Jump to content

Search the Community

Showing results for tags 'Android'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 1,223 results

  1. Tor Browser for Android Officially Launched Tor Project has just announced the release of the very first stable version of Tor Browser for Android after the public preview build that landed in the fall of 2018. The Android version of TOR Browser is based on the same approach as the original desktop sibling, and it’s supposed to block trackers, keep users protected against surveillance, resist fingerprinting, and maintain a high level of privacy using advanced systems like multi-layered encryption. “When you use Tor Browser for Android, your traffic is relayed and encrypted three times as it passes over the Tor network. The network is comprised of thousands of volunteer-run servers known as Tor relays,” Tor Project explains. The interface is as simple as it could be, and while features like the ones you typically find in browsers from Google and Mozilla are missing, it’s important to keep in mind that the purpose of Tor Browser is to keep your privacy untouched when browsing the web, regardless of website. The application is obviously available free of charge on Android, and it requires at least version 4.1 of the mobile operating system.More features to comeNeedless to say, because this is just the very first stable version of Tor Browser for Android, some features available on the desktop are yet to make their way to smartphones, albeit the development team promises fast progress in this regard. “While there are still feature gaps between the desktop and Android Tor Browser, we are confident that Tor Browser for Android provides essentially the same protections that can be found on desktop platforms,” a blog post that went live this morning reads. Tor Browser for mobile devices is exclusive to Android, and iOS version won’t be released. This is because of the iOS restrictions set by Apple on the platform. Source
  2. Fenix, which is a codename, is a new browser for Android by Mozilla that will replace the current Firefox web browser for Android eventually. Fenix is open source and interested users may follow development on the project's GitHub website. Firefox users interested in the new browser could not get it from Google Play up until now; this changed recently with the release of a preview version of the browser called Firefox Preview. Designed for beta testing and feedback, it is available to all Google Play users who sign up to participate in the testing. Firefox Preview is based on Mozilla's Android Components and GeckoView. The preview version is considered beta; it lacks some features that Mozilla wants to implement before the final release. Users should expect bugs in the preview of Firefox for Android, and Mozilla expects them to report these bugs so that they may be fixed before the final release. The release version of the new browser won't support all features of the current Firefox browser for Android. Extensions support is planned but won't be supported in early stable versions of the browser. Mozilla aims for an end of June release. Firefox users who want to test the mobile browser right now can do so right now by following these steps: Visit the following Mozilla website: https://events.mozilla.org/becomeabetatestingbughunter Join the Beta Testing Program on the site. Join the Firefox Fenix Nightly group on Google Groups: https://groups.google.com/forum/#!forum/fenix-nightly Opt-in on Google Play to receive test builds of the mobile browser: https://play.google.com/apps/testing/org.mozilla.fenix Download the Firefox Preview browser from Google Play: https://play.google.com/store/apps/details?id=org.mozilla.fenix The steps, with the exception of the last, won't be necessary anymore once Mozilla publishes a final version of the browser. Here are a couple of screenshots of the new browser: Firefox Preview will receive automatic updates after installation. Whether that is purely automated depends on the Play Store settings. The default setting updates applications automatically when the Android device is connected to a wireless network. You can switch that to any network or don't update automatically in the Google Play Store settings. Source: Mozilla Firefox Preview, new Firefox browser, is available on Google Play (gHacks - Martin Brinkmann)
  3. Power VPN Free VPN v6.54 [Pro Unlocked] Now You Can Access Blocked Internet Content easily with just a click using PowerVPN’s Secure & Fast VPN Tunnels. Power VPN is the fastest VPN with secure worldwide server network. enjoy Power VPN Service with unlimited speed and bandwidth for Lifetime. Features: 1) This is the fastest VPN ever made. 2) Simple Interface. Just click to connect 3) 30+ different worldwide server locations to connect to. 4) Torrents, P2P and file sharing are allowed. 5) Unblocks any blocked website such as: Netflix, YouTube, Twitter, Facebook, Viber, Skype, WhatsApp, etc… 6) NO LOGS! you’re completely anonymous and protected. MoD: Deep optimized graphics and application resources Application Manifest Optimized Hidden advertising in the application, the donate button in the panel is hidden Hidden side menu (as unnecessary) Modification is untied from Google Services Blocked collecting and sending analytics, carefully Signature changed PRO features unlocked Download Site: http://rgho.st Sharecode: /6K5VTlchS
  4. Karlston

    The future of Firefox for Android

    Mozilla is working on a new mobile browser for Android called Fenix. The new browser is available as a development build currently. The current Firefox for Android is also available but Mozilla focuses development resources on the new Fenix browser; that's the main reason why recent Firefox for Android releases look more like extended support releases that fix bugs but don't introduce a whole lot of new features in the browser. While it was clear for some time that Mozilla planed to replace the current Firefox for Android with the new Fenix browser, it was unclear how all of that would happen. Questions that we had no answers for included for how long the legacy Firefox for Android would be supported, when we could expect a first stable release of Fenix, and how Mozilla planed to migrate users from the old mobile browser to the new. Firefox for Android future A recently published support document highlights Mozilla's plans for the current Firefox for Android and also Fenix. Mozilla's main idea is to maintain the legacy version of Firefox for Android until Fenix reaches migration readiness status. Firefox users on Android should be able to use the legacy version until Fenix is ready while Mozilla wants to minimize support costs. To achieve that goal, Firefox for Android will move to the ESR branch after the release of Firefox 68. In other words: there won't be a Firefox 69 for Android that is based on the legacy version as it will use ESR versioning instead. Timeline for legacy Firefox for Android May 14, 2019: release of Firefox 67 for Android July 9, 2019: release of Firefox 68 for Android September 3, 2019: release of Firefox 68.1 for Android (move to ESR channel) October 22, 2019: release of Firefox 68.2 for Android December 10, 2019: release of Firefox 68.3 for Android The legacy version of Firefox for Android won't receive new feature updates anymore when it moves to the ESR channel. The browser won't receive support for new web technologies anymore, nor will it receive any other feature updates. Bug fixes and security updates will be provided. The releases will follow the Firefox desktop release schedule. Mozilla has not specified a support end for the browser. It seems likely that the browser will reach end of support before mid 2020; Support ends when Fenix is ready and users of the legacy version of Firefox for Android can be migrated to the new mobile browser. Mozilla wants to make it clear that the move to ESR won't give the browser the Enterprise attribute. The main reason why the legacy browser is moved to ESR is that it allows Mozilla to maintain it with minimal effort while work on Fenix continues. The ESR version reaches end of life after Fenix is deemed migration ready by Mozilla. Source: The future of Firefox for Android (gHacks - Martin Brinkmann)
