Category: Android


Google and Microsoft have both revealed that they will integrate a ‘kill switch’ into the next versions of their smartphone operating systems, allowing customers to disable their devices if they are lost or stolen.

Google told Bloomberg that it will add a “factory reset protection solution” to its next version of Android

Meanwhile, Microsoft’s vice president for US government affairs, Fred Humphries, said that the company would be adding new anti-theft capabilities to its Find My Phone feature in Windows Phone before July 2015.

“With these additional features, we’re hopeful that technology – as part of a broader strategy – can help to further reduce incentives for criminals to steal smartphones in the first place,” Humphries said in a blog post.

The news comes after Apple introduced ‘activation lock’ and ‘delete phone’ to its Find My iPhone app in September 2013.

As a result, robberies involving the company’s products reportedly decreased by 19 per cent in New York in the first five months of this year. San Francisco and London have also seen Apple-related robberies drop.

New York attorney general Eric Schneiderman said the statistics illustrate the “stunning effectiveness of kill switches”, and has called for other smartphone companies to add theft-deterrence features to their devices.

US Senator Amy Klobuchar, a Minnesota Democrat, and Jose Serrano, a New York Democrat, have both introduced bills that would require phones sold in the US to include kill-switch technology.

Last summer, the Mayor of London Boris Johnson also wrote to eight companies – including Apple, Samsung and Google – stating that about 10,000 handsets are stolen every month in London, and manufacturers have a “corporate responsibility” to help tackle thefts.

“If we are to deter theft and help prevent crimes that victimise your customers and the residents and visitors to our city, we need meaningful engagement from business and a clear demonstration that your company is serious about your corporate responsibility to help solve this problem,” Mr Johnson told manufacturers.

“Each of your companies promote the security of your devices, their software and information they hold, but we expect the same effort to go into hardware security so that we can make a stolen handset inoperable and so eliminate the illicit second-hand market in these products.

“We hope you would support this objective. Customers and shareholders surely deserve to know that business cannot and must not benefit directly from smartphone theft through sales of replacement devices.”

Source: The Telegraph

After a never-before-seen version of KitKat has been spotted a few days ago – version KTU65 – suggesting that Google may release at least one more KitKat update before moving to a new Android OS version, a new tweet from known developer LlabTooFeR says that Android 4.4.3 may be just around the corner, with version KTU72B identified as the upcoming software update.

“Android 4.4.3 is under testing. Build number is KTU72B,” the developer wrote. “Probably it will fix known camera bug.” This KitKat version’s code name suggests this build (dated March 13) is newer than the previous one (dated March 6,) although the developer did not share any details as to when Google will actually release it.

Similarly, it’s not clear whether the update will bring any new features, on top of the expected camera fix for the Nexus 5, and whether it will be available to other devices as well. Still, this appears to be first time these newly discovered KitKat builds are associated with “Android 4.4.3.”

The latest KitKat software version available to Android users is KOT49H (Android 4.4.2), although only some devices have been updated so far, including Nexus tablets and smartphones. A recent report said that Google will unveil Android 4.5 this summer, likely together with new Nexus devices – the company is rumored to ship at least one new tablet this year, with rumors indicating that a Nexus device with an 8.9-inch may be in the works.

Source: BGR

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical “goto fail” flaw that for months put users of Apple’s iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.

“It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification,” an advisory issued by Red Hat warned. “An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.”

GnuTLS developers published this bare-bones advisory that urges all users to upgrade to version 3.2.12. The flaw, formally indexed as CVE-2014-0092, is described by a GnuTLS developer as “an important (and at the same time embarrassing) bug discovered during an audit for Red Hat.” Debian’s advisory is here.

As was the case with last week’s critical encryption bug from Apple, the GnuTLS vulnerability is the result of someone making mistakes in source code that controls critical functions of the program. This time, instead of a single misplaced “goto fail” command, the mistakes involve errors with several “goto cleanup” calls. The GnuTLS program, in turn, prematurely terminates code sections that are supposed to establish secure TLS connections only after the other side presents a valid X509 certificate signed by a trusted source. Attackers can exploit the error by presenting vulnerable systems with a fraudulent certificate that is never rejected, despite its failure to pass routine security checks. The failure may allow attackers using a self-signed certificate to pose as the cryptographically authenticated operator of a vulnerable website and to decrypt protected communications. It’s significant that no one managed to notice such glaring errors, particularly since they were contained in code that anyone can review.

