Jump to content
Donations Read more... ×

Search the Community

Showing results for tags 'Mobile'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 110 results

  1. Mobile app developers are going through the same growing pains that the webdev scene has gone through in the 90s and 2000s when improper input validation led to many security incidents. But while mobile devs have learned to filter user input for dangerous strings, some of these devs have not learned their lesson very well. Business logic on the client-side... like it's 1999 In a research paper published earlier this year, Abner Mendoza and Guofei Gu, two academics from Texas A&M University, have highlighted the problem of current-day mobile apps that still include business logic (such as user input validation, user authentication, and authorization) inside the client-side component of their code, instead of its server-side section. This regretable situation leaves the users of these mobile applications vulnerable to simple HTTP request parameter injection attacks that could have been easily mitigated if an application's business logic would have been embedded inside its server-side component, where most of these operations belong. But while leaving business logic on the client-side might sound more of an app design mistake, it is actually a big security issue. For example, an attacker can analyze a mobile app (that he installed on his device) and determine the format of the web requests sent to the mobile app's servers after the user's input is validated. The attacker can then modify a few parameters of these requests in order to poison the desired action Millions of apps potentially affected In a research paper titled "Mobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities," Mendoza and Gu have recently taken a look at this ancient, yet still valid, attack vector. The two researchers created a system named WARDroid that mass-analyzes mobile apps, determines the format of their web requests, and tries to determine if these are vulnerable to these types of attacks. Researchers said they tested WARDroid on a set of 10,000 random popular apps from the Google Play Store. "We detected problematic logic in APIs used in over 4,000 apps, including 1,743 apps that use unencrypted HTTP communication," researchers said. Bt since WARDroid was not a secure indicator that the app's communications template was vulnerable, the two researchers also manually analyzed 1,000 random apps from the ones flagged by their system, confirming that 962 used APIs with validation logic problems. Extrapolating this numbers to the whole Google Play Store, the two academics believe millions of apps might be vulnerable. Issues found in banking and e-commerce apps For example, some of the apps where they found problematic API logic include a banking app, where they said they were able to modify transaction details. Similarly, they also found validation logic flaws in gift card apps that allowed them to load a test account with money to spend at various stores, and similar validation logic flaws in the communications model of apps build using the Shopify SDK. This latter flaw allowed the research team to buy products for negative prices, creating discounts inside Shopify-based mobile stores. "You never wanna trust the client input. This is a harsh lesson that should have already been learned from the lessons on the web platform and web applications," Mendoza said on stage while presenting his research at the 39th IEEE Symposium on Security and Privacy, held in San Francisco two weeks ago. "This work highlights that this continues to be the problem —input validation and just being very cognisant of validating or sanitizing input," said Mendoza, also highlighting that server-side business logic should be as strict as the client-side validation logic, if not stricter. Source
  2. For the second time this week, a company has been found to have accidentally exposed customer data to virtually anyone. Following TeenSafe's incident, it seems that it's now T-Mobile who has left information unprotected due to a bug. The flaw was discovered in April by security researcher Ryan Stevenson. The information was exposed through a portal hosted on a T-Mobile subdomain that could be found using search engines such as Google. According to a report by ZDNet, the page is meant for use by T-Mobile employees and it contained a hidden API that allowed them to look up customer information by simply adding the customer's phone number at the end of the web address. The problem is the site wasn't protected by a password, and anyone who stumbled upon the webpage could have obtained customer data, including their address, full name, billing account number, tax ID number, and even account PINs which are used by customers when contacting phone support. After the bug was reported, T-Mobile fixed the problem and the website now requires visitors to sign in. The company also rewarded Stevenson with $1,000 as part of its bounty program, saying: The company also says that it has no evidence that customer data was stolen via this portal, though history has shown that the scale of these incidents is sometimes not immediately clear. Source
  3. HTC's latest flagship smartphone, the U12+ was launched yesterday with top-of-the-line features and a premium price. However, a smaller, standard U12 lacking some of the features does not exist. To avoid any confusion for consumers, HTC has now explained the reason behind the bizarre naming. In recent times, most smartphones such as the Samsung Galaxy S9 or the iPhone 8 among flagships, or the Moto G6, Redmi 5 and such like in the mid-range, come with a "plus" variant that offers an additional feature or more than the standard variant. HTC has revealed that the U12+ is that variant which features a tall 6-inch WQHD+ screen, the latest Snapdragon 845 chipset, 6 GB of RAM and 128 GB of internal storage, and will compete directly with the other plus flagships featuring similar specifications. According to Android Headlines, the company discussed the strange naming multiple times before finally going ahead with it. Although the size of the device is still marginally smaller than the S9 Plus, the rest of the features of the U12+ are on par with the beefed-up variant from Samsung which helped the decision. It seems that the company does not have any plans to launch a standard variant in the near future and the company's explanation should help those holding out for one in making a decision. HTC launched the U11 last year and followed it up with an incremental update in the form of the U11+ about six months later. In this case as well, we may see some variant of the U12 launch at a later time, but given HTC's dropping sales numbers over the last few years it makes sense that the Taiwanese company is sticking to a small portfolio of devices in a bid to target the right competition. Source
