Tag: android

security

the state of cyber security in 2020

matthias mader

let’s get an overview about actual threads in 2020 – especially regarding spaming, phishing, whaling, vishing, etc.

30,000% increase in #COVID19 threats

The Evil Internet Minute 2020

as Jack Johnson already sang “Well I was sitting, waiting, pishing” … *just kidding*

phishing

is the primary way malicious actors trick people into downloading malware, which ultimately can allow attackers to access their organization’s network and steal sensitive corporate data

alongside with COVID19 phishing raised in importance and is further growing

since then google added proactive monitoring in place for COVID-19 related malware and phishing – 63% of the malicious docs blocked and block more than 100 million phishing emails per day with Machine Learning

Safari/iOS

it’s Safe Browsing feature also use Google, but be aware that “These safe browsing providers may also log your IP address”

Screenshot from Safari Setting at iOS

chrome

since a hyperlink doesn’t always target the name of the link, often pointing to another website URL

<a href='https://attack.com'>https://safe.com</a>

chrome is experimenting to easy spot spoof to determine the identity and authenticity of a site @blog

android

an example: an android app offers Coronavirus Safety Mask but delivers SMS trojan @zscaler

machine learning

“ML is rapidly becoming core to organizations’ value propositions (with a projected annual
growth rate of 39% for ML investments in 2020)” and it’s only natural that organizations
invest in protecting their crown jewels – Cyberattacks will further ultilize Artificial Intelligence (AI) @Microsoft Digital Defense Report

spear phishing vs. whaling

more tragetet with a reference to company, project or proposal – while whaling targets CEOs, CFOs, and other executives to gain access or steal bitcoin, with reported success rate up to 90% – even froms attackers that “not extremely technically advanced” @decrypt

new domains aren’t blocked and look as from corporate @zscaler

vishing

“criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information” targeting remote workers with social engineering and fake VPN page – the FBI warn in an Advisory

ransomware

it has been sneaking into our world at a remarkable rate, huge increase in the daily average of ransomware attacks, compared to the first half of the year – parallel is malware 39% down overall … “but trending upward”

Denial of Service

25% increase during the pandemic lockdown – unprecedented number of shorter, faster, more complex attacks – Hidden Impact: consume payed bandwidth & throughput

stay secure and healthy – both private and business

… use 2-Factor-Authentication

switch to modern authentication – sms as second factor is insecure

not only since twitter ceo jack dorsey was a victim with activated additional sms authentication for it’s account – now twitter disabled “temporarily” the ability to tweet via sms …that phone numbers and sms’s were not designed to be used as two-factor authentication systems, as they are insecure. Fabio Assolini, Senior Security Researcher at Kaspersky…

by matthias mader
technology

picture-in-picture checkup 2020

matthias mader

let’s have a look how to use, why it is useful, what other alternatives are around or how to implement – this was introduced recently in iOS14, appletv already provide this feature, but just in tv app

almost every modern tv got it’s own picture-in-Picture (PiP) and even youtube in browser offers a PiP option with a miniplayer

beginning from api Level 26 the PiP is available for android devices, very useful to navigate with google maps while browse for a new playlist … but:

  • feature support no equal between vendor and app developer (e.g. brave browser doesn’t switch to PiP from fullscreen on honor devices)
  • picturesize is not scaleable, there are just 2 predefined views
  • usability how to open differ from os level or vendor

in my opinion, the best way to view video while doing something beside is splitscreen view with 2 different apps/browsers, although is depends on vendor/app > long press recent apps button on huawei respectively swipe up at samsung with long press relevant app icon to show option, or use app pair from samsungs side panel

with apple’s new mobile os 2020 this feature is finally also available, even your able to make video window larger or pinch to zoom and you got the option to keep audio playing while docking video side and with the benefit of the same behaviour for all iOS devices

copied but well impemented

technology

save data or at least reduce the consumption, optimize for rural regions, holidays, etc.

matthias mader

your inclusive data volume is up… throttling to 64 kbit/s.

