Tag Archives: kitkat

Latest Entries

Use SuperSU to control your Android root settings

supersuUpdated: Controlling your root settings is very important, especially as it opens your Android device up to the threat of malware. if you are familiar with rooting you will know that you can tweak and modify the way your Android software and hardware behaves. Granting apps root allows you to have vastly more control of your device and apps than without.

You should though be very aware that allowing your Android device to have root access does come with an element of security and privacy risk. Given the risk, SuperSU is often used by modders to control Android root settings on a per app basis.

What is SuperSU? SuperSU allows for advanced management of Superuser access rights for all the apps on your device that need root. It’s that simple!

I’m going to assume you already have a rooted device and that you have an intermediary knowledge of device rooting using SuperSU developed by ChainfireXDA. SuperSU allows for advanced management of Superuser access rights for all the apps on your device that need root.

IMPORTANT: This is the updated SuperSU privacy policy from CCMT, which is effective August 29, 2016.

Here is a quick guide using SuperSU v2.78 SR1, on how to control your Android smartphone root settings:

Posted in android, google, mobile, privacy | Tagged , , , , , | 20

How to disable Android app Device admin rights

Updated: If you use an Android device and regularly download and install apps from the Google Play Store, you may have noticed that some apps require device admin rights to be disabled before you can “Force stop” or “uninstall” an app. Device admin allows developers to create security-aware apps that are mainly useful for enterprise settings. These settings (or policies as they are referred too) may stop a user from installing or uninstalling an app for example.

I’ve started noticing quite a few Android mobile security apps are employing device admin rights to their consumer apps. The main reason for doing this is that the AV vendors want to lock down their app in the event some malware looks to disable or remove their security app, but it is also to with defining a generic security standard for mobile security app development.

Glancing through developer forums it’s clear to see (and I’m one of these) that not being able to kill an app because it is using up large amounts of CPU or RAM time, isn’t that useful to us end -users. Apps and operating systems do have memory leakage and probably always will from time to time. So, how do you disable device admin rights for a particular app so that you can enable ‘Force stop’; ‘Uninstall’; ‘Clear data’; ‘Clear cache’; and ‘Clear defaults’ from within App Manager? It’s actually very simple folks:

Posted in android, google, mobile, privacy | Tagged , , , , , , | 146

Protect your Google account with security check-ups

Google securityGoogle protects your account with some of the most advanced online security. Most Google users will be unaware that Google makes it very easy for you to manage your account security settings. It’s very important that once you have setup your account security, that you review no less than monthly, to safeguard your account information even more. You can do the following on any device that supports Google.

  • Sign in to your Google account – https://myaccount.google.com/security
  • Click GET STARTED > you will be prompted for your password
  • Review your recovery phone and email. You can edit the phone number and also remove the email address.
  • Tap > Done > you will be prompted with “Recovery information checked”
  • Check your connected devices. This will list devices that connect to your Google account. Notice anything wrong?
  • Click a device for a drop down to highlight more information, such as name of device, browser type and last locations used.
  • Notice anything wrong? Click “Something looks wrong” – Google will be notified something is wrong. You can also change password or click “No thanks”.
  • Next, review the apps, websites and devices that connect to your Google account such as Google Chrome.
Posted in android, browser, google | Tagged , , , , | 0

Message for Mobile App developers and CISOs

PrintOur Android research, based on over 18 months of App and SDK analysis for leading NASDAQ and NYSE companies, uncovered a low malware threat to end users. The major global threats we were identifying were not necessary malcode-related, although leading security vendors will have you thinking otherwise.

To support this finding, our data analytics platform found most malicious Apps and SDKs were repackaged (not re-engineered); required Unknown sources option to be checked and in most cases were found in third-party markets in China with some Android malcode Apps found in India, Brazil and Indonesia.

The fingerprints we flagged also hinted at Russia and China being a primary location for development of new mobile malware, but our research found that the malcode threat vector was actually very narrow i.e. your device would have to be rooted and/or Unknown sources checked.

Most used spear phishing (email) or drive-by download (specific web pages) paths to infection but there is also some ransomware in circulation. Ask your friends who use Android and they will tell you they have never been infected by a virus or ransomware. This isn’t always the case, but it is from our research, more the norm.

Posted in android, malware, mobile, privacy | Tagged , , , | 0

Manage your Google Account password on Android

Google_android_logoIf you use Google products and services such as Gmail and YouTube you will most likely have a Google account. If you have signed in to Google on your Android device you will be able to reset your password, enable 2-step Verification and monitor Apps that use your Google account. It’s worth pointing out now that Google account passwords must be at least 8 characters long.

The following was tested on Android 5.1.1 and 6.0. Let’s get started:

  • Settings > Google > Sign-in & Security > Signing in to Google
  • Open with <browser> tap JUST ONCE

You can change (reset/enable/disable) by signing in to each of the following:

  • Password – shows you the last date change*

*You cannot reuse a password from the past 12 months. Easy passwords such as “12345678” are also automatically blocked. 🙂

You also have the option of setting up another layer of protection called 2-Step Verification. This will send a single-use code to your mobile device. You will need to enter this code when you sign in. This means if someone steals your Google password, it will not be enough to gain access to your account.

Posted in android, google, mobile, privacy | Tagged , , , | 0