Archive for Android

« Older Entries

Hell Has Frozen Over… iPhones Can Now AirDrop To Android Users

Posted in Commentary with tags on November 20, 2025 by itnerd

Google announced today a new cross-platform feature that allows for file sharing between iPhones And Pixel 10 devices called Quick Share:

We built this with security at its core, protecting your data with strong safeguards that were tested by independent security experts. It’s just one more way we’re bringing better compatibility that people are asking for between operating systems, following our work on RCS and unknown tracker alerts.

We’re looking forward to improving the experience and expanding it to more Android devices.

This addresses a major pain point that has always bugged iPhone and Android users. And when it spreads to more Android phones, this will be huge. I have to ask if you’re surprised as I am that this is even a thing. Post a comment below and share your thoughts.

1 Comment »

Android Phones Vulnerable To Remote Access Vulnerability

Posted in Commentary with tags on August 19, 2024 by itnerd

Bad news if you have an Android phone, particularly a Pixel phone. A company named iVerify has discovered an extremely serious vulnerability in those versions:

The vulnerability makes the operating system accessible to cybercriminals to perpetrate man-in-the-middle attacks, malware injections, and spyware installations. The potential impact of this Android security vulnerability is unknown and could result in millions of dollars in data loss and breaches.

iVerify, in concert with the information security team at Palantir Technologies, initially identified and investigated a vulnerability in an Android app package called Showcase.apk. The application runs at the system level and can fundamentally change the phone’s operating system. Since the application package is installed over unsecured HTTP protocols, this opens a backdoor, making it easy for cybercriminals to compromise the device. iVerify notified Google of the vulnerability and submitted a detailed report after discovering it on customer devices that did not pass iVerify’s behavior-based detections. It’s unclear if Google will issue a patch or remove the software from the phones to mitigate the potential risks.

Furthermore, users cannot remove this app because it is part of the firmware image, and Google does not allow end-users to alter the firmware image for security reasons. 

This is bad as at present, users of Android phones cannot mitigate this vulnerability on their own. They have to wait for Google to do it for them. Which Google has said that they will do. At least with Pixel phones that aren’t the Pixel 9 as that doesn’t have the .apk file in question. Google has said that it will notify other OEMs about this vulnerability. That means that it will potentially take longer for this issue to be addressed on non Pixel phones.

Leave a comment »

WARNING: A Dangerous New Text Message Targets Freedom Mobile Users On Android With Malware

Posted in Commentary with tags , on December 7, 2023 by itnerd

If you’re on Freedom Mobile here in Canada, and you have an Android phone, there is a super dangerous text message that you need to be aware of. Here’s the text message in question:

Now what’s dangerous about this message is if you click the link, you will be prompted to download and Android .APK file and give it all sorts of permissions. If you do that, it will not end well for you because the .APK file in question looks like this on Virus Total:

In short, a lot of the antivirus sites detect this as malware that likely does all sorts of nasty things to your Android phone. And what’s really crafty about this is if you try to access this website from anything other than an Android phone, it will not download the payload as it checks the browser that you’re using. Thus it evades detection for a longer period of time.

Here’s some quick facts: Freedom Mobile, nor any other carrier will ask you to download a software update of any sort to “continue to use your services”. Thus if you get a text like this, you need to delete it ASAP and not click on any links. Nor should you install anything if prompted. And if you’re on an Android phone, this reinforces that you need to be super careful of what you install. Because it doesn’t take much to get pwned by a threat actor.

Speaking of this threat actor, it’s clear that this is someone who on the surface appears to be skilled and is likely to target Bell, Rogers, and TELUS customers next when their luck with Freedom Mobile runs out. So customers of all phone carriers need to be aware of this as it is highly likely that this is coming for you next.

Leave a comment »

Two File Management Apps On The Google Play Store Sending The Data Of 1.5 Million To China 

Posted in Commentary with tags , on July 11, 2023 by itnerd

A detailed in a report published by Pradeo, analysts discovered two file management apps on the Google Play Store to be spyware, secretly sending the user data of 1.5 million Android users to servers in China. 

Seemingly harmless Spyware apps, File Recovery and Data Recovery (1 million plus installs) and File Manager (500k plus installs), are developed by the same malicious group and assure users that no data is collected, automatically launch when the device reboots, and hides their icons on home screens.

Pradeo’s analytics engine has found stolen data to include contact lists, media files, real-time location, mobile country code, network provider details, SIM provider network code, operating system version, device brand, and model. Each app performs more than a hundred transmissions and then transmits the data to multiple servers in China which are deemed malicious.

Ted Miracco, CEO, Approov Mobile Security had this to say:

   “The security issues related to this story are deeply concerning, albeit not surprising. The most fundamental problem is the false sense of security that consumers and businesses have related to app stores like Google Play (and Apple’s Appstore) in terms of actually protecting devices and individuals from these malicious apps. 

   “Both Apple and Google are actively promoting their security efforts at developer conferences, achieving record profits and sales while many of the apps available have huge discrepancies between their stated privacy policies and the actual information and data collected. These include both legitimate mainstream apps, that bend the rules without apparent consequences, and malicious apps that engage in deceptive behavior, claiming not to collect data while secretly doing so. 

