Jump to content
Reliance Jio & Reliance Mobile Discussion Forums
rajanmehta

Android OS & Apps - Security Threats & Vulnerability

Recommended Posts

Though presumed to be rock solid as far as security is concerned, many threats, hacks, vulnerabilities are being discovered increasingly in Android OS/Apps now a days.

SInce we trust it so much and are using our smartphones for many activities with important data on the phone, Let's be aware and post all such threat info, remedies, solutions in this topic.

Starting With...

Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More

  • Like 2

Share this post


Link to post
Share on other sites
Infected version of Google’s Android Market Security Tool March 2011 is floating around the "black markets" – meaning it’s not in the Android Market, but it is floating around the ‘net in APK form.
  • Like 1

Share this post


Link to post
Share on other sites

Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More

Android Police have found this serious bug in Skype for Android meaning this affects all of the at least 10 million users of the app.

Update #1: Skype is investigating the issue, weve been told.

Update #2: Skypes official first response can be found here.

Source: androidpolice.com

Edited by dipanlahiri
  • Like 1

Share this post


Link to post
Share on other sites

15 Top Android Security Apps

Source

Lookout Mobile Security helps you protect your phone and includes AntiVirus, Backup and Find My Phone. The app allows you to block viruses, malware and spyware by scanning every app you download. Backup allows you to back up your contacts and photos, as well as restore data to a new or existing phone. Find My Phone can help you pinpoint your phone on a map, activate a loud alarm to find your phone, and if necessary remotely wipe your data if your phone is lost or stolen.

Cost: Free

Anti-virus Free protects your phone from viruses, malware & exploits in real time. It scans apps, settings and media, helps you locate a lost or stolen phone via Google maps, and lock or wipe your handset to protect your privacy.

Cost: Free

mSecure is a password and data manager that offers a convenient and secure solution to store information on Android devices. Use mSecure to safely store sensitive and important information like Web logins and passwords, credit card numbers, frequent flyer and social security numbers, and any other data you want quick, easy access to while on the go. mSecure uses an industry-proven data encryption method so your information is safe guarded should your device be misplaced or stolen.

Cost: $4.99

Supported by a cloud-security model, NetQin Mobile Anti-virus v4.0 is designed to protect Android devices against viruses and malware. Featured in the anti-virus are scanning and deleting, real-time protection, and frequent virus database updates to ensure users are fully protected from the latest threats. Also included is a new anti-lost feature and a contacts backup system providing full protection for users' data.

Cost: Free

McAfee's WaveSecure is the mobile security service that protects data on your phone, ensures privacy in the event of theft and enhances the possibility of recovering your phone. The apps lets you remotely lock down your device and wipe out important data if necessary, backup and restore data, as well as track and locate your handset.

Cost: Free Trial / $19.90 per year

Anti-virus Pro protects Android devices from malware, viruses and spam SMS. You are able to scan apps, settings, files and media in real time; find your lost or stolen phone via Google maps; eliminate tasks that slow your phone down; run daily, weekly or on demand scans; lock or wipe your phone remotely; and set a lock screen message to help the locator find you.

Cost: $9.99

Seal App Locker allows you to easily protect any application with a password or a pattern, preventing unauthorized users from opening them

Cost: $2.78

Seek Droid allows you to locate your lost or stolen device anywhere in the world. See your device on a map, set off an audible alarm, wipe the device, and more.

Cost: $0.99

Webroot Mobile Security (Beta) brings Webroot's powerful online security to your Android device. This lightweight security app eliminates malicious applications, blocks harmful websites, and protects your privacy if your device is lost or stolen.

Cost: Free

Norton Mobile Security (Beta) is a new mobile app that gives you remote locate, lock and wipe capabilities in case your device is lost or stolen, Norton-strength anti-malware protection, and call and SMS screening from unwanted callers.

Cost: Free

Trend Micro Mobile Security protects digital files and secures banking transactions on your Android devices. App features include download protection – stops you from downloading fraudulent or malicious apps, safe surfing – protects your identity and banking information from phishing attacks, parental controls, and call and texting filtering – blocks unwanted calls or text messages (SMS/MMS).

Cost: Free Trial / $1.99 per year

Wallet allows you to safely store all your sensitive data such as bank account details and passwords on your phone. Wallet is also useful for remembering all those bits and pieces of information in one place from frequent flier numbers to contact lens prescriptions.

Cost: Free

GadgetTrak Mobile Security helps mitigate the risk of mobile device loss or theft; empowering you to track its location, back up data, even wipe the device.

Cost: Free Trial / $19.95 per year

MindWallet allows you to store a wide variety of sensitive information that is accessible with one master password. Features include military grade 128-bit AES encryption, inactivity timeout, backup and restore, and search. MindWallet also includes predefined templates or allows you to create custom templates for your personal needs.

Cost: Free

Keeper password & data vault allows you to keep your passwords, credit card numbers, and user names secure. With Keeper, you are able to log in to websites with one touch, create custom folders (i.e. websites, financial, credit cards, etc.), dynamically search passwords, and self-destruct your handset should it be lost or stolen.

Cost: Basic - Free / Premium – Free Trial then $29.99 per year

  • Like 1

Share this post


Link to post
Share on other sites

As Android booms, volume of malicious apps on the platform rises by 400%

Juniper Networks’ Mobile Malicious Threats report is out, and findings show that since the summer of 2010, the volume of attacks targeting the Android platform has increased by over 400%.

The most common type of malicious apps on the phone are SMS Trojans hidden within authentic looking apps, making up 17% of the malicious pie. Spyware and other malware are also common. Experts from Juniper Networks stressed the vulnerability of mobile platforms as a whole, as most mobile user do not bother to install anti-virus or security tools.

“You don't have to be extraordinarily smart to write mobile malware these days because most devices don't have any security tools to stop the malware.”

Many users perform financial and other sensitive transactions on their mobile, and most of these, despite the risks of spyware and other harmful apps, still don’t feel the need to protect their devices with after-market applications. An older statistic, from 2010, showed that only 15% of smartphone users actually employed any kind of security or anti-virus applications.

While it is a simple matter to avoid third-party app stores and therefore largely avoid the risk of downloading a malicious application, the original Android Market too faces a problem, with Google having to manually zap plenty of apps often, apps that somehow made it to their store with the malicious code intact. It’s no longer a question that Google has to become a more efficient verifier of the apps it makes available on the Android Market, more like Apple – however, without going that far in terms of selection and curation.

Source: thinkdigit.com here here.

  • Like 1

Share this post


Link to post
Share on other sites
previous.gif But 3rd party security tools make phones slow. I'm not inclined to install one for the same reason. I'd rather not do any financial transaction on the phone than make my phone any slower. Hope Google makes the market safer, reducing the need for any security apps.

Share this post


Link to post
Share on other sites

previous.gif But 3rd party security tools make phones slow. I'm not inclined to install one for the same reason. I'd rather not do any financial transaction on the phone than make my phone any slower. Hope Google makes the market safer, reducing the need for any security apps.

I use lookout and kaspersky it has not slowed the phone rather juicedefender etc. do that.

Share this post


Link to post
Share on other sites

previous.gif Just the other day a friend installed Kasp on his phone as he had more than a couple of viruses. And he complained that it slowed down his phone. But it was the Symbian version.

Could depend which phone you have. Upper end phones may not see much damage to performance. Would also depend on whether it does real time scanning, etc., etc.

Anyways, haven't tried it myself, so shouldn't comment further...

Share this post


Link to post
Share on other sites

previous.gif Just the other day a friend installed Kasp on his phone as he had more than a couple of viruses. And he complained that it slowed down his phone. But it was the Symbian version.

Could depend which phone you have. Upper end phones may not see much damage to performance. Would also depend on whether it does real time scanning, etc., etc.

Anyways, haven't tried it myself, so shouldn't comment further...

Quite true I suggest you try lookout it is not resource intensive and scans new applications after installation also sends summary report, you can uninstall if it slows the phone.

Share this post


Link to post
Share on other sites

Android handsets 'leak' personal data

More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.

The data being leaked is typically used to get at web-based services such as Google Calendar.

The discovery was made by German security researchers looking at how Android phones handle identification information.

Google has yet to comment on the loophole uncovered by the team.

ID attack

University of Ulm researchers Bastian Konings, Jens Nickels, and Florian Schaub made their discovery while watching how Android phones handle login credentials for web-based services.

Many applications installed on Android phones interact with Google services by asking for an authentication token - essentially a digital ID card for that app. Once issued the token removes the need to keep logging in to a service for a given length of time.

Sometimes, the study says, these tokens are sent in plain text over wireless networks. This makes the tokens easy to spot so criminals eavesdropping on the wi-fi traffic would be able to find and steal them, suggest the researchers.

Armed with the token, criminals would be able to pose as a particular user and get at their personal information.

