msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

17 Apr 12 Chrome for Android Gets New Features, Languages


Chrome for Android Gets New Features, LanguagesThe Android OS version of Google’s Chrome browser is now available in a host of new languages and has gained several new features, but it remains in beta testing and is afflicted with a variety of bugs.

First released in February for tablets and phones that run the 4.0 version of Android, also called Ice Cream Sandwich, Chrome for Android now has its user interface in 31 additional languages and is available in all countries with access to Google Play, which was previously known as the Android Market.

New features include the ability to switch from the mobile to the desktop version of a website and to place bookmarks in the home screen in the form of shortcuts, the company said on Tuesday in a blog post.

In addition, users can now assign applications of their own choosing for launching links opened in Chrome, as well as use the browser with a Wi-Fi network that has a proxy setup.

Also new is the ability to download files to the device and to play “old style” embedded YouTube content via the native YouTube application, Google said in a related but separate post.

As a beta product, Chrome for Android has a number of known bugs, which currently include problems with font sizes, search result languages, website renderings, webpage loading and third-party application interaction, according to the Known Issues page Google maintains for this version of the browser.

People can report bugs they encounter by filling out this form.

This latest upgrade of Chrome for Android puts the application in version 0.18.4409.2396.

Juan Carlos Perez covers enterprise communication/collaboration suites, operating systems, browsers and general technology breaking news for The IDG News Service. Follow Juan on Twitter at @JuanCPerezIDG.

Would you recommend this story?

YES
NO

  • Recommend:
  • 0 Comments
  • Print




Leave a commentSubmit Comment

Once you click submit you will be asked to sign in or register an account if you are not already a member.

Posting comment …



Trade in your old printer save! A new Xerox ColorQube® can increase print quality and reduce costs. Start saving today.

Article source: http://www.pcworld.com/article/253963/chrome_for_android_gets_new_features_languages.html

Tags: , , , , ,

14 Apr 12 What Can a Zero-Permissions Android App Do?


Android malware

Before you download an Android app, a developer has to present you with a list of system-level resources the app needs to access in order to run. These are simply referred to as Permissions; the purpose of Android Permissions is to let you know exactly what information an app maker is harvesting from your device, so you can make an informed decision over whether or not you want to download it. And an app needs your permission to do even trivial tasks like connecting to the Internet or preventing your phone from going to sleep.

But according to Leviathan Security researcher Paul Brodeur, even an Android app with zero permissions can still extract plenty of data from your device. Leviathan created a proof-of-concept app (called “No Permissions”) and found three types of personal data the app was still able to see: 

1. Files on an SD card

2. A list of all apps already installed on the device, and files associated with those apps (the /data/system/packages.list file)

3. Basic device information: the GSM and SIM vendor ID, the Android ID which associates an app with a device, and kernel version.

An obvious question you might ask is what No Permissions could do with this data, if it couldn’t even connect to the Internet (which would require the ubiquitous “Internet” permission)? Brodeur claims Zero Permissions could still make one network call without explicit permission, one that would allow the app to launch the browser. Theoretically, from there the developer would be able to create additional browser calls and transmit the data.

Over-blown Claims?
Before you do something dramatic like making a leap to iOS, another security researcher says Leviathan’s findings don’t pose much of a threat at all. 

“None of these are flaws with the Android operating system, but with some specific applications that aren’t named,” researcher Daniel McCarney from the Carleton Computer Security Lab told me. ”Most of the findings are entirely supported behaviour. None of this is new research [or] a serious security risk for end users.”

Here’s what’s really going on: 

1. SD Card: This is old news. Google explicitly tells its developers that any app can read files on the SD card without permission, and warns them not to as part of the app’s Terms of Use.

Older versions of Android use an outdated partitioning system (FAT32) also used by many other operating systems, including Windows and MacOS. FAT32 is popular as it allows users to insert an SD card without formatting it into another operating system.

Furthermore in February, Google said it was exploring a Read permission for the SD card in a future release:

“As phones and tablets have evolved to rely more on built-in, non-removable memory, we’re taking another look at this and considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data,” Google said in a statement. 

2. App list: Yes, the permission-less app was able to pull a list file showing all the apps on your device. But McCarney said Google is not only aware, it has given developers an even easier way to get a list of installed apps (the PackageManager API).

“The use of this obscure file (packages.list) strikes me as a way to make the issue seem like a serious oversight or a vulnerability,” he said. 

