Tag Archives: Android

Why Android phones and tablets need Anti-Virus

Smartphones and tablets are now as powerful as your three year old desktop or laptop computer, which is why it’s just as important to ensure they are secure. And this is especially true for Android devices. In fact, as much as 97% of all mobile malware (that’s fake apps, viruses and scams) is on Android.

But how does malware get onto your phone in the first place? Here are the three top ways that malware can get onto your Android device and how a simple security app can help to keep you safe.

Video

Android Security Basics

Installing ‘untrusted’ apps

Only using the Google Play Store, or another trusted source for your apps is the default advice for every Android device owner.  And it’s good advice because reputable market places will often scan their apps to ensure they’re safe before you download them.

However, Android also provides the ability to download and install an app directly from a website – as a file with the extension “.APK” – provided, of course, that you first enable the security setting to allow “Untrusted sources”.

Anti-Virus for Android will not only help detect potentially malicious apps, it will also alert you to ensure you keep that “Untrusted sources” security option disabled, except for rare occasions when you might need to temporarily enabled it.

 

Web links and browsing

It’s not just rogue apps that can give you a bad day.  Browsing web sites from your Android phone and tablet can put you at risk.  And there’s also the inconvenience of having your device stolen or lost forever.

Surfing websites from mobile devices is amazingly convenient for you, and the scammers. By exploiting known vulnerabilities, especially in those older Android devices that aren’t up to date, just clicking on a malicious link can be enough to wreak havoc.

Luckily, a good Anti-Virus app which can also scan links and provide protection against phishing attacks will help you surf more safely.

And when it comes to losing your Android phone to tablet, Anti-Theft features allow you to remotely locate, and if stolen, remotely erase your device for peace of mind.

Challenge of Keeping Updated

The ability to keep your Android phone or tablet running the best version of Android with all the latest security fixes depends on a number of factors.

Firstly, the manufacturer may have shipped your device with a modified version of Android to make it behave a little differently.  For example, if you have a Samsung device using the “Touchwiz” interface, or an HTC with the “Sense” look and features.

Second, if you purchased your phone or tablet through a telephone company there’s a good chance it came bundled with some extra apps and features too.

All of these modifications, while arguably adding some value, delay the deployment of security fixes released by Google.

Often you have to wait for  either your telephone company or the device manufacturer (or both) has to refresh their modified versions of Android before you get the benefit.

A good Anti-Virus app can help to keep your device secure until those security updates arrive.

These are just some of the reasons why Android phones and tablets need Anti-Virus.  Do you know of any more?

Three essential tips for new Android devices

Unfortunately, with today’s smartphones (which have the capacity and the feature-set of a high-end PC from about 10 years ago) it’s no longer a matter of popping in the SIM and using it.

There are a million things to watch out for and set up. In this week’s blog, we’ve compiled the three most useful steps you need to take besides running through the initial setup and downloading your favorite apps.

Sign into your Google Account:

One of the first things your new Android will ask you to do is sign into your Google account. Now, you could technically go without a Google account, but the benefits outweigh a lot of the worries some users have: once you sign in, it will back-up your phone’s settings, installed apps, account data and more – plus it allows you to purchase apps on the Google Play Store.

If you’re worried about privacy, simply create a new account and leave out information you don’t want to be shared with Google.

Google Sync

Get the latest update:

Most phones come with outdated software right out of the gate (as software continues to improve after devices come off the production line). We suggest checking for updates in your “Settings” app under “About device” (or similar).

Do the same for your apps so you don’t have to go into the Google Play store all the time. Go to Settings again and look for the “Auto-update apps” checkbox.

Software update

Get rid of preinstalled bloatware:

As we discovered last month in our AVG App Consumption report, one of the top reasons for battery drain, storage consumption and data traffic are the preinstalled apps on your phone.

We’ve actually made a free app, AVG Cleaner for Android, which lets you view the most draining apps on your phone and helps you get rid of them: Open it up and go to the App Uninstaller.