Even worse, found the researchers, tokens are not bound to particular phones or time of use so they can be used to impersonate a handset almost anywhere.

"[T]he adversary can gain full access to the calendar, contacts information, or private web albums of the respective Google user," the researchers wrote in a blog post explaining their findings.

Abuse of the loophole might mean some people lose data but other changes may be harder to spot.

"...an adversary could change the stored e-mail address of the victim's boss or business partners hoping to receive sensitive or confidential material pertaining to their business," the team speculated.

There is no suggestion that attackers are exploiting the Android loophole at the moment.

Almost all versions of the Android operating system were passing round unencrypted authentication tokens, found the researchers. It was fixed in version 2.3.4 but, suggest Google figures, only 0.3% of Android phones are running this software.

Some Google services, such as image sharing site Picasa, are still using unencrypted authentication tokens that can be stolen, found the team.

They urged Android phone owners to update their device to avoid falling victim to attacks via the loophole. Google is also known to be working with operators and handset makers to get updates to people faster than at present.

Source: bb.co.uk here.

Edited by dipanlahiri

Share this post


Link to post
Share on other sites

Quite true I suggest you try lookout it is not resource intensive and scans new applications after installation also sends summary report, you can uninstall if it slows the phone.

One time scanning of new apps seems like a great idea... hopefully on demand, so that it does not have to stay in RAM. Should be good enuf for fone environment. Will try it soon, thanks. :)

Android handsets 'leak' personal data

More than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.

The data being leaked is typically used to get at web-based services such as Google Calendar.

..........

Makes one really think - what were they thinking when they deviced it? Unencrypted tokens? Surely it does not take a genius to see that this will eventually be discovered and misused? Google ain't gonna be known for security at this rate. NOTriste.gif

Share this post


Link to post
Share on other sites

Google Fixes Android Glitch That Affected '99 Percent' of Devices

Source

0,1468,i=297519,00.jpg

Google said Wednesday that it has fixed a security glitch that reportedly opened up 99 percent of Android-based devices to a security breach.

"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts," a Google spokesperson told PCMag. "This fix requires no action from users and will roll out globally over the next few days."

Google would not say what percentage of devices were actually affected.

At issue is a Tuesday report that said 99 percent of Android devices are vulnerable to attack when they're used to log into a site on an unsecured network. The report, which came from researchers at Germany's University of Ulm, claimed that phones or tablets running on Android 2.3.3 or earlier were vulnerable because of an improperly implemented ClientLogin authentication protocol. ClientLogin is used to verify users' identity on Android apps, and it saves the authentication data (authToken) for up to two weeks. The authToken is obtained from ClientLogin by providing a username and password on an https connection.

But the researchers said that when a user would login to a site like Facebook or Twitter that stored data could be open to attackers who could use the info to falsely gain access to their private information like Google Contacts and Calendars.

The researchers—Bastian Könings, Jens Nickels, and Florian Schaub—decided to simulate an attack to see if there findings were correct.

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis," they said. "The answer is: Yes, it is possible and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."

There was also an issue with the way data was handled when devices were synced with Picasa, but Google said this has also been fixed. Called a "silent fix," a Google spokesperson said all users will get the update automatically.

Share this post


Link to post
Share on other sites

Using the seciruty angle two things have happened:

1. Google is blocking music/movie access to phones with custom ROMs. This is from ZDNet.

2. Seems that Gingerbread will go all out to block rooting.

What do the Guru's feel?

Share this post


Link to post
Share on other sites

:previous:

The day when they blocked rooting at all levels, is the last-day I will be using my Android device... But I don't think that will happen in near future, imho...

Edited by KanagaDeepan
  • Like 1

Share this post


Link to post
Share on other sites

No one is blocking rooting. Google has patched an exploit in Gingerbread, which was used for one click root as well as make the device vulnerable to malware so now one click roots will not work, but it is good that this patch has been done.

Please read this for clarity.

http://forum.xda-developers.com/showpost.php?p=14047939&postcount=72

http://forum.xda-developers.com/showpost.php?p=14049761&postcount=75

There will be no one ckick root for the Gingerbread OTA unless new exploit is found, but rooting can be done through odin/heimdall of a rooted kernel and/or cwm. So when the OTA comes, do not update, wait for a Gingerbread stock rooted ROM.

Edited by dipanlahiri

Share this post


Link to post
Share on other sites

Thanks. So it will just be a pain. What about point 1 of my post - they want to block downloads with Custom ROMs which will be necessary with the Odin route.

