Android M — Latest Google Android OS WHAT does "M" stand for any guess?

While majority of smartphone users are waiting for Android 5.0 Lollipop update for their devices, Google is soon going to launch the next version of Android at its official Google I/O 2015 developer event May 28 in San Francisco.

Android M — The name of the latest version of Android mobile operating system was spotted at the Google I/O 2015 schedule under the "Android for Work Update" Session, which says…

"Android M is bringing the power of Android to all kinds of workplaces."

According to the company, this will open up "huge new markets for hundreds of Millions of devices to workers at small businesses, logistics, deskless workers, and warehousing jobs."However, Google appears to have since removed any mention of Android M from Google's I/O website, most probably the company wants to keep it as a surprise for Android users.

Considering the full Android releases with starting letters in alphabetical order, — Android M — strongly believes to be the next version of the Android operating system.

When the Google launched Android 5.0 at its developer conference last year, it was known by the name "Android L" before the company revealed its final name "Lollipop" months later.

Some More highlights:

The schedule also includes another session "Voice Access" known as "Your app, now available hands-free," which suggests that Google wants its users to control every feature of Android apps by their own Voice Command.

As the Voice Access session says, "In this talk, we introduce Voice Access, a service that gives anyone access to their Android device through voice alone."

The main highlights of the Google I/O schedule are yet Android M, which will eventually get some sweet sugary name too like all the previous versions of Android OS.

Till then, What do you think the "M" will stand for? Will it be Mousse, Muffin, or something else?

Hit the comments below.

Read more »

BodyPrint Technology Turns Smartphones into Biometric Scanners

Yahoo! don’t want you to every time type a PIN or swipe your phone or scan your thumbprint in order to unlock your smartphone. Instead, it only wants you to place your smartphone device on your ear in order to do that.

A new concept from Yahoo’s Research Labs is out that doesn’t focus on old fingerprint biometric scanners that are major form of biometric security on today’s smartphones, rather focuses on an idea of Bodyprint as the futuristic biometric security.A team of researchers from the Internet giant has developed a new biometric system called "Bodyprint," which is a much affordable alternative to fingerprint scanners for mobile phones.

What does Bodyprint scan?

Bodyprint, built by researchers Christian Holz, Senaka Buthpitiya, and Marius Knaust, is designed to utilize different body parts as biometric sensors for different cases, depending on how the users are using their phones.

As mentioned above, Bodyprint can recognize you from your ears, but it can also identify you from…

• Your palm
• The knuckles of a fist bump
• Set of five fingers around the edge of the mobile screen when tightly holding the device

So now, you do not want to wait for giving an authentication by swiping the screen or scanning for fingerprints or typing PIN in order to answer the calls.

Just put your smartphone on your ear and let touchscreen sensor scans the shape of your ear, That is it.

If your ear prints match, the call will automatically be answered.

You can also use any of the above body divisions to lock your important documents and keep them safe from intruders.

The difference between Fingerprint system and Yahoo!’s Bodyprint system is no larger:

• Instead of finger, Bodyprint would scan the shape of your ear
• Instead of a fingerprint sensor, Bodyprint would use the Capacitive touchscreen displays your phone already has built-in.

Yes, it does not need any extra hardware for enrollment except a Capacitive Touchscreen.

"Unlocking your smartphone is something you do 150 times per day," said Christian Holz. "You want to make unlocking [your phone] convenient but also secure. That’s why fingerprint scanners are so successful."

However, other body parts can unlock your mobile phones in a fast and secure manner, he added.

Yahoo!’s Bodyprint is much more affordable than other fingerprint sensors:

When compared to relatively expensive fingerprint sensors that have been deployed by major companies in their mobile phones, this new technology by Yahoo! is very much affordable that it could even be used on any cheap phone with a capacitive touchscreen.

However, displays have lower input resolution compared to other specialized sensors available in the market. Therefore, this biometric system requires you to use larger parts of your body.

Yahoo’s researchers are working to make this new concept a Reality:

Bodyprint was demonstrated at the 2015 Computer-Human Interaction Conference (CHI) in Seoul, South Korea this week. The technology was tested on 12 different people, and it accurately identified all the bodyprints and their owners 99.98% of the time.

However, researchers of Yahoo! plan to improve the recognition algorithms in Bodyprint and conduct their test on a wider scale before they deploy the Bodyprint biometric systems in commercial devices in near future.

Read more »

Lost Your Phone? Google Search 'Find My Phone' To Locate It

How many of you have an issue to forget your mobile phones? I guess, most of us.

