Security - Featured Articles

HTC One Accounts

So, you want to adopt BYOD?

What you need to know before integrating employee devices on your network Bring Your Own Device (BYOD) is the current hot trend. (And has been for a while, really.) There are many perceived advantages for a company that allows employees to bring their own devices to work and have access to your...
LG G Pro 2 Knock Code

How to use Knock Code on the LG G Pro 2

Knock Code will come to other LG phones via software updates this year With Knock On — wherein you tap the display twice to turn on your phone — has been one of our favorite new features of the past few months. LG introduced it with the LG G2 in 2013, and it returned with the LG G Flex toward...
The Boeing Black

Boeing reveals the Boeing Black — a super-secure smartphone for those with super security needs

This phone will self destruct in ten seconds… In this day and age of malicious apps and intrusive government surveillance, you might be wondering how to keep your data secure. You could turn to a solution like the up-and-coming Geeksphone Blackphone, with a modified version of Android and sets...

Security - Top Articles

SD card: Activate

KitKat and SD cards — what's fixed, what's broken and what's misunderstood

Why your SD card doesn't work the same in Android 4.4 KitKat, and the reasons for the change “Curse you, Google! Your KitKat update broke my SD card!” Poke around the Android section of the Internet and you’ll hear something similar. Users like you and me are in an uproar because they updated...
Google fixes Heartbleed

Google updates back-end in light of Heartbleed vulnerability

If you've been online at some point in the last 36 hours, chances are you've heard of 'Heartbleed', a flaw in OpenSSL that has exposed data to theft on approximately 2/3 of servers in use around the globe over the past two years. It's not known how bad the damage may be, but the revelation of the...
Android Central

NBC News and the bullshit 'ZOMG Sochi Olympics Android hack' story

Your Android smartphone only installs malware if you're being dumb (or do it on purpose) — not automatically, and not just because you're in Russia. This is just ridiculous, even for American "news" television. A report from NBC News was exposed — and rightfully so — by Errata Security (via...
The Boeing Black

Boeing reveals the Boeing Black — a super-secure smartphone for those with super security needs

This phone will self destruct in ten seconds… In this day and age of malicious apps and intrusive government surveillance, you might be wondering how to keep your data secure. You could turn to a solution like the up-and-coming Geeksphone Blackphone, with a modified version of Android and sets...
SkipLock.

Unlock With Wifi app retooled and is now SkipLock

Safety meets convenience with a set of great features  You may have heard us talk about an app called Unlock With Wifi a time or two. It's an app that tells your lock screen when to become secured with a password or PIN, based on what Wifi AP you're connected to. It's one of those apps that you...
Gmail

All Gmail will now use HTTPS, messages will be encrypted when moving inside Google

Initiatives were 'made a top priority after last summer's revelations' Google has steadily improved the overall security of several of its apps and services, and the latest move is moving to HTTPS and encryption across all of Gmail. Starting today, every single time you send or check your Gmail...
HTC One Accounts

So, you want to adopt BYOD?

What you need to know before integrating employee devices on your network Bring Your Own Device (BYOD) is the current hot trend. (And has been for a while, really.) There are many perceived advantages for a company that allows employees to bring their own devices to work and have access to your...
Cerebus

Cerberus servers have a data leak, users advised to change password

Users of the popular phone security app Cerberus are reporting a slightly disturbing email coming from the developers today. While Cerberus assures that no passwords were compromised — they are encrypted, of course — attackers did gain access to some usernames and passwords. If you're using...
LG G Pro 2 Knock Code

How to use Knock Code on the LG G Pro 2

Knock Code will come to other LG phones via software updates this year With Knock On — wherein you tap the display twice to turn on your phone — has been one of our favorite new features of the past few months. LG introduced it with the LG G2 in 2013, and it returned with the LG G Flex toward...
Android Central

Android Device Manager app launches on Google Play

Like the web interface, the new app lets you remotely track and lock down your other Android devices Google has launched a new Android app allowing users of the Android Device Manager feature to remotely track, ring, lock down or wipe their other devices. Not to be confused with the Google Play...

Security - Photos

Security RSS Feed

The latest update to Path for Android update has now hit the Google Play Store, and this release will be of interest to those who previously had concerns over Path not properly securing personal data. As noted on the Path blog:

We take privacy and security seriously, and we believe your data deserves to be well-protected. That’s why, with the release of Path 2.1.1, we are enhancing our security by hashing user contact data so that it is anonymized. This means last names, phone numbers, email addresses, Twitter handles and Facebook IDs. We collect this data to connect you with those who are closest to you.