Share this post


Link to post
Share on other sites

Sorry had missed this post.

This was being blocked only for Netflix but here is a workaround http://www.redmondpie.com/how-to-install-netflix-on-any-rootedstock-android-phone/

The workaround bypasses the device support but there are geographical limitations so the application installs on unsupported phones but does not work for phones outside of USA. This means even if not rooted any unsupported phone outside the USA will not be able to use this. The workaround works for rooted/stock unsupported phones in the USA.

The majority of Android devices are not compatible and initially this primary release is only “compatible” with HTC Incredible, Nexus One, EVO 4G, G2 and Nexus S.

So it is not about custom ROMs it is about devices.

Share this post


Link to post
Share on other sites

30+ New Malicious Apps Spotted In The Android Market

Source.

21e9f1c.png

Over the holiday weekend, another batch of malicious apps were found in the official Android Market. According to the Lookout Security Blog (who, it should be disclosed, makes an anti-malware product for Android), at least 34 applications have been infected with a variation of DroidDream, the same malware found in the Android Market back in March. Researchers are calling this iteration of the malware “DroidDreamLight (DDLight)”, and expect that between 30,000 and 120,000 users have already been affected by the malicious apps.

DDLight begins its trouble-making upon receipt of an incoming call, rather than waiting for the user to manually launch the application. From there, the malware grabs the IMEI, IMSI, model, SDK version and other information about installed packages, and can seemingly download and install other applications (though not without prompting the user).

As it currently stands, malware like this is a mostly unavoidable caveat of open (read: loosely regulated) markets like Android’s. It’s the unfortunate wart hiding amongst Android’s many strengths. For now, we’ll just have to hope that Google and the security research firms out there stay vigilant in weeding out these baddies quick.

Here are the apps in which Lookout Security Blog found DDLight:

GluMobi:

  • Tetris
  • Bubble Buster Free
  • Quick History Eraser
  • Super Compass and Leveler
  • Go FallDown !
  • Solitaire Free
  • Scientific Calculator
  • TenDrip

DroidPlus:

  • Quick Cleaner
  • Super App Manager
  • Quick SMS Backup

BeeGoo:

  • Quick Photo Grid
  • Delete Contacts
  • Quick Uninstaller
  • Contact Master
  • Brightness Settings
  • Volume Manager
  • Super Photo Enhance
  • Super Color Flashlight
  • Paint Master

E.T. Tean:

  • Call End Vibrate

Mango Studio:

  • Floating Image Free
  • System Monitor
  • Super StopWatch and Timer
  • System Info Manager

Magic Photo Studio:

  • Sexy Girls: Hot Japanese
  • Sexy Legs
  • HOT Girls 4
  • Beauty Breasts
  • Sex Sound
  • Sex Sound: Japanese
  • HOT Girls 1
  • HOT Girls 2
  • HOT Girls 3

So, how can you avoid it? A good first step would probably be to avoid downloading apps with names like “Beauty Breasts” or “Sex Sound: Japanese”. Unfortunately, a number of these applications are cloned/hacked versions of otherwise legit (but not necessarily super popular) downloads. Always check the developer’s name, the reviews, and other such items for any glaring red flags. Last but not least: doublecheck the features that the app requests permission to use before installing. If something called “HOT Girls 4″ is requesting the ability to view your contacts and send out SMS messages, something probably isn’t right

Share this post


Link to post
Share on other sites

Adobe issues security warning about Flash Player 10.3

Source

According to Adobe, those using Flash Player 10.3 on their phones need to make sure that they have downloaded the latest version of the application. Because the security of the program has been compromised, make sure that version 10.3.185.23 is on your handset and if not, head over to the Android Market and install it. The software developer is saying that if you visit a malicious web site, you could receive emails designed to trick you into clicking on a "malicious link".

Share this post


Link to post
Share on other sites

Rooted Android Devices Facing Security Threats

Source

Malware jSMSHider could infiltrate your device without your knowledge.

The best part about Android is its open sourced nature, allowing users to customize the device to the very core, and change it according to their liking. For that to happen, developers or hackers have to go through sleepless nights to cook up a working Android custom ROM. It wouldn't be wrong to say that Android is the safe haven for hackers and devs. This is the main reason why most brands do not encourage hacking and are striving to make it harder for the devs as the days pass by. However, some companies are actually encouraging the development of custom ROMs. Samsung provided a bunch of Galaxy S II handsets to the developer team of CyanogenMod.

