Everything you need to know about the massive AT&T outage



google play protect app :: Article Creator

'Dirty Stream' Android Malware Can Easily Access Your Legit Apps: How To Protect Yourself From It

Android users need to be on high alert as Microsoft has unveiled details about a new critical security flaw known as "Dirty Stream." This vulnerability affects numerous Android applications, potentially impacting hundreds of millions of users globally. Here's what you need to know to safeguard your information against this malware strain.

The Dirty Stream Vulnerability Explained

'Dirty Stream' Android Malware Can Easily Access Your Legit Apps: How to Protect Yourself From it

(Photo : Adrien from Unsplash) Your Android phone might have permitted unauthorized access from your installed apps. The new critical vulnerability Dirty Stream could be the culprit behind this.

The core of the Dirty Stream issue lies in Android's ContentProvider system, which is designed to facilitate the sharing of structured data between different applications on your device. 

As reported by Tom's Guide, it allows Android apps to communicate and exchange files under strict security protocols including data isolation, specific URI permissions, and stringent path validations.

However, Microsoft's recent findings indicate that malicious apps can exploit this system by using custom intents-specialized messaging objects in Android. These intents can bypass the established security measures, allowing hackers to send files with altered filenames or paths to legitimate apps, effectively smuggling in malicious code under the guise of legitimate files.

Related Article: Chinese Threat Actor Goldfactory Deploys Android-Banking Malware Through Deepfakes

How Big is 'Dirty Stream's' Scope

Among the apps compromised by this vulnerability are Xiaomi Inc.'s File Manager and WPS Office, with installations totaling over 1.5 billion. The deceptive simplicity with which the Dirty Stream vulnerability allows attackers to manipulate apps into overwriting vital data within their storage is particularly concerning. This could lead to unauthorized code execution, data theft, and total hijacking of the app without the user's knowledge.

Microsoft's investigations have shown that this is not an isolated problem but a widespread issue across multiple popular Android applications. They estimated that applications vulnerable to Dirty Stream have been downloaded over four billion times.

Steps to Stay Protected from 'Dirty Stream'

To mitigate the risks associated with the Dirty Stream vulnerability and other Android malware, here are several precautions you can take:

  • Avoid Sideloading Apps: Sideloading-installing apps from outside the official app stores-bypasses many of the security checks that apps on Google Play or other official app stores are subjected to. Stick to downloading apps from these trusted sources to minimize the risk of inadvertently installing malicious software.

  • Activate Google Play Protect: This built-in security feature on most Android devices works to scan your apps for malicious behavior continuously. Ensuring that Google Play Protect is activated enhances your defense against potential threats.

  • Install Reputable Antivirus Software: Complementing Google Play Protect with a robust antivirus app for Android can provide an additional layer of security. These apps offer extensive features that enhance your device's ability to ward off malware and other cyber threats.

  • Regular Updates: Keep your apps and your Android operating system updated. Developers regularly patch security vulnerabilities, and staying updated means you benefit from these fixes.

  • Educate Yourself on Permissions: Be mindful of the permissions you grant apps. If an app requests permissions that seem unnecessary for its functionality, it might be a red flag.

    • In other news, Finland urged Android users to be wary when downloading the McAfee app. Instead of protecting them from viruses, this could be the key to hacking their bank accounts.

    As Bleeping Computer reported, the country's Transport and Communications Agency (Traficom) said the victims' bank accounts were in danger of getting hijacked. Currently, no cases of hacking have affected Apple iPhone users.

    In early April, researchers warned that Android users should refrain from easily trusting any third-party apps, especially from untrusted sources. What's worse, the Vultur banking trojan was just hiding under the guise of the McAfee app.

    Read Also: Personal Data of 1 Million New York Students Hacked: Department of Education

    Joseph Henry

    ⓒ 2024 TECHTIMES.Com All rights reserved. Do not reproduce without permission.


    Google Flexes Security Muscle, Says It Stopped 2.2 Million Rogue Apps From Hitting Play Store In 2023

    In a nutshell: If you're an Android user, Google wants you to know that it's got your back when it comes to sketchy apps and shady developers trying to pull a fast one on the Play Store. In its annual transparency report released today, the tech giant laid out all the measures it took last year to safeguard users and responsible developers alike.

    Google says the push to keep the Play Store a clean place came from its SAFE principles - Safeguard users, Advocate for developer protection, Foster responsible innovation, and Evolve platform defenses. Putting those principles into practice in 2023 involved a lot of security updates, policy changes, and advanced screening with machine learning.

    The stats are pretty impressive. The search giant prevented 2.28 million policy-violating apps from making it onto the Play Store. It identified over 333,000 bad actor accounts associated with malware, fraud rings, and other nastiness, giving them the boot. Almost 200,000 other app submissions were rejected or had to make changes to properly handle sensitive permissions like location tracking.

    But Google didn't just crack down on individual apps. The company notes that it took industry-wide initiatives to promote app security best practices. Google partnered with Microsoft and Meta in the restructured App Defense Alliance to support the adoption of mobile app security guidelines across the ecosystem.

    Moreover, Play Store listings for VPN apps now highlight which ones underwent independent security audits through the alliance. It's a welcome change considering many of such apps have been flagged as security nightmares by researchers in the past.

    Under the hood, Google gave Play Protect - the security software that scans Android devices - an upgrade to do real-time code analysis on apps. This, the company says, has detected over 5 million malicious apps trying to sneak onto Android devices from outside the Play Store so far.

    On the policy front, Google instituted new rules around generative AI apps, disruptive ads, and expanded privacy protections last year. It's raising the bar for new developer accounts with stricter verification requirements and pre-launch testing. Apps that create user accounts now have to build in data-deletion tools that are accessible online.

    The search giant is also taking a tougher stance on apps that don't stay up-to-date with the latest Android APIs and security enhancements. Around 1.5 million outdated apps are no longer available on the Play Store for users running current Android versions.

    Looking ahead to 2024, Google plans to remove apps that aren't transparent about how they handle user data and privacy. It also just filed a federal lawsuit against two crypto scammers who pushed fraudulent investment apps on the Play Store, signaling it's willing to take legal action.


    Google Bans Over 20 Lakh Apps From Play Store: Know Reason Why

    Access Denied

    You don't have permission to access "http://www.Financialexpress.Com/life/technology-google-bans-over-20-lakh-apps-from-play-store-know-reason-why-3473921/" on this server.

    Reference #18.6d24c317.1715048187.1226c026

    https://errors.Edgesuite.Net/18.6d24c317.1715048187.1226c026





    -

    Comments

    Post a Comment

    Popular Posts

    Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

    Image
    Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
    Read more

    WhatsApp beta update seeks to remind everyone why encryption is so vital - iMore

    WhatsApp beta update seeks to remind everyone why encryption is so vital - iMore WhatsApp beta update seeks to remind everyone why encryption is so vital - iMore 5 features your next cloud storage provider needs to offer - TechRadar This Week In Security: Pacman, Hetzbleed, And The Death Of Internet Explorer - Hackaday Anonymity Online Is In - The Atlantic What is a Cyberattack? Types and Defenses - eSecurity Planet Best Private Instagram
    Read more

    VPN browser extensions: Why you shouldn't use then - Tech Advisor

    VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
    Read more