Slatedroid info

Everything about android tablet pc [slatedroid]

Google updates security section in Account settings

Posted by wicked September - 11 - 2014 - Thursday Comments Off


As Google continues to deal with the fallout from the posting of Gmail account information on a Russian forum, Google has added a new Security tab for Google accounts to help make it a little easier for users to update and maintain their security settings. It is likely a coincidence that this change has occurred on the heels of yesterday’s events, which Google says is not as bad as initially reported. However, it could be in response to what happened as Google would be a company that has the resources to throw at the issue and rollout a change quickly.

As far as the new Security tab, the primary change is to group a bunch of settings that were already available to users in one place. This includes settings like recovery phone numbers and email addresses, access for less secure apps, the ability to review recent activity on an account, and even removal of permissions. With the settings all in one place now, Google also makes the interface a bit simpler and easier to use.


source: Google System Blog

Come comment on this article: Google updates security section in Account settings

California finalizes its kill switch bill, comes into effect July 1st 2015

Posted by wicked August - 26 - 2014 - Tuesday Comments Off

big red button kill switch stop

Smartphone theft lends itself to some ugly looking crime statistics, and US lawmakers are determined to do something about it. After months of U-turns and political grandstanding, California has finally decided to pass a bill requiring that future smartphones sold in the state come with “kill switch” features included.

According to the bill, named SB-962, any smartphone manufactured on or after July 1st 2015 that is sold in California will have to include a software or hardware kill switch solution, to be provided by either the hardware manufacturer or the operating system provider. California joins Minnesota, which passed a bill back in May stipulating that it will be illegal to sell smartphones without anti-theft software pre-installed from July 1st 2015. Although Minnesota’s legislation is much more vague than California’s.

The specifics of the “kill switch” appear to be left up to third parties, so we will have to see how well manufacturers can agree upon the design specifics, and whether or not lawmakers will be pleased by the results. Interestingly, California’s kill switch has to be reversible, leaving questions over how secure the system will be from hackers and the most resourceful thieves.

Google, HTC, Motorola, Samsung, and others, have already signed up to a voluntary initiative with the CTIA. This initiative aims to give owners the option to lock down and remotely wipe their smartphones, and was also scheduled to go live in July 2015.

Of course there is a trade off with mandatory kill switches, as manufacturers and software developers pass the additional development costs of meeting state-by-state or national regulations on to consumers. By making it illegal to sell new phones without a kill switch, California has effectively eliminated the choice of cheaper, security feature-less smartphones for consumers. This sentiment was echoed in a statement by the CTIA:

“Today’s action was unnecessary given the breadth of action the industry has taken,”

“Uniformity in the wireless industry created tremendous benefits for wireless consumers, including lower costs and phenomenal innovation. State by state technology mandates, such as this one, stifle those benefits and are detrimental to wireless consumers.” Jamie Hastings – CTIA

Time will tell if California’s bill has the effect that lawmakers are hoping for. Is phone theft a major concern for you, and do you think that this bill will help prevent phone thefts?

Via: The Verge;
Source: SB-962;

iOS is losing enterprise marketshare, but Android still can’t beat it

Posted by wicked August - 13 - 2014 - Wednesday Comments Off

android vs apple ios Credit: laihiu/Flickr

While the Android platform is #1 in the consumer market (and the world), some would say you haven’t won unless you can take over enterprise. This is a market Android hasn’t been able to successfully penetrate without getting some classic fighting from the competition. Once BlackBerry’s territory, the enterprise market now belongs to Apple, a situation that is slowly changing.

Good Technology’s Q2 2014 reports show iOS on top, but their percentage in the enterprise market has dropped by 5% (down to 67%). On the other hand, Android’s influence in this niche market has grown by the same amount – 5% (up to 32%). Meanwhile, Windows Phone is staying at 1%.

BlackBerry does continue to be fairly important in enterprise, even if not for long. The forgotten platform is not included because BlackBerry devices use their own servers for email access, meaning Good Technology can’t access their numbers. Of course, it’s not like they matter much anymore.


Android’s slow entrance into business seems to be followed by a bad reputation that has preceded the platform since its genesis. The idea that our favorite mobile operating system is less secure no longer holds true, and the latest improvements have moved mountains to ensure Google’s devices are ready for the working businessman.

The announcement of Android for Work and Samsung Knox are important factors to consider next time a business is ready to offer some new devices to its workers. This is a topic we recently discussed in our “Apple vs Google in the enterprise” opinion piece.

Android is ready for enterprise, and it is only a matter of time before Google’s mobile OS takes over suited users. Last quarter’s results are only corroborating our predictions.

Via: The Next Web;
Source: Good Technology;

Google improved end-to-end security for Android apps that connect to Chrome extensions

Posted by wicked August - 4 - 2014 - Monday Comments Off

chrome extensions android-robot-frankenstein Yahoo News

Google has added new security functionality for developers that build extensions for the Chrome Browser. TLS/SSL is now supported in the chrome.sockets API.

This is great news for Chrome users that love to install productivity and communication extensions on their browser, as it enables the “S” in the HTTPS that you may be familiar with from your standard web browsing. We understand that, until now, extensions have had to rely on websockets or their own encryption techniques to handle secure data transfers.

For Android users, this new tool makes it easier for developers to completely secure your connection, and your data, all the way from your Android device to the browser on your computer.

To explain how this works, let’s take a look at the popular app and service Pushbullet. Pushbullet has the ability to push notifications, data and more back and forth between your Android device and PC. Full disclaimer, I do not know what actual protocols or techniques Pushbullet uses, we’re just using them as an app example of how the process operates.

Pushbullet Test Notification Nexus 7 Chromebook

Generally speaking, there are two transactions here. First, your Android device securely connects with Pushbullet servers using HTTPS through the DefaultHTTPClient in Android. The second transaction is between the Pushbullet servers over to your PC.

If Pushbullet had employed the chrome.sockets API to build their Chrome extension, the latter part of the connection above would not be secured. Your information and data would transfer over the wire in the same plain text, using the same HTTP connection, that web sites, including this one, provide the words and images that you are reading now.

Pushbullet co-founder Andre Von Houck was kind enough to confirm for me that they use the standardized old-school websockets to establish a secure HTTPS connection between the Chrome Extension on your PC to their servers. So, for Pushbullet, you are secured and good to go.

This concept is the same for any app that connects to a Chrome extension, including your favorite SMS services MightyText and DeskSMS. Now, before you get all worried about these vulnerabilities, check into your chosen app and service to see what security they offer. There is a good chance your app developer is already using standard websockets or alternative security measures to keep you and your data safe.

chrome extension chrome.socket api

For the developer in your life, there are advantages and disadvantages to both websockets and Google’s addition of TLS/SSL in the chrome.sockets API for Chrome extensions. For the rest of us, let’s just be pleased that developers have a new option for securing our data all the way from our Android devices to our PC desktop.

What level of security do you use for your Android experience – do you keep it simple with password security like LastPass, or do you go all out with the install of a custom ROM like Paranoid Android?

Via: Google+;
Source: Google Developers, Pushbullet, Chromium Project;

Keeper password app adds auto-fill, cloud storage features

Posted by wicked July - 29 - 2014 - Tuesday Comments Off

Keeper Password Manager is a relatively popular password manager that has been around for 3 years now. The app’s developers have kinda announced some new features coming to the app around the middle of June, but are just now beginning to roll out said features – mainly an auto-fill feature that extends from web logins to mobile app logins, and a secure cloud storage system.

They’re calling the first feature the Keeper FastFill, an improvement to the app’s main password vault system. Theoretically, the app will fill out automatically login credentials that you’ve already used across supported devices and platforms. The cute addition is that it extends to your desktop logins (Keeper has a web app just for that) and it should automatically fill logins across your mobile and desktop work processes. That’s a nice feature to have, as users would expect the mobile app to be centered on the mobile platform only. The cross-platform jump is a huge boost to the app’s capabilities.

The other addition to the app is its cloud storage capabilities – they’re calling it the Keeper Secure File Storage. Aside from the normal backup usage for the cloud storage, this new feature also allows users to share encrypted data with other Keeper users. There is also a new camera mode for the app that encrypts and sends any images you snap with it to the cloud instead of storing them locally. But while the app is free, this feature will cost you – starting at USD$9.99 for 10GB of storage.


