Searching For Privacy

Share if the site was helpful

Searching For Privacy

We’ve grown somewhat used to the phrase “If you’re doing nothing wrong then you have nothing to hide”.  That being said, plenty of us don’t take it as truth that privacy has to die.  There are countless stories of security leaks, and it’s impossible to hear the letters NSA without thinking about being watched.  But taking a few simple steps can drastically improve your right to privacy in everyday life.  Step one being how you browse the internet.

You don’t have to be watched:

Yes, it’s a little-known secret, but there are ways you can search the web without giving up your privacy.  Over the years the word “Google” has become synonymous to looking something up.  And for good reason because Google has a huge market share on global searches.  But they’re by no means your only option.  At the start of 2018 Google searches accounted for roughly 70% of all searches.  The bottom line being that they aren’t going away any time soon, but there’s 30% worth of other options.

The purpose of this blog post is not to bash Google by any means.  It’s an incredible search engine that yields top tier results.  It’s grown to the size it is for many reasons.  This post is simply to inform you of options besides the traditional search engines like Google and Internet Explorer.  There are some players that do things differently.  A key difference being that your search history is just that: yours.

Some alternatives:

If you’ve ever looked into private search engines, then you’re undoubtedly familiar with DuckDuckGo.  Its CEO is famous for saying “if the FBI comes to us, we have nothing to tie back to you.”  Their motto is simple: they don’t store your personal information. Ever.  They also offer an interesting feature known as “bangs”.  Not really privacy related, but bangs allow you to quickly search results on other sites by adding a “!” to your search.  So if you knew you wanted to search for something on Wikipedia you could jump straight to it.

Another solid option is Tor.  Tor Browser secures your connection to the internet with three layers of encryption, and passes it through voluntarily operated servers around the world.  It’s goal is to make you one in a million person crowd that is indistinguishable from others, and thus untargeted for any kind of privacy extraction.  Tor’s onion services allow for users to publish things online without needing to reveal their location.  Even the U.S. Navy has used Tor for open source intelligence gathering.  Don’t worry, by that I don’t mean info on your browsing sessions!

A 3rd favorite is StartPage.  Developed by Ixquick, StartPage gets you the privacy you want but actually gives you the results straight from Google. It features a proxy service, URL generator, and HTTPS support that allow you to revisit your browsing sessions without needing cookies.  In other words, it remembers your browsing in a privacy friendly way.

More than just security:

If you’re like me, you’ve been shocked before at some of the ads you see.  They’ve become so practical at targeting you you’ll see an ad for something you had only thought about in the privacy of your own mind.  Browsing in private mode can certainly help with this as the less data there is collected on you, the harder it is to target you with personalized ads.  Or even ads in general.  Just another big perk to consider when deciding if you want to check out other browsers!

All in all, you could be perfectly happy with the way you’re surfing the internet right now, but there are always other options if you decide to give them a try.  What are your thoughts on the recent privacy issues?  Maybe you use a VPN. Do you take other precautions to keep your information secure?  Let us know in the comments below!

Google Minus And Project Strobe

Share if the site was helpful

Google Minus and Project Strobe

After 7 years of effort Google has decided that enough is enough for Google+.  The tech giant has admitted to failing its entrance into the social media marketplace. As both a business decision and safety concern they’ve decided to take Google+ off the web and focus on other things.

Project Strobe

Security has been at the forefront of everyone’s minds this year as privacy scandal after privacy scandal has surfaced.  Facebook’s Cambridge Analytics scandal made us hyper aware of how much data is exposed to third-parties.  In an attempt to combat privacy issues Google launched Project Strobe.  It’s a root-and-branch review of third-party developer access to Google accounts and Android devices.  Essentially it’s a research project to check up on how secure everyone’s information really is.

The findings: not the best.   Today Google announced four key findings from the project along with steps to remedy each.

1. There are significant challenges in creating and maintain a successful Google+ product that meets consumer’s expectations.