Sometimes in our homes, sometimes in our offices, sometimes in our cars and sometimes we even don’t remember the exact place where we left our phones. 

Now, Finding your phone is as simple as searching something on Google...

Instead of searching your phone everywhere, just ask Google where your phone is, and the search engine giant will answer you the exact place where you left your smartphone. 

Sound’s interesting!

Google unveiled a new feature on Wednesday that lets you search for your Android smartphone or tablet using the search engine on your desktop computer.

How does it work?

• Log-in to the same Google account on your desktop computer’s browser that you use on your Android smartphone, but before that make sure you must have the latest version of the Google app installed on your smartphone.

• Now type "Find my phone" into Google's search engine, and that’s it.

As soon as you press the enter button, Google will display a map that eventually shows you a location on the map that is accurate to a certain distance, as for example, the map showed me the location of my smartphone was accurate to 35 feet.

However, what if your phone is not visible to you?

Google also offers you a Ring button on the map in order to pinpoint your phone. 

You just need to click on Ring icon and the search engine giant will ring your smartphone at full volume for up to five minutes. Moreover, once you hand on it, simply press the power button to turn off the ringing.

Not Google alone…

...a similar feature known as Android Device Manager can also help you locate and ring your Android devices. Also in case your Android device has been stolen, this feature helps you to factory reset your device remotely and reset the password if the device is recovered or erase its data.

Apple also offers a similar tracking feature, known as Find My iPhone, that helps iOS users to track down their missing iPhone or iPad, remotely locate its exact location by ringing, lock it and erase its data.

Read more »

Android 'Trusted Voice': My Voice Is My Password

Today device unlocking has become far more secure over the years, from PIN number unlock to Pattern unlock and biometric unlocks including fingerprinting and facial recognition. But...

...What If Your Android Device Can Identify Your Voice before authenticating any access?

This exactly what Google is trying to provide its Android 5.0 Lollipop users.

Users running Android 5.0 Lollipop on their smartphone devices may soon be able to unlock their devices simply by saying "OK Google.""Smart Lock" is one of the most convenient security features provided in Lollipop that offers a handful of clever ways to unlock an Android device automatically, which yet includes:

• Trusted Device
• Trusted Places
• Trusted Face

However, Google is now rolling out a new smart lock, dubbed "Trusted Voice," that uses your voice as a password to unlock your device.

Just as your fingerprint or face recognition is considered distinctive enough for biometric recognition system purposes, so is your VoicePrint unique too enough to identify you.

Android's Trusted Voice feature provides you the authentication of your Lollipop 5.0 device when you give an "OK Google" voice command.

This is not new the very first time Google is introducing this feature…

...the company is already offering voice recognition feature in devices such as the Nexus 6, but the function didn’t work for them as some of the voice commands provided by the users get blocked by a secure lock screen.

However, this new "Trusted Voice" smart lock resolves this problem by bypassing the lock based on how you say "OK Google," which means now it won’t matter how you say OK Google.

How Secure is this system?

Now that's the point which has to be discussed:

When you enable "Trusted Voice" on your smart device, pop up warns you that this feature is not as secure as other methods to lock the screen.

This is because someone with a similar voice could potentially fool your smartphone, or anyone could just use a recording of your voice to unlock your device.

So, Better Keep your Android Device away from mimicry artist ;)

In real World, Biometric devices use similar voice verification as 2nd-factor of authentication, where an automated system can identify individuals by measuring their unique vocal characteristics.

If a sample of your voice matches, you are verified as being who you claim to be.

So far, it is not clear whether Google will keep users' voice samples on Android device locally or it would send it to their Cloud as well.

FBI ALSO WANT YOUR VOICE SAMPLES

The FBI Biometric Center of Excellence strongly believes that voice recognition systems are an excellent choice for remote authentication. However, they are deeply interested in collecting massive voice samplesaround the World.

In 2014, the Operational Technology Division (OTD) of FBI launched a huge database of biometric information, including images of users’ faces, DNA, voice samples, fingerprints, irises, and palms, along with the details of scars, tattoos, and other body marks.

The Agency’s Database already loaded with intimate information about those people as well, who are never convicted of any crime in their entire life.

"Over the years, biometrics has been incredibly useful to the FBI and its partners in the law enforcement and intelligence communities—not only to authenticate an individual’s identity (you are who are say you are), but more importantly, to figure out who someone is (by a fingerprint left on a murder weapon or a bomb, for example), typically by scanning a database of records for a match," said FBI on its website.

