A critical Android vulnerability that has been discovered over a year ago and responsibly disclosed to Google and other Android manufacturers can be exploited by attackers to trick users into downloading malicious apps from third-party stores.
The time has come for Google to add some more hoops for Android app developers to jumpt through in order to get their offering accepted to the Google Play store.
Your browser may no longer be vulnerable to FREAK attacks, but what about the mobile apps you use? According to FireEye researchers, who have tested the most popular apps both for Android and for iOS, a considerable number of them are left open to a FREAK attack, as they contain vulnerable versions of the OpenSSL and SecureTransport libraries.
Researchers from IBM's security team have discovered an authentication flaw in the Dropbox Software Development Kit (SDK) for Android that can be exploited to capture new data a user saves to his Dropbox account.
Google has become pretty swift at finding and removing fake and malicious apps from its Google Play store, but there is one part of it where malware peddlers still seem to thrive: the "bookstore." According to Ryan Whitwam, there are a number of publisher accounts in Google Play that have specialized in offering fake "guides" that will supposedly show users how to download a cracked and cheaper version of popular games for Android.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.