Tag Archives: Mobile

AVG

Which is the most secure Android Smart Lock?

Leave a comment

If you’re one of the lucky few to be running a phone or tablet with Android Lollipop (5.0 or above), you might be tempted to use one of its new Smart Lock security features. These features bypass your lock screen when certain conditions are met.

Here, we examine the various kinds of Smart Locks Lollipop offers, where they fail, and how reliable they are.

Trusted devices

Trusted devices is perhaps the safest of the new smart lock features. It works by confirming your identity with “something you have”; in this case a bluetooth device or NFC trigger. When your devices pair, your lock screen will be removed. The feature seems to have been designed with smartwatches in mind, but any bluetooth device like car or wireless headset will work.

This is particularly secure, as bypassing this lock would require both your devices be stolen at the same time. The other workaround includes spoofing the MAC address (or identity) of your bluetooth device, which is a difficult and highly unlikely process.

Trusted places

Trusted places creates geofences around specific areas you designate as “safe”. Usingbuilt-in GPS, WiFi scanning, and other location services, your device can determine whether you are inside the area and disable your phone’s lock screen. When the phone leaves the area, it automatically locks up again.

This feature can be particularly useful and safe if you designate your home as a safe zone, especially if you’re home is in an isolated area. However, we wouldn’t recommend setting any location you do not fully control as safe. Any passerby in the “safe zone” could potentially pick up your phone and use it. Furthermore, the feature isn’t as precise as it could be: the diameter of the “safe zone” can be up to 80 meters wide (nearly 90 yards or 262 feet).

Trusted face

Trusted face essentially confirms your identity by looking at you, using your device’s front facing camera to recognize your face. Because of that, hardware can be a limiting factor in this method’s reliability: a poor front-facing camera can quickly become a liability.

While the system is smart enough not to get fooled by a static photo of your portrait, it still requires you to “teach it” to recognize your face in several different lighting conditions or wearing various accessories.The more you do this, the more reliable it becomes, but it can require more “teaching” than most users would feel comfortable providing. Essentially, every time your phone doesn’t unlock is an opportunity to teach it.

Oh, and you can give up on getting this to work in low lighting conditions.

We leave it to you to determine the likelihood that a look-a-like will snatch your phone. Just don’t use this feature if you have an evil identical twin.

Trusted voice

Trusted voice relies on vocal recognition to confirm your identity. It works particularly well if you are a consistent user of Android’s voice activated features, since those learn to recognize your speaking patterns to better interpret your queries. If you do not use them often, you may find the reliability of this method to be somewhat limiting.

A secondary annoyance is that it relies on triggering the Google Launcher’s signature “Ok, Google” to unlock your screen, which will then wait for a search query or command. Unless you are a heavy user of the Launcher or Google Now, we don’t recommend this.

On-body detection

This is easily the least secure of the methods revealed so far, and we strongly recommend you do not use it. On-body detection relies on your phone’s internal accelerometers and gyroscopes to determine if you are carrying your phone. Unlock it once, and it will stay unlocked while in your hands or pocket. Put it down on a table, and it will lock immediately.

While this may seem to make sense and greatly simplify your life, it’s also a godsend to any pickpocket or straight-out thief that would snatch the phone out of your hands. So long as the phone is in movement, it doesn’t care who unlocked it. With over 3 million smartphones stolen every year in the US alone, and 2000 a day in the UK, we really cannot recommend this method.

 

How to turn the Smart Lock features on

If you decide you still want to use one or more of these securityfeatures, you’ll need to turn them on first, and Google has not made that easy.

First, in the Settings menu, you’ll need to scroll down to Advanced and select Trust agents. Inside this menu, you’ll need to activate the Smart Lock option.

Trust Sources

Smart Lock

 

Now, when you head back into the main Security menu, you’ll be able to find the Smart Lock menu, and activate whichever features you want.

Smart Lock

Options

 

If you see one of these features missing, make sure that you’re Google Services app is up-to-date.

