Notification Center

This is our new notification center. Inside, you will find updates on the most important things happening right now.

Notifications

Hmm, push notifications seem to be disabled in your browser. You can enable them from the 'Settings' icon in the URL bar of your browser.

www.phonearena.com

Google addresses security flaw that allows malicious apps to lead you into phishing sites

6
Google addresses security flaw that allows malicious apps to lead you into phishing sites
Google rolled out a security patch for Android to its OEM partners, which aims to fix a security hole that purportedly allowed a certain mischievous app to guide users into phishing websites and steal their private data. Initially discovered by FireEye, a network security company, the breach enabled 3rd party applications to make use of certain Android permissions – "com.android.launcher.permission.READ_SETTINGS", as well as "com.android.launcher. permission.WRITE_SETTINGS" – and change the icons and configuration settings of the Android launcher. The flaw affects all versions of Android up to 4.4.2.

Interestingly, both of these permissions were regarded as "normal" by Google - this means that they are automatically given to apps and users are not required to specifically grant these permissions. In addition, they were not notified that these permissions had been given, which allowed wrongdoers to benefit from this flaw. The malicious app changed a certain icon in order to attract users' attention and make them tap it, which led them into phishing websites that collected their sensitive information.

FireEye discovered this security hole and the app that takes advantage of it back in October 2013. In February, Google revealed that it had prepared a hotfix and just recently rolled it out to its partners.

source: Computer World via SlashGear

New reasons to get excited every week

Get the most important news, reviews and deals in mobile tech delivered straight to your inbox

FCC OKs Cingular\'s purchase of AT&T Wireless