These Popular Android Apps Are Putting User Data at Risk - Lifehacker
These Popular Android Apps Are Putting User Data at Risk - Lifehacker |
- These Popular Android Apps Are Putting User Data at Risk - Lifehacker
- Best note-taking apps for Android 2021 - Android Central
- WhatsApp reportedly working on password-protected encrypted chat backups - The Verge
- When cryptographers looked at iOS and Android security, they weren’t happy - Computerworld
| These Popular Android Apps Are Putting User Data at Risk - Lifehacker Posted: 21 May 2021 02:00 PM PDT  According to a report by Check Point Research, many popular Android apps put your personal data at risk due to poorly secured third-party services. Advertisement The report highlights several different security flaws affecting 23 different apps available on Google Play, each with anywhere from 50,000 to 10 million downloads. Most of the offending apps collect and store user information, developer data, and internal company resources using unsecured real-time databases and cloud storage services. The security researchers were able to find the unsecured cloud databases from 13 apps, meaning outsider actors can also access them. Other apps have improperly configured push notification managers, which hackers could use to intercept and modify seemingly legitimate notifications from the developers, seeding them with malware, phishing links, or misleading content. These vulnerabilities put at least 100 million Android users at risk of fraud, identity theft, and malware attacks. What Android apps are putting your data at risk?Check Point Research says it found one or more of these flaws in 23 apps, 13 of which had openly accessible real-time databases. However, the report only calls out five of these apps by name: G/O Media may get a commission
Advertisement Check Point says it notified the app creators, but only Astro Guru responded, and all of the apps are still available on Google Play. What should Android users do to keep their data safe?The first step is to stop using the of the apps called out in Check Point Research's report—but since only five are named, that means there are at least 18 others out there storing your data without the proper safeguards. Advertisement And that's just what we know of from Check Point's report—there are likely far more apps, websites, and services with misconfigured databases that we'll never know about until after a leak. While Check Point Research's report and others like it can alert developers to insecure data storage practices, it's ultimately up to the developers to fix the issue. However, users can take preventative measure to keep their personal info and other important data safe, no matter what apps they're using:
These extra steps won't stop a breach, but they can mitigate your risk of identity theft, fraud, and other scams. We also have guides for preventing and responding to data breaches, ransomware attacks, malware, and identity theft, and how to spot common phishing tactics and other online scams. Advertisement  |
| Best note-taking apps for Android 2021 - Android Central Posted: 24 May 2021 09:00 AM PDT
Notes. Taking notes. Referring to them later. Forgetting that you wrote something down already. Dumping things out of your brain to clear up some space. Note-taking apps are almost as bad as to-do apps in the sense that there are way too many options to choose from. Just type in "notes" in the Play Store search box and you'll come across thousands of options to choose from. So we've drummed down the list, and have picked a few that are actually worthy of being called the best note-taking apps for Android. These are the best note-taking apps for AndroidThere's really no other choice when you're looking at the best note-taking apps for Android. Google Keep does everything you could want, and then some, while being completely free and integrating with your Google account. However, Microsoft has made some huge strides when it comes to OneNote. The app is versatile, syncs with the help of your OneDrive account, and is available wherever you go. Notion is the note-taking app on steroids. You can do so much more here than just jot down some notes. From integrating calendars and creating databases, Notion may seem daunting to try, but it's well worth it. 1. Google Keep
 Source: Ara Wagoner / Android Central Google Keep has been around since 2013, and it continues to be one of the most useful apps you can download. There's an app for just about every platform, and if not, you can just use the web client. From jotting down your grocery list to making a to-do list or saving articles to read later on, Google Keep is the ultimate note-taking app. It's difficult to put into words just how useful Google Keep can be, as many folks haven't even heard of this Google app. Having everything you need in a single location — from note-taking to creating a task list or saving links — can really help your mental wellbeing. Keep is not just one of the best note-taking apps, but it's one of the best Android apps that we have ever seen. And of course, you'll have the easy integration with other Google services, so you can export notes from Keep into something like Google Docs. And if you want to use it as a to-do app, you can do that to and will have the ability to set timed or location reminders so you never forget what's on your docket for any given day. Oh, and the best part? It's completely free. The best of the best Google KeepKeep is a powerhouse note-taking app If you find yourself looking for different apps to take notes, set reminders, or save links, stop looking. Google Keep provides all of the tools you need from a single interface that can accessed from practically anywhere.