These new features certainly add a little bit more sophistication to Keeper, which for the longest time has been treated as bloatware by AT&T subscribers who find it installed on their new phones for some time now. Now there might be an actual reason to keep the app instead of automatically uninstalling it. If you want to take Keeper for a spin, check out the source link.

SOURCE: Google Play Store

Trend Micro retracts exaggerated Play Store malware claim

Posted by wicked July - 28 - 2014 - Monday Comments Off

We are most likely used to how companies tend to bend the truth a bit to sell their products, but sometimes things can get quite out of hand. That might just be the case when Trend Micro published a blog post which painted a picture of Google Play Store that was too horrifying to be true, only to later “clarify” the exact point that the cyber security firm was trying to make.

100% of free apps filed under the Widgets, Media & Video, and Finance group in Google Play Store are fake. 90% of those under Business, Music & Audio, Weather are fake. 70% of apps grouped under Games, Books & Reference, Live Wallpapers are fake. And 51% of those fake apps are malicious. We will not claim that the Android platform is immune to malware, much less fake apps, as our security tag portal can attest to. But these figures really border on plain ridiculous. 100% is 100% and that doesn’t really leave any room for popular and verified authentic apps like HD Widgets, Muzei, MX Player, and more. Even if Trend Micro qualified these as covering only free apps, the numbers still won’t add up.

TechRepublic did its own malware test just to check out those figures and, suffice it to say, even Trend Micro’s own anti-malware suite did not report those same frightening results. They reached out to Trend Micro’s PR company who promptly informed them of a subtle update to the blog post. Now it says at the very bottom, long after people have read the rather misleading claims, that the fake apps were actually gathered from third party sources and not from Google Play Store. Trend Micro supposedly wanted to highlight the dangers of installing apps from untrusted sources, which is definitely true. That said, neither the original report nor the blog post have been updated to reflect this fact.

We realize that Trend Micro wants to make people want to buy or use their software by painting a less than idyllic picture of Google Play Store, but the rather extreme tactics of FUD (Fear, Uncertain, and Doubt) went out of fashion decades ago. While there might be a good number of users who will be swayed by these numbers, the rest of the Internet to which Trend Micro is preaching might be less susceptible, or even less forgiving.

SOURCE: Trend Micro (1), (2)
VIA: TechRepublic


About a month ago we let you know that Motorola was working with a company called VivaInk to create digital tattoos that can be used to unlock the Moto X.

Now, Motorola has made the product more official by releasing a promotional video about the tattoos.

The tattoo (non-permanent) is an adhesive unit that can be applied to the skin and used much like the way NFC is used — by holding the tattoo near your device, it will unlock it automatically. The tattoos come in packs of 10 and sell for $10. Each tattoo has an expected lifetime of five days before falling off. (Of course any contact with water will decrease that lifetime significantly.)

They’ve been available for purchase through VivaInk for the past month, but Motorola just announced it now on its blog, along with a promotional video. Check out the video below.

Click here to view the embedded video.

Source: Motorola / VivaInk

Come comment on this article: Motorola makes its digital tattoos for unlocking the Moto X more official with promotional video

Google shares what Samsung KNOX is bringing to Android

Posted by wicked July - 22 - 2014 - Tuesday Comments Off

Google and Samsung have a pretty interesting and lively relationship. Although the two seem to be at each other’s throats over topics such as OEM customizations, Tizen, and Android Wear, the two have come together last Google I/O to tell the world that they are collaborating on bringing Samsung KNOX to Android. Now Google is finally divulging what that partnership really means for the future of Android.

Of course, the main focus of this endeavor is to make Android an enticing option not just for personal smartphone use but in the workplace as well. To this end, Google and Samsung will be porting over some KNOX features to Android, particularly in the upcoming Android L release. The primary feature will be the ability to separate personal and work data and apps into their own walled gardens. This frees employers to either let their workers bring their own devices (BYOD) or just issue company smartphones, without fear of work data bleeding into personal space or normally insecure personal apps getting access to sensitive work files. This dual separation is based on the KNOX Workspace implementation and utilizes Android’s new multi-user capabilities.