Google+ has a pretty serious bug in it that exposed user data to third-party applications that didn’t have proper access.  Google says that there is no evidence anyone else found this out before they did (hard to be sure).  But combining this with the lack of adoption among users and the end result has been to remove Google+ entirely.  I don’t think anyone is too upset at this move, and it’s probably for the best Google diverts its time towards new innovations.

2. People want fine-grained controls over the data they share with apps

When you download a new app that performs certain functions, it may need permission to do so.  Whether that’s accessing your camera to take a picture or seeing your contacts so that it can share a picture with others, apps can’t do these things until you let them.  This is a big plus for Android security, but unfortunately sometimes it’s not organized well enough.

There are some permissions that are grouped together when presented to a user, and this can potentially be a problem.  If you want an app to do one thing you shouldn’t have to grant it access to 3 permission, yet this is sometimes how things are organized.  Google has announced they’ll be launching more granular account permissions that will show individual dialog boxes for each.  Maybe a little more frustrating for relaxed users, but definitely a win for security.

3. When users grant apps access to their Gmail, they do so with certain user cases in mind

To correct the security issue of third-parties abusing contact information Google is limiting what kinds of apps are allowed to access Gmail data.  The only apps allowed will be those that are “directly enhancing email functionality”.  Basically, if there’s not real reason for your app to need to write an email, it’s banned.

4. When users grant SMS, Contacts and Phone permissions to Android apps they do so with certain use cases in mind.

3 and 4 are pretty similar to one another, but this other finding takes things past email and into the phone/contacts.  Google is limiting how many apps will be allowed to access this information.  In addition to this Contact interaction data will no longer be available vie the Android Contacts API.

The bottom line is that Google did a security sweep and decided a few things needed to change.  It seems that these changes are proactive which is always a good things, but if you’re one of the world’s Google+ user’s then I’m sorry you have to say goodbye.  For everyone else these changes should be nothing but good as security continues to improve.

What are your thoughts on Project Strobe?  Let us know in the comments below!

 

Reverse Engineering Apps. A Primer

Share if the site was helpful

Reverse Engineering Apps.  A Primer

Reverse engineering is a pretty cool concept.  Someone builds something, you want to see how they did it, so you take it apart and see how it was put together in the first place.   It can be a great way to learn, and it pushes technological progress forward.  But there’s also a dangerous side to it.

Reverse engineering done with malicious intent can lead to copyright infringement or other damages.  It’s a fine line to walk on for what is ethical and what isn’t, and that doesn’t change inside of the Android world.  In here reverse engineering is common and developers should always account for it when building apps to make sure they’re taking necessary precautions.

The term for reverse engineering an app is “decompiling”, and what you’re decompiling is an APK (Android Package Kit).   This is essentially just a .zip file that stores our apps code.  You build an APK when you compile your code and use that APK to upload the app onto the Google Play Store.  This is then what users around the world download onto their devices.  And if they’re tech-savvy enough, they can open up this APK and see what’s inside.

Why Decompile?

Let’s take a second to think about a couple reasons why we would want to decompile our APKs.  One possibility is that we’ve misplaced our source code and are hoping to recover it.  If this was the case then we could decompile our app from a phone it was already on. Note that this has its limitations as the decompiled code will not be the exact same as the original.  Some parts will be lost along the way, so make sure you save your code on Github!

Another possible reason for decompiling an app would be to evaluate its security.  If you’re able to see things you want to keep private simply by decompiling an app, other people can too.  And chances are they won’t always be decompiling for education purposes.  I’ll be following up on this blog shortly with another one going more in depth on how to properly hide secrets in your apps.

And of course there’s always decompiling for modding purposes. If you reverse engineer an app and put it back together how you want then you can add new features or customize how things behave.  Here’s where I throw in a disclaimer that you should make sure you’re a law abiding citizen while doing these things.  Lots of companies/developers would be very unhappy to hear that someone is decompiling their apps to make monetary gains.

How To Decompile?

The good news is that if you want to decompile apps on your own, you absolutely can!  You’ll need to download a popular tool known as apktool, and also make sure you have java set up on your computer.    Here’s an great video showing how to use apktool to theme and edit android apps.

