Xposed Framework – Proposed Solution

After my post on Google Wallet and the Xposed Framework I’ve done some thinking to see if there was some sort of solution to the security issue that is inherent in the Xposed Framework. It hit me. The answer is kind of obvious. My big gripe with the Xposed Framework is that it operates with impunity. Once a module is added to the white list, either through user interaction or a malicious action, there are no more checks done to insure that the functionality which is being altered is acceptable to the user. With standard root access there is a … Continue reading

Xposed Framework And Google Wallet

It turns out that Google Wallet was updated the other day. I know this because I recently flashed Paranoid Android and had wallet auto-update on me when I was trying to reinstall it. I was able to get it working by removing the Wallet and the update, opening the Play Store, disabling auto-updates, and then re-installing wallet (adb push /system/app). Being on that always wants to be on the bleeding edge I immediately looked around the internet for the latest patched version. The two threads that I follow on XDA relating to wallet seemed to be in a bit of … Continue reading

Xposed Framework – Android Security

Alrighty, let me put on my software engineering hat and pickup on some regular blogging about important topics! This is a continuation of my discussion on Android Security. Last time I talked about obtaining root on your phone. Once a phone is rooted the ability to modify system files can be requested by any application running on the phone. The key point being that applications request the ability to operate as the root user, they are not given the ability to do so by default. I’ve recently been reading about a project called the Xposed Framework. It’s a Github project designed to add hooks into the various methods … Continue reading

Android Security Risks

Android is a pretty solid operating system. Like any operating system it has some issues regarding system security. In the area of system security there are some obvious holes we could talk about. Almost all (actually I can’t think of any that have not) phones have been rooted through some security exploit. For the uninitiated having a rooted phone or obtaining root on your phone is akin to being system administrator on your PC. You can do anything to the Android system, essentially you have God Mode. For obvious reasons no manufactures ship their phones with root enabled. Doing so would put … Continue reading

Evernote Note Encryption

Perhaps my Internet Privacy article got you thinking or maybe you’re sticking around for more Evernote tips after reading my first Evernote article. This time I’m going to combine the two so that I can talk about leveraging a privacy in Evernote. One of the first things I immediately began to do in Evernote was to store my passwords for various sites and accounts. It occurred to me a short time after I started doing this that anyone that was able to access my Evernote account now had complete access to anything on the web! Just imagine, if you’re doing … Continue reading

Evernote Security Breach

You read my privacy article RIGHT! I suspect that there a few new Evernote users after my Evernote article. If you are a  haven’t checked your email then this is what you’ll find: Dear Evernote user, Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions. In our security investigation, we have found no evidence that any of the … Continue reading

Internet Privacy

Secure Cloud Computing By FutUndBeidl - Creative Commons 2.0

We All Know It… Keeping information private is hard. Really hard. The old mantra “if you don’t want anyone to know about something than don’t write it down” still holds true more than ever.  Before the internet if you were to have written down something sensitive you could be lucky enough to destroy the evidence.  Now with the internet once you write something online it’s there.