Archive for the ‘Mobile Security’ Category

Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks

May 8th, 2019
A bug hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than half a billion users worldwide.

Posted in android browser, Android Security, browser url spoofing, Mobile Security, phishing attack, UC Browser, URL Spoofing Vulnerability, Vulnerability | Comments (0)

Google Makes it Tough for Rogue App Developers Get Back on Android Play Store

April 16th, 2019
Even after Google's security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existing accounts, is enough for 'bad-faith' developers to trick the Play Store into distributing unsafe

Posted in Android, android apps, Android Malware, Android Security, apps security, google, Google Android, hacking news, Mobile Security, smartphone security | Comments (0)

‘Exodus’ Surveillance Malware Found Targeting Apple iOS Users

April 9th, 2019
Cybersecurity researchers have discovered an iOS version of the powerful mobile phone surveillance app that was initially targeting Android devices through apps on the official Google Play Store. Dubbed Exodus, as the malware is called, the iOS version of the spyware was discovered by security researchers at LookOut during their analysis of its Android samples they had found last year.

Posted in Android, Android Malware, app development, Apple iOS, Exodus, hacking news, iOS malware, malware, Malware apps, Mobile Security, smartphone protection | Comments (0)

Unpatched Flaw in Xiaomi’s Built-in Browser App Lets Hackers Spoof URLs

April 5th, 2019
EXCLUSIVE — Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately update its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices. That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a

Posted in Android, android browser, browser security, browser url spoofing, browser vulnerability, hacking news, MI browser, Mobile Security, URL Spoofing Vulnerability, xiaomi, Xiaomi mobiles | Comments (0)

Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware

April 4th, 2019
What could be worse than this, if the software that's meant to protect your devices leave backdoors open for hackers or turn into malware? Researchers today revealed that a security app that comes pre-installed on more than 150 million devices manufactured by Xiaomi, China's biggest and world's 4th largest smartphone company, was suffering from multiple issues that could have allowed remote

Posted in Android, android antivirus, android apps, Android Security, Antivirus for Android, hacking news, Mobile Security, smartphone security, Vulnerability, xiaomi, Xiaomi mobiles | Comments (0)

Insecure UC Browser ‘Feature’ Lets Hackers Hijack Android Phones Remotely

March 26th, 2019
Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately. Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically

Posted in hack android mobile, hacking news, how to hack android, malware, man-in-the-middle attack, mobile browser, mobile hacking, Mobile Security, UC Browser, UC Web Browser | Comments (0)

Android Q — Google Adds New Mobile Security and Privacy Features

March 19th, 2019
Google has recently released the first beta version of Android Q, the next upcoming version of Google's popular mobile operating system, with a lot of new privacy improvements and other security enhancements. Android Q, where Q has not yet been named, offers more control over installed apps, their access, and permissions, and location settings; more support for passive authentication like face

Posted in Android, android app development, Android Operating system, Android privacy, Android Q, Android Security, Google Android, Mobile Privacy, Mobile Security, privacy settings, privacy software | Comments (0)

Indecent disclosure: Gay dating app left “private” images, data exposed to web

February 7th, 2019
The Jack'd dating app allowed men to upload "private" photos--but stored them open to public viewing, the same as the rest.

Enlarge / The Jack'd dating app allowed men to upload "private" photos--but stored them open to public viewing, the same as the rest.

Amazon Web Services' Simple Storage Service powers countless numbers of web and mobile applications. Unfortunately, many of the developers who build those applications do not adequately secure their S3 data stores, leaving user data exposed—sometimes directly to web browsers.  And while that may not be a privacy concern for some sorts of applications, it's potentially dangerous when the data in question is "private" photos shared via a dating application.

Jack'd, a "gay dating and chat" application with over 1 million downloads from the Google Play store, has been leaving images posted by users and marked as "private" in chat sessions open to browsing on the Internet, potentially exposing the privacy of thousands of users. Photos were uploaded to an AWS S3 bucket accessible over an unsecured web connection, identified by a sequential number. By simply traversing the range of sequential values, it was possible to view all images uploaded by Jack'd users—public or private. Additionally, location data and other metadata about users was accessible via the application's unsecured interfaces to backend data.

The result was that intimate, private images—including pictures of genitalia and photos that revealed information about users' identity and location—were exposed to public view. Because the images were retrieved by the application over an insecure web connection, they could be intercepted by anyone monitoring network traffic, including officials in areas where homosexuality is illegal, homosexuals are persecuted, or by other malicious actors. And since location data and phone identifying data were also available, users of the application could be targeted

Read 15 remaining paragraphs | Comments

Posted in amazon s3, AWS, bad software, Biz & IT, Mobile Security | Comments (0)

Several Popular Beauty Camera Apps Caught Stealing Users’ Photos

February 4th, 2019
Just because an app is available on Google Play Store doesn't mean that it is a legitimate app. Despite so many efforts by Google, some fake and malicious apps do sneak in and land millions of unaware users on the hunting ground of scammers and hackers. Cybersecurity firm Trend Micro uncovered at least 29 devious photo apps that managed to make its way onto Google Play Store and have been

Posted in Android, android apps, Android Malware, Beauty Camera Apps, malware, Mobile Security, Photo Editing Apps | Comments (0)

New Android API Lets Developers Push Updates Within their Apps

November 8th, 2018
You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true. Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional. Along with the launch of a number of new tools and features at its Android Dev Summit 2018, Google has

Posted in Android, Android API, android app developer, android app development, Android app update, Android Update, cybersecurity, In-app updates API, Mobile Security | Comments (0)