Jerry Hillebrand over at Android Central noted this list file doesn’t really pose a risk.

“Knowing what applications a user has installed is a great way to know what exploits may be useful to compromise their phone or tablet,” Hillebrand writes. “Knowing that an exploit exists it’s there means an attacker could try to target it. It’s worth mentioning that targeting a known insecure app would probably require some permissions to do so, though.” 

3. Basic device information: Lastly, it remains to be seen whether a hacker with your GSM, SIM, kernel version, and Android IDs can actually identify who you are.

“This claim is entirely overblown,” McCarney says. “All their application is able to gain is the Mobile country code (MCC) and the Mobile Network code (MNC) of the phone. This information would tell you something akin to the fact that I have a Rogers mobile phone in Canada.”

Still Paranoid?
There are a few precautions you can take, if this information still leaves you feeling uneasy.

1. Don’t store any personal information on your SD card. 

2. Download one of our recommend Android security apps that will detect apps behaving badly.

3. Be sure to install updates to applications as they arrive. Typically if an app improperly stores secure data on the SD card, developers will fix this and issue an update. 

Article source: http://securitywatch.pcmag.com/none/296635-what-can-a-zero-permissions-android-app-do

Tags: , , , , ,

09 Apr 12 RIM Moves Against Pirated Android Apps On PlayBook


10 Things Tablets Still Can't Do
(click image for larger view and for slideshow)

PlayBook OS 2.0, which was distributed by Research In Motion in February, allows tablet owners to install and run Android applications. Those apps need to be repackaged by developers, and run in an emulator environment on the tablet. They can be downloaded from the BlackBerry App World store. Well, the official versions, anyway.

Not all Android developers are ready to repackage their applications for RIM’s PlayBook. While PlayBook owners wait for official app releases, unofficial versions of some Android apps for PlayBook OS have become available. These are apps that have been repackaged by people other than the original developer and are being distributed outside the Android Market and BlackBerry App World.

They are, in other words, pirated apps.

Since the pirated apps skip the official distribution channels, that means for-pay applications aren’t earning any income for the original developer. RIM has taken notice of the issue. This isn’t a case of “no harm, no foul,” said Alec Saunders, RIM’s VP of developer relations, in a Twitter exchange with a developer. “Have seen apps from devs uploaded by others, and charged for by people who don’t own.”

[ Will RIM's "do or die" plan work? See RIM CEO Pledges Enterprise Focus, But Clock Ticks. ]

So RIM is going to do something about it.

“We’re removing sideloading for consumers,” said Saunders. “Piracy is a huge problem for Android devs, and we don’t want to duplicate the chaotic cesspool of Android Market. Pretty sure we’ve got a solution for devs.”

RIM will push a software update to the PlayBook in the near future that blocks the ability to sideload applications. This means apps will only be available through the official, RIM-sanctioned BlackBerry App World.

Sound familiar to you? That’s because RIM is apparently adopting Apple’s iPhone, iPad, and iPod Touch application policy. Apple, too, restricts application access to the App Store, which it controls. The only way to install non-approved applications on an iPhone is to jailbreak it. Saunders didn’t say if the forthcoming PlayBook update would also break the ability to jailbreak the PlayBook, which has been possible now for several months.

Google takes a different approach. While hundreds of thousands of applications are available to Android devices via the Google Play Store, owners of Android devices can choose to install apps from non-approved sources if they so wish. No hacking is required to enable this functionality. Instead, users must simply check a little box in the settings menu. Google warns that in so doing, however, customers are taking a risk with respect to security and privacy.

Is RIM’s change in stance here a big deal for end users? No, it isn’t. It is the right thing for RIM to do if it wants to protect its relationship with its developer community. Right now, RIM needs to be highly protective of its developers. Without devs, there are no apps, and without apps, its BlackBerry OS 10, slated for release late this year, will die before it reaches the market.

Put an end to insider theft and accidental data disclosure with network and host controls–and don’t forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone’s concern, and lessons learned from the Global Payments breach. (Free registration required.)

Article source: http://www.informationweek.com/news/personal-tech/mobile-apps/232800489

Tags: , , , , ,

09 Apr 12 Will Google Tablet Sales Frag or Defrag the Android Market?


Will Google Tablet Sales Frag or Defrag the Android Market?For consumers who don’t live and breathe Android, the market can be confusing. There are dozens of phone models, many running different versions of the Android operating system.

