All posts in “Android”

Think you can hack Tinder? Google will pay you $1,000.

Image: NurPhoto via Getty Images

Hackers, it’s your time to shine. 

Google, in collaboration with bug bounty platform HackerOne, has launched the Google Play Security Reward Program, which promises $1,000 to anyone who can identify security vulnerabilities in participating Google Play apps. 

Thirteen apps are currently participating, including Tinder, Duolingo, Dropbox, Snapchat, and Headspace. 

Apps usually run their own bounty programs on a smaller scale. This is the first time that Google itself has offered a reward on behalf of developers. 

Here’s how it works. If you find a security vulnerability in one of the participating apps, you can report that vulnerability to the developer, and work with them to fix it. When the problem has been resolved, the Android Security team will pay you $1,000 as a reward, on top of any reward you get from the app developer. 

Google will be collecting data on the vulnerabilities and sharing it (anonymized) with other developers who may be exposed to the same problems. 

For HackerOne, it’s about attracting more and better participants in bounty programs. A developer who uncovers a vulnerability in Tinder will now receive a the cash bonus from Google in addition to the money they receive from Tinder’s program. 

“Participating apps that already have a bug bounty program will now have the opportunity to attract an even more diverse set of hackers,” Adam Bacchus, HackerOne’s chief bounty officer, told Mashable.

The 13 apps currently participating were selected based on their popularity among Android users. After a trial period with the small group, Google will open the program to the larger community.

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f10%2ff375a5ba e91e 9650%2fthumb%2f00001

BlackBerry’s KEYone ‘Black Edition’ offers more than just good looks


BlackBerry’s most interesting phone in years – if not an entire decade – is the KEYone, an Android device with a classic BlackBerry hardware keyboard that finally answers the needs of truly dedicated thumb typists with a modern mobile OS. Now, the KEYone ‘Black Edition’ has arrived, and it’s more than just a fresh coat of paint on an older gadget.

In fact, the ‘Black Edition’ doubles the internal storage of the KEYone, from 32GB up to 64GB (and it retains its expandable memory capability via microSD) – plus, it boosts RAM up to 4GB, which is a very welcome change from the 3GB on the original, if only because the one complaint I had about the original KEYone was that it could feel a bit pokey in places in terms of the speed of elements of the OS and some aspects of a few applications.

The ‘Black Edition’ feels speedier in all regards, after a few days of testing, and still retains all the charm of the original. The all-black design feels a bit less retro, but on the whole is probably a more appealing look for a larger segment of the population vs. the dual-tone silver and black of the original. And the phone benefits from months of production of the KEYone by TCL, which should mean it’s got less in the way of manufacturing quirks.

Basically, this is the current best BlackBerry you can buy, and it’s actually up there in terms of the top Android device options – for a certain type of buyer. That is, if you value the physical keyboard, and the convenience that comes with having a whole lot of hardware shortcuts for apps and actions at your fingertips, and you’re not as concerned about having a large, generous display for watching videos or other content, this is probably right up your alley.

The ‘Black Edition’ KEYone also has that assignable dedicated hardware button on the side, which is far more useful than the Note 8’s Bixby button, and the keyboard doubles as a trackpad for scrolling and other features which keep the display free of obfuscation while browsing Twitter and reading documents.

BlackBerry’s ‘Black Edition’ KEYone went on sale this week in Canada at Amazon, Telus and Walmart for $799.99 off contract.

Google Play adds Android Instant Apps via a ‘Try it Now’ button, among other changes


Google today is announcing a number of changes to its Google Play app store, the most notable being a new way to try apps immediately without having to first install them on your mobile device. The new feature takes advantage of “Android Instant Apps” technology – Google’s attempt at bridging the mobile web world with that of native applications.

Instant Apps were first introduced at Google’s I/O developer conference last year. Unlike native apps that have to be downloaded in full, Instant Apps launch with just a tap on a URL. To support this, developers partition their apps into small, runnable parts, so they can start within seconds. The technology had only been available to select developers until their general release this May, announced at Google I/O 2017.

Today, Instant Apps are becoming a part of the Play Store, Google says. Via a new “Try it Now” button, users can start using an app without installing it.

There’s a small collection of Instant Apps available now, including those from BuzzFeed, NYTimes (Crossword), Hollar, Red Bull, Skyscanner, and others.

The feature is one of several improvements to the Play Store that Google is touting today.

Its revamped Editor’s Choice section is now live in 17 countries, for starters.

It launched a new home for Games featuring trailers and screenshots of gameplay. This section will introduce new sections soon – one for paid games (“Premium”) and another for upcoming and trending games (“New.”)

It’s also expanding its “live operations” banners and cards which alert users to in-game events on those games they already have installed. The feature is meant to help re-engage users beyond the initial install.

The company pointed to its other recommended app collections, too.

