Collaborating Authors

Why Google needs to put Chrome OS in developer hands


Apparently, I wasn't the only one who noticed that, during Google's presser unveiling of the Pixel 3 and Pixel Slate, the word "Android" wasn't mentioned a single time. The open-source OS that shall not be named? There may be a number of reasons for this: As a brand name, Google already appears to be phasing out Android, as it pertains to platforms (with Android Wear becoming Wear OS), and dropping the moniker from a number of its own apps, such as with Pay and Messages, preferring to just use the name Google as the main brand for many of its applications and services. There are also a number of legal issues being worked out, and it is a possible major liability for the company in its litigation with Oracle. We also know Google is working on a successor to Android, called Fuchsia.

Ways Developers Can Prevent Data Leakage in an Android App


Whenever it comes to developing a mobile application, business enthusiasts and developers often prefer Android over other platforms. They appreciate the level of customization it avails, the low budget requirement, and the fact that the platform enables them to target a wider audience. But only a few realize that Android-based apps suffer from a major issue – the issue of the data breach. There's no denying the fact that with the increasing adoption of mobile apps, malicious hackers have also improved the ways to hack mobile apps and steal user sensitive information. Meaning, both Android and iOS mobile apps are involved with popular data breach cases – be it Facebook Cambridge Analytica or the Dashdoor data breach case.

Android Security Cookbook [PDF] - Programmer Books


"Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.

Microsoft Edge for iOS and Android adds single sign-in, can now block Chrome and Safari access to some apps


Microsoft is making it easier for users of its Edge browser for iOS and Android to access applications via single sign-on, while give tools to administrators to prevent these workers from using Safari or Chrome to access some enterprise apps. The mobile version of Edge for iOS and Android now supports "conditional access" protection and single sign-on, making it more attractive for enterprises to deploy Microsoft's mobile Edge as the go-to browser for accessing web apps, assuming they're connected to Microsoft's Azure Active Directory or Azure AD. According to Microsoft, the browser now comes with the same application management and security capabilities that once required an Intune Managed Browser. The single sign-on component means workers can more easily access apps such as Microsoft Outlook as well as web apps that are connected to Azure AD, be they software-as-a-service (SaaS) or on-premise delivered. This means workers only need to sign-in to an Azure AD-connected web app once and don't need to enter their credentials again afterwards.

Android full disk encryption can be brute-forced on Qualcomm-based devices


Attackers can exploit vulnerabilities in Android devices with Qualcomm chipsets in order to extract the encrypted keys that protect users' data and run brute-force attacks against them. The attack was demonstrated last week by security researcher Gal Beniamini and uses two vulnerabilities patched this year in Qualcomm's implementation of the ARM CPU TrustZone. The ARM TrustZone is a hardware security module that runs its own kernel and Trusted Execution Environment independent of the main OS. On Qualcomm chips, the Trusted Execution Environment is called QSEE (Qualcomm Secure Execution Environment). The full-disk encryption feature on Android devices relies on a randomly generated key called the device encryption key (DEK).