 

AVG

New “Porn Droid” ransomware hits Android

Leave a comment

Researchers at ZScaler have discovered a new variation of the “Porn Droid” ransomware that affects Android devices.

Once the device is infected, the malware sends the user a message, apparently from the FBI, accusing the user of watching child pornography. It then demands a $500 ransom to restore the device to normal.

fake FBI alert

 

Infection:

After masquerading as a Google patch update, the malware then asks for a number of powerful permissions including “Erase all data” and “set storage encryption”.

Fake Google Alert

 

Clearly, the message is not from the FBI and the victim should not pay the ransom.

Porn Droid

 

How to stay safe:

Always check permissions

Apps are the lifeblood of our Android devices and make them the powerful and useful tools we know and love. Apps help us stay in touch with family and friends, guide us, educate us and sometimes simply entertain us. But how much attention do we pay when we install an app? In the case of this ransomware, an alert user would never have granted those permissions to an app.

For a list of permissions to look out for when installing an app, check out this AVG Academy video from Michael McKinnon.

Video

Make sure you check these app permissions

 

Have up-to-date security software

One of the simplest and most effective ways of keeping your device safe from malware such as “Porn Droid” is to have up-to-date antivirus protection.

By scanning links and attachments before they are loaded onto your device, security apps like AVG’s AntiVirus for Android can help keep your device free from randomware and running in top condition.

 

 

AVG

Are these the world’s greediest apps?

Leave a comment

On a typical business or vacation day, my phone barely makes it through the day: A bit of Googling here, a bit of research there, some email and gaming in between and before I know it, my battery life is down to 10% and it’s only 4pm!

It’s not necessarily my smartphone’s fault, but likely a consequence of the demanding apps that I run, often completely invisibly in the background. These apps drain not just battery life but also fill up my storage or cause a ton of mobile traffic.

Turns out, I’m not alone.

When looking at one million of our anonymous AVG AntiVirus and AVG Cleaner users, we discovered the most resource-hungry apps in the first quarter of 2015. Plus, we found the most-used apps in each category! Curious as to what’s new this quarter?

 

Key findings:

Dating & chatting apps surge into the Top 10

Android owners worldwide were trying to meet Mr or Mrs Right in the first three months of 2015. POF Free Dating entered the Top 10 and there was a new entrant at number six from the chat category, OoVoo Video & Text, which also had a noticeable impact on battery life.

 

Facebook Messenger is now the top communication app:

Facebook Messenger has previously been ranked as the third most popular communication app behind WhatsApp and Google Mail but has since overtaken them and now sits top of the pile.

Facebook Messenger

 

Samsung Knox, Samsung Push, and Beaming Service are the top battery drainers

Samsung’s KNOX security service drains the battery of your Galaxy smartphone invisibly in the background.

Knox

In addition, the built-in Samsung Push Service now also runs in the background and made it to 7th position. This service is required for ChatON, a WhatsApp rival that packaged with almost all of the company’s handsets. The good news for your batter is that Samsung turned it off on February 1st.

The top spot among battery draining apps is a background service called Beaming Service by Mobeam Inc., which also comes bundled with many Samsung phones.

Tip: See our all-new AVG Android Optimization Guide to identify and turn off such resource-hungry apps.

 

Cleaning and security apps that drain your phone

People looking to protect and clean their phone should know some of the top used apps, including Lookout Security & Antivirus and Clean Master, show up in the top spots on our lists of top battery drainers and traffic consuming apps. What’s interesting is that 88% of all measured apps in the traffic consumption category consume less traffic than Clean master, which clocked in at several hundred megabytes of data per user.

Clean Master

 

New gaming style on the rise: casino games start a new trend

In the first three months of 2015, we identified a massive spike in the use of card and casino games as well as big blockbuster arcade games.

While the casino category didn’t even exist previously due to its low usage, in the January to March period of 2015, it featured as up to 7% of usage, and arcade games also grew to 12% usage from 1.6% in the previous quarter. Solitaire and Zynga’s Livepoker stood out as particularly popular.

