Sofia Elizabella Wyciślik-Wilson

More than three quarters of Android phones are vulnerable to screen and audio recording by attackers. By exploiting the MediaProjection service, an attacker can easily trick a user into granting the relevant rights to a malicious app.

Although the vulnerability has been fixed in Android 8 Oreo, users running Lollipop, Marshmallow or Nougat remain at risk. MediaProjection is -- by design -- able to capture screen activity and audio, and it does have legitimate uses, but by using a technique known as tap-jacking permission can be given for it to be used for more nefarious things.

Continue reading →

Following the shooting in a Texas church a couple of weeks ago, it quickly emerged that the FBI was having trouble accessing data stored on the shooter's encrypted phone. While authorities refused to disclose the make and model of the device, when Apple said that it had contacted the FBI to offer help, it all but confirmed early reports that an iPhone was at the center of the case.

Now Apple has been served with a warrant to help local law enforcement officers to access messages, photos and other data stored on gunman Devin Patrick Kelley's iPhone SE.

Continue reading →

Regulators in Germany have introduced a ban on children's smartwatches citing privacy concerns. Telecoms regulator the Federal Network Agency (FNA) describes the wearables as "spying devices" and advises parents to destroy them.

The FNA said that parents had been using such smartwatches to listen in on their children at school, and warned teachers to be on the lookout for them. But a lack of regulation of the devices means that many have poor security, meaning they could be used by others to spy on wearers.

Continue reading →

It seems as though Apple's upcoming iMac Pro will feature an A10 Fusion chip as a co-processor. The inclusion of the chip -- the same one used in the iPhone 7 -- has led to speculation that "Hey, Siri" support could be making its way to macOS.

A couple of developers cracked open Apple's BridgeOS 2.0 software package, and the code shows that the chip appears to be used to handle security and the boot process. But it's the prospect of always-on "Hey, Siri" support that will interest many people.

Continue reading →

Since Vista, Windows has included a security feature known as ASLR. Address Space Layout Randomization uses a random memory address to execute code, but in Windows 8, Windows 8.1 and Windows 10 the feature is not always applied properly.

A security analyst discovered that in the last three versions of Windows, ASLR was in fact not using random memory addresses, essentially rendering it useless. The good news is that there is a fix -- but you will have to apply it manually.

Continue reading →

The launch of the eagerly anticipated Apple HomePod has been delayed until next year. The iPhone maker had planned to release its answer to Google Home and Amazon Echo in December, but now admits that more development is needed.

The delay means that anyone hoping to get a HomePod for Christmas is going to be disappointed. Apple has not elaborated on the exact cause of the delay, but with a "premium" price tag of $350 -- and this being a product coming from the Apple stable -- customers are not going to be happy with something that is less than perfect.

Continue reading →

Adblock Plus is using the disappearance of the popular Android app UC Browser from Google Play to promote its own mobile web browser.

An open letter to people looking for the currently-unavailable UC Browser calls on mobile web users to give Adblock Browser a try. The privacy-focused browser includes, obviously, an adblocker and, as Adblock Plus cheekily points out, "we haven't been kicked out of the store."

Continue reading →

The Android web browser UC Browser disappeared from Google Play recently, and there has been great speculation about just what caused the app to be pulled. Now the company behind it has spoken out, giving a little more detail about what has happened.

While it was previously thought that "misleading and unhealthy methods of promotion" were to blame, it turns out that a setting within the app was problematic.

Continue reading →

Google recently announced that it was going to take action against apps that misuse its Accessibility Services API. There are a number of big-name apps that make use of this API, including the likes of LastPass and Tasker.

Users of the password management tool were concerned to hear that their favorite app could be affected. But the company has spoken out to say that it is working with Google, and there will be "no immediate impact" to its users.

Continue reading →

It's always great when something is free, but there is the danger that it becomes undervalued. That's precisely what seems to have happened with Microsoft's beta exam program, so the company has decided to start charging candidates to sit exams.

This is not so much about using the exams as a way of filling Microsoft's coffers, but more about trying to ensure that people who want to take the exams are able to. The Windows-maker says that there have been many instances of no-shows, and this is depriving others of a seat.

Continue reading →

After awarding the coveted blue tick of verification to a white supremacist, Twitter recently announced that it would be pausing its verification program. Making good on this promise, Twitter says that it is not only no longer accepting public requests for accounts to be verified, it is also introducing new guidelines, and removing the verification tick from accounts that do not make the grade.

This means that white nationalist Richard Spencer, far-righter Laura Loomer, English Defence League founder Tommy Robinson and others no longer have a blue tick next to their names. While Twitter is promoting this clamp down as part of its war on hate speech, some are complaining that the company is trying to silence right-wing voices.

Continue reading →

YouTube is -- of course -- about video, but it is becoming more than that. Google has just announced that it is teaming up with Ticketmaster, giving people the opportunity to learn about concert dates and buy concert tickets while watching artists' videos.

For now, the feature is limited to the US, but there are plans to roll it out on a wider scale. With YouTube increasingly used as a marketing tool by musicians, the progression to using it as a ticket outlet is hardly surprising -- but it's not clear what sort of cut Google is planning to take, and whether this could ultimately push up tickets prices.

Continue reading →

UC Browser -- the Android web browser with more than half a billion downloads to its name, and which has proved particularly popular in India -- has been pulled from Google Play.

In addition to download from the Play Store, the browser came preinstalled on a number of handsets, and it gained popularity thanks to its speedy performance and low system requirements. But the fact that it "used 'Misleading' and 'Unhealthy' methods of promotion" led to it being nixed.

Continue reading →

Rooting Android phones is fairly common these days, and it opens up the possibility of doing things that would not otherwise be an option. But if you are rooting your phone, you want it to be you who is in charge of the process. If you have a OnePlus phone, you may be interested -- and a little disturbed -- to learn that the company is preinstalling an app that acts as a backdoor to root access.

The app is called EngineerMode and it is preinstalled on the OnePlus 3, 3T and 5. It is possible to exploit the app to gain root access to a device -- all it takes is a simple command and a password that can be determined fairly easily. On one hand this is a worrying discovery; on the other, it opens up a way to root OnePlus phones without unlocking the bootloader.

Continue reading →

Buying an Xbox One game as a gift for Christmas, birthday, or other occasion no longer means having to hit the stores, or buy a gift card. Microsoft has now opened up digital game gifting to everyone.

While this is not a completely new option, it was previously only possible to send games to people via Xbox Live. Now you can buy a digital game for a friend or family member, and send it to them via email.

Continue reading →