  4. Facebook's Marketplace is getting an update today in the US, shifting it from peer-to-peer transactions to a service which connects professionals to clients. To give a brief summary of Marketplace, it is a section of the Facebook app that facilitates transactions between users. For instance, a Facebook user could open marketplace and buy a used laptop, or decide to sell a vehicle or some old clothes. More importantly for the purpose of this article, it was a user-to-user affair, and only exchanged goods, not services. Today, Facebook is taking its first step to redefining Marketplace as a space where users can connect with professional contractors for personal projects. The firm is starting this slow change with the introduction of "home services", allowing users to contact professionals like plumbers, cleaners and other contractors via the marketplace interface. It's a US exclusive feature right now, and Facebook is partnering with three big names in the business; Handy, HomeAdvisor and Porch. Facebook says that it's integration with these three firms be able to "provide an all-in-one place to complete your next home project" and make it easy to get a quote and close the deal with minimal fuss. You'll be able to appraise professionals by their ratings and reviews, and Facebook will show you credentials and location information to simplify your decision making, Just like with regular Marketplace purchases, you'll be able to use Messenger to contact the contractor at every stage, Facebook is rolling out this service from today and plans to make it available all across the U.S. in the coming weeks. No word on global availability has been given at this time. Source
  5. Dropbox has announced in a blog post today that it's making significant improvements to its mobile apps to improve the collaboration experience on the platform. The new improvements to Dropbox come just one day after Microsoft announced its own set of improvements to OneDrive. For starters, the company is introducing a new File Activity feature. This will allow users to see all the actions taken by other teammates on each file. This includes the history of edits and shares for all users, but users in the Dropbox Professional and Business Advanced tiers will even be able to see the viewer history from the file preview without having to leave the app. This feature is rolling out to the iOS version of the app, but it will be coming to Android soon. The file preview page will also let users add comments and feedback to a file for other teammates to see, and the sharing experience has been made easier across the app, with more visible share buttons. The apps are also getting a redesigned home screen, which gathers the user's starred items and recent files in a centralized place. This should make it easier to find the most relevant files whenever the user opens the app. Lastly, the company says it recently added drag and drop support in iOS 11, which works inside the app and - on the iPad - across apps in split-screen mode. Source < Here >
  6. This day was bound to come, and many expected it to come much sooner than today. Verizon has finally removed the listing for the Microsoft Lumia 735 from its website, which means that there are no longer any official resellers in the United States from which you can purchase one of Microsoft's first party Windows phones. Verizon's Lumia 735 was listed as out of stock for months, and as no longer available for months after that. But if you searched for 'Lumia' on the carrier's website, you'd still see the handset pop up with a price on it. Now, it's finally gone, and you can only find a support page. Verizon was the last major retailer to stop selling Lumias, with Microsoft removing them from its own online store last June. The Windows 10 Mobile devices did make another brief appearance on the Store in February, although it was never made clear if any ended up being sold. If you're still a die-hard Windows phone user, there are still just two options left, unless you want to resort to getting something off of a third-party marketplace like eBay. Microsoft is still selling HP's Elite x3 for $299 and Alcatel's IDOL 4S for $169. Currently, only the latter is in stock, although stock for both of them come and go pretty frequently, so if Microsoft doesn't have the one you want, keep checking back. More details < Here >
  7. Lumen Privacy Monitor is a free application for Google Android that monitors connections that applications make on a device it runs on to uncover communication with tracking servers and data collecting. Created as an academic research project, Lumen Privacy Monitor provided the researchers with a large set of data to analyze. The results were published in the paper "Apps, Trackers, Privacy, and Regulators A Global Study of the Mobile Tracking Ecosystem" (access PDF here). One of the key findings was that the research team managed to identify 233 new trackers that were not listed on popular advertising and tracking blocklists. Lumen Privacy Monitor Android users need to have a strong stomach during installation and on first run: the app requires lots of permissions, needs to install a root certificate, will monitor encrypted and normal traffic by default, and send anonymized data to the researchers. The application requires access to personal data on the device to determine leaks. The researchers note that personal data is never submitted. Still, the application is not open source and it is clear that the privileges that it requests are cause for concern. If you give permissions to the app, install the root certificate and flip the monitoring switch to on, you will get detailed reports about application activity and leaks. Lumen Privacy Monitors monitors apps while it runs. The main interface displays the three tabs leaks, apps and traffic. Leaks display personal or device information that apps may leak. A severity rating is Apps lists all applications that the monitoring app picked up with options to display a detailed report about individual apps. Traffic offers an overview of the analyzed traffic. It includes information about HTTPS and other connections, bandwidth, and the overhead that ads and analytics scripts and connections cause. Apps The Apps group is probably the most interesting as it reveals important information to you. A tap on a monitored application displays interesting information such as the list of domains the application tried to establish connections to, the number of trackers and the overhead caused by them, leaks and traffic overviews, and the list of requested permissions. The list of connections is certainly useful as you can determine whether these connections appear to be valid or not. While you may need to research domains before you understand why the application may want to connect to it, you'd quickly find out if an app connects to tracking servers or makes other unwanted connections. The list of permissions includes risk assessments for each permission which you may use to determine whether to keep an application installed or remove it. Closing Words What I like particularly about Lumen Privacy Monitor is that it reveals the overhead that ads and tracker connections cause, the connections an app makes, and the data leaks of applications. It would be better if the researchers would consider releasing the application as open source to address concerns about the application's wide-reaching permission requests and installation of a root certificate. What you do with the information is entirely up to you. You could consider removing applications or install apps that block connections to trackers to prevent data leaks. Ghacks.net
