Home > Mobile, SmartMobile Phones & Tablets > Four Must-Have Android Settings, From a Security Expert

Four Must-Have Android Settings, From a Security Expert

Google made an announcement last week that it has located a latest security flaw in Google Wallet,  through which a determined could root one’s non-rooted device ex post facto and retrieve your Google Wallet prepaid card. That was partly true. So we can assure that there is technical issue that remains still, even though if Google Wallet itself is safer.

To recap the Google Wallet brouhaha this month, first researcher Joshua Rubin from zvelo revealed a quick, simple brute force technique to extract the Google Wallet PIN from a rooted phone. But it actually requires some skills, but the next day The Smartphone Champ revealed that even in a non-rooted Nexus smartphone with Google Wallet, a thief can steal your Google Wallet prepaid card by simply wiping Google Wallet settings and attaching the app to a new Google account. Atlast, Rubin made a report on how a thief can root one’s non-rooted phone ex post facto and steal their Google Wallet funds. This is processed due to the root privileges that does not remove all the data on one’s Android device, and Google prepaid cards are stored in the device, not in one’s Google Wallet account.

Google made a respond to Rubin’s discovery. It suspended new prepaid cards on Sunday. The corporation began re-issuing Google Wallet prepaid cards on Tuesday, claiming that it has fixed the problem. But as a spokesman told Neil Rubenking, Google’s “fix” was to require users to contact Google Support to re-activate a Google Wallet account. So yes, the technical issue still remains.

Rubin, who discovered the latest hack and told us how one might get past the lock screen to perform the root exploit, offered four easy ways to tighten the security settings on your Android device. Not only do we urge anyone using Google Wallet to do this, but any Android user concerned about securing the data on his device should make sure the following Settings are turned on:

1. Enable Lock Screens: Under Settings\Security. Enable Face Unlock, Pattern, PIN, and Password to increase physical security to the device. Slide doesn’t do much.

2. Disable USB Debugging: Under Settings\USB debugging. When enabled, the data on mobile devices can be accessed without first passing a lock screen challenge unless Full Disk Encryption is also enabled.

3. Enable Full Disk Encryption: Under Settings\Security. This will prevent even USB Debugging from bypassing the lock screen.

4. Maintain Device Up-To-Date: Ensure the device is current with the latest official software. Unfortunately, users are largely at the behest of their carrier and cell phone manufacturer for this, but when you are finally prompted to upgrade your operating system, do so. Using only official software and keeping devices up-to-date is the best way to minimize vulnerabilities and increase security overall.

Bonus: Stick to official app stores. This is far less likely, but an attacker can also discover your PIN lock (which is necessary for him to root your phone) if you accidentally install a malicious app that records your personal data, including PIN. Most malicious apps are distributed through shady Chinese/Russian app stores; to be on the safe side stick to the Android Market, GetJar, and the Amazon App Store.

And always read through app permissions, as malicious apps typically make unusual requests. Most mobile security apps, like McAfee Mobile, Lookout Mobile, and F-Secure Mobile Security, come with an app auditing feature to help you keep tabs on permission requests.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: