Category: Mobile Security

A glaring Android TV security flaw might put your Gmail at risk

April 27, 2024/in Mobile Security

What you need to know

A loophole in Android TV could allow unauthorized access to Gmail and other linked services if someone gains physical access to the device.
Through an Android TV box, individuals can potentially hack into the Google account of the last user, compromising Gmail and Google Drive.
Initially, Google implied the behavior was expected, but later acknowledged the security flaw and claimed to have fixed it on newer Google TV devices.

A security loophole in Android TV could allow anyone to snoop on your Gmail and other linked services if they get their hands on your device, according to 404 Media.

As per a video posted on YouTube by Cameron Gray earlier this year, if someone gets their hands on an Android TV box, they can pretty much hack into the Google account of whoever last logged in, including their Gmail and Google Drive (via Mishaal Rahman).

PSA: Do not sign into your personal Google Account on any Android TV device you don’t own! https://t.co/l0FScUVT4MApril 25, 2024

If Google Chrome spots a Google account on the device it’s installed on, it automatically signs you in to any Google services you visit. Now, since Android TV is basically Android in essence, it treats the owner’s Google account sign-in like it’s permanent, so they automatically get logged in to approved apps from the Play Store.

Even though Google doesn’t officially let you install Chrome on Android TV, you can still sideload it to sneak it on there. And once it’s on, you’ve got access to Gmail, Drive, and all the other services, as demonstrated by the video.

In the video, Gray installs a third-party web browser called “TV Bro” that you can grab from the Play Store for Android TV. He uses it to dig up an APK for Chrome from some online archive and installs it without any trouble. But the app doesn’t play nice with TV remotes, so you will need a keyboard and mouse.

Once Chrome is up and running, it’s as easy as pie to hop over to Gmail’s website and you’re in—no password needed, no PIN, or biometrics required to prove you’re the TV’s owner.

Based on what Gray found, Android TV’s weak security makes it a prime target for peeking into signed-in email accounts. If you’re only using Android TV at home,…

Source…

Android 15 could feature extra security to protect users from shady sideloaded apps

April 25, 2024/in Mobile Security

We’ve been hearing a lot about Android 15 recently, and Google has confirmed that there’s an emphasis on privacy and security in this version of the mobile operating system. Part of that may include extra security features when side loading and installing apps from places other than the Google Play Store.

According to Mishaal Rahman at Android Authority, Android now contains code hinting at something called “Enhanced Confirmation Mode”. While the feature itself isn’t included in the Android 15 beta just yet, it seems it’s designed to improve security surrounding app installation settings and expand upon Android 13’s Restricted Settings feature.

Restricted Settings was designed to limit the capabilities of apps users installed from anywhere other than Google Play. Specifically this stops users from being able to enable Accessibility or Notification Listener services for sideloaded apps — which helps improve data security when the source is unknown.

Enhanced Confirmation Mode will work in tandem with Restricted Settings to deny sideloaded apps access to sensitive data — in case that they come from a malicious source. Specifically it’s designed to prevent misuse of a session-based installation API, which exploits the system Android uses to determine whether an app came from Google Play or not.

Specifically it’s designed to prevent misuse of a session-based installation API, which exploits the system Android uses to determine whether an app came from Google Play or not.

It does this by checking an allowlist in the system settings, checking for an XML file that’s loaded into the factory image. Without this the app won’t be able to bypass these security restrictions and access services like Accessibility or Notification Listener. Any attempts to try will see a specific ECM dialog explaining that these permissions are not available.

However it’s unclear whether there will be an option to exempt certain apps with ECM, as is the case with Restricted Settings. It’s also unclear if well known third party app stores, like Amazon’s, will be exempt from these restrictions.

The ability to sideload on Android is a fantastic one, though it does come with plenty of risks. So…

Source…

Android 15 may make it even harder for sideloaded apps to get sensitive permissions

April 23, 2024/in Mobile Security

Edgar Cervantes / Android Authority

TL;DR

Android 15 could introduce a new Enhanced Confirmation Mode that makes it harder for malicious apps to exploit an OS loophole.
Android blocks users from easily enabling the Accessibility or Notification Listener services of apps that are sideloaded from outside an app store.
However, the method that Android uses for this has a loophole in it that Android 15 will close.

Although most Android users download apps from preloaded app stores like Google Play, some users get their apps from alternative online sources, a practice called sideloading. This is possible because Android lets users install third-party apps without the Google Play Store so long as they get their hands on the necessary app installation files. The ability to freely sideload apps is a big part of what makes Android a more open platform than iOS. Unfortunately, it’s also the reason why people erroneously believe that Android is less secure than iOS.

That’s because regardless of where you source apps from, Android’s built-in privacy and security features ensure they can’t access sensitive permissions without your consent. However, it’s true that sideloading apps from alternative online sources carries a bit more risk for the average user when compared to sticking with Google Play. This is because it’s simply easier for malicious developers to distribute apps outside of Google Play since they don’t need to deal with the regulations, bureaucracy, and scrutiny that Google Play app distribution entails.

Malicious Android apps, no matter where they’re sourced from, commonly try to trick users into granting them access to the Accessibility and Notification Listener APIs because of their power. The Accessibility API lets apps read the content of the screen and also perform inputs on behalf of the user, while the Notification Listener API lets apps read or take action on any notification. These APIs can be used to commit ad fraud, steal one-time passwords (OTPs), install additional payloads, and do much, much more.

While Google Play has some (mostly bureaucratic) measures to ensure these APIs are used for their intended purposes, Android itself relies mostly on the…

Source…

Google Reveals Android Security Update That Even Beats iPhone

April 22, 2024/in Mobile Security

The clear differences between Android and iPhone are narrowing quickly—and the latest Google update has just reduced that gap even further…

Android dials app security up to 11 with new quarantine feature

getty

It’s already clear that Android 15 will be a huge step forwards for users on the security and privacy front. The gap between iPhone and Android is closing fast, with little to choose between features and hardware. Apple’s privacy and security credentials have remained one of the last standouts—but Google is catching up.

Just as with the recent revelation that Google will provide Pixel users with warnings when their cellular devices might have been tracked or intercepted—beating iPhone at its own game, we have just seen another security innovation previewed.

In fact, the latest revelation to come from the Android 15 Beta currently doing the rounds, actually beats iPhone with a neat new security feature.

This update is app quarantining. One of the areas where Android still lags iPhone is app defense—malware and device infection. Google provides Play Protect and has shored up its Play Store, but rogue apps still manage to find a way through.

Quarantining is a halfway house between letting a potentially dangerous app run wild on a device and deleting it completely. Instead, Android could quarantine an app—almost like putting it into a sandbox, where it’s contained and unable to access data or functionality that might harm the user, without resorting to deletion.

This doesn’t seem like such a material change. But because deletion is so drastic, Play Protect needs a high bar before it does so automatically. That isn’t the case with quarantining, meaning the system can act more quickly and more often.

And while this will initially be seen as soft deletion, it could evolve into a setting whereby Android can act to block apps with onerous permissions or which seem to be acting out of character. Perhaps, eventually, users could even select a general privacy/risk level and have the system act accordingly.

Android 15 could bring app quarantining

Android Authority /…

Source…