 

Want to know more about decompiling apps?  Don’t worry we’ll be writing lots more on it soon, but in the mean time let us know what you want to know in the comments below!

Android Security Is Still Secure. Seriously.

Share if the site was helpful

Android Security Is Still Secure. Seriously.

There’s been a lot of media hype this past month about Android phones and their lack of security.  Headlines such as “How Android Phones Hide Missed Security Updates From You” have been floating around causing mass panic.

Take a deep breath.  It’s ok.

Despite the plethora of recent articles claiming that Android phones are under attack and that you’re a victim, chances are you’re actually safer than you think.  Yes there was a study earlier this month that found some phones were behind on their security updates.  But that doesn’t mean that all of your data is exposed to whoever wants to take it.  Even with a few security updates missing, you should be alright.  Let’s take a second to discuss some of the other security features that Android architecture has in place to protect you:

Google Play Protect

Google Play Protect is a safeguard to protect Android users from malicious apps.  Even with Google’s screening process to let apps onto the Play Store, chances are some baddies will slip through the cracks and are available for download.  Google Play Protect attempts to stop these apps in their tracks by doing routine scans on your phone for every app even after it’s been installed.  If there’s a cause for concern detected, you’ll be notified. 

This software also applies to apps updates, so the short version of it is that apps can’t just slide by once. As long as you have Play Protect enabled on your phone, apps are continuously exposed to it.  Chances are your phone already has Play Protect, but if you want to be sure (or just see what it’s been up to) you can find it in the Play Store.  Open the store and then tap the 3 horizontal bars menu icon.  Then select “Play Protect” and you’ll be taken to a page showing what apps have been scanned recently and how your device looks.

Sandboxing

Android apps are naturally sandboxed from one another.  What this means is that each apps data and code execution is isolated from others.  So if you happen to download the wrong app it doesn’t mean it will automatically have access to all of the apps already on your phone.  We go into depth about the android security framework in our Android development course over at Phonlab.  Content Providers offer a storage mechanism for apps so that their information has to be requested before it can become accessible to just anyone.

Android Permissions work along with this to make sure that no matter what if you have some common sense you should be safe.  Permissions essentially are requirements that if an app utilizes a certain feature (such as syncing with your contacts) it has to be granted permission by the user.

These permissions are presented to a user when the app attempts to access them, and are only allowed when the user says so.  You retain complete control over what access an app has.  Imagine you downloaded a game and it started asking you for access to your contacts and your saved media files.  Red flags should be going up right away since a game has no reason to use these.  As long as you don’t blindly hit accept to every permission, you retain a ton of control over what an app can actually do.

What are your thoughts on Android’s security measures?  Let us know in the comments below!

Anti-Hacking Tools for Android – 2017 Guide

Share if the site was helpful

Anti-Hacking Tools for Android – 2017 Guide

 

Android officially has the largest market share in the smartphone world and there is almost 1.5 billion people who use Android smartphone or tablet. This speaks volumes of the quality and affordability that Android offers to their users, but there are also problems and liabilities that always come with using widely popular brands.

Security is frequently one of the questions that come with using Android and this topic is always a matter of interest, especially if you’re using your Android devices for your work and some form of confidential data manipulation. We’ve decided to talk about anti-hacking tools that can make the breach of your security much more difficult for cybercriminals. In 2017, you can expect that there will be lots of new viruses and malware to look out for, so here are some tools to help you along the way.

AppLock

We all love using apps and while they’re incredibly useful, they can also serve as the back door through which hackers can slither through unnoticed. Too many people are still not careful enough about what they’re installing on their devices and whether those apps come from trusted sources and therein lies the problem. To put a stopper on having this problem (even potentially) is to secure your phone with an app that is specifically designed to lock all other apps. While your lock screen only protects you from the outside attacks, it doesn’t do much more for anything going on inside your phone and this is where AppLock takes center stage.

