Security News

Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities. The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly vague about.

Not happy with your expensive iPhone and wondered if it's possible to run any other operating system on your iPhone, maybe, how to install Android on an iPhone or Linux for iPhones? "The iPhone restricts users to operate inside a sandbox. But when you buy an iPhone, you own the iPhone hardware."

Google published patches for over 70 software vulnerabilities in its Android security bulletin this month, finally fixing a security exploit for MediaTek chipsets said to have been in the wild for months, affecting millions of devices. Google classifies CVE-2020-0069 as an elevation of privilege bug in MediaTek's command queue driver, and only gives it a high severity ranking in its bulletin.

Google has addressed a high-severity flaw in MediaTek's Command Queue driver that developers said affects millions of devices - and which has an exploit already circulating in the wild. The MediaTek bug meanwhile is an elevation-of-privilege flaw discovered by members of XDA-Developers - they said the bug is more specifically a root-access issue.

Google's March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework. The critical bug was patched as part of the 2020-03-01 security patch level, which addresses a total of 11 vulnerabilities in framework, media framework, and system.

Among app developers presented with a warning message from Google asking them to curb the number of permission requests in their apps, 60 percent of those removed permissions. Google uses an automated process to determine what type of app is being uploaded and gauges how many permissions are being requested relative to similar apps uploaded to Google Play.

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. The open-sourced Jetpack Security library lets Android app developers easily read and write encrypted files by following best security practices, including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens.

With Android 11 in the works, Google finds itself having to refine location access once again by announcing a lock on how apps access location even when they have general access permission. The problem is apps that continue to track device location even when they are not being used, otherwise known as background access - something users only acquired some granular control over in Android 10 last year.

You know those ads that obscure your whole screen when you're trying to make a phone call, unlock your device or use your phone's GPS? Technically, they're called disruptive or out-of-app ads, and they maddeningly pop up outside of the app that hosts them, sometimes causing users to mistakenly click them, thereby frustrating users and wasting advertisers' money. On Thursday, Google kicked nearly 600 of the offending apps off its Play store and banned them from its ad monetization platforms, Google AdMob and Google Ad Manager, for violating its disruptive ads policy and disallowed interstitial policy.

Google has removed roughly 600 applications from Google Play for violating its ad-related policies, the Internet search giant announced this week. The company banned them from Google AdMob and Google Ad Manager, its ad monetization platforms.