This includes the recently expanded group of “Android Excellence”-awarded apps – those Google believes have a strong focus on design, user experience and performance – and its Indie Games Festival winners. (The San Francisco competition just wrapped, and Google has opened nominations for its European counterpart.)

This focus on editorial suggestions is not unique to Google. Apple’s new App Store is also heavily editorially-driven, with longer features, write-ups, interviews, lists, and more, in addition to recommendations.

Google Play Console upgrade

Beyond the Play Store’s new consumer-facing features, the Google Play Console is being improved with added features for developers, too.

This includes five new measurements (dubbed Android Vitals) for understanding an app’s technical performance; improved pre-launch reports that are enabled for all developers, allowing them to see Test Lab results for their alpha and best apps; the ability to target alpha and beta builds to specific countries; and improvements in the device catalog, so it’s easier to see why a particular device won’t support your app.

Another set of improvements focuses on apps with subscription businesses attached. This is an area that Apple had also changed in its revamped App Store, when it dropped its split with developers from 70/30 to 85/15 in year two. (Google then agreed to do the same; that’s also now live today.)

Now Google says it’s making it easier for developers to set up and manage subscription services with the Play Billing Library and new test instruments to simplify testing the flows for successful and unsuccessful payments. It’s also allowing shorter free trials (a minimum of 3 days), optional notifications about cancellations; account hold to block non-playing users; and other items.

A new Google Play Security Reward Program is being introduced today, as well. (More details on that are here.)

Changes to the Play Store and Play Console like these have a sizable impact, given the store today reaches over 2 billion users across 190 countries. Last year alone, 82 billion apps were downloaded, and the number of developers exceeding 1 million installs grew by 35 percent since the year before, notes Google.

This is the most diabolical Android ransomware we’ve ever seen

Consider this yet another PSA on why you should never ever download Adobe Flash Player, or anything resembling it if you’re using an Android phone.

Security researchers at ESET have discovered a new kind of ransomware infecting Android phones on a level nobody’s ever seen before. Called DoubleLocker, the exploit encrypts the data on the infected device and then changes its PIN number so victims are locked out of their device unless they pay the ransom demanded by hackers.

The DoubleLocker hack is a threat to any Android device; it’s particularly worrying since it doesn’t require a “rooted” phone that gives extra access for the hacker to run its own code, but the effect is severe — locking the user completely out of their own device.

ESET researchers say this is the first time on Android that any malware has been created that combines both data encryption and PIN changes.

The ransomware is distributed through fake Adobe Flash Player downloads shared on compromised websites and it installs itself once you give it accessibility access through the “Google Play Service.” You can see a video of how the ransomware is triggered in the video below.

[embedded content]

The malware installs itself as the default Android launcher, the piece of software that controls the look and feel of the device and how apps and widgets launch, and essentially creates an invisible shortcut that activates itself whenever the home button is pressed.

You’ll know your files are infected if you see a “.cryeye” extension at the end of the file.

DoubleLocker also changes your device’s PIN number to a random combination which isn’t sent to the hackers. With no digital trail, it’s virtually impossible to recover the PIN. The hackers can remotely reset the PIN when you pay the ransom.

Users with DoubleLocker-infected devices have 24 hours to pay 0.0130 Bitcoin (about $73.38 at the time of this writing) to un-encrypt their data. Fortunately, your files aren’t deleted if you don’t pay up. But still, this is ransomware and since your phone will be locked with an unknown passcode, you’re at the hackers’ mercy.

At this time the only way to remove DoubleLocker is to perform a factory reset, which will erase all of your files. 

However, if you have a phone that was rooted and in debug mode before DoubleLocker locked it up, you can bypass the malware’s randomized PIN code without a factory reset, according to WeLiveSecurity. If your device meets both of these parameters, you can by access it with the Android Debug Bridge (adb) and remove the file system where the PIN code is stored. Once that’s done, you can switch your device to “safe mode” to disable the admin permissions for the malware and remove it. It’s not an easy process and you should definitely wipe the entire device once you’ve recovered your files, just to guarantee that DoubleLocker is completely removed.

You’ll know your files are infected if you see a “.cryeye” extension at the end of the file.

In 2012, Adobe removed Flash from the Google Play Store, officially ending its development on mobile. While Flash was pivotal to the development of the interactive websites during the ’90s and early ’00s, it’s no longer relevant in mobile ecosystems.

Steve Jobs openly criticized Flash for its being a huge battery hog and for its endless security exploits. 

While no longer crucial on mobile devices — developers have moved on to the faster and more secure HTML 5 — DoubleLocker is a reminder that there are many people who aren’t informed on the dangers that come with installing Flash. 

It might take something as courageous as Adobe publicly denouncing Flash before people ingrain it in their brains that installing Flash anything is extremely insecure and not worth potentially compromising their devices.

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f10%2ff81422d6 2dbb 83fc%2fthumb%2f00001