The Android tablet market is a little less confusing. There are fewer models out there, probably because slate makers haven’t figured out how to make a decent buck selling the tablets. Amazon has found a way to move its Kindle Fire: Sell it at a loss.

Now that Google is poised to enter the Android tablet market, a question that’s being raised in many observers’ minds is: Will this move reduce or augment market fragmentation?

Background

Google is expected to start selling a seven-inch Android tablet sometime in July at a price–$200–that will make it competitive with Amazon’s Fire. The units would be sold directly to consumers through an online store operated by Google. In addition to Google’s tablets, slates from other manufacturers will eventually be sold through the store.

Kindle FireKindle FireIf Google tablet sales can be as successful as those for the Kindle Fire, that move could reduce the fragmentation in the Android tablet market. Other tablet makers would bring the specs of their devices in line with the Google slate to capitalize on its success.

The flip side of that scenario, though, is that Google’s offering becomes just another tablet. Then it would be contributing to the market’s confusion by just adding another device to an already crowded field.

Pros and Cons

Now, selling its tablets online at a single location could help Google defrag the market. It would provide a powerful magnet for online tablet shoppers. Sure, there are those who say you can’t move tablets unless people can first get their hands on them in the physical world, but the online retail approach seems to have worked successfully for Amazon, which has sold three million Fires since its introduction last fall.

Opening up the online store to other tablet makers, though, could add to market disarray. You could have Google’s tablet running the latest version of Android, while models in the store from other tablet makers would be running other versions of the operating system. Instead of presenting consumers with a unified front on tablets, the store could actually emphasize just how fragmented the market is.

On the other hand, by releasing its own tablet with the latest version of Android, Google might encourage makers of Android devices to move faster in upgrading their hardware. The more devices that are operating on the same page, the less apparent fragmentation there will be.

However, if Google launches its tablet with a new version of Android–say, the upcoming version 5.0 codenamed “Jelly Bean”–it could add to the confusion, since adoption of the latest version of the OS, “Ice Cream Sandwich,” has been so slow.

Such a move would be a disaster for developers, too, who are already having trouble creating apps that run on both Android tablets and phones.

The bottom line is, however, with details about Google’s tablet still in flux, even hypotheses about the potential impact of such a device on fragmentation in the Android market remain on very uncertain footing.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

Article source: http://www.pcworld.com/article/253435/will_google_tablet_sales_frag_or_defrag_the_android_market.html

Tags: , , , , ,

04 Apr 12 Instagram for Android Nabs 1M Downloads, Prompts iPhone Twitter Spat


The release of Instagram for Android was music to many people’s ears, as excited Android users downloaded more than 1 million copies of the popular photo-sharing app in less than 24 hours.

The free app was released Tuesday on Google Play, formerly known as the Android Market, and has been a runaway hit with Android users. Instagram CEO Kevin Systrom told The New York Times that the app was seeing 2,000 signups each minute following its debut. More than 430,000 Android users, meanwhile, had already signed up to be one of “the first in line for Instagram on Android” during a pre-registration period that began on March 25.

But not everyone was excited about Instagram’s arrival on Android. Some iPhone users took to Twitter to express annoyance, some jokingly, that the app is now open to Android users, helping make “Instagram” and “Android” trending topics yesterday afternoon.

One user, @matthewtpain, wrote that he was, “bummed to see Instagram is coming soon to Android. I like the exclusivity of iPhone users only.”

“I’m annoyed that instagram is coming to the Android soon… it should just be an iPhone thing,” wrote Twitter user @Anthony_CA.

Meanwhile, one user, @iFollowBlindPpl wrote, “Don’t follow me on instagram if you got an Android. Only iPhone users following this way. Im blocking Android users. This is war.”

“I’m absolutely #outraged that Instagram is on Android now,” Twitter user @Chino_Wanker wrote, likely in jest. “Now it’s gonna be populated by people who are poor and can’t afford an iphone.”

Overall, however, most iPhone users don’t seem to be bothered.

“To be clear, 99.99% of iPhone users will have absolutely no opinion about Instagram arriving on Android,” @jamesburland wrote.

Instagram first debuted in October 2010 for the iPhone, and up until yesterday was only available for iOS devices. The app lets users add different custom filters to photos in order to change the colors, mood, border, and tonality of their snapshots.