Security researchers are still studying the vulnerability and assessing its effect on the wide array of OSes and applications that depend on GnuTLS. For the moment, readers should assume that the severity is critical given the dizzying amount of downstream code that may be affected. One example: the apt-get installer some distributions of Linux use to distribute and update applications relies on GnuTLS, although exploits against the package can probably be caught by cryptographic code-signing of the downloaded program (thanks to readers for pointing out this secondary level of protection). Version 3 of lib-curl, which is distributed in Debian and Ubuntu, also depends on GnuTLS. Some Debian- and Ubuntu-based virtual private networking applications that work with Cisco Systems hardware are also affected. This list goes on and on.

Source: ArsTechnica

android repair abbotsford - android screen repairs abbotsford Just in time for Halloween, we have two new treats for Android fans. First, we’re excited to unwrap our latest platform release, KitKat, which delivers a smarter, more immersive Android experience to even more people. And second, we’re introducing Nexus 5—a new Nexus phone developed with LG.

The first thing you’ll notice about KitKat is we’ve made the experience much more engaging: the book you’re reading, the game you’re playing, or the movie you’re watching—now all of these take center stage with the new immersive mode, which automatically hides everything except what you really want to see.

 

Bringing more Google smarts to Android
Behind the polish on the screen is the power under the hood. Take the Phone app, which for most people hasn’t really changed since the days of flip phones. Now, we’re making calling easier than ever, by helping you search across your contacts, nearby places, or even Google Apps accounts (like your company’s directory), directly from within the app. And with the new Hangouts app, all of your SMS and MMS messages are together in the same place, alongside your other conversations and video calls, so you’ll never miss a message no matter how your friends send it. This is just a small taste of KitKat—learn more on our site.

Google has always focused on helping users get immediate access to the information they need, and we want to bring this same convenience and power to users on Android. With the new Nexus 5 launcher, Google smarts are deeply integrated into the phone you carry around with you, so getting to the information you need is simple, easy and fast. Swipe once from the home screen to get Google Now literally at your fingertips. Put Google to work for you by saying “OK, Google” to launch voice search, send a text, get directions or even play a song you want to hear. And in the coming weeks, we’re enhancing Now with important new card types that bring you information about contextual topics that interest you such as updates from a favorite website or blog.

Reaching the next 1 billion users
Building a platform that makes mobile phones accessible for everyone has always been at the heart of Android. Until now, some lower-end Android phones couldn’t benefit from more recent Android releases due to memory constraints. With KitKat, we’ve slimmed down Android’s memory footprint by doing things like removing unnecessary background services and reducing the memory consumption of features that you use all the time. We did this not only within Android but across Google services like Chrome and YouTube. RAM (or memory) is one of the most expensive parts of a phone, and now Android can run comfortably on the 512MB of RAM devices that are popular in much of the world, bringing the latest goodies in Android 4.4 within reach for the next billion smartphone users.

Introducing Nexus 5
Along with our sweet naming tradition, we also introduce a new device with each platform release to showcase the latest Android innovations. For KitKat, we partnered with LG to develop Nexus 5 — the slimmest and fastest Nexus phone ever made. Its design is simple and refined to showcase the 5” Full HD display. Nexus 5 also keeps you connected at blazing speeds with 4G/LTE and ultra fast wifi. The advanced new lens on Nexus 5 captures more light for brighter night and sharper action shots. And with optical image stabilization, you no longer have to worry about shaky hands and blurry pictures. A new HDR+ mode automatically snaps a rapid burst of photos and combines them to give you the best possible single shot. Learn more on our site.

 

 

Nexus 5 is available today, unlocked and without a contract, on Google Play in the U.S., Canada, U.K., Australia, France, Germany, Spain, Italy, Japan and Korea (and coming soon to India), starting at $349. Just in the time for the holidays, Nexus 5 will be available soon at the following retailers: Sprint, T-Mobile, Amazon, Best Buy and RadioShack.

Android 4.4, KitKat, which comes on Nexus 5, will also soon be available on Nexus 4, 7, 10, the Samsung Galaxy S4 and HTC One Google Play edition devices in the coming weeks.