Considering Edward Snowden revelation about Big Tech Companies handling over users' data to US Law enforcement suggests that 'Trusted Voice' could become a legitimate way by U.S Government to collect voice samples around the World if not protected properly.

So, When do you get Trusted Voice?

Google has not officially announced 'Trusted Voice' yet, but according to recent reports, this feature is just rolling out now, and there are, so far, no specific timelines available to try this feature on our devices, but most users would start to see it soon.

Read more »

How to Unroot Your Android Device

Android the leading Operating Sytem in Smartphone Devices because it is a Open Source Software. It has enoromous feature such that it has its own market ,i.e, Google Play Store which also offers many free apps to you.

But anyway at some extent we are required to root our Andriod Smartphones to increase our custom RAM to for higher performance, wants to get rid of pre-installed Android apps and also some of the Android apps only run on Rooted Smartphone Device. But this cost a lot to us by loosing our warranty from the manufaturer of Smartphone. If Something goes wrong after rooting the Smartphone then You should better forget about your Warranty Card.

But this post will provide you the freedom to get backing the warranty by reversing the process of Rooting. Yes ! that's mean you can Unroot you Android Device as our title states. Unrooting your phone is very simple. All you need is some apps that will be listed below and some patients.

Steps to Unroot your Android Device :

As I mentioned above that unrooting your Device will require some apps which I am mentioning below with he steps :

1.  Super SU

SuperSU

You can Download SuperSU free from the Google Play Store.

Steps to use SuperSU to Unroot Android Device :

1. Download and Install SuperSU from the Google Play Store in your Android Device.
   
2. Open SuperSU and then tap on the 'Setting' and after that 'Full Unroot'

That's it now wait and let this app to do its job to Unroot your Android Device.

2.  OTA RootKeeper

OTA RootKeeper

You can Download OTA RootKeeper free from the Google Play Store.

Steps to use OTA RootKeeper to Unroot Android Device :

1. Download and Install this app from the Google Play Store on your Rooted Device.
2. Now Open the app and tap on 'Temp.un-root'  (means this lead to a temporary Unroot on your Device).
3. Click again tap on the 'Delete su backup' (This will delete Backup that's lead to permanent unroot of your Device).

That's it now wait and let this app to do its job to Unroot your Android Device.

In this way you can unroot your Android Device with a few Android few apps which are available on Google Play Store for free and can get back your Warranty. Enjoy !

Read more »

How to increase Whatsapp file size limit

Whatsapp Messenger is the most used messenger in the word.Other than sending messages it has also became a medium to share pictures and videos quickly but for a long time a problem has been associated with this sharing i.e the 16 mb whatsapp file size limit on videos that can be shared by whatsapp.Since most videos today are greater in size it annoys a lot of user. So today With this guide we will show how to increase whatsapp file size limit that you can send with WhatsApp.Through this whatsapp trick the whatsapp video size can be increased to 2048..

Increase maximum whatsapp file size limit without root

For increasing  whatsapp file size limit you will need a app called cloudsend.That is used for sending any type of file through any messenger but it is used extensively for android.Follow these steps below to use cloudsend

-Install Cloudsend from playstore

CloudSend will ask you to link it with your Dropbox account. Without any hassle, allow it.

-Now you have completely setup the sharing process.

-Now Navigate to the file you wish to share with your friends.

-Long tap on the file and chose share option

-It will Upload the file and create a sharing link and you can send the link to the other user.

 

Increase whatsapp file size (Root Required)

If your phone is rooted then you can do it without any hassle or links.

Requirements

To Increase whatsapp file limit you need to complete following requirements

• Have permission to ROOT
• Having installed a File Explorer (Root Browser type or similar)
• Having already installed and activated WhatsApp on your device

Increase Maximum size

• Open the folder date and its sub date

• Open the folder com.whatsapp and subsequently its subfolder shared_prefs folder

• Open the file com.whatsapp_prefrences.xml via TEXT EDITORS (so you can edit and save the strings)
• Search for the string with the inscription <int name = “media_limit_mb” value = “16” />

• Now just change the number “16” with the MB that you want (It is recommended to make a backup of the file before editing)
• Save the file and reboot the device

Next time when you will send a file you will see the maximum whatsapp file size limit is increased to 1024 Mb

So here are the most useful and most Know ways to increase whatsapp file size limit .if you know any other useful tip share with us in comments.also subscribe or share the tips for everyone to know.