The release of Instagram for Android came several weeks after Systrom tipped its arrival at last month’s SXSW conference in Austin. At the time, the app was not quite ready for primetime, but Systrom said that “in some ways, it’s better than our iOS app. It’s crazy.”

What do you think of Instagram being made available for Android? Did you download it? Let us know in the comments and stay tuned for PCMag’s full review of the Android app. Until then, check out our review of the iPhone Instagram app.

For more from Angela, follow her on Twitter @amoscaritolo.

For the top stories in tech, follow us on Twitter at @PCMag.

Article source: http://www.pcmag.com/article2/0,2817,2402594,00.asp

Tags: , ,

04 Apr 12 Android Alert: Five Security Threats You Didn’t Know About


When you think of viruses, spyware, and other security threats, you probably think of your PC. After all, that’s where the majority of these kinds of attacks take place. But malware on your mobile phone? Or even your tablet? Nah, that could never happen. Could it? Yes it could, especially if your mobile device runs the Android operating system. According to Juniper Networks, Android malware samples increased a whopping 472 percent in the period between July and November, 2011.

Hackers have declared war on Android devices, and you might get caught in the crossfire. Fortunately, as Sun Tzu famously noted in The Art of War, “If you know your enemies and know yourself, you can win a hundred battles without a single loss.” Here are the five biggest enemies you should know — and how to beat them at their own game.

1. SMS Trojans

According to that same Juniper Networks report, nearly half the malicious Android apps circulating today are SMS Trojans, which send text messages in the background (meaning without your knowledge) to premium-rate numbers owned by the hackers. The end result: a potentially huge surcharge on your monthly carrier bill.

By far the best way to stop an SMS Trojan is to avoid getting hit by one in the first place. For that, make sure to install an Android security suite designed to combat all kinds of threats, not just a few. Also, don’t install apps that look suspicious or sound too good to be true.

2. Carrier IQ

Late in 2011, a researcher discovered that a rootkit from software developer Carrier IQ was running on millions of mobile devices. Though not overtly nefarious, the code reportedly logs users’ locations and keystrokes (including passwords). Most troubling, all this happens without users’ knowledge and without the option to disable it.

To guard against this threat, get Carrier IQ Test, a free app that can detect and remove the unsanctioned software.

3. Preloaded apps

Your smartphone or tablet probably came with some “bonus” apps, software that’s not normally included with Android but was added by the manufacturer or carrier. Last December, researchers discovered that some of these preloaded apps contain serious security vulnerabilities, the kind that can be used to wipe a handset, steal private data, or even listen in on phone calls. Even worse, because many of these apps are “baked in” to the OS, they can’t be removed.

If you have Android 4.0 (a.k.a. Ice Cream Sandwich), you can at least hide and disable bloatware apps. Just venture into Settings, Device, Apps, tap All, tap the app you want to banish, and then tap Disable.

4. Fake Google Play stores

Earlier this year, Google transformed Android Market into Google Play, where it consolidated various services (apps, music, e-books, etc.). Shortly thereafter, cybercriminals began creating fake Google Play domains designed to trick users into installing malicious apps.

The way to fight this threat is to get smart. Don’t attempt to install the Google Play app on your own by downloading it. Instead, follow the usual procedures to update your device’s OS. Also, Android security software can detect and remove any rogue apps you might inadvertently install, so it’s a good idea to run anti-malware utilities on your mobile device.

5. Android/FakeToken.A

You get a text message from your bank: “Your account has been comprised! Tap here to sign in and update your password.” Tapping the link takes you to a realistic-looking site, complete with the bank’s logo. So you sign into your account — and, in the process, open the door to Android/FakeToken.A, a form of remote-control malware that can steal all kinds of personal data.

Never, ever tap a link contained in an email or text message, no matter how legitimate it looks. Instead, open your browser and connect to your financial institution directly, making sure the URL starts with https://. Even better, if the bank offers its own app, use that to access your account. And if you’re really concerned about a security breach, call the institution directly.

Article source: http://www.pcworld.com/article/252683/android_alert_five_security_threats_you_didnt_know_about.html

Tags: , , , , ,

03 Apr 12 Android Ice Cream Sandwich gains, but Gingerbread dominates


Android 4.x “Ice Cream Sandwich” is making gains, though Gingerbread still takes the lion’s share, according to a snapshot of data provided to
Android developers.