Now, a firm named Lookout Mobile Security has spotted a new malware which can compromise the content on your Android device. This particular malware known as the jSMSHider, will make its way through rooted Android devices with custom ROMs and gather your data. The worst part is that most custom ROMs out there aren't safe from its attack. However, the Android device is immune from the malware's attack as long as the user does not download apps from third party sources. Luckily enough, this particular malware has so far not been found to be hooked with the apps found in the Android Market. The jSMSHider malware has not been spotted in any Android device yet, but that doesn't mean that users should disregard its existence or the consequences of its infiltration.

When jSMSHider makes its way to your Android device, it will instantly have full access to your text messages, and will have the ability to contact other servers. This essentially means that the data on your device could instantly land on some other device and this malware is also capable of downloading applications remotely without you even knowing about it. Exercising a little caution while downloading content from third party locations is therefore advised, because you never know what you might be getting yourself into.

Share this post


Link to post
Share on other sites

I have shifted to iPhone and it's much better

I don't find anything missing on iPhone which was used by me on android.

Just jailbreak and enjoy Also safe

Edited by parin
  • Like 1

Share this post


Link to post
Share on other sites

:previous:

Have jail-broken it?? See Jobs uncle is coming with stick...

BTW, which FileManager are you using to view or copy files from (C:) PhoneMemory and send files via BT (Ya, I know JB iPhones can send files by BT)??? I use RootExplorer and ES FileExplorer...

Edited by KanagaDeepan

Share this post


Link to post
Share on other sites

I have shifted to iPhone and it's much better

I don't find anything missing on iPhone which was used by me on android.

Just jailbreak and enjoy Also safe

Parin bhai GSM or CDMA? But no data on CDMA right?

Share this post


Link to post
Share on other sites

Android Malware On The Rise

sick-android-640x480.png

If you own an Android smartphone, you’re more than twice as likely to encounter malware today as you were six months ago. This according to the latest Mobile Threat Report from Lookout Mobile Security, which estimates that half a million people were affected by Android malware in the first half of 2011.

Lookout’s analysis of data collected from more than 700,000 apps and 10 million devices worldwide reveals a significant increase in mobile malware since January, and while some of it was geared toward devices running Apple’s iOS, much was intended for Android. There were 80 Android apps infected with malware in January. By June, there were 400.

“Currently, malware and spyware have primarily targeted Android devices, though there are commercial spyware applications available for jailbroken iOS devices,” Lookout explains in its report. “According to our data, in June of 2011 Android users were two and half times more likely to encounter malware than just six months ago.”

The reasons for this are well known. iOS apps are curated by Apple via a manual review process that hews closely to some very strict security guidelines. Apps in Google’s Android Market do not undergo the same rigorous review process. And while that might allow Android developers to update their apps more quickly, it also makes it easier for miscreants to distribute malware, or to update or repackage legitimate apps with malicious successors. Earlier this year, for example, a piece of malware dubbed DroidDreamLight infiltrated some 34 apps in the Android Market.

But if iPhone users are largely unaffected by malware, they’re not entirely immune to it — particularly if they’ve jailbroken their devices to run apps not sanctioned by Apple. Lookout charted a troubling spike in Web-based threats in the first half of 2011. These are cross-platform, and thus of concern to Android and iOS users alike.

“In the past year, iOS has seen multiple web-based exploits in the wild that allow an attacker to run code as root if a user simply visits a web page,” Lookout said in its report. “These exploits first take advantage of a browser vulnerability to run code as the browser process then take advantage of a local privilege escalation vulnerability to run code as root. Thankfully, we haven’t seen evidence of these exploits being used maliciously: they were primarily used to allow users to jailbreak their devices.”

3of10-Likely-To-Encounter-UnSafe-Links.png

MOre info

Share this post


Link to post
Share on other sites

:previous:

Dr saab, one simple example... Terrorists usually throw bombs on Temple, Sports Stadium, Super Market and such important places, but NOT on WALLED_GARDEN or Funeral_Ground... This DOESN'T means walled_garden and burial places are much superior than Temple, Market, etc... The real reason is those walled_gardens and funeral grounds are NOT worth the efforts... So non_JB_iPhones (Walled garden) and Symbian^1 (funeral ground) phones have very very few or NO malwares...

NON jail-broken iPhones are MORE safe than JB-iPhones... Whether that means iPhones are better NOT_JailBroken??? :NOTriste:I just want to say jailBroking an iPhone and rooting an android are worth the risk...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×