We hope our actions set a new standard in this field as we strive to serve you, our users, first. Thank you for your trust, and thank you for using Path.

With the privacy matters in the app now cleared up, the change log does also not various other bg fixes as well. That said; there was no mention of the multiple notification issue being fixed that some folks have been experiencing for the past little while now. Give it a go, the download link is beyond the break for you all and if you've had the notification bug before -- let us know in the comments if it is now fixed for ya.

Source: Path

Read more and comment

 

The latest bit of FUD spreading around about Android is that you can't ever sell your old Android phone without giving away all your data, secrets, and possibly the recipe for KFC.

Like many things you'll read elsewhere on the Internet, there's a lot of crap attached and presented as fact that is just wrong. Someone needs to explain what exactly is going on here. Allow me to try my best. Hit the break for a read.

Read more and comment

 

Owners of Sprint's LG Marquee (a distant cousin of the LG Optimus Black) will be pleased to see the roll-out of a new software update for the device. The new version LS855ZVC fixes one glitch that's been particularly frustrating for some users -- a bug which sometimes resulted in the phone locking up during calls. In addition, Sprint says the update improves the Marquee's security, which may or may not be a good thing, depending on whether you're interested in rooting the device.

Head on over to "Settings > About Phone  > System Updates > Update LG Software" and check for updates to see if yours is ready. As ever, these updates are doled out gradually over time, so don't be too alarmed if you don't see anything just yet.

Source: Sprint

Read more and comment

 

The message above is currently displayed on HTCSense.com, informing visitors that HTC's online sync service will be shutting down from April 30. This gives HTCSense.com users just over a month to log in and download any contacts, text messages or other personal data on their account. The message is also being sent out by email to HTCSense.com account holders.

HTC says the move away from HTCSense.com is part of the transition to "new and improved" online services it's working on. With carriers preparing to launch the One X in Europe in just over a week, we'd guess that phone may be the first to see whatever HTC's cooking up.

In addition to the purge of personal data, HTC tells us that the online security and backup services are currently unavailable too, and that users should head to Google Play to download a replacement. Security apps like Lookout offer similar services, for a price.

In the meantime, we'll have to wait and see what HTC's future cloud plans entail. And we'll be hoping that the new service is a little more reliable than HTCSense.com. In our experience the service, which first launched on the Desire HD in late 2010, was temperamental at the best of times.

More: HTCSense.com

Read more and comment

 

Verizon over the weekend dropped word that an impending update to the LG Revolution would include a Verizon Remote Diagnostics app — a "new customer care solution to improve device issue diagnosis during customer support calls."

We've gotten some more detail on exactly what that entails, and it's not really anywhere near as scary as you might think. A Verizon spokesman tells us that it's really just a remote desktop type of thing. A VNC service, if you will. And, Verizon tells us, "no personal data like keystrokes or web history, location, etc., is logged or saved."

This sort of thing is a touchy subject because of the hot water carriers found themselves in last year over their use of Carrier IQ, a network analytics tool that was cooked into many smartphones to allow the silent uploading of network and device data. Users weren't explicitly made aware of its use, and a bit of a firestorm erupted. Warranted or not, any sort of "remote diagnostics" app added by a carrier to a smartphone is bound to raise eyebrows. 

We've got a feeling some folks will be putting that to the test, but for now we have absolutely no reason not to take Verizon at its word.

Read more and comment

 

Since the earliest days of unofficial Android ROMs, root access and custom firmwares like CyanogenMod have gone hand in hand. However, future versions of CyanogenMod will take a step back from always-on root, disabling root access by default but allowing users to easily enable it through a menu.

In a statement on their official site, the CM team says that having root access enabled by default represents a "major security risk," one which can be remedied by introducing four user-configurable root options. Root access will be disabled by default, while three additional options will let CM users enable it for ADB only, apps only, or both. So there's nothing to panic about -- your root access will still be there if and when you need it, but your device will be more secure by default as a result.

A good analogy is Android's "unknown sources" option, which allows applications to be loaded directly from an APK file rather than the Google Play Store. It's there for those that want it, but disabled by default for security reasons. As CM matures and its audience grows more mainstream, it makes sense that there's a renewed focus on security.

