Wednesday, August 14, 2019

“Google flags preinstalled malware as hidden threat on millions of Android phones - Digital Trends” plus 2 more

“Google flags preinstalled malware as hidden threat on millions of Android phones - Digital Trends” plus 2 more


Google flags preinstalled malware as hidden threat on millions of Android phones - Digital Trends

Posted: 12 Aug 2019 07:32 AM PDT

Maddie Stone, a security researcher on Google's Project Zero and a former tech lead on the Android Security team, flagged preinstalled malware on millions of new Android smartphones as a hidden threat that requires more attention.

Stone shared her team's findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file.

"If malware or security issues come as preinstalled apps," Stone warned, "then the damage it can do is greater, and that's why we need so much reviewing, auditing, and analysis."

The risk affects the Android Open Source Project, which is a lower-cost alternative to the full version of Google's mobile operating system. AOSP is installed in cheaper smartphones to keep the price tag down, but unsuspecting customers are in danger of purchasing devices that come with preinstalled malware.

While this means that Android smartphones released by Google and partners such as Samsung are generally safe from the risk, Google's Project Zero discovered more than 200 manufacturers who have launched devices with hidden malware. One particular malware of concern is Chamois, which upon infecting a device, generates ad fraud, installs background apps, downloads plugins and even send text messages at premium rates. In March 2018, Stone's team found Chamois preinstalled in 7.4 million Android devices.

Google's Project Zero has been working with device manufacturers to address the issue, and that has helped reduce the number of smartphones preinstalled with Chamois to only 700,000 between March 2018 and March 2019. Stone, meanwhile, called for security researchers to place a bigger focus on preinstalled malware as a security threat, as the attention is often directed towards malware that people are tricked into downloading themselves. Then again, even Android antivirus apps have shown to provide inadequate malware protection, according to a study from earlier this year.

Stone's Black Hat presentation follows a study from June that claimed 43% of Android apps were found to have vulnerabilities, while 38% of iOS apps had the same issue.

Editors' Recommendations

Google’s $5 Play Pass will make all the apps you want from the Play Store free - Digital Trends

Posted: 01 Aug 2019 12:00 AM PDT

Google is testing a subscription service for the Google Play Store, called Play Pass, where anyone paying a single $5-per-month fee will gain access to a massive catalog of apps to download without any further charge. The Play Pass is not official yet, but official-looking sign-up pages acquired by Android Police have been published, indicating Google is in the process of finalizing the service. The company has confirmed Play Pass is being tested.

google play pass test news 1
Android Police

The chance to download many apps for one flat fee will drive interest alone, but there are a few further benefits that could make Play Pass a must-have. The sign-up page shows the games downloaded using the subscription will be free, have no advertisements, and all paid content unlocked so as not to require further in-app purchases. The monthly $5 charge for Play Pass would easily be eaten up by two or three in-app purchases, emphasizing the value.

However, don't expect unfettered access to Google Play. Play Pass members will choose from a curated catalog of apps — presumably titles from invited developers that have agreed to Google's Play Pass rules — with Marvel Pinball and Stardew Valley both shown in the leaked screenshots. Another page states the catalog will contain everything from, "puzzle games to premium music apps and everything in-between."

google play pass test news 2
Android Police

While the test page shows Play Pass costing $5 per month, this is not an official price and could change when the service is made official. The option of a 10-day free trial is also provided, and the period may also alter once Google releases Play Pass. All this could change, and we also don't know what will happen to Play Pass-downloaded apps if you end the subscription. While we expect one-off in-game purchases to be included with Play Pass games — all the extra tables in Marvel Pinball, for example — its highly unlikely in-app purchases in games like Asphalt will be included, making it unlikely such games will be eligible for inclusion in Play Pass.

Play Pass, should it be approved and introduced by Google, will go up against Apple Arcade, Apple's subscription-based gaming service expected to launch in the fall. However, Apple Arcade only contains games, and the current count of titles available is around 100. The subscription price is not known. Google Play Pass does not have an official release date yet, or any confirmation it will eventually launch at all.