  8. ESET Mobile Security & Antivirus PREMIUM v4.0.8.0 + Key Requirements: 4.0+ Overview: ESET Mobile Security is a premium cyber security solution that protects your smartphone and tablet. After installing, you automatically get to try all PREMIUM features for 30 days – without subscribing. Then you can upgrade to PREMIUM, or continue with basic protection, which is lifetime for FREE. BENEFIT FROM FREE FEATURES ✓ On-demand Scan triggered by the user ✓ On-access Scan of downloaded applications and files ✓ Quarantine ✓ Anti-Theft – with Remote Lock, Remote Siren and GPS Localization activated by SMS ✓ Support ✓ USSD vulnerability protection ✓ Tablet friendly interface SUBSCRIBE TO PREMIUM FEATURES ✪ Proactive Anti-Theft with web interface on my.eset.com ✪ Anti-Phishing ✪ Scheduled scanning ✪ On-charger scan ✪ Automatic updates ✪ SMS/MMS/Call blocking ✪ Device Monitoring of important settings ✪ Application Audit TRY PROACTIVE ANTI-THEFT ★ Integration with _my.eset.com web interface for Android devices and Windows laptops protected by ESET Smart Security ★ Suspicious state – Autonomous action when wrong PIN/pattern is entered or unauthorized SIM change detected ★ Camera Pictures – Front/back camera snapshots ★ On Screen Message – Customizable message to potential device finder ★ Low Battery – If the device hits critical battery level, its current location is sent to my.eset.com ★ User IP Address Details – Listing of IP addresses the device was connected to if marked as missing JOIN OUR BETA TESTING COMMUNITY Get your hands on the latest versions of ESET Mobile Security and help us shape the future of our Android apps by following this link: _https://play.google.com/apps/testing/com.eset.ems2.gp PERMISSIONS In order to protect your Android device and valuable information, we will ask you to grant ESET various permissions. ESET will NEVER use these permissions for data collection or Marketing purposes. Promise! For a detailed explanation of what each type of permission is used for, please see our Knowledge Base _http://kb.eset.com/android IF SOMETHING DOESN’T WORK If you are experiencing any issues with the latest version of ESET Mobile Security & Antivirus, please send us the log files using the in-app form, which you can access by pushing the menu button (generally a hardware button located in the lower part of the device) and then tapping on ‘Customer Care’. FEEDBACK After you install ESET Mobile Security & Antivirus, you will become part of our community, which will enable you to send your feedback. If you have any suggestions, questions or just want to say hello, please send us an e-mail to [email protected] What's New - Small bug-fixes and optimizations Key until 2019 This app has no advertisements More Info: https://play.google.com/store/apps/details?id=com.eset.ems2.gp&hl=en Download Instructions: https://uploadocean.com http://turbobit.net
  9. Nova Launcher Prime APK V5.5.3 Cracked [Unlocked] Nova Launcher Prime The highly customizable, performance driven, home screen replacement Accept no substitues! Nova Launcher is the original and most polished customizable launcher for modern Android Features Ok, Google – Use Google Search’s hotword right from the home screen, just say the words Ok, Google. Color Theme – Set the highlight accent color for the launcher Also individual Color controls for labels, folders, unread count badges, drawer tabs and background Icon Themes – Find thousands of icon themes for Nova Launcher on the Play Store Subgrid positioning – Much greater control than standard launchers, Nova Launcher allows you to snap icons or widgets half way through the desktop grid cells Customize App Drawer – Custom tabs, Vertical or Horizontal scrolling, Custom effects Infinite scroll – Never far from your favorite page, loop through the desktop or drawer continously Backup/Restore – Sophisticated backup/restore system allowing you to backup your desktop layout and launcher settings Scrollable Dock – Create multiple docks and scroll between them Widgets in dock – Place any widget in your dock, such as a 4×1 music player widget Import Layout – No need to rebuild your desktop from scratch, Nova Launcher can import from most popular launchers. Including the one that came with your phone. Fast – Nova Launcher is highly optimized to do it’s work quickly and quietly, keeping the animations smooth and letting you use your phone as fast as you can move your fingers. Unlock the following extras with Nova Launcher Prime Gestures – Swipe, pinch, double tap and more on the home screen to open your favorite apps Unread Counts – Never miss a message. Unread count badges for Hangouts, SMS, Gmail and more using the Tesla Unread plugin Custom Drawer Groups – Create new tabs or folders in the app drawer Hide Apps – Keep a clean app drawer by hiding never used apps Icon Swipes – Set custom actions for swiping on app shortcuts or folders More scroll effects – Such as Wipe, Accordion, and Throw What’s New?(5.5.3 + 5.0.8) Pixel Style Launcher Improved Transition Dynamic Icons that pulls badges from notification content Backport of Android 7.1 and many more! Option to disable dynamic icons Dots! Android O style notification badges Google Now Integration! Swipe Right Internal Changes Adaptive Icons like Oreo How to install it? Uninstall previous version of Nova Launcher apk & Tesla Unread Plugin Install all of the apks given in the archive. Launch Nova Launcher Enjoy! Download Nova_Launcher-Prime-5.5.3-Final.apk (link corrected)
  10. In some cases, like with 5.5-inch screens, AMOLED panels are now the cheaper option. AMOLED displays are popular for the pure blacks and energy efficient 'glance' displays they enable. Thus they are seen as a premium option for smartphone and laptop users, and AMOLED panels are only seen in really high-end TVs. However, thanks to competition and demand spurring greater production, prices are starting to become more competitive with TFT LCD panels, reports IT industry journal DigiTimes. According to the source report "The production cost for a 5.5-inch HD AMOLED panel has drifted to US$12.10 recently, compared to US$12.20 for a 5.5-inch HP LTPS LCD panel". This is a big change to the previous state of affairs where AMOLED panels had "much higher," prices due to the increased production costs. Thanks to the levelling off of prices and demand it's expected that AMOLED panels will be equipped on up to 50 per cent of smartphones by 2020. Back to the AMOLED panel pricing news, and there is hope that larger displays, not just those aimed at smartphones and tablets, will come down in price. LG Display's E4-2 fab, its second production line for AMOLED displays for TVs, will enter volume production in H2 2017, says DigiTimes. Thanks to the new production line AMOLED TV display production is set to more than double to 1.5 million units, say sources. Furthermore, several Chinese panel makers have been investing in AMOLED production facilities with output set to increase fivefold (comparing 2016 output to that estimated to come on line in 2018). View: Original Article