There's more technical info about exactly how this configurable root access works over at the source link.

Source: CyanogenMod

Read more and comment

 

Here's a security and privacy tip that many of us forget about, yet is really easy to manage -- geo-location data in the pictures you take with your Android phone. Modern digital cameras that have a way to capture GPS data (that means your Android phone or tablet) can attach location data to pictures using the Exif (Exchangeable image file format) standard. The Exif standard attaches metadata tags to pictures, sounds, and video to keep track of things like song titles, video length, and camera model. It also has a slot for latitude and longitude coordinates from your GPS receiver. 

Attaching GPS metadata to the pictures you take can be handy, and there are reasons people would want to do it. Having the date, time and location embedded in a picture means never forgetting where and when you took it, and you can use services like Panoramio to place your pictures on a map overlay. Having a location fixed to an image has many legitimate, and fun, uses.

But many times we don't want someone else to know the precise GPS location of a picture we've taken. "Little Timmy's first day at summer camp" would make a great picture to share on Facebook or Google+, but do we want some stranger to know where little Timmy is sleeping this week? It's a scary world out there, full of people with bad intentions. Nobody will blame you if you err on the side of caution.

It matters, because it's not just apps that can access this data. Download a picture from your (or a friends) online albums somewhere. After you have it saved, right click it (Windows) and look at all the properties. If the picture is geo-tagged, you'll get GPS coordinates within a few feet of where the camera was when it was taken. There are even programs and websites that spit out the location data of images, and not everyone who uses these can be trusted. Thankfully, turning location tagging on and off is really easy.

You'll find a spot in the settings of your camera app (stock or a custom app from the Google Play store) that will say location or geo-tag. Poke around a bit, it's in different places depending on your phone's firmware or the app you're using, but it's there. When that setting is on, your GPS will turn on and the coordinates will be saved with the image data. When it's off, neither will happen.

Take control of these sorts of settings, and keep yourself safer on the Internet. 

Read more and comment

 

You might have noticed that we're going to talk a little extra about security and privacy this week here at Android Central. It's a discussion worth having. We've asked a few security and/or privacy related questions in polls past, things like lockscreen security (use it), app permissions, and Google's privacy policy, but we haven't hit this basic one just yet. Tonight, let's change that.

Do you use a security application?

One of any type -- a malware scanner, a remote lock and wipe tool, a "find my phone" tool, or even a net nanny app for the kids. If you use one, let us know!

 

Do you use a "security" app?

Read more and comment

 

Oy vey! According to a report from Reuters (via Phonescoop), U.S. Sen. Charles Schumer, D-N.Y., has called for the Federal Trade Commission to investigate "reports that applications on the Apple Inc and Google Inc mobile systems steal private photos and contacts and post them online without consent."

OK, folks. Let's see if we can't explain this again. There was a report in the New York Times that exposed a flaw in iOS that lets applications have full access to an iPhone or iPad's Camera Roll (the equivalent of the Android "Gallery") if said application has access to GPS location. It's not that apps can't have access to images, it's just that the way they're going about it here is in violation of the iOS terms of service, and Apple's fixing it, as it does with other bugs. And as we've previously told you, it has absolutely nothing to do with Android.

Read more and comment

 

The NSA (National Security Agency) has developed an Android phone that meets "Top Secret" criteria using off-the-shelf components. Dubbed the fishbowl phone, 100 units were built and deployed by IAD (Information Assurance Directorate) and division head Margaret Salter says that anyone can recreate the phones using the specs published at the NSA website.

The plan was to buy commercial components, layer them together and get a secure solution. It uses solely commercial infrastructure to protect classified data.

 -- IAD Department head Margaret Salter

The new phones, which even have their own secure enterprise application store, mean that users no longer have to speak in code when talking about government secrets. Using IPSEC VPNs, and having voice sessions use Datagram Transport Layer Security and the Secure Real-time Transport Protocol means that calls are safe from prying eyes, and this was published because Salter thinks the voice application security specification would be useful to everyone. Voice calls are encrypted twice, and all go through the NSA enterprise servers to maintain control and keep communications safe between only the parties involved. 

It appears that choosing the components was a bit difficult, and Salter urges her colleagues to "demand vendors improve unified communications interoperability". The parts weren't chosen by brand, and instead were chosen for the way they supported the required functionality. This means that a part from one vendor had to work well with a part from another vendor, which proved difficult. None of the compromises that had to be made reduced the security of the phone. In addition, a "police app" was designed to monitor all operations of the device in case any portion was compromised. 

