What is Signal and How to Use it: Everything you need to know about the secure IM service - XDA Developers
What is Signal and How to Use it: Everything you need to know about the secure IM service - XDA Developers |
- What is Signal and How to Use it: Everything you need to know about the secure IM service - XDA Developers
- Mobile app security best practices for 4 vulnerability types - TechTarget
- Mobile finance app security report: 84% Android & 70% iOS fintech apps have at least one critical vulnerability - The Tech Panda
- This top mobile browser is secretly tracking millions of iOS and Android users - TechRadar
- German Corona Warning app ranks best among COVID-19 warning apps - iTWire
| Posted: 02 Jun 2021 05:38 AM PDT At a time when mass surveillance by corporations and governments is increasingly becoming commonplace, consumers are looking for messaging apps that can keep their private conversations away from prying eyes. While there are plenty of messaging apps available to consumers, not all have the same level of protection or consumer interest at heart. This is where Signal comes into play. What is Signal?Signal is a cross-platform messaging app with a deep focus on privacy and security. It's free-to-use and is run by the non-profit Signal Technology Foundation. Moreover, it's end-to-end encrypted, so all your chats and calls are inaccessible to everyone barring you and the intended recipient. Thanks to its privacy protections, Signal has gained prominence in recent years, especially after the Black Lives Matter protests in the US and the WhatsApp privacy policy snafu. It has also been championed by the likes of Elon Musk. According to some estimates, the app had 40 million monthly active users as of January 2021. How to download and install Signal Signal is available for Android, iPhone/ iPad, Windows, Mac, and Linux users. It's pretty straightforward to install — Android users can download the messaging app from Google Play, whereas it's available for iPhone and iPad users via the Apple App Store. Google Play and the App Store will automatically take care of the installation process. Notably, Signal can only be used on phones running Android 4.4 or newer, iPhones running iOS 11.1 or newer, and iPads running iOS 11.1/ iPadOS 13 or newer.  Price: Free For other platforms like Windows, Mac, and Linux, you'll have to download Signal by going to its website. If you're using Windows, run the downloaded executable (.exe) file and follow the onscreen instructions. macOS users will have to do the same with the downloaded disk image file (.dmg). Signal supports the 64-bit version of Windows 7 or newer, and macOS 10.11 or newer. The process is slightly different for Linux users and the app can only be installed on 64-bit Debian-based Linux distributions like Ubuntu, Linux Mint, and Kali Linux. To install Signal on Linux, run the following three commands in Terminal. How to set up Signal on an Android phone or iPhone
How to set up Signal on iPadThere are two ways in which you can set up Signal on iPad. You can either choose to link the iPad app to your existing Signal account or you can set the iPad up as a separate device. 
If you plan to set up the iPad as a separate device for Signal, open the app and tap on the unlink icon in the top right. Now you can just follow the instructions given in the "How to set up Signal on an Android phone or iPhone" section to complete the setup. How to set up Signal on desktop Signal for desktop can only be used as a linked version. So make sure you've set up the app on your Android or iPhone and then attempt to set it up on your desktop. After that, setting up Signal on desktop – Windows, macOS, and Linux – is pretty easy. Just open it and you'll be asked to scan a QR code using the app on your phone. Open Signal on your phone and navigate to Linked devices under its settings. Then tap the plus (+) icon on Android or Link New Device on iOS. You can now scan the QR code and give a name to the linked device. That's it, you're done. You can now start using Signal on your Windows, Mac, or Linux machine. Is there multi-device support on Signal, and what about Android tablets?Signal offers multi-device support but it's restricted. You can install Signal on an Android phone, iPhone or iPad. After that, you can link it to desktop devices. So this way, you are getting Signal on multiple devices, but you can't use the same Signal account on multiple mobile devices. Also, Signal doesn't officially support Android tablets. How to use SignalNow that you have Signal up and running on any of the platforms, it works similarly to other chat apps like WhatsApp or Telegram. To send a new individual message, tap the pencil icon. Depending on your platform, the pencil icon may be present on the bottom right or top right. Tapping on the pencil icon will pull up all your contacts who are already present on Signal. You can also use the pencil icon to start a new group conversation or invite a contact to Signal. Just tap on a contact in the list and a chat window will open. You can then start exchanging messages. On top of the chat window, you'll also see video and voice call icons that can be used to initiate a video or voice call, respectively. Moreover, you can tap on a contact's name in the chatbox to get the settings specific to that contact. Here, you'll have the option to switch on Disappearing Messages, change the chat wallpaper and modify the sound and notifications settings. Signal also supports group video and voice calls for up to eight people. You can tap on the video call icon on top of a group chat box to initiate a group call. On the Start Call screen, tap on the camera icon to switch it off for a group voice call otherwise continue for a group video call. Apart from these basic messaging features, Signal packs a number of other useful features, especially on the privacy front that you may not find on other messaging apps, like Incognito Keyboard, proxy support, Screen Security, and safety number. How secure are the Signal conversations? As mentioned earlier, Signal is an end-to-end encrypted messaging app, meaning all your conversations are always secure. Your Signal conversations can only be read or heard by the intended receiver. This isn't an optional feature — all your messages, images, calls, files, and