  5. LastPass launched a new feature in the mobile versions of the password manager LastPass today that allows customers to recover their account under certain circumstances. Password managers help users when it comes to password use on the Internet. They provide users with tools to create and use unique passwords everywhere. The database is usually protected by a master password that the user needs to enter to decrypt the password database and access stored passwords and other information. Password managers may support other authentication options. KeePass, a popular free password manager supports key files or Windows user accounts. Users who forget the master password are in a precarious situation as it is the only option to unlock the database unless recovery options are available. LastPass Mobile Account Recovery LastPass launched a new feature called LastPass Mobile Account Recovery today that introduces an option to recovery a LastPass account in case the master password is not accepted anymore by the service. The feature is only available in the mobile LastPass applications for Android and iOS. Mobile account recovery requires a mobile device with fingerprint or Face ID authentication support. Basically, what it does is unlock an option to recover a LastPass account using the authentication method. While LastPass makes no mention how the feature works, it appears that it links biometric authentication to the LastPass account so that users of the service may reset the master password using it. It should be clear that LastPass users need to configure the feature before it becomes available. The company notes that the account recovery feature is device-specific. If you want it to be available on all devices, you need to enable it on all of them. If you are using LastPass on an Android device, you need to configure fingerprint authentication first; if you use it on an iOS device, you need to set up Face ID instead. Setup is identical afterwards: sign in to the LastPass application on the mobile device. LastPass should display a notification about the new account recovery option; if it does not, go to Menu > Settings > Security and enable the unlock feature (called Use Fingerprint to Unlock on Android, and Use Face ID on iOS), and toggle the account recovery feature afterward. Here is a video by LastPass that demonstrates the feature. If you need to reset your LastPass master password, select "forgot password" when you get to the login screen. From there, select "Recovery with Fingerprint" or "Recovery with Face ID" and authenticate using the biometric authentication option. LastPass will prompt you for a new master password that you may enter directly. You may also add a password hint. The selection of "set master password" completes the process. Closing Words LastPass recommends that customers enable the new account recovery option on their mobile devices even if they only use the desktop version of the password manager. The new option is certainly helpful in restoring an account if the master password cannot be remembered; users should take note, however, that it could also open up a new option for third-parties to gain unauthorized access to the account through coercion. Cautious users might want to stick to using the password hint option as the only resort when it comes to account recovery. Source: LastPass introduces Account Recovery on Mobile (gHacks - Martin Brinkmann)
  6. Truecaller: Caller ID, spam blocking & call record 10.28.6 Pro 250 million people trust Truecaller every day to identifying unknown calls, block spam calls and spam SMS. It filters out the unwanted, and lets you connect with people who matter. Truecaller is the only app you need to make your communication safe and efficient. Truecaller is a Powerful Dialer: - The world’s best Caller ID will identify any unknown caller - Block spam and telemarketing calls - See names of unknown numbers in the call history - Flash messaging - Share location, emoji & status in a flash to your friends - Know when your friends are free to talk Smart SMS app: - Automatically identify every unknown SMS - Automatically block spam and telemarketing SMS - Block by name and number series Truecaller has full dual SIM support! Truecaller will not upload your phonebook to make it public or searchable. What's New (29 April 2019): Important update: Multiple crashes fixed and bugs removed Mod Info: Premium Gold features unlocked; Disabled / Removed unwanted Permissions + Receivers and Services; Analytics / Crashlytics disabled. No advertisements Download (33Mb): Site: https://bayfiles.com Sharecode: /hdc4g5ldna/Truecaller-Premium-v10.28.6_build_1028006_apk
  7. PreAmo adware affects 90 million Android devices in new ad-fraud campaign Six fake apps claiming to boost the functionalities of smartphones are being used to distribute adware named ‘PreAmo’. The campaign is used to make money out of three ad agencies, namely Presage, Admob and Mopub. A fraudulent ad-clicking campaign has been found infecting 90 million Android mobiles worldwide to generate revenues. Six fake apps claiming to boost the performance of smartphones are being used to distribute adware named ‘PreAmo’. These apps have recorded to have a total of 90 million installations worldwide. What’s the purpose - According to researchers at Check Point, the campaign is used to make money out of three ad agencies, namely Presage, Admob and Mopub. What are the six fake apps - The six fraudulent packages that are pushed in the form of apps are: com.pic.mycamera – 57 million installations com.omni.cleaner – 48 million installations com.speedbooster.optimizer – 24 million installations com.rambooster.totalcleaner – 15 million installations com.cooler.smartcooler – 12 million installations com.flashlight.torch.screenlight.party – 3.4 million installations What’s new about ‘PreAmo’ - PreAmo features three unique code snippets that deal with the three ad agencies. Although the malware is not connected in terms of code, it was discovered that these three code snippets use the same res.mnexuscdn[.]com C2 server to send statistics and receive configuration. Apart from this, the three code snippets work in a similar manner: They register a listener on a banner being loaded by the ad network; Once the banner is loaded, ‘PreAmo’ uses the functionality of Android’s framework class ‘MotionEvent’ to imitate a click. How to stay safe - In order to avoid falling victim to such fraudulent ad campaigns, users should Install applications from the official app store; Always check the rating, comments and download count of an application before installing; Install a security solution from a well-known vendor; Always check links before sharing personal information. Source
  8. I have started this sub-section for Android Games to keep Android mobile games free from applications / themes. All nsane members are requested to post Games here. If admins as requested creates a sub-forum for it at any stage, this thread will be merged later. For posting guidelines, please refer to this post: //www.nsaneforums.com/topic/220597-guidelines-and-templates/ PS: Admin, thanks for listening to Android sub-forum request.