Editors' Recommendations

Tinder tries to break up with the Google Play Store with new payment process - Digital Trends

Posted: 21 Jul 2019 12:00 AM PDT

Tinder is the latest app to join the growing revolt against the fees charged by app stores, with the launch of a new payment process that bypasses the Google Play Store.

Tinder's new default payment process skips the Google Play Store by requiring users to enter their credit card information directly into the dating app, Bloomberg reported, citing Macquarie analyst Ben Schachter. Once users have entered their payment information on Tinder, the app will not only remember the details, but will also remove the option to route payments through the Google Play Store.

"This is a huge difference," Schachter said in an interview. The Google Play Store is an "incredibly high-margin business for Google" that rakes in billions of dollars, Schachter added.

Some developers decided to skip listing their apps on the Google Play Store so that they would not have to give back the standard 30% fee. This is what Epic Games did with Fortnite Mobile, as the massively popular battle royale shooter was distributed through its own website. Meanwhile, some companies such as Netflix and Spotify have removed the option to access subscriptions through their Android apps. This makes people sign up for memberships through their websites, where Google will not be able to take a share.

Tinder's move is a different case, as the app remains listed on the Google Play Store but in open defiance of its requirements. The dating app may be banking on the hope that the Google Play Store will not take down a massively popular app despite the obvious rebellion.

Tinder, as well as the other apps and services that have bypassed app store fees to Google and Apple, are simply seeking to make more money from in-app purchases and subscriptions. While the 30% that Google and Apple collect halves to 15% after the first year after an app's launch, that is still a sizable chunk of the income that developers are losing to app store fees.

We'll have to wait and see whether Google does something about Tinder's new payment process. If no sanctions are made, this may break the ice for other apps and services to do the same, which will result in lost income for the Google Play Store.

Editors' Recommendations

“Google flags preinstalled malware as hidden threat on millions of Android phones - Digital Trends” plus 2 more


Google flags preinstalled malware as hidden threat on millions of Android phones - Digital Trends

Posted: 12 Aug 2019 07:32 AM PDT

Maddie Stone, a security researcher on Google's Project Zero and a former tech lead on the Android Security team, flagged preinstalled malware on millions of new Android smartphones as a hidden threat that requires more attention.

Stone shared her team's findings at the Black Hat USA 2019 conference in Las Vegas, in a presentation in which she said that a smartphone may have as many as 400 preinstalled apps out of the box. This is a major problem because attackers are attempting to hide malware in the preinstalled apps, as it is easier to convince one manufacturer to agree to a preloaded app than to convince thousands of users to download an infected file.

"If malware or security issues come as preinstalled apps," Stone warned, "then the damage it can do is greater, and that's why we need so much reviewing, auditing, and analysis."

The risk affects the Android Open Source Project, which is a lower-cost alternative to the full version of Google's mobile operating system. AOSP is installed in cheaper smartphones to keep the price tag down, but unsuspecting customers are in danger of purchasing devices that come with preinstalled malware.

While this means that Android smartphones released by Google and partners such as Samsung are generally safe from the risk, Google's Project Zero discovered more than 200 manufacturers who have launched devices with hidden malware. One particular malware of concern is Chamois, which upon infecting a device, generates ad fraud, installs background apps, downloads plugins and even send text messages at premium rates. In March 2018, Stone's team found Chamois preinstalled in 7.4 million Android devices.

Google's Project Zero has been working with device manufacturers to address the issue, and that has helped reduce the number of smartphones preinstalled with Chamois to only 700,000 between March 2018 and March 2019. Stone, meanwhile, called for security researchers to place a bigger focus on preinstalled malware as a security threat, as the attention is often directed towards malware that people are tricked into downloading themselves. Then again, even Android antivirus apps have shown to provide inadequate malware protection, according to a study from earlier this year.

