An astute reader stumbled upon an interesting bug with the HTC Incredible. The Incredible, with Sense UI, will periodically store screenshots of the contents of your web browser. The screen captures are a function of the HTC Sense UI bookmark widget and are not the main [...]]]>

Slashdot shared this news posted on the Boy Genius Report:

An astute reader stumbled upon an interesting bug with the HTC Incredible. The Incredible, with Sense UI, will periodically store screenshots of the contents of your web browser. The screen captures are a function of the HTC Sense UI bookmark widget and are not the main issue; temporary screen grabs are understandable. The problem is these JPEG files are extremely hard to get rid of. They remain when the current browser session is closed, they remain after you clear the browser history, and they remain after a full factory reset. … To be honest, seeing a screenshot of our logged-in banking session after a reset was a bit unnerving. Any DROID Incredible owners out there seeing the same thing?

via Browser privacy issue with DROID Incredible and HTC Sense UI widget? « Boy Genius Report.

Every now and then, we remove applications from Android Market due to violations of our Android Market Developer Distribution Agreement or Content Policy. In cases where users may have installed a malicious application that poses a threat, we’ve also developed technologies and processes to remotely remove [...]]]>

This from a recent post on the Android Developer blog:

Every now and then, we remove applications from Android Market due to violations of our Android Market Developer Distribution Agreement or Content Policy. In cases where users may have installed a malicious application that poses a threat, we’ve also developed technologies and processes to remotely remove an installed application from devices. If an application is removed in this way, users will receive a notification on their phone.

Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.

After the researcher voluntarily removed these applications from Android Market, we decided, per the Android Market Terms of Service, to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.

The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.

via Android Developers Blog: Exercising Our Remote Application Removal Feature.

Did you also know that Google has the ability to install apps remotely?

Google Android is generally aimed at mobile devices with ARM-based processors. But we’ve seen several efforts to bring the software to x86 processors, including the independent Androidx86 project as well as an Acer netbook which dual boots Windows and Google Android.

Now it looks [...]]]>

Starting to see the spread of Android beyond the realm of mobile phones…

Google Android is generally aimed at mobile devices with ARM-based processors. But we’ve seen several efforts to bring the software to x86 processors, including the independent Androidx86 project as well as an Acer netbook which dual boots Windows and Google Android.

Now it looks like we could soon see more Android devices with x86 processors. APC Magazine reports that Intel is adapting Google’s open source operating system to run on devices with Intel Atom and other x86-based CPUs.

via Intel porting Android to x86 for netbooks and slates.

Our Android Forensics Physical wiki (subscription required) now includes a comprehensive list of Android devices including in depth details about each device. We will be updating this list as we test our viaForensics’ apps — AFLogical and AFPhysical — on each device.

viaForensics is currently building an app analysis database. Keep an eye on our Android Forensics Wiki and stay tuned for updates.

The security of Android apps was called into question by a report issued on Tuesday by SMobile Systems, [...]]]>

An interesting read. But, as the article states, the report may be more about headlines than substance.

viaForensics is currently building an app analysis database. Keep an eye on our Android Forensics Wiki and stay tuned for updates.

The security of Android apps was called into question by a report issued on Tuesday by SMobile Systems, an Ohio-based mobile security company.

The survey of over 48,000 apps in the Android Market notes that “one in every five applications request permissions to access private or sensitive information that an attacker could use for malicious purposes.”

It further states that one in twenty Android apps have the potential to place unauthorized calls. “One out of every twenty applications has the ability to place a call to any number without interaction or authority from the user,” the report says.

via Report: Two-Thirds Of Android Apps ‘Suspicious’ – DarkReading.

As the article below goes on to point out, this raises both privacy and security questions. While some  fear that Google [...]]]>

Recently, some were surprised to learn that Google had the ability to remotely remove applications from Android devices. They were even more surprised to learn that Google also has the ability to install applications remotely.

As the article below goes on to point out, this raises both privacy and security questions. While some  fear that Google might force the installation of certain applications, the bigger fear may be that some hacker could manipulate this function and spread malicious applications.

Definitely something to be wary of.

The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn’t the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on user’ phones as well.

Jon Oberheide, the security researcher who developed the application that Google remotely removed from Android phones, noticed during his research that the Android OS includes a feature called INSTALL_ASSET that allows Google to remotely install applications on users’ phones.

via Android Also Gives Google Remote App Installation Power | threatpost.

Because the rootkit runs as a module in Android’s Linux kernel, it has the [...]]]>

Rootkits are stealthy programs designed to cover up their tracks on the operating system in order to evade detection. They have been around on Windows and Unix for years, but lately security researchers have been experimenting with them on mobile platforms.

Because the rootkit runs as a module in Android’s Linux kernel, it has the highest level of access to the Android phone and can be a very powerful tool for attackers. …

via Android rootkit is just a phone call away.

There are still major barriers for cybercriminals to overcome, the article explains, before these rootkits become a major threat. However, it’s certainly worth discussion. Join in on the viaForensics’ Android Forensics forum.

1.) Install the Android SDK and download the USB drivers into a folder inside your SDK [...]]]>

Even Google’s latest SDK (v5) does not yet have the HTC Incredible in the android_winusb.inf.  I found these directions and they work will.  I suspect if you are using Linux, you will need to add “0BB4″ to your udev rule.

1.) Install the Android SDK and download the USB drivers into a folder inside your SDK as Google tells you to do. My drivers ended up in C:\android-sdk-windows\usb_driver

2.) You next need to hack the file android_winusb.inf to add support for the HTC Incredible.

Find the section labeled [Google.NTx86]. At the end of that section, add the following lines.

;
;HTC Incredible
%SingleAdbInterface%        = USB_Install, USB\VID_0BB4&PID_0C9E
%CompositeAdbInterface%     = USB_Install, USB\VID_0BB4&PID_0C9E&MI_01

Find the section [Google.NTamd64]. At the end of that section, add the following lines.

;
;HTC Incredible
%SingleAdbInterface%        = USB_Install, USB\VID_0BB4&PID_0C9E
%CompositeAdbInterface%     = USB_Install, USB\VID_0BB4&PID_0C9E&MI_01

I can confirm it worked for me on Windows XP.

via Installing HTC Incredible Android SDK Drivers |.

Earlier this month, General Motors hinted at a partnership with a major tech company to fully overhaul their telematics system OnStar. While OnStar CEO Chris Preuss was tight-lipped about who that partner was, Motor Trend has just reported it’s Google. If the rumor’s true, GM [...]]]>

In the words of our CIO, Andrew Hoog: Car forensics, *sweet*!

Earlier this month, General Motors hinted at a partnership with a major tech company to fully overhaul their telematics system OnStar. While OnStar CEO Chris Preuss was tight-lipped about who that partner was, Motor Trend has just reported it’s Google. If the rumor’s true, GM will make the Chevy Volt the first Android-based vehicle to hit the road.

via Google’s Android OS Headed to the Chevy Volt : TreeHugger.