  9. Google gives Android users in Europe more search, browser options To comply with a European Commission ruling, Android users in Europe will be presented with new screens offering alternatives to Chrome and Google Search. Google on Thursday outlined how it plans to give Android users in Europe more search app and browser options, in order to comply with a European Commission anti-trust ruling against it. Back in July 2018, the European Commission hit Google with a record €4.34 billion fine for its restrictions on Android device makers and network operators, charging the restrictions were meant to "cement its dominant position in general internet search." Google appealed the fine in October but a week later announced steps it would take to comply with the ruling. Then in March, the company announced it would offer more search and browser options for Android users in Europe. In a blog post Thursday, Google product manager Paul Gennai explained how it would do so: Over the next few weeks, Google will start rolling out new screens that will pop up the first time a European Android user opens Google Play after receiving an incoming update. One screen will present five options for search apps, and one screen will present five options for browsers. The lists will include any search apps or browsers that are already installed. Apps that aren't installed will be chosen based on their popularity and shown in a random order. The new screens will show up on both new and existing Android phones in Europe. If a user does choose to download any new search apps or browsers, Google will then help the user set them up. If a user downloads a search app from the screen, Google will also ask them whether they want to change Chrome's default search engine the next time they open Chrome. Meanwhile, the European Commission last month fined Google yet again, this time hitting the company with a €1.49 billion fine over contracts with third-party websites that locked out rivals from placing search ads on these sites. Source
  10. Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft. As first disclosed by KrebsOnSecurity last summer, Google maintains it has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes. The most commonly used Security Keys are inexpensive USB-based devices that offer an alternative approach to 2FA, which requires the user to log in to a Web site using something they know (the password) and something they have (e.g. a one-time token, key fob or mobile device). But Google said starting this week, any mobile phone running Android 7.0+ (Nougat) can serve the same function as a USB-based security key. Once a user has enrolled their Android phone as a Security Key, the user will need to approve logins via a prompt sent to their phone after submitting their username and password at a Google login page. Many readers have expressed confusion or skepticism about how Security Keys can prevent users from getting hooked by phishing sites or clever man-in-the-middle attacks. This capability was described in far greater visual detail in this video last year by Christiaan Brand, product manager at Google Cloud. But the short version is that even if a user who has enrolled a Security Key for authentication tries to log in at a site pretending to be Google, the company’s systems simply refuse to request the Security Key if the user isn’t on an official Google site, and the login attempt fails. “It puts you in this mode….[in] which is there is no other way to log in apart from the Security Key,” Brand said. “No one can trick you into a downgrade attack, no one can trick you into anything different. You need to provide a security key or you don’t get into your account.” Google says built-in security keys are available on phones running Android 7.0+ (Nougat) with Google Play Services, enabling existing phones to act as users’ primary 2FA method for work (G Suite, Cloud Identity, and GCP) and personal Google accounts to sign in on a Bluetooth-enabled Chrome OS, macOS X, or Windows 10 device with a Chrome browser. The basic idea behind two-factor authentication (Google calls it “two step verification” or 2SV) is that even if thieves manage to phish or steal your password, they still cannot log in to your account unless they also hack or possess that second factor. The most common forms of 2FA require the user to supplement a password with a one-time code sent to their mobile device via an app (like Authy or Google Authenticator), text message, or an automated phone call. But all of these methods are susceptible to interception by various attacks. For example, thieves can intercept that one-time code by tricking your mobile provider into either swapping your mobile device’s SIM card or “porting” your mobile number to a different device. A Security Key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device. The key works without the need for any special software drivers. Probably the most popular maker of Security Keys is Yubico, which sells a basic U2F key for $20 (it offers regular USB versions as well as those made for devices that require USB-C connections, such as Apple’s newer Mac OS systems). Yubikey also sells more expensive U2F keys designed to work with mobile devices. A number of high-profile sites now allow users to enroll their accounts with USB- or Bluetooth-based Security Keys, including Dropbox, Facebook, Github and Twitter. If you decide to use Security Keys with your account, it’s a good idea to register a backup key and keep it in a safe place, so you can still get into your account if you loose your initial key (or phone, in Google’s case). To be sure you’re using the most robust forms of authentication at sites you entrust with sensitive data, spend a few minutes reviewing the options at twofactorauth.org, which maintains probably the most comprehensive list of which sites support 2FA, indexing each by type of site (email, gaming, finance, etc) and the type of 2FA offered (SMS, phone call, software token, etc.). Please bear in mind that if the only 2FA options offered by a site you frequent are SMS and/or phone calls, this is still better than simply relying on a password to secure your account. I should also note that Google says Android 7.0+ phones also can be used as the Security Key for people who have adopted the company’s super-paranoid Advanced Protection option. This is a far more stringent authentication process for Google properties designed specifically for users who are most likely to be targeted by sophisticated attacks, such as journalists, activists, business leaders and political campaigns. I’ve had Advanced Protection turned on since shortly after Google made it available. It wasn’t terribly difficult to set up, but it’s probably not for your casual user. For one thing, it requires users to enroll two security keys, and in the event the user loses both of those keys, Google may take days to validate your request and grant you access to your account. Source: Android 7.0+ Phones Can Now Double as Google Security Keys (Krebs on Security)
