Android is Linux kernel-based OS designed mainly for smartphones. On application level the main programming
language is Java. So outside the kernel it is quite different OS and has little to do with Linux, so in a
way it is almost non-linux. While kernel is licensed under GPL 2, the license for Google code is different.
Google releases the code under the Apache License. While OS is touted as an "open system", it increasingly
serves the role of a portal for Google ads and services and the instrument of spying on users. The main hallmark of Android is
very insistent, amateur user interface. This is a real black mark of Google developers. Which is not surprising due to
preoccupation with "performance reviews" of
neoliberal owners of Google (Larry Page and Sergey Brin). That actually outline them in a negative light. Of course, they
probably were puppets of higher lever handlers, but still... Although many suspect that it was Eric Schmitt, who was
instrumental in this malaises ( neoliberal hack of Java fame; who was also on Apple board and got their the ideas about smartphone)
who managed the company
In recent three years Android became the major player in smartphone market and completely dominates
low end of the market. It also exert substantial pressure on iPhone (Nexus, Samsung Galaxy, etc
recently became very competitive). In the third quarter of 2012 Android reached 75% market share for
smartphones with 500 million devices activated in total and 1.3 million activations per day. In
a way, Android repeated the success of DOS on a new level/
It also became a dominant player in the lower segment
of tablet market (completely dominates 7" tablets segment, and is strong player on 8" and 9" segment).
At the same time it has noticeable and growing presence in 10" segment dominated by iPad. As Reuters
reported in October 2013 (Sharper display Apple
iPad Mini faces delay sources):
The iPad's total market share almost halved to 32.5 percent in the second quarter from a year
ago, while Android devices, including Samsung's Galaxy series, gained nearly a quarter to 62.6 percent,
a survey by tech research company IDC showed.
Amazon's new 7-inch Kindle Fire is priced from $229 for 16GB wifi-only models, while Google's
second-generation Nexus 7 offers a similar screen size and storage capacity at the same price. By
comparison, the cheapest model in Apple's current 7.9-inch iPad Mini lineup with 16GB storage size
starts at $329.
Like DOS, it was initially developed by a separate corporation -- Android, Inc., with Google financial
backing. Google purchased Android, Inc in 2005. It was the first adventure of Google in the area of
OS and huge talent pool that Google assembled helped to achieve ensure a huge success in smartphone
market. Since 2008, Android has seen numerous updates. The latest release is Android 4.2 Jelly Bean.
As of September 2013 most new smartphones still are using version 4.1. Version 4.3 with important security
enhancements (SELinux in kernel) is out, but mass adoption is expected in 2014.
Android has a large community of developers writing applications ("apps") written primarily in a
customized version of Java. Linux roots helped here and many application are Linux applications
ported to the new platform. For developers it now increasingly resembles Marc Andressen's famous description
of Microsoft Windows -- "a poorly debugged device driver layer".
Android first achieved success as a low-cost OS for smartphones, outselling Apple who pushed its
idea of "small luxuries" with iPhone way too far. But outsize 7" tablets, so far it has more limited
success on tablets, especially after Microsoft launched Windows 8 Intel based tablets, because
the OS is underpowered in comparison with Windows 8. For those who never used Android smartphone Windows
8 tablets have more convenient interface and much richer functionality.
Still the synergy with smartphones greatly helps penetration of tablet market, especially for 7"
tablets and Android share of the market had grown considerably in 2012 and 2013. But the upper segment
of tablets market now belongs to Windows 8 in Intel and Intel based tablets (not Windows 8 RT).
Still until recently pricewise Android tablets successfully competed with Windows 8 on lower part of
10" tablet market segment due to lower cost ($399 for an excellent quality 10" Android tablet from Samsung).
In comparison Microsoft Surface Pro used
to costs around $1K, while less powerful Samsung
ATIV Smart PC 500T (which like
Galaxy Note 10.1 has built-in stylus) is around $700. Now with
Dell Venue 8 Pro ($299) that advantage
is less pronounced. Even Google $230 Nexus 7 does not look too attractive in comparison with
Dell Venue 8 Pro and $70 difference
does not save it from comparison of Windows 8 features and Android features. Only $150 and lower
priced 7" tablets now make some sense (here again Dell offers Android-based Venue 7 for $149). In "enterprise"
segment Windows 8 tablets dominate: door to the enterprise was shut by release on Windows 8 tablets
on Intel CPUs.
That means that only 7" tablets and 10" tablets with Wacom digitizers can defend their position against
Windows 8 tablets in high price segment. And as a media consumption device they have difficulties in
competing with iPads as they are more or less direct imitation of iPad with just a different OS kernel
and Java as an application language (Steve Jobs was very unhappy about this aspect of Android, considering
it to be a clone of iPad, and threatened to destroy Google with lawsuits; his death probably spared
Google from a very targeted legal attack). In this sense Windows 8 on Intel CPU tablets are head and
shoulder ahead, as they can run regular desktop OS -- Windows 8.1 with all huge application ecosystem,
that can't be replicated on android anytime soon.
Google's response to these two trends has been to reassert its control by coupling vital phone functions
to its own web services and to its online software marketplace called Google Play. It's really no different
from lending you a shopping terminal, but you can only use it to buy stuff from the Amazon. Google has
also is concerned with "Landfill Android", the cheap, unreliable "noname" phones from China which destroy
Android credibility by underpowered hardware.
Android Interface
Win comparison with Windows applications, Android applications are more balkanized with each offering
its own unique interface style. There are general guidelines, but they are seldom obeyed. Google proved to be a bad architect and in
the area of user interface his record is dismal.
You can get
used to it (again experience with smartphones greatly helps), but interface does not
inspire any good feelings and for more or less complex tasks you find yourself struggling. Still it
is OK as a media consumption device. But in this role it does not have "killer application" that distinguish
it from already entrenched iPad although recently S-pen from Samsung came close. It allows to write emails
on the screen and send them which greatly improves "ergonomics" of this process in keyboard-less environment
(typing on on-screen keyboard is not very convenient on 7" tablets, and is barely acceptable on 10"
tablets). See Galaxy Note 10.1
for more details.
Generally tablets are closer to laptops then to smartphones. It is prudent to consider them to be
just a different laptop form factor. That means that standard expectation are those of Windows laptops
functionality. Android can't deliver functionality yet. Like iPad it is generally limited to media consumption
type of tasks. And it can perform them really well: it's much easier to get your weather forecast in
the morning from the tablet, then from the laptop, because it is "instant on" device. But not more then
that.
That's why "Windows 8 on Intel" tablets essentially wiped out possibility of Android to compete in
the corporate market. Also so far Google proved to be a weak match to Microsoft as for ability to create
a consistent interface and enforce it with iron hand on application developers.
The same is true
for patching: Google looks amazingly incompetent in this respect. And as for security Google repeated
on a new level and for a new platform all mistakes Microsoft made trying first to catch the market share
at all costs and them resolve the security issues. Now with Android success on smartphone Google have
found itself under "Windows curse" spell. Recent attempt to incorporate SELinux functionality into the
Android kernel suggest that Google started to realize consequences of Android insecurity. Android 8 used in Samsung Galaxy 8 allows
creation of a workplace, but does it in a very clumsy manner.
I think Android market share on tablets on high end is further vulnerable to Windows 8 based tablets
onslaught as Intel releases better, more economical CPUs like Ivy Bridge. You simply can not compare
functionality of Android with the functionality of a full blown desktop OS like Windows 8 or Linux (and
that means that Ubuntu has some theoretical chances at lease on Intel-based segment of tablet
market).
Lack of Microsoft Office on Android devices and excessive push to the cloud and privacy intrusions
on the part of Google also does not help. Still in more specialized, applications-style tablets like
$200 Amazon Kindle and Nook by Barnes and Nobles Android looks more or less acceptable. Kindle and Nook
actually have their own ecosystems and the community of users.
Android's user interface is based on imitation of the Apple interface used in iPhone and iPad using
touch inputs that loosely correspond to real-world actions, like swiping, tapping, pinching and reverse
pinching to manipulate on-screen objects.
Up to the version 3.0 Android devices had have four hardware buttons: Home, Back, Menu, and Search.
Android version 3.0 and above replaced them with onscreen three touch buttons which can perform two
type of actions (direct and alternative):
Direct actions
The Home button takes the user to the phone/tablet home screen. It’s not generally available
to applications, unless the app is a home-screen replacement.
The Back button is meant to navigate back in the Android
activity stack. This allows the user to easily jump into an app and them return
to the previous screen. Apps which are good Android citizen, always allow the user to return to
a previous application if they have jumped straight into your app (for example, by pressing a
notification or handling an intent created by another application). They don’t force the user
to back out of many screens to return to their previous task. But not all applications are good
citizens.
The Menu button displays a context-dependent list of options. Use the options menu for
displaying infrequently used options for your application. On Android tablets and phones running
version 3.0 or greater, this button is not available, and options
are instead presented on the action bar.
Alternative actions.
It is also possible to perform an alternative action on some buttons. These
actions are activated by long-pressing on the buttons. This way you for example can select
text. it's much less convenient than with the mouse but doable. You first put your finder on the
part of the text you want to select and keep it until two sliders appear. then you manipulate
those two sliders to select what you need. After that you need to press the button at the top
to copy the selection.
In Android 8 that changed. While home button still has alternative action Back button doe not. And menu button was
redefined to create the set of screen for open applications (line Alt-Tab in Windows).
The response to user input is designed to be immediate, but Java is slow. Still on modern CPUs it
can provide as acceptably fluid touch interface,
Newer versions of Android , such as version 4.x can use the vibration capabilities of the device
to provide feedback to the user about pressing the button (usually this is a separate setting that
might need to activated). Internal hardware such as accelerometers, gyroscopes and proximity sensors
are used by some applications to respond to additional user actions.
But in most Android tablets this is not done properly. For example, most tablets allow to adjust
the screen from portrait to landscape depending on how the device is oriented. But most are either too
sensitive, or not sensitive enough. In the first case you face the problem when device rotate the screen
when do not what it way too often which is pretty annoying. In the second case you need special effort
to rotate the screen when you need the rotation.
Android devices boot to the homescreen, the primary navigation and information point on the device,
which is similar to the desktop found on PCs. There are several Desktop screen as in Linux with one displayed after the book (Android homescreen).
Homescreen is typically made up of app icons
and widgets selected by manufacturer and unless you adapt it to your needs, you will hate it the next day after you bought the tablet.
Most widgets selected by manufacturer can be removed including frost of all Google widget, which is invoked if you use "alternative
action on home button".
App icons launch the associated app, whereas widgets display live, auto-updating content such as
the weather forecast, the user's email inbox, or a news ticker directly on the homescreen.
Typically a homescreen may be made up of several teenagers oriented widgets and the user need to
swipe back and forth between to find a few useful applications. Third party apps available on Google
Play and other app stores can extensively re-theme the homescreen, and even mimic the look of other
operating systems, such as Windows Phone. Most manufacturers, and some wireless carriers, customize
the look and feel of their Android devices to differentiate themselves from the competition.
Present along the top of the screen is a status bar, showing information about the device and its
connectivity. This status bar can be "pulled" down to reveal a notification screen where apps display
important information or updates, such as a newly received email or SMS text, in a way that doesn't
immediately interrupt or inconvenience the user.
In early versions of Android these notifications could be tapped to open the relevant app, but recent
updates have provided enhanced functionality, such as the ability to call a number back directly
from the missed call notification without having to open the dialer app first.[40]
Notifications are persistent until read or dismissed by the user.
Generally Google tries imitate close-style Apple iPad ecosystem on Android. But there are quit
welcome loopholes that makes Android more attractive to power Windows and Linux users who got accustomed
to be the administrators of their own PCs. There is no out-of-box opportunity to create an Ghost-style
disk image of Android tablet and restore it back on the device. Typically all device provide is compete
wipe out and restoration of the initial vendor configuration.
Google Play -- an official application store for Android -- has a large and growing selection of
third party applications. Many applications also can be acquired via Amazon Appstore, or by downloading
and installing the application's APK file from a third-party site.