Read more »

How To Run Android Apps in Chrome Browser with Google ARC

Last year at Google I/O developer event, Google launched a limited beta "App Runtime for Chrome" (ARC) project, which now expanded to run millions of Android apps within Chrome browser.

Google has released a new developer tool called App Runtime for Chrome (ARC) Welder that allows Android apps to run on Chrome for Linux, Windows, and OS X systems.

App Runtime for Chrome (ARC) was an early experiment specifically designed for app developers, but now anyone can download it.

Google Chrome's ARC Welder app can now run any of your favorite Android apps like WhatsApp, Candy Crush, Angry Birds, all from your Chrome web browser.ARC welder tool operates via some special runtime implemented using Native Client (NaCl) in-browser binary execution tech.

Native Client is a Chrome sandboxing technology that allows Chrome plugins and apps to run at near-native speeds, taking full advantage of the system's CPU and GPU.

Google ported complete Android stack to Native Client, allowing Android apps to run on most major operating systems.

Google ARC welder tool is based on Android 4.4, but there are some limitations:

• you can load only one app at a time
• you have to select portrait or landscape layout
• you need to choose, whether you want the app to run on phone- or tablet-style.

LEARN HOW TO RUN ANDROID APPS IN CHROME:-

1. Install the latest Google Chrome browser.
2. Download and run the ARC Welder app from the Chrome Store.
3. Add third party APK file host.
4. After downloading APK app file to your PC, click Open.
5. Select the mode -> "Tablet" or "Phone" -> in which you want to run your app.
6. Finally, click the "Launch App" button.

I have personally tried this tool before writing, and some of my favorite Android apps work pretty well.

You can follow official detailed instructions released by Google for app developers to use ARC and test Android app for use on Chrome OS devices.

Read more »

Problems after Android Lollipop update? Try this to fix them

Android Lollipop was formally announced in the first half of November and since then it is slowly reaching smartphones. The Nexus 4 and the Nexus 5 have already been updated. It is also available for several Android tablets. A few Motorola phones too have got it while many other smartphone companies are working on early versions of the Lollipop update for their phones.

While there is no doubt that Android Lollipop is pretty much an awesome update, a lot of users have reported issues with it. There are reports of poorer battery life, app crashes, random reboots and occasionally slow performance. The odd bit about this update is that not all users have reported these issues. For many the Android Lollipop update has been pretty good. So what is happening?

While we don't exactly have an insight into what is causing problems in some phones after Lollipop update -- there could be thousands of issues -- we do have a theory.

Android Lollipop is a huge change from the earlier versions of the Android. The changes are not limited to the visible ones in the user interface but also part of the under-the-hood revamp. For example, Android Lollipop adds ART, which is a completely new way of how apps are run and memory is managed. Then the Android Lollipop has different way of handing user interface elements like translucency and layers.

It also comes with a new camera API and new way of handling graphics.

To summarise, the Android Lollipop such a big departure from the earlier version of Android that it is bound to have rough edges and bugs. But what really exaggerate the problem, we believe, is over the air update. When people use a phone they collect apps and data in their devices. When you update your phone to something as radically different as Lollipop and make it work with the older data, configuration, settings and apps it is possible to run into glitches.

Incompatibility, even when the compatibility is guaranteed by the OS maker, is one of the reasons why geeks often prefer to install OS updates from the scratch. This was especially true for something like Windows and we believe it is possible that the same approach has to be taken with Android, especially when moving to something that has too many under-the-hood changes.

Now, that we have established the theory, here are the fixes we suggest if you are running into issues after Lollipop update:

-- If your apps are crashing a lot, create a list of these apps. Update them if the update is available.

-- If update doesn't solve the issue, then go to Settings > Apps > The App That Is Crashing > Clear Cache > Force Stop > Restart the phone.

-- If this doesn't solve the issue follow the same process again but this time also CLEAR the app data. Though this will also delete local data, for example Facebook photos you may have downloaded, from your phone. Also, you will have to login again into the app after deleting its data.

-- If this doesn't solve the issue, uninstall the apps that are crashing and reinstall them.

-- If this doesn't solve the issue, do a factory reset of the phone. before doing the factory reset copy any data that you want to save. Copying data from Android is easy so you shouldn't have much problem in saving important photos or music from your phone into a computer.

-- Factory reset will solve the issue. If it doesn't, wipe the phone clean and manually install the Android Lollipop. We had earlier provided a method to manually install the official Android Lollipop update on the Nexus 5. For the Nexus 4 and other devices the process is same. Only the files and drivers change.