Conversely, we spent far less time playing casual, strategy, puzzle or family games. See graph below:

Usage Chart

Find a full list and all the data in our app report here.

 

So what are you supposed to do if you’ve got one or even many of our resource drainers installed? Our AVG Android Performance Guide will help you out with great tips to improve battery life and clean up space in no time!

For highlights from the report, check out the infographic below.

Android App Report Q1 2015

AVG

Android’s factory reset may leave data behind

Leave a comment

We’ve given tips in the past about what you could do with an older smartphone, and a few of those involved donating it to charity or selling it. A vital step before doing either of these is to perform a factory reset to clear out your data. New research has emerged that says that a factory reset may not be enough to keep your data safe from some more advanced data retrieval techniques.

Researchers at Cambridge University have just released a study outlining several flaws in the way most Android handsets handle factory resets. The issue arises from the way devices store information on flash memory. Reading data has a negligible impact on flash drives, but writing new data to them can cause considerable wear.

To prolong the drive’s health, instead of deleting content directly (“writing off” the data), flash drives will instead designate memory blocks where the data resided as “logically deleted”–meaning they are available to be overwritten.

So when you perform a factory reset, those “logically deleted” content blocks aren’t being overwritten, as they are already considered “empty” by the system. Given enough time and the right tools, the researchers were able to retrieve personal data such as photos and chat logs. They were also able to retrieve the master tokens for automatically signing in to Gmail and other Google apps as well as Facebook apps an alarming 80% of the time.

 

How to protect your data

If you are looking to sell or donate your phone, there are a few things you can do  to help keep your data private. We suggest you do all of these steps:

 

Encrypt your phone before factory resetting your data.

Devices running Android 3+ or above all allow you to encrypt your phone. The option can generally be found in the settings under the Security tab. Encrypting your phone before the reset ensures that any data that survives the factory reset has to be decrypted.

The Cambridge researchers were able to retrieve some encrypted data and run brute strength attacks until they found the right passwords. So make sure you create a long password of over 15 characters, using upper and lower cases, numbers and symbols: a longer, more complex password would take years to crack. Ideally, use a password generator: you don’t have to remember this password, since you’re “erasing this data”. Now complete the factory reset.

 

Remove your device from your Google account

From a browser on a new device, go to myaccount.google.com. Under Sign-in & Security you’ll find the Device activity & notifications section, which allows you to review all the devices currently connected to your account.

Device Activity

Select your old device, and Remove it. This will prevent any automatic sign-ins from your old device.

Remove device

 

Change your account passwords

Changing passwords regularly is simply good digital hygiene, so it makes a lot of sense to change your passwords when changing devices. Even if a hacker were to somehow retrieve your passwords to your Facebook or Google accounts after the factory reset, they would no longer work.

 

Though the risks of your data being exploited this way are relatively low, it pays to take extra precautions. With these three steps, you should be reasonably secure from even a determined criminal.

As always, stay safe out there!

 

Avast

The Internet of Things (to be hacked)?

Leave a comment
The Jetsons (via philosophymatters.org)

Soon, we’ll be living like The Jetsons (image via philosophymatters.org)

By the end of the decade, everyone on Earth will be connected.
–Eric Schmidt, Google chairman

As a rule of thumb, it’s good to keep in mind that anything and everything that can be connected to the Internet can be hacked. Poorly designed or implemented systems could expose serious vulnerabilities that attackers can exploit. Now, most of us are fairly familiar with certain gadgets that can be connected to the Internet, such as mobiles devices and/or laptops, smart watches, and cars, but what about the things that are still emerging within the Internet-connected world? Some of these new items include routers, sensors, and everyday gadgets such as alarm clocks, wearables, microwaves, and grills.

When dealing with the devices that we’ve come to know and love, such as our Android phones or iPads, we already encounter a multitude of shortcomings within privacy policies, unintentional data leakages, and the transmission of tracking and personal data in clear text. Taking this a step further, it’s both intriguing and frightening to think about the challenges we will face as the Internet of Things (IoT) becomes more and more of a reality. In a recent article published by the Guardian, author Marc Goodman paints an evocative picture of a world powered by the IoT:

Because your alarm clock is connected to the internet, it will be able to access and read your calendar. It will know where and when your first appointment of the day is and be able to cross-reference that information against the latest traffic conditions. Light traffic, you get to sleep an extra 10 minutes; heavy traffic, and you might find yourself waking up earlier than you had hoped.