All Google Play Store applications comply with Google's compatibility requirements, but they
are very low and interface is balkanized.
Google Play automatically filters the list of available applications to those that are compatible
with the user's device, and developers may restrict their applications to particular carriers or countries
for business reasons. Purchases of unwanted applications can be refunded within 15 minutes of the time
of download.
As of September 2012, there were more than 675,000 apps available for Android, and the estimated
number of applications downloaded from the Play Store was 25 billion. But generally only top several
thousand applications really matter, so the absolute number of application is a very deceptive metric
to compare two tablet OSes.
Applications are developed in the Java language using the Android software development kit (SDK).
The SDK includes a set of basic development tools, such as a debugger, software libraries, a handset
emulator based on QEMU, documentation, sample code, and tutorials. The officially supported IDE is Eclipse
with the Android Development Tools (ADT) plugin.
Other development tools are less common. No good Python support yet. Development in C and
C++ is possible but far from being easy. In a way Android SDK is a Google visual environment oriented
on novice programmers.
Android consists of a kernel based on the Linux kernel 2.6 (Linux Kernel 3.x in Android 4.0
and later), with middleware, libraries and APIs written in C and application software running on
an application framework which includes Java-compatible libraries based on Apache Harmony. Android
uses the Dalvik virtual machine with just-in-time compilation to run Dalvik dex-code (Dalvik Executable),
which is usually translated from Java bytecode. The main hardware platform for Android is the ARM architecture.
There is also an improving support for x86 from the Android x86 project, and Google TV uses a special
x86 version of Android.
Android's linux kernel is a fork taking codebase outside Linux kernel development cycle. So this
divergence is a mixed blessing. Android does not support the full set of standard GNU libraries,
which makes it challenging to port existing Linux applications or libraries to Android.
Linux included the autosleep and wakelocks capabilities in the 3.5 kernel, after many previous attempts
at merger of those features from Android. The interfaces are the same but the upstream Linux implementation.
They allows for two different suspend modes: to memory (the traditional suspend that Android uses),
and to disk (hibernate, as it is known on the desktop).
The flash storage on Android devices is split into several partitions, such as "/system"
for the operating system itself and "/data" for user data and app installations.
Android device owners are not given root access to the operating system and sensitive partitions
such as /system are read-only. Root access can be obtained by exploiting security flaws in
Android. Along with enthusiasts those are used by malicious parties to install viruses and malware.
Popularity of Android on smartphones led to "Windows effect" -- stream of sophisticated malware including
financial malware and bonnets.
Since Android devices are usually battery-powered, Android is designed to keep power consumption
at a minimum. When an Android app is no longer in use, the system will automatically suspend it in memory
- while the app is still technically "open," suspended apps consume no resources (CPU cycles) and sit
idly in the background until needed again. This also increases responsiveness of Android devices, since
previously opened apps don't need to be loaded from SSD if you have enough RAM. And modern Android smartphones
and tablet often have staggering amount of RAM -- one gigabyte became pretty common in 2013. Please
remember that DOS operated in on megabyte of memory, one thousand times less.
When memory is low, the system will begin killing apps and processes that have been inactive for
a while, in reverse order since they were last used (i.e. oldest first). This process is designed to
be invisible to the user. There are also third-party task killers and as you can expect,
some of them doing more harm than good.
Updates are weak spot of Android. Here Microsoft generally wipes the floor with Android developers.
windows 8 update process works like a clock. You can complain about quantity and quality but mechanism
itself is pretty robust and well debugged. Parches are provided for Windows for free by Microsoft itself.
In Android this task is offloaded to the vendors. Google does not have a patching framework and does
not provide patches. Everything need to be done via vendors.
Horrible status of Android updates by many versions such as Samsung has been widely criticized by
consumer groups and the technology media. Some commentators have noted that the industry has a financial
incentive not to update their devices, as the lack of updates for existing devices fuels the purchase
of newer ones, an attitude described as "insulting".
As the Guardian has complained that the complicated method of distribution for updates is so complicated
mainly because manufacturers and carriers have designed it that way. With a typical plan you replace
the phone in two-three years. So why bother.
In 2011, Google partnered with a number of industry players to announce
an "Android Update Alliance", pledging to deliver timely updates for every device for 18 months after
its release. As of 2012, this alliance has never been mentioned since.
In 2013 Dr. Web found a botnet that existed on Android phones.
Many users resent absence of root access to their devices and consider this attempt to replicate
Apple-style ecosystem to extract more money from users. I myself consider this situation unacceptable
as you can't fully backup and restore the device yourself. The only option is going to factory defaults
which for obvious reasons is less impressive solution although you can adapt to it backing up "user
space" and reinstalling applications. The latter can be scripted. But like any situation with the severe
restriction on user behavior it create similar to Apple wave of Google hate.
As users are not allowed access to root, Android users have became hostages of malware developers, who can.
Backup and restore on Android devices are primitive and are severely handicapped in comparison with
Linux, where there are such packages as Relax-and-Recover
So restrictions to root access does not help unsophisticated users, who fall victims of malware anyway,
and really handicap sophisticated users limiting their ability to backup and restore the system and
fight malware by reinstalltion of the clean backup image. That's why rooting Android devices instead of hacker entertainment became a necessity
for sophisticated users.
"Windows effect" means that as soon as OS became dominant in particular segment of the market,
it became favorite target for malware attacks and hacking. At this point it became difficult to "defend
the castle" independently of its technical qualities (not that Windows has a good security architecture).
The rule 2:1 of regular warfare probably is applicable here: if the number of fighters on one side is
at least twice larger then the amount of fighters on the other side, this numerically inferior side
is in trouble.
Like for Microsoft in the past Google primary objective of initial Android development was gaining
market share, security be damned. In other words Google from the beginning sold its soul to the devil
;-).
And if the major contingent of a complex and powerful OS are unsophisticated users, then the task
of providing good security is really formidable and requires new architectural vision, and innovative
solutions. Android as an OS is pretty primitive and uninventive as initially it was designed for devices
with very restricted computational capabilities, somewhat similar of relationship between DOS and Unix.
As for innovative solutions it has none. Moreover because it is generally understood by users worse
then Windows 8 it creates additional security risks. Recently Dr. Web found a botnet that existed on
Android smartphones. The problem with Android is that if your phone or tablet is "owned", you can do
nothing as you do not have access to root.
If the major contingent of a complex and powerful OS are unsophisticated users, then the
task of providing good security is really formidable and requires new architectural vision
Some promising security approaches within the framework of classic Unix kernel design and some outside
it are available, but were never used. For example, it would cost almost nothing to provide all Android
tablets with hardware-based token implementing SecurID style authentication scheme. That was not done,
and enables banking fraud. So in a way if you bank does not support SecurID style authentication, you
better do not access its Web portal from Android devices. Some banks try compensate for this sending
SMC messages, but if the you smartphone or tablet is owned by some type of malware this might be not
enough. But it is definitely better then nothing.
In other words in its current form Android is unsecure for Web banking. As simple as that. Without
such a token, interception of passwords means the compromise of the account.
As Android kernel was based on Linux kernel 2.6 (and now 3.0) some vectors of attacks are related
to this heritage. For example linux kernel like any classic Unix kernel has all-powerful root and underpowered
regular user accounts. That means that process which, for example, needs to access low port (below 1024)
need to became root at leas on temporary basis to perform this part of the task. Ability to access Web
and Web-based email portals such as Hotmail, Gmail, Yahoo mail (HTTP and HTTPS use low ports) creates
the same spectrum of vulnerabilities as in Linux and Windows.
Being open source also does not help in this regard. It actually hurts as instead of disassembly
you can just read regularly available codebase and try to invent some nasty exploit that allows you
to become root. So in Android you from the beginning has capability which in Windows world have three
latter agencies and large corporation which get Windows source code.
Instead of analyzing code trying to find exploit yourself you can buy a zero day exploit on the black
market. Such a market exists for the most popular devices. Possession of not yet patched zero day exploit
(and Android vendors are slow in providing patches and Android as an OS has nothing weaker then Windows
patching framework) means that you are in if the user replicates the conditions necessary for this exploit,
for example access a certain ("inflected") Web site.
Generally the problems with patching of Android are severe due to decentralization of the process.
Google realizes the situation with Android (in)security and in the pipeline is SE Linux framework
in kernel. It is badly needed. There is also no Authenticode style cryptographic signing of executables,
which provide a clean way to make loading unsigned executable in root mode more difficult. Another missed
opportunity is AppArmor style framework, but generally it is just more elegant way to provide SE-linux
style functionality.
The unlocking (rooting) and "hackability" of smartphones and tablets remains a source of great tension
between the community and industry.
Android applications run in a sandbox, an isolated area of the system that does not have access to
the rest of the system's resources, unless access permissions are explicitly granted by the user when
the application is installed. Before installing an application, the Play Store displays all required
permissions: a game may need to enable vibration or save data to an SD card, for example, but should
not need to read SMS messages or access the phonebook. After reviewing these permissions, the user can
choose to accept or refuse them, installing the application only if they accept. the scheme does not
work for unsophisticated users.
Theoretically both the sandboxing and permissions system lessens the impact of vulnerabilities and
bugs in applications, but huge percentage unsophisticated users (Windows-effect), developer confusion
and limited documentation has resulted in applications routinely requesting unnecessary permissions
and users happily granting them, reducing security to a minimum. In a way Google proved to be completely
incompetent to solve this difficult and important problem and decided just to "go with the flow". As
a result Google replicated the situation with malware that exists on Windows on a new platform.
Security industry already sensed the opportunity and the necessity to protect Android users from
design defects inherent in attempt to provide powerful OS for unsophisticated users and from growing
spectrum of Android malware. We can expect that generally there is will be a security tax on Android
users, similar to "Windows insecurity tax."
Several Windows AV products vendors have released antivirus software for Android devices. they need
to run as root as otherwise sandboxing also applies to such applications
There are multiple types of Android malware in the wild:
Premium service abuse. It is probably the most common type of Android malware, where text
messages are sent from infected phones to premium-rate telephone numbers without the consent or even
knowledge of the user.
Adware. The second prominent type of Android malware is similar to Windows Adware and
displays unwanted and intrusive advertisements on the device
Spyware. Yet another common type of malware is spyware which sends personal information
to unauthorized third parties. Here there is another aspect of this problem: any Android user is
under microscope of Google.
We will discuss this problem separatly. In a way each and every Android phone is a spyware
device.
Google engineers have argued that the malware and virus threat on Android is being exaggerated by
security companies for commercial gains. They accused the security industry of playing on fears to sell
virus protection software to users. Google maintains that dangerous malware on Android is actually extremely
rare.
Google currently uses their Google Bouncer malware scanner to watch over and scan the Google Play
store apps. It is intended to flag up suspicious apps and warn users of any potential issues with an
application before they download it.
Android 4.1 (Jelly Bean) has enhanced security features, including a malware scanner built into the
system, which works in combination with Google Play, but can scan apps installed from third party sources
as well; and an alert system which notifies the user when an app tries to send a premium-rate text message,
blocking the message unless the user explicitly authorizes it.
Android smartphones have the ability to record the location of Wi-Fi access points, encountered as
phone users move around, to build databases containing the physical locations of hundreds of millions
of such access points. These databases form electronic maps to locate smartphones, allowing them to
run apps like Foursquare, Google Latitude, Facebook Places, and to deliver location-based ads. Third
party monitoring software such as TaintDroid, an academic research-funded project, can, in some cases,
detect when personal information is being sent from applications to remote servers.
Recently another source of security problems for Android was revealed via publication of some materials
about Prism program by Snowden. That undermines confidence in the platform as there is no guarantee
that all your voice and data streams are not written on some remote NSA server and, adding insult to
injury, not without Google help.
That does not increase the confidence about the platform, but two other major platforms (iPads
and Windows 8 based tablets) suffer from the same problem. all can contain NSA backdoors and Skype monitoring
tools installed without user consent. See Cloud providers as intelligence collection hubs
Google publishes most of the code (including network and telephony stacks) under the Apache
License version 2.0, and the rest, Linux kernel changes, under the GNU General Public License
version 2.