the consuption of data doubles every year, the mobile abo’s evolved as well but there is a gap between the required data volume for services and the availbale mobile capacity, below approximately amount for different services

teams e.g. need for a group websession 1 Mbps, when turn off incoming video it could reduced further for about 75%, tested by myself, round about 1GB per workday

read below some further tipps in different catagories to optimze mobile data consuption

windows

right at your windows10 device, your can select your phone hotspot as a metered connection, cellular data connections are set as metered by default

below you can additionally view data usage per app and set a data limit

chrome android

  • at your android enable for chrome browser the lite mode in settings > advanced > turn on lite mode
  • data usage of apps and set a capacity limit could be reviewed in settings > mobile network > data warning (depending on android vendor)
  • file download, disable in your mail client or chat app the automatic download of media and attachments
  • other browser e.g. Brave to use integrated add blocker and enable data compression
  • battery saver, when enabled disallow app launch in background and disable push notifications

iOS

with iOS13 there is a new feature called low data mode, enabel in settings > mobile data

also possible to review the volume per app in mobile data and disable unreqired

spotify

reduce consuption for your favourite playlist, choose

  1. tab start
  2. tab settings
  3. tab data saver
  4. enable it

offline

try plan to use offline apps, while download and store data infront of traveling, read below

offline is the new online

in times like always connected, it could happen – no connection – no fear, here are apps with offline functionality to bridge with google maps – download areas and maps offline, others maps.me, here   spotify – offline music in flight mode, required premium subscription   amazon kindle – ebooks pay it, download it, read it offline…

by matthias mader

… check every app whether it offers a data save option

google

android 11 beta public available

matthias mader

dessert code name, but lots of new features, focused on three key themes: People, Controls, and Privacy

perform update at https://www.google.com/android/beta for the following devices:

  • Pixel 2
  • Pixel 2 XL
  • Pixel 3
  • Pixel 3 XL
  • Pixel 3a
  • Pixel 3a XL
  • Pixel 4
  • Pixel 4 XL

… best obviously feature so far:

  • Priority conversations, mark as “priority”
  • Media controls, in Quick Settings
  • Bubbles, chat over other apps
  • Notifications, simpler and more control
  • Conversations
  • Do Not Disturb, per App
  • Screenshots, in lower left corner
  • Screen recording, native android feature
  • Privacy, one-time permission to localtion, camera or mic

further with Project Mainline, google push key system components directly over the air independant from carrier/vendor

btw Easter egg isn’t updated yet (in Settings > About phone > Android Version > repeatedly tap on Android version)

unwrapping android 11 beta plus more @google


google

android bloatware in business

matthias mader

android device arrive with alot of preinstalled app like facebook, flipboard, skype and for sure google service (youtube,maps,gmail,etc.) – for private use this is anoying, but for business it is essential to secure the usecase

android enterprise

when enabling Android Enterprise for Kiosk/Company devices, during setup the default apps could be disabled with this switch – PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED – Samsung offers this with it’s KNOX Mobile Enrollment and google with buildin zero-touch service

be aware that you loose the native camera app if your usecase require one

device management

after your device is enrolled in mobile device managment system (emm, uem or whatever) your able to restrict installed apps by package name, apps differ from device manufaturer and os level, package names also useful to arrange/allow in kiosk setup, for samsung XCover4s these are:

  • com.samsung.android.messaging
  • com.sec.android.app.samsungapps
  • com.samsung.android.calendar
  • com.samsung.android.email.provider
  • com.sec.android.app.myfiles
  • com.sec.android.gallery3d
  • com.sec.android.app.clockpackage.clockpackage
  • com.sec.android.app.clockpackage.alarm.alarmalert
  • com.google.android.gm
  • com.google.android.youtube
  • com.google.android.googlequicksearchbox
  • com.sec.android.app.fm
  • com.google.android.apps.maps
  • com.samsung.android.contacts
  • com.samsung.android.dialer
  • com.samsung.android.game.gamehome
  • com.sec.factory.camera
  • com.sec.android.app.camera
  • com.sec.android.app.clockpackage
  • com.sec.android.app.sbrowser
  • com.microsoft.skydrive
  • com.facebook.katana

adb tools

remove bloatware from a single device or find from from a reference device locally connected

