This week's edition is Android heavy with the Google I/O 2016 event occurring this week. Plenty of an
|
May 19 · Issue #9 · View online |
|
This week’s edition is Android heavy with the Google I/O 2016 event occurring this week. Plenty of announcements – the Allo messaging app, Android Instant Apps, etc. – but questions remain about the mobile security ramifications of some of these new products and features.
|
|
Don't Use Allo | Motherboard
“The selling point of Google’s new messaging app is not encryption, it’s surveillance.” FOR YOUR CONSIDERATION: Google’s recently released Allo messaging app will not encrypt communications end-to-end by default, disappointing many in the security community. One report claims, “Conversations will be encrypted to and from the Google server. If you switch to Incognito mode, everything is end-to-end encrypted. Only you and the other party will be able to read the messages. The Google bot won’t work in this mode.” In the end, an individual needs to decide whether the value provided by the bot feature outweighs the fact that Google will collect and analyze data from their conversations in Allo.
|
Android users have installed more than 65 billion apps from Google Play in the last year | The Verge
“The company says more than 600 new Android phones have launched in the last year, while more than 65 billion apps have been installed through its Google Play store in the same time frame.” FOR YOUR CONSIDERATION: We understand why Google wants to tout 600 new devices using Android, but we can’t help ourselves from thinking about it what it means for OS fragmentation. In addition, the Google Play store offers approximately 2 million apps. Our research shows that 25 percent of mobile apps harbor a security flaw and that the more popular an app is, the more likely it is to be vulnerable.
|
Android Instant Apps will blur the lines between apps and mobile sites | Ars Technica
“Instant Apps are designed to provide the richer, Android-native experience of an app combined with the convenience and the lower data and storage usage of a mobile website.” FOR YOUR CONSIDERATION: Until more technical details are available about how Google will implement Android Instant Apps, the impact on security remains unclear. What system access will these app modules be granted without having to ask for permissions? Will it help attackers trick users into running malicious apps from the web? Do we trust Google’s review process?
|
Banking Trojan Outwits Google Play Malware Scanner | Threatpost
“A banking Trojan hiding in a casino app was removed from Google Play. The malware slipped past Google Verify Apps malware scanner and get into the marketplace.”
|
Apple bans benign iOS spyware detection, security info app | The Register
“Apple has punted hacker Stefan Esser’s app designed to highlight the security posture and running processes on iOS devices.”
FOR YOUR CONSIDERATION: Events such as this, and Google Play booting the VTS for Android app, suggest that Apple and Google are not always friendly when it comes to third parties trying to increase security visibility into the mobile platforms. We’ve discussed why you can’t count on the platforms to fix mobile security, and their expelling apps that provide security information about a device encourages even well-meaning parties to work around them.
|
Stanford computer scientists show telephone metadata can reveal surprisingly sensitive personal information | Stanford News
“Stanford researchers show that telephone metadata – information about calls and text messages, such as time and length – can alone reveal a surprising amount of personal detail. The work could help inform future policies for government surveillance and consumer data privacy.” FOR YOUR CONSIDERATION: Former Director of the NSA and CIA General Michael Hayden has said, “We kill people based on metadata.” This study shows that despite metadata seeming trivial, it is in fact sensitive. With only metadata and rather unsophisticated methods, the researchers inferred that an individual may suffer from a particular medical condition and more. The value of seemingly banal metadata to attackers plotting targeted attacks in particular cannot be underestimated, not to mention its effects on privacy.
|
Malware-Laced Porn Apps Behind Wave of Android Lockscreen Attacks | Threatpost
“Dell SonicWALL Threats Research Team says incidents of Android lockscreen malware masquerading as porn apps is a growing concern.”
|
Did you enjoy this issue?
|
|
|
|
If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
|
|
|
|