The Open Handset Alliance develops the changes to the Linux kernel, in public, with source code publicly
available at all times. The rest of Android is developed in private by Google, with source code released
publicly when a new version is released.
Typically Google collaborates with a hardware manufacturer to produce a 'flagship' device (part of
the Google Nexus series) featuring the new version of Android, then makes the source code available
after that device has been released.
Although the software is open-source, device manufacturers cannot use Google's Android trademark
unless Google certifies that the device complies with their Compatibility Definition Document (CDD).
Devices must also meet this definition to be eligible to license Google's closed-source applications,
including Google Play.
A smartphone is a spying device from which one also can make phone calls. After Prism is
should be clear to anybody that goverments intercepts your email messages and record your phone
calls just because they can.
"..reporters identified more than 1,000 people spanning more than 50 countries. They included
several Arab royal family members, at least 65 business executives, 85 human rights activists,
189 journalists and more than 600 politicians and government officials – including several
heads of state and prime ministers." -- and all those idiots use plain vanilla Anroid or IOS.
Nice. They probably have no money to buy a basic phone for $14 or so. That does not save from
wiretapping but at least saves from such malware.
Southfront reports that an Israeli company's spyware was used in attempted and successful
hacks of 37 smartphones belonging to journalists, government officials and human rights
activists around the world, according to an investigation by 17 media organizations, published
on July 18th.
https://imasdk.googleapis.com/js/core/bridge3.472.0_en.html#goog_621104237 12 Retailers
Where Plastic Bags May Disappear Soon NOW PLAYING MLB All-Star Game: Best Home Run Props To
Target UP NEXT Boeing Finds Flaws in 787 Dreamliners, Cuts Delivery Target Big Tech, Earnings,
Meme Stock Momentum – On TheStreet Monday Target, Walgreens close early due to thefts in
California stores Rose McGowan supports Britney Spears' over conservatorship Rose McGowan is
"brutally angry" about Britney Spears' conservatorship How To Check if You're Actually Getting
a Good Deal on Prime Day
One of the organizations, The Washington Post, said the Pegasus spyware licensed by
Israel-based NSO Group also was used to target phones belonging to two women close to Jamal
Khashoggi, a Post columnist murdered at a Saudi consulate in Turkey in 2018.
One of them was his fiancee, and she and the other woman were targeted both before and after
his death.
The Guardian, another of the media outlets, said the investigation suggested "widespread and
continuing abuse" of NSO's hacking software , described as malware that infects smartphones to
enable the extraction of messages, photos and emails; record calls; and secretly activate
microphones.
The investigation highlights widespread and continuing abuse of NSO's hacking spyware called
'Pegasus' which the company confirms is only intended for use against terrorist groups, drug
and human traffickers, and criminals.
Pegasus is a very advanced malware that infects iOS and Android devices to allow operators
of the spyware to copy messages, photos, calls and other data, including secretly activate
microphones and cameras.
Based on the investigation, the leak contains a list of 50,000 phone numbers that have been
identified as those of people of interest by clients of NSO since 2016.
The list includes many close family members of one country's ruler, suggesting he might have
instructed the country's intelligence agencies to explore the possibility of tracking and
spying on their own relatives.
anti-bolshevik 8 hours ago (Edited)
Two articles from Motherboard Vice:
Is Israel EXEMPT from the ' rules-based order ' that Biden / Blinken / Yellen constantly
affirm?
Any incoming Sanctions? Any Treasury asset-seziures?
Motherboard uncovered more evidence that NSO Group ran hacking infrastructure in
the United States.
A former NSO employee provided Motherboard with the IP address of a server setup to
infect phones with NSO's Pegasus hacking tool. Motherboard granted the source anonymity
to protect them from retaliation from the company.
The licensor of software is not the user of the software. An Israeli company developed
it and may have used it.
In weapons terms, an Israeli company was the arms developer.
However, there are the licensees and users of the software. The factions and individuals
who actually used this weapon of war and political coercion.
In weapons terms, there are others, like the US and other country intelligence
communities who will be the ones who pulled the trigger.
The "trigger pullers include the Bolshevik Democrat party and the Biden campaign, which
used it to control citizens through intelligence gathering (remember Judge Roberts?) and
extract political donations from corporations and rich individuals. Don't forget the
Globalist GOP RINOs and Tech monopolists, who have used this weapon to control and subvert
anyone that they need to subjugate.
Bye bye Apple, Xiomi and Google Android. You just lost your market of brainwashed sheep
for new mobile phones. Even the unwashed Joe Six-Packs of this world now know they are
being manipulated with the phones that are so expensive.
MASTER OF UNIVERSE 11 hours ago
I've spent many years studying Experimental Psychology & Personality Theory and can
honestly state that malware can't determine appropriate behavioural signals intelligence
enough to act responsibly, or judiciously.
Algos are dependent upon Behavioural Science & human analytics. They are crude tools
that employ hit & miss techniques that hardly ever work accurately.
Israeli intelligence tries to look state of the art, but they are just as dimwitted as
the CIA.
WorkingClassMan 10 hours ago
They might be dimwitted and hamfisted but like an elephant with a lobotomy they can
still do a lot of damage flailing around. Worst part about it is them not caring about the
consequences.
NAV 10 hours ago remove link
It's amazing how the "dimwits" control the entire apparatus of the most powerful Empire
in the world and the entire world media.
2banana 12 hours ago (Edited)
It's not just some politicians and journalists.
It's everyone.
Your phone spys on you in every possible way.
Pegasus is a very advanced malware that infects iOS and Android devices to allow
operators of the spyware to copy messages, photos, calls and other data, including
secretly activate microphones and cameras.
gregga777 12 hours ago (Edited)
It's been widely for at least a decade that carrying a smart phone is really like wiring
oneself up for 24/7/365 audio and/or video surveillance. They only have themselves to blame
if they've been spied upon by the world's so-called secret intelligence agencies.
[Ed. The next time in a crowded public space, turn on Wi-Fi and count the number of
unlocked phones under the "Other Networks" menu.]
truth or go home 12 hours ago
If you have no phone, and no facebook, then you are likely immune from prosecution. My
neighbor the Fed agent told me 10 years ago that these two sources are 90% of every
investigation. That number has only gone up. They track you with it, they find out your
contacts with it. They find out your secrets with it. Just try to get either of those
things anonymously. You can't.
philipat 11 hours ago remove link
Land of the Free....
Ura Bonehead PREMIUM 7 hours ago
'truth or go home', 'having no Facebook' doesn't help you as FB secures the same
information via data-sharing arrangements with any number of apps you may download, that
came on your phone, or are embedded deep on your phone. Just a fact.
Steeley 4 hours ago
A friend that lives in Pahrump, NV reports that every time he crosses into California a
smart phone Covid Health Tracking App activates and he starts getting notifications. Can't
turn it off or find where it resides. When he crosses back into Nevada it stops.
E5 10 hours ago
"After checking their claims, we firmly deny the false allegations made in their
report,"
Really? So if 99 claims are true and one false? Never did they say there was truth to
the accusation that they hacked phones.
If you are going to commit a crime I suppose you want to "issue a statement" that you
didn't. I guess we have to ask them 2 more times: then it is a rule that you must tell all.
No minion can resist the same question three times.
zzmop 9 hours ago (Edited)
Keyword -'Israeli', Not Russian, Israeli, Not 'Russian hackers', Israeli hackers
eatapeach 9 hours ago
This is old news. Congresswoman Jane Harman was all for spying/eavesdropping until she
got busted selling her power to Israel, LOL.
consistentliving PREMIUM 7 hours ago
Not USA fake paper pushers but Mexican journalists deserve mention here
Revealed: murdered journalist's number selected by Mexican NSO client
Israel doesn't respect human rights!. Israel has been killing defenseless people in
Palestine for more than 50 years. The sad thing is that US support these genocidal sick
sycophats.
wizteknet 10 hours ago
Where's a list of infected software?
vova_3.2018 9 hours ago (Edited)
Where's a list of infected software?
If they take yr phone under control they'd have access to everything & then they can
use the info against you or anybody else in the info. https://www.youtube.com/watch?v=iuBuyv6kUKI
Israeli spy-wear "Candiru" works a little bet different than Pegasus but is also used to
hack & track journalists and activists. https://www.youtube.com/watch?v=nWEJS0f6P6k
The magic number of "6 million" will be the Get out of Jail Card once again.
And, these idiots keep preaching about the great risk China poses...
Steeley 4 hours ago
Embedded in the OS...
Kugelhagel 12 hours ago (Edited)
Is that article an attempt to get some sympathy for "politicians", "journalists" and
"activists"? Try again.
HippieHaulers 11 hours ago
Exactly. Don't forget Kashogi was CIA. And they're using another asset (Snowden) to roll
this out. This story stinks.
WhiteCulture 7 hours ago (Edited)
I installed Nice Systems onto 600 desk tops in 2003 at 3 separate call centers, a call
monitoring and a PC, mainframe CICS, or email, screen scrape capability. When the call
audio was recorded we also captured whatever was on the screen. No doubt the government has
been doing this on our phones and all personal computers for over a decade.
TheInformed 7 hours ago
Your example shows that people are dumb, it's not evidence of some grand 'government
backdoor' conspiracy. Don't conflate the two.
two hoots 10 hours ago (Edited)
Forget the petty herd/individual surveillance, this is a "super power" tool for
investment opportunities, negotiation advantage, strategic decisions, military/covert
decisions, etc. you can be sure that the most improved (undisclosed) versions are in use in
the usual suspect country. Likely spying on the spy's that bought the software from them.
These are those steps beyond Nietzsche's amoral supra-man.
Globalist Overlord 12 hours ago
Whitney Webb was writing about this in 2018.
Snowden: Israeli Spyware Used By Governments to Pursue Journalists Targeted for
Assassination
If Pegasus is used against Human Traffic-ers, then why didnt they get Jeffrey Epstein
earlier?
Occams_Razor_Trader 11 hours ago
Why 'get' people when you can 'use' these people ........................?
RasinResin 11 hours ago
I use to be in IT and worked in association with Radcom. Now you may ask who is that?
They are the Israeli company that is truly behind all monitoring and spying of your phones
in America
"Reuters' spokesman Dave Moran said, "Journalists must be allowed to report the news
in the public interest without fear of harassment or harm, wherever they are. We are
aware of the report and are looking into the matter."
I love the sanctimonious clutching of pearls, wringing of hands, and bleating from the
purveyors of CCP propaganda, woketardness, and globalism whenever the velvet hand that
feeds them punishes them with a throat punch instead.
donebydoug 11 hours ago
Journalists can't be spies, right? That would never happen.
Watt Supremacist 12 hours ago
Yes but do the people working for Reuters know all that?
nowhereman 11 hours ago
Just look at the signature on your paycheck.
Grumbleduke 11 hours ago
they're in the news business - of course they don't!
You know the adage "when your livelihood depends on not knowing" or something....
Enraged 10 hours ago
Listening in on calls is a distraction story by the propaganda media.
The real story is the blackmailing of politicians, judges, corporate executives, etc.
for many years by the intelligence agencies with tapes of them with underage girls and
boys. This was included in the Maxwell/Esptein story.
These people are compromised, which is the reason for the strange decisions they make,
as they support the globalist elite.
There is no reason to spy on journalists, as they are part of the intelligence agency
operations.
Max21c 10 hours ago (Edited)
There is no reason to spy on journalists, as they are part of the intelligence agency
operations.
True the press are either spies or puppets and vassals of Big Brother and the secret
police. They're all mostly agents of the Ministry of Truth. But sometimes they get the
weather report right.
Wayoutwilly 12 hours ago remove link
Bet they have sh!t on Roberts, Kavanaugh and Barrett too.
Brushy 11 hours ago
Wait a minute, you mean the tracking spy device that you carry around and put all of
your personal information on is actually tracking and spying on you?!!
Dis-obey 10 hours ago remove link
They have data on everyone but not enough eyes to look at everyone all the time. So when
you get flagged then they can open all the data on your device to investigate
u.
ay_arrow
Yog Soggoth 10 hours ago
Khashoggi was not a journalist. While interesting, this is not the story of the
year.