Most of the problems with the Android Lollipop are because of issues with the over the air update (OTA) and possibly older data/apps. Ideally, Google should have taken care of it or should have offered to do a clean install through OTA, without keeping the older data intact on the phone, but may be it went with the option that was easiest and most convenient for consumers. Sadly, it looks like this method also caused several issues and glitches.

Read more »

Google Play offering free apps, games, and movies on third anniversary

On its third birthday, Google Play will be giving away free as well as discounted apps and games to its users. 17 'hot deals' are available through various categories, and Google Pay US has listed 33 such deals.

Games such as Racing Rivals are up for grabs for free. Other free app downloads include Wunderlist, whereas Runtastic Running PRO and Runtastic Sit-Ups PRO Trainer, and Facetune are available for Rs.6. 

Also, movies on Google Play India include Bean, Honey, I shrunk the kids, High School Musical 3 Senior Year, Hannah Montana The Movie, Race 2, ABCD, Ek Main Aur Ekk Tu, and Barfi. Some books on the list are Breaking Out and Making Big, A No-nonsense Book on Start-Ups and Entrepreneurship, Feel Fit, Look Fantastic, and Jail Diary. 

Whereas, in the US version, Runtastic Runner app is now selling for $0.10, while Kill Bill Volume One and Two are available at $2.99 each. To recap things, Google rebranded Android Market into Google Play in 2012. 

Read more »

Google breaks promise of data encryption on Android Lollipop

Google seems to have silently backed out from its promise. Last year, the tech giant had announced that all its upcoming devices running android 5.0 Lollipop would require full-disk encryption.

With the new phones running Lollipop are out in the market, they don't seem encrypted by default making it clear that the company has quietly pulled back its promise.

Last year, Google had said that the devices running its next version of Android a 5.0 Lollipop will require full-disk encryption on all upcoming phones by default.

Google's Android 5.0 compatibility definition for full-disk encryption states, "For devices supporting full-disk encryption, the full-disk encryption should be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as should for this version of the Android platform, it is very strongly recommended as we expect this to change to must in the future versions of Android."

However, a report pointed out by ArsTechnica reads, "At some point between the original announcement in September of 2014 and the publication of the Android 5.0 hardware requirements in January of 2015, Google apparently decided to relax the requirement, pushing it off to some future version of Android".

Another report by 9To5Google said that the Galaxy S6 demo units showcased at MWC are reportedly not encrypted.

Now it is just a matter of time and you need to wait until the final shipping starts.

Read more »

DroidStealth An Android Encryption Tool with Stealth Capabilities

We all have Internet-connected smartphones in our pockets, but it’s very hard to find a place on Internet to feel secure and private. No doubt, there is data Encryption on cell phones, but what’s the use if it is cracked by hackers or law enforcement?

What if the encrypted files don’t exist in the first place for law enforcement to decrypt it? That’s the motive behindDroidStealth, a new Android encryption tool that not only protects sensitive data with obfuscation, but ​also hides its existence on your phone as if it has nothing to hide.

DroidStealth Android app has been developed by security researchers from Delft University of Technology in the Netherlands and would come as a windfall to both the privacy lovers and the cyber criminals.

STEALTH LOGIN MECHANISM

DroidStealth Android encryption tool creates a hidden folder in your phone in which it stores your all encrypted files. The app itself can be opened by simply dialing a phone number of any length which is actually a pin or by punching an invisible widget on your phone's home screen five times.

The application is developed in order to hide the existence of any protection mechanism that usually hints casual inspectors that they need to do some tampering in an attempt to gain access to users’ encrypted data.

According to developer quartet Olivier Hokke, Alex Kolpa, Joris van den Oever and Alex Walterbos of Delft University of Technology, several other disguise techniques, such as hiding the app within a flashlight program, are used to hide your private data.

"Since simply encrypting the data is not enough, our approach provides an added step of obfuscation that increases security of the data: DroidStealth hides itself," the group wrote in the paper titled, 'A Self-Compiling Android Data Obfuscation Tool' co-authored with supervisor Johan Pouwelse.

"Instead of actually calling the number, the application launches, requesting the pin code. Furthermore, DroidStealth fully intercepts the call, making sure the number never gets added to the call log."