other content are always encrypted. Signal Private Messenger uses its own open-source Signal Protocol for this end-to-end encryption. This protocol is known for its "perfect forward secrecy" implementation that makes messages encrypted with it very secure. Unlike most encrypted systems that create a permanent key pair to encrypt and decrypt messages on a particular device, Signal Protocol uses ratcheting encryption that changes the key after every message. There are permanent key pairs in this protocol but the system combines temporary keys with permanent keys to create a new shared secret key with every message. The "perfect forward secrecy" implementation has made Signal Protocol quite popular. Apart from Signal, WhatsApp and Google Duo also use the protocol for their end-to-end encryption implementation. Does Signal support chat backup/ restore?Yes, you can backup and restore messages, pictures, files, and other content on Signal. However, chat backup support is limited to Android. You can't back up chats on iOS or on a desktop version. Also, all the backups reside locally on the device, and the app doesn't support online backups because of privacy concerns. You can enable backups on Android by navigating to Signal Settings > Chats > Chat backups and tapping Turn On. You will be asked for a location to save this backup on your phone. The backups are encrypted with a 30-character passphrase. Without this passphrase, you won't be able to restore the backup. Note down the passphrase and then tap Enable Backups. If you reinstall the app on your phone, you can use a backup to restore your messages. The backups can also be used while transferring Signal from one device to another on Android. You can't use backups across platforms. Fortunately, Signal for iOS does support chat migration to other iOS devices, so if you have your old iPhone with the app, you can use it to migrate messages to your new iPhone. These are some of the things that you need to know about Signal Private Messenger. It packs plenty of other features and enhancements that we were unable to cover here, but if you want to explore more about the app, you can visit Signal's official website. Are you planning to migrate to Signal from another messaging service or if you have already been using it for some time, do let us know about your experiences in the comments section.  | |
| Mobile app security best practices for 4 vulnerability types - TechTarget Posted: 27 May 2021 02:49 PM PDT  Mobile applications are a must-have for any customer-facing business, and customers expect those apps to be both user-friendly and secure. Because users' mobile devices contain so much personal information, businesses must design applications that protect that sensitive information from security vulnerabilities. Let's examine four common security vulnerability types and the mobile app security best practices that address them. 1. Improper OS usageIt is important to use the secure best practices an OS's developer recommends. For example, an application can fail to properly use a fingerprint scanner security framework the OS implemented and instead perform user logins with credentials through a fingerprint reader. This mismatch can accidentally expose a user's credentials to third parties. The best way to avoid this hazard is to follow the mobile app security best practices recommended by the phone OS developers and manufacturers. Both Apple and Google provide documentation on security features about their respective mobile platforms. Vulnerabilities that fall under improper platform usage can be hard to detect because what is technically improper can be broadly defined. A good place to start is to use a static code analysis tool. Open source tools SonarQube and Truegaze, for example, will scan an application's build files for known vulnerabilities or other possible security risks, such as insecure encryption methods. Users can download Truegaze from its repository on GitHub and run it with Python on the command line. SonarQube will require a bit more setup to get a server configured and running. But this can be advantageous for a project with multiple developers because this work only needs to be done once. 2. Insecure data storageAnother mobile app security concern involves vulnerabilities that attackers expose when they gain access to a user's device physically by theft or virtually through malware. When developers fail to use secure encryption to store personally identifiable information (PII) or other sensitive data, attackers can easily hook up the device to a computer with free software that grants them access to anything on the device. Mobile app security best practices call for the use of proper encryption methods to prevent attackers from being able to read private data even if they have access to it. It's important to understand what information is at risk and then model how the software uses that information -- whether the app keeps the info in a local database or sends it to a third-party API. Initially, it's a good idea to connect the device to a computer and manually browse the device for unencrypted files with tools like Android Studio or Xcode. If the device in question uses an Android OS, developers can use a SQLite database to download the database file and connect locally to query tables to make sure sensitive information is encrypted. 3. Insecure traffic and API callsInsecure communication refers to the safety of information sent from an application over some network to another server. Applications often act as clients in the client-server relationship, so they may need to reach out to a main server to retrieve information or authenticate a user. In doing so, there can be other devices on the same network that monitor traffic. IT organizations should account for others listening to application traffic and use proper security protocols, such as Secure Sockets Layer/Transport Layer Security (SSL/TLS). Otherwise, attackers can compromise data. For instance, consider an application that uses token-based authentication. The application sends user credentials -- using encryption -- but once the token is received, the application sends the token in plaintext during subsequent API calls. Anyone on the network can intercept these requests, read the plaintext token and make malicious API calls with a stolen user token. The mobile app security best practice to prevent these vulnerabilities is to always use SSL/TLS with any sensitive application traffic. Other important considerations are to not allow self-signed certificates and to restrict application traffic to servers with trusted certificates. One tool to consider is Charles, an HTTP proxy that allows developers to monitor all traffic from a device to the internet. With Charles, developers can check requests made during an app session to see that sensitive API calls and other traffic are properly handled over SSL. Developers will need to change proxy settings on their device and install the Charles Root Certificate to monitor SSL traffic. 