Lawn.Dart 10 hours ago
Almost every intellegence agent is a writer of some kind.
Max21c 10 hours ago
NOS is just one company out of many. They have the willing complicity of the security
services of other countries including the CIA, FBI, NSA, DOJ, in the USA and similar per
UK. Secret police use these special contractors to help them engage in crimes and criminal
activities and it does not matter whether the secret police use a foreign or domestic
secret police agency or contractor as they're all in on it together. It's just a criminal
underworld of secret police, secret police bureaus & agencies, and "intelligence"
agencies. They're all crooked. They're all crooks and criminals and thieves that rob and
persecute innocent civilians just like the Bolsheviks, Nazis, Gestapo, Waffen SS, Viet
Kong, Khmer Rouge, Red Guards, ISIS, Stasi, KGB, etc. It's all the same or similar secret
police, police state tactics, state security apparatus abuses of power, absolute power
& its abuses, and spy agencies and intelligence agencies... and those that go along
with it and collaborate. It's all just criminal enterprises and crime agencies.
So you can solve the 10,000 open murder investigations in Chicago with this. That's how
its being used right...
Bostwick9 10 hours ago
"We are deeply troubled to learn that two AP journalists, along with journalists from
many news organizations, are among those who may have been targeted by Pegasus spyware,"
said Director of AP Media Relations Lauren Easton.
OMG . Not journalists !!!!!!!!!!
Guess NSO is a "buy", then.
NAV 11 hours ago remove link
To believe that the Israelis will not use the information that they have is absurd.
Here's one example:
The American Anti-Defamation League under Abe Foxman long made it a practice for decades
to tail all Congressmen – liberal or conservative -- as was brought out in
allegations in the San Francisco trial of its head operative Roy Bullock on charges of
buying blackmail information from members of the San Francisco Police Department as
reported by the San Francisco Examiner. Bullock had collected information and provided it
to the ADL as a secretly-paid independent contractor for more than 32 years.
Can it be that there's a connection between data of this kind and the unbelievable
unification of almost every congressman behind every Israeli position?
Of course, the San Francisco Examiner no longer is in existence. But Israeli trolls
continue to gather like wasps upon meat to destroy any information that might reveal their
nefarious purposes.
In 1993 the FBI interviewed
40-year undercover ADL operative Roy Bullock , who had improperly obtained social
security numbers and drivers licenses from San Francisco Police Department officer Tom
Gerard. Gerard and Bullock infiltrated and obtained information on California
Pro-Palestinian and anti-Apartheid groups as paid agents of both the ADL and South
African intelligence services. The ADL paid tens of thousands in damages over the
incident and promised not to collect confidential information in the future.
SARC '
novictim 8 hours ago
What do you want to bet that Orange Hitler and associates along with MAGA Republicans,
their attorneys, friendly patriot reporters, etc, have had their phones widely hacked going
all the way back to 2016?
Because when you are a "progressive" in power, anyone who wants to unseat you is a
terrorist threat and you can do just about anything you want to them because you are saving
the world.
Sarrazin 8 hours ago
unseat you is a terrorist threat and you can do just about anything you want to them
because you are saving the world.
Funny, it's the same formula US foreign policy applies to all it's victims nations
around the world. Fighting terrorists in the name of saving the world.
LEEPERMAX 9 hours ago (Edited)
💥BOOM !!!
In 2020 alone, Facebook and Amazon spent more money on
lobbyists than did Raytheon, Northrup Grumman, Lockheed Martin, and Boeing -- major players
in the defense-industrial complex !!!
Let that sink in.
OldNewB 11 hours ago
"Journalists must be allowed to report the news in the public interest without fear of
harassment or harm, wherever they are."
This hasn't happened in ages. What the large majority of MSM operatives (so called
"journalists" ) convey to the public is propaganda and agenda driven misinformation and
disinformation.
SummerSausage PREMIUM 12 hours ago
Obama spying on Trump and Fox reporters - meh.
Same Obama intelligence services spying on WaPo & leftist reporters - FASCIST
Mute Button 11 hours ago
We're supposed to be outraged even though Trump & co. know they're being "spied"
on.
Its just a game of the uniparty.
Ivy Mike 8 hours ago
Yawn. Smart phones have swiss cheese security. Who knew.
If you have a secret that you really don't want people to know, don't put in on a device
that ever touches the internet. Don't talk about important stuff on a phone call. Any mob
boss from the 70's could tell you that.
MeLurkLongtime 5 hours ago
I would add if you have Alexa, don't converse on any sensitive topics in front of her,
either.
_0000_ 9 hours ago remove link
" Pegasus is a very advanced malware that infects iOS and Android devices to allow
operators of the spyware to copy messages, photos, calls and other data, including
secretly activate microphones and cameras."
This is a non-story. Lots of smoke, lots of brew-ha-ha.
Why is THIS a jaw dropping story now when the NSA/CIA have been doing this to ALL iOS
and Android devices years ago? RE: CALEA , signed into law in 1996 by Bill Clinton.
Just more misdirection... meant to distract from something else. What?
Rectify77 PREMIUM 10 hours ago
Isn't it odd that Iran, Russia and China are not on the map? Who are the Israelis
playing?
NAV 10 hours ago
Isn't is amazing that Russia is giving asylum to Edward Snowden who will be arrested and
inflicted with only God knows what if captured by the USA?
Market Pulse 13 hours ago
And we are surprised, why??? Everyone's phones are spied upon with all the data
collected. All part and parcel of the NWO and the "Information Age". How else are they
going to get all that information to control everything. And just think, once upon a time,
there were no cell phones and the people were fine. They also were happier and much more
free. Hint - ditch the phone!
dog breath 4 hours ago
Hello? This stuff has been going on for two decades. Bill Binney, former NSA, been
talking about this since after 911. Five eyes is a way over going around internal rules.
Every country does this. Russia, China, EU, USA, Australia, etc. are all spying on their
own citizens. This world is turning into a corrupt crap pile and I'm waiting for the Lord
to come.
Barcode scanners and flashlight apps... who installs these? Phones come with these features
already baked in.
I assume some of it is just old stuff people just re-download without thinking. Android
hasn't always had a built in flashlight app (and am I crazy in that the early ones required
root?). And I'm pretty sure that's the same with QR readers. I hadn't realized that Google Lens
was a QR scanner until fairly recently.
Google has
removed this month 25 Android applications from the Google Play Store that were caught stealing Facebook credentials.
Before being
taken down, the 25 apps were collectively downloaded more than 2.34 million times.
The malicious
apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same.
According to a
report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors,
wallpaper apps, flashlight applications, file managers, and mobile games.
The apps offered
a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what
app a user recently opened and had in the phone's foreground.
If the app was
Facebook, the malicious app would overlay a web browser window on top of the official Facebook app and load a fake Facebook login
page (see image below: blue bar = actual Facebook app, black bar = phishing page).
Image: Evina
If users entered credentials on this phishing page, the malicious app would log the data and send it to a remote server located at
(the now-defunct) airshop.pw domain.
This archived TechRepublic Premium report, originally published in February 2015, is available for free to
registered TechRepublic members. For all the latest research reports, 100+ ready-made policies, IT job
descriptions, and more, check out TechRepubli...
Research
provided by
TechRepublic
Premium
Evina said it
found the malicious code that stole Facebook credentials in 25 apps they reported to Google at the end of May. Google removed the
apps earlier this month, after verifying the French security firm's findings. Some of the apps had been available on the Play Store
for more than a year before they were removed.
The full list of
25 apps, their names, and package ID, are listed below. When Google removes malicious apps from the Google Store, the company also
disables the apps on a user's devices and notifies users via the Play Protect service included with the official Play Store app.
But how about using an Android phone as a GPS tracker? It may not be the most reliable option, and it does comes with some not-so-insignificant
drawbacks, but it can get the job done if you're desperate. Here's how to turn your Android phone into a GPS tracker.
Note: These instructions are based on a Samsung Galaxy S8 running Android 8.0 Oreo, but the steps should be relatively similar
for most Android devices.
Tracking With Native Android Features
Most Android devices released in 2014 or later have a built-in feature called Find My Device (formerly called Find My Android).
This service constantly pings your device's location back to Google's servers so that
Google knows where
your device is . You can then use Google's web interface to see where your device is at any given time. You'll need a Google
account to use this feature.
How to Enable Find My Device on Android
Navigate to your device's Settings .
Tap on Lock screen and security .
Tap on Other security settings . (This step may be unnecessary depending on your particular device and Android version.)
Tap on Device admin apps . (This step may be called Device Administrators depending on your particular device and Android
version.)
Tap Find My Device .
Tap Activate .
Note: In order to activate this service, you'll need to allow four permissions: 1) the ability to erase all data, 2) the ability
to change your screen unlock password, 3) the ability to lock the screen, and 4) the ability to turn off functions on the lock screen.
Advertisement
The nice thing about Find My Device is that it's not just a tracker -- it lets you control the device from afar in the above-mentioned
ways. Learn more in our
overview of Find My Device .
How to Use Find My Device on Android
Once enabled, all you have to do is launch a web browser, navigate to the
Find My Device dashboard , and sign into your Google account
(the same one associated with your device).
Once you're logged in, select the device you want to locate, click the Locate button for said device, and it'll show its last
known location and how long ago it was last spotted. It's fairly accurate in my experience, but I live in an urban environment; it
can be off by up to 20 meters in areas with poor GPS visibility.
Tracking With Third-Party Android Apps
If you don't like Find My Device for whatever reason, you can always resort to one of the many third-party alternatives available
on the Google Play Store. These apps are easy to install and you don't really have to do anything beyond creating an account to use
them.
There are two that we recommend:
1. Lookout : Lookout is an all-in-one
security solution where device tracking is just one of its many features. As such, it might be too bloated if device tracking is
the only feature you're interested in. But if your device currently lacks a good antivirus app, you might as well use this one and
kill two birds with one stone.
2. Prey : In practical usage, Prey is very
similar to Find My Device. Its one big advantage is availability across multiple other platforms, including Windows, Mac, Linux,
and iPhone, so you can track ALL of your devices from anywhere.
Once your device is set up as trackable, whether using Find My Device or a third-party app, there's only thing left to do: attach
the device to the person or object that you want
to track . Obviously, this is much easier said than done.
Want to know how to track a car with a cell phone?
The easiest and most effective option is to use a magnetic car mount . Most two-piece kits come with a magnetic insert (that you
place inside your device case) and a magnetic base (that you attach to whatever you want to mount). With a good model, the magnetic
force should be strong enough for your phone to "snap" onto the base and stay there securely.
The improvements will allow users to take better advantage of the phone's voice
recording functionality, as it will be able to turn the recordings into text even when
there's no internet connectivity. This presents a new competitor to others in voice
transcriptions that are leveraging similar AI advances, like Otter.ai, Reason8, Trint and
others, for example.
As Google explained, all the recorder functionality happens directly on the device --
meaning you can use the phone while in airplane mode and still have accurate
recordings.
"This means you can transcribe meetings, lectures, interviews, or anything you want to
save," said Sabrina Ellis, VP of Product Management at Google.
The Recorder app was demonstrated onstage during the event, live, and was offering --
from what was shown -- an error-free transcription.
"... With the inaugural "Huawei AppGallery" emerging with the Mate 30, the company has now positioned itself on an investment trajectory to create a new "Huawei core" to compete with the world of Google-led Android systems outright. ..."
"... Beyond Apple and the iPhone, the Android operating system dominates in the global smartphone market. Describing it as an "operating system" is barely fitting; it might otherwise be described as "an ecosystem" with a wide range of Google orientated services within it. ..."
"... They include the popular browser Chrome, the YouTube video service, Google mail and, most critically, the "Google Playstore," which, owing to its popularity, attracts more developers and investors than any other unofficial App stores. This "ecosystem" creates a "web of comfort" which effectively entrenches the consumer in the Android orbit. ..."
"... p until May 2019, Huawei was a part of this orbit. Its subsequent estrangement from Android owing to the American government's decision has forced some difficult choices. It has made markets keen to observe how the Mate 30 will perform given its lack of Google applications and the need for users to obtain some apps through third-party stores. ..."