Ice Cream Sandwich (ICS) had about a 2.9 percent share and Honeycomb had more than a 3 percent share, according to Android Developers, which describes the data as “the relative number of active devices running a given version of the Android platform.”

ICS started appearing in devices only toward the end of last year.

The Web site says the data can help developers “understand the landscape of device distribution and decide how to prioritize the development of your application features for the devices currently in the hands of users.”

Android 2.x Gingerbread was just a little shy of 70 percent.

Chart showing the number of Android devices that have accessed Google Play (formerly Android Market) within a 14-day period ending on April 2

Chart showing the number of Android devices that have accessed Google Play (formerly Android Market) within a 14-day period ending on April 2.

(Credit:
Android Developers)

Chart showing the number of Android devices that have accessed Google Play (formerly Android Market) within a 14-day period ending on April 2

Chart showing the number of Android devices that have accessed Google Play (formerly Android Market) within a 14-day period ending on April 2

(Credit:
Android Developers)

A year earlier (March 17, 2011), Android 2.2 was on top and Android 3.0 at a trifling 0.2 percent.

In an introduction to a historical distribution chart, the Android Developers page illustrates compatibility by showing versions “stacked on top of each other”–what is sometimes referred to less charitably as fragmentation.

A chart on a Motorola support page mirrors the staggered rollout of Android on various devices. For example, Motorola’s newest
tablet the Xyboard (aka, “Xoom 2″) currently runs Android 3.2.2 but won’t see ICS until the third quarter of 2012.

Via Engadget

Article source: http://news.cnet.com/8301-13924_3-57408400-64/android-ice-cream-sandwich-gains-but-gingerbread-dominates/

Tags: , , ,

28 Mar 12 Google I/O 2012: 10 Things Developers Can Expect at the Show


When the Goolge
I/O conference first started
, the company had an exceedingly difficult time
getting developers to join the event. It appeared that they wanted to see how
it would go before they would commit. But in 2011, the event’s tickets sold out
in no time. And this year, they hit a new sell-out record, exhausting the
supply of tickets in just 20 minutes. The excitement surrounding the I/O
Conference has hit a tipping point.

Google plans to hold the event on
June 27 during a three-day period. Google hasn’t said what it will discuss, but
the event is usually a good way to learn about the future of Google’s many
services, including Android, Chrome, and even Google TV. In other words, it’s a
major event that just about anyone who cares about the Google developer world
will want to learn more about.

Realizing that this has become a must-see event, it’s time to look at some of
the possible developments and announcements to expect at Google I/O 2012.

1. Android stats galore

Google is very much like Apple in that it likes to talk
about mobile statistics as often as possible. So, at Google I/O, expect the search giant to take the stage
and discuss everything from daily Android activations to devices sold
worldwide. Providing Android stats is a key component in making Apple look bad.

2. A new Android version

In the past, Google has used Google I/O to discuss the
latest and greatest Android flavors. At this year’s event, expect the same.
After all, Google I/O is the place where the search giant has all the attention
of media outlets and developers. Why wouldn’t it discuss the future of Android?

3. A new Chrome OS

Remember Chrome OS? It’s the operating system that was
supposed to take on Microsoft Windows and Apple Mac OS X. Well, it’s still
available and still running on Chromebooks, but it’s been largely ignored. At Google I/O, expect the search company to bring it back
to the forefront and discuss how it might be used in the coming years.

4. Android Market developer discussions

One of the central elements of Android’s success has been
its ability to attract developers. And the fact that Google I/O sold out in
just 20 minutes shows how excited developers are to create apps for the
company’s operating systems. So, expect lots of discussions on apps and the
Android Market, as a whole.

5. Security will take center stage

Security is undoubtedly the biggest issue facing Android right now. And Google knows it. So, at Google I/O,
expect the search giant to discuss security and the ways in which it plans to
safeguard its many operating systems. To neglect security would be a huge
mistake on Google’s part.

6. The future of Google TV

At Google I/O 2011, Google TV made a comeback, as the search
company discussed how it would attempt to appeal to customers in the living
room. Since then, however, Google TV has been all but ignored, making some
wonder if it should be discontinued. With rumors of Apple launching a
television this year, however, discontinuing Google TV seems unlikely, making
it increasingly likely the platform will be on display at Google I/O.