  11. Dual camera, faster A53 and Adreno 506 Qualcomm has four different phone tiers - the Snapdragon 800 as a premium tier, Snapdragon 600 for a high-end tier, Snapdragon 400 for a mid-tier and Qualcomm 200 mobile platform as an entry level tier. The company has already announced the Snapdragon 835 as its flagship product for this year. It also announced the Snapdragon 660 and 630 as well as the Snapdragon 205 for the entry level. Now the Snapdragon 450 is the first 14nm FinFET for high quality and cost effective designs. Qualcomm has more than 1900 designs based on the 400 series launched or in the works. This is a massive number that underlines the importance of this market. Some of the phones based on the 400 series include the HTC desire 510, the LG Lancet, the ZTE Speed, Marshall London, the Kyocera Hyrdo Wave, the Samsung Galaxy J5, the Moto G Play, Blu Life One, Oppo A33 and the Vivo Y35A. The Snapdragon 450 still uses eight Cortex A53 cores now clocked at 1.8GHz or 500 MHz faster than the previous Snapdragon 435 platform. The platform is software compatible with the Snapdragon 425, 427, 430, 435, 625 and 626. This will enable manufacturers to decrease the time to market and stay competitive. A 500 MHz higher clock can result with 25 percent higher CPU performance and up to 20 percent faster social app launching, up to 20 percent faster email launching, 15 percent faster to launch maps and over 10 percent faster launch of gaming apps. Due to the 14nm FinFET design, the battery life will get significantly better and you can expect four more hours at the end of the day compared to the Snapdragon 435. This is equivalent to 1.5 days talk time, eight days of music, 18 hours of video playback, 14 hours of streaming videos, seven hours of video capture or 15 hours of gaming. On top of that, Snapdragon 450 supports Quick Charge 3.0 technology that will let you charge your phone from zero to 85 in 35 minutes. This is up to 27 percent faster and 45 percent more efficient compared to the previous generation and now the platform supports a very popular USB Type C. Qualcomm location enables higher accuracy positioning with lower battery consumtion compared to a GNSS only solution. Adreno 506 brings up to 25 percent faster graphics rendering with up to 30 percent lower power. Gaming will definitely get faster. One way to think about the Snapdragon 450 is that most features from last year’s 600 series are inherited in the 400 series. The Snapdragon 450 supports quick charge 3.0, power management, improved speaker amp, touch, fingerprint and audio codec. The SoC supports Snapdragon X9 LTE modem and joins the large Carrier aggregation supporting family. The X9 LTE enables Cat 7 downlink speeds with up to 300 Mbps, and Cat 13 uplink speeds of up to 150 Mbps. The modem supports 2x20MHz carrier aggregation and some advanced compression features including the 64 QAM. From the connectivity point of view, the Snapdragon 450 supports 802.11ac with MU-MIMO (Multi User MIMO) a feature that can tremendously speed up wireless speeds when matched with a router supporting this feature. It is important to remember that Cat 6 with 300 Mbps speeds is available in 95 countries globally. More than 130 operators are investing in Cat 6 LTE. There are currently 194 commercially launched CA networks. The Snapdragon 450 supports dual camera setup, each supporting up to 13 megapixels and a single camera solution can take care of a 21 megapixel camera. The camera supports Real time Bokeh, a camera blur affect during camera preview and Qualcomm Clear sight, something we got to experience with the higher Snapdragon tiers. The SoC can combine the information from the Bayer/RGB sensor with a black and white sensor, resulting in improved sharpness in all lightning conditions, especially in low light. Snapdragon 450 supports 1080p @ 60 FPS with Full HEVC encode and decode that should enable smoother video capture and playback. This is an important step up compared to the Snapdragon 435 that supports 1080p @ 30 FPS. The Snapdragon 450 supports high quality audio recording with sound focus and ability to suppress unwanted noise from outside the field of view. The new platform also supports FHD+ screens at 60 FPS including the new and popular 18:9 aspect ratio. You can expect to see higher quality displays with extended power saving in the new Snapdragon 450 tier. If that is not enough, despite the usual fingerprint sensor, the Snapdragon 450 is the first to enable eye based authentication. This is a one stop integration for OEMs with liveness detection, real-time authentication and cutting edge performance. The platform supports USB 3.0, a speedy increase from the USB 2.0 with Snapdragon 435. Commercial sampling to customers is expected in Q3 2017 and in devices in Q4 2017. It will be, as always, up to Qualcomm customers to announce products. Fudzilla asked Kedar Kondap, a vice president of product marketing, about the price range of the Snapdragon 450 devices and you can expect to see the Snapdragon 450 based phones between $150 to $250. Kedar pointed out that it will be up to manufacturers to implement the features and higher quality components will dictate the price. US and European readers should be familiar with the very successful Moto G Play, a $/Euro 150 phone that launched with Snapdragon 400 series and did a good job. Of course some brands from China will be able to offer this phone for less than that as Xiaomi Redmi 4A powered by Snapdragon 435 is currently selling for 599 Chinese Yuan ( 77.35 Euro / $88.36). Imagine the possible successor to the Snapdragon 450, that will be a hell of a phone for less than $99 bucks, at least in China and India. View: Original Article
  12. This is the Essential Phone The Essential Phone, brought to us by the person who created Android, is finally ready for the spotlight. It’s an incredibly audacious and ambitious project, with an outlandish screen and the beginnings of a modular ecosystem. First, the Android phone basics: the Essential Phone costs $699 with top-of-the-line specs and features. As you can see above, it prominently features an edge-to-edge display that one-ups even the Samsung Galaxy S8 by bringing it all the way to the the top of the phone, wrapping around the front-facing selfie camera. It’s a unique take on a big screen that makes the phone stand out — and it’s smart, too. Often, the status bar at the top of an Android phone doesn’t fill that middle space with icons, so it’s efficient. The screen does leave some bezel at the bottom of the phone, but nevertheless it’s as close to the whole front of a phone being display as I’ve seen. Essential is launching the phone in the US to start, and it’s filled the phone with radios that should make it work on all major carriers, alongside usual Android flagship internals like a Qualcomm 835 processor, 4GB of RAM, and 128GB of storage. And because Essential seems to be hanging its hat on the idea of shipping phones without extraneous junk (the designers don’t even put a logo on the exterior), chances seem good that there won’t be a ton of extraneous software laded on to slow the phone down. Essential is clearly planning on releasing a very well-made phone: the screen looks promising, it has no annoying logos, and it is built with a combination of titanium and ceramic so it can survive a drop test “without