Google will closely vet first-time Android developers for security

Google has announced plans to closely vet Android developers without a track record in a bid to boost platform security.

Android security has vastly improved since its early days but that hasn’t prevented some rogue developers from abusing Google’s platform.

Sameer Samat, VP of Android Product Management, wrote in a blog post:

“From the outset, we’ve sought to craft Android as a completely open...

By Ryan Daws, 16 April 2019, 0 comments. Categories: Android, App Stores, Industry, Mobile, Platforms, Security.

PWNED: Researcher uses broken API to print message on GPS watches

A German security researcher printed the word “PWNED!” on hundreds of GPS watches to prove a point about a broken API.

Christopher Bleckmann-Dreher discovered a vulnerability in an API used by Austrian GPS watch manufacturer Vidimensio.

The firm’s watches are used by a wide range of the population from the elderly down to children, and it affected over 20 models.

Dreher alerted Vidimensio to the problem but it was ignored for over a year. Given the potential for much greater risk in the...

By Ryan Daws, 03 April 2019, 0 comments. Categories: API, Hacking, Security.

Report: Open source breaches have increased by 71 percent

A report from Sonatype highlights that open source breaches have increased by a whopping 71 percent along with several other security findings.

This report is the largest DevOps survey conducted by Sonatype with 5,558 people sharing their views. Participants were from most of the major sectors but primarily in the technology and banking/financial industries.

Respondents’ primary reason for implementing security across the development lifecycle is for risk management (34.77%) purposes, followed by...

By Ryan Daws, 04 March 2019, 0 comments. Categories: Hacking, Industry, Security.

Apple revokes Facebook’s enterprise developer certificate

Apple has put Facebook on the naughty step and revoked its enterprise developer certificate following a data-snooping app scandal.

For those who expected Facebook’s apparent disregard for data privacy to have culminated with the Cambridge Analytica scandal of 2018, you may want to think again.

News broke yesterday that Facebook paid users as young as 13 to install a ‘research’ app that collects data of phone and web...

By Ryan Daws, 31 January 2019, 0 comments. Categories: Apple, Ethics, Facebook, Industry, Mobile, Platforms, Security.

Microsoft goes password-less through FIDO2 certification

Microsoft has enabled functionality for sign-on using either a FIDO2 device or biometric tool Windows Hello – thus potentially paving the way to kill off the password.

The move will mean users can more seamlessly sign in to a variety of applications, from Outlook, Skype and Office, to OneDrive, Cortana and Xbox Live.

Writing in a blog post confirming the move, Alex Simons,...

By Developer, 21 November 2018, 0 comments. Categories: Microsoft, Security.

Fortnite developer and Google have an Epic spat over vulnerability​​​​​​​

Fortnite developer Epic is not too pleased with the way in which Google publicly disclosed a security vulnerability with the game’s Android installer.

Rather than pay the 30 percent cut which Google takes from distributing games through its Play Store, Epic decided to bypass the official app store in favour of its own installer.

Sideloading games poses an increased risk to consumers as it bypasses many of...

By Ryan Daws, 28 August 2018, 0 comments. Categories: Android, Gaming, Hacking, Industry, Platforms, Security.

Google's new API improves biometric authentication in Android P

Google has announced a biometric authentication API which enables developers to improve the security of their apps.

Biometrics has become a favoured and quick security method for users. While there are certainly more secure methods of authentication, few are so fast and unintrusive.

Vishwath Mohan, Security Engineer at Google, wrote in a blog post:

“Biometric authentication mechanisms are becoming increasingly popular, and it's...

By Ryan Daws, 22 June 2018, 0 comments. Categories: Android, API, Hacking, Platforms, Security.

Microsoft and Google say they have found a fourth Meltdown-Spectre variant

Bad news, everyone. If you thought we were out of the woods when it comes to the Meltdown / Spectre CPU security flaws, then think again. Researchers from Microsoft and Google have identified a previously unknown fourth variant of the processor design issues that made front page news when they were discovered last year.

Like its predecessors, variant 4 (or CVE-2018-3639, to give its full name) describes a processor design issue that could allow malicious software to discover hidden information, such as a...

By William Judd, 22 May 2018, 0 comments. Categories: Hacking, Security.

Binary scans find vulnerabilities in one in five Android apps

Research conducted by binary-level security and compliance testing company Insignary has found vulnerabilities in one in five Android apps.

Insignary tested 700 of the most popular Android apps on the Google Play Store for the research. Their Clarity system was put to work for the first time analysing APKs for known open source vulnerabilities.

Here are some of the key findings:

  • The binary scans indicate that the Android apps available on Google Play Store by the top software vendors contain versions of open source components with security vulnerabilities. Out of the 700 APK files scanned, 136 contain security vulnerabilities.

  • 57% of the...

By Ryan Daws, 24 April 2018, 0 comments. Categories: Android, Platforms, Security.

Mimecast rolls out new API developer portal to extend business and cyber resilience

Email and data security provider Mimecast has rolled out a new application programming interface (API) developer portal to extend business and cyber resilience for email with a constant, scalable and uniform API.

The Mimecast API developer portal is already processing a huge number of requests every day and is a key enabler for multiple Mimecast services and applications. Mimecast customers and partners need to visit the portal to take advantage of Mimecast security and archive data and integrate to existing...

By Developer, 05 April 2018, 0 comments. Categories: API, Cloud, Security.