google play – Tech Today w/ Ken May

Google releases its Android file storage manager to all

Google has filled a big hole in its Android system by releasing Files Go! , its mobile file organization and sharing app. Launched in beta last month , the app makes it easier for Android users to free up space, find files, back them up to the cloud, and share them with other smartphones, even offline. It’s one of the linchpin apps of Google’s Oreo 8.1 (Go edition) , a slimmed down version of Android meant for the less-powerful devices in developing nations. Files Go! will also be handy for power users who currently lean on third-party file organization apps, which are often paid or ad-supported . On top of giving you direct access to your downloads, received files, apps, images, video, audio and documents, it will offer suggestions for freeing up space. For instance, it can tell you how much you can free from your app cache, unused apps, large files and downloaded files. It’ll also offer to move files to an SD card, if you have one. Another long overdue feature is the ability to share files offline, Airdrop-style. When you enable the feature, it lets you create a “hotspot” to connect and transfer files via Bluetooth. If a friend also has Files Go and file sharing enabled, it’s simply a matter of hitting send or receive. “The file transfers are encrypted, fast (up to 125 Mbps) and free, ” says Google. The app can also remind you when you’re low on storage and let you backup files to Drive, OneDrive, Dropbox and other apps. Google says it has been testing the app for a month and has saved users an average of 1GB space. It’s now available for all on the Google Play Store , assuming you have Android 5.0 or higher. ” Source: Google

Malicious apps with >1 million downloads slip past Google defenses twice

Enlarge / One of the fee-based services ExpensiveWallpaper apps subscribed users to. Researchers recently found at least 50 apps in the official Google Play market that made charges for fee-based services without the knowledge or permission of users. The apps were downloaded as many as 4.2 million times. Google quickly removed the apps after the researchers reported them, but within days, apps from the same malicious family were back and infected more than 5,000 devices. The apps, all from a family of malware that security firm Check Point calls ExpensiveWall, surreptitiously uploaded phone numbers, locations, and unique hardware identifiers to attacker-controlled servers. The apps then used the phone numbers to sign up unwitting users to premium services and to send fraudulent premium text messages, a move that caused users to be billed. Check Point researchers didn’t know how much revenue was generated by the apps. Google Play showed the apps had from 1 million to 4.2 million downloads. Packing heat ExpensiveWall—named after one of the individual apps called LovelyWall—used a common obfuscation technique known as packing. By compressing or encrypting the executable file before it’s uploaded to Play, attackers can hide its maliciousness from Google’s malware scanners. A key included in the package then reassembled the executable once the file was safely on the targeted device. Although packing is more than a decade old, Google’s failure to catch the apps, even after the first batch was removed, underscores how effective the technique remains. Read 3 remaining paragraphs | Comments

More:
Malicious apps with >1 million downloads slip past Google defenses twice

One of 1st-known Android DDoS malware infects phones in 100 countries

Enlarge (credit: portal gda ) Last year, a series of record-setting attacks hitting sites including KrebsOnSecurity and a French Web host underscored a new threat that had previously gone overlooked: millions of Internet-connected digital video recorders and similar devices that could easily be wrangled into botnets that challenged the resources of even large security services. Now, for one of the first times, researchers are reporting a new platform recently used to wage powerful denial-of-service attacks that were distributed among hundreds of thousands of poorly secured devices: Google’s Android operating system for phones and tablets. The botnet was made up of some 300 apps available in the official Google Play market. Once installed, they surreptitiously conscripted devices into a malicious network that sent junk traffic to certain websites with the goal of causing them to go offline or become unresponsive. At its height, the WireX botnet controlled more than 120,000 IP addresses located in 100 countries. The junk traffic came in the form of HTTP requests that were directed at specific sites, many of which received notes ahead of time warning of the attacks unless operators paid ransoms. By spreading the attacks among so many phones all over the world and hiding them inside common Web requests, the attackers made it hard for the companies that defend against DDoS attacks to initially figure out how they worked. The attacks bombarded targets with as many as 20,000 HTTP requests per second in an attempt to exhaust server resources. Read 8 remaining paragraphs | Comments

Taken from:
One of 1st-known Android DDoS malware infects phones in 100 countries

Researchers report >4,000 apps that secretly record audio and steal logs

(credit: Ron Amadeo) A single threat actor has aggressively bombarded Android users with more than 4,000 spyware apps since February, and in at least three cases the actor snuck the apps into Google’s official Play Market, security researchers said Thursday. Soniac was one of the three apps that made its way into Google Play , according to a blog post published Thursday by a researcher from mobile security firm Lookout. The app, which had from 1,000 to 5,000 downloads before Google removed it, provided messaging functions through a customized version of the Telegram communications program. Behind the scenes, Soniac had the ability to surreptitiously record audio, take phones, make calls, send text messages, and retrieve logs, contacts, and information about Wi-Fi access points. Google ejected the app after Lookout reported it as malicious. Two other apps—one called Hulk Messenger and the other Troy Chat—were also available in Play but were later removed. It’s not clear if the developer withdrew the apps or if Google expelled them after discovering their spying capabilities. The remaining apps—which since February number slightly more than 4,000—are being distributed through other channels that weren’t immediately clear. Lookout researcher Michael Flossman said those channels may include alternative markets or targeted text messages that include a download link. The apps are all part of a malware family Lookout calls SonicSpy. Read 4 remaining paragraphs | Comments

Taken from:
Researchers report >4,000 apps that secretly record audio and steal logs