4. Code tampering and jailbroken devicesCode tampering is where an attacker takes a legitimate application, modifies the source code and then redistributes the application. Attackers in this scenario may use phishing attacks combined with a link to the modified app to lure users into downloading these malicious apps. For example, an attacker downloads a legitimate banking application from the app store and then inserts code to capture PII. The attacker then uploads this application to a third-party app store that doesn't scrutinize apps as heavily as the Google Play or Apple App stores. Once the application is active, the attacker can use a phishing email scam to trick unsuspecting users into downloading the malicious app; any personal information that victims enter is sent to the attacker. The best way to prevent these types of attacks is to run constant application checks for source code and environment modifications. These malicious attacks often take advantage of rooted or jailbroken devices, where the user has allowed applications to make changes that the operating system usually doesn't allow. A few methods exist to detect rooted or jailbroken devices, such as detecting the presence of certain applications or libraries on the device. Once developers check for these libraries, they can instruct their application to shut down and avoid any vulnerabilities programmers inadvertently introduced into the source code. For iOS apps, there are a few different open source libraries -- such as DTTJailbreakDetection -- that will look for files and other signs of a jailbroken device. Another method to prevent code tampering in Android apps is ProGuard, which is a feature of Android Studio that obfuscates an application's code so attackers can't reverse engineer and easily modify the code. Developers can easily implement ProGuard by adding the proguard.config property to the project.properties file.  | |
| Posted: 02 Jun 2021 02:08 PM PDT It´s time to embrace in-app security. A study of over 150 mobile finance apps reveals a high level of security vulnerabilities across both iOS and Android, highlighting the importance of in-app security. Many called 2020 the year of fintech apps. The 2020 fintech market saw the proliferation of apps such as Nubank, MoneyLion, Revolut, N26, and Planto, which boast of user-friendliness and ease of use. The number of user sessions in finance apps have increased by up to 49% over the first half of 2020. Over the same period, cyberattacks against financial institutions have gone up by 118%, according to VMware. This means fintech user data got that much more vulnerable. As the convenience and accessibility of financial apps increases, so do the risks from banking trojans, hacks and data breaches. Data breaches have been piling up since last year, and finance apps are the most vulnerable. Recently, a third-party data breach exposed the personal information of over 7.5 million users of a banking app. To discover the biggest threats and security gaps, David Maher, CTO and EVP at Intertrust, along with his team, analyzed more than 150 of the top financial apps worldwide. The results were just released in the latest report 2021 State of Mobile Finance App Security Report, and the findings are startling. According to the results, every app had at least one security flaw, with banking apps containing more vulnerabilities than any other type of finance app. The report also states that 81% of finance apps leak data, while 49% of payment apps are vulnerable to encryption key extraction. 84% of Android apps and 70% of iOS apps have at least one critical or high severity vulnerability. These security vulnerabilities were found across both iOS and Android, highlighting the importance of in-app security. In fact, the report states that almost three-fourths of high-level threats could have been mitigated using in-app protection.  David Maher
"As mobile finance apps increasingly enter people's everyday lives, it's vital to understand the security risks associated with these apps and the ways to help mitigate them," said Maher. "Poor financial app security puts both financial organizations and their customers at risk, especially given the rise in cyberattacks over the course of the pandemic. This report shines a light on the ongoing threats and helps finance app vendors understand the importance of building in security mechanisms from day one," he added. Intertrust is a digital rights management (DRM) technology pioneer and a leading provider of application security solutions. The company holds hundreds of patents that are key to Internet security, trust, and privacy management components of operating systems, trusted mobile code and networked operating environments, web services, and cloud computing. Intertrust provides computing products and services to leading global corporations, from mobile, consumer electronics, and IoT manufacturers, to service providers and enterprise software platform companies. These products include the world's leading DRM, software tamper resistance, and technologies to enable private data exchanges for various verticals including energy, entertainment, retail/marketing, automotive, fintech, and IoT. iOS or Android In-app Security is a MustThe findings from the report clearly point to the fact that whether users are accessing fintech apps on iOS or Android, in-app security is an absolute must. The analysis included more than 150 mobile finance applications split evenly between iOS and Android and includes insights from four major financial sectors, payments, banking, investment/trading, and lending.