"... So, the question is: How are they now adapting and making that transition? Bengt Nordstrom of North Stream research in Sweden notes that "they have a strategy to become completely independent from U.S. technology. And in many areas, they have become independent." ..."
"... Huawei's announced bid to invest over 1 billion U.S. dollars in developing its own application "core" or ecosystem. This, in essence, is an effort to get developers to establish applications for the new "Huawei App store" and thus establish a self-reliant, independent path from the world of Android. ..."
"... To achieve this, the company has pledged a competitive revenue sharing scheme of 15 percent to developers, half of that what Apple and Google demand for participation in their own app-stores. ..."
September 21, 2019
Huawei's pivotal moment
By Tom Fowdy
Huawei launched its Mate 30 series on Friday, the first new device produced by the
Shenzhen telecommunications firm since it has been blacklisted by the United States
government and excluded from American technology markets.
The subsequent result of the listing had led Google to sever ties with the company and
prohibit new devices from using its Play Store services and operating system, something which
ultimately impacts the Mate 30 Series, which is using an open-source version of Android.
The impact of it all has led Western commentators to ask questions about Huawei's future
in Western smartphone markets, particularly what applications can it access.
However, not all is bleak, and what may start off as a hindrance for the company is set to
transform into an opportunity. The United States' assault on the company has forced Huawei to
innovate.
With the inaugural "Huawei AppGallery" emerging with the Mate 30, the company has now
positioned itself on an investment trajectory to create a new "Huawei core" to compete with
the world of Google-led Android systems outright.
In this case, what seems like a detriment is part of a broader pivotal moment for Huawei.
The company's portfolio is about to change forever.
Beyond Apple and the iPhone, the Android operating system dominates in the global
smartphone market. Describing it as an "operating system" is barely fitting; it might
otherwise be described as "an ecosystem" with a wide range of Google orientated services
within it.
They include the popular browser Chrome, the YouTube video service, Google mail and,
most critically, the "Google Playstore," which, owing to its popularity, attracts more
developers and investors than any other unofficial App stores. This "ecosystem" creates a
"web of comfort" which effectively entrenches the consumer in the Android orbit.
U p until May 2019, Huawei was a part of this orbit. Its subsequent estrangement from
Android owing to the American government's decision has forced some difficult choices. It has
made markets keen to observe how the Mate 30 will perform given its lack of Google
applications and the need for users to obtain some apps through third-party stores.
So, the question is: How are they now adapting and making that transition? Bengt
Nordstrom of North Stream research in Sweden notes that "they have a strategy to become
completely independent from U.S. technology. And in many areas, they have become
independent."
First of all, we are well aware that Huawei is developing its own Harmony Operating System
as a contingency measure, although it has not chosen to apply it to the Mate 30 as an olive
branch to Google.
Second, and most excitingly is Huawei's announced bid to invest over 1 billion U.S.
dollars in developing its own application "core" or ecosystem. This, in essence, is an effort
to get developers to establish applications for the new "Huawei App store" and thus establish
a self-reliant, independent path from the world of Android.
To achieve this, the company has pledged a competitive revenue sharing scheme of 15
percent to developers, half of that what Apple and Google demand for participation in their
own app-stores.
This effort is combined with a wider scope in research and development from the company,
which is also designed to forfeit dependence upon American technology chains in terms of
critical components and other parts.
We have already seen massive investment pledges from Huawei to build new research and
development centers in the United Kingdom, Belgium, Italy and Brazil. They are not empty
promises, but a serious and strategic effort.
In this case, what was intended to be a political effort to destroy and contain Huawei is
likely to prove a pivotal turning point in the company's history with huge repercussions for
global smartphone and technology markets.
Instead of having once been reliant on and thus beneficial to American technology markets,
the outcome is that Huawei will re-emerge independent of and competing against it.
Armed with a pending new operating system, a new application development drive and a
broader research effort, what seemed otherwise a detriment is likely to bring a massive
opportunity. Thus, it is very important to examine the long-term prospects for the company's
fortunes ahead of short-term challenges.
The App Store also instituted the idea of tech products being part of a
vertically-integrated, closed platform. Apple and Google (with its Google Play store) became
the dominant platform owners for mobile, because their scale and network effects made them the
gatekeepers for companies that wanted to enter the mobile market and access the app
marketplace. Even a company with as much power as Microsoft could do nothing to break the mobile
duopoly .
So whatever your
opinion of Google's Huawei snub, it certainly demonstrates just how much power Google has,
and how that power is centralized. For phone makers, Google is the only option -- Apple being
its own walled garden -- and for app makers and consumers alike, the App Store and Google Play
are the only existing choices.
This is hardly a secret or conspiratorial. Huawei has
long been attempting to develop its own operating system , precisely to prevent such
situations as this. Similarly, despite being the largest Android vendor by far, Samsung still
has its own Tizen operating system. Building your business on someone else's platform leaves
you at their mercy. There's also the question of user experience: Consumers can't actually buy
books on the Kindle app on an iPhone or iPad, because Amazon understandably wants to avoid the
30 percent cut that Apple takes on its operating system.
Perhaps a closed app store linked to a platform has outlived its early usefulness. Not only
does it cement power among entrenched companies, it also puts up barriers to competition. This
idea isn't so radical. Recently,
the Supreme Court ruled that Apple's customers can sue the company under antitrust law for
monopolistic behavior for the way in which it takes that 30 percent of everything on the app
store. There are technical avenues forward: Progressive Web Apps, or PWAs, operate in a more
open, more platform-neutral manner, and have significantly improved in functionality recently;
they could offer a more neutral way for companies to offer apps outside the constraints of an
app store.
The US ban on Huawei is pushing it to
develop alternative systems that may rival Google and Android
Google cuts Huawei off Android; so Huawei may migrate to Aurora. Call it mobile Eurasia
integration; the evolving Russia-China strategic partnership may be on the verge of spawning
its own operating system – and that is not a metaphor.
Aurora is a mobile operating system currently developed by Russian Open Mobile Platform,
based in Moscow. It is based on the Sailfish operating system, designed by Finnish technology
company Jolla, which featured a batch of Russians in the development team. Quite a few top
coders at Google and Apple also come from the former USSR – exponents of a brilliant
scientific academy tradition.
In 2014, Russian entrepreneur Grigory Berezkin started co-owning Jolla, and from 2016 his
Mobile Platform company started developing a Russian version of the operating system. In 2018,
Rostelecom, a state company, bought a 75% share in Open Mobile Platform.
Ahead of the St Petersburg International Economic Forum last week, Huawei chairman Guo Ping
discussed the possibility of adopting Aurora with Russian minister of digital development and
communications, Konstantin Noskov. According to Guo, "China is already testing
devices with the Aurora pre-installed. "
In Moscow, before moving to St Petersburg, Presidents Putin and Xi Jinping discussed
multiple possible deals; and these include Huawei-Aurora, as well as where to locate some of
Huawei's production lines in Russia.
Google, here we come
Aurora could be regarded as part of Huawei's fast-evolving Plan B. Huawei is now
turbo-charging the development and implementation of
its own operating system, HongMeng , a process that started no less than seven years ago.
Most of the work on an operating system is writing drivers and APIs (application programming
interfaces). Huawei would be able to integrate their code to the Russian system in no time.
"... "so long as they are transparent with the users about how they are using the data." ..."
"... In practice, this means that any app that shares your private data with advertisers must disclose this fact in their privacy policy. This is seen first in a pop-up box that includes a note that the app wants permission to "read, send, delete and manage your email." However, information about the marketers this data is shared with can often be more difficult to find. ..."
"... In their letter to the company, the senators claim that one marketing company, Return Path Inc, read the private contents of 8,000 emails to train its AI algorithms. ..."
"... "not limited to your name, email address, username and password." ..."
"... At least 379 apps available on the Apple and Android marketplaces can access users' email data. In Google's letter to Congress, the firm declined to say when, if ever, it has suspended an app for not complying with its rules. ..."
"... Google itself has mined users' emails since Gmail was launched in 2004, but announced last year that it would stop the practice, amid privacy concerns and a federal wiretapping lawsuit. ..."
"... "discuss possible approaches to safeguarding privacy more effectively." ..."
"... Everything you've ever searched for on any of your devices is recorded & stored by Google https://t.co/8KGgO0xT92 ..."
"... Like this story? Share it with a friend! ..."
Omnipresent tech giant Google told US senators that it lets third-party
apps read data from Gmail accounts and share this information with marketers, even though
Google itself allegedly stopped this practice last year. In a letter sent to the lawmakers in
July and made public on Thursday, Google said that developers may share your data with third
parties for the purposes of ad-targeting, "so long as they are transparent with the users
about how they are using the data."
In practice, this means that any app that shares your private data with advertisers must
disclose this fact in their privacy policy. This is seen first in a pop-up box that includes a
note that the app wants permission to "read, send, delete and manage your email."
However, information about the marketers this data is shared with can often be more difficult
to find.
Google's letter came in response to a request by Republican senators for information about
the scope of the email content accessible to these third parties. In their
letter to the company, the senators claim that one marketing company, Return Path Inc, read
the private contents of 8,000 emails to train its AI algorithms.
Return Path told the Wall Street Journal at the time that, while it did not explicitly ask
users whether it could read their emails, permission is given in their user agreements, which
state that the company collects personal information including but "not limited to your
name, email address, username and password."
At least 379 apps available on the Apple and Android marketplaces can access users' email
data. In Google's letter to Congress, the firm declined to say when, if ever, it has suspended
an app for not complying with its rules.
Google itself has mined users' emails since Gmail was launched in 2004, but announced last
year that it would stop the practice, amid privacy concerns and a federal wiretapping
lawsuit.
Now, privacy officials from Google, Apple and Amazon are preparing to travel to Capitol Hill
next week, for a Commerce Committee
hearing . There, the tech companies will be asked to "discuss possible approaches to
safeguarding privacy more effectively."
Everything you've ever searched for on any of your devices is recorded & stored by
Google https://t.co/8KGgO0xT92
The hearing is another in a series of grillings faced by the tech industry since the
Cambridge Analytica privacy scandal revealed in March that Facebook allowed a third party to
collect personal information on millions of users. Google CEO Larry Page was invited to a
Senate Intelligence Committee hearing on political bias, foreign interference and privacy on
tech platforms earlier this month, but declined to show up, sending a written testimony
instead.
(duo.com)
46Trailrunner7 writes:
Researchers have discovered a weakness in all version of
Android except 9 , the most recent release, that can allow an attacker to gather sensitive
information such as the MAC address and BSSID name and pinpoint the location of an affected
device. The vulnerability is a result of the way that Android broadcasts device information to
apps installed on a device. The operating system uses a mechanism known as an intent to send
out information between processes or applications, and some of the information about the
device's WiFi network interface sent via a pair of intents can be used by an attacker to track
a device closely.
A malicious app -- or just one that is listening for the right broadcasts from Android --
would be able to identify any individual Android device and geolocate it. An attacker could use
this weaknesses to track a given device, presumably without the user's knowledge. Although
Android has had MAC address randomization implemented since version 6, released in 2015, Yakov
Shafranovich of Nightwatch Cybersecurity said his research showed that an attacker can get
around this restriction.
Samsung announced Samsung DeX earlier this as a way for users to transform their mobile
phones into full-fledged desktops or workstations by attaching a monitor, mouse, and keyboard.
DeX is currently limited the Galaxy S8 and S8+, as well as Note 8, bringing you a desktop-like
experience powered by your smartphone.
And now, Samsung wants to expand the DeX's capabilities by introducing "Linux on Galaxy," a
new concept promising to bring the Linux PC experience to your mobile device. Linux on Galaxy
comes in the form of an app that you can install on your smartphone to run multiple Linux-based
operating systems.
"Although it's in a trial phase, Linux on Galaxy is our innovative solution to bring the
Linux experience on PC to mobile, and then further onto a larger display with Samsung DeX. Now
developers can code using their mobile on-the-go and with Samsung DeX, and can seamlessly
continue the task on a larger display," says Samsung.
