More Than A Billion Android Devices Vulnerable To Pileup Attack!

News broke this week that researchers at the University of Indiana and Microsoft had identified a vulnerability in the Android operating system that is suspected of affecting more than one billion Android devices already deployed into the market, and any future ones pending the release of a fix to this issue. For more read here (http://www.efytimes.com/e1/fullnews.asp?edid=133634)

A simple summary of the attack shows that an app downloaded by a device owner could contain bogus permissions that are simply ignored by the operating system, however if those permissions reflect features that eventually become available in a future version of Android then the permissions become active even though you as the device owner never specifically granted those permissions. What this could mean is that the app now has access to information or resources that you never intended it to have.

Of course, this attack does require that you download and install the app with these malicious permissions and perform a system update with a reboot of the device. Given that only 34% of device owners actually read the privacy policies of downloaded apps there is a strong likelihood that this type of app will make it onto a great many devices. Now specifically what the app will eventually do is up to the app and the future of Android capabilities.

At this time there is no Android fix to this issue but we expect that it will be dealt with quickly in the next Android update. If you are on an unlocked device and have control over your Android updates this is certainly good news. If you are on a device that receives infrequent updates then you are out of luck and must simply be far more diligent and watchful of the apps that you download.

However, if you are a Secure Spaces user you can rest far more comfortably. Secure Spaces divides an Android device up into "Spaces", like rooms in your house, so that you can place certain apps and data into one Space and keep them completely separate from the apps and data in another Space. So if you did download one of these apps and placed it into an isolated Space without any contacts, email accounts, Google accounts, or other sensitive information then there is very little harm that can come from the app. Secure Spaces is a consumer solution that gives the consumer control over how they want their device configured and how apps can, or can't interact with their data, like an app quarantine. Secure Spaces is ideal for consumer privacy, BYOD initiatives, device sharing with friends and family and mobile marketing initiatives.

My Mobile Phone Runneth Over

Thinking that you need two or more phones? You don't. Stop the trade-off between privacy and convenience and stop jamming everything onto one home-screen. 

We carry our phones all day long and use it for everything like work, email, banking, shopping, travel and play. We love to download new apps to see if they will make us more productive, simplify our life or allow us to have more fun. At the same time we want to be able to protect our personal information and our employer wants to protect company information.

With just one phone you are putting everything all together in one place: work apps, personal apps, game apps, downloaded apps. What does this mean? It means that we expose ourselves to malicious and over-permissioned apps that can lead to data loss and privacy breaches.

Take back control of your device, your data, and your privacy. With Secure Spaces you can organize your digital life into multiple “Spaces” on your phone, like rooms in your house.

Read more at: www.securespaces.com

Mother Sues Google After Child Buys $66 Worth Of In-App Purchases In Marvel Running Game

We all do it, those of us with kids anyway. We let our kids use our mobile devices to play games, play music or surf the Web. It seems harmless, it distracts them from the constant "Mommy, mommy" coming from the back seat of the car or the other room of the house. While many may jump onto the "bad parenting" or "digital babysitter" argument there is another reason to be concerned with the practise of sharing your mobile device.

Recently a mother in California sued Google over the in-app purchases made by her child while playing a game on her mobile device. Read more here: http://www.androidpolice.com/2014/03/11/mother-sues-google-after-child-buys-66-worth-of-in-app-purchases-in-marvel-running-game/ . Now, it appears that at some point the mother had changed her phone settings to avoid being prompted all the time for her password, likely due to the inconvenience. What she didn't realize was that this made available her Google account information and stored credit card details for use with in-app purchases, or the ability to purchase items like "Smurfberries", or "level-ups" in downloaded games. Her child likely didn't know that they were doing anything wrong but in a short period of time they had racked up a significant amount of extras that the mother had never intended or been given the opportunity to decline.

This all comes back to the ongoing trade-off between security and convenience that has plagued the online world for years. The mobile industry has done very little to change the security/privacy paradigm, in fact, they have replicated all of the challenges that have been faced by desktop and server computers for decades.

Secure Spaces takes a different approach. Secure Spaces creates separate Spaces on your device, like rooms in your house, to store apps and data separately. The apps and data in one Space cannot be accessed by the apps and data in another Space. The mother in this story could have created an Open Space on her device and placed the children's games into that Space and nothing else. The games would not have access to her Google account, her credit card information, or any other contacts, phone numbers, apps, passwords, or data that she maintains in another Space.