  11. Google Releases Android Security Patch for April 2019 with 89 Security Fixes Google released the Android Security Patch for April 2019 in an attempt to further improve the overall security and stability of Android devices. Android Security Patch for April 2019 consists of the 2019-04-01 and 2019-04-05 security patch levels, which address a total of 89 vulnerabilities across several components, including the Android framework, Media framework, Android system, and Qualcomm components. The most sever of them all could allow a remote attacker to execute arbitrary code by using a malicious file. “The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device,” reads the security bulletin.Improvements for Pixel devices In addition to patching security flaws, the Android Security Patch for April 2019 update also improves the performance and reliability of supported Pixel devices. For Pixel 3 and Pixel 3 XL users, it improves the voice-unlocking performance for Google Assistant and the Wi-Fi connectivity during eSIM activation for some mobile carriers. For some Pixel 3 and Pixel 3 XL devices, the update removes the screen flash when ambient display wakes. On the other hand, Pixel and Pixel XL users will notice better Bluetooth connectivity after installing the Android Security Patch for April 2019, which is now rolling out worldwide and will complete in the next few days. It is recommended that you update your Android devices to Android Security Patch for April 2019 as soon as possible. To update, simply access the system updates section in the settings of your device. If you don’t see the update yet, try again in a few hours or days. Android Security Patch for April 2019 is available now for all Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, and Pixel 3 XL users. Source
  12. Android banking trojan ‘Gustuff’ targets over 100 banking apps and 32 cryptocurrency apps Gustuff Android banking trojan uses social engineering techniques to trick device owners into giving access to the Android Accessibility service. Instead of phishing banking account credentials and then stealing funds, this ATS service allows the trojan to directly make fund transfers from the infected user’s device. A new Android banking trojan dubbed ‘Gustuff’ is gaining momentum by Android users in recent months. Why it matters - This trojan is capable of phishing credentials and stealing funds from over 100 banking apps and 32 cryptocurrency apps. Who are its targets? Gustuff has the ability to target international banks such as Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank. The Android banking trojan can also target cryptocurrency apps such as BitPay, Cryptopay, Coinbase, and Bitcoin Wallet. It can also steal credentials from various Android payment apps and messaging apps such as PayPal, Western Union, eBay, Walmart, Skype, WhatsApp, Gett Taxi, Revolut, and more. What are its capabilities? This trojan can disable Google Play Protect security feature of the Google Play Store. Gustuff can collect data such as documents, photos, and videos from infected apps. It has the ability to reset an Android device to factory settings. Besides, this Android banking trojan is capable of displaying custom push notifications disguised as an app. Upon clicking the notification, it either opens a webpage containing a phishing form that asks for credentials or opens a legitimate app, where the trojan auto-fills transaction forms and auto-approves fund transfers via the Accessibility service. How does it exploit the Android Accessibility service Researchers from Group-IB cybersecurity firm noted that the Gustuff Android banking trojan uses social engineering techniques to trick device owners into giving access to the Android Accessibility service. Accessibility service is for users with disabilities and it can automate various UI interactions and tap screen items on users’ behalf. Gustuff trojan exploits this service and runs Automatic Transfer Service (ATS). Instead of stealing banking account credentials and then stealing funds, this ATS service allows the trojan to directly make fund transfers from the infected user’s device. Using the Android Accessibility service, Gustuff implements an ATS system on the user’s device. The ATS implemented on the user’s device will open the apps and fills in the required details and credentials. It then auto-approves the fund transfer on its own. “Gustuff's unique feature is that it is capable of performing ATS with the help of the Accessibility Service. The fact that Gustuff uses [an] ATS makes it even more advanced than Anubis and RedAlert,” Rustam Mirkasymov, Head of Dynamic Analysis of Malware Department at Group-IB told ZDNet. Worth noting Group-IB researchers noted that Gustuff was never deployed inside apps that are available for download in the Google Play Store. The only way attackers distribute Gustuff is via SMS spam message that includes links to the trojan’s APK installation file. Source
  13. Google Will Let Android Users Choose Their Browser Out of the Box Google has announced a series of changes for Android users in Europe in response to the latest antitrust concerns raised by the European Commission. Users will be allowed to choose what browser and search engine they want to use on Android out of the box. Currently, Android devices come with Google Chrome pre-installed and Google set as the default search engine, but in the near future, this is all going to change, Google says. While details on the browsers that would be offered to users haven’t been provided, today’s announcement is clearly good news for other browser developers, like Mozilla.Change possibly coming later this yearAt the same time, Microsoft is likely to significantly benefit from this change, as the company has launched an Android version of Microsoft Edge browser and is also the owner of Bing, the main alternative to Google search. “Now we’ll also do more to ensure that Android phone owners know about the wide choice of browsers and search engines available to download to their phones. This will involve asking users of existing and new Android devices in Europe which browser and search apps they would like to use,” Kent Walker, SVP of Global Affairs, explains. There are no specifics as to when this change is going to take place for Android, but Google says both new and existing users will be asked to choose their preferred browser and search engine. Google is the second tech giant to provide users with a choice of browsers out of the box after Microsoft was forced by the European Commission to do the same in Windows. Internet Explorerwas pre-installed in all versions of Windows, but following this decision, European users were also allowed to set other browsers as default when running the operating system the first time. Source
