could reopen the conversation around smartphone privacy started by Apple and the FBI in early 2016.

Source

15 best antivirus Android apps and anti-malware Android apps


Antivirus Android apps remain one of the most popular types of applications on Android. Whether or not these apps are needed is a subject that has been debated ad nauseum. Generally, you don’t need one if you play it safe, only download apps from the Play Store, and keep your security settings enabled. However, there are those who like to take a walk on the wild side and not do those things. In any case, here are the best antivirus apps and anti-malware apps for Android.


VPN Express

Before you start thinking about antivirus software, the first line of defence in Android security is a solid VPN. One that users

256-bit encryptiondoesn’t keep logs and offers 24-hour Live Chat support.We recommendExpressVPN for Android. It’s $8.32 per month but you canget your money back within 30 days if you’re not completely satisfied.


360 Security best antivirus apps and anti-malware apps360 Security – Antivirus Boost

[Price: Free]
360 Security is one of the most popular and highly rated antivirus Android apps available right now with over 100 million downloads and 10 million ratings resulting in a 4.6 overall rating. That’s pretty good. This antivirus and anti-malware app comes with a ton of features, including the ability to scan your device files for malware, scan your apps and games, enable real-time protection, and even comes with an anti-theft feature. You can also use the app’s built in cleaner and booster service if you want, but the validity of those types of features aren’t particularly substantiated. Perhaps the most useful feature for this one is an app lock that lets you password protect any app on your device which is great for keeping nosy people away. The best part? It’s completely and totally free.


androhelm best antivirus Android apps and anti-malware Android appsAndroHelm Mobile Security

[Price: Free / $2.59/month / $23.17 per year / $99.65 or $119.85 for lifetime licenses]
AndroHelm’s Mobile Security app is a lesser known option that can still provide a bunch of benefits. The main functionality focuses solely on security with features that include real-time protection from malware and spyware. It also does scanning apps upon installation, frequent updates of the antivirus database, quarantine mode, app backups, virus protection, and a lot more. One of the more useful features include a set of functions that let you remotely block your device and delete stuff. The pricing structure is a bit complicated and the design could use an overhaul, but the functionality is solid and the app should work pretty well.
You can find all of AndroHelm Mobile Security’s pricing options by clicking here.

antivirus Android mobile security


Avira best antivirus apps and anti-malware appsAvira Antivirus Security

[Price: Free / $11.99 per year]
Avira Antivirus Security one of the relatively newer and lesser known antivirus apps but it’s quickly growing into one that people really seem to like. It comes with the basic stuff like device scanning, real-time protection, and even the ability to scan the external SD. It also includes modern features, like a Stagefright Advisor to help you work around that particular vulnerability. There is also some anti-theft feature, privacy features, blacklisting features, and device admin features. It’s a heavier antivirus app, but it doesn’t necessarily feel that way all the time. It’s worth a shot if for no other reason than to check out the Stagefright Adviser!


antivirus Android trustgoAntivirus and Mobile Security by TrustGo

[Price: Free]
Antivirus and Mobile Security by TrustGo is an app with a philosophy. The developers have talked about how they built the app from the ground up for mobile protection against mobile threats and this app does that. It has the basic features such as device scanning to look for existing threats, real-time protection, and a privacy guard that helps show you what apps are using which permissions (which, admittedly, won’t be nearly as awesome after Android 6.0). It does include secondary features such as a system manager, find-my-phone functionality, and data backup if you need it. It’s not quite as heavy as some of these competitors, but it is by no means a lightweight. It’s also 100% free to use. That makes it one of the really good antivirus apps for Android.

trustgo best antivirus and antimalware apps for android



Avast best antivirus apps and anti-malware appsAVAST Mobile Security

[Price: Free / $1.99/month / $14.99/year]
AVAST Mobile Security comes from Avast, a name that many people recognize from the antivirus market on PC. Avast on Android is just as well-known and trusted with over 100 million installs and just shy of four million reviews with a 4.5 overall rating in Google Play. The features include the usual device scanning, app scanning, and real-time protection but also includes consistent antivirus database updates, anti-theft features, and the ability to remote lock your device in case you lose it. AVAST is definitely one of the heavier antivirus Android apps that we’ve found and it comes with a metric ton of features that creates a pretty sturdy experience. If you go pro, you’ll get even more features including remote data recovery, remote SMS, geo-fencing, ad detection, and app locking. It’s one of the heavier antivirus apps. That makes it not a great option for those who need something light.


