By impersonating brands and fooling consumers, malicious mobile apps are on the increase, according to digital threat management leader RiskIQ in its latest Q3 mobile threat landscape report.
Apps available outside of official stores are most likely to be malicious. Google’s percentage of malicious apps decreased to a low of four percent in Q3 after reaching a high of eight percent in Q2. However, one of the most prolific creators of malicious apps worked exclusively in the Play store.
Researchers from security firm GuardSquare have discovered an Android vulnerability that allows for app code to be edited without affecting the apps' signature. Dubbed Janus, the vulnerability has massive potential for malicious use, and affects Android 5.0 onwards.
The security hole would allow an attacker to tweak an entirely legitimate app to behave maliciously without triggering any security alerts. Although vulnerability CVE-2017-13156 has been patched in December's Android update, very few people will have access to this security fix.
Third-party Android and iOS keyboard ai-type is at the center of something of a privacy nightmare after a misconfigured database leaked the personal details of more than 31 million of its users.
Researchers at Kromtech Security Center discovered an unprotected database had been exposed by developers, revealing incredibly detailed information about its users. The database was found to be freely available for anyone to download, with no password required to access a treasure trove of information.
A market cap of over $350 billion, daily volumes in excess of $10 billion, fast rising prices, a growing number of investors and little to no regulation all combine to make the cryptocurrency space a prime target for hackers. What's more, security is not exactly a main priority for many investors and exchanges, as numerous thefts go to show.
Making things even more complicated is the fact that lots of cryptocurrency apps, that let investors and trader store coins, have dangerous vulnerabilities that hackers can exploit to steal users' funds.
When an app goes silent for more than a year, it's reasonable to assume that it has been killed off -- but that's not the case with VLC. The Android version of the popular media player has been updated to version 2.5 after getting stuck at 2.0 for 13 months.
Work has been going on for VLC 3.0, but you would have been forgiven for thinking that the app had just been forgotten about. With the launch of VLC 2.5 there are a number of new features to enjoy including a new dynamic UI, a night mode, and picture-in-picture support for Oreo users.
Both browsers are targeted at Windows users who have Edge as their default -- the primary purpose of both is to allow users to sync settings and content between desktop and mobile, following a similar path trodden by the likes of Chrome and Firefox.
As we approach the start of a new year, the inevitable "best of" lists are starting to crop up. Never one to miss a trick, Google has released its own top five lists for 2017.
The lists cover the US, and there are a few obvious names taking the top spots -- Super Mario Run is unsurprisingly shown to be the most popular game, while Rogue One: A Star Wars Story and It make appearance high in the movie and book charts respectively. But in addition to the top five new apps, new games, streamed songs, movies, TV shows and books, Google has broken things down even further.
It is near impossible to avoid ads these days, but Google has just introduced a new policy that makes at least one area of your smartphone a safe haven.
The new policy means that most apps will no longer be permitted to display ads on the lockscreen. But while this is something that will please Android users, it's not something that the company has really trumpeted.
For many people -- particularly in certain parts of the world -- mobile data is an expensive commodity. If you're someone who likes to keep an eye on exactly what's using up all of your allowance -- and take control of it -- Google's new Android app, Datally, can help.
Datally has been designed to not only reveal which apps are using up data, but to provide a way to rein it in. Formerly known as Triangle whilst in beta, the app lets you block background data usage on a per-app basis, and makes it much easier to access data-related settings.
Microsoft has just given mobile users a more compelling reason to use Edge as their web browser -- and heaven knows one was needed. The latest update to the mobile browser brings a genuinely useful feature: password syncing.
The announcement that Edge was coming to Android and iOS came somewhat out of the blue, and now it seems that Microsoft is intent on making it a real contender for the mobile browsing crown. Password syncing is the headline addition to the browser, but it's not the only thing that's new.
A joint research project between Yale University's Privacy Lab and French non-profit Exodus Privacy has uncovered widescale tracking in a large number of Android apps. The likes of Tinder, Spotify, Uber, Twitter and Snapchat -- as well as masses of lesser-known apps -- were found to be riddled with snooping components relating to no less than 25 well-known trackers.
In all, around three quarters of apps were found to gather personal information about users via a variety of third-party tracking techniques. Researchers have published their findings online so Android users can check if their favorite apps are snooping on them.
The OnePlus 5T may have just rolled out, but the Chinese smartphone maker has not forgotten its older handsets. Having rolled out a beta version of Android Oreo to the OnePlus 3 and 3T, now the OnePlus 5 is getting the same treatment.
Making good on the promise it made at the launch of the OnePlus 5T, the company has launch the first OxygenOS Oreo open beta for the OnePlus 5. It is available for anyone to download and install, and the full, stable release of Oreo is due early next year.
For those concerned about their privacy, location services is just one more setting to disable on their phone. But Google has now revealed that it is not only able to, but actually does track the location of Android users even if location services are disabled.
More than this, Google records the addresses of nearby cell towers -- thereby giving a very good idea of location -- even when there is no SIM card in a phone and no apps are used. This data has been collected since the beginning of the year.
MediaProjection vulnerability leaves 77 percent of Android phones open to screen and audio recording attacks
More than three quarters of Android phones are vulnerable to screen and audio recording by attackers. By exploiting the MediaProjection service, an attacker can easily trick a user into granting the relevant rights to a malicious app.
Although the vulnerability has been fixed in Android 8 Oreo, users running Lollipop, Marshmallow or Nougat remain at risk. MediaProjection is -- by design -- able to capture screen activity and audio, and it does have legitimate uses, but by using a technique known as tap-jacking permission can be given for it to be used for more nefarious things.
Adblock Plus is using the disappearance of the popular Android app UC Browser from Google Play to promote its own mobile web browser.
An open letter to people looking for the currently-unavailable UC Browser calls on mobile web users to give Adblock Browser a try. The privacy-focused browser includes, obviously, an adblocker and, as Adblock Plus cheekily points out, "we haven't been kicked out of the store."