Tag Archive for: secure

Majority of Android VPNs can’t be trusted to make users more secure

/in

(credit: Ron Amadeo)

Over the past half-decade, a growing number of ordinary people have come to regard virtual private networking software as an essential protection against all-too-easy attacks that intercept sensitive data or inject malicious code into incoming traffic. Now, a comprehensive study of almost 300 VPN apps downloaded by millions of Android users from Google’s official Play Market finds that the vast majority of them can’t be fully trusted. Some of them don’t work at all.

According to a research paper that analyzed the source-code and network behavior of 283 VPN apps for Android:

  • 18 percent didn’t encrypt traffic at all, a failure that left users wide open to man-in-the-middle attacks when connected to Wi-Fi hotspots or other types of unsecured networks
  • 16 percent injected code into users’ Web traffic to accomplish a variety of objectives, such as image transcoding, which is often intended to make graphic files load more quickly. Two of the apps injected JavaScript code that delivered ads and tracked user behavior. JavaScript is a powerful programming language that can easily be used maliciously
  • 84 percent leaked traffic based on the next-generation IPv6 internet protocol, and 66 percent don’t stop the spilling of domain name system-related data, again leaving that data vulnerable to monitoring or manipulation
  • Of the 67 percent of VPN products that specifically listed enhanced privacy as a benefit, 75 percent of them used third-party tracking libraries to monitor users’ online activities. 82 percent required user permissions to sensitive resources such as user accounts and text messages
  • 38 percent contained code that was classified as malicious by VirusTotal, a Google-owned service that aggregates the scanning capabilities of more than 100 antivirus tools
  • Four of the apps installed digital certificates that caused the apps to intercept and decrypt transport layer security traffic sent between the phones and encrypted websites
Apps that intercepted and decrypted TLS traffic.

Apps that intercepted and decrypted TLS traffic.

The researchers—from Australia’s Commonwealth Scientific and Industrial Research Organization, the University of South Wales, and the University of California at Berkeley—wrote in their report:

Read 3 remaining paragraphs | Comments

Technology Lab – Ars Technica

UK’s armed forces settle on the iPhone 7 because they think it’s more secure than Android – Tech2

/in

Tech2

UK's armed forces settle on the iPhone 7 because they think it's more secure than Android
Tech2
Android vs iPhone debates rage the world over on issues ranging from value for money and customisability to flexibility and security. For the armed forces of the world, however, security is everything and so far, it looks like the iPhone is turning out

and more »

android security – read more

President Trump Had To Trade His Android Smartphone For A Secure Device – Ubergizmo

/in

Ubergizmo

President Trump Had To Trade His Android Smartphone For A Secure Device
Ubergizmo
Presidents, they're just like us, or are they? One big difference between you and the president of the United States, apart from all the power and prestige that the position brings, is that you can use a normal smartphone but POTUS can't due to obvious
A Trump Administration, With Obama Staff Members Filling In the GapsNew York Times

all 114 news articles »

android security – read more

Trump ditches Android, to get high secure iPhone – The Hans India

/in

The Hans India

Trump ditches Android, to get high secure iPhone
The Hans India
According to a report in the New York Times, Trump traded in his Android phone for a secure, encrypted device approved by the US Secret Service with a new number that few people possess. The new device is reportedly to safeguard the US President from …

and more »

android security – read more