Developers will be able to use
their favorite GNU/Linux distro
With the Linux on Galaxy app, developers will be able to use their favorite GNU/Linux
distribution on their mobile devices. When using Samsung DeX with Linux on Galaxy, users can
also run Linux apps that aren't available on their smartphones, which run Google's Android
mobile operating system, also powered by the Linux kernel.
Best of all, Samsung Linux on Galaxy will enable developers to use a fully functional
development environment to create content on a big screen, all powered by their Samsung S8/S8+
or Note 8 devices. At the moment, Linux on Galaxy is in heavy development, but you can find out
more about it at seap.samsung.com/linux-on-galaxy .
"... So far the feature, spotted by XDA Developers , has appeared in some, but not all devices with Android 7.1 Nougat. ..."
"... Google hasn't said anything about the feature-- XDA just happened to discover the code in a recent build of Android 7.1. Essentially, it listens for back button presses, and if enough of them happen (four to be exact) in rapid succession (with less than a third of a second delay) then Android will override the app and bring back the home screen. This could apply to apps that just freeze, but also to rogue software that tries to intercept any and all actions, like malware or adware. ..."
If you can't dismiss an app by pressing the "back" button, it may just be a glitch or crappy app,
but it could also be something
much worse . That's why Google has quietly slipped in a new Android feature called "panic detection"
that can preemptively close an app if you stab at the back button multiple times. So far the
feature, spotted by
XDA Developers , has appeared in some, but not all devices with Android 7.1 Nougat.
Google hasn't said anything about the feature-- XDA just happened to discover the code in
a recent build of Android 7.1. Essentially, it listens for back button presses, and if enough of
them happen (four to be exact) in rapid succession (with less than a third of a second delay) then
Android will override the app and bring back the home screen. This could apply to apps that just
freeze, but also to rogue software that tries to intercept any and all actions, like malware or adware.
It's a smart idea, because what's the first thing you do when you can't make an app go away? Frantically
pressing the back key is probably the first thing, so that will kill the app and allow you to uninstall
or disable it until you figure out the problem.
You'll have to enable the feature to get it to work, apparently. Google seems to be rolling it
out on a limited basis, and may in fact just be testing it, so it may be some time before it ends
up on your device.
"... it detected devices sending data about call history, text messages, the unique identifier of the mobile service subscriber, the device's unique identifier and call histories. ..."
"... It also found evidence that the software specifically searched text messages for key words and sent full text messages back to Adups servers in China. ..."
"... In May 2017 on the Cubot X16S device, we observed the user's call log, text message metadata, browser history, list of installed apps, list of apps used and unique device identifiers being exfiltrated by Adups," Kryptowire's Tom Karygiannis wrote the Observer in an email. ..."
In its November report, Kryptowire wrote that
it detected devices sending data about call
history, text messages, the unique identifier of the mobile service subscriber, the device's
unique identifier and call histories.
It also found evidence that the software specifically
searched text messages for key words and sent full text messages back to Adups servers in
China.
These messages were encrypted, but Kryptowire was able to find the key and decrypt
them.
Since the Kryptowire finding, Adups has reported that it is
no longer collecting
personally
identifiable information, but Kryptowire told Black Hat attendees that it has continued to
observe the same behavior, though more carefully hidden and not necessarily on Blu devices.
In
a November
statement
, Adups explained the searching and parsing of users' text messages by saying it
had created an application to screen and block promotional messages. It wrote, "In response to
user demand to screen out junk texts and calls from advertisers, our client asked Adups to
provide a way to flag junk texts and calls for users. [The] application flags texts containing
certain language associated with junk texts and flags numbers associated with junk calls and
not in a user's contacts."
Blu devices aren't the only ones to carry the Adups software, and Kryptowire has noted that
it behaves differently from device to device. Another maker of cheap Android phones, Cubot,
also uses Adups software. "
In May 2017 on the
Cubot X16S
device, we observed the user's call
log, text message metadata, browser history, list of installed apps, list of apps used and
unique device identifiers being exfiltrated by Adups," Kryptowire's Tom Karygiannis wrote the
Observer in an email.
On Wednesday, Kryptowire released additional technical details,
describing tests from
May
on Blu Grand M, LifeOne X2 and Advance 5.0 devices.
Subsequent to the Black Hat presentation, Amazon has closed off sales for the complete line
of
Blu Android phones
...
discovered
and blocked
a new family of Android malware developed by a cyber arms company that may have
its roots in state-sponsored spying efforts.
The malware!known as Lipizzan!contained references within its code to an Israeli tech firm
called Equus Technologies, which offers "tailor made innovative solutions for law enforcement,
intelligence agencies, and national security organizations."
In the
Android Developers Blog
, Megan Ruthven of Android Security and Ken Bodzak and Neel Mehta
of Google's Threat Analysis Group detailed the malicious software, which they called a
"multi-stage spyware product."
The researchers found Lipizzan had the ability to monitor and steal communications from the
device. The malware could hijack a user's email, SMS messages, location information, voice
calls and local media. It could also snap screenshots of the user's device and hijack the
camera to take pictures or record video.
When active, Lipizzan could steal data from a number of apps including Gmail, Google
Hangouts, LinkedIn, Facebook Messenger, Skype, Snapchat, popular messaging platforms like
WhatsApp and Viber and encrypted communications app Telegram.
Most troubling about Lipizzan was that it was found in apps on the Google Play Store
disguised as legitimate apps. The malware was most often found in apps posing at popular
utilities with names like "Backup" or "Cleaner." A second wave of apps containing the malware
posed as notepad, sound recorder, and alarm manager apps.
When a user would install one of the infected apps, the app would begin to download a
"license verification" that would examine the device. If the handset met certain criteria, the
second stage of Lipizzan would kick in and root the device while establishing a connection to
the Command and Control server operated by malicious actors to send back files and
recordings.
While the spyware was available to download through apps in the Google Play Store, Google
reported very few instances in which infections were found. According to the company's
findings, fewer than 100 devices had the malicious apps installed on their devices. Google
claimed that would make the infection rate only 0.000007 percent.
Lipizzan and the apps that contain it have been removed from the Google Play Store, and
Google recommends users make use of
Google Play Protect
, a security suite for Android
devices.
Google also advised users to download apps exclusively from the Google Play Store rather
than from third-party app stores and to disable installations from unknown sources. The search
giant also suggested keeping devices up to date with the most recent security patch.
While Google may have caught and eliminated Lipizzan, the company has run into a fair amount
of malware slipping through the cracks of its Google Play Store. Earlier this year, an adware
scheme managed to
infect 40 million phones
through Google's official marketplace.
If you can't dismiss an app by pressing the "back"
button, it may just be a glitch or crappy app, but it could also be something
much worse
. That's why Google has quietly slipped in a new Android feature called "panic
detection" that can preemptively close an app if you stab at the back button multiple times. So
far the feature, spotted by
XDA Developers
, has appeared in some, but not all devices with Android 7.1
Nougat.
Google hasn't said anything about the feature-- XDA just happened to discover the code in a
recent build of Android 7.1. Essentially, it listens for back button presses, and if enough of
them happen (four to be exact) in rapid succession (with less than a third of a second delay)
then Android will override the app and bring back the home screen. This could apply to apps
that just freeze, but also to rogue software that tries to intercept any and all actions, like
malware or adware.
It's a smart idea, because what's the first thing you do when you can't make an app go away?
Frantically pressing the back key is probably the first thing, so that will kill the app and
allow you to uninstall or disable it until you figure out the problem.
You'll have to enable the feature to get it to work, apparently. Google seems to be rolling
it out on a limited basis, and may in fact just be testing it, so it may be some time before it
ends up on your device.
Citizen Lab, the University of Toronto group that monitors government surveillance in the digital
age, analyzed the recently discovered instance of the fake Qatif Today app in a blog post headlined
Police Story: Hacking Team's Government Surveillance Malware . The account provides a rare glimpse
into malware developed by "Hacking Team," a highly secretive outfit based in Italy that charges governments
top dollar for extremely stealthy spyware that's often referred to as a "lawful intercept" program.
The Trojan is known as an Android implant because it cloaks itself inside a legitimate third-party
app. People who are infected with it must first be tricked into obtaining the Android installation
package (APK) from a non-authorized source, which in this case was
this
now-shuttered Dropbox location . Aside from that, victims may have little indication anything
is amiss. To lend it legitimacy, the malicious APK was signed by a digital certificate that appeared
to be related to Java and its original creator Sun Microsystems. Citizen Labs identified six other
samples signed by the same certificate.
Once installed, the app establishes contact with command and control servers located at 91.109.17.189
and 106.186.17.60, which are addresses Citizen Lab has seen used in previous Hacking Team campaigns.
The implant also attempts to break out of its Android-imposed security sandbox by exploiting a
vulnerability in older Android versions on specific handsets that allows apps to gain unfettered
root privileges.
The trojan next tries to access local files stored by a variety of social media, chat, and call
apps including Facebook, Viber, WhatsApp, Skype, LINE, and QQ. The app has audio recording, camera,
video, key logging, and "live mic" capabilities, as well as a "crisis" module that provides anti-analysis
functionality. The researchers also found evidence of what appears to be location, screenshot-taking,
and browsing activity modules. The implant even seems to have a filter to specify date ranges to
narrow the mail and text messages it sends back to the control servers. (It's not clear what happens
when the app runs on Android versions that have patched the rooting vulnerability.)
"We also see information about how the implant exfiltrates data, along with its C2 servers," Tuesday's
post reported. "Interestingly, it appears that the implant is capable of monitoring the devices'
connectivity (e.g. Wi-Fi, cellular network), choosing connection type, and rate limiting the bandwidth.
Note that these are the same servers we observed in the implant's network communications."
The Citizen Lab researchers provided an overview of the remote control system (RCS) architecture
that works with Android trojans and trojans for other platforms. The architecture relies on a series
of system administrators, technicians, and analysts to funnel information pulled off an infected
device to the interested parties. Unverified screenshots an anonymous person provided to Citizen
Lab show RCS works on computers running Windows, Mac OS X, or Linux.
Citizen Lab
It comes with a dazzling number of capabilities, including:
Network Injection: via injected malicious traffic in cooperation with an ISP Tactical
Network Injection : on LAN or Wi-Fi Melted Application : bundling a Hacking Team dropper alongside
a bait application Installation Package : a mobile installer Exploit : document-based exploit
for mobile and desktop Local Installation : mobile installation via USB or SD card Offline
Installation: create an ISO for a bootable SDHC, CD, or USB. This option includes the ability
to infected hibernated and powered off devices QR Code: a mobile link that, when pictured,
will infect the target Applet Web: likely a malicious website (depreciated after v. 8.4)
Silent Installer: a desktop executable that will install the implant Infected U3 USB
: an auto-infecting U3 USB WAP Push Message : the target will be infected if the user
accepts the message (works on all mobile operating systems apart from iOS)
Citizen Lab researchers wrote:
The implant ("agent") offers one-click functionality for requesting information from target
devices. Technicians are encouraged to add functionality as needed.
... ... ...
Selection of available surveillance modules
Accessed files Address Book Applications used Calendar Contacts Device Type Files Accessed
Keylogging Saved Passwords Mouse Activity (intended to defeat virtual keyboards) Record Calls
and call data Screenshots Take Photographs with webcam Record Chats Copy Clipboard Record Audio
from Microphone
With additional Voice and silence detection to conserve space
Realtime audio surveillance ("live mic:" module is only available for Windows Mobile) Device
Position URLs Visited Create conference calls (with a silent 3rd party) Infect other devices
(depreciated since v. 8.4)
Other Capabilities
Once an implant is operational its collection operations can be updated. In addition files
can be sent to and received from the device.
In addition, implants have a default cap on "evidence" space of 1GB on the target device. Recording
of new material stops when the space is reached. Operators also have the ability to delete not-yet-transmitted
data on the device.
Programs such as RCS are marketed to governments as legitimate wares, but Citizen Lab points out
that many countries have few legal guidelines and little oversight for the way they're used.
