Android’s Most Sophisticated Malware Ever! What Does it Mean to Me?

Read the rest of this entry »


Getting Google Nexus 4 to work on Windows 7

I recently received Google Nexus 4 (LG E960) for research and testing. So,  I decided to hook it up with my Windows 7 desktop for development. I also wanted to check out new Android Studio so I decided to install it as well.

Installing Android Studio was very straightforward. Please see some screenshots of the installation process below.

This slideshow requires JavaScript.

However, Windows 7 didn’t recognize Google Nexus 4 out of the box. I assumed that since I have installed Android Studio I should have latest Google USB Drivers but I was wrong. It took me a couple of hours to get it to work.

I ran into two problems:

I was not able to find developer options under settings on Nexus 4.

Instead, to enable Developer Options on Nexus 4 go to

About Phone-> Click 7 times on Build Number

and it will then show Developer Options under settings.

You will see following screen while clicking on build number:-

Pop-up when clicking on Build number

Pop-up when clicking on Build number

Under Developer options make sure  Stay Awake and USB Debugging options are checked.

Developer Options on Nexus 4

Developer Options on Nexus 4

Google Nexus not getting recognized by Windows & ADB

Windows 7 unable to find drivers for Nexus 4

Windows 7 unable to find drivers for Nexus 4

No devices were listed when I did

adb devices

So, before you start, make sure you have right software and driver version

  1. ADB – 1.0.31
  2. Google USB Drivers – 7.0.0
  3. Android SDK Tools Rev 22.0.1
  4. Android platform Tools Rev. 17
  5. Android SDK Build Tools Rev. 17

You should use SDK manager to install all the updates. For Google USB Drivers first uninstall/delete old drivers using SDK manager and then install latest version.

Once you have updated everything SDK Manager should look like following:

Android SDK Versions

Android SDK Versions

Google USB Driver Version

Google USB Driver Version

Once you have the latest Google USB Driver.  Connect your Nexus 4 to your PC via USB.

My Computer->Properties->Device Manager->Right Click Nexus 4-> Select Driver Tab -> Update Driver

Now locate and install latest Google USB Driver manualy. In my case it was located under

C:\Program Files\Android\android-studio\sdk\extras\google\usb_driver

Once installation is complete you should see:

Android Composite ADB Interface Installed Successfully

After driver is installed you might have to reboot your Nexus 4.
Make sure you are running latest platform tool by running adb version.


adb version

After reboot and version check you should do:

adb devices

As soon as ADB server starts you will get a pop on your phone to accept RSA fingerprint of the PC. Once you accept the RSA fingerprint you are all set to debug Nexus 4.

RSA Fingerprint Pop-up

RSA Fingerprint Pop-up on Nexus 4


Our Book is Getting published on April 15th

Book is now available for preorder on
Amazon

Book website AndroidinSecurity.com is also ready. Looking forward to your feedback


Is Android right for your teen? – Adult content on Android – lack of age verification and restrictions

It is a warning/disclosure familiar to all of us. Before a movie preview is played before it displays preview rating (something like this preview has been approved for all audiences etc.). In fact, most parents pay attention to labels like ‘G’, ‘PG’, ‘PG-13’, ‘R’ etc. Though these ratings are from MPAA and are associated with movies, similar warnings are displayed at lot of adult sites. Difference being that for accessing adult content on the web (or through applications), application or a website asks a user if he/she is above 18 years old. If you click ok, it allows you to view explicit/adult content. Though less than ideal, this is still something that prevents accidental viewing of explicit contents by minors.

If an application accesses or displays adult/explicit content on iPhone, the user is warned during installation. In addition, there are settings that can be enabled under ‘Settings” -> “General” -> “Restrictions”. There are quite a few options to fine tune type of content allowed on the phone. One can tune music, movies (with specific ratings), TV shows and applications.

While we were researching Android Markets for our book Android Security – Attacks and Defenses  Android does neither of above. It does not warn a user that application will be displaying adult or explicit content. Neither does it provide fine grain controls like iPhone.

We installed an application that displays explicit content on Android. There were multiple failures on part of Android to either warn the users or to provide right warning and provide restrictions.
To use Android Market and get an application from there, we need a Google account. We first created a Google account through Android phone. Account creation did not require us to provide our age. We then used this account to download an adult application from Android Market. We were not prompted about explicit content warning or asked us to confirm if we were above 17 years or older. Once application was downloaded, Android did not warn us that the application contains/displays explicit material and if we were 17+ years of age.

One can argue that the application used in our example below is very graphic. Thus user would be aware that content is explicit or adult. However, at times application names might not be explicit about type of content they would display. For an application like craigslist, though adult content is not primary goal of the application, user can run across such content through the application.

There are many ways through Android can (and should) take care of this issue:

This slideshow requires JavaScript.

  1. Creation of Google account through Android: User should be required to enter birth date before account is actually created. Content from Android market then should be restricted based on user’s age.
  2. Android should explicitly ask user permission during installation if application contains explicit material.
  3. Android should provide settings like iPhone where restrictions on content can be implemented. These should cover application, music, movies and so on. Android Parental Control is a free application available from Android Market and seems to be equivalent of iPhone restrictions. However, this type of functionality should be built into the platform itself.

Case study: Installing an adult application on Android

  1. Create Google Account to access Android Market. Note that none of the steps require us to enter our age or birth date.
  2. Android Market terms of service after Google account has been created.
  3. Searching Android Market for an adult application
  4. Installing ‘TV adult relaxation’ app from Android Market.
  5. Permissions requested by the application (includes Phone calls!). Note application alert that it contains explicit content.
  6. Application installs on the device
  7. Opening the installed application

Another thing to note is that Google account created through website does not allow a new account if it does not meet age requirements. However, one can create an account through Android and the above check is not enforced.


Our book Android Security – Attack and Defenses Coming Soon!

Check out our new site and our book cover. Give us your feedback.

Android Security – Attacks and Defenses