WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function.
The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs, said the spyware dealer, who was recently briefed on the WhatsApp hack.
NSO’s flagship product is Pegasus, a program that can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data.
NSO advertises its products to Middle Eastern and Western intelligence agencies, and says Pegasus is intended for governments to fight terrorism and crime.
But mostly to spy on people said governments don't particularly like, of course.
Uninstall tracking exploits a core element of Apple Inc.’s and Google’s mobile operating systems: push notifications. Developers have always been able to use so-called silent push notifications to ping installed apps at regular intervals without alerting the user—to refresh an inbox or social media feed while the app is running in the background, for example. But if the app doesn’t ping the developer back, the app is logged as uninstalled, and the uninstall tracking tools add those changes to the file associated with the given mobile device’s unique advertising ID, details that make it easy to identify just who’s holding the phone and advertise the app to them wherever they go.
The tools violate Apple and Google policies against using silent push notifications to build advertising audiences, says Alex Austin, CEO of Branch Metrics Inc., which makes software for developers but chose not to create an uninstall tracker. “It’s just generally sketchy to track people around the internet after they’ve opted out of using your product,” he says, adding that he expects Apple and Google to crack down on the practice soon. Apple and Google didn’t respond to requests for comment.
One of the hardest parts of building for Android is making your app work well on all phones. While device fragmentation often brings forth concerns on design, the bigger struggle will be behind the scenes in managing memory, rendering smooth graphics, and maintaining battery life.
Avast, which makes security software for Windows, Mac, and Android, recently bought 20 used Android handsets on eBay. Then company employees used digital analysis software that's readily available and fairly easy to use to see if there was anything left on the 20 devices from the original owners. It turns out there was. Avast researchers found more than 40,000 photos, 750 emails or text messages, and 250 contacts. The group was also able to deduce the identities of the previous owners of four of the phones.
It's important to note that Avast makes its own reset software, which the company claims does a much better job of completely wiping Android devices. So part of the motivation for this study is presumably to promote Avast's alternative service. Still, the results are pretty startling. Whether they make you want to buy Avast's software or someone else's, this test at least raises awareness of how hard it is to scrub personal data before reselling or donating old devices.
www.theregister.co.uk/2014/07/03/eff_android_wifi_tracking_bug/, posted 2014 by peter in android mobile privacy wifi
Of particular concern are newer Android gadgets, specifically those running Android 3.1 "Honeycomb" or later. That version of the Google OS introduced a feature called Preferred Network Offload (PNO), which has a habit of broadcasting the names of the last 15 Wi-Fi networks a device has joined, even when the screen is off.
The idea is to conserve battery by allowing a phone to connect to known Wi-Fi networks even while in sleep mode, since Wi-Fi uses less power than the mobile data radio. The problem, the EFF says, is that your wireless network history can give a worryingly accurate and thorough picture of your movements.
bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/, posted 2013 by peter in android mobile security toread
The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years – or nearly 900 million devices– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.
Even though Android is mostly Free Software, devices usually come with proprietary software and services that prevent people from using them in an independent and autonomous way. Liberate your Android device: learn how to regain control of your data, with a free operating system and free apps!
www.osnews.com/story/25638/Canonical_brings_Ubuntu_to_Android, posted 2012 by peter in android handheld linux mobile
Yesterday, Ubuntu announced Ubuntu for Android. This new product basically allows you to run the entire Ubuntu Linux distribution on your Android smartphone connected to an external display and keyboard and mouse.
When your Android smartphone is docked and connected to input devices and a screen, the smartphone will run the Unity interface using the peripherals, fully integrating with Android itself. Ubuntu will tap into the phone's address book, email, music and SMS applications, even going so far as to sending and receiving calls. Browser sessions are shared between the two environments as well, and you can run Android applications in the Unity interface. Heck, even your launcher works in Ubuntu.
Funny, I was thinking just the other day that if I could connect a keyboard and a screen to my phone, maybe I wouldn't need a laptop at all.
PsiXpda, who you may remember channeled some classic Psion nostalgia for their UMPC in late 2009, is planning a second attempt on the companion device market with a design that sticks more faithfully to the fondly-remembered Series 5mx.
Rather than attempt to squeeze a desktop OS onto the new PsiXpda, Pinnock intends to use Android, which should add up to longer battery life and more consumer appeal. Although we’ve seen Android MIDs with physical ‘boards before, they’ve always been intended for thumb-typing rather than anything more ambitious. No word on when PsiXpda intends to release the new model, but we’re tentatively curious to see if its second attempt can do a better job of living up to the Psion inspiration.
So, an Android device with a Psion keyboard? Yes please! If my Psion 5mx had wifi, or 3G, or GPRS, or Bluetooth, or any other reasonable way of communicating with anything else, I'd still use it to this day.