'Droid does top secret.

Source: SC Magazine; via Android Central forums

Thanks, DenverRalphy!

Read more and comment

 

Let's file this under "anything for a story about Android". The New York Times has decided that Android is also "vulnerable" to apps being able to see your pictures, just like it was designed to do. It all stems from some press recently where iOS had a loophole that allowed apps without permissions to access photos stored on a user's mobile device. There is a big difference here though, and it's in the design. 

iOS was designed so that nothing but the gallery on your device, or iTunes had access to your pictures. Developers that had to access GPS data could get in the Camera Roll, because a lot of pictures have and use GPS data. Rene does a really good job at explaining this over at iMore, and you should read it. Personally, I didn't think it was a severe security hole on iOS, but it was a loophole that Apple decided to fix. That's good -- if you're going to have a permissions policy on a certain part of the file system, you should enforce it. Even a silly permissions policy.

Android, on the other hand, was not designed this way. It's like a Windows computer. Or a Mac computer. Or a Linux computer. Or a digital camera. Even the computer used to write the story at the NYT allows complete access to photos -- they all do. It's standard file input/output, and just because Apple decided not to use it makes no difference. It doesn't stop there, either. Documents, videos, music, all media is able to be shared in a modern operating system. I can use Microsoft Office and see the pictures folder on every computer here at my house, because it was designed that way. It makes things easy to use and share, because we like to use and share digital media.

Unfortunately, all the fuss over "private" data lately has even Google second guessing themselves:

We originally designed the Android photos file system similar to those of other computing platforms like Windows and Mac OS. At the time, images were stored on a SD card, making it easy for someone to remove the SD card from a phone and put it in a computer to view or transfer those images.

 

As phones and tablets have evolved to rely more on built-in, non-removable memory, we're taking another look at this and considering adding a permission for apps to access images. We've always had policies in place to remove any apps on Android Market that improperly access your data.

This could just be PR spin, or Google really may have to make things harder for us all because of silliness. I don't want this, I'm assuming that most of you guys don't want this either. Do yourself a favor, and don't fall into this trap.

Source: New York Times

Read more and comment

 


Youtube link for mobile viewing

Not a day goes by in which we don't get an e-mail from you fine folks out there asking about antivirus and security applications, and which one we'd recommend. That's a tough question, because it's tough to judge which one is the best at spotting malware. We caught up this evening with our pals at NQ Mobile (aka NetQin Mobile), makers of the NQ Mobile Security & Antivirus app. And they've got a convincing argument for using their app over the others -- it was designed and developed in the world capital of viruses and malware. (Bonus points if you can guess the country.)

Check out our video above, and check out the app in the Android Market. Basic features are free, and premium features cost on average about $5 a month, depending on where you live.

Read more and comment

 

Carrier IQ cares. Or, rather, for Carrier IQ, it's all about care. The much-maligned California analytics company has weathered the Great Privacy Scandal of 2011 and today at Mobile World Congress in Barcelona announced a new product for its customers -- the operators -- to give greater transparency to consumers -- that's you and me -- regarding data being collected from your smartphones and tablets.

Let's be clear here: You are not Carrier IQ's customer. It provides network and hardware analytics capabilities to companies that sell smartphones by the millions, not folks like you and me who buy them every year or so (or, in our case, more often). That's not to say that CIQ is deaf to the recent surge in the push for privacy. Far from it. And that's not to say it hasn't learned a thing or two since everybody started to care about on-board analytics. It most certainly has.

And that brings us to today's announcement.  

Dubbed the "Customer Experience Dashboard," CIQ will begin offering -- again, to operators, not to end-users directly -- tools that the operators can then use to show their users basic fault explanations. Is your phone's battery draining? Dropping a lot of calls? Constantly rebooting? CIQ's new tools would all the operator to better explain to you what's going on with your phone, as well as with the network it's on. CIQ would essentially provide APIs to the operators, who then could build into their own websites the ability to see exactly what's going on with your phone.

It's a twofold proposition. At its core, the idea is to place some of the customer care onus back onto the customer, specifically to cut down on customer care phone calls. In other words, to help you help yourself. That, in turn, saves the operator money. It's also a great opportunity for the operator to show exactly what sort of data it's harvesting from your phone. But -- and this is a pretty big "but" -- it's up to the operator to implement any or all of this. As with Carrier IQ's current suite of products, it's completely customizable to for each operator and platform. It doesn't (and probably wouldn't) look like what you see in the picture above. Operators would be free to customize and present as much data as it sees fit, and in whatever manner it sees fit. And as of right now, it's still completely optional (and in fact will raise the cost of the CIQ platform for the operator).

For our part, we believe that would be money well spent by the operators. As much as the operators need analytics, the end-users need greater transparency. And done right (there's always a catch, right?), the operators could conceivably kill two birds with one stone here: continue to learn about the devices it supports in a real-time manner, and do so in a way that doesn't scare the hell out of its users.

Read more and comment

 

Youtube link for mobile viewing

The Sophos security website has reported a new bit of Android malware, and this time it's being spread on Facebook. If you watch the video above, you'll see how an unknown person on Facebook send you a link, which you dutifully click (because we all click random Facebook links from people we don't know, right?) and it downloads a malware ridden apk file to your phone. It's a trick folks have to use now that Google has a Bouncer at large in the Market.

Unfortunately, the video stops there and leads the viewer to believe that it's another cause for panic and that we need to be up in arms over this. The reality is far different, and this is a classic case of sensationalism. What happens after the part where the video ends is really the important bit.

After the file downloads, you'll have to choose to install it. This also depends on you having disabled the security feature that prevents third party apps from being installed, and failing to read the permission warning that pops up when you verify that you want to install this random file. Of course, across the Internet you'll probably not hear this part, because Android and malware in the same title generates hits. We've seen it before. 

So how do you stay safe? It's easy:

  • Don't interact with random people on Facebook
  • Don't click random URLs from random people
  • Don't install random apps that you didn't download

With Android, you get the freedom to install apps from anywhere, not just an official store where the folks that make the OS get 30 percent. You also get notified of what every app can do, and are forced to accept those terms. With that in mind, use just a little bit of common sense and you'll be fine.

Source: Sophos

Read more and comment

 

And how we, the users, still need to take responsibility

There's been a lot of news lately about a lapse in either security or judgment -- both, really -- at Apple that allows iOS applications to borrow your contact data and send it off to parts unknown without your consent. Apple has addressed the issue to members of the U.S. Congress, and will take steps to hold tighter control in a future iOS update. That's good news, and we're glad to see it happening.

But what about Android? During all this focus on apps doing things without explicit user permission, you see people referring to the Android permissions model. We're going to break it all down for you.  It's not perfect, but it works pretty well -- and it's certainly better than no permission system at all.

Let's walk you through permissions on Android, and how you need to be sure to do you part.

Read more and comment

 

Last week Google disabled the provisioning of pre-paid cards in Google Wallet, following the discovery that clearing app data could allow the PIN for these cards to be reset. Now Google says a fix is rolling out, and that pre-paid cards are available once again.

Writing on the official Google Commerce blog, VP of Google Wallet and Payments, Osama Bedier, said that the company was not aware that any pre-paid cards that had been misused as a result of the vulnerability.

Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet. In addition, we issued a fix that prevents an existing prepaid card from being re-provisioned to another user. While we’re not aware of any abuse of prepaid cards or the Wallet PIN resulting from these recent reports, we took this step as a precaution to ensure the security of our Wallet customers. If you are unable to access your previous prepaid card balance for any reason, please contact our toll-free support for assistance.

So now we can all sleep a little safer at night, knowing that if someone steals your phone, at least they won't be able to pay for a Big Mac out of your pre-paid allowance.

The issue with obtaining PIN numbers on rooted devices via a brute-force method remains, however, as we discussed in our most recent podcast, a rooted device is by definition insecure. For its part, Google still recommends not installing Google Wallet on rooted devices.

Source: Google Commerce Blog

Read more and comment

 

Google late Friday night disabled the ability to provision new Google Preaid Cards, fallout from the discovery of a flaw in the Google Wallet app. The gist is that if someone were to find your phone, they could reset the Google Wallet PIN and gain access to your Google Prepaid Card. In a separate incident, rooted phones were found to be vulnerable to a brute-force crack.

And so, Google has temporarily disabled provisioning of prepaid cards as an interim step, and it says it will have "a permanent fix soon."

Google also reminds us that rooted devices are by definition not as secure as un-rooted phones and "we strongly discourage [rooting] if you plan to use Google Wallet because the product is not supported on rooted phones."

