Security News

The really bad news is the CPU row, which has only three green squares, and tells you that the Sandcastle builds will only work on iPhone 7 devices for now. If you happen to have a surplus-to-requirements iPhone 7 lying around, and you decide to give this Android thing a spin please let us know in the comments how you got along.

File this one under "Well, duh." Consumer mag Which? today published research estimating that over a billion Android devices are vulnerable to hackers and malware as they are not receiving security updates. The most current version of Android is version 10, while Android 9.0 Pie and Android 8.0 Oreo continue to receive updates.

Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities. The documented flaw, CVE-2020-0032, lies within the open-source Android media framework that can be exploited by opening a booby-trapped file that Google is disturbingly vague about.

Not happy with your expensive iPhone and wondered if it's possible to run any other operating system on your iPhone, maybe, how to install Android on an iPhone or Linux for iPhones? "The iPhone restricts users to operate inside a sandbox. But when you buy an iPhone, you own the iPhone hardware."

Google published patches for over 70 software vulnerabilities in its Android security bulletin this month, finally fixing a security exploit for MediaTek chipsets said to have been in the wild for months, affecting millions of devices. Google classifies CVE-2020-0069 as an elevation of privilege bug in MediaTek's command queue driver, and only gives it a high severity ranking in its bulletin.

Google has addressed a high-severity flaw in MediaTek's Command Queue driver that developers said affects millions of devices - and which has an exploit already circulating in the wild. The MediaTek bug meanwhile is an elevation-of-privilege flaw discovered by members of XDA-Developers - they said the bug is more specifically a root-access issue.

Google's March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework. The critical bug was patched as part of the 2020-03-01 security patch level, which addresses a total of 11 vulnerabilities in framework, media framework, and system.

Among app developers presented with a warning message from Google asking them to curb the number of permission requests in their apps, 60 percent of those removed permissions. Google uses an automated process to determine what type of app is being uploaded and gauges how many permissions are being requested relative to similar apps uploaded to Google Play.

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. The open-sourced Jetpack Security library lets Android app developers easily read and write encrypted files by following best security practices, including storing cryptographic keys and protecting files that may contain sensitive data, API keys, OAuth tokens.

With Android 11 in the works, Google finds itself having to refine location access once again by announcing a lock on how apps access location even when they have general access permission. The problem is apps that continue to track device location even when they are not being used, otherwise known as background access - something users only acquired some granular control over in Android 10 last year.