Separating personal life and work life is one thing, but managing all those is another. The upcoming Android release will let Enterprise Mobility Management (EMM) apps and services to enable employers and their IT departments to manage and control the enterprise half of an Android setup even remotely. EMM’s can create managed profiles for work, enforce restrictions and policies over all managed devices, keep their own collection of approved apps, and even remotely install or remove apps on an employee’s smartphone. Again, these are all based on KNOX’s security enhancements and will integrate seamlessly into Android, even showing up as marked apps in launchers and recent apps lists.


As for KNOX, Samsung will still be controlling its development and still plans on keeping its business alive. What Samsung will provided then is added value on top, or below to be more precise, whatever KNOX features will be integrated into Android L. Since Google doesn’t have direct control over device hardware, it can only implement security frameworks on top of the Linux kernel and in Android itself. This is where Samsung believes it can offer something more, by providing security even on the hardware level. It will, however, provide a compatibility layer so that KNOX apps will still work on Android L, at least as far as the upper layers and features are concerned.

SOURCE: Google, Samsung

Is G+ native app’s camera feature an invasion of your privacy?

Posted by wicked July - 15 - 2014 - Tuesday Comments Off

google plus nexus 5 2

In a Google+ post, I recently noted that the latest iteration of the G+ native app for Android automatically brings up a display with a live view of the device’s camera without user intervention, every time that a user goes to make a status update. As you can imagine, this immediately caught my attention.

The issue here is that there is a very real potential for abuse, as it seems that Google could easily enable recording on these devices. This would be especially problematic on a device like my 2012 Nexus 7, as there is no visual indicator that the camera is active.

After posting my misgivings about the potential security implications of this change, several users responded in defense of Google and the new feature. In an interesting twist, I’ve found most of the people who tend to vigorously defend Google in matters like this are often the most vocal opponents of similar behaviors by Microsoft. Let’s explore that a little.


How much outrage, anger and press did we see over the idea that the Xbox One required Kinect and might be recording you persistently? Do a Google Search, it is one of the auto-suggest top hits. Type in “Xbox Kinect” and Google helpfully suggests that privacy is the most frequent next word searched. On the same note, a story from The Verge highlights some of the early concerns related to the Xbox One, Kinect and privacy.

This article warns:

Even when the console’s turned off, users can simply say “Xbox On” to power up — which means the new Kinect will be listening to you in your living room at all times.

Furthermore, the article ominously suggests:

When the first iteration of Kinect headed to the market in 2010, Microsoft’s Dennis Durken suggested to investors that the peripheral might pass data to advertisers about how you look, play, and speak. ‘We can cater what content gets presented to you based on who you are,’ he said, sparking privacy concerns.

Of course, people raising flags about Microsoft aren’t alone. We’ve also seen the alarm sounded on security issues related to Apple products. But Google has actually admitted their intention to record audio to help better target advertising. This is exactly the same kind of technology Microsoft suggested could be harnessed with Kinect. It is an extension of the opt-in technology that makes Google Now so powerful. The problem arises when persistently aware devices and apps become prevalent, like the Moto X.

The problem arises when persistently aware devices and apps become prevalent

These devices are basically remote drones that are always listening and running algorithms like those found in Shazam and Soundhound. Even Google Now has added audio recognition directly into the audio search capabilities – simply start a Google Now search while listening to music and then tap the blue icon of a note that appears, and Google will helpfully tell you the name of the song you are listening to and provide links to purchase it.

The problem is basically the same I countered critics with about  Google WiFi password cloud harvesting… I mean “automatic backup,” feature: Many users are not likely to know, understand, or realize the severity of what it means to allow Google — or Microsoft, or Apple, for that matter – to engage in this behavior. When features are enabled by default without requiring the user to opt-in, many will unknowingly consent to an invasive feature they might otherwise object to.


Others may be exposed to the behavior of these devices without implicitly being able to opt-in or out. When a Moto X is persistently listening at all times – sending those recordings back to Google’s Cloud for analysis, imagine the potential for abuse by a government or a spying corporation that might compromise Google’s network. An unlikely conspiracy theory? I wouldn’t be so quick there. It isn’t your device you have to worry about, it is the person next to you and their device.

imagine the potential for abuse by a government or a spying corporation that might compromise Google’s network

As an IT policy, I’m not sure I want devices in my offices that are always listening and analyzing what is heard, or for that matter, seen. Likewise, politicians and businessman would be very nervous about the potential for abuse presented by devices with features like these. If you think the potential for unintentional abuse is overstated, it has already been reported that the implementation of this kind of listening technology in Chrome can already be exploited for malicious purposes.

