SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#Android
11 Dec 2017

Android flaw allows attackers to poison signed apps with malicious code

Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate.

The technique allows an attacker to circumvent device anti-malware protection and escalate privileges on targeted device with a signed app that appears to be from a trusted publisher, according to researchers. The vulnerability, dubbed Janus, was discovered earlier this summer by Eric Lafortune, CTO of GuardSquare. He reported the bug to Google in July.

Read more
Tags:
Android information leaks
Source:
Threatpost
1564
6 Dec 2017

ParseDroid vulnerabilities could affect all Android developers

Checkpoint researchers discovered several vulnerabilities in Android application developer tools that put any organization that does Java/Android development at risk of an outsider gaining access to their system.

The vulnerability affects cross-platform users that use Android Studio, IntelliJ, Eclipse and APKTool and the most common Android Integrated Development Environment (IDES), according to the ParseDroid – Targeting The Android Development & Research Community report. Researchers said the attacks could be used to target any Android developer in any organization and that there are a lot of open source tools that are using APKTool. 

Read more
Tags:
Android information leaks
Source:
SCMagazine
1428
6 Dec 2017

Android keyboard app leaks personal data of 31 million users

Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app's developer failed to secure the database's server. The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world.

But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data. The database appears to only contain records on the app's Android users. The discovery was found by security researchers at the Kromtech Security Center, which posted details of the exposure. 

Read more
Tags:
Android information leaks
Source:
CNet
1524
27 Nov 2017

Staggering variety of clandestine trackers found in popular Android apps

Researchers at YALE Privacy Lab and French nonprofit Exodus Privacy have documented the proliferation of tracking software on smartphones, finding that weather, flashlight, rideshare, and dating apps, among others, are infested with dozens of different types of trackers collecting vast amounts of information to better target advertising.

Exodus security researchers identified 44 trackers in more than 300 apps for Google’s Android smartphone operating system. The apps have been downloaded billions of times. Yale Privacy Lab is working to replicate the Exodus findings and has already released reports on 25 of the trackers. 

Read more
Tags:
Android surveillance
Source:
The Intercept
1667
22 Nov 2017

Google is receiving Android users’ locations even location services are off

This is bad. Google actively receives location data from Android users even when location services have been switched off. Starting from early 2017, Android phones have been gathering addresses of nearby cellular towers and sending this data back to Google. The most troubling part is that this has been going on even when users have disabled location services.

According to the publication, Android handsets collected location data pretty much all the time and subsequently relayed all stored information back to Google once connected to the internet. Quarts claims that all modern Android phones are affected by this vulnerability. 

Read more
Tags:
Google Android Wi-Fi surveillance
Source:
The Next Web
1783
6 Nov 2017

More than 1 million people downloaded a fake WhatsApp Android app

More than one million people were tricked into downloading a fake Android app that was pretending to be WhatsApp. The app was called "Update WhatsApp" and is still on the Play Store, although the developer has now changed its name to "Dual Whatsweb Update" and switched the icon, which doesn't look like the WhatsApp icon anymore.

But before its facelift, the app mimicked WhatsApp in a clear attempt to trick users into downloading it thinking they were downloading an update for the popular messaging app, according to users who reviewed the app on the Play Store, and users on Reddit, who flagged the malicious app. 

Read more
Tags:
WhatsApp Android fraud
Source:
Motherboard
2961
31 Oct 2017

A surge of sites and apps are exhausting your CPU to mine cryptocurrency

The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites.

The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency.

Read more
Tags:
information leaks Android fraud
Source:
Ars Technica
1873
24 Oct 2017

Hackers made over $1.5m with new Android banking malware that turns into ransomware

A new Android banking malware dubbed LokiBot comes with some ransomware capabilities and is being sold on the dark web for $2,000 worth of Bitcoins. Although LokiBot functions primarily as a banking Trojan, it can turn into a ransomware if attempts are made to disable the malware's admin rights or when victims try to remove it.

Once the ransomware feature is activated, LokiBot encrypts all of the victims' data. The malware is also capable of stealing victims' contacts, reading and sending SMS messages and locking out users from accessing their phones. LokiBot's main attack vector involves phishing overlays on numerous banking apps. 

Read more
Tags:
hackers Android trojan
Source:
IBTimes
1941
23 Oct 2017

Google offers bug bounty to clean up mobile apps

Google is offering security experts a bounty to identify Android app flaws as the Alphabet Inc unit seeks to wipe out bugs from its Google Play store.

Each flaw will score at least $1,000 under the program announced on Thursday to back up automated checks that have failed to block malware and other problems that security experts say infect the 8-year-old app store far more than Apple Inc’s rival App Store. Google will partner with HackerOne, a bug bounty program management website, to target a list of apps and flaws such as those that allow a hacker to redirect a user to a phishing website or infect a gadget with a virus. 

Read more
Tags:
Google data protection Google Play hackers Android
Source:
Reuters
2049
19 Oct 2017

Google Play apps with as many as 2.6m downloads added devices to botnet

Google has booted eight Android apps from its Play marketplace, even though the apps have been downloaded as many as 2.6 million times. The industry giant took action after researchers found that the apps add devices to a botnet and can perform denial-of-service attacks or other malicious actions.

The stated purpose of the apps is to provide a skin that can modify the look of characters in the popular Minecraft: Pocket Edition game. Under the hood, the apps contain highly camouflaged malware known as Android.Sockbot, which connects infected devices to developer-controlled servers. 

Read more
Tags:
Google Play Android information leaks
Source:
Ars Technica
1656
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2 3 4 5 . . 25
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015