Tag Archives: jellybean

Latest Entries

Use SuperSU to control your Android root settings

supersuUpdated: Controlling your root settings is very important, especially as it opens your Android device up to the threat of malware. if you are familiar with rooting you will know that you can tweak and modify the way your Android software and hardware behaves. Granting apps root allows you to have vastly more control of your device and apps than without.

You should though be very aware that allowing your Android device to have root access does come with an element of security and privacy risk. Given the risk, SuperSU is often used by modders to control Android root settings on a per app basis.

What is SuperSU? SuperSU allows for advanced management of Superuser access rights for all the apps on your device that need root. It’s that simple!

I’m going to assume you already have a rooted device and that you have an intermediary knowledge of device rooting using SuperSU developed by ChainfireXDA. SuperSU allows for advanced management of Superuser access rights for all the apps on your device that need root.

IMPORTANT: This is the updated SuperSU privacy policy from CCMT, which is effective August 29, 2016.

Here is a quick guide using SuperSU v2.78 SR1, on how to control your Android smartphone root settings:

Posted in android, google, mobile, privacy | Tagged , , , , , | 22

How to disable Android app Device admin rights

Updated: If you use an Android device and regularly download and install apps from the Google Play Store, you may have noticed that some apps require device admin rights to be disabled before you can “Force stop” or “uninstall” an app. Device admin allows developers to create security-aware apps that are mainly useful for enterprise settings. These settings (or policies as they are referred too) may stop a user from installing or uninstalling an app for example.

I’ve started noticing quite a few Android mobile security apps are employing device admin rights to their consumer apps. The main reason for doing this is that the AV vendors want to lock down their app in the event some malware looks to disable or remove their security app, but it is also to with defining a generic security standard for mobile security app development.

Glancing through developer forums it’s clear to see (and I’m one of these) that not being able to kill an app because it is using up large amounts of CPU or RAM time, isn’t that useful to us end -users. Apps and operating systems do have memory leakage and probably always will from time to time. So, how do you disable device admin rights for a particular app so that you can enable ‘Force stop’; ‘Uninstall’; ‘Clear data’; ‘Clear cache’; and ‘Clear defaults’ from within App Manager? It’s actually very simple folks:

Posted in android, google, mobile, privacy | Tagged , , , , , , | 170

Message for Mobile App developers and CISOs

PrintOur Android research, based on over 18 months of App and SDK analysis for leading NASDAQ and NYSE companies, uncovered a low malware threat to end users. The major global threats we were identifying were not necessary malcode-related, although leading security vendors will have you thinking otherwise.

To support this finding, our data analytics platform found most malicious Apps and SDKs were repackaged (not re-engineered); required Unknown sources option to be checked and in most cases were found in third-party markets in China with some Android malcode Apps found in India, Brazil and Indonesia.

The fingerprints we flagged also hinted at Russia and China being a primary location for development of new mobile malware, but our research found that the malcode threat vector was actually very narrow i.e. your device would have to be rooted and/or Unknown sources checked.

Most used spear phishing (email) or drive-by download (specific web pages) paths to infection but there is also some ransomware in circulation. Ask your friends who use Android and they will tell you they have never been infected by a virus or ransomware. This isn’t always the case, but it is from our research, more the norm.

Posted in android, malware, mobile, privacy | Tagged , , , | 0

Manage your Google Account password on Android

Google_android_logoIf you use Google products and services such as Gmail and YouTube you will most likely have a Google account. If you have signed in to Google on your Android device you will be able to reset your password, enable 2-step Verification and monitor Apps that use your Google account. It’s worth pointing out now that Google account passwords must be at least 8 characters long.

The following was tested on Android 5.1.1 and 6.0. Let’s get started:

  • Settings > Google > Sign-in & Security > Signing in to Google
  • Open with <browser> tap JUST ONCE

You can change (reset/enable/disable) by signing in to each of the following:

  • Password – shows you the last date change*

*You cannot reuse a password from the past 12 months. Easy passwords such as “12345678” are also automatically blocked. 🙂

You also have the option of setting up another layer of protection called 2-Step Verification. This will send a single-use code to your mobile device. You will need to enter this code when you sign in. This means if someone steals your Google password, it will not be enough to gain access to your account.

Posted in android, google, mobile, privacy | Tagged , , , | 0

How to sideload Android APKs from Google Play

Google_android_logoYou might have experienced an issue where a link to an app is no longer available in the country you live in or are visiting. You will need to be sure that the app does indeed work on your compatible Android device.

Before you can download the Android app, you will need to check ‘Unknown sources’. Go to Settings > Security > Unknown Sources – Click ‘OK’ on the warning message. This allows installation of apps from sources other than the Play Store, but also allows you to side load packages (APKs) from the Play Store in the event the link is unavailable.

Next, you can now download the APK from Google. Use the following service on your PC: apps.evozi.com/apk-downloader

  • Insert the name (using format ‘com.appname.device’) or
  • Use the Google Play URL link
  • Click > Generate Download Link
  • APK will be downloaded to your PC
  • Copy the APK to your Android device SD card*
  • Tap the APK file to run it to install the app
  • Remember to uncheck ‘Unknown sources’ when finished

*If transferring files from your PC to your Android device using USB you should use ADB – adb push /path/to/local/file /mnt/sdcard/path/to/file

Posted in android, mobile | Tagged , , , | 0