blemish, unlike the aluminum competitor devices.” (Those would be Samsung and Apple, if you’re wondering.) But nice hardware isn’t all that hard to come by on Android phones, so the company is aiming to build an ecosystem of accessories. It starts with a magnetic connector and wireless data transfer. Essential will ship a 360-degree camera that can click in to the top of the phone, and the company will also offer a charging dock. Both connect to the phone with small metal pogo pins. They won’t entirely replace USB-C for most people, but Essential is clearly hoping that they could someday. peaking of ports, there is no traditional 3.5mm headphone jack — which is a bummer. We’re told that it will ship with a headphone dongle in the box. It’s possible that other audio accessories could be made that could clip on to the magnetic accessory port. The Essential Phone also has a good take on the dual-camera systems we’ve seen on other phones. Rather than use the second lens for telephoto or bokeh, it’s using it for a monochrome sensor, just like Huawei has been doing with the P9 and P10. That second sensor will be able to take in more light than a traditional color camera, meaning it can be combined with the regular 13-megapixel for better low-light shots. The front-facing camera is in line with current expectations, too: an 8-megapixel sensor that can also capture 4K video. All that sounds great, but it ignores some key facts in the smartphone space: Apple and Samsung have it pretty locked up right now. The pessimist might say that although this phone looks incredible, it is also likely to break upon the shoals of the phone market, the same rocks that have cracked every Android phone that doesn’t have the Samsung logo emblazoned on it: carrier support, consumer interest, and lack of true differentiation. But when it comes to cracking on the rocks, Andy Rubin claims that the Essential phone’s titanium and ceramic build is better able to withstand a drop test. Presumably, Essential’s grander ambitions are equally durable — it’s impossible to look at just this phone outside the context of Essential’s other announcements: the Essential Home speaker and its Ambient OS. Even if those ambitions don’t bear out, the Essential Phone itself is exciting on its own. It’s a simple, straightforward Android device that respects the user: it’s powerful, clean, and not entirely beholden to the business whims of the giant companies that currently control the mobile and smart home markets. If nothing else, it deserves our attention because it’s coming from Andy Rubin, who knows a thing or two about doing the right thing in the smartphone world. Source
  13. Almost all recent OnePlus smartphones are vulnerable to attacks that can downgrade the phone's operating system and expose the device to previously patched security flaws. Mobile security expert Roee Hay of Aleph Research discovered the vulnerabilities and reported the problems to OnePlus in January, but the company failed to address any of the issues. According to Hay, the vulnerabilities affect OnePlus models such as X, 2, 3, and 3T, running both OxygenOS and HydrogenOS, which are custom versions of the Android OS running on OnePlus phones. Attack is possible because of OTA update process via HTTP Hay says that an attacker can launch an attack and hijack the phone's Over-The-Air (OTA) update process, which is susceptible to man-in-the-middle (MitM) attacks because it's handled via HTTP instead of HTTPS. The researcher says that even if OnePlus OTA update packages are signed to prevent the installation from unauthorized locations, they aren't verified based on version or timestamp. This slip-up allowed Hay to install an older version of the OxygenOS or HydrogenOS, downgrading the phone to a previous OS version that was susceptible to previously patched security flaws. The video below shows Hay performing the OS downgrade attack. In addition, Hay also discovered that an attacker could also install OxygenOS on devices designed to support HydrogenOS, the precursor of OxygenOS. In some cases, installing the superior OS on an older product would lead to crashes or a permanent denial of service. Last but not least, Hay also installed another version of the Android ROM boot-up package on different OnePlus devices. For example, the OnePlus X ROM on a OnePlus One device and vice versa, causing again, a denial of service state due to hardware incompatibilities. Physical access attack is also possible Besides these scenarios that rely on performing a MitM attack on the OTA update, the Aleph Research expert discovered that an attacker with physical access to the device could also reboot the phone into Recovery Mode and sideload the OTA package that way. Unlike the MitM attack that was universal, this second attack vector only worked on OnePlus 3 and 3T models, and where the Secure Start-up feature is disabled. This is the second time Hay has taken the hammer to OnePlus security. Back in March, the researcher published another piece of research that showed how an attacker could hijack OnePlus 3 and 3T models with a malicious charger. Videos of those previous vulnerabilities being exploited — which OnePlus developers patched — are available below. Source
  14. Plenty of people have been burned by Samsung, but that was mainly due to exploding Galaxy Note 7s. But now one guy has been burned hard on Twitter after trying to be funny and failing miserably. It all started when Samsung recently asked people to tweet the first pictures that they took with their Galaxy S8s. Many people politely did as requested, but there’s always one person who wants to ruin it for everybody else. In this case that person was @savEdward, who told Samsung that the first pic they took was in fact a picture of their genitalia. Unfazed by Edward’s attempt at humor however, Samsung shot back with a single hilarious emoji that spoke much louder than words ever could. See for yourself below. The moral of the story? Don’t mess with Samsung! Samsung recently asked people to send them the first pictures they took with their Galazy S8 It didn’t take long for the internet to show its appreciation Source
  15. MiniTool Mobile Recovery for iOS is a piece of iOS data recovery software. This tool supports recovering lost data, like photos, messages/imessages, contacts, call history, notes and etc files from iPhone (or other iOS devices), iTunes and iCloud backup. MiniTool Mobile Recovery for iOS has three recovery modules: “Recover from iOS Device”, “Recover from iTunes Backup File” and “Recover from iCloud Backup File”. You can choose a proper module according to the actual situation to recover the lost data.MiniTool iOS Data Recovery provides free iPhone data recovery service. No matter your files were lost due to accidental deletion, iOS upgrade failure, factory resettings or white apple, etc.. MiniTool Mobile Recovery for iOS will find and fully restore all files. LINK
  16. Hi Guys, I was wondering what Windows based File managers you guys are using for your andfroid devices i usued to use only Android Commander untill ddevelopment stopped now i use it alongside MobileGo. what are you guys using and does anyone know which is the closest to android commander, this was the best imho.
