The 3 Best Android Tablets 2024 | Reviews by Wirecutter



google play services app :: Article Creator

New Google Play Store Warning—Do Not Install These Dangerous Apps

New Google Play Store warning will worry millions of users

NurPhoto via Getty Images

Google has a problem—a serious Play Store problem. A dangerous threat we were told had been banished from the store has seemingly just been found there again, and that will rightly alarm millions of users.

It's just a few weeks ago that Android users were warned that 90 dangerous apps with 5.5 million installs had been found on Play Store. At the time, Google assured users that "all of the identified malicious apps have been removed from Google Play, [and] Google Play Protect also protects users by automatically removing or disabling apps known to contain this malware on Android devices with Google Play Services."

ForbesSamsung Issues Update Warning For Galaxy Smartphones As Google Confirms New ThreatBy Zak Doffman

And yet, here we are again—those defenses seem to have failed.

The malware in question is Anatsa, which Zscaler warns "exfiltrates sensitive banking credentials and financial information from global financial applications." Once installed by means of a separate dropper app, Anatsa scans the infected device for banking apps it is coded to attack. It then captures login details via a fake login page overlaid over the real app and intercepts SMS passcodes. Then it drains your account.

In May, Zscaler suggested that "the recent campaigns conducted by threat actors deploying the Anatsa banking trojan highlight the risks faced by Android users," users who were trusting the security of Google's Play Store, it added.

And now Zscaler has just issued a fresh warning, that its ThreatLabz "has detected another malicious Android app that is currently live in the Google Play store… The app is disguised as a QR reader and file manager, but is actually a malware loader for the Anatsa banking trojan." It's a nasty case of déjà vu.

I have approached Google for any comments on this latest warning.

ForbesFederal Agency Issues New Warning If You Use Airplane WiFiBy Zak Doffman

Anatsa's use of an apparently clean app as a dropper has been key to its success. "This strategic approach," Zscaler says, "enables the malware to be uploaded to the official Google Play Store and evade detection." Past droppers have been trivial PDF and QR code readers and similar. And this latest warning is yet another of those QR readers.

As such, the golden rules to staying safer on Android remain as critical as ever:

  • Stick to official app stores—don't use third-party stores and never change your device's security settings to enable an app to load; also ensure Google Play Protect is enabled on your device.
  • Check the developer in the app's description—is it someone you'd like inside your life? And check the reviews, do they look legitimate or farmed? Avoid the indiscriminate installation of trivial apps you do not need.
  • Do not grant permissions to an app that it should not need: torches and star-gazing apps don't need access to your contacts and phone. And never grant accessibility permissions that facilitate device control unless you have a need.
  • Never ever click links in emails or messages that directly download apps or updates—always use app stores for installs and updates.
  • Be especially wary of any QR code or PDF reader apps given this malware threat.

    • Google Play Services Update Includes New Phone, Wearable Features

    Google detailed its latest Google Play services update this afternoon, v24.25. Inside, there's an assortment of new features and changes, though, Google doesn't do too well at explaining every exact change.

    For example, while Wear OS owners will now be able to use American Express for Wallet on supported Fitbit devices, Google also notes that users will see "new features" for IDs that get added to Wallet. We aren't sure what those new features are.

    Below you can view the entire changelog, some of which is more helpful than other parts.

    Google Play services v24.25 (2024-06-26)
  • Wallet
  • [Wear] With this new feature, you can now use American Express for Wallet on Fitbit.
  • [Phone] With this new feature, you can now add an e-wallet as your payment method or use your linked e-wallets in Google Pay to complete payments.
  • [Phone] With this update, you'll see new features for the IDs you add to Wallet.
  • [Phone] With this new feature, you can now use Pix as your payment method in Wallet.
  • System Management
  • [Auto, PC, Phone, TV, Wear] Updates to system management services that improve Device Storage, Privacy, and Security.

    • Be on the lookout, Android users.

    // Google Support


    Android 15's Contact Keys Is A Step Towards Apple-like Protection From Cyber Attacks (APK Teardown)

    Pixel 8 Pro vs iPhone 15 Pro camera shootout

    Robert Triggs / Android Authority

    TL;DR

  • Android 15 introduced a new API to facilitate end-to-end encryption in apps. The Contact Keys Manager API gives users a centralized way to manage and verify their contacts' public keys.
  • The latest Google Play Services beta update contains hints that showcase how this Contact Keys feature will work.
  • Apple introduced a similar feature called Contact Key Verification with iOS 17.2, which also features automatic notifications and other extras.

    • Android 15's first beta introduced a new E2eeContactKeysManager API, which is said to facilitate end-to-end encryption (E2EE) in Android apps by providing an "OS-level API for the storage of cryptographic public keys." Google notes that the API is designed to integrate with the "platform contacts app" to give users a "centralized way to manage and verify their contact's public keys." We now have some more info on how the user-facing elements will work for Contact Keys, potentially building up Android as a better competitor against Apple for sophisticated cyberattacks.