This will list all your currently running apps. If you tap on the little blue arrow in the top right, you can then sort the list by:

  • App Usage – how often you use each of your apps
  • Storage Usage – how much space your apps use
  • Battery Usage – how demanding each app is on your battery
  • Data Usage – the apps that send and receive the most data (to help avoid hitting your data plan limit)

Uninstall Bloatware

 

Is backing up your data the same as exposing it? In this case – Yes!

Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution –  You can find them online! The catch? Your contacts are in a publicly accessible place.

1playstore photo

Seriously.

If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.

Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.

 2app

A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.

3savedatacloud

Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.

4fiddlerinfo 5datafromserver

We found log in data inside those entries from countries like Greece, Brazil, and others

The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.

6appinfoplaystore The application has been reported to Google without receiving any response.

Avast detects it as Android:DataExposed-B [PUP].

Samples (SHA-256):

F51803FD98C727F93E502C13C9A5FD759031CD2A5B5EF8FE71211A0AE7DEC78C 199DD6F3B452247FBCC7B467CB88C6B0486194BD3BA01586355BC32EFFE37FAB

Black Friday Sale: 33% off PRO apps for Android

The Black Friday and Cyber Monday weekend can be a great time to take advantage of big discounts on electrical items including smartphones.

If you’re planning on treating yourself or a loved one to a new smartphone this holiday weekend, or even if you just want to look after your existing device, AVG has some great discounts to help you keep your Android smartphone running securely and smoothly.

 

33% off AVG AntiVirus PRO

AVG AntiVirus PRO for Android is a complete security solution for your smartphone that combines powerful protection tools with useful features that can even help recover your device should it get lost or stolen.

With AVG AntiVirus PRO Android Security you can:

  • Scan apps, files, emails and messages for malware
  • Locate, lock and wipe your lost or stolen phone
  • Kill tasks that can slow down your phone
  • App Lock – password protect app access
  • A Camera Trap – that emails you a photo of anyone who enters an incorrect pass code three timese

Video

AVG AntiVirus PRO

Download AVG AntiVirus PRO now

 

33% off AVG Cleaner PRO

AVG Cleaner is a FREE app that helps you get more from your Android device. By cleaning out junk files and cache files, AVG Cleaner gives you more space for the files that matter. This holiday weekend get 33% off AVG Cleaner PRO features.

AVG Cleaner FREE allows you to:

  • Remove junk and cache files
  • Automate cleaning for no-hassle performance

AVG Cleaner PRO has these extra features:

  • No advertising
  • Set up custom battery profiles to make your phone run just how you want it to

Video

AVG Cleaner PRO

Update to Lollipop as soon as you can: These are the security improvements included in Android 5.0

Google has now launched the long-awaited Android 5.0, the new version of its mobile operating system. Do you want to know why you should update your smartphone’s software? We give you the first clues here.

lollipop-android

Adrian Ludwig, security engineer at Google, says in the official Android blog that their goal is to “stay two steps ahead of the bad guys” and this is Lollipop’s intention too. “Not only is Lollipop the sweetest update of Android to date, we also built in a rigid (security) Lollipop stick for the core and Kevlar wrapping on the outside—to keep you safe from the bad guys, inside and out.”

One of the most secure ways of keeping data safe is to use the screen lock or pattern. However, Google is aware that many users do not use this measure because, among other reasons, it makes it difficult to use the phone when it is connected to another device.

For this reason, the new operating system includes Smart Lock, which unlocks the phone when it is paired with a wearable or a hands-free device in the car via Bluetooth or NFC.

The phone can also be unlocked using facial expressions. Although this feature was available in version 4.0, in the new version of the Android operating system this application has been improved by constantly analyzing the user’s expressions.

Finally, in order to encourage users to install phone lock patterns and make them more secure, Android has included the option to receive on-screen notifications, even though the phone is locked, and access them more quickly.

Another security measure in Lollipop is related to encryption, which is no longer optional and will be really useful for less experienced users. Device encryption will be automatically enabled when the device is switched on. It uses a unique key that never leaves the device.

However, Google acknowledges that users with older devices that update their version of Android will have to enable the encryption feature manually themselves, which will not happen in devices shipped with this operating system.

Android has always tried to make sure that its apps access as little data on the phone as possible but in this respect its software has never been without its problems. Version 4.2 included Security Enhanced Linux, known as SELinux, which audited and monitored every action and left less room for attack.