  17. A JavaScript file secretly loaded without your knowledge on a site, or app you load on your mobile device, can access data from various sensors and collect information needed to guess the passwords or PIN a user is entering on his device. This novel attack technique was discovered and explored by a team of scientists from the University of Newcastle in the UK, who say the script can collect data from around 25 sensors, which together, allow an attacker to infer what the user types on his device. Not all sensors are restricted by OS permissions The attack is successful because mobile operating systems do not restrict applications, such as browsers, from accessing all these sensors. The current built-in permissions model asks users to grant an app access to sensors such as GPS, camera, or microphone, but not to data from the phone's accelerometer, gyroscope, proximity, NFC, and rotation sensors. Due to lowering costs, these sensors are now becoming a common feature in modern smartphones, but mobile operating systems are lagging behind. Attack relies on malicious JavaScript code The four-man research team wrote a JavaScript file called PINlogger.js which accesses these ungoverned sensors and logs sensor usage data. If the user allows the browser or a tainted app to run in the background of his phone, while using another app, the PINlogger.js script will continue to collect sensor data. If at any point the user enters PINs or passwords, PINlogger.js records the data and sends it to an attacker's server. The more sensors the phone is equipped with, the more data the attacker has at his disposal to deduce what the user has typed. "It’s a bit like doing a jigsaw – the more pieces you put together the easier it is to see the picture," says Dr. Siamak Shahandashti, a Senior Research Associate in the School of Computing Science and one of the researchers that worked on the study. Attackers can guess PINs with a high degree of accuracy Just by listening to motion and orientation sensor streams, which do not require special permissions to access, researchers said that an artificial neural network they've trained was able to crack four-digit numerical PINs on the first try with a 74% accuracy based on the data logged from 50 user devices. The accuracy grew to 86% and 94% when the neural network was allowed a second and third try, respectively. Further, the algorithm coould also be adapted to handle full alpha-numerical characters. According to researchers, the entire point of their research was to raise awareness to the vast number of smartphone sensors which applications can access, and for which mobile OS vendors haven't yet included in their standard permissions model. Some browser vendors have implemented fixes The research team has also filed bug reports with several browser vendors. Following the team's reports, starting with Firefox 46 (April 2016), Mozilla has restricted JavaScript access to motion and orientation sensors to only top-level documents and same-origin iframes. Similarly, starting with iOS 9.3 (March 2016), Apple implemented a similar restriction for Safari. The issue remains unresolved in Chrome. In the future, researchers would like to see mitigations solutions at the OS level, rather than applications. The full research paper was published today in the International Journal of Information Security, and is entitled "Stealing PINs via mobile sensors: actual risk versus user perception." At the top of this article there is a video of PINlogger.js collecting sensor data from an iOS device. Source
  18. Nokia To Smartphone Owners: Malware Infections Are Far Higher Than You Think Nokia warns that mobile malware infections grew dramatically in the second half of 2016. Overall, the monthly smartphone infection rate averaged 0.90 percent, an 83 percent increase over the first half of 2016. Nokia no longer makes mobile devices but it's carving out a new business in mobile and Internet of Things security. Now new research from the unit is reporting a 83 percent rise in monthly smartphone infections in the second half of 2016. Two years ago Verizon challenged assumptions about the spread of mobile malware, reporting that just 0.03 percent of smartphones on its network were infected with 'higher-grade' malware. It was much lower than the 0.68 percent infection rate estimated in Kindsight Security Labs' biannual report. But a new report from Nokia, based on data from mobile networks that have deployed its NetGuard Endpoint Security, suggests infections are actually far higher. According to Nokia, the monthly rate of infections in mobile networks peaked at 1.35 percent in October, and averaged 1.08 percent in the second half of 2016. The average infection rate in the first half was 0.66 percent, translating to a 63 percent rise between the periods. It also measured monthly infections on smartphones and says the average rate was 0.9 percent in the second half, up 83 percent from 0.49 percent in the first half. Over the entire year, it says smartphone infections rose a whopping 400 percent. Nokia's data included around 100 million devices across Europe, North America, Asia Pacific and the Middle East. It says that 81 percent of infections were on Android devices, 15 percent on Windows devices, and four percent on iPhones and other mobile devices. It notes that Windows share of infections it counted shrank from 22 percent in the first half of 2016. Although Nokia's report doesn't exclusively deal with Android, it offers a contrast to Google's assessment of malware infections in its Android Security 2016 Year in Review report, released earlier this month. Google reported Android device infections at 0.64 percent in the first quarter of 2016 growing to 0.77 percent in the second quarter, and then moving to 0.67 percent and 0.71 percent in the third and fourth quarters, respectively. Google's measure is based on the frequency it finds PHAs or potentially harmful applications during a "routine full-device scan" with its Verify Apps Android anti-malware service. Google said since 2014 infections on Android have been less than one percent. It also noted that users were 10 times more likely to download malware from outside Google Play than inside its store in 2016. While Nokia reports that infections on mobile networks are increasing, infections on fixed-line residential networks have been falling since the beginning of 2015, despite a bump in early 2016 due to a surge in adware. Source
  19. Call centers in Washington, DC, were affected by AT&T's 911 outage on March 8, 2017. The FCC reported preliminary findings of its investigation on the outage at the agency's March meeting. A network configuration error left thousands of AT&T customers around the country without access to emergency 911 service for five hours, the FCC said. AT&T's 911 service outage earlier this month affected thousands of customers across the country, according to a preliminary report from the Federal Communications Commission. On March 8, roughly 12,600 callers throughout the US were unable to reach 911 emergency dispatchers for five hours, Lisa Fowlkes, acting chief for the FCC's Public Safety and Homeland Security bureau, told commissioners at the agency's monthly meeting Thursday. AT&T told the FCC that it typically handles 44,000 calls through its 911 service each day. The outage occurred after AT&T had reconfigured its voice over LTE network, which transmits voice calls over the same network that handles its high-speed internet service. Some calls were rerouted to backup call centers. These calls were being manually forwarded to 911 operators, but when the volume of calls became too large, some calls were dropped, Fowlkes explained. This resulted in some customers experiencing busy signals when