fbpx

Download free GDPR compliance checklist!

Tag Archives for " Android "

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

New Android Bug Affecting Over A Billion Phones Could Let Malware Hijack Legitimate Apps.

A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information.

Dubbed ‘Strandhogg 2.0,’ the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total Android-powered devices, leaving billions of rest of the smartphones vulnerable to the attackers.

Source: New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps

A newly uncovered strain of Android spyware lurked on the Google Play Store disguised as cryptocurrency wallet Coinbase, among other things, for up to four years, according to a new report by Bitdefender.

The malware, named Mandrake by the threat intelligence agency, featured a three-part structure that allowed its operators to evade detection by routine Google scanning.

Beginning with an innocuous-looking dropper hosted on the Google Play store, masquerading as one of a number of legitimate apps, Mandrake allowed its Russian operators to snoop on virtually everything unsuspecting targets did on their mobile phone.

Source: Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps • The Register

Austrian citizen files GDPR legal complaint against Google over Android Advertising ID

Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that this data is illegally processed.

The complaint against Google, which was filed with the Austrian Data Protection Authority, is based on the claim that Google’s Android operating system generates the advertising ID without user choice as required by GDPR.

Source: Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID • The Register

Android Users Battling Google Can’t Seek Intervention By Appeals Court

A group of Android users have lost another round in a privacy battle with Google over alleged location tracking.

U.S. District Court Judge Edward Davila in San Jose, California rejected the Android users’ request to immediately appeal his earlier ruling dismissing their claim that Google violated the California Invasion of Privacy Act.

Source: Android Users Battling Google Can’t Seek Intervention By Appeals Court 04/17/2020

Thousands of Android apps contain undocumented backdoors

A study has found that thousands of legitimate Android apps are taking liberties or installing with capabilities that users wouldn’t expect to exist.

For example, ability to reset user passwords, bypass payment interfaces, initiate hidden behaviours using secret commands, or just stop users from accessing specific, sometimes political content.

This isn’t necessarily about outright malicious apps so much as legitimate apps taking liberties or installing with capabilities users wouldn’t expect to exist.

Source: Thousands of Android apps contain undocumented backdoors, study finds – Naked Security

Android surveillanceware operators jump on the coronavirus fear bandwagon

Researchers have uncovered a mobile surveillance campaign that has used more than 30 malicious Android apps to spy on targets over the past 11 months. Two of the most recent samples are exploiting the coronavirus by hiding off-the-shelf surveillanceware inside apps that promise to provide information about the ongoing pandemic.

One of the apps, “corona live 1.1,” is a trojanized version of “corona live,” a legitimate app that provides an interface to data found on tracker from Johns Hopkins University. Buried inside the spoofed app is a sample of SpyMax, a commercially available piece of surveillanceware that gives attackers real-time control of infected devices.

A second app used in the same campaign is called “Crona.” The campaign, which has been active since April 2019 at the latest, was discovered by researchers from mobile-security provider Lookout.

Source: Android surveillanceware operators jump on the coronavirus fear bandwagon | Ars Technica

Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media

One former employee said the secret company called Pink Unicorn Labs was doing the same thing as Cambridge Analytica, “but more nefariously, arguably.”

Banjo, an artificial intelligence firm that works with police used a shadow company to create an array of Android and iOS apps that looked innocuous but were specifically designed to secretly scrape social media. This was done to avoid detection by social networks. The news signifies an abuse of data by a government contractor, with Banjo going far beyond what companies which scrape social networks usually do.

Source: Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media – VICE

Forensics detective says Android encryption now superior to iPhones

According to a forensics detective, Android encryption has made it harder to crack Android phones as compared to iPhones. This is a reversal from the norm.

Cellebrite — one of the most prominent companies that government agencies hire to crack smartphones — has a cracking tool that can break into any iPhone made up to and including the iPhone X. The tool pulls data such as GPS records, messages, call logs, contacts, and even data from specific apps such as Instagram, Twitter, LinkedIn, etc., all of which could be incredibly helpful in prosecuting criminals.

However, that same Cellebrite cracking tool is much less successful with Android encryption on prominent handsets.

Source: Forensics detective says Android encryption now superior to iPhones

14% of Android app privacy policies contain contradictions about data collection

An analysis of 11,430 Play Store apps found that 14.2% used a privacy policy with contradicting statements about user data collection practices.

Examples include privacy policies that stated in one section that they do not collect personal data, only to contradict themselves in subsequent sections, where they state they collect emails or customer names — which are clearly personally-idenfiable information. Self-contradictions can lead to the identification of deceptive statements, which are enforceable by the FTC and the DPAs (data protection authorities) of the EU.

Source: 14% of Android app privacy policies contain contradictions about data collection | ZDNet

>