We’ve all heard about the Android malware problem. After all, proponents of other mobile operating systems love to spread FUD stating that Android’s malware situation is out of control. Further, there are various entities such as antivirus firms that have vested interests in demonstrating that there is indeed an issue.
Who’s to blame the companies using these unscrupulous tactics? After all, it’s simply good business to undermine your mobile OS competitors or create demand for your product in the case of security solution providers. And up until very recently, Google unfortunately lacked a reliable way of determining and tracking the . . . READ ON »
If you’re a developer who writes mobile apps for a living, chances are that you’ve at least experimented with mobile ads in the past. Far more true than on other competing platforms, the Android app developer ecosystem is essentially driven by in-app advertisements rather than upfront payments.
This is a topic we broached some time ago, when we presented a thread with various developers’ experiences with different monetization strategies. Long story short: Ads and in-app purchases seem to be far more powerful tools in your monetization arsenal than upfront paid apps.
This should all come as no surprise for a . . . READ ON »
For anyone with a passing interest in developing apps or who has made an app that makes use of a remote web service, listen up. Much as it can be dull to talk security, particularly when it comes to Android applications, it’s still necessary. Today though, I’m going to go through some suggestions for securing applications that make use of remote web services. Whether this is a server to store data on or a server to deal with communications and messages being sent between users, it’s always worth paying attention to a few things that are often overlooked.
1. Encrypt. . . . READ ON »
In light of all the recent panic over surveillance and Internet monitoring, there are a plethora of “secure” communication programs being announced and launched. These tend to make bold promises of being secure, protecting users from surveillance, and being better than equivalent services.
Yesterday, 3 notable personalities in the web-o-sphere lost much credibility in my (and anyone interested in security’s) view. Why? For using pseudo-security, and trying to market it as security. They clearly do not have a strong background in cryptography or security theory, and appear out to make money, rather than to create a well-designed and well-architected, resilient . . . READ ON »
The interwebz are alight. Debate and argument is intense, following the launch of the HTC One and Samsung Galaxy S4, Google Play editions. The Google Play edition moniker, for those (such as I) who choose to reside under a rock, refers to the fact these devices come minus the manufacturer skins and modifications users are accustomed to, and instead ship with the “stock” Google experience, most commonly seen from AOSP or Nexus devices. A fair idea, it appears, although the launch has been met with controversy and debate over if these new handsets are a let-down. Why? Let’s take a . . . READ ON »
All too often, major device manufacturers such as HTC, Samsung, and Motorola steal the thunder with their announcements and product releases, leaving little room for smaller OEMs to enter the market. Today we’re going to put aside the HTC One and Samsung’s Next Big Thing to talk about the Oppo Find 5, the Chinese company’s first foray into the global market.
You may be asking why we at XDA-Developers would want to review a relatively obscure device that is unfortunately difficult to procure in many regions. Well, availability was recently broadened, and we’ve already been inside the device. . . READ ON »
In case you are someone like I am who doesn’t follow the annual “update” of iOS, this is where they make it more like Android and make use of some features Android has had for years (i.e. notification pull-down), and announce a few changes and “new” things the rest of the world has done for years.
Before I go any further, the previous sentence is intended as a joke, let’s not turn this into an iOS vs whatever war. This is about something that all platforms need to unite on: user data security.
Apple yesterday announced a new . . . READ ON »
Android, as an operating system, is fairly unique in that it makes users aware of the permissions available to apps in a fairly transparent way. Compared to Blackberry or iOS, which issue granular prompts such as “Can Angry Birds access your location?” or “Can Instagram access your camera to take photos?” There is a somewhat subtle difference here: The rivals give the user a choice about these requests.
Jump over to Android where, after installing an app, it has free reign to use every permission you agreed to. While this doesn’t sound an issue, let’s take a look at the . . . READ ON »
As promised, the first in our series of “Say Sayonara to Google” articles is about the Play Store. Love it or loathe it, the Play Store is popular. It is so popular, in fact, that it is often berated for the poor quality of apps contained within. While Google is making strides to improve this via their Bouncer malware screening platform, at the end of the day, the Play Store is built on fairly shaky security grounds.
The first security issue with the Play Store is that of remote control. Imagine someone told you the following:
. . . READ ON »
What is freedom? This is a big question being asked by people around the world over the past few years. Many of us believe (and often rightly so) that we are fairly free. Arguably, this is correct in many countries throughout the world. You have political freedoms and many many more. But do you have electronic freedom?
For almost everyone reading this article, it is likely you have a Google Account. This means you have a Gmail account. It’s tied deeply into Android via the Google Apps package of proprietary applications (they are not open sourced, unlike the core Android . . . READ ON »
After our earlier article warning users to uninstall the Sky apps from their devices, it’s time to take a look at the technical significance of this attack. Firstly, the attackers have managed to do two key things here, each of which should each be impossibly difficult for the Play Store update system to be secure:
- Gained access to the Play Store Developer Console of Sky, presumably through gaining access to the associated Google Account
- Obtained access to, or managed to otherwise generate or reproduce, the private RSA keys used to sign the Sky Android app packages
The former is obviously . . . READ ON »