The apps investigated originated in the US, the UK, the EU, Southeast Asia, and India. They were analyzed using an array of static application security testing (SAST) and dynamic application security testing (DAST) techniques based on the OWASP (Open Web Application Security Project) mobile app security guidelines. COVID-19 Has Sped Up Fintech but Security Lags BehindThe COVID-19 pandemic has brought in digitization at break-neck speed. Millions of users have become fintech users almost overnight. According to Adjust, fintech app installs grew 51% from 2019-2020, and in 2021, are already up by 12% in Q1 YoY. These numbers have grown especially for investing and stock-related app searches, surging 115% YoY, even as crypto app downloads experienced an 81% growth YoY. Fintech sessions have also been surging at 85% YoY. 2021 has already seen them up by 35%.
While fintech apps have been enjoying this growth, has their security kept up? The Intertrust study findings clearly suggest in the negative. The findings reveal that while the pandemic has sped up the world's shift to digital financial channels and innovative technologies like mobile contactless payments, mobile financial application security has not been keeping up. The study points out that cryptographic issues pose one of the most pervasive and serious threats, with 88% of analyzed apps failing one or more cryptographic tests. This means the encryption used in these financial apps can be easily broken by cybercriminals, potentially exposing confidential payment and customer data, and putting the application code at risk for analysis and tampering. A chilling thought. Time to Protect the AppsLooking at the findings revealed by this report, fintech apps are sitting ducks for cyber criminals. Data breaches cause financial losses as well as much distress to organizations as well as users. It´s high time financial organizations start protecting user data through in-app security. As the report says, nearly three-quarters of high severity threats could have been mitigated using application protection technologies such as code obfuscation, tampering detection, and white-box cryptography. Disclosure: This article mentions a client of an Espacio portfolio company. Post Views: 322 - Advertisement -  | |
| This top mobile browser is secretly tracking millions of iOS and Android users - TechRadar Posted: 02 Jun 2021 06:00 AM PDT  Cybersecurity researchers have found that a popular mobile web browseris sending records of websites visited by users, even in Incognito mode, to its servers. UC Browser is developed by UCWeb, which is a subsidiary of Chinese tech giant Alibaba, and is reportedly popular throughout many parts of the world, with over 500 million downloads on the Android Play Store alone. However, owing to the Indian government's security concerns over Chinese apps, UC Browser remains banned in the country, where it had been one of the most popular mobile browsers. TechRadar needs you! We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time. The issues with UC Browser were initially flagged by security researcher Gabi Cirlig, and have since been verified by two other independent researchers on behalf of Forbes. In a blog post, Cirlig explains that he was able to observe UC Browser's irregular behavior by reverse engineering some encrypted data he noticed the browser was piping back to its servers. Thanks to his efforts he was then able to observe that every time he visited a website, the browser would encrypt and transmit the details about the visit. Individual trackingCirlig has a knack for unearthing unscrupulous activities of Chinese browsers. Last year he found Xiaomi's browser exhibiting a similar behavior and routing details about visited websites, even when in incognito mode, back to its headquarters. In UC Browser's case, Cirlig noticed that along with the website the browser would also roll in the user's IP addresses in the transmission to its headquarters. Even more worryingly, he shared that the browser would assign an ID number to each user, which could be used to track their movements across different websites. Although it isn't clear exactly what Alibaba and its subsidiary are doing with the data, Cirlig told Forbes that "this kind of tracking is done on purpose without any regard for user privacy." Interestingly, as of Tuesday morning, the English-language version of UC Browser is no longer listed on the Apple App Store, though it can still be downloaded from Google's Play Store. Via Forbes  | |
| German Corona Warning app ranks best among COVID-19 warning apps - iTWire Posted: 02 Jun 2021 07:26 PM PDT The German Corona Warning app bested other COVID-19 apps from Great Britain, New York, South Africa, Canada, and Australia, according to mobile network company umlaut. umlaut, partner of connect, a test magazine for consumers, has run a security test on warning apps warning apps from Germany, Great Britain, New York, South Africa, Canada, and Australia. umlaut's findings: all tested apps offer very high data security and received the connect rating good or very good. The German Corona Warning app bested the other apps and stood out with 940 out of 1,000 points and received a grade of very good. The focus of the tests was on security, which plays a central role in the acceptance of the population. umlaut examined this with its test procedure for app security. It scrutinised four areas: Data Privacy, Traffic Protection including encryption, measures against impersonation attacks such as loss of integrity and rights expansion, and Secure Code practices, the security measures around the app source code. umlaut says aspects such as functional scope and ease of use were not evaluated and compared because the COVID-19 warning apps can only be used in their target region and are generally offered there without direct competition.
The Corona Warning app, which has been available in Germany since June 2020, leads the connect ranking with 940 points and impresses in particular with its full score for personal data protection. Today, the app, developed by Deutsche Telekom and SAP with the support of the Robert Koch Institute (RKI), counts 28 million users. Since late 2020 (version 1.10), it offers a contact diary in which, for example, meetings with family and friends can be registered. Since March 2021 (version 1.13), voluntary donations of data for scientific research have been possible, and since April (version 2.0), event registration was added. This allows organisers to generate a QR code for their events in the app and publish it, for example, on a poster. Participants can then scan it via app. Since May (version 2.1), the results of rapid tests can be noted in the app and by the end of June, the digital vaccination certificate currently under development will be integrated. In contrast to the intense criticism in its home country, the COVID Safe Australia app achieved an excellent second place with 912 points and a very good rating. After its launch around a year ago, however, the number of users has stagnated at around seven million. Centralised data management and misunderstandings at launch time obviously caused lasting damage to the image of the Australian app. Third place in the connect ranking goes to the NHS COVID-19 app from the United Kingdom with the grade "very good" and 896 points. After an app with centralised data storage first appeared in May 2020, the National Health Service (NHS) switched to a privacy-friendly version following strong criticism. According to connect, this second British Covid app gets a lot of things right and convinces with additional functions. Today, the app counts around 22 million users and thus a similar penetration as the Corona Warning app in Germany. The US app COVID Alert NY ranks fourth with 876 points and received very good rating. Because a US-wide app was hardly feasible, New York developed its own solution. But acceptance remains low despite very good security. Besides the contact notification built into iOS and Android, its only features it has is a private symptom diary. The COVID Alert South Africa App is close behind with 848 points and was graded "good". There is little to criticise about the security of the South African app, nevertheless, it did not achieve a high penetration rate until today. The functionality of the Covid Alert South Africa app is moderate, but there are no major security flaws. Last is COVID Alert Canada app with 816 points and was also graded good. With Blackberry and Shopify, big names are involved in the development of Canada's Corona app. After extensive privacy discussions, the Canadian app limits itself to its core function. A look at apps around the world proves that once a COVID app has suffered a damage to its image due to data protection problems or due to the central data storage criticised by security experts, this is at the expense of a high level of penetration. umlaut's security tests also confirm that the German Corona Warning app, which is often questioned in its country, stands up very well in an international comparison with its strong focus on data protection. Hakan Ekmen, umlaut CEO telecommunications, notes: "We can certify the Corona warning apps to offer a good or partly even very good level of security and data protection. App providers from many countries achieve convincing results. Still, German app users can rely on the best security rating in our comparison. Hannes Rügheimer, author at connect, summarises the conclusion as follows: "Telekom and SAP have done a lot right with the German app, and not just in terms of data protection. Even if the hope is growing that we will need its functionality increasingly less—anyone who is still undecided should give the "Corona Warning App" a chance in view of our results."  |
| You are subscribed to email updates from "best encryption app,what is encryption,android data security" - Google News. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
Comments
Post a Comment