Android O beta is available to download today

It wouldn’t be Google’s annual developer conference without the birth of the latest version of Android, would it? 2017 sees the company announcing Android O, an operating system that’s not really about flashy features. Instead, the software is all about making the user’s experience that much easier and better, thanks to weirdly-named concepts like “Fluid Experiences” and “Vitals.” We’ve already seen big chunks of Android O, which has been available in developer preview form since March. Much of Google’s effort has been behind the scenes, reducing battery drain, improving notifications and joining up its platforms to make the experience that much more seamless. Some of these features are covered by Fluid Experiences, which includes a picture-in-picture mode, the aforementioned new notifications and Google’s smart text selection / autofill. In addition, Android O is packing a “lite” version of Tensorflow , software that enables computers to learn quicker than ever before. In the Vitals column, there’s faster boot and app load times, as well as Play Console Dashboards and Android Studio Profilers. Android O is also getting Google Play Protect , a raft of new security features to protect your device from security threats with a built-in device finder. One of the biggest cheers at I/O went up when the company announced that Android O would support the Kotlin programming language. In the run up to I/O, we also learned about other features that Android O will be boasting, including a technology called ” Copyless Pasting .” In addition, Google recently lifted the lid on Project Treble , which will apparently ease the pain of getting updates pushed out to various handsets. The Android O beta is available to download from today and will be available for everyone later this year. This is a developing news story, please refresh the page for more information. For all the latest news and updates from Google I/O 2017, follow along here

Original post:
Android O beta is available to download today

132 Google Play apps tried to infect Android users with… Windows malware

Enlarge (credit: Palo Alto Networks ) It’s a mystery that left researchers scratching their heads: 132 Android apps in the official Google Play market attempted to infect users with… Windows malware. The apps, which were spawned by seven different developers, mostly contained carefully concealed HTML-based iframe tags that connected to two heavily obfuscated malicious domains. In one case, an app didn’t use iframes but instead used Microsoft’s Visual Basic language to inject an entire obfuscated Windows executable into the HTML. The apps were equipped with two capabilities. One was to load interstitial ads, and the other was to load the main app. The main apps loaded WebView components that were configured to allow loaded JavaScript code to access the app’s native functionality. An example of one infected app’s user interface and underlying code. (credit: Palo Alto Networks ) That was a lot of work considering that the Windows-based malware was incapable of executing on an Android device. On top of that, the two malicious domains in the iframes—brenz.pl and chura.pl—were taken over by Polish security authorities in 2013. So what, precisely, was going on? Read 3 remaining paragraphs | Comments

Taken from:
132 Google Play apps tried to infect Android users with… Windows malware

Signal tries its hand at encrypted video and voice calling

Open Whisper Systems’ Signal app is no longer limited to keeping text chats out of the wrong hands . A beta version of the Android app now includes experimental support for video and voice calling. Both sides of a conversation will have to switch the features on in settings for this to work, but you’re otherwise free to talk knowing that encryption should prevent eavesdropping. It’s not certain when the feature will be available to every Signal user, although the phrasing of the update suggests that it’s more a matter of “when” than “if.” And iPhone owners won’t be left out — OWS has mentioned that video and voice will be available in an upcoming iOS beta release. Via: Android Police , TechCrunch Source: Google Play

View original post here:
Signal tries its hand at encrypted video and voice calling

All Chromebooks launching in 2017 will be compatible with Android apps

All Chromebooks new in 2017 will support Android apps out of the box. An update will not be required. Owners will be able to take the Chromebook home, open it up and immediately access the Google Play Store. The news comes from a single line of text on Google’s list of Chromebooks compatible with Android apps. “All Chromebooks launching in 2017 and after as well as the… Read More

Pandora’s new website points to an on-demand future

Pandora has generated a lot of buzz about its rumored on-demand platform based on Rdio, and is working on an extensive re-branding ahead of that. It recently unveiled a new logo , and today launched a completely revamped website. As part of the new changes, you’ll now see radio stations in a grid of album art instead of an ordered list, much like with Google Play Music . The control bar with thumbs up/thumbs down, play, pause and song information has moved from the top of the screen to the very bottom now as well. The design makes lets you navigate “between past, present and future listening, ” Pandora says, making it easier to create and organize stations. Interestingly, Pandora cribbed from Spotify and is offering tour dates on both the Now Playing and artist profile pages. Finally, you’ll be able to replay and skip tracks, provided you’re willing to watch a video commercial, while subscribers to the $5 Pandora Plus option will be able to do it ad-free. There are no options to stream songs on demand, but that will likely change soon. Pandora will reportedly launch a $10 on-demand service like Spotify or Apple Music based on the technology it purchased from bankrupt Rdio. When it arrives, Pandora plans to expand to new countries and has ambitions to triple its subscriber base to 11 million by 2020. Despite having 78 million monthly listeners and 3.9 million subscribers, the company lost $170 million last year. Given all that, it no doubt wants a strong launch for its on-demand site, starting with the new logo and website refresh.

See the original article here:
Pandora’s new website points to an on-demand future

The Google Play Store Is Now Available in Chrome OS, Brings Android Apps to Your Chromebook

Previously, the only Chrome OS version that included Google Play was the beta version. Today, it’s available to in the wide, stable release of Chrome OS. The new features allow you to load up any Android app you want on your Chromebook . Read more…

More:
The Google Play Store Is Now Available in Chrome OS, Brings Android Apps to Your Chromebook