    An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.

    While Android 15 introduced the API, Google Play Services will handle the functionality related to Contact Keys. We've spotted new activities and strings in the latest Google Play Services beta that give us a clue about how the feature will work.

    Starting off with the activities, we've spotted three of them within Play Services: one for onboarding, one for showing the QR code, and one for scanning the QR code.

    Next, we found plenty of strings, which help us piece together how the feature could work:

    Code

    Copy Text <string name="contactkeys_scan_qr_btn_scan">Scan code</string> <string name="contactkeys_scan_qr_btn_show">Show code</string> <string name="contactkeys_scan_qr_text_view_desc">Scan the QR code on this contact's phone. This will confirm encryption between your phones for all end-to-end encrypted apps. To do this, they'll need to open the Google Contacts app > Contacts settings > Your info.</string> <string name="contactkeys_scan_qr_text_view_title">Confirm end-to-end encryption</string> <string name="contactkeys_show_qr_code_no_selfkeys">No keys to verify.</string> <string name="contactkeys_show_qr_text_view_show_numbers">Show numbers</string> <string name="contactkeys_show_qr_text_view_desc">Ask this contact to scan your code here, which you can also access from Contacts Settings > Your Info. You can also compare the app specific numbers instead.</string> <string name="contactkeys_lookupkey_required">Error starting key verification, no contact specified</string>

    As we can learn from the strings, the Contact Keys feature will rely heavily on the Google Contacts app for its UX. Users who want to confirm that all their E2E apps are actually encrypted can scan the QR code present on the other person's Google Contacts app. Alternatively, the strings hint that you could also compare the app-specific numbers instead to reassure yourself about the encryption status.

    Apple has a similar feature on iOS called Contact Key Verification, which was added in iOS 17.2. Contact Key Verification lets you receive automatic alerts that help verify that you are communicating only with the people you intend to communicate with. By verifying the encryption status, you can reassure yourself that you are not being targeted by any sophisticated cyber attack.

    Contact Key Verification on iOS 17.2

    Contact Key Verification on iOS 17.2

    We expect Google's Contact Keys to be on similar lines, albeit at an earlier stage of progress. The strings don't indicate any automatic messages being sent out like you can with iMessage Contact Key Verification. This can change for the better in the future, but it's still a good step forward in its current form.

    Got a tip? Talk to us! Email our staff at news@androidauthority.Com. You can stay anonymous or get credit for the info, it's your choice. Comments



    -

    Comments

    Post a Comment

    Popular Posts

    6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog

    Image
    6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 5 best TrueCrypt alternatives | Encrypt your computer with these apps - proprivacy.com The Best Way to Encrypt Email in Outlook - Security Boulevard 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog Posted: 23 Nov 2019 12:00 AM PST Anti-forensic techniques can make a computer investigator's life difficult. From committing fraud in an organization to stealing crucial data, cybercriminals can perform a wide range of nefarious activities. In some cases, these perpetrators try to cover their tracks by deleting browser history, cache memory, and even cookies. But with an upward trend , it is now much convenient for cyber attackers to use already progr...
    Read more

    Harry Dunn's parents to meet Anne Sacoolas as immunity row continues - The Guardian

    Image
    Harry Dunn&#039;s parents to meet Anne Sacoolas as immunity row continues - The Guardian Harry Dunn&#039;s parents to meet Anne Sacoolas as immunity row continues - The Guardian Posted: 13 Oct 2019 06:58 AM PDT Anne Sacoolas, the wife of a US intelligence official who was involved in the road collision that killed 19-year-old Harry Dunn, has agreed to meet with his grieving parents and cooperate with a British police inquiry. But amid continuing questions over her right to diplomatic immunity, it is not clear if she will return to the UK to fulfil a promise to answer police questions about her role in the car crash. The reversal of position on a meeting appears to have come after lawyers specialising in diplomatic immunity started to advise Dunn's parents last week, leading them to say they would pursue Sacoolas in the US courts for a civil claim. Mark Stephens, one of the legal specialists advising the parents, told the Guar...
    Read more

    A Look At Blockchain Smartphones Available Now - I4U News

    Image
    A Look At Blockchain Smartphones Available Now - I4U News A Look At Blockchain Smartphones Available Now - I4U News Posted: 09 Oct 2019 06:19 AM PDT There is probably no one in the world who has not heard of cryptocurrencies. In the past few years, the general public's awareness of the likes of Bitcoin and Ethereum has skyrocketed. This has happened to such a degree that there are literally millions of us using Bitcoin wallets offered by Luno and other well established names in the industry. On the other hand, blockchain is not necessarily that well known and its capabilities maybe a little less. So although we know that blockchain is the basis of cryptocurrencies, many of us know little more than that. Anyways, this technology is extremely adaptable and is being applied to many industries/sectors from health to disaster recovery. So that it will come as no surprise that blockchain is shifting its attention to mobile. This has resul...
    Read more