Stone's Black Hat presentation follows a study from June that claimed 43% of Android apps were found to have vulnerabilities, while 38% of iOS apps had the same issue.

Editors' Recommendations

Google’s $5 Play Pass will make all the apps you want from the Play Store free - Digital Trends

Posted: 01 Aug 2019 12:00 AM PDT

Google is testing a subscription service for the Google Play Store, called Play Pass, where anyone paying a single $5-per-month fee will gain access to a massive catalog of apps to download without any further charge. The Play Pass is not official yet, but official-looking sign-up pages acquired by Android Police have been published, indicating Google is in the process of finalizing the service. The company has confirmed Play Pass is being tested.

google play pass test news 1
Android Police

The chance to download many apps for one flat fee will drive interest alone, but there are a few further benefits that could make Play Pass a must-have. The sign-up page shows the games downloaded using the subscription will be free, have no advertisements, and all paid content unlocked so as not to require further in-app purchases. The monthly $5 charge for Play Pass would easily be eaten up by two or three in-app purchases, emphasizing the value.

However, don't expect unfettered access to Google Play. Play Pass members will choose from a curated catalog of apps — presumably titles from invited developers that have agreed to Google's Play Pass rules — with Marvel Pinball and Stardew Valley both shown in the leaked screenshots. Another page states the catalog will contain everything from, "puzzle games to premium music apps and everything in-between."

google play pass test news 2
Android Police

While the test page shows Play Pass costing $5 per month, this is not an official price and could change when the service is made official. The option of a 10-day free trial is also provided, and the period may also alter once Google releases Play Pass. All this could change, and we also don't know what will happen to Play Pass-downloaded apps if you end the subscription. While we expect one-off in-game purchases to be included with Play Pass games — all the extra tables in Marvel Pinball, for example — its highly unlikely in-app purchases in games like Asphalt will be included, making it unlikely such games will be eligible for inclusion in Play Pass.

Play Pass, should it be approved and introduced by Google, will go up against Apple Arcade, Apple's subscription-based gaming service expected to launch in the fall. However, Apple Arcade only contains games, and the current count of titles available is around 100. The subscription price is not known. Google Play Pass does not have an official release date yet, or any confirmation it will eventually launch at all.

Editors' Recommendations

Tinder tries to break up with the Google Play Store with new payment process - Digital Trends

Posted: 21 Jul 2019 12:00 AM PDT

Tinder is the latest app to join the growing revolt against the fees charged by app stores, with the launch of a new payment process that bypasses the Google Play Store.

Tinder's new default payment process skips the Google Play Store by requiring users to enter their credit card information directly into the dating app, Bloomberg reported, citing Macquarie analyst Ben Schachter. Once users have entered their payment information on Tinder, the app will not only remember the details, but will also remove the option to route payments through the Google Play Store.

"This is a huge difference," Schachter said in an interview. The Google Play Store is an "incredibly high-margin business for Google" that rakes in billions of dollars, Schachter added.

Some developers decided to skip listing their apps on the Google Play Store so that they would not have to give back the standard 30% fee. This is what Epic Games did with Fortnite Mobile, as the massively popular battle royale shooter was distributed through its own website. Meanwhile, some companies such as Netflix and Spotify have removed the option to access subscriptions through their Android apps. This makes people sign up for memberships through their websites, where Google will not be able to take a share.

Tinder's move is a different case, as the app remains listed on the Google Play Store but in open defiance of its requirements. The dating app may be banking on the hope that the Google Play Store will not take down a massively popular app despite the obvious rebellion.

Tinder, as well as the other apps and services that have bypassed app store fees to Google and Apple, are simply seeking to make more money from in-app purchases and subscriptions. While the 30% that Google and Apple collect halves to 15% after the first year after an app's launch, that is still a sizable chunk of the income that developers are losing to app store fees.

We'll have to wait and see whether Google does something about Tinder's new payment process. If no sanctions are made, this may break the ice for other apps and services to do the same, which will result in lost income for the Google Play Store.

Editors' Recommendations

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.