When your alarm does go off, it will gently raise the lights in the house, perhaps turn up the heat or run your bath. The electronic pet door will open to let Fido into the backyard for his morning visit, and the coffeemaker will begin brewing your coffee. You won’t have to ask your kids if they’ve brushed their teeth; the chip in their toothbrush will send a message to your smartphone letting you know the task is done. As you walk out the door, you won’t have to worry about finding your keys; the beacon sensor on the key chain makes them locatable to within two inches. It will be as if the Jetsons era has finally arrived.

So how can we use these space-age technologies to our advantage? Although most software is still in the process of being optimized for wearables and other emerging smart gadgets, there are three main things to be on the lookout for as we move into the IoT’s heyday:

  • Issues on devices that could result in device loss, poorly programmed apps, or attacks driven by social engineering
  • Transmission issues caused by low-level encryption on Wi-Fi or Bluetooth that could result in traffic sniffing, man-in-the-middle and redirection attacks
  • Storage issues in the cloud that could directly result in data breaches

The sure-fire way to defend yourself against these vulnerabilities is to use a VPN when connecting to open, unsecured Wi-Fi networks. Avast SecureLine VPN is available for Windows, Android and iOS.

AVG

The truth about Android updates

Leave a comment

If you are using an Android-powered smartphone, you may have found yourself wondering about updating your operating system. With names such as Lollipop, Kit Kat and Jelly Bean, it’s not always clear which is the latest version and what are the benefits of updating your device.

 

Why is it importIant to update?

Beyond their cute sounding names, each Android update brings new features, improvements and most importantly, security fixes.

It’s this last bit that matters most, as even basic activities like emails hold an enormous amount of valuable information about you. The latest versions of Android fix vulnerabilities that can help keep your data safe.

As of writing, the latest version of Android is 5.1, codenamed “Lollipop”. You can check which version your phone has by going into your settings, and into “About Phone”. (Tap on the Android Version section a few times for a surprise.) If you want to check if there’s an update available for you, you’ll find a Software update tab in this menu.

Most likely, there won’t be.

Why aren’t you receiving the update?

According to Google’s own stats, you’re most likely running  an old version of Android. In fact, most of us are running Jelly Bean (Android 4.1, 4.2, 4.3) or Kit Kat (Android 4.4).

Android versions

This is because Google doesn’t push updates directly to you. Instead, they are generally sent to phone manufacturers like Samsung, Sony and HTC. Manufacturers then make their own changes to the software, adding features to improve compatibility with their devices or differentiate themselves from their competition. If you got your phone through a carrier like Verizon, Vodafone or Orange, they will also certainly make additional changes to the update. This process can sometimes take over a year, so don’t hold your breath.

Often the whole process is so complicated and time consuming, that many manufacturers may not even issue an Android update more than once per phone. This encourages customers to purchase new handsets to get the latest updates.

 

What can you do to stay safe without an update?

While it’s possible to install up-to-date versions of Android yourself, the methods can be quite technical, risky and will certainly void your warranty. For most people this is not an option, and so updates are unobtainable, short of buying a new phone.

However, this should not stop you taking steps to protect your device.

That’s where having a strong antivirus app like AVG AntiVirus for Android becomes a must have. It will help keep you safe by keeping an eye on what happens in your phone, even if your phone is not updated. So stay protected!

AVG

Introducing the new “App Manager” for AVG Cleaner for Android

Leave a comment

Our AVG Android App Performance report paints a clear picture: apps cause some of the most common headaches that Android users experience.

Having lots of apps installed on your device can cause a number of issues including:

  • Slow performance and lack of stability
  • High battery drain leading to short battery life.
  • Hogging storage space leaving no room to save photos and videos
  • Racking up high data costs as apps quietly download and upload data all the time.