"In light of the absence of guidelines and oversight, together with its clandestine nature, this
technology is uniquely vulnerable to misuse," the report warns. "By analyzing the tools and their
proliferation at the hands of companies like Hacking Team and Gamma Group, we hope to support efforts
to ensure that these tools are used in an accountable way, and not to violate basic principles of
human rights and rule of law." ,
Jun 24, 2014 9:47 PM
Quote:
The implant also attempts to break out of its Android-imposed security sandbox by exploiting
a vulnerability in older Android versions that allows apps to gain unfettered root privileges.
According to your link Dan, this affects only the Samsung Galaxy S3 or anything with Samsung's
Exynos chipset. It isn't an Android root exploit in general. It's already been patched a year
ago. blockquote
This is more interesting because all android apps are signed and if an app wished to update an
app already installed (and with the same name, otherwise it will show up as a separate app), it
has to have a matching signature.
When does lawful intercept cross the line into total surveillance? Post-Snowden, the concept
of lawful intercept has no meaning when everything can be intercepted and used at a later time.
Better question: How is this lawful to begin with? Unless they set things up so that, in theory,
only terrorists and other *valid* targets of surveillance download then app, I don't see how it
could be given the uproar over the stuff Snowden released
The SHA-256 hash for the file is 8e64c38789c1bae752e7b4d0d58078399feb7cd3339712590cf727dfd90d254d
.
According to
this VirusTotal report, this program is currently detected by the following programs:
Avira AntiVir - Android/FakeInst.ES.4
Baidu-International - Trojan.Android.FakeInst.bES
ESET - a variant of Android/Morcut.A
Kaspersky - HEUR:Trojan-Spy.AndroidOS.Mekir.a
ThreatTrack VIPRE - Trojan.AndroidOS.Generic.A
Five out of fifty-three program, or a little under 10%. I'm sure the detection rate will go up
in the next 24 hours to (or at least, near) 100%, though.
blockquote
Better question: How is this lawful to begin with? Unless they set things up so that, in theory,
only terrorists and other *valid* targets of surveillance download then app, I don't see how it
could be given the uproar over the stuff Snowden released
Consider the likely target of the malware. It is someone using a news app focusing on a Saudi
Arabian province. It assumes that the target will be connected in social media (Facebook and Whatsapp)
and making international calls (Skype, QQ, and Viber). It was spread through twitter. This app
is not targeting terrorists, it is targeting journalists and activists. Most likely it was produced
for the security services of Saudi Arabia. If it's "lawful" for Saudi Arabia to jail and torture
human rights activists I have no doubt they consider it "lawful" to spy on them as well. I doubt
the monarchy is concerned with adding spying to its long list of human rights violations.
MatthewSleeman wrote: blockquote
aleph_nought wrote: blockquote
Better question: How is this lawful to begin with? Unless they set things up so that, in theory,
only terrorists and other *valid* targets of surveillance download then app, I don't see how it
could be given the uproar over the stuff Snowden released
Consider the likely target of the malware. It is someone using a news app focusing on a Saudi
Arabian province. It assumes that the target will be connected in social media (Facebook and Whatsapp)
and making international calls (Skype, QQ, and Viber). It was spread through twitter. This app
is not targeting terrorists, it is targeting journalists and activists. Most likely it was produced
for the security services of Saudi Arabia. If it's "lawful" for Saudi Arabia to jail and torture
human rights activists I have no doubt they consider it "lawful" to spy on them as well. I doubt
the monarchy is concerned with adding spying to its long list of human rights violations.
True, although I doubt they're the only country that would benefit from such a tool.
BTW when is the IOS version coming out? I can't image just running a different brand would provide
the needed security?
there has been several stories about iOS malwares used by government agencies.
others, aimed at high value targets, would use 0day flaws (browser exploits, PDF exploits,...).
so far, haven't heard of any such malware targeting WP7/8, but that's probably due to market share.
Interestingly, such spying toolkits still have modules for Windows Mobile 6 (that might be explained
by the fact it was much easier to develop malware on that old platform without sandboxing or modern
memory protection features)
All of these app permissions are shared by and android app named "MobileTracker 1.0", which comes
with many of the cell phones straight from the manufacturers. The full list of MobileTracker 1.0
is scary and this app cannot be disabled. It smells a lot like another CarrierIQ to me. Be aware
of this app.
And what about regular users android insecurity? Is not this is a huge problem with Google
serving as as a channel for spying on us?
Notable quotes:
"... "The absolutely minimum Trump could do to protect our nation is to use a secure device to protect him from foreign spies and other threats," said Senator Ron Wyden, a Democrat from Oregon on the Intelligence Committee. "It would be irresponsible in the extreme for the commander in chief to use an unsecure device that could be easily hacked or intercepted." ..."
"... "There are a lot of questions, but it is clear there are often vulnerabilities in our phones and internet systems - and it is critical that people take precautions to ensure their sensitive information is protected from hackers and other malicious actors," said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union. ..."
"... In 2009, President Barack Obama fought to become the first president with a smartphone; though he won, the use of a White House-issued secure device came with many rules. ..."
President Trump has carried his Twitter habit into his presidency. He has also brought with him
another tech habit that is causing concern.
Mr. Trump has been using his old, unsecured Android phone to post on Twitter since moving to Washington
late last week.
The president's desire to use his old, personal smartphone raises concerns that its use could
be exposing him and the nation to security threats.
He is using the Android smartphone mainly to post on Twitter, not to make calls. But it's unclear
what security measures have been put in place on the device and how vulnerable he could be to someone
stealing data or breaking into his Twitter account.
The White House did not respond to a request for comment.
Twitter requires a connection to the internet, which exposes the device to security vulnerabilities
if proper measures like two-factor authentication - a password and a code texted to a phone, for
example - are not in place. If he uses the smartphone on an unsecure Wi-Fi network, he could be exposing
his location and other personal information on the device.
"The absolutely minimum Trump could do to protect our nation is to use a secure device to
protect him from foreign spies and other threats," said Senator Ron Wyden, a Democrat from Oregon
on the Intelligence Committee. "It would be irresponsible in the extreme for the commander in chief
to use an unsecure device that could be easily hacked or intercepted."
Among the concerns by security experts:
It is unclear if the device and its functions like texting are encrypted to thwart hacking. The
device could be more vulnerable to hacking if used on unsecured Wi-Fi and cellular networks, such
as when Mr. Trump travels between meetings or anywhere outside the White House. Hackers could
access the device to turn on the camera and microphone. Stingray devices, a type of surveillance
tool often used by law enforcement, can track a device's location and other information.
"There are a lot of questions, but it is clear there are often vulnerabilities in our phones
and internet systems - and it is critical that people take precautions to ensure their sensitive
information is protected from hackers and other malicious actors," said Neema Singh Guliani, legislative
counsel with the American Civil Liberties Union.
The president's use of the personal device is particularly notable given his criticism of Hillary
Clinton for using a personal email address and server when she was secretary of state.
In 2009, President Barack Obama fought to become the first president with a smartphone; though
he won, the use of a White House-issued secure device came with many rules.
"As president, he is the biggest sitting target in the world," said Kevin Bankston, the director
of New America's Open Technology Institute.
Security researchers have found
malware hidden in the firmware of several low-end Android smartphones and tablets , malware
which is used to show ads and install unwanted apps on the devices of unsuspecting users. 26 Android
device models have been found to be vulnerable. The common link between all these devices is that
all are low-cost devices, mostly marketed in Russia, and which run on MediaTek chipsets.
According to security researchers from
Dr.Web , a Russian antivirus
vendor, the malware appears to have been added to the firmware by "dishonest outsourcers who took
part in [the] creation of Android system images decided to make money on users." The security
firm has informed MediaTek and the device vendors about this issue so the affected companies can
inspect their distribution chain and find the possible culprits.
Posted by
BeauHD
on Tuesday December 20, 2016 @07:45PM
from the
buyer-beware
dept.
Long-time Slashdot reader
emil
writes
about how
ADUPS
, an Android
"firmware provisioning" company specializing in both big data collection of
Android usage and hostile app installation and/or firmware control, has been
found pre-loaded on
Barnes and Noble's new $50 tablet
:
(onthewire.io)
42
Posted by msmash
on Wednesday November 30, 2016 @12:25PM
from
the
security-woes
dept.
Reader
Trailrunner7
writes:
A new version of an existing piece of malware has emerged in some third-party
Android app stores and researchers say
it has infected more than a million devices around the world
, giving the
attackers full access to victims' Google accounts in the process. The malware
campaign, known as Gooligan, is a variant of older malware called Ghost Push
that has been found in many malicious apps. Researchers at Check Point recently
discovered several dozen apps, mainly in third-party app stores, that contain
the malware, which is designed to download and install other apps and generate
income for the attackers through click fraud. The malware uses phantom clicks
on ads to generate revenue for the attackers through pay-per-install schemes,
but that's not the main concern for victims. The Gooligan malware also employs
exploits that take advantage of several known vulnerabilities in older versions
of Android, including Kit Kat and Lollipop to install a rootlet that is capable
of stealing users' Google credentials.Although the malware has full remote
access to infected devices, it doesn't appear to be stealing user data, but
rather is content to go the click-fraud route. Most users are being infected
through the installation of apps that appear to be legitimate but contain the
Gooligan code, a familiar infection routine for mobile devices.
If you're using Chrome as your default browser – and let's be honest: who isn't? – were you aware
that you can access the Chrome tabs from your other devices on your phone or tablet?
As long as you're logged into Chrome, when you launch a new tab you'll see the Recent tabs
option at the bottom right. Tap this to see the urls that are open on your other logged-in devices
and quickly access any of them.
This is another great tip for anyone with a tendency to misplace their things or for those with the
bad habit of leaving your phone on the restaurant table while they dash off to the bathroom. If your
phone gets lost and you suspect it has been picked up by someone, you can put a message on the
lock screen telling the finder of your phone how to get in contact with you.
Remote lock or wipe your lost phone
There's not much worse than losing your phone, apart from losing your phone and knowing that someone
might have access to your data. It's not only depressing, it's downright dangerous. Did you know
that Google has an awesome feature called Android Device Manager that lets you track and take control
of your phone if you ever lose it?
ADM goes beyond just tracking your phone though: you can use it to ring your phone, remotely
lock it or even factory reset it if you know you're never getting it back. Just enable Android Device
Manager in Settings > Security > Device Administrators and access the site on your computer if you
ever lose your phone.
Mr. Number
There is little in life that's more annoying than having your smart phone ring during dinner. Even
worse than that, is discovering the call is coming from a phone solicitor. This is where Mr. Number
saves the day. You can use Mr. Number to block problem incoming numbers. Best of all, you'll have
the ability to either send the caller directly to voicemail or just block them completely.
SwiftKey
I've tried to use the default Android keyboard. It's "okay," however I need something that will help
catch my written mistakes. While not perfect, I've found that SwiftKey is pretty close. If you allow
it to learn from your phone's history, it's surprisingly accurate in its suggestions and auto-corrections.
Install, choose the keyboard skin you want and you're all set. The only downside is that I lack this
on my desktop PC.
Tasker
I've had a bit of a love/hate relationship with Tasker. I love it as it allows me to automate various
aspects of my phone's interaction with the real world. But I hate it because I keep finding new uses
for it. From using location services to make your phone turn off certain services to sending SMS
messages when you get to work – this app does it all! I should point out that this is not an easy
app to use out of the box. You will need to spend some time working with it to fully get the hang
of it.
Elixir 2
If there is one application you install, it needs to be Elixir 2. It's designed to help the masses
understand some of the mysterious stuff running in the background of their Android devices. This
app is also awesome for hardware troubleshooting. Proximity sensor or software issues bugging you?
Elixir 2 will allow you to verify that your Android phone's sensors are all acting correctly. I have
found that its report generator is an invaluable tool for determining device health, component temperature
and if everything is firing on all cylinders.
PIA (Private Internet Access)
If you find yourself using untrusted wifi on occasion, then you're going to want to make sure you're
using the PIA VPN app for Android. It's dead simple to use, simply enter in your account information
once and connect. The VPN software will ensure you're connecting to the fastest VPN server and your
getting solid throughput performance. There are other VPN solutions out there for Android, however
none of them match both the speed and performance found with PIA.
