Mobile Security | SC Media

Mobile Security

Google Play announces 2019 malicious app crackdown

By

Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior. Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post. “In addition to identifying…

Adiantum boosts encryption for low-end Android devices

By

Google has developed a new storage encryption solution that will boost encryption capabilities for low-end Android devices that don’t have the hardware to support AES. Researchers said the new solution, called Adiantum, allows the use of the ChaCha stream cipher “in a length-preserving mode, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR and HCH,”…

Report: Apple demands companies obtain consent before recording users’ app sessions

By

Apple has reportedly issued an ultimatum to companies that rely on “session replay” tools to track the way users interact with their iPhone apps: disclose the practice and seek explicit consent for it, or be removed from the app store. Apple’s mandate comes after a TechCrunch report last Wednesday revealed that Air Canada, Hollister, Expedia,…

Amazon Logo

National Enquirer threat to reveal intimate Bezos pics trains focus on privacy protection

By

By going public with alleged extortion attempts, Amazon CEO Jeff Bezos may have thwarted the National Enquirer’s attempts to quash the Washington Post’s probe into the tabloid media company’s practices, but the incident also turned a harsh spotlight on unethical, potentially illegal acts and ratcheted up concerns about privacy. In a Thursday blog post, Bezos…

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple patches two flaws reportedly exploited in zero-day attacks; also nixes FaceTime eavesdropping bug

By

Apple yesterday released security updates for iOS and macOS Mojave, repairing four vulnerabilities, including two that a Google researcher says were exploited in the wild as zero days. The two exploited flaws consisted of memory corruption issues caused by insufficient input validation. The first, CVE-2019-7286, is a privilege escalation vulnerability in the Foundation framework that…

spyware

Cybercriminals secretly bundle anti-censorship app with spyware framework

By

A legitimate application that’s supposed to help users access censored or blocked websites was secretly bundled with Android spyware and made available for download on third-party marketplaces last year. The app, known as Psiphon and packaged as com.psiphon3, has been safely downloaded from the official Google Play Store over 50 million times. But users who attained…

Apple releases iOS 8.0.2 to quell buggy update complaints

Apple’s Siri Shortcuts feature vulnerable to abuse, researchers warn

By

Siri Shortcuts, Apple’s recently introduced native feature for iOS 12, can potentially be abused by threat actors to deliver malware to unsuspecting mobile device users, researchers are warning. The tool allows users to quickly execute and automate multiple-step tasks with just a single tap or voice command. Device owners who download the Siri Shortcuts app…

AppleMalware2

Apple releases updates for iOS, macOS, tvOS, watchOS and other products

By

Apple Tuesday released updates to address vulnerabilities in several of its products including its macOS and iOS operating systems. The iOS updates include a patch for a FaceTime vulnerability which would allow a remote attacker to infiltrate a FaceTime call causing arbitrary code execution which affected  iPhone 5s and later, iPad Air and later, and…

Google Play boots fake apps that spy on devices’ motion sensor data before dropping Anubis malware

By

A fake currency converter and a phony battery utility program are among the latest fraudulent apps to be expunged from Google Play, according to researchers who discovered they were infecting users with a version of the Anubis banking malware family. Both fraudulent apps employ a crafty technique to determine whether it is safe for them…

Federal appeals court says police must get warrants for wireless location data

Report: Wireless geolocation data being resold to unauthorized parties

By

U.S. mobile carriers T-Mobile, Sprint and AT&T have been sharing customers’ geolocation information with third-party partners, who go on to sell that data to additional companies until it winds up in the hands of unauthorized individuals. Citing anonymous sources, a new exposé from Motherboard focuses heavily on the credit reporting company MicroBilt, which is known to purchase carrier…

Next post in Security News