In addition, Google provides toll-free phone support 24 hours a day if you have concerns or questions about Google Wallet. In other words, just like with a traditional credit card, call if you lose it. Or have issues. Or just need a friend.

Source: Google Commerce Blog
via Android Forums

Read more and comment

 

Following the news yesterday that Google Wallet's PIN security has been cracked (for rooted users, on unsecured devices), Google has issued an official statement to clarify a few details, including who's vulnerable, and what users should do to protect themselves.  In a statement given to TheNextWeb, Google confirmed what our own Jerry Hildenbrand said in his write-up yesterday -- only rooted users are potentially vulnerable.

"The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.

We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone."

So again, only rooted users are at risk, and the recommendation to avoid Google Wallet use on a device with root is a sensible one. For the minority of Wallet users who are rooted, we're sure a fix will come in the days and weeks ahead. And if you're running a nice, clean stock device without any hackery of your own, you've got nothing to worry about.

Of course, news of this vulnerability will likely cause some damage to Google Wallet's reputation, at a time when Google's working hard to increase uptake of its payment method. If and when mainstream news outlets pick up this story, it'll be interesting to see whether they, like Zvelo's original press release, neglect to mention the crucial detail that a pre-rooted device is required.

Source: TheNextWeb

Read more and comment

 

Security is important.  We carry a crapload of information in our phones, and with the world of NFC payments slowly becoming a reality, we'll be keeping even more in our pocket and in the cloud.  As we saw earlier today late yesterday, keeping things like PIN codes safe is tough with so many eyes out there trying to find a way around it.  Nobody should have been surprised, nothing is 100 percent secure.  

That's why it's always a good idea to use more than one way to stay safer.  You have secure tokens and password encrypted information on you phone, but keeping people from even getting that far is easy to do with a secure lockscreen.  Android is like Unix, and when someone gets to your homescreen, they're essentially logged in as you.  They can start any application that you can, and start any service.  If you're rooted it's even worse, they can grant super user privileges to anything.

On the other hand, having to unlock your phone every time you get an IM or e-mail gets old fast.  For someone who has never lost a phone, the idea of skipping secure methods seems sensible.  We're not going to argue, your logic is sound (even if others think differently) and it's your device to use the way that makes you happy.  But we're curious.  Answer the poll and let us know!

Thanks, Icebike!

 

Do you use lockscreen security?

Read more and comment

 

Google Wallet's PIN security has been cracked, but there's a caveat -- this currently only is an issue if your phone is rooted. Not rooted? No worries. And with that said and done, here's the deal:

Your Google Wallet PIN (Personal Identification Number) is stored encrypted on your device, and a brute-force method was found to expose the SHA256 hex-encoded PIN information inside the database. This method, which was irresponsibly released to the public, can find the PIN without any incorrect attempts in the Wallet app itself, negating the five-try rule the application has for PIN entry.  (See it in action after the break.)

Now here's the not so sexy way to describe it all.  You'll need to have a phone with Google Wallet, AND have rooted your device, AND have not set a secure lock screen, AND then lose your phone. The person who finds it THEN can use the app the fellows at zvleo have made and since distributed to brute-force the PIN and THEN can use your phone to make payments, just like they could if they found your credit card, which likely would be quicker and easier than any of this.

Google has been notified and already knows how to fix the issue, but there's a problem. To make it more secure, Google will have to move the PIN information to be controlled and maintained by your bank. This not only will require some changes to the terms of service, but then we're relying on corporate banking institutions to keep our information safe. I'd wager that Citigroup's servers are easier to break into than Google's, and then you have the same issue all over again.

A better way to fix the problem would be to force users to use a better password. PIN information can be cracked so easy because it only uses four numbers. This means that there are only 10,000 possible combinations, and even a portable computer like your Android phone can pull off that sort of brute-force attack. Change the passcode to something like Fgtr5400&d77 -- using a combination of letters, numbers and symbols -- and it's far less likely to be broken, and even less likely to even be used because it's not convenient.  It's a Catch-22 -- a PIN is easy to use and remember, but it's also more easy to crack.

I'm not going to tell you to stop using Google Wallet, nor am I going to tell you to stop rooting your phone. I am going to tell you to pick it up, and put a passcode on the lock screen now, before you lose it.  

Source: zvelo

Read more and comment

 

Pages