End of year tests, which are also valid for the start of 2014, show that 12 of the current 28 antivirus apps for Android have a perfect detection rate and spotted everyone of the 2,124 malicious samples used.
This week Google has announced that it is extending this new Patch Reward Program to cover other open source projects including Android! Patches need to be submitted directly to the AOSP and if Google reckons the patch has a positive impact on security then the developer will get a reward ranging from $500 to $3,133.7.
At the heart of every smartphone there is a baseband processor which contains a general purpose ARM processor and runs its own operating system. These operating systems are closed source and vulnerable to hackers.
One of the new security features in Android 4.4 KitKat is verified boot which is designed to detect persistent rootkits that can hold onto root privileges and compromise a device’s security. However it as a side effect, it could stop the installation of custom ROMs.
Are biometrics a valid way to perform authentication? One response is that the use of biometric information for security is dubious at best because once your biometric data has been compromised you can’t change it, ever!
A recently published paper by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) has outlined the security concerns the two government agencies have about the use of Android by emergency service personnel including the police and the fire department.
Google has started encrypting the all the data written to disk via its Google Cloud Storage service, however the keys are automatically managed by Google making it irrelevant if Google was forced by law to hand of the data and keys,
Android 4.3 Jelly Bean includes a variety of internal changes that make it more difficult for hackers (and the NSA) to exploit security vulnerabilities. Plus Google is rolling out its find-my-phone service and has added a malware scanner to the Google Play Services.
Don’t trust the government? Google might have a solution for you. The search giant is reportedly experimenting with server-side file encryption for Drive.
The developers behind CyanogenMod, bless their hearts, have committed code to prevent exploitation of a second, recently discovered “master key” security bug.