AVG antivirus androidAVG AntiVirus Security

[Price: Free / $3.99/month / $14.99/year]
AVG Antivirus Security is another antivirus Android app that many people know about from the PC antivirus space. As such, it has over 100 million downloads to date and a respectable 4.4 rating in the Play Store. AVG is a bit lighter of an option compared to other name-brand options and includes real-time protection, device scanning, and consistent antivirus database updates. On top of that, there is a task killer (which, admittedly, is pointless), anti-theft features, remote device data wiping, and you can monitor things like battery, storage, and data usage. The interface on this one is actually pretty good comparatively speaking and the paid subscribers can also get app locking, call and message blocking, and more.

Antivirus android security free by AVG


bitdefender antivirus androidBitdefender Antivirus Free

[Price: Free]
Bitdefender Antivirus Free is perhaps the lightest, most unobtrusive option on this list. It has exactly two features which is to scan and clean your device and then it offers real-time antivirus protection on top of that. The real-time protection scans apps as they are installed. It also keeps an eye on what apps are doing. The scanning is simple and only takes a few moments to get everything done. This is technically an offshoot of Bitdefender’s much larger antivirus suite, but we found that we loved that there is an option that requires zero configuration and runs as light as this one does. We prefer the light version of the heavy version but if you want to check out the heavy version, you can find it by clicking here.


CM security antivirus androidCM Security

[Price: Free]
CM Security had some viral success back when it was one of only a few free antivirus apps and was, at the time, the best free option available. It has some competition now, but CM Security is still pretty decent when it comes to antivirus and anti-malware protection as it has been ranked very high on AV-TEST repeatedly for several years now. On top of its antivirus and anti-malware features, CM Security also includes one of the better app locks that we’ve used (it even has fingerprint scanner support now) that not only locks your apps, but takes selfies of people trying to nose around in your business. It’s a lot more lightweight than some of its name brand competitors which is good and it’s completely free for everyone.


Dr Web best antivirus apps and anti-malware apps for androidDr Web Security Space

[Price: Free / $9.90 per year / $18.80 for 2 years / $75 for a lifetime license]
Dr Web’s Mobile Security suite is one that has come a long way since we first put this list three years ago. What started as a simple antivirus app has ballooned into one of the most comprehensive antivirus apps on mobile. It features two kinds of scans along with real time protection. The app also provides real-time protection for your external SD card. It also has anti-spam features, an ton of anti-theft features (including remote lock, custom remote messages, and remote wiping), a cloud checker, and even firewall support. It’s a highly powerful antivirus Android app that doesn’t come with a lot of clutter or bloat.



Eset best antivirus apps and anti-malware apps for androidEset Mobile Security and Antivirus

[Price: Free / $9.99/year]
Eset Mobile Security and Antivirus is from another popular name in the PC antivirus space (Nod32). It boasted an impressive 100% detection rate in 2015 with frequent updates to the antivirus database to try to maintain that in 2016. You’ll also get scanning and real-time protection as is the norm for these types of apps. It also comes with a tablet-specific interface which is rare. The free version is a little basic which is okay if you just need something simple to scan your device and provide protection. Paid subscribers get anti-theft features and more advanced security features if they choose. It’s one of the more trusted antivirus apps out there.


Kaspersky best antivirus apps and anti-malware appsKaspersky Internet Security

[Price: Free / $9.99 per year / $14.95 per year (license for two devices)]
Kaspersky is another very recognizable name in the antivirus space and their antivirus apps is intensely popular. Like others, it has a free version and a paid version with more features. The list of features includes scanning (free) for malware and viruses while the paid version gets real-time protection, anti-phishing, cloud protection, and anti-theft, as well as smaller features like sounding an alarm to help find your lost device. This one is quite heavy so those with older or lower range devices may feel the heat by using the full version of this one.