Once you’ve downloaded it, you are free to lock any app you feel should be protected – anything from Facebook to your email and bank accounts. By using this app, you’re making sure that no one but you will be able to touch your private information plus you will limit the access that apps have in your device, so you’re killing two birds with one stone.

Use High Quality Password Manager

Seeing that practically everything on the internet has to be protected by a password, you need to do your best to keep this aspect of your security in check. This isn’t necessarily easy, because you need strong passwords for every account you have, and that means complex words usually concocted with numbers and special characters. If this sounds like a lot of work, well, it is, but thankfully, you don’t have to keep it all in your head. There are some very good password managers like Zoho, LastPass and RoboForm that will do an excellent job in managing passwords for your numerous accounts. Not only that, but a password manager worth its salt will suggest how to make your passwords more secure and give you additional tips on how to protect your privacy even more. You are also able to keep in check any personal information you have and protect your usernames as well.

Encrypt Everything with a VPN

Privacy when you’re using your Android device is equally important as when you’re using your desktop computer or laptop, though we often forget this. Smartphones are quite vulnerable to security breaches and one of the best ways to prevent that from happening is to encrypt both the data on your phone and your internet connection. Whenever you’re connected to a public network, you’re in danger of catching a virus or having a hacker on your tail, and virtual private networks simply erase this problem. Good VPN providers like Nord VPN can provide you with military level encryption for your Android device, so that hackers can’t harm your privacy in any way. Talking about anti-hacking tools, when you want to encrypt some very important files on your device, there are great encryption apps that you can use and that are also free, so that you don’t have to spend a lot of money on your Android security.

Use Security Software You Know Is Good

Long gone are the times when you could just pick any antivirus and be set when it comes to security. Android devices need to be protected with strong antivirus software because while it’s the most versatile platform, it is also most prone to small, pesky security issues like spyware and viruses. Depending on what kind of an internet user you are and how much sensitive information you’re managing on your device, you need to find antivirus that suits your needs. Sure, there are some great free version like Avira, Avast and Panda, but if you need stronger security that includes anti-spam, antimalware and functioning firewall, then you will have to pay to get all-encompassing protection. You may not pay it gladly, but online security is scarce these days, and paying a couple of bucks a month is more than acceptable for the peace of mind you’re getting in return.

Get Email Encryption Software

Email scams are still very much a thing, even though many of us believe that we wouldn’t fall for that. While you’ve got your security software to protect you against spamming and phishing, it would be wise to encrypt your emails in general. A lot of sensitive details are conveyed via email and chances are you don’t want your mail to get into wrong hands. If hackers get into your email, they can take advantage of your address book and spam all your friends and colleagues, which never ends well. Software like Data Motion and HP Secure Wall have proven their worth over time, which is why it’s worth given them a shot.

Anti-hacking tools for Android abound these days and all you have to do is take your pick. Of course, it’s very important for you to be wary as well and know what not to do when browsing the internet because no anti-hacking tool will help you unless you always remain security aware. What apps and security software do you use? Please comment and share your opinion. – Thomas Milva

 

Thomas Milva is 28, he lives in Baton Rouge and is a dedicated Analyst of Information Security, which is why he moved to Baton Rouge, where he lives now and he loves it.  He’s got Italian ancestry and is very fond of his pets, Reggie the dog and his two goldfish. Thomas mostly works from home, which is why he’s contemplating of adopting another dog.

 

Quadrooter Qualcomm Exploit

Share if the site was helpful

Quadrooter Qualcomm Exploit

Quadrooter-vulnerability-affects-nearly-1-billion-Snapdragon-powered-Android-devices

QuadRooter sounds like another serious Android security exploit. One which can apparently allow a malicious app to gain root access on Qualcomm based Android phones and tablets, enabling the app to then do pretty much what it pleases. According to Check Point, the research group that discovered QuadRooter, up to 900 million Qualcomm Android devices could be affected. This exploit targets the Qualcomm drivers which is why it is specific to this hardware. As of the Augusts 1st security update Google has patched 3 of the 4 vulnerabilities and will patch the last one in the September 1st update. To keep your device safe from these bugs it is always bests to stay on top of your security updates. One of the best ways to protect your phone from malicious software is to only download apps from google play or trusted sources.

quadrooter-scanner

If you want to check and see if your device can possible be vulnerable to this threat then you can download and run QuadRooter Scanner by check pointPersonally I am hoping that a developer can figure out this exploit and use it to get many android users root access. I am sure someone can create a app that gets root then injects supersu and su binary into the device. If you are hoping for the same I recommend not updating to new security patches and give the developers some time to get devices root access. 