  14. Insecure UC Browser 'Feature' Lets Hackers Hijack Android Phones Remotely March 26, 2019Swati Khandelwal Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately. Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than 500 million users worldwide. According to a new report published today by Dr. Web firm, since at least 2016, UC Browser for Android has a "hidden" feature that allows the company to anytime download new libraries and modules from its servers and install them on users' mobile devices. Pushing Malicious UC Browser Plug-ins Using MiTM Attack What's worrisome? It turns out that the reported feature downloads new plugins from the company server over insecure HTTP protocol instead of encrypted HTTPS protocol, thus allowing remote attackers to perform man-in-the-middle (MiTM) attacks and push malicious modules to targeted devices. "Since UC Browser works with unsigned plug-ins, it will launch malicious modules without any verification," the researchers say. "Thus, to perform an MITM attack, cybercriminals will only need to hook the server response from http://puds.ucweb.com/upgrade/index.xhtml?dataver=pb, replace the link to the downloadable plug-in and the values of attributes to be verified, i.e., MD5 of the archive, its size, and the plug-in size. As a result, the browser will access a malicious server to download and launch a Trojan module." In a PoC video shared by Dr. Web, researchers demonstrated how they were able to replace a plugin to view PDF documents with a malicious code using an MiTM attack, forcing the UC Browser into compiling a new text message, instead of opening the file. "Thus, MITM attacks can help cybercriminals use UC Browser to spread malicious plug-ins that perform a wide variety of actions," researchers explain. "For example, they can display phishing messages to steal usernames, passwords, bank card details, and other personal data. Additionally, trojan modules will be able to access protected browser files and steal passwords stored in the program directory." UC Browser Violates Google Play Store Policies Since the ability allows UCWeb to download and execute arbitrary code on users’ devices without reinstalling a full new version of UC Browser app, it also violates the Play Store policy by bypassing Google servers. "This violates Google's rules for software distributed in its app store. The current policy states that applications downloaded from Google Play cannot change their own code or download any software components from third-party sources," the researchers say. "These rules were applied to prevent the distribution of modular trojans that download and launch malicious plugins." This dangerous feature has been found in both UC Browser as well as UC Browser Mini, with all version affected including the latest version of the browsers released to this date. Dr. Web responsibly reported their findings to the developer of both UC Browser and UC Browser Mini, but they refused even to provide a comment on the matter. It then reported the issue to Google. At the time of writing, UC Browser and UC Browser Mini are "still available and can download new components, bypassing Google Play servers," researchers say. Such a feature can be abused in supply chain attack scenarios where company's server get compromised, allowing attackers to push malicious updates to a large number of users at once—just like we recently saw in ASUS supply chain attack that compromised over 1 million computers. So, users are left with just one choice to make... get rid of it until the company patches the issue. Source
  15. Wilson Drake

    Best Set Top Box

    Best Android Box Amazon Fire TV Stick Amazon Fire TV Nvidia Shield Seguro Trongle X4 Emtec GEM Box Q-Box Amlogic S905 T95X TV Box Best Linux Box Mag 254 Pendoo X8 Pro T96N RK3229 ARNU Box Your Choice shall come with a reason or simply post your option on This Poll for Best TV Box
  16. Send Links from Windows 10 to Android Using the Native Share Dialog One of Microsoft’s key projects right now is to bring Windows 10 and Android devices in sync, so the company is working around the clock on improving the Your Phone app. Together with its Android sibling, this app is supposed to allow the pairing of Windows 10 PCs and Android phones in order to make it possible for desktop users to access their photos and messages wirelessly. But as it turns out, the sync also works the other way around, which means that you can send content from the PC to Android using the same Your Phone companion app. Once the devices are paired, you can rely on the native share dialog in Windows 10 browsers (Microsoft Edge and Mozilla Firefox are the two supporting it for now) to send links to Android devices.Native share optionAll you have to do is to fire up a Windows 10 browser, navigate to a page that you want to share and then head over to the share option in Edge or Firefox. Click the Your Phone app in the share options and then the link should become available on Android in the browser that you used for sending it. A notification should show up on Android to let you know that content sent from a desktop browser is available, and tapping it opens the link in Edge or Firefox. This is without a doubt a neat feature for Android users, and while there are other ways to do the same thing on the mobile platform, a native implementation comes in much handier. Once Microsoft Edge becomes a more mature browser and completes the transition to the Chromium engine on the desktop, this feature could make much more sense for Android users, as many more would stick with the app on both PCs and mobile devices. Source
  17. AdGuard 3.0 is now available. The new version of the popular content blocker for Android features a redesigned interface, new stealth mode, support for custom lists, and more. The new version of AdGuard is already available on the developer website. Point your Android browser to this URL and hit the download button to download the new version to your system. Note that you do need to allow application installations from unknown sources in the Android settings to install the app. What is AdGuard? AdGuard is a content blocker that runs silently in the background. It blocks advertisement and other undesirable elements in all browsers in the free version. Premium users have ads blocked in all apps that they run on their device. Some features are only available in the Premium version. You may buy a lifetime license or a subscription-based license on the AdGuard website. Tip: Check out our review of AdGuard DNS here. AdGuard 3.0 The app launches a wizard on first start that walks you through some essential configuration options. The wizard is well suited for new and inexperienced users who may feel overwhelmed when they access the entire options the app provides. It is naturally possible to manage all options in the Settings at any