they tried to call 911. Public safety officials told the FCC that some calls continued to ring and went unanswered while other callers say they heard nothing on the line. A second AT&T 911 outage, caused by a hardware failure, occurred on March 11, which affected a smaller portion of calls, Fowlkes reported. The FCC said the two outages were unrelated. "We've done an extensive evaluation of the outage, which was caused by a system configuration change between our network and a certified 911 vendor, and we're taking steps to address the issue," an AT&T spokesman said in a statement. "We take our obligations to our customers very seriously and will continue to work with the FCC as it completes its report on the situation." The incidents come as problems with 911 service in Dallas this month may have resulted in the deaths of at least two people, one of whom was a six month infant. Initially it was believed T-Mobile may have been to blame, but the city of Dallas has since said the issue was not related to the mobile network, but was instead the result of large numbers of callers hanging up and redialing 911. FCC Chairman Ajit Pai had announced an investigation into AT&T's outage as it was happening on March 8. He said at the meeting that he takes seriously the agency's duty to protect the nation's communication system The FCC is continuing its inquiry into the incident, Fowlkes said. Source
  20. The interestingly named "Swearing Trojan" appears to be using fake mobile base stations in China to send phishing SMS messages to fool victims. If you're heading to China, you may want to watch out for legit-looking SMS messages from local carriers China Mobile and China Telecom. That's because the group behind the banking malware known as "Swearing Trojan" has been using fake mobile stations to masquerade as a real carrier and send phishing SMS messages that trick you into clicking on a malicious URL, according to security research group Check Point. While there have been reports that the authors behind the malware have been arrested, Check Point said it is still detecting the spread of the malware. Once installed, Screaming Trojan intercepts your bank's 2FA passwords, giving the malware authors access to your bank account. Besides fake mobile base stations, the malware also propagates via your contact lists, using seemingly real messages to get other victims to download the malware or fake "nude celebrity" scams to get victims to click on a malicious URL. Source
  21. Business reservations are coming to the selfie service. Instagram is looking to do more for advertisers than unveiling new filters, as the Facebook-owned service will soon allow users to use the picture sharing site to also book appointments with local businesses. The feature would allow the 8 million-plus businesses that use Instagram to attract customers to get more use out of social media network, according to Bloomberg. The new feature appears to be as straightforward as reserving a table for two at 7pm or squeezing in a trim at a local barber with simple interactions on the Instagram app - a boon to those looking for more customers than "likes." Instagram plans to roll out this feature in the coming months, with the service also reportedly giving some thought to adding reviews and other business-minded tools. Instagram head of business James Quarles says that 80% of the site's users follow a business of some kind, making it logical to have the service shift focus to local shops and not just Spring Break selfies and food pics. Additionally, these features effectively pit Instagram with other long-standing reference sites like OpenTable and Yelp, making it all the more interesting to see what direction Facebook takes its filter-flipping service going forward. Source
  22. Google released a developer version of Android O, and here are some of our favorite features and why you should actually care. It's a fun day when the developer preview for an upcoming operating system is released. Whether you're a developer or not you get a sneak peek at upcoming features that may soon be coming to your phone. Google released Tuesday the developer version of its next Android OS currently called just O. Some of O's most exciting features are better battery life, easier controls for notifications and picture-in-picture video for both phones and tablets. There's no guarantee all these features will be in the full release some time later this year. 1. Battery life Improving the battery life is one of the biggest and most welcomed features of Android O. Similar to iOS, Android O will limit and manage what apps do in the background while multiple apps are open. This is one of those "behind the curtain" features that you'll appreciate even if you can't see exactly how it works. For example, if you are using Instagram but have Google Maps open in the background, location services will update the location less frequently for Maps to keep it from draining your battery as fast. 2. Notifications channels Notifications have always been one of the perennial strong features of Android. In O, you can group your notifications into channels or as Google describes it: "app-defined categories for notification content". So if you had a channel of apps that are all "news" related, you could interact and control notification settings for all the apps in the news channel at once. 3. Snooze notifications Sometimes as wonderful as notifications are, you just need them to be quiet for a little while. Android O gives you the ability to snooze notifications simply by sliding your finger across a notification and then selecting how long to snooze it for: 15, 30 or 60 minutes. 4. Picture-in-picture While we've seen picture-in-picture video for the iPad, we've yet to see it fully functioning on a phone. Android O brings the ability to keep a video playing while interacting with another app. To what extent this feature is incorporated by video apps like Netflix and HBO Now remains to be seen. But hopefully you'll be able to keep watching "Game Of Thrones" as you check the weather to see if winter is indeed coming. (Spoiler: It is.) 5. Lock screen shortcuts On the lock screen in Android Nougat there is a microphone icon for quick access to Google Assistant and a camera icon for quick access to take a picture. Android O will allow you to customize your lock screen with even more shortcuts. 6. Autofill system wide If you use a password manager app, Android O gives you easy yet secure access to it across your device via autofill. You will be able to select which password manager app you want to take advantage of a system wide autofill feature. This is similar to the way you can now select which keyboard to use across your apps on your phone. 7. Wide-gamut color What the heck is wide-gamut color? Exactly. While this feature might not mean much to you now, it's really about future proofing. As displays improve with newer phones and tablets, your apps will be able to take full advantage of all the colors and their subtleties. Just imagine how amazing all your cat pics will look. 8. HiFi Bluetooth audio Your phone will now be able to wirelessly stream higher quality audio. Obviously, to fully hear the higher quality depends on the quality of the audio recording and the speaker or headphone with which you're listening to it. This is a big plus for any audiophiles out there. 9. Keyboard shortcuts Good news if you use a keyboard with an Android tablet: Android O gives better support for developers to make navigation and shortcuts easier to use via a physical keyboard. Could this pave the way for Android laptops, and maybe Chromebooks? What's next for O? This is a very early build of Android O so we can't say what other features will be added in the future. It's so early, that we don't even know what sweet treat Android O is named after! Oreo? Oatmeal cookie? Orangesicle? We have a few guesses as to what O could actually be. We are bound to learn more in depth about the features we highlighted as well as any new ones at Google's annual software developer conference I/O, in May. Source