I wouldn’t be surprise to see this QuadRooter vulnerability implemented into Kingroot app some time soon, as it would make there app unstoppable on Android devices. What do you think about this bug please comment below and let me know.

RootJunky

 

PhonLab E-Campus

Share if the site was helpful

PhonLab E-Campus

 

I have teamed up with MJ Nale an experts in Android smartphone repairs and support and the owner of Android Hawaii. A repair shop in you guessed it Hawaii. There is also a physical campus in Honolulu if you are looking to take classes with a instructor or two.  PhonLab E-Campus is a online SmartPhone service course to teach repair centers and cellphone shops how to fix firmware problems on phones along with many other security and IMEI fixes. We are working hard to create one of the best online lesson based course around. The concept behind this class is to keep adding to it as technology changes to stay up to date. As part of the class you will have access to our files and the ability to request an instructors assistance with your lessons. You can also request new content to be added. we will do the hard part to figure it all out then bring it to the students in easy to follow video and written tutorial.

If this sounds like just what you are looking for or you really just want to learn something new then sign up here PhonLab.teachable.com and you can get a nice discount at check out by using coupon code rootjunky9. NOTE might need to be in caps like this ROOTJUNKY9

I look forward to seeing you there. Please comment on any lesson and I will be happy to help out.

If you aren’t interested in the class please consider becoming an affiliate and help us get the word out and make some extra cash for yourself as well. thanks 🙂 Affiliate signup here

RootJunky / E-campus instructor.

 

android stagefright exploit

Share if the site was helpful

What is Android stagefright exploit and how does it effect me? This is the question that everybody is asking so i will be trying to cover it in this post. First lets get an understanding of what StageFright is and can do to your device. StageFright is library or lib that has been around since Android 2.2 and is still being used in android 5.1.1 today. This is the reason that it is such a big exploit and called StageFright.

How does StageFright work?

The easiest way to hack into a device with StageFright is a video sent via MMS. which theoretically could be used as an avenue of attack through the libStageFright, which helps Android process video files. Many text messaging apps including Google’s Hangouts app automatically process that video so it’s ready for viewing as soon as you open the message, and so the attack theoretically could happen without you even knowing it. StageFright could also be exploited by installing a app that has the exploit in it or every by downloading a hacked video file that could run the exploit. If StageFright is implemented on your device the hacker can view and see everything that you do, bank accounts emails and more.

What can we do about it?

First you want to open your messaging app and go into settings and turn off AUTO RETRIEVE MMS. This will keep the a hack from happening automatically at least. You could still open a MMS and get it but that is still one more step that has to happen. Next don’t install apps from unknown sources, which really is always a good idea and last be careful on the Internet. Google will be working on a patch for this and pushing it out in ota updates soon. We all now how long ota updates can take so best to address this yourself.

More info

ASLR (Address Space Layout Randomization) is a method that keeps an attacker from reliably finding the function he or she wants to try and exploit by random arrangement of memory address spaces of a process. ASLR has been enabled in the default Linux Kernel since June 2005, and was added to Android with Version 4.0 (Ice Cream Sandwich). So if your device is android 4.0 and above you are much better protected.

My Thoughts

From what i have heard stagefright isnt a exploit that has been seen working in the wild just discovered by some researchers and not implemented in real world. Since it is already public I dont think that many hackers would spend the time working on it, if it is going to be patch soon anyway.

HERE you can find a StageFright detector app that is interesting but is going to tell you that you are vulnerable unless you have the latest cm12.1 installed which already has been patch for stagefright.