SELinux defines the permissions of every user, app, process and file on the system and controls their actions and interactions following a strict security policy. This prevents any file – not even those downloaded from Google Play – from modifying the phone’s essential parameters.

lollipop-screen

Although this service was offered in previous versions, it has now been boosted to respond particularly to enterprise and government environment as, according to Ludwig, the majority of the members of different governments use Android. SELinux currently runs in enforcing mode, that is, all of the security policies are loaded and enabled on the device. It was not the same in previous versions, where the user could choose to use enforcing mode, permissive mode – where the security policies were loaded but not applied – or even turn it off.

Have you ever had your phone stolen? Having Lollipop installed could help you. It has the Factory Reset Protection feature, which disables stolen phones, only requiring the Google password to wipe the phone’s data remotely.

The new version of Android also keeps the device away from malicious websites when the user performs searches in the browser. In addition, it seems that everyone can create multiple user accounts to securely share the device with a friend or do so using guest user mode.

The heads of security at Android claim that the probability of a cyber-crook attacking the device using malicious software is 1 in 1,000. But the main dangers facing users is when the phone is lost or stolen. It is for these cases that the new security measures are designed. What are you waiting for to update your operating system?

 

The post Update to Lollipop as soon as you can: These are the security improvements included in Android 5.0 appeared first on MediaCenter Panda Security.

Careful with photos from unknown sources in Android: They could now contain a nasty surprise

We now live in the age of the image. Hardly a day goes by when we don’t download or share an image of friends or family. The saying ‘A picture is worth a thousand words’ has become a motto for our everyday lives.

Well aware of this are those who prowl the Internet with malicious intent. They know that images are now swarming across the Web, and as such represent the perfect Trojan horse to conceal malicious content. In fact, had it not been for Axelle Apvrille and Ange Albertini, many have already tried. These researchers were responsible for uncovering a crack in the defensive wall of Google’s mobile operating system, through which images can be used to hide malicious software, which could then slip past the system’s protection.

android-mobile

At the latest Black Hat Europe event in Amsterdam, these cyber-security experts presented their work on the vulnerability in Android. Due to this flaw, malicious users could reach the smartphone or tablet of any user through an image which, when downloaded, would become a file that could infect the device.

According to Apvrille and Albertini, the malicious payload could be concealed in any image, regardless of format. Whether a .png or .jpg, what to the naked eye is simply a picture of a person, could simply be a front for code that would be released from the image and spread malware.

To demonstrate the existence of the vulnerability, they created a tool called AngeCryption, which let them convert images into packets. Thanks to this, they could hide anything they wanted to transmit from one device to another without security systems or Google’s own scanner being aware of its existence. So behind an apparently inoffensive image there could be an .apk, the type of executable file that allows applications to be installed.

pic-mobile

In the proof-of-concept presented by the researchers, they used an image of Darth Vader to hide a malicious app designed to steal photos, messages and other data from the devices it is downloaded to.

Imagine a contact sent you an image via WhatsApp and you downloaded it, without you knowing an app would be installed on your device that could search for and steal anything it found. This is precisely what this vulnerability allows.

“Such an attack is highly likely to go unnoticed, because the wrapping Android package hardly has anything suspicious about it,” explain Apvrille and Albertini. They also warn that this flaw has been present in all versions of Android so far.

The discovery of this security hole was kept quiet until the researchers were able to inform Google and the company’s security team had time to fix it. So are you now safe? Yes, but only if you remember to upgrade your smart phone or tablet. If you don’t, you will be exposed to potentially nasty surprises.

So we advise you:

  • To be careful with photos from unknown sources
  • Install any available Google updates.

Also, as prevention is better than cure, install our antivirus for Android devices. Why take unnecessary risks?

The post Careful with photos from unknown sources in Android: They could now contain a nasty surprise appeared first on MediaCenter Panda Security.

Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says

FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could “lead us to a very, very dark place.” Echoing comments made by law enforcement officials for the last several decades, Comey said that the advanced cryptosystems available today threaten to cripple the ability of intelligence and law […]