time. Existing users may notice the redesigned interface right away. Layout, icons, and styles have changed, and it is now possible to switch to a dark theme if that is preferred. Just activate it in Settings > General > Dark Theme to do so. The homepage displays the status of the protection and statistics. The developers have added charts to the app which you may access with a tap on the arrow icon next to any of the numbers on the homepage (e.g. ads blocked). AdGuard 3.0 supports more filter lists by default and custom URL filter lists. Select Settings > Content Blocking > Filters to get started. There you may enable or disable specific preset filters, e.g. the Security or Annoyances list. Custom filter support is reserved for Premium users of the application. You may use it to load filters from URLs that you specify provided that the filter lists are in the correct format. Stealth Mode is another new feature and it is reserved to premium users as well. Basically, what Stealth Mode does is add better privacy protections to the device. Stealth Mode supports a large range of privacy options; you may use it to enable the self-destruction of first-party or third-party cookies, change the TTL of third-party cookies, strip URLs of tracking parameters, disable specific browser APIs, hide your user-agent, mask your IP address, or hide search queries. Some features may appeal to all users, others are probably only of interest to advanced users. What else is new? The widget has been redesigned and features some stats about blocked requests. AdGuard supports DNS-over-TLS in version 3.0. You can find out more on the official blog. Closing Words AdGuard is a great application for Android to block ads and other undesirable elements on the device. It works best with a Premium license but does a good job as well when you run the free version. The new 3.0 upgrade introduces much needed functionality, some of it reserved for Premium users. The ability to load custom filter lists is handy, and the new Stealth Mode introduces privacy protections that give users more control over what is happening on their devices. AdGuard is available in sales regularly. New users may want to start with the free version and upgrade to the Premium version in an upcoming sale. Source: AdGuard 3.0 for Android: Redesign, Stealth Mode, Custom Filter Lists (gHacks - Martin Brinkmann)
  18. Fake Apps Promise Updates to Latest Android Only to Bombard You with Ads Waiting for your device manufacturer to release the update to the latest version of Android is a painful experience, and Samsung users probably know this the best. And while many are looking into ways to get the upgrade before it officially becomes available for their devices, you should never (NEVER!) turn to apps in the Google Play Store that promise instant updates. Because as discovered by AP, the number of apps posted in the Play store and offering to update your devices to the latest Android release even if it’s not yet available is increasing every day. And it happens for a good reason: these apps try to trick people into downloading them only to then bombard them with ads. While I won’t link to such apps for an obvious reason, simple searches like “Update to Android P” returns several of them, and most claim they do the same thing: they download and install Android P on your smartphone, even if the manufacturer of the device hasn’t released it.Apps still available for downloadOf course, this sounds odd for power users, but there are obviously many beginners out there who eventually installed the apps hoping to get the latest Android. And the review sections of these apps pretty much speak for themselves, as most users found out the hard way that the purpose was to actually bring ads to their devices. Obviously, Android OS updates are never delivered via the Google Play Store, so you should never fall for such tactics. Always stick with the system update feature of the device, which is located in the settings section. The more worrying thing is that these apps somehow escaped Google’s filters even though they obviously violate the store guidelines. Hopefully, the search giant would take care of them shortly, but as a general precaution, make sure you check twice before installing something that sounds too good to be true. Source
  19. Google unveils ‘third gender’ emoji coming to Android this year Google has revealed dozens of “third gender” emoji coming to Android smartphones later this year. The new gender-inclusive emoji include police officers, superheroes, wizards, wrestlers and even zombies. Emoji are decided by the Unicode Consortium, which is made up of tech firms like Google, Microsoft, Apple and the internet’s main emoji hub Emojipedia. New emoji are added all the time, and dozens of new designs have now been revealed in a new paper published by Google. “Gender has many exceptions and implantation details, and many aspects of this have been discussed in past documents,” said Google’s Jennifer Daniel. “This document is to note Google’s intent to use gender-inclusive designs where code points exist and to signal Google’s interest in additional gender sequences.” Loads of emoji are getting a new “third gender” option — including zombies.Source:Supplied Apple, Google, Twitter, Facebook, Microsoft and Samsung all offer some “gender-inclusive” emoji already. But — as Google points out — not all human emoji have gender-neutral options. So Google has taken to adding “third gender” designs to a large number of existing emoji. “Each emoji that already has specific options for women or men will be unaffected by this change,” Emojipedia explained. “Gender isn’t going away, it’s getting a third option.” Some users have called for Google to return to its previous “genderless, skin-tone-less blobs”, which were a fan favourite. The “blobs” were largely gender-neutral, which meant that they didn’t cause offence. One Twitter user reacted to the news by writing: “Adding a third gender to emoji is fine I guess. But blob emotes had no gender and that was beautiful.” However, the blobs could also be slightly insulting: “As an aside, at the time the blobs existed on Android, the feedback sent to Google was often not supportive of the choice,” Emojipedia reveals. “People sent a woman in a red dress from iOS or Twitter weren’t necessarily pleased at the blob with a rose in its mouth that arrived on Android devices.” The new gender-neutral emoji will be “coming to Android this year” according to Emojipedia, but there’s no firm release date. It’s possible that other tech firms will also borrow these emoji. Source