   “App marketplaces must prioritize the implementation of more robust security measures to detect and prevent the infiltration of malicious apps that compromise user data.  It is also important for users to remain vigilant in protecting their devices and for businesses to be extremely wary of deceptive and modified apps that can compromise their data and their employers’ data. 

   “The fact that the data is being sent to malicious servers in China compounds the gravity of the threat while making it extremely difficult for consumers and businesses to mitigate the repercussions and long term damage that might occur from the stolen data. It also highlights the complex global nature of cyber threats and the importance of international collaboration in addressing such issues. 

   “Cooperation between security experts, app stores, and law enforcement agencies is vital to combatting these malicious activities and safeguarding user data, yet it is a monumental task that may take decades to be resolved, due to the complexity and competing global agendas.”

This illustrates why you shouldn’t just install anything on your Android or iPhone. Because you simply don’t know what the apps do and where your data is going.

Leave a comment »

Microsoft Discovers Security Flaws In Android Apps Provided By Canadian Telcos Among Other Telcos

Posted in Commentary with tags , , , , , on May 30, 2022 by itnerd

This isn’t a good look for Rogers, Bell, Freedom Mobile, TELUS and a few other telcos. According to BleepingComputer, Microsoft has found some serious vulnerabilities in Android apps that they distribute:

The researchers found these vulnerabilities (tracked as CVE-2021-42598CVE-2021-42599CVE-2021-42600, and CVE-2021-42601) in a mobile framework owned by mce Systems exposing users to command injection and privilege escalation attacks.

The vulnerable apps have millions of downloads on Google’s Play Store and come pre-installed as system applications on devices bought from affected telecommunications operators, including AT&T, TELUSRogers CommunicationsBell Canada, and Freedom Mobile.

“The apps were embedded in the devices’ system image, suggesting that they were default applications installed by phone providers,” according to security researchers Jonathan Bar Or, Sang Shin Jung, Michael Peck, Joe Mansour, and Apurva Kumar of the Microsoft 365 Defender Research Team.

“All of the apps are available on the Google Play Store where they go through Google Play Protect’s automatic safety checks, but these checks previously did not scan for these types of issues.

“As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device.”

Well, that’s not good. But these apps have been fixed. Sort of. Microsoft reached out to the relevant parties and these vulnerabilities were fixed. But the at-risk framework is likely used by numerous other service providers who may still have apps out there that aren’t fixed. Which means that threat actors can still launch attacks.

To protect yourself, search for the package name com.mce.mceiotraceagent on you Android device. If you find it, delete it ASAP if you can. I say that because you might need root access to delete it.

Leave a comment »

Android Phone Owners With Skype Installed Are Vulnerable To A Passcode Bypass Exploit

Posted in Commentary with tags , , on January 4, 2019 by itnerd

If you use Skype for Android, you should pay attention. Someone who is in possession of an Android phone with Skype installed on it simply has to to receive a Skype call and answer it without unlocking the handset. They can then view photos, look up contacts, send a message, and open the browser by tapping links in a sent message, all without ever unlocking the phone. The Register first reported this and I have a video below that demonstrates the exploit:

The vulnerability was reported to Microsoft and a fix is already out there via updating to the latest version of Skype. By doing so, you will ensure that you do not get pwned.

1 Comment »

Android Pie Is Now Shipping….. Though You May Never Actually Get It On Your Device

Posted in Commentary with tags on August 7, 2018 by itnerd

Google’s latest Android operating system update, Android 9 Pie, has been officially released to customers. Here’s a video that shows you what this new version of Android brings to the table:

Here’s a quick list of notable features:

  • A new gesture-based system interface that’s similar to the interface of the iPhone X
  • There’s a new Android Dashboard, designed to tell you how much time you’re spending on your device. Which sounds like Apple’s Screen Time feature that’s coming in iOS 12.
  • A new Do Not Disturb option called “Shush” which silences Android devices when placed facedown
  • A Wind Down option lets Android users select a specific bedtime to turn the interface gray to discourage smartphone usage at night.
  • An Adaptive Battery feature that maximizes battery power by prioritizing the apps you’re most likely to use next,
  • App Actions for predicting what you’ll want to do next. Which to me sounds a lot like Siri Suggestions,
  • There’s a future feature Slices which is a feature that brings up information from your favorite apps right in search.

Android Pie is available to Pixel phones today. For everyone else, you may get an update if your device is recent enough. But as typical for Android devices, your ability to get a major update to Android largely depends on who makes your phone, what carrier it is on, and how old it is as many devices use customized versions of the Android OS. Which means that both device manufacturers and/or carriers have the ultimate say as to what updates users get. Thus it is entirely possible that you may never get this update on your phone, and you may need to get a new phone to get Android Pie.

Leave a comment »

Buy A Low Cost Android Phone, And Get Pwned For Free

Posted in Commentary with tags , on May 25, 2018 by itnerd

More than 100 different low-cost Android models from manufacturers such as ZTE, Archos, and myPhone ship with malware pre-installed, researchers at Avast Threat Labs reported on Thursday. Users in more than 90 countries, including the U.S., are affected by this, the researchers said:

The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps or even trick users into downloading apps. The app consists of a dropper and a payload. “The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under ‘settings.’ We have seen the dropper with two different names, ‘CrashService’ and ‘ImeMess,'” wrote Avast.