SmartThings
It's been said that 2015 is the year that "the Internet of things" becomes a common buzzword with
smart devices working together to make life around your home easier. Recently I've been testing out
a smart device hub called SmartThings. It comes with a smart hub that I connected to my router, then
I added smart sensors to expand the "network" of smart devices. The key to controlling these items
comes from their SmartThings Android app. It allows me to monitor sensors being triggered and even
turn devices on or off. What I love about this app is that it offers me the ability to receive alerts
as push notifications and SMS alerts. Bundle their alerts with the ability to make real-time changes
to aspects of my home from anywhere and it's easy to see why SmartThings is such a popular concept.
Fing – Having a clear, real-time list of the devices attached to my home network is a huge
time saver.
Fing provides this for me without any extra effort. It even provides me with the assigned IP
addresses, device manufacturer name and hostname for each appliance. Fing goes further by providing
me with ping, traceroute and DNS lookup options. And as an added benefit, I can even execute WAL
(Wake on LAN) for any computers setup to receive the "magic packet."
BaconReader – Reddit is a guilty pleasure of mine. But rather than bother to load up Reddit
in Chrome, I prefer to use
BaconReader. Its UI is intuitive, simple to use and runs very smoothly. I also like that I can
share comments or a direct link to a Reddit post with minimal screen presses.
JuiceSSH –I spend more than a fair amount of time in SSH these days, between checking logs
and working with my crontab. I've been known to monitor server performance or track down issues,
while using
JuiceSSH
on my Android phone. I need SSH access to Debian ARM on a Pogoplug, Ubuntu Server on a Raspberry
Pi and Ubuntu MATE and Arch (Antergos) dual-booting on my main rig. With JuiceSSH, I have simple
access to all of these machines. Add in Dynamic DNS and I have SSH access from anywhere in the world.
The biggest thing that sold me on JuiceSSH vs other related apps are the plugins available. An importer
for my ssh_config, performance monitor for my remote servers, a port knocker, even a solid audit
log.
The Wall Street Journal
reported Thursday, citing sources with knowledge of the matter, that Google plans to fold its
Chrome operating system into Android.
It follows on from reports two years ago when Google's executive chairman Eric Schmidt
refused to rule out merging the two Linux based operating systems.
Last year, rumors emerged that Google was
already at
work in combining its popular end-user operating systems. And, in June 2014, Sundar Pichai --
now Google's CEO -- said that the company will be giving Chrome OS
the power to run Android apps..
This move make a great deal of sense. Android and Chrome OS are Linux-based operating systems,
which support apps in different ways but share the same foundation. Android forms its own distribution
family, while
Chrome
OS is based on Gentoo Linux.
Both have their own strengths they could bring to a merged smartphone, tablet, and desktop operating
system. Android, which runs on more than a billion devices, is the single most popular end-user operating
system, with more than
1.6 million apps. Chrome OS has shown that Web-based apps are sufficient enough for many desktop
users. In addition, Android is plagued with multiple versions that are very difficult to upgrade.
Chrome OS updates all versions on all systems. If Google gets vendors to update their Android
devices using Chrome OS' upgrade methodology, Android would instantly become much more secure.
Sources close to the matter said that Chrome OS isn't going away any time soon, however.
"Google will still be pursuing Chromebook partnerships, for example since Chromebooks are doing
better than ever in US schools."
Another source said that it makes sense now to explore with mobile devices becoming the primary
device. There are opportunities to provide an open platform for both mobile and desktop. This is
already happening. Examples of this direction include Chromecast running on a version of Android
and the new
Pixel C Android tablet.
In
a recent issue of Fast Company, Google engineer Hiroshi Lockheimer, one of the leading Android
developers, said that with the Android and Chrome OS now under the same management its "easier to
implement cross-platform features such as the ability to use an Android phone to unlock a Chromebook."
We can now see the where these cross-platforms efforts are leading to: A new merged operating
system.
Alas, while the marriage license may be signed, the actual release date is still over a year in
the future. The Journal reports that the combined "Android Chrome OS" won't ship until 2017.
Security vendor Avast warned on Feb. 3 that it had found three popular apps in the Google Play
Android apps store that were infecting users with adware.
A Google spokesperson confirmed to eWEEK Feb. 4 that all of the malicious apps identified in the
Avast report had been suspended from Google Play.
Android smartphones are kind of like Hummers. Reminiscent of the oversize, gas-guzzling S.U.V.'s,
Androids have the biggest screens and tend to use much more data than other types of smartphones,
including iPhones. And that higher data usage could rack up heftier phone bills.
In a recent study, Ericsson, the networking company, found that global mobile Internet traffic
varied greatly, depending on the software system and the network that a phone uses.
But the highest average data consumption was seen on Android phones, which consumed an average
of 2.2 gigabytes of data a month on one network, the study said. By contrast, iPhones used roughly
1.7 gigabytes a month and Windows phones used approximately 1.4 gigabytes a month, Ericsson found.
Chetan Sharma, a telecom analyst who is a consultant for wireless carriers, also has found that
Android phones were the biggest data hogs. In the United States, high-end Android phones used about
4 gigabytes a month on average this year, he said. That is well above the average of 1.2 gigabytes
a month that American wireless subscribers consumed this year.
So why does Android use more data?
The reasons are multifold. The most obvious is that Android phones tend to have the largest screens,
so they download bigger files and video with more pixels, Mr. Sharma said.
Another factor is that Android is less efficient at managing apps than Apple's iOS. For instance,
multiple Android apps may be running in the background with things like location data being collected,
Mr. Sharma said. Also, Android users typically don't upgrade their operating systems as frequently
as iOS users, so their smartphones may not receive fixes improving data management, he said.
Jan Dawson, an independent telecom analyst who previously worked for Ovum, noted that the data
traffic numbers may also reflect the profiles of the people who choose Android versus those who choose
iPhones. People with larger Android phones are more likely to skip buying a tablet, whereas iPhone
owners may be buying iPads and consuming a lot of content there.
Regardless of how much data whichever phone consumes, the greater concern is how difficult it
is to monitor data usage, Mr. Dawson said. While the carriers provide tools for monitoring data usage,
there is no easy and intuitive way to keep close track of the megabytes or gigabytes you're using
- no equivalent to a gas gauge to see how close you are to empty.
None of those application even close to being great ;-).
AutomateIt might have some promise, though
AutomateIt
Your smartphone is pretty smart, but apps like AutomateIt can make it even smarter.
The app lets you automate actions on your phone, so that whenever certain criteria are met,
the action is triggered.
You can use AutomateIt for a variety of tasks, including sending a reply with your phone's
location whenever a person texts you asking where you are. Or you can use it to turn Wi-Fi on
and off under certain conditions to save battery life. You can even have AutomateIt switch your
phone to vibrate mode whenever a meeting saved on your calendar starts.
If all of these settings seem a little too utilitarian, and just not fun enough, consider this:
You also can use AutomateIt to play audio that says "Don't Touch Me!" whenever anyone comes too
close to the proximity sensor on your phone.
It's great to see Open Source used as a tool to help foster healthy competition where it otherwise
may not happen. But it's also potentially bad if the Open Source path leads to worse results for
end users.
Take for example the iPhone/Android comparison made. The iPhone took control away from the
mobile phone carriers in regards to the device, allowing all iPhone users to see updates all at
the same time. It also put a dent in the phone crapware problem. Android has done nether,
suffering problems because devices can't be all easily updated. Google today announced that
they will be updating APIs through Google Play. All because their attempts to update those
APIs at the OS level failed due to carrier and device manufacturers holding up, or never providing
OS updates.
Google is only regaining control and providing better user experience on Android by becoming
more closed, at least when it comes to how they deal with carriers and device manufacturers.
jedidiah
Re: This isn't always good though
Android gives users more control over their hardware and their user experience. It also presents
a more diverse and meaningful set of choices.
A lot of people like to whine about Android fragmentation and then ignore how badly forced
OS upgrades can run on an iPhone.
Even without Google trying to emulate Apple. Android provides a useful and distinct alternative.
There is nothing about Google engaging in Apple style megalomania that will improve my user
experience as an Android user. Those perpetuating the usual FUD in this area never highly any
actual real consequence of this so-called tragic fragmentation.
So the Back button should open the previous screen. Use of the word "History" makes me think it
should work like the back button in your browser. Boy, would that be awesome. There are so many times
when that just doesn't happen.
I Never Have Any Idea What The Back Button Will Do
Here is a screen cap from Google's official
Galaxy Nexus User Guide (PDF), explaining what the Back button is supposed to do:
So the Back button should open the previous screen. Use of the word "History" makes me think
it should work like the back button in your browser. Boy, would that be awesome. There are so
many times when that just doesn't happen.
The back button is broken in a million different ways. Here, I'll show you.
... ... ...
Since we can't believe the user manual, let's be smart users and learn from this interaction:
the Back button takes you to the "main page" of an app, then a second back press will get you to
where you were - lesson learned.
In the case you would like to find the most
advanced community support use the following:* Android development kit from Google;* use Eclipse
as the IDE since it's being widely used and has needed plugins;* build your app in Java in the
case you are targeting only Android devices and your application functionality demands full platform
API set;* build your app logic in JavaScript, HTML5 and use PhoneGap as a glue if your application
mostly consist from data presentation layers and you are targeting multiple platforms like iOS,
BlackBerry;* would you like to build it as JavaScript, HTML5 but using Java for coding - Google
Web Toolkit your choice along with PhoneGap; There are many other ways but I would rather say
they are not that easy comparably to said above.
Java is the primary language for developing Android applications. On top of that you can use scripting
language like Python, JRuby, Lua,PERL, JavaScript. For using the scripting languages you have
to install SL4A (Scripting layer for Android).
As a python lover and Android programmer, I am sad to say this is not really a good way to
go. There's two problems.
One problem is that there is a lot more than just a programming language to the Android development
tools. A lot of the Android graphics involve XML files to configure the display, similar to HTML.
The built-in java objects are really integrated with this XML layout, and it's a lot easier than
writing your own code to go from logic to bitmap.
The other problem is that the G1 (and probably other Android devices for the near future) are
really not that fast. 200 Mhz processors, and RAM is very limited. Even in Java you have to do a
decent amount of rewriting-to-avoid-more-object-creation if you want to make your app perfectly smooth.
Python is going to be too slow for a while still on mobile devices.
Using SL4A (which
has already been mentioned by itself in other answers) you can
run a full-blown web2py instance (other
python web frameworks
are likely candidates as well). SL4A doesn't allow you to do native UI components (buttons, scroll
bars, and the like), but it does support
WebViews.
A WebView is basically nothing more than a striped down web browser pointed at a fixed
address. I believe the native Gmail app uses a WebView instead of going the regular
widget route.
This route would have some interesting features:
In the case of most python web frameworks, you could actually develop and test without
using an Android device or Android emulator.
Whatever Python code you end up writing for the phone could also be put on a public webserver
with very little (if any) modification.
You could take advantage of all of the crazy web stuff out there: query, HTML5, CSS3,
etc.
SL4A does what you want and is actively developed. You can install it from the Market and don't
need root. It supports a range of languages, Python support is currently for version 2.6, but
the owner, Robbie, is personally working on Python3. Check it out.
The Last but not LeastTechnology is dominated by
two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt.
Ph.D
FAIR USE NOTICEThis site contains
copyrighted material the use of which has not always been specifically
authorized by the copyright owner. We are making such material available
to advance understanding of computer science, IT technology, economic, scientific, and social
issues. We believe this constitutes a 'fair use' of any such
copyrighted material as provided by section 107 of the US Copyright Law according to which
such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free)
site written by people for whom English is not a native language. Grammar and spelling errors should
be expected. The site contain some broken links as it develops like a living tree...
You can use PayPal to to buy a cup of coffee for authors
of this site
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or
referenced source) and are
not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society.We do not warrant the correctness
of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be
tracked by Google please disable Javascript for this site. This site is perfectly usable without
Javascript.
