Managing application privileges (permissions) on Android isn’t that user friendly – and that includes KitKat 4.4. If you want a powerful tool to manage your app privileges (permissions) then XPrivacy might just be that app. XPrivacy allows you to manage and control app permissions via the installer for the Xposed Framework.
The Xposed Framework* is a customisation tool which allows modders to make changes (install modules such as XPrivacy) to the Android system without making changes to the behaviour of apps and/or the source code. We use this framework to look for module exploits.
In most instances you would need to download the Xposed Framework from XDA Developers forum, but for the benefit of this post, you can do this with the help of the XPrivacy Installer app. Then you would have to find a module to install. Remember for you to be able to install the XPrivacy module your device will need to be rooted.
The XPrivacy module allows you to have super user power in that you can stop an application like Twitter and Facebook from having access to specific permissions. Beware though, if you start changing privileges (permissions) ad hoc you might end up crashing the app or the device. So beware!
Android Device Manager (ADM) doesn’t actually require any setup, it’s part of Android 2.2 or above. On Android KitKat running on the Nexus 5 you will need to grant Device administrator privilege to be able to remotely lock and wipe your lost and/or stolen device. If you used a factory image to update your Nexus to Kitkat, then Android Device Manager is already enabled. If you updated OTA, then we noticed that this feature was not enabled by default on our Nexus 4/5 and non-Nexus devices i.e. Galaxy S3 (rooted).
Here is how you check whether Android Device Manager is enabled:
Go to Settings > Device administrators > check Android Device Manager
Wiping your lost or stolen Android device with Device Manager will also delete the security apps you have running, so in most instances you will not be able to use the “Find My Device” feature. The only solution right now would be to embed a remote lock and wipe functionality as a kill switch at the firmware level, but this is unlikely due to the profitable insurance the MNOs sell to end users would be impacted.
Android 4.4 (KitKat) introduces and experimental rootkit protection with verified boot which looks for persistent rootkits that can retain root privileges to compromise your Android device. Rootkits have a tendency to hide themselves in root and avoid being detected by the operating system and any installed security software.
Android apps are installed in the operating system user space with each app being self-contained when run inside a sandbox (virtual container). This approach stops any app from changing files outside of the sandbox or files within another sandbox.
Verified boot through the optional device mapper-verity (dm-verity) kernel feature, provides integrity checking of block Android devices. The dm-verity helps prevent persistent rootkits that hold onto root privileges to compromise a device. dm-verity provides the user with a high-level of assurance that when Android OS boots the device is in the same state as when last used.
Verified boot comes enabled on Android 4.4 (see bootnote). There is a small issue with OTA updates when using dm-verity. OTA works on a file-by-file basis, but dm-verity requires block-orientated OTAs. This block approach servers the Android OTA device the difference between the two block images, rather than two sets of files. Note: Many manufacturers have already moved to block-orientated OTAs, which allow them to have more control of whether the bootloaders on their hardware can be modified. Modders however, will not like this development for obvious reasons.
Back in January I posted about Chrome 25 and it’s new extension security feature. This version of Chrome removed the ‘auto-install’ feature. If you run Chrome on a Windows system you may already know that Chrome is designed to allow unseen installs to allow users to opt-in to adding a useful extension to Chrome as a part of the installation of another application.
This meant some 3rd-party developers have silently installed extensions into Chrome without proper acknowledgement from users. Chrome version 25 presented the user with two options (similar to what Windows did with Vista User Account Control), prior to installing a extension – ‘Enable extension’ or ‘Remove from Chrome’.
Quite a few Chrome extensions are still not hosted on the Chrome Web Store, so it’s difficult for Google to protect it’s users from malicious extensions. Google earlier this month announced that was going to increase the protection it offered Windows users. Starting in January 2014 on the Windows stable and beta channels, Google will require all extensions to be hosted in the Chrome Web Store. Google is advising developers to migrate their extensions as soon as possible.
If you are a developer and have questions, then you should get in touch with the Chromium extensions group.
The CryptoLocker Trojan malware is delivered via an email with ZIP file attachment which is the most common attack vector. The ZIP payload unpackages and installs itself on Windows target machines only – Windows OS (XP, Vista, 7, 8, and 8.1). What is different about this Trojan is that it encrypts all of your Windows files such as pictures, documents, music files and so on as well as attached network storage. Also, this Trojan contains the spamming bot Cutwail. So be extra careful when opening attachments.
CryptoLocker then demands payment via Bitcoin or MoneyPak within a 72 hour window (it installs a timer on the target machine). Victims who opened the ZIP and installed this Trojan have had to pay a ransom to receive a key (and software, which uses the TOR network, rather than Internet) that unlocks the encrypted files. Once the files are encrypted you are in the hands of the cyber criminals! Over this weekend the cyber criminals have allowed victims to pay after the 72 hour window*, and using MoneyPak, as most victims don’t actually know what bitcoins are.
*You could roll back your Windows clock to allow more time.