The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. “The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we’ve never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK.”

Well. That’s not cool. These companies need to explain why their phones ship with this stuff. Or better yet, I say that governments should say that if this stuff is on phones when they ship, then they can’t be sold. But I suspect that neither is going to happen and consumers will have to fend for themselves by sticking to iOS or the Samsungs or LGs of the world and avoiding this low end market entirely.

Leave a comment »

When It Comes To Privacy For In Car Infotainment Systems, It’s An Open Question As To What Data Google And Apple Collects From You

Posted in Commentary with tags , , , on April 20, 2018 by itnerd

The issue of privacy when it comes to in car infotainment systems like Android Auto and Apple CarPlay flared up again yesterday when it came to light that Toyota took a pass on Android Auto because of privacy concerns. They joined Porsche who famously did the same thing a few years ago.

That made me wonder if it is spelled out clearly what data either of these systems collects and how it is used. Why does that matter? I’d like to know if Google or Apple is motioning how aggressively I drive. And what they do with that information and who gets to see it.  Thus I spent a day looking around the Internet to see if such documentation exists. The net result of my research is that neither company does a great job of spelling out what data they collect via their infotainment systems and how it is used. To illustrate this, I want to use Tesla as an example of what I am looking for. Their privacy policy makes it very clear what they collect in terms of data. And they go into a great amount of detail about how it is used. That way, you know exactly what Tesla is doing. As far as I am concerned, this is the gold standard when it comes to this sort of thing as it removes any questions from my mind about what Tesla may or may not be doing.

Now let’s go over to Apple. They have a privacy microsite that is better than most and specifically mentions Apple CarPlay here where it says this:

All the rigorous privacy measures built into your iPhone and apps carry over to CarPlay. Only essential information that enhances the CarPlay experience will be used from your car. For example, data such as your car’s GPS location can be used to help iPhone produce more accurate results in Maps.

That’s something I suppose, but beyond that there’s no specific mention in their privacy policy or anywhere else on their microsite about what CarPlay collects and what is done with that information.

In the case of Google and Android Auto, I was unable to find anything that specifically mentions Android Auto, and I looked at the Android Auto site and their privacy and terms microsite which if you dig for bit lists pretty much every product that they make except Android Auto. Which means that I have no idea what info Google collects. And that’s a step behind Apple who at least gives me some minimal information on this front.

So in either case, both Android Auto and Apple CarPlay fall well short of telling their users about what data they collect and how it is used when compared to Tesla. That’s a problem given how privacy and the security of data is now a top of mind issue. As a result, we’re left with rumor rather than fact. And that’s a huge problem for both companies if they want their infotainment systems to be adopted widely.

My challenge to both companies would be for them to make their data collection and usage policies for their infotainment systems as clear as Tesla does. At least when Tesla spells it out, I know what I am getting myself into up front assuming that I read the document. I believe that Google and Apple owe us the same.

So how about it Apple and Google? Will you do what’s right for users of Android Auto and Apple CarPlay, or will you continue to keep them in the dark about what data you collect and how it is used in terms of those products? Inquiring minds want to know.

 

Leave a comment »

Your Android Phone Might Not Be As Secure As You Think

Posted in Commentary with tags on April 13, 2018 by itnerd

If you own a Android phone from Google, Samsung, Motorola, LG, HTC, Xiaomi, OnePlus, Nokia, TCL, and ZTE, but really any Android phone, you might not be getting the security patches that you need to keep your phone safe based on a recently released study:

The study found that outside of Google and its Pixel phones, well-known phone makers had devices that were missing patches that they claimed to have. “We found several vendors that didn’t install a single patch but changed the patch date forward by several months,” says SRL founder Karsten Nohl.

The number of missing security patches on phones varied between device makers. For example, Google, Samsung, and Sony devices were found to be missing 0 or 1 patches on average. Xiaomi, OnePlus, and Nokia devices were missing 1 to 3 patches on average, while HTC, Huawei, LG, and Motorola were missing 3 to 4 patches on average. Devices from TCL and ZTE fared the worst, missing an average of 4 or more patches that they claimed to have.

One of the huge problems with Android is that is is now so fragmented, and every vendor has filled it with their own custom stuff and they’ve done god knows what to the core of it. That’s horrible for the consumer as you are guaranteed to get this situation because it’s easier to fudge things than to come out with proper patches on a regular cadence.

Contrast that to those on team iOS where everything comes from Apple. Thus every iPhone user that has an iPhone made in the last five years give or take gets every security update that comes out. Sure iOS is a walled garden unlike the freedom that Android provides its users, but the wall surrounding that garden is pretty secure unlike Android.

While people are going to buy Android phones regardless of how insecure they are because they are cheap, Google and company need to do something about this. The fact is that you can’t have millions of phones running around out there which are wide open to being pwned. That’s just a disaster waiting to happen.

Leave a comment »

« Older Entries