There’s good news though: AVG Cleaner for Android, with its enhanced ‘App Manager’, makes it easier than ever to manage the apps on your device.

App Manager is only available in version 2.3.1, which you can get today from the Google Play store.

AVG Cleaner PRO

 

The new ‘App Manager’ feature gives you an immediate overview over their apps and helps you get rid of them once and for all.

App Manager has three display modes to help you identify which apps could be causing problems.

 

Running Apps:

Smartphones can often become slow and sluggish when multiple apps are running in the background. App Manager shows all running apps on a single screen and details how much RAM they consume.

 

Unused Apps:

It can be easy to forget just how many apps we install on our devices and forget about. The unused apps view shows you how many of your apps you’ve not used in a long time so you can reclaim valuable space for the things you love.

Unused apps

 

Data Usage, Battery Usage and Storage:

This view helps you understand which apps are affecting the performance of your device. By consuming data, battery or storage space, removing these apps can help you squeeze more out of your device.

Storage

Data Usage

In this example, it shows that doubleTwist probably downloaded 1.25 GB worth of podcasts onto my device and also consumed the most battery. As I stopped using it a while ago, that was a nice reminder to uninstall the app – and not have it eat up the resources of my Android.

Let us know how you like the new ‘App Manager’ and how many apps you were able to get rid of.

Avast

5 questions with: Tomáš Heřmanský (Product Manager)

Leave a comment

Tomáš Heřmanský

Tomáš joined Avast in March 2014 as a Product Manager for Avast Mobile Security. Born in Čáslav, a small town in central Bohemia, he moved to Prague during high school with plans to study at the Police Academy of the Czech Republic. After a while, Tom decided he wanted to study and work in IT instead. After gaining experience while working at a successful Czech startup, taking on jobs as a freelancer and starting his own company focused on cloud document management, Tom joined Avast’s mobile team. In his free time, Tom enjoys climbing, cycling, writing and restoring his classic Škoda 1000 MB car.

 

1. What is Avast’s mobile team out to accomplish?

We’d like to become the most trusted mobile tools developer, allowing users to live their lives with their mobile devices safely and more easily.

2. Who or what helps you in coming up with new, creative ideas?

My colleagues are a huge inspiration to me. That’s one thing that I really enjoy about working at Avast – anyone and everyone can come up with new ideas to brainstorm. We are one big think tank. :)

3. What’s one thing that every user should know about his/her mobile device?

Users should be aware of the risks that mobile malware poses to their personal information and data. Although malware on mobile devices is less likely to break a user’s device than that of a PC, malicious apps can harvest and steal a lot of personal data. Even apps that aren’t malicious (often free apps) can access a lot of personal information. The more personal info that is shared, the more likely it is that a user’s privacy could become compromised.

4. What’s your favorite security tip?

Make sure to be careful when connecting to public Wi-Fi networks. Packet sniffing, or the monitoring of data traveling over a network, can be used to steal information and is very easy for hackers to carry out. It’s in your best interest to use a virtual private network (VPN) when connecting to unsecured networks.

5. Name one goal you’ve set for yourself at Avast.

I’d like to see Avast Mobile Security (AMS) become the most popular app that provides users with a straightforward, user-friendly overview of app permissions. AMS is an extremely versatile app with lots of potential, and I envision it serving as a true “guarding angel” for users, protecting them against mobile malware and allowing them to become familiar with the apps they use on a daily basis.

 

Avast’s mobile team recently held the second Avast Mobile Internal Conference (AMIC) in Prague, where the entire team came together to keep one another in the loop about the company’s apps and products, team activities, and goals for the department’s future. A series of lectures and interactive activities encouraged synergy and collaboration between product teams. In addition to everything that was accomplished at AMIC, the mobile team still managed to have quite a bit of fun at the conference. We’d like to congratulate the mobile department on this successful and productive event!

Photo from AMIC #2
Photo from AMIC #2
Photo from AMIC #2
Photo from AMIC #2