7. Expect search to play a role

It wouldn’t be a Google-related event if the search company
didn’t discuss, well, search. From Android to Chrome OS to Google TV, search
plays a crucial role in all the services that might take center stage at Google
I/O. Google would be remiss to not discuss it.

8. Google+, anyone?

Online services outside of search have become quite
important to Google as of late. And more recently, Google+ has arguably become
its most important online consideration next to search. Realizing that, expect for Google to discuss its social network and talk up app development for it. As
Facebook has proven, social apps can mean big business — and Google wants a
part of that business.

9. A Google-branded smartphone and tablet

Although much of the discussion surrounding Google I/O will
relate to development, there’s also a good chance that the search giant will
show off a smartphone and tablet under its personally branded Nexus line. The
Nexus strategy worked brilliantly in the smartphone space, but Google hasn’t
followed the same path in tablets. The time has come for it to do just that.
And Google I/O might be the place to do it.

10. An all-out assault on Microsoft

Lastly, expect Google to take aim at Microsoft at the Google
I/O Conference. Since its inception, Google has hated everything about Microsoft.
Now, the search giant is starting to chip away at Microsoft’s defenses,
including Windows. Expect a rather significant chunk of Google I/O to continue
that work.

Follow Don Reisinger on Twitter by clicking here



Article source: http://www.eweek.com/c/a/Mobile-and-Wireless/Google-IO-2012-10-Things-Developers-Can-Expect-at-the-Show-180794/

Tags: , , ,

03 Mar 12 Security Expert Warns of Risks in Google’s Chrome OS and Apple’s iCloud


Roel Schouwenberg, a security researcher at Kaspersky Labs, on Thursday afternoon warned security professionals attending RSA 2012, one of the industry’s foremost gatherings, that design flaws in Chrome OS and iCloud may make them unsuitable for business use.

Schouwenberg praised Google for developing a rock-solid platform from a security point of view, but warned that users were still exposed to attack through the apps running in their browsers.

“Everyone has heard about the huge increase in Android malware, a lot can be found in the Android marketplace,” Schouwenberg said. “The same problems exist in the Chrome marketplace.”

Schouwenberg said malicious Chrome apps are less prevalent than malicious mobile apps but noted that it is also difficult to detect malware on Chromebooks, slimmed down computers that run only the Chrome OS and browser, because they aren’t protected by anti-malware programs.

As an example, he cited a Chrome app that Kaspersky Labs identified that tried to steal a person’s Facebook credentials.

Google issued a statement in response to Schouwenberg’s claims: “We’re thankful to Mr. Schouwenberg for recognizing the strong security design we have built into Chrome and Chrome OS from the start, but he missed on a few important points.

“Mr. Schouwenberg’s comments mischaracterize the state of both the Android Market and Chrome Web Store. We announced recently that we saw a 40 percent drop in the amount of potentially malicious downloads in Android Market between the first and second halves of 2011, and the situation for the Chrome Web Store is even better.

“From day one, we’ve designed Chrome’s extension system with security in mind. Since we launched the extension system, the state of the art in Web security has advanced with technologies like Content-Security-Policy (CSP). Extension developers have been able to opt into these features for some time, and just yesterday we announced we’re starting to enable these security features by default.

“It’s not accurate to say that you can’t run malware protection on Chrome. For one, Chrome has built-in malware protection through our safe browsing service. In the case of developers, we believe that our extension APIs provide the tools needed for an anti-virus vendor, like Kaspersky, to create an extension-based solution of their specification. The extension would also work on multiple platforms and could integrate nicely with their native-code anti-virus solutions on platforms that—unlike Chrome—do allow untrusted native code to execute.”

Schouwenberg also described several risks associated with Apple’s iOS operating system and iCloud online storage offering. According to Schouwenberg, the primary threat was data leakage. Among other problems, Schowenberg noted that Apple is not using typical SMS protocols but is instead handling SMS as data. “This makes it possible for me to take the SIM card from my iPhone and put it in another phone,” he explained. Even after taking back his card, he said, the other phone could still receive his SMS messages.

Apple did not respond to multiple requests for comment.

Schouwenberg said that Apple also shared notes he had created on an Apple device even after he turned note sharing off. Specifically, he said, the notes showed up in email. “That is not good,” he said. “That should be a huge no no.”