  1. install USB drivers for your device
  2. download & install ADB tools
  3. enable Developer Options & USB debugging
  4. plug in your device into the computer
  5. open a terminal and type: adb devices
  6. will return the ID of your device
  7. in adb shell with: adb shell
  8. list all installed packages: pm list packages
  9. to remove packages type: pm uninstall -k -user 0 <package name>

take care to not disable system critical apps of android, check here

innovation

android drop – upcoming simple filesharing | added fast share

matthias mader

since google dropped it’s “beam” feature in android q – Xiaomi, OPPO, and Vivo founded an “Peer-to-Peer Transmission Alliance” to ease P2P file exchange between mobile devices

but google was working on it’s own Fast Share, now renamed to Nearby Sharing will be available with future Google Play Service Update, xdadevelopers video below

… and there is even no buildin solution to share notes in android, on the other hand how easy it could be for iOS or even Windows

share everywhere – cloud clipboard and others handle your content

finally announced that their cross-device file transfer solution will launch in february – any file and protocol even folder should supported – interessting solution of chisnese company’s since google is not available in China – we’ll hope other vendor will join the gain this a real universal solution

source: prnewswire

security

share everywhere – cloud clipboard and others handle your content

matthias mader

working with different devices and handling with content could be quite tricky – use the cloud-based clipboard to copy and paste images and text across devices

windows

in it’s may 2019 update, select start  > settings  > system  > clipboard , and then use the toggles to turn on both clipboard history and sync across devices. you can also press the windows logo key +V as a shortcut to easily access your clipboard – what’s also new in current windows update

to share just websites you could use continue on PC from mobile devices

apple

use Universal Clipboard with any Mac, iPhone, iPad, or iPod touch – read requirements here – sign in with your apple id, enable bluetooth, enable wifi and enabele handoff – copy the text, image, or other content content – is automatically added to the clipboard of your other nearby device

android

google’s device doen’t offer any buildin feature like cloud clipboard – between android you could use blueooth or ncf to share data

other android oem implent it’s own technology, like Huawei Share as an immediate file transfer tool just between Huawei mobiles, using bluetooth connection and wifi direct technology

on Samsung Galaxy phone utilize Direct share feature as a pipeline for instantly sharing photos, videos, and more

mixed

to share data between difference devices and vendors it’s quite tricky, the way touse to any of the following 3rd party services like OneNote, Google Keep or Pushbullet – additionally your able to enrich your content that copied with style and format

fortunately, there several option and a lot more apps available for android or in chrome webstore – but with all of it’s possiblity …

keep security and trust of your data in mind

general

mobile os version in 2019

matthias mader

with over 2 billions of android device world wide running android but with a large version fragmentation, google is acting with project treble to push faster updates, for enterprise recommended devices has to push security update within 90 days – attached current version spread of android versions

firstclass support for it’s iOS devices, good choise in regarding return of invest – my 5 years old test device iPhone 6s already updated to the current iOS13

.. and even new releases got a great adoption rate for apple devices, already half of all iOS devices running the latest release

kaiOS quietly gained to one of the most used mobile operating system, it bridges the gap between feature phones and smartphones

general

load webpages with different user agents, quick and easy without any plugin

matthias mader

… if you want to test or troubleshoot your mobile webpage or browser app it’s quite tricky from desktop – mobile webapplication deliver content based on the browsers user agent – there are severals browser plugins to switch the agent – but all major browser offer a build in feature to change the behaviour

google chrome

in settings > more tools > developer tools (Crtl + Shift + I) below network conditions your able to switch user agent – e.g. search at google to display

microsoft edge and internet explorer

F12 developer tools (press F12) > Emulation opens an onboard user agent switcher

mozilla firefox

webpage is loaded in same way an iPad would do – type about:config in addressbar, search for useragent and create a new entry

string: general.useragent.override

value: Mozilla/5.0(iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25

macOS safari

enable in settings > advanced the option show develop menu in menu bar

iOS devices

since iOS13 / iPadOS – safari browser of the apple tablet can switch between mobile and desktop presentation of a webpage, as shown in the video below

android devices

install e.g. Rocket Browser to test the behavoir of other user agents, in Settings > General Settings is it possible to change the user agent – developed android webapps can define an own user agent with java code webview.getSettings().setUserAgentString(MyString);

test your Browser features here and see what’s your browser capable of

https://launchr.eu/browser/

android tips & tricks everyone should know