2. Microsoft OneNote
 Source: Andrew Myrick / Android Central It's clear that Microsoft has recognized it has something great on its hands with OneNote. The company continues to push regular updates to the app, improving functionality and adding features on a regular basis. It's a bit less conventional compared to other note-taking apps. It uses the "block notes" method, which means wherever you place your cursor, you can just start typing, and then can move those around within the note that you're using. OneNote allows for the creation of different notebooks, which can really help with organization, which can be a pain. It even lets you go a few layers deep if you need to. The app is also available on Android, iOS, macOS, and Windows, so you'll always have your notes by your side. And those who use something like an iPad or one of the best Chromebooks will love the ability to actually write notes. Handwritten notes may seem like a thing of the past, but you can also import PDFs and mark them up, or just open up a new page and start writing. Plus, it uses Microsoft's OneDrive for storage, provoiding automatic backups whenever you take a new note. Better than expected Microsoft OneNoteNot just for Microsoft fans OneNote has defied the odds in recent years, thanks to a concerted effort by Microsoft to bring new and useful features.
3. Notion
 Source: Andrew Myrick / Android Central Where does one begin when it comes to talking about Notion? It's so much more than a standard note-taking app. Search for Notion on YouTube, and you'll find tons of videos describing how creators and professionals are using to it to run businesses. You can just use Notion as a basic note-taking app on the best Android phones, but the truth is that it's far more powerful than that. Even those who are more well-versed in Notion than myself haven't reached the limits of what Notion can do. There are some templates that can be used to create different workspaces, you can add calendars and widgets, create dashboards for an overview of your notes or tasks, and so much more. Recently, the company opened up its beta program for Notion API, allowing you to connect it with different tools like Google Calendar or Zapier for automation. As it stands now, the API integrations are in their early days, but this could be an enormous game changer in the future. Daunting but powerful NotionMore powerful than you can imagine Notion isn't just a note-taking app. It can also be used to create data bases, manage complex projects, and so much more. Even more great note-taking apps for AndroidThere are so many note-taking apps on the Play Store that it's impossible to keep this list so short. So we've rounded up some more familiar faces and a couple of newcomers as viable options if our top three picks don't work quite right for your needs. Evernote
 Source: Andrew Myrick / Android Central Before we had all of these other note-taking apps, Evernote stood at the top of the mountain for years and years. Over time, the company continued to make questionable design changes, and even included by a price hike for its subscriptions, forcing many users to look elsewhere to store their notes. Evernote is still hanging around, and it's still a great choice for those wanting a digital notebook in their hands. Whether you're trying to plan things out, draw some sketches, or use it to store pictures, videos, or even audio, Evernote fits the bill as one of the best note-taking apps. Evernote is free to download, but you'll likely want to check out the premium plans that offer a bit more functionality. Tried and true EvernoteIt's gone through some growing pains Evernote may not be at the top of the mountain anymore, but it's still a great note-taking app with plenty of power under the hood.
Bundled NotesIf you take most of the great things about Google Keep, throw a different UI on top, and add Markdown support, then you'll end up with Bundled Notes. This is a relative newcomer to the note-taking parade, but it's definitely one that is worth taking a look at. It offers a streamlined interface, with different "bundles" of notes to use and take advantage of. As someone who has learned to rather enjoy writing in Markdown in my time at Android Central, finding a notes app that also uses Markdown has been a taxing adventure. After stumbling across Bundled Notes, I've been using it much more. The only real potential limitations are that it's not available everywhere just yet, and the web app is only available in beta for premium subscribers. Organize with bundles Bundled NotesA different type of organizing If you like Google Keep but want Markdown support, then Bundled Notes is the way to go. You just might miss out on the web client if you don't want to spring for Premium.
