Security News

Google addressed two critical vulnerabilities in the Android System component as part of the newly released September 2020 set of security patches. More than 50 flaws are described in the Android Security Bulletin for September 2020: twenty-two as part of the 2020-09-01 security patch level and twenty-nine with the 2020-09-05 security patch level.

Columbia University researchers have released Crylogger, an open source dynamic analysis tool that shows which Android apps feature cryptographic vulnerabilities. To confirm that the cryptographic vulnerabilities flagged by Crylogger can actually be exploited, the researchers manually reverse-engineered 28 of the tested apps and found that 14 of them are vulnerable to attacks.

If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps. If you have not enabled two-step authentication, your Google account is at a much higher risk of being hacked; if you have enabled the service, you're familiar with Google Authenticator.

If you're a Google Android user, you may have been pestered over the past week by popup notifications that you didn't expect and certainly didn't want. Abss noticed that many mainstream Android apps use a notification interface provided by Google known as FCM, short for Firebase Cloud Messaging, formerly Google Cloud Messaging, formerly Android Cloud to Device Messaging.

If you frequently hand your phone over to others, Guest Mode is a feature you should be using on Android. Jack Wallen shows you how to access the feature from your lock screen.

Oslo-based Vivaldi has released an update to its Android browser replete with additional weaponry for the ongoing Tracker and Ad Blocker arms race. Version 3.2 for Android devices ups the ante by allowing users to select additional blocking lists as well as including custom lists in a manner that will be very familiar to those running the company's desktop browser.

TikTok has been collecting unique identifiers from millions of Android devices without their users' knowledge using a tactic previously prohibited by Google because it violated people's privacy, new research has found. The app bundled the MAC address with other device data and sent it to ByteDance upon the app's first installation and opening on a new device, according to the report.

New research disclosed a string of severe security vulnerabilities in the 'Find My Mobile'-an Android app that comes pre-installed on most Samsung smartphones-that could have allowed remote attackers to track victims' real-time location, monitor phone calls, and messages, and even delete data stored on the phone. Portugal-based cybersecurity services provider Char49 revealed its findings on Samsung's Find My Mobile Android app at the DEF CON conference last week and shared details with the Hacker News.

Six serious bugs in Qualcomm's Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday. The researchers further focused on the communications between Android handset CPU and the Qualcomm DSP within the Hexagon framework.

The putative class-action suit, filed on Wednesday in the Northern district of California [PDF] also alleged that Google was gathering info from TikTok specifically in order to "Unfairly compete against TikTok [with a] competing video platform app called 'Shorts'." The suit further alleged that Lockbox worked "Through Google Mobile Services and allows Google employees to spy on how Android Smartphone users interact with non-Google apps. For example, Google is able to collect data on when and how often an Android smartphone user opens and runs non-Google apps and the amount of time spent in non-Google apps."