  20. How Google could help an Android alternative reach the IoT throne KaiOS is racking up tens of millions of users by catering to the feature phone market. Its momentum with carriers could turn it into a formidable IoT player. Android accounts for about 85 percent of the global smartphone market; iOS accounts for virtually all of the rest. So it has stood for most of the past decade despite a host of failed challengers that entered the market before and after Android's debut. But one operating system is adding tens of millions of users by bringing new functionality to a device that has been all but forgotten in the U.S. KaiOS, which I first wrote about last April as an engine for minimalist phones, is an open source OS. It was spun out of an effort within TCL (owner of the Alcatel and BlackBerry phone brands) from the remnants of Firefox OS. It is well on its way to becoming the modern-day spiritual successor to Symbian, which was once a dominant operating system for feature phones. Indeed, HMD Global, the heir of the Nokia phone brand that was once Symbian's greatest champion and that claims to still be the global leader in feature phones, is using KaiOS in its 8110 "banana" slider phone. However, its biggest success to date has been India's JioPhone. Android has problems, and Google knows that and has plans to replace it with something better. But the Android name won't be going anywhere. While optimized for keypad input, it features a web browser, email client, and other essential apps. It also features an app store, although, in the world of KaiOS, carrier is king. For example, while it is an outlier, the only KaiOS phone available in the U.S. is the Alcatel Go Flip, available via prepaid carriers such as Cricket and Simple Mobile. It lacks the app store. However, while many feature phones top out at 3G and lack Wi-Fi, KaiOS's support for Wi-Fi and 4G should provide connectivity long after major carriers sunset their 3G networks in the next few years. Even as Google continues to target lower price points for Android phones, it recognizes the value it can derive from KaiOS. The company invested $22 million in the effort last year and is the preferred search engine and voice assistant for KaiOS phones. The latter aligns well particularly well with Google's push of its Assistant, the limited input options of many KaiOS phones and larger percentage of illiterate users in developing economies adopting the OS. Feature phones will likely retain a sustainable market for the foreseeable future, but KaiOS is also making a play for the Internet of Things. This is one of the many markets in which Google has struggled to expand Android's reach, recently scaling back its Android Things effort. For Google, Android Things is a developer retention play; the Android model of driving revenue through apps, content and advertising don't apply. KaiOS' carrier customers, though, can leverage IoT devices to sell managed services, particularly as they gear up parts of their 5G networks developed specifically to handle their low-power, low-speed requirements. Still, even though KaiOS devices could eventually outnumber Android devices, there are a number of caveats and reasons why it wouldn't pose much of a competitive threat. First, while the number of IoT devices could eventually outnumber the number of humans and, by extension, mobile phones, KaiOS would likely capture only a fraction of that market. And even if its raw installed base numbers came to dwarf Android's, the widely disparate needs of IoT devices would negate treating such a hardware/software combination as a viable horizontal platform in the way we think of Android or iOS. Still, as the smartwatch market has shown us, there are bound to be edge cases and KaiOS's easily navigable interface, app capabilities and modern connectivity could wind up powering many devices that would otherwise enable Android developers to leverage their skill sets. Source
  21. New Google Policy Means Trouble for Microsoft on Android A new policy implemented by Google for Android apps brings tighter controls for SMS and call logs, technically enforcing a new limitation of the use of services like digital assistants on the platform. According to Google itself, access for call logs and SMS should only be required when it’s absolutely necessary for the app’s core functionality, which Google defines as explained below: “Core functionality is defined as the main purpose of the app. It's the feature most prominently documented and promoted in the app’s description; no other feature is more central to the app’s functionality. If this feature isn't provided, the app is “broken” or rendered unusable (i.e., app is deprived of its primary functionality and will not perform as a user would expect).” These changes mean applications like Microsoft Launcher can now receive your permission to access calls and texts, but at the same time, to also enable Cortana to read this data.New update for Microsoft LauncherAs a result, Microsoft has recently updated Microsoft Launcher with a prompt that seeks your permission to update the device assistant, as you can no longer run Google Assistant and Cortana side by side without setting up these controls. “Due to a new policy from the Google Play Store, Microsoft Launcher needs to be set as your device assistant if you want to do things like let Cortana keep you updated on calls and texts in your feed. Once that’s done, you’ll be good for this update,” the notification reads. The message started appearing after the latest update for Microsoft Launcher, and unless you tap the option that reads “Set it up now,” it comes back occasionally to seek your permission. Obviously, Microsoft Launcher isn’t the only application that needs to comply with this new policy, so expect similar prompts from other apps on Android these days. Source
  22. Kiwi Browser is made to browse the internet, read news, watch videos and listen to music, without annoyances. Browse in peace. Kiwi is based on Chromium and WebKit, the engine that powers the most popular browser in the world so you won't lose your habits. We hope you'll love Kiwi as much as we do. Note for power users and supporters: We have a Discord (chat) community where you can discuss development and share ideas: https://discordapp.com/invite/XyMppQq Main Features: ★ Based on the very best Chromium ★ Incredible page load speed 🚀 Thanks to our very optimised rendering engine, we are able to display web pages super fast. ★ Powerful ad block that removes most of intrusive ads 🔥 ★ Super strong pop-ups blocker that really works ★ Cryptojacking protection The first Android browser that blocks hackers from using your device to mine crypto-currency ★ Unlock Facebook Web Messenger Go to m.facebook.com and chat with your friends without having to install FB application. More goodness: ★ Night mode with customizable contrast and grayscale mode. 100% contrast = pure AMOLED black (actually turns off pixels) - recommended! 