In Google+ I received this response to my concern: “and yet you continue to use their products”. Yet again, I am reminded how frequently people are upset at Microsoft because of similar behaviors while lamenting, “the problem is that you don’t really have any choice.” I don’t understand how that is any different with Google at this point in their role in so much of the population’s daily life.


Image Source: Mailbow

An easy solution: make consumers aware, and allow us to opt-in

The solution as always, is easy. Google could provide granular privacy control that requires users to acknowledge and opt-in to these features which are consistently controversial. Some who responded to my original post suggested, “it is a convenience, I am not going to limit my experience over conspiracy!” I think that is a fair response and if you want to opt-in for those kind of conveniences and reap the benefits as an informed  user, I think that is fine.

Google could provide granular privacy control that requires users to acknowledge and opt-in to these features which are consistently controversial

The point is that companies should do a better job of telling users about these potentially invasive features, and should allow us to make an informed choice whether or not we wish to use these features. Many bring smartphones into places where they would never bring another sentient person capable of listening, watching, recognizing and analyzing their behavior. I won’t go into any crass details, as I’m sure you can imagine a Moto X laying on a night stand, rolling its one electric eye, wishing that it was somewhere else.

This example illustrates that, increasingly, we must be aware that our digital devices are passing a threshold. They’re less like mindless devices that are there to do our bidding, and more like curious children soaking up all of our actions like a sponge, and maybe exposing those actions at embarrassing times.

I am critical and paranoid of these features regardless of if it is Apple, Microsoft, Google or any other vendor. Just because you think you have nothing to hide, doesn’t mean you should mindlessly submit to being constantly observed by corporations or the state. As Snowden’s revelations expose, the line between the two is becoming increasingly blurry. Google, like Apple and Microsoft, has illustrated that they will gather whatever data they can about us to better understand how to market to us. They’ve also illustrated that the data they gather can be compromised and exploited against us.

I don’t think it is unreasonable to suggest that if they’re going to turn the camera on in an app on my device automatically, I should always have the option to deny that.

Android security chief: anti-virus apps are overrated

Posted by wicked July - 14 - 2014 - Monday Comments Off

When you are partly in charge of making a product, of course you want to project your product in the best light possible. But when Google‘s chief security engineer for all things Android, Adrian Ludwig, downplayed the value of anti-virus apps before Google I/O 2014, he might have projected a different and harmful image instead. While he claims that majority of users won’t benefit from malware-hunting apps on Android, the number of malware on the platform, even those that get through Google Play Store’s own bouncers, prove otherwise.

Ludwig perhaps cannot be faulted for claiming that Android and Google by themselves are more than capable of protecting their users. After all, it is bad marketing to publicly extol the inadequacy of your own products. However, Ludwig’s eyes might have been far too jaded to make an objective assessment of the matter. In fact, he was so bold to claim that 99 percent and more of Android users do not need to install such things. Only those who work in the line of fire might need to, but for the rest of the world, what Android provides is enough. Or so he claims.

Sure, Android does have its own malware protection, and Google Play Store also makes frequent checks of its catalog. But if you follow our security and malware tag portals, you will know that neither always work. Ransomware to even fake security apps have been able to exist on Google Play Store, sometimes even for days, with Google none the wiser. But there are also other sources of Android apps, from full-blown market alternatives to just sideloading an APK directly. Google has no direct control over these and Android has been proven sometimes inadequate to stop their rampage as well.

Ludwig was also quick to point the finger at anti-virus security companies that do make a profit from these apps. He practically accuses them of crying wolf in order to get users to run to them for protection. While we can neither prove nor deny such underhanded tactics, security apps such as these do provide some features that Google does not provide in a stock Android, like protected or private apps, frequently updated databases of known malware, and more. More than protecting users from malware, these sometimes also protect users from themselves as well, something Google might be better off not doing itself, lest it cause the ire of majority of Android users who do prefer the tech giant to keep the platform open and free.

VIA: Naked Security