Source: Google’s Official Blog

404524-bbmIt has taken much longer than many industry watchers predicted, but Blackberry has finally gotten around to releasing a BBM app for iPhone and Android. The company has had a tough time of it lately, but maybe software is the way to keep the lights on. The app is now live in the App Store and Google Play, but there a waiting list.

BBM leaked on Android a few weeks back when the company was preparing for launch. The influx of new users caused server issues for Blackberry and delayed the launch. This is the reason for the waiting list, which most users will be subjected to. Anyone who signed up ahead of time for the service on the BBM website can log right in, but otherwise you’ll have to provide an email address and wait it out.

When you do get access, you’ll make a Blackberry ID and add your personal information. If you’ve used BBM on a Blackberry in the past, your contacts will populate immediately. If not, you’ll have to invite people. This process is different (and a bit counterintuitive) for first time users. BBM makes contact lists more secure, so you have to send the invite based on PIN, NFC pairing, or sending an email. You only get the contact added when the other party accepts the invitation.

BBM was the originator of the modern read receipt, and while that’s been replicated in both iMessage and Hangouts, BBM still does it pretty well. You can also do group chats, share pictures, and send files. It basically does all the stuff the first-part messaging clients do, but it’s running through Blackberry’s servers. If you’re worried about security, this should be on your radar.

The app is available for iPhone and Android phones. There isn’t any tablet support at this time.

Source: PC Magazine

Ryan Says: About FREAKING time!  Buh Bye WhatsApp!

Most of you know about our PC repair services, but did you know we fix/repair/unlock cellphones & tablets? Did you also know that we offer the lowest prices in the Fraser Valley and will price match and BEAT any competitor price? Now you do.

We repair all Smartphones / iPhones for :

* Broken LCD Screens & Touch Screen Replacement
* Water and other Liquid Damage Repair / Corrosion Clean Up
* Phone Data Recovery – Photos, Music, Text Messages
* No Power / Phone does not turn on
* Charging Problems / Charging Controller / Charging Port Replacement
* Battery Replacement (200+ Batteries in stock)
* Staticky, Crackling Speakers & Microphones
* Home Button / Power Lock Button Replacement
* Malfunctioning button, Trackball, Trackpad and Keypad
* Malfunctioning SIM card readers / NO SIM Reading Fix
* Software problems, upgrades and reflashing (All Models)
* Language change
* JTAG Service (Android Phones)
* Unknown Baseband, IMEI missing
* Password Protected / Disabled Phones / Pattern Lock Reset (Samsung)
* Jailbreaking — iPhone, AppleTV 1 & 2 + FREE TV & MOVIES + FREE APPS
* Rooting — Most Android Models — Custom Rom Reflashing Available

We unlock ALL Smartphones For :

* iPhone 2G/3G/3GS (Most iOS Versions)
* iPhone 4/4S – Factory unlock Fido/Rogers/Telus/Koodo/AT&T/Bell
* iPhone 5 – Factory unlock Telus/Koodo/AT&T/Rogers/Fido
* iPhone 4S/5 unlocking for iOS 5.x, 6.1.3 and below!
* BlackBerry, Samsung, LG, HTC
* Nokia, Motorola, Sony Ericsson, Huawei, Alcatel and other Overseas Models.

- iPhone Factory unlock for USA, UK, Brazil, Australia, France, Spain, Ireland, Netherlands, Denmark, Norway, Chile, Switzerland, Sweden, Saudi Arabia, Norway, Romania, Japan, etc.

As always, we DO NOT charge for repairs that cannot be performed.

180 Warranty on ALL parts & Labour – We ONLY use OEM Factory Parts.

Call the shop if you need a price quote, make sure to ask for Ryan.

Security researchers have identified 32 separate apps on Google Play that harboured a bug called BadNews.

On infected phones, BadNews stole cash by racking up charges from sending premium rate text messages.

The malicious program lay dormant on many handsets for weeks to escape detection, said security firm Lookout which uncovered BadNews.

The malware targeted Android owners in Russia, Ukraine, Belarus and other countries in eastern Europe.

The exact numbers of victims was hard to calculate, said Lookout, adding that figures from Google Play suggest that between two and nine million copies of apps booby trapped with BadNews were downloaded from the store.