SquidIf you want one of the best Chromebook apps that's also great on Android, look no further than Squid. This continues to be an app that gets quickly installed when setting up a touchscreen Chromebook due to its usefulness and versatility. The app is perfectly optimized for stylus input, and makes you feel like you're actually writing on paper instead of writing on a slab of glass. Part of this is thanks to how it keeps track of the pressure being used when actually writing. This provides a smooth writing experience across the board. Plus, you can switch between different "paper" sizes, or opt for an endless canvas if you want one enormous scratchpad. Write it down SquidPaired with a stylus, Squid is second to none Squid is the perfect note-taking app if you like using a stylus and want to take hand-written notes.
Simplenote
 Source: Andrew Myrick / Android Central Simplenote is one of those more simplistic apps (appropriately), but it's true power is in how it doesn't try to do too much. The app is available on all of your favorite platforms, and you can organize the notes with the help of folders or tags. It's completely free to download, and that includes the abilities to keep your notes backed up over the cloud and share notes without paying anything extra. Like Bundled Notes, Simplenote is great for those who to prefer in Markdown, but you can take notes like "normal" if that's your pace. Perhaps the best thing about Simplenote is derived from its name, as it provides a distraction-free workspace which is rather handy for those who need to sit down and get some writing done. Bare bones SimplenoteIgnores the frills and keeps you focused Simplenote is cross-platform, free to use, and provides a fantastic note-taking experience for those who don't need or want all the extra bells and whistles.
Standard Notes
 Source: Andrew Myrick / Android Central If you're looking for an app that offers end-to-end encryption, then Standard Notes fits the bill. The app offers a free version and is available to download on many platforms, along with Android. There's automatic sync without any data limits, and Standard Notes even offers offline access. If you want to add a few extra features, Standard Notes does offer a premium subscription, starting at less than $2.50 per month. With Standard Notes Extended, you'll be able to encrypt attachments shared from Dropbox or Google Drive, along with providing access to different themes and extensions. Plus, you'll be able to take advantage of Dropbox, OneDrive, or Google Drive for your backups. All the while, keeping everything encrypted and private. Privacy first Standard NotesThe best note-taking app for privacy Standard Notes operates quite impressively as a note-taking app, but the biggest benefit is that all of your notes are encrypted and kept private.  Finally, a worthy opponent The ASUS Chromebook Detachable CM3 comes to challenge the Lenovo DuetChrome OS tablets and detachables are a severely underserved section of the Chromebook market, one that the Lenovo Duet has cornered for the last year. ASUS is now getting in on the action with the Detachable CM3, which packs a two-way kickstand and a bigger screen for $350.  |
| WhatsApp reportedly working on password-protected encrypted chat backups - The Verge Posted: 08 Mar 2021 12:00 AM PST  WhatsApp is reportedly working to increase the security of its cloud backups with a new password protection feature that'll encrypt chat backups, making them accessible only to the user. WABetaInfo reported on the work-in-progress feature last year, and today it shared screenshots of how it could be presented in the service's iOS and Android apps. "To prevent unauthorized access to your iCloud Drive backup, you can set a password that will be used to encrypt future backups," one of the screenshots reads. "This password will be required when you restore from the backup." The app then asks the user to confirm their phone number, and select a password that's at least eight characters long. Another screenshot warns that "WhatsApp will not be able to help recover forgotten passwords."