A third risk of using Apple’s iOS is that it will sometimes supercede user settings and connect to certain available wifi access points, Schouwenberg said. “The device could be leaking data if it is connected to an unsecured wifi access point that could be sniffed,” he said. “This may be convenient but it is not secure.”

Schouwenberg noted that these problems will likely be quickly addressed, but he said that trust issues persist. He noted that the security community has known for years about malware that can be used to make unauthorized purchases from iTunes accounts. While Apple asks customers to report any unauthorized purchases, it has never officially acknowledged the problem of online criminals targeting its users, he said. “Over all these years, Apple has known about this and said nothing,” Schowenberg said.

Article source: http://www.forbes.com/sites/eliseackerman/2012/03/02/security-expert-warns-of-risks-in-googles-chrome-os-and-apples-icloud/

Tags: , , ,

02 Mar 12 Security Expert Warns of Risks in Google's Chrome OS and Apple's iCloud


Roel Schouwenberg, a security researcher at Kaspersky Labs, on Thursday afternoon warned security professionals attending RSA 2012, one of the industry’s foremost gatherings, that design flaws in Chrome OS and iCloud may make them unsuitable for business use.

Schouwenberg praised Google for developing a rock-solid platform from a security point of view, but warned that users were still exposed to attack through the apps running in their browsers.

“Everyone has heard about the huge increase in Android malware, a lot can be found in the Android marketplace,” Schouwenberg said. “The same problems exist in the Chrome marketplace.”

Schouwenberg said malicious Chrome apps are less prevalent than malicious mobile apps but noted that it is also difficult to detect malware on Chromebooks, slimmed down computers that run only the Chrome OS and browser, because they aren’t protected by anti-malware programs.

As an example, he cited a Chrome app that Kaspersky Labs identified that tried to steal a person’s Facebook credentials.

Google issued a statement in response to Schouwenberg’s claims: “We’re thankful to Mr. Schouwenberg for recognizing the strong security design we have built into Chrome and Chrome OS from the start, but he missed on a few important points.

“Mr. Schouwenberg’s comments mischaracterize the state of both the Android Market and Chrome Web Store. We announced recently that we saw a 40 percent drop in the amount of potentially malicious downloads in Android Market between the first and second halves of 2011, and the situation for the Chrome Web Store is even better.

“From day one, we’ve designed Chrome’s extension system with security in mind. Since we launched the extension system, the state of the art in Web security has advanced with technologies like Content-Security-Policy (CSP). Extension developers have been able to opt into these features for some time, and just yesterday we announced we’re starting to enable these security features by default.

“It’s not accurate to say that you can’t run malware protection on Chrome. For one, Chrome has built-in malware protection through our safe browsing service. In the case of developers, we believe that our extension APIs provide the tools needed for an anti-virus vendor, like Kaspersky, to create an extension-based solution of their specification. The extension would also work on multiple platforms and could integrate nicely with their native-code anti-virus solutions on platforms that—unlike Chrome—do allow untrusted native code to execute.”

Schouwenberg also described several risks associated with Apple’s iOS operating system and iCloud online storage offering. According to Schouwenberg, the primary threat was data leakage. Among other problems, Schowenberg noted that Apple is not using typical SMS protocols but is instead handling SMS as data. “This makes it possible for me to take the SIM card from my iPhone and put it in another phone,” he explained. Even after taking back his card, he said, the other phone could still receive his SMS messages.

Apple did not respond to multiple requests for comment.

Schouwenberg said that Apple also shared notes he had created on an Apple device even after he turned note sharing off. Specifically, he said, the notes showed up in email. “That is not good,” he said. “That should be a huge no no.”

A third risk of using Apple’s iOS is that it will sometimes supercede user settings and connect to certain available wifi access points, Schouwenberg said. “The device could be leaking data if it is connected to an unsecured wifi access point that could be sniffed,” he said. “This may be convenient but it is not secure.”

Schouwenberg noted that these problems will likely be quickly addressed, but he said that trust issues persist. He noted that the security community has known for years about malware that can be used to make unauthorized purchases from iTunes accounts. While Apple asks customers to report any unauthorized purchases, it has never officially acknowledged the problem of online criminals targeting its users, he said. “Over all these years, Apple has known about this and said nothing,” Schowenberg said.

Article source: http://www.forbes.com/sites/eliseackerman/2012/03/02/security-expert-warns-of-risks-in-googles-chrome-os-and-apples-icloud/

Tags: , , ,