  23. Keep charging phones away from bathrooms A UK man plugged his iPhone into an outlet via an extension cord and appears to have rested the charger on his chest in the bath. Richard Bull was found dead in the bathtub. His wife found him with severe burns to his body at their home in London. As the Daily Mail reports, when police arrived at the scene they found an extension cord leading into the bathroom from the hallway. "We found an iPhone plugged into the extension cable and then the charger element in the bath," PC Craig Pattinson told an inquiry into Bull's death. He added: "The extension cable was on the floor and it appeared as though he had his phone charger on his chest and the part between the phone charger and the cable had made contact with the water." The inquest concluded that 32-year-old Bull's death was caused accidental electrocution. However, the coroner, a public official who investigates suspicious, sudden or violent deaths, said he was extremely concerned that people didn't realize that phones were as dangerous near water as, say, hairdryers. The coroner, Dr. Sean Cummings, told the inquiry: "They should attach warnings. I intend to write a report later to the makers of the phone." Apple didn't immediately respond to a request for comment. The Mail quoted Bull's brother Andrew as saying: "I live in the US and they say it can't happen, and that there is not enough electricity. But in the UK it is enough. You don't think there is enough electricity but there is." Source
  24. I am just copying the important chunks from this article The recent leaks reveal how, for years, CIA was busy hacking into many consumer electronics devices, including Wi-Fi routers, Samsung Smart TVs, iPhones and Android-powered devices. According to the documents, the agency employed specialized tools to exploit the security vulnerabilities in these devices and recorded videos, audio conversations, text messages, or anything that could help them keep tabs on the owners of those devices. According to WikiLeaks, many malwares and hacking tools were developed by EDG (Engineering Development Group), one of CIA’s own software development group, while some tools and applications were acquired from other government agencies or third-party dealers. The CIA dubbed these third-parties as their partners, and used codenames like SurfsUp, Peppermint, Anglerfish and Fangtooth. Forbes reported that these vulnerabilities are worth a lot in the market, i.e., over $1 million for every bug. Severity of the leaks: The malware created by CIA for hacking into users’ personal gadgets are so effective that they can safely bypass even the most popular security programs. Amongst Different OSs, Android Attracted the Most Exploits The popular Smartphone Operating System, Android, enjoys a major market share in the Smartphone industry. Perhaps, that’s what makes it one of the important targets for the Central Intelligence Agency. Amongst the many exploits reported by WikiLeaks, a good chunk of those exploits were especially developed to break into Android devices and applications. Chronos, purchased from Anglerish, exploits the security weaknesses of Android devices that are running on 4.0 Dugrito, another tool by Anglerfish, is a remote access exploit that hits devices running 4.0 – 4.1.2 Flamekimmer, a tool by SurfsUp, hits devices that use Broadcom Wi-fi chipsets, running OS 4.4.4 RCE bugs, by Anglerfish, Fangtooth, NSA and GCHQ, are remote access exploits that can be used for hacking into any device from anywhere Dragonfly, currently no information available except that it is a RCE bug for Android security exploits Sulfur, by Fangtooth, one of the most critical exploits that hits the kernel files of Android, leaking information remotely RoidRage, another tool that allows hackers to have remote access of the hacked device At first, WikiLeaks provided detailed information on these Android exploits by CIA but it later redacted the pages to prevent the actual codes from getting into the wrong hands.
  25. Your Samsung, LG, Xiaomi, or other Android smartphone could be pre-loaded with malware Despite being based on the very secure Linux kernel, Android isn't necessarily a very secure operating system. Unlike iOS which does a great job of shielding its users from installing apps from outside Apple's own App Store, it is far too easy to do so on Google's mobile OS. Also, there is nothing requiring manufacturers to issue device updates, meaning many users are forced to use outdated and vulnerable versions of the operating system. For the most part, however, Android users can remain safe by acting intelligently, such as only installing apps from the Play Store. Well, that might not be so true anymore. You see, it has been discovered that many models of Android smartphones -- from manufacturers such as Samsung, LG, and even Google's own Nexus line -- are being sold with malware pre-installed. This is particularly bad malware, as it can steal user information. Some devices even came pre-loaded with ransomware! "The Check Point Mobile Threat Prevention has recently detected a severe infection in 38 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users' use, it arrived with it," says Oren Koriat, Check Point Mobile Research Team. Koriat further says, "According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed." Check Point shares the following make and models of Android devices, plus the associated infected APK. Smartphone Malware APK Asus Zenfone 2 com.google.googlesearch Google Nexus 5 com.changba Google Nexus 5 com.mobogenie.daemon Google Nexus 5X com.changba Lenovo A850 com.androidhelper.sdk LenovoS90 com.google.googlesearch LenovoS90 com.skymobi.mopoplay.appstore LG G4 com.fone.player1 Oppo N3 com.android.ys.services OppoR7 plus com.example.loader Samsung Galaxy A5 com.baycode.mop Samsung Galaxy A5 com.android.deketv Samsung Galaxy Note 2 com.fone.player0 Samsung Galaxy Note 2 com.sds.android.ttpod Samsung Galaxy Note 3 com.changba Samsung Galaxy Note 4 com.kandian.hdtogoapp Samsung Galaxy Note 4 com.changba Samsung Galaxy Note 4 air.fyzb3 Samsung Galaxy Note 5 com.ddev.downloader.v2 Samsung Galaxy Note 8 com.kandian.hdtogoapp Samsung Galaxy Note Edge com.changba Samsung Galaxy Note Edge com.mojang.minecraftpe Samsung Galaxy S4 com.lu.compass Samsung Galaxy S4 com.kandian.hdtogoapp Samsung Galaxy S4 com.changba Samsung Galaxy S4 com.changba Samsung Galaxy S4 com.mobogenie.daemon Samsung Galaxy S7 com.lu.compass Samsung Galaxy Tab 2 com.armorforandroid.security Samsung Galaxy Tab S2 com.example.loader vivo X6 plus com.android.ys.services Xiaomi Mi 4i com.sds.android.ttpod Xiaomi Redmi com.yongfu.wenjianjiaguanli ZTE x500 com.iflytek.ringdiyclient It is important to note that the phones are not coming from the manufacturers with the malware installed. Instead, third-party retailers (or their suppliers) are pre-loading malware on the devices, which are sold to unsuspecting consumers. In other words, if you purchased your phone new from a trusted retailer like Best Buy, for example, then you should be fine. If you bought a phone from, say, eBay or Craigslist, you could be infected -- but it is not a guarantee. To make matters worse, the malware cannot be easily removed -- an app cannot do it, sadly. Check Point found that the phones must be re-flashed entirely, with a clean version of the OS. This is likely beyond the capabilities of the average consumer. Article source
×