Archive for Android devices

Google Android offers everyone the Lollipop, its new OS

new Android OS Lollipop

Google has just released the next in line version of its famous Android Operating System (OS). It’s called Lollipop (don’t ask us why all versions are named after something sweet & edible!)

Lolllipop, the new Android OS, was previewed at the Google I/O earlier this year. Announcing the next version of the OS on its official blog, Google called Lollipop “our largest, most ambitious release on Android with over 5,000 new APIs for developers.” Lollipop is designed to be flexible, to work on all devices, & to be customized.

Google said Lollipop was also made for a world where moving throughout the day meant interacting with a bunch of different screens—from phones, Tablets to TVs. As a user switches from one screen to another, the experience will be the same. That’s why Google has made the new Android OS Lollipop’s design consistent across devices—an approach it has dubbed, “Material Design”.

Lollipop will also give users “more control” over their devices. Writes Google: You can now adjust your settings so that only certain people and notifications can get through, for example, when you’re out to dinner or in the middle of an important meeting. And when an important notification does come through, you can see it directly from the lockscreen.

It also comes with a new battery saver feature that extends the life of the device by up to 90 minutes. Google has also enabled multiple user accounts & guest user mode for keeping personal stuff private. Users can now secure their devices with a PIN, password, pattern, or even by pairing a phone to a trusted device like a watch or car with Smart Lock.

Along with the launch of the new Android OS Lollypop, Google also released the 1st device running Android TV: Nexus Player, a collaboration with Asus, is a streaming media player for movies, music & videos. It’s also a first-of-its-kind Android gaming device, claimed Google.

With the Nexus Player, you can play Android games on your HDTV with a gamepad, then keep playing on your phone while you’re on the road. Nexus Player is Google Cast Ready so you can cast your favorite entertainment from almost any Chromebook or Android or iOS phone or Tablet to your TV.

Nexus 9 & Nexus Player will be available for pre-order on October 17, 2014. Nexus 9 will be in stores starting November 3. Nexus 6 will be available for pre-order in late October and in stores in November—with options for an unlocked version through Play store, or a monthly contract or installment plan through carriers.

Android 5.0 Lollipop, which comes on Nexus 6, Nexus 9 and Nexus Player, will also be available on Nexus 4, 5, 7, 10 & Google Play edition devices in the coming weeks.


Image Credit: Google blog


Advertising Message

Android users since 2010 may have had their data exposed because of vulnerability

Android malwareThis bit of news is terrifying & we suggest all Android users sit up & take note. Researchers from the US-located Bluebox Labs have discovered an Android vulnerability that lets malware take over your apps, steal data….basically even take control of your phone.

Announcing this on the firm’s blog, Bluebox’s Jeff Forristal has dubbed it ‘Fake ID’. The vulnerability allows malicious applications to impersonate specially recognized trusted applications without any user notification. This can result in a wide spectrum of consequences. Citing an example, he said the vulnerability can be used by malware to escape the normal application sandbox & take 1 or more malicious actions: insert a Trojan horse into an application by impersonating Adobe Systems; gain access to NFC financial and payment data by impersonating Google Wallet; or take full management control of the entire device by impersonating 3LM.

By now, readers are getting the significance of what Forristal is saying.

Worse, Fake ID affects almost all Android phones. Bluebox said the vulnerability dated back to the January 2010 release of Android 2.1 & affected all devices that were not patched for “Google bug 13678484,” which was disclosed to Google & was released for patching in April.

Android applications use the same certificate signature concepts as SSL, including full support for certificates that are issued by other issuing parties (commonly referred to as a “certificate chain”). Application signatures play an important role in the Android security model. An application’s signature establishes who can update the application, what applications can share it’s data, etc. Certain permissions, used to gate access to functionality, are only usable by applications that have the same signature as the permission creator. More interestingly, very specific signatures are given special privileges in certain cases.

Explains Forristal: However, Bluebox Labs discovered a vulnerability that has been relatively present in all Android versions since Android 2.1, which undermines the validity of the signature system and breaks the PKI fundamental operation. The Android package installer makes no attempt to verify the authenticity of a certificate chain; in other words, an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim (normally done by verifying the issuer signature of the child certificate against the public certificate of the issuer). For example, an attacker can create a new digital identity certificate, forge a claim that the identity certificate was issued by Adobe Systems, and sign an application with a certificate chain that contains a malicious identity certificate and the Adobe Systems certificate. Upon installation, the Android package installer will not verify the claim of the malicious identity certificate, and create a package signature that contains the both certificates.

There’s more of the security mumbo jumbo in the blogpost, but by now, our readers must have got the basic picture – if you have been using an Android based device, you may have been compromised.

Install the Bluebox Security Scanner to see if you’ve been exposed to this vulnerability.

Image Credit: Bluebox

Advertising Message