Mobile Security news & analysis | SC Media Mobile Security

Mobile Security News and Analysis l SC Media

Analysis of popular apps finds rampant sharing of personal data

An analysis of 10 highly popular Android apps found what researchers are calling the “out of control” sharing of potentially sensitive information with third parties, in some cases in likely violation of Europe’s GDPR privacy regulations. The findings, which were published in a report issued by the Norwegian Consumer Council (NCC), prompted a coalition of…

iPhone's are also susceptible to hacking.

Federally funded Unimax smartphone pre-loaded with malware

The Unimax UMX U686CL is a Chinese-made smartphone distributed by the federally funded Assured Wireless by Virgin Mobile has been found to come pre-loaded with two malicious applications. Malwarebytes researchers found the malware every owner finds on their phone is Wireless Update and amazingly the device’s own Settings app, neither of which can be removed…

Two information-disclosing bugs found in Twitter Android

In the span of five days, reports of two Twitter Android app vulnerabilities have surfaced: one that could cause attackers to view nonpublic account information or control accounts, and another that reportedly allowed a researcher to look up details on 17 million accounts. In a Dec. 20 blog post, Twitter noted that it issued an…

2020 Predictions: Mobile Security

Anthony Di Bello, vice president, strategic development, OpenText 2020 will be a key year for mobile device security given new demands placed on these devices. While employees and consumers have started to take a more proactive approach when it comes to cyber security over the past few years, there is still more that can be…

Over 100 apps found to serve unwanted ads using ‘Soraka’ SDK

More than 100 Android applications that were downloaded over 4.6 million times via the Google Play Store were found to contain malicious code that delivers unwanted, out-of-context (OOC) advertisements to users. The code, a software development kit called Soraka, typically delivers its first OOC ad just after a device is unlocked, according to a new…

Apple says ultra wideband tech culprit behind location data sharing; to issue fix

If what happens on your iPhone doesn’t stay on your iPhone after all, ultra wideband (UWB) technology is the culprit, according to Apple. After the Apple iPhone 11 Pro was discovered to still be sending out user location data even after Location Services was disabled, the company has finally pinned the contradiction of its privacy…

Exploited Android flaw ‘StrandHogg’ enables phishing overlays, malicious permissions

Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first gain root access, according…

Facebook, Twitter ban malicious SDK that removed member info

Twitter warned its users that a software development kit (SDK) developed by oneAudience could have allowed that company to obtain account information. Facebook also posted a notice concerning not only the oneAudience SDK, but also for fellow SDK maker Mobiburn. OneAudience confirmed the problem and then shut down the SDK along with its associated websites…

Next post in Mobile Security