FEATURES OF DROIDSTEALTH

Some DroidStealth Android encryption tool features are listed below:

• The app is stored in a secretive mode, and can be renamed to appear as a benign app to "hide in plain sight".
• The app doesn’t appear under the normal downloaded app list.
• The app provides notification to the user if any of the secret files are left unlocked.
• The can be kept out of the running process list when not in use.
• The app does not pop up in the recent visited list.

LIMITATIONS OF DROIDSTEALTH

In a centralized store the DroidStealth Android encryption tool would result in a possible exposure threat, so it was distributed "nomadically" as an untrusted Android application rather than from the Google Play Store which would show up in a user's list of installed apps.

Secret data files would be encrypted using Facebook's Conceal API and could not be accessed from other apps or from its original location.

DRAWBACK OF DROIDSTEALTH

This may be one of the major drawback of DroidStealth app among others, which are listed below:

• The data is encrypted and decrypted within the app.
• Uninstalling the app may lead to deletion of all the data.
• Low memory of the phone might lead to force quitting of the application and this might lead to loss of the data.
• If a user's phone gets in the hands of investigation while the app is under decode mode, then it would be difficult for them to secure the data from officials.

GET DROIDSTEALTH NOW

The developers said that the DroidStealth Android encryption tool's user interface (UI) is chosen black "in order to give users the feeling that they are indeed working in secret".

DroidStealth app is not released on Google Play, but users can get it with a untrusted APK version of the App. The APK is available as an unaligned version, while users can download the nomadic versions of the app that are available throughout the Internet.

Read more »

Hackers Can Remotely Install Malware Apps to Your Android Device

Security researchers have warned of a pair of vulnerabilities in the Google Play Store that could allow cyber crooks to install and launch malicious applications remotely on Android devices.

Tod Beardsley, technical lead for the Metasploit Framework at Rapid7 warns that an X-Frame-Options (XFO) vulnerability – when combined with a recent Android WebView (Jelly Bean) flaw – creates a way for hackers to quietly install any arbitrary app from the Play store onto victims’ device even without the users consent.

USERS AFFECTED

The vulnerability affects users running Android version 4.3 Jelly Bean and earlier versions of Android that no longer receive official security updates from Android security team for WebView, a core component used to render web pages on an Android device. Also, users who have installed third party browsers are affected.

According to the researcher, the web browser in Android 4.3 and prior that are vulnerable to a Universal Cross-Site Scripting (UXSS) attack, and Google Play Store is vulnerable to a Cross-Site Scripting (XSS) flaw.

UNIVERSAL CROSS-SITE SCRIPTING FLAW

In UXSS attacks, client-side vulnerabilities are exploited in a web browser or browser extensions to generate an XSS condition, which allows the malicious code to be executed, bypassing or disabling the security protection mechanisms in the web browser.

"Users of these platforms may also have installed vulnerable aftermarket browsers," Beardsley explains in a blog post on Tuesday. "Until the Google Play store XFO [X-Frame-Options] gap is mitigated, users of these web applications who habitually sign in to their Google Account will remain vulnerable."

At the beginning of this month, a Universal Cross Site Scripting (UXSS) flaw was discovered in all the latest versions of Internet Explorer that allows malicious hackers to inject malicious code into users' websites and steal cookies, session and login credentials.

The security researcher demonstrated the issue with JavaScript and Ruby code that response from theplay.google.com domain can be generated without the appropriate XFO header.

METASPLOIT MODULE IS PUBLICLY AVAILABLE

A Metasploit module has been created and made public on Github in order to help enterprise security bods test corporate-issued smartphones for exposure to the vulnerability. According to the advisory, the remote code execution is achieved by leveraging two vulnerabilities on affected Android devices:

• First, the module exploits a Universal Cross-Site Scripting (UXSS) vulnerability present in versions of Android's open source stock browser (the AOSP Browser) as well as some other browsers, prior to 4.4 (KitKat).
• Second, the Google Play store's web interface fails to enforce a X-Frame-Options: DENY header on some error pages, and therefore, can be targeted for script injection. As a result, this leads to remote code execution through Google Play's remote installation feature, as any application available on the Google Play store can be installed and launched on the user's device.

HOW TO PREVENT BEING EXPOSED

• Use a web browsers that are not susceptible to widely known UXSS vulnerabilities – such as Google Chrome or Mozilla Firefox or Dolphin. This could help mitigate the lack of universal X-Frame-Options (XFO) for the play.google.com domain.
• Another effective way is to simply logged out of the Google Play store account in order to avoid the vulnerability, although this practice is highly unlikely to be adopted by most of the users.

Read more »