All articles tagged with #app security
Google is set to require developer verification, including ID verification, for all Android apps, including sideloaded ones, starting in 2025-2027, aiming to enhance security but potentially limiting open-source and hobbyist development.
Google is implementing new security measures requiring Android developers distributing apps outside the Play Store to verify their identities, starting in select countries in September 2024 and expanding globally by 2027, to enhance security and prevent malicious apps.
Google will require all Android app developers, including those outside the Play Store, to verify their identities starting in 2026 to enhance security and reduce malware, affecting the global Android ecosystem with phased rollouts and special provisions for hobbyist developers.
The Tea app, a popular anonymous dating advice platform for women, experienced a data breach exposing 72,000 images including selfies and IDs, with the incident involving a legacy data system from over two years ago. The breach also compromised comments and messages, raising significant privacy concerns for users. The company is working with cybersecurity experts and believes no current user data was affected.
Tens of millions of Android and iPhone users are warned to delete certain free VPN apps linked to Chinese companies, as these apps pose significant privacy and national security risks by potentially routing sensitive data through Chinese government-controlled entities. Despite assurances from Apple and Google, many of these apps lack transparency about ownership and data handling, raising concerns about user privacy and security, especially given China's national security laws requiring cooperation with state intelligence.
Millions of Android and iPhone users are warned to delete certain free VPN apps linked to Chinese companies, as these apps pose significant privacy and security risks by potentially routing sensitive data to foreign entities, despite claims of privacy and security by app stores and developers.
The Meta AI app has become a privacy disaster as users inadvertently share sensitive conversations, personal information, and even criminal inquiries publicly due to unclear privacy settings and a flawed design that encourages sharing, leading to potential misuse and embarrassment.
Android 14 introduces a screenshot detection API that allows apps to detect when a user takes a screenshot, providing benefits for both developers and end users. Developers can easily detect and potentially block screenshots for privacy or security reasons, while users are notified when an app detects a screenshot. Some apps, like the German shopping app "OTTO," have already implemented this functionality, but it is not widely adopted yet.
Cybersecurity firm Kaspersky has revealed that over 600 million malicious apps were downloaded from the Google Play Store in 2023 due to new techniques used by bad actors to bypass Google's security scans. The large number of apps in the Play Store makes it difficult for Google to thoroughly check each one. Malware-laden apps often start as legitimate apps and later introduce malicious features through updates. Cybercriminals also create multiple developer accounts to upload similar malware-infected apps if one is removed. Popular apps like Minecraft clones and mini-games were found to contain adware and collect user data. To avoid installing malware, users are advised to check negative comments and low ratings in the Play Store, look for red flags, and avoid apps with spelling or grammatical errors.
Google has introduced a new real-time app scanning feature in its Google Play Protect security engine for Android. The feature conducts a code-level analysis of an app and blocks its installation if it is deemed potentially harmful. This is aimed at combating the proliferation of malicious sideloaded apps, which often evade detection by morphing their appearance or altering their code. While Google's Play Store screens apps for malware, many users still resort to sideloading, which poses security risks. The enhanced scanning feature is particularly important in countering predatory loan apps that have led to harassment and even suicides. Google plans to expand the feature internationally after its initial launch in India.
Cybersecurity experts have warned that over a million users may have had their data compromised by spyware in two apps, File Recovery & Data Recovery and File Manager, available on the Google Play Store. The apps, created by the same developer, were found to silently exfiltrate sensitive user data to malicious servers in China. The stolen data included contact lists, social media and email information, photos, audio and video, and real-time user location. Google has confirmed that the apps have been removed from the Play Store, but users who have already downloaded them are urged to delete them. Experts recommend being cautious of apps with high download numbers but few reviews, and to always read app permissions carefully.
Two apps, File Recovery & Data Recovery and File Manager, available on the Google Play Store, have been found to be spyware that steals users' data and sends it to malicious servers in China. The apps, created by the same developer, have a combined download number of approximately 1.5 million. Google has removed the apps from the Play Store, but users who have already downloaded them should delete them. Cybersecurity firm Pradeo advises users to be cautious of apps with high download numbers but few reviews and to carefully review app permissions. This incident follows the recent removal of another app, iRecorder - Screen Recorder, for unauthorized access to user data.
Over 100 Android apps with a total of 421 million downloads have been found to be infected with a new malware strain called SpinOK, which contains a spyware module. The malware is being used as a marketing software development kit and is capable of stealing private information stored on Android phones, sending it to a remote server controlled by cybercriminals. Some of the most downloaded apps affected include Biugo, Cashzine, and Noizz. Users are advised to delete any malicious apps, keep their apps and operating system up-to-date, and use antivirus software. It is also recommended to be cautious of app clones and trust your instincts when downloading apps.
Google blocked 1.43 million malicious apps from being published to the Play Store in 2022 and banned 173,000 bad accounts, while fending off over $2 billion in fraudulent and abusive transactions. Despite these efforts, cybercriminals continue to find ways around the app storefront's security protections and publish malicious and adware apps. McAfee's Mobile Research Team discovered 38 games masquerading as Minecraft and which have been installed by no less than 35 million users worldwide, primarily located in the U.S., Canada, South Korea, and Brazil.