Although WhatsApp chats are end-to-end encrypted, meaning they're only visible to the sender and recipient, the service warns that this protection doesn't extend to online backups stored on Google Drive and iCloud. Once on these servers, the security of the backups is the responsibility of the cloud service providers, who in the past have made them accessible to law enforcement authorities with valid search warrants. Encrypting the backups with a password only you know would theoretically prevent anyone from accessing your chat history without your authorization. These latest reports about the feature come as WhatsApp's reputation has taken a hit from a new privacy policy, which has stoked fears that it may store more information with parent company Facebook. Although WhatsApp insists the new policy doesn't affect the security of users' personal messages, rival messaging services like Signal and Telegram have seen a surge in interest as users explore other options. WhatsApp declined to comment on the unannounced feature when contacted by The Verge, but WABetaInfo has a good track record of unearthing features before they become official. It's spotted features like adding contacts via QR codes or disappearing messages long before their official announcements.  |
| When cryptographers looked at iOS and Android security, they weren’t happy - Computerworld Posted: 29 Jan 2021 12:00 AM PST  For years, the US government begged Apple executives to create a backdoor for law enforcement. Apple publicly resisted, arguing that any such move for law enforcement would quickly become a backdoor for cyberthieves and cyberterrorists. Good security protects us all, the argument went. More recently, though, the feds have stopped asking for a workaround to get through Apple security. Why? It turns out that they were able to break through on their own. iOS security, along with Android security, is simply not as strong as Apple and Google suggested. A cryptography team at John Hopkins University just published a frighteningly detailed report on both of the major mobile operating systems. Bottom line: Both have excellent security, but they do not extend it far enough. Anyone who really wants to get in can do so — with the right tools. For CIOs and CISOs, that reality means all of those ultra-sensitive discussions happening on employee phones (whether company-owned or BYOD) could be easy pickings for any corporate spy or data thief. Time to drill into the particulars. Let's start with Apple's iOS and the Hopkins researchers' take. "Apple advertises the broad use of encryption to protect user data stored on-device. However, we observed that a surprising amount of sensitive data maintained by built-in applications is protected using a weak 'available after first unlock' (AFU) protection class, which does not evict decryption keys from memory when the phone is locked. The impact is that the vast majority of sensitive user data from Apple's built-in applications can be accessed from a phone that is captured and logically exploited while it is in a powered-on but locked state. We found circumstantial evidence in both the DHS procedures and investigative documents that law enforcement now routinely exploits the availability of decryption keys to capture large amounts of sensitive data from locked phones." Well, that's the phone itself. What about Apple's ICloud service? Anything there? Oh yes, there is. "We examine the current state of data protection for iCloud, and determine, unsurprisingly, that activation of these features transmits an abundance of user data to Apple's servers, in a form that can be accessed remotely by criminals who gain unauthorized access to a user's cloud account, as well as authorized law enforcement agencies with subpoena power. More surprisingly, we identify several counter-intuitive features of iCloud that increase the vulnerability of this system. As one example, Apple's 'Messages in iCloud' feature advertises the use of an Apple-inaccessible end-to-end encrypted container for synchronizing messages across devices . However, activation of iCloud Backup in tandem causes the decryption key for this container to be uploaded to Apple's servers in a form that Apple — and potential attackers, or law enforcement — can access. Similarly, we observe that Apple's iCloud Backup design results in the transmission of device-specific file encryption keys to Apple. Since these keys are the same keys used to encrypt data on the device, this transmission may pose a risk in the event that a device is subsequently physically compromised." What about Apple's famed Secure Enclave processor (SEP)? "iOS devices place strict limits on passcode guessing attacks through the assistance of a dedicated processor known as SEP. We examined the public investigative record to review evidence that strongly indicates that, as of 2018, passcode guessing attacks were feasible on SEP-enabled iPhones using a tool called GrayKey. To our knowledge, this most likely indicates that a software bypass of the SEP was available in-the-wild during this timeframe." How about Android security? For starters, its encryption protections appear to be even worse than Apple's. "Like Apple iOS, Google Android provides encryption for files and data stored on disk. However, Android's encryption mechanisms provide fewer gradations of protection. In particular, Android provides no equivalent of Apple's Complete Protection (CP) encryption class, which evicts decryption keys from memory shortly after the phone is locked. As a consequence, Android decryption keys remain in memory at all times after 'first unlock,' and user data is potentially vulnerable to forensic capture." For CIOs and CISOs, this means that you have to trust either Google or Apple or, much more likely, both. And you must also assume that thieves and law enforcement can also access your data when they want, as long as they can access the physical phone. For a well-compensated corporate espionage agent or even a cyberthief with an eye on a specific executive, this is a potentially massive problem.  |
| You are subscribed to email updates from "android database encryption,how to encrypt my phone,what is encryption on android" - Google News. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
Comments
Post a Comment