In a blogpost, Lookout said that a wide variety of apps were harbouring the BadNews malware. It found the programme lurking inside recipe generators, wallpaper apps, games and pornographic programmes.

The 32 apps were available through four separate developer accounts on Play. Google has now suspended those accounts and removed all the affected apps from its online store. No official comment from Google has yet been released.

Lookout said BadNews concealed its true identity by initially acting as an “innocent, if somewhat aggressive, advertising network”. In this guise it sent users news and information about other infected apps, and prompted people to install other programmes.

BadNews adopted this approach to avoid detection systems that look for suspicious behaviour and stop dodgy apps being installed, said Lookout.

This masquerade ended when apps seeded with BadNews got a prompt from one of three command and control servers, then it started pushing out and installing a more malicious programme called AlphaSMS. This steals credit by sending text messages to premium rate numbers.

Users were tricked into installing AlphaSMS as it was labelled as an essential update for either Skype or Russian social network Vkontakte.

Security firm Lookout said BadNews was included in many popular apps by innocent developers as it outwardly looked like a useful way to monetise their creations. It urged app makers to be more wary of such “third party tools” which they may include in their code.

Half of the 32 apps seeded with BadNews are Russian and the version of AlphaSMS it installed is tuned to use premium rate numbers in Russia, Ukraine, Belarus, Armenia and Kazakhstan.

Source: BBC News

Following closely on the heels of a Samsung Galaxy Note 2 security vulnerability, another Samsung user has found that the bug affects other models.

Unlike the Samsung Galaxy Note 2 flaw, the bug allows for full access to the Samsung Galaxy S3. The method is similar in that it requires a fleet-fingered user to hop through a number of screens.

As discovered by Sean McMillian, the smartphone can be manipulated by tapping through the emergency call, emergency contacts, home screen, and then the power button twice. McMillian admits that the bug isn’t consistent — sometimes, he said, it works right away, while other times it takes 20 attempts.

Indeed, we weren’t able to replicate the bug after many tries (Engadget was able to do it, but it took a long time). That suggests that would-be snoopers must act quickly and deftly, but the lesson here (and always) is to keep a watchful eye on that $500 smartphone.

As McMillian indicates, the bug seems to be related to Samsung’s software and not an Android-wide issue. Judging by the similarities in the two flaws, we might expect Samsung to issue software updates to address the concerns.

Source: CNET

When Acer was ready to announce a new smartphone running Alibaba’s Aliyun operating system, Google responded with force. If it were to be released, Google would end its parternship with Acer, which uses Android for 90 percent of its smartphones.

Acer swiftly cancelled the release, but clearly Acer wasn’t happy about the state of affairs. Alibaba, China’s largest e-commerce company, was even less happy.

Alibaba says it wants Aliyun OS to be the “Android of China,” claimign that they’ve spent years working on their Linux-based mobile operating system.

Google didn’t see it that way. Google thinks Alibaba is an Android rip-off.

In Google’s Android Official Blog, Andy Rubin, Google’s senior vice president of mobile and digital content said:

“We built Android to be an open source mobile platform freely available to anyone wishing to use it. In 2008, Android was released under the Apache open source license and we continue to develop and innovate the platform under the same open source license — it is available to everyone at: http://source.android.com. This openness allows device manufacturers to customize Android and enable new user experiences, driving innovation and consumer choice.”

But: “While Android remains free for anyone to use as they would like, only Android compatible devices benefit from the full Android ecosystem. By joining the Open Handset Alliance (OHA), each member contributes to and builds one Android platform — not a bunch of incompatible versions.”

Android is a mobile operating system branch of Linux. While there have been disagreements between developers, Android and mainstream Linux buried the hatchet in March 2012.

So, from where Google sits, Aliyun OS is an incompatible Android fork.  John Spelich, Alibaba vice president of international corporate affairs replied oddly: “[Google] have no idea and are just speculating. Aliyun is different.”

How can Google have no idea about what Aliyun is if it is indeed, as Alibaba claims, a Linux fork? Linux is licensed under the GNU General Public License, version 2 (GPLv2). Part of that license insists that if a GPLv2 program is released to general users, the source code must be made publicly available. Thus, perhaps Google doesn’t have any idea because, as Spelich indidicted and far as I’ve been able to find, Aliyun’s source code is not available anywhere. If indeed the source code isn’t open and freely available, even if Aliyun has no Android connection, this would still make it an illegal Linux fork.

Spelich went on to claim that Aliyun is “not a fork,” adding: “Ours is built on open-source Linux.” In addition, Aliyon runs “our own applications. It’s designed to run cloud apps designed in our own ecosystem. It can run some but not all Android apps.”

Rubin, in a Google+ post, replied, “We agree that the Aliyun OS is not part of the Android ecosystem and you’re under no requirement to be compatible.”

“However, ” he continued, “[t]he fact is, Aliyun uses the Android runtime, framework and tools. And your app store contains Android apps (including pirated Google apps). So there’s really no disputing that Aliyun is based on the Android platform and takes advantage of all the hard work that’s gone into that platform by the OHA.”

Hands on research by Android Police, a publication dedicated to Android reporting and analysis, shows that Aliyun app store includes pirated Google apps.

Android Police found that, “Aliyun’s app store appeared to be distributing Android apps scraped from the Play Store and other websites, not only downloadable to Aliyun devices as .apk files, but also provided by third parties not involved with the apps’ or games’ development. What’s more, we’ve received independent confirmation from the original developers of some of these apps that they did not in fact give consent for their products to be distributed in Aliyun’s app store.”

Not the least of the evidence is that the Aliyun includes Google’s own Android applications such as Google Translate, Google Sky Map, Google Drive, and Google Play Books. The odds of Google giving Aliyun permission to use its own applications are somewhere zero and none.

What we seem to have in Aliyun is an illegal Android and Linux fork, which supports a pirated software ecosystem. I only wonder that Google didn’t come down even harder on Acer and I really wonder how much due diligence, if any, Acer did before signing a deal with Alibaba.

Source: ZDNet

Two security researchers have found new evidence that legitimate spyware sold by British firm Gamma International appears to be being used by some of the most repressive regimes in the world.

Google security engineer Morgan Marquis-Boire and Berkeley student Bill Marczak were investigating spyware found in email attachments to several Bahraini activists. In their analysis they identified the spyware infecting not only PCs but a broad range of smartphones, including iOS, Android, RIM, Symbian, and Windows Phone 7 handsets.

The spying software has the capability to monitor and report back on calls and GPS positions from mobile phones, as well as recording Skype sessions on a PC, logging keystrokes, and controlling any cameras and microphones that are installed.

They report the code appears to be FinSpy, a commercial spyware sold to countries for police criminal investigations. FinSpy was developed by the German conglomerate Gamma Group and sold via the UK subsidiary Gamma International. In a statement to Bloomberg, managing director Martin Muench denied the company had any involvement.

“As you know we don’t normally discuss our clients but given this unique situation it’s only fair to say that Gamma has never sold their products to Bahrain,” he said. “It is unlikely that it was an installed system used by one of our clients but rather that a copy of an old FinSpy demo version was made during a presentation and that this copy was modified and then used elsewhere.”

Parallel research by computer investigators at Rapid7 found command and control software servers for the FinSpy code running in Indonesia, Australia, Qatar, Ethiopia, the Czech Republic, Estonia, Mongolia, Latvia, and the United Arab Emirates, with another server in the US running on Amazon’s EC2 cloud systems. Less than 24 hours after the research was published, the team noted that several of these servers were shut down.

Gamma and FinSpy gained notoriety last year when documents apparently from the company were found in the Egyptian security service headquarters when it was ransacked by protestors after the fall of Hosni Mubarak. These appear to be a proposal that the Egyptian government buy a five-month license for the software for €287,000. Again Gamma denied involvement.

But Marquis-Boire and Marczak told The New York Times that they appear to have found a link to Gamma in these latest code samples. The malware for Symbian phones uses a code certificate issued to Cyan Engineering, whose website is registered to one Johnny Geds.

The same name is listed as Gamma Group’s sales contact on the FinSpy proposal uncovered in the raid on Egypt’s security headquarters. Muench has confirmed they do employ someone of that name in sales but declined to comment further.

Commercial spyware is an increasingly lucrative racket, as El Reg has pointed out, and there’s growing evidence that Britain is one of the leading players in the market. Privacy International has formally warned the British government that it will be taking legal action on the issue and this latest research only adds weight to the issue.

Source: The Register