101% contrast = pure AMOLED black + white text ★ Bottom address bar ★ Manage websites that appear on the homepage Long-press to move or delete the tiles, click the [+] to add a new website. ★ Disable AMP (Settings, Privacy) ★ Block annoying notifications ★ Block slow and invasive trackers to protect your privacy. ★ Translation into 60 languages. ★ Import / Export bookmarks. ★ Custom Downloads folder Choose where your downloaded files are stored ★ Play videos and music even with the screen off == What is removed: * Chrome Sync First, Google doesn't allow Chrome Sync to be used by third-party browser. Second, Google Sync sends your full history, bookmarks and passwords to servers which is totally not cool. * Data Saver Google doesn't allow to use their platform. I'm working on a Turbo mode, but I'm not sure when it'll go out. == Advanced users: If you want to open links with an external application, you can long-press on the link, or change the default setting in Settings, Accessibility. To add a new search engine, go to your favorite search engine, and do a couple of searches, and then go to Settings, Search Engine. == Kiwi Browser is very new, and still in test. Please help us by sending a little e-mail if you see crashes, bugs or just want to say Hi 😊 == Made in Estonia Screenshots: Part 1 screenshots: Part 2 Screenshots: Changelog: Version Sigma This version includes the latest security improvements from Chromium (including the FileReader bug CVE-2019-5786) - Fix for news not appearing correctly in the homepage feed - Hindi and Chinese Traditional translation - Minor fixes (ex: view-source: ) Links: Homepage XDA Forum Download Comments: After getting tired of Firefox for Android being so slow, I tried many different browsers, all browsers had one thing in common, either they were too heavy or lacked features or they were not trustable / used to steal data. After searching and trying a lot of browsers, I came across this Chromium based browser. It's made a by a Google's Chromium developer / contributor - more details mentioned in the XDA Forum post. This browser has everything one can want, from build-in ad blocker, to disabling of crappy AMP sites to night mode to high speed with no lag - infact the developer claims it's faster than Chrome on Android. It's a must try / use and I recommend it to every Android user here.
  23. Google Testing New Chrome Feature for Faster Tab Switching on Android Google is currently testing a new feature for the Android version of Chrome browser that would make it easier and faster for users to switch from one tab to another. Basically, what Google wants to do is add a new toolbar at the bottom of the Chrome for Android screen that would just display the icons of the websites loaded in the browser. These aren’t thumbnails, but the favicons of each website, and tapping any of them instantly switches the browser to that page. This means you no longer have to open the tab view where you can jump from one website to another, but do it quickly by simply tapping the icons.Still a work in progressXDA explains that the new toolbar would also come with dedicated options to launch a mini tab switcher with a grid layout, but also with a plus symbol to add a new tab on the fly. A commit for this feature shows Google lists it as a work in progress and the development team is working on the underlying code powering it. For the time being, however, this feature is still in the works and isn’t even available for testing in the Canary version of Chrome. Most likely, Google will include it in the experimental browser at some point in the future and users will be able to try it out by enabling a dedicated flag. But as with every other experiment that Google is spotted testing, don’t hold your breath for it because the company could very well kill it off completely before launch if the development team isn’t pleased with the way it works. This the reason the Canary version of Chrome is so important for the future of the browser, as it allows Google to try out new features before they are available for everyone. Source
  24. Cortana and Microsoft Launcher updated with improvements on Android Image Courtesy: Microsoft Microsoft today has pushed out a new update for Cortana on Android. The latest update comes with a new Home Screen interface which is more colourful. Cortana for Android has been updated with a new ‘now playing’ interface to helps users control music without opening the app. New buttons have been added to the home screen to allow users to quickly access email and reminders. You can now also set a reminder on your Windows 10 PCs and Cortana will remind you that on your phone. If you are not having your phone near you and someone is trying to call you, Cortana will alert you on your PC that you have missed a call on your phone. Cortana could also send the caller a predefined text message when you are away. The section of flight status has been updated with a simpler look. Microsoft Launcher In addition to Cortana, Microsoft is also rolling out a new update to Microsoft Launcher on Android. Today’s update advances the app to version 5.2 and adds a couple of new features. For using Microsoft Launcher, the company is now rewarding the users by allowing them to earn Rewards through the daily deal card and by completing other tasks. You will be able to long press on the shortcuts enabled icons even when the home screen is locked. Users will now be able to send a CPU profile via the “Contact Us” option in Settings if they find any performance issues. The font size in the Microsoft Launcher app will now respect the font size of the system. Microsoft has also added Non-full screen folders especially for large screen devices and for users who use the device with only one hand. You can update both apps from the Google Play Store. Source
  25. Microsoft Launcher 5.2 starts rolling out to all Android users Beta testers have been using and quality-checking the 5.2 update for some time now. However today, it appears that the beta version is good enough to be released to general users, as spotted by Italian blog Aggiornamenti Lumia. The Google Play Store still lists the latest version as 5.1.1 from our end, suggesting that the update is likely being delivered to users in a gradual rollout. This would make sense, given how major bugs tend to plague devices right at a major update (remember the Windows 10 October Update debacle?), so a gradual rollout might help them keep an eye just in the small chance something does arise. For those who didn’t see the last post, version 5.2 contains a number of refinements to improve not just the aesthetics of the app, but also its functionality. Large screen phone users will likely be pleased that non-fullscreen folders (as seen in the screenshot at the top) can be toggled on for ease of use, and long pressing of app icons while the home screen is locked will now bring up the shortcuts menu. If you’re interested, you can head to the Play Store and see if the update is live for you. If it is, feel free to let us know in the comments how you’re enjoying the update. Source
  • Create New...