Questions tagged [android]

Questions tagged [Android] should focus on security of the operating system itself, or of Android-specific apps. Questions about Android that are not directly security-related should be asked at android.stackexchange.com.

Android is an operating system for mobile devices such as smartphones and tablet computers. It is developed by the Open Handset Alliance led by Google. For general information about Android, see wikipedia/Android

The open source nature of Android gives the security community a unique view into the security of one of the world's most popular operating systems.

At its core, Android runs a modified Linux kernel, and thus shares many fundamental security frameworks with the Linux OS. On top that, Android greatly extends the security model of Linux and has many security features that are unique to that platform.

In addition, Android comes bundled with lots of pre-configured software to give a great out-of-the-box user experience. Most of these 3rd party components are also open source, and many Android vulnerabilities are the result of vulnerabilities discovered in 3rd party components rather than in the Android OS itself.

1314 questions

535

votes

18 answers

Police forcing me to install Jingwang spyware app, how to minimize impact?

Chinese police are forcing whole cities to install an Android spyware app Jingwang Weishi. They are stopping people in the street and detaining those who refuse to install it. Knowing that I may be forced to install it sooner or later, what are my…

asked Sep 24 '18 at 13:21

Citizen

2,711
3
7
6

votes

3 answers

Google account verification request

Yesterday evening my android phone (Google Play Services app) asked me to log in again into my account due to "security changes" (I don't remember the exact wording used). I double checked it was the real app and logged in again (I went through all…

android google account-security

asked Feb 24 '17 at 10:08

BgrWorker

1,941
1
10
17

votes

2 answers

What is the difference between serial number and thumbprint?

I have problems to understand what is the difference between the serial number of a certificate and its SHA1 hash. The MSDN says: Serial number A number that uniquely identifies the certificate and is issued by the certification…

certificates android x.509

asked May 10 '13 at 10:35

reox

1,012
1
8
10

votes

3 answers

Can phone apps read my clipboard?

Via Hacker News, I came across a Tweet implying that Facebook's iOS app routinely reads and transmits all content from the user's pasteboard. Leaving aside whether Facebook's app genuinely does this (which is a separate question), is this possible?…

privacy android phone iphone clipboard

asked Dec 30 '17 at 13:47

Mark Amery

1,777
2
13
19

votes

7 answers

Are there actually any advantages to Android full-disk encryption?

So, since Android 3, devices can perform boot-time, on-the-fly encryption/decryption of the application storage area (NOT the SDcard/removable storage) - essentially full-disk encryption. This requires a password/passphrase/PIN to be set as the…

disk-encryption android

asked Jan 09 '12 at 21:46

scuzzy-delta

9,303
3
33
54

votes

8 answers

Can a stolen Android phone with USB debugging enabled have screen lock bypassed?

My Android (8.0) phone was pickpocketed from me yesterday. It was immediately turned off by the thief and when I tried to locate it using Find My Device it shows as offline. As a programmer and a security enthusiast, I started to worry about what…

android usb smartphone

asked Oct 21 '19 at 13:45

gtbono

votes

4 answers

How can common users defend against the StageFright vulnerability?

I was just informed of the StageFright vulnerability in Android devices. A specially crafted MMS message can gain access to data on the phone; so presumably it's a buffer overflow with subsequent privilege escalation. Details have not yet been…

android stagefright

asked Jul 28 '15 at 08:34

S.L. Barth

5,486
8
38
47

votes

3 answers

Are staggered roll outs of security patches bad?

Many Android devices, including the Google Nexus line, are now receiving monthly security patches via OTA updates, accompanied by the Android Security Bulletins. However, these updates are often released in what is known as "staggered roll outs,"…

android vulnerability google disclosure patching

asked May 16 '16 at 04:39

tonytan

votes

6 answers

Is 2FA via mobile phone still a good idea when phones are the most exposed device?

Everyone knows that two factors are better than one. My problem is that often the only second factor allowed is text messages sent to your mobile phone. This creates two concerns: I travel frequently overseas and lose access to 2FA accounts any…

authentication android multi-factor account-security permissions

asked Oct 22 '19 at 22:52

functionalparanoia

votes

4 answers

Why do mobile devices force user to type password after reboot?

Nowadays, many mobile phones have supported unlocking through fingerprint recognition. However, both iOS and Android require users to enter the password after the device is rebooted, even though an authorized fingerprint is given. My question is:…

mobile android ios fingerprint

asked Aug 20 '16 at 10:19

nalzok

votes

2 answers

How exactly does the Stagefright Vulnerability work on Android?

Digital Trends describes the Stagefright Vulnerability thus: The exploit in question happens when a hacker sends a MMS message containing a video that includes malware code. What’s most alarming about it is that the victim doesn’t even have to open…

android stagefright

asked Jul 28 '15 at 13:51

PositriesElectron

1,595
1
13
17

votes

3 answers

My Android phone is vulnerable, but there are no updates?

I bought brand new HTC Desire 526G with operating system 4.4.2 (Kitkat), everything is as it should be (not rooted) so it is still on factory settings. But now I didn't get for a long time any security updates, I have checked manually in system…

android known-vulnerabilities updates

asked Jun 25 '17 at 03:35

user134969

1,298
4
15
24

votes

6 answers

Am I at risk if I let someone charge their Android phone from my MacBook through a micro USB cable?

Someone connected their Android phone to my MacBook and it made me think if this has put my MacBook at risk. It was for 3 seconds and I was in control of the MacBook the whole time.

android macos usb

asked Jun 09 '16 at 12:46

Emanuil Rusev

votes

5 answers

Downsides of showing email address on Android lock screen

My stock Android 9.0 gives me the option of showing some short text message on the lock screen. I want to add my email address here, so people know how to contact me if they find my phone. Are there any downsides to this? The address is linked to…

android device-locking

asked Feb 13 '19 at 05:22

freekvd

votes

3 answers

How can Android encryption be so fast?

Android uses full-disk encryption to encrypt files and decrypt them at startup. What I don't understand is that decrypting multiple gigabytes of files must take a lot of time, if nothing else then atleast the IO access time required to read all the…

encryption android disk-encryption

asked May 12 '18 at 18:47

Aayush Mahajan

2 3

…

87 88 Next