Lookout best antivirus apps and anti-malware appsLookout

[Price: Free / $2.99/month / $29.99/year]
Lookout is a natural option for many users because this antivirus app comes installed on many Android devices (particularly those on T-Mobile in the United States). Thankfully, the app isn’t half bad and manages to do its job quite well. The free version is a bit more comprehensive than most and includes antivirus, anti-malware, and anti-theft protection although the paid version gives more of all of those things. Paid subscribers also get anti-theft alerts, real-time web browsing protection, a privacy adviser, and some data backup features. It’s not a bad option and it’s even lighter than many other security suites. It’s not great that it’s pre-installed on devices. However, it works well enough to give it a fair shake.


Malwarebytes best antivirus apps and anti-malware apps for androidMalwarebytes Anti-Malware

[Price: Free]
Malwarebytes has an exceptionally good reputation for PC users thanks to its lightweight, no nonsense approach to finding and removing malware. The Android version isn’t much different. It had a bit of a rough start but has since rebounded with a respectable 4.2 rating and five million downloads to date. As we said, this one focuses primarily on antivirus, anti-malware, and anti-spyware so the main features are the device scanning and real-time protection. Otherwise, this is a simple app that manages to get out of the way and not use a ton of system resources. This is especially good for older devices, lower range devices, and for those who don’t want to see any hiccups while running an antivirus app.


McAfee Android antivirusMcAfee Security and Power Booster

[Price: Free / $2.99/month / $29.99/year]
McAfee is arguably one of the most recognizable antivirus apps out there. Thankfully, their app isn’t that bad. There isn’t much of a different between the free and pro versions. It comes down to just a few features. This is a great way to get a lot of protection for free although the paid version can get some pretty decent features as well. It includes features like phone support and backup services. McAfee added a “power booster” into the app which is unfortunate. Ignore that because it’s useless but the protection it offers is actually very good.


Norton Security best antivirus Android apps and anti-malware Android appsNorton Security and Antivirus

[Price: Free / $29.99/year]
Norton Security and Antivirus is from Norton which is another recognizable name in the antivirus apps space. Over the last year or two, Norton has undergone some positive changes. One of them was a more powerful free version of their antivirus app. Make no mistake, this is a “heavy” antivirus app but it seems to run better than it used to. You’ll get antivirus and anti-malware protection out of the box. Along with that, you get remote locking of your device, alarms to find missing devices, and some privacy features as well. The paid version gets far more features, but it’s nice to see Norton listening to constructive criticism.

Source

Do a winter cleaning through your mobile apps

Take a quick glance over your mobile apps, see what you have installed there.

  • Remove any apps you haven’t been using – they are vulnerabilities for your security and privacy.
  • Revoke permissions for apps that require access to sensitive information – why would a flashlight app request access to read your messages, for example?
  • Keep your apps update – this lowers the chances for malware to take advantage of their vulnerabilities.

And remember to never install apps from anywhere else but the official app store. In Android, there’s a setting that also doesn’t allow apps from third parties to be installed.

Untrusted sources

There’s an app for that. But where does it come from?

Never, EVER install apps, on your computer, phone or tablet from untrusted sources.

If a website looks like this, navigate away immediately:

Make sure you have this turned OFF your Android phone or tablet:

 

And never tap “Install” on apps like these on your iPhone/iPad:

Rule of thumb: always use official websites and official app stores to download and install apps. Fake apps can pack malware, adware and other types of infections you do not want on your PC/tablet/phone.

Good News: Android’s Huge Security Problem Is Getting Less Huge

This article is from Wired:
URL:https://www.wired.com/2017/03/good-news-androids-huge-security-problem-getting-less-huge/

Good News: Android’s Huge Security Problem Is Getting Less Huge

Author: Andy Greenberg. Andy Greenberg Security