android populer

Google's account settings page has an updated section for phone numbers that groups some features that were already available elsewhere. If you click "edit" next to "phone numbers", Google will show the phone numbers associated with your account.

You'll probably see a phone number associated with Hangouts. You can enable or disable this setting: "Help people who have your phone number find and connect with you on Google services, like Hangouts and caller ID by Google." You can edit the phone number, change the way it's verified or remove the number.

There's also a phone number that's used for account recovery. Google encourages users to enable this feature, but it's optional. For now, the account recovery page is not integrated with the account settings page, so it looks different and has a long URL. "We'll use your phone to do things like challenge hijackers or send you a text message to help you access your account if you forget your password," informs Google.



The phone number management page was added back in May, but now it's more functional.

{ Thanks, Herin. }

Google's account permissions page has a new interface which does a better job at listing the permissions, shows bigger thumbnails and the date when you authorized a service.

"On the Account Permissions tab of your Google Account, you can see a list of third-party sites and applications. These are sites and applications to which you've granted permission to access your Google Account, and you can see on this list to what parts of your account they have access. For example, you might have downloaded an app that helps you schedule workouts with friends. This application might have requested access to your Google Calendar and Contacts to suggest times and friends for you to meet up with," informs Google's help center.

Google shows your Android and iOS devices at the top of the page. My Nexus 7 tablet was listed 3 times, so I clicked "Revoke access" next to the entries that include: "Inactive - We haven't seen activity from this device for at least 60 days."


If you see some services you no longer use, click "Revoke access". You'll be asked for permission the next time you use them.

{ Thanks, Florian K. }

Back in September, I wrote about Netcraft, who incorrectly flagged this blog as phishing. Many applications use the Netcraft backlist, so Opera, Kaspersky and probably other apps prevent users from visiting this site. I reported this issue to Netcraft, who solved it, but the site was added again to the blacklist a few days later. A Netcraft employee promised to flag the site as safe.

The issue is that Netcraft only flagged googlesystem.blogspot.com. Blogger redirects to domains like blogspot.co.uk, blogspot.ro, depending on your country. Now Netcraft flags as phishing all googlesystem.blogspot.* URLs, except for googlesystem.blogspot.com. According to VirusTotal, security tools from ESET, Fortinet and Kaspersky show phishing warnings for this blog.



Google Safe Browsing also shows a phishing warning for googlesystem.blogspot.ca, googlesystem.blogspot.se, googlesystem.blogspot.ro, googlesystem.blogspot.com.br and probably other similar URLs. Google Safe Browsing is used by Chrome, Firefox, and Safari for desktop. "Reported Phishing Website Ahead! Google Chrome has blocked access to googlesystem.blogspot.com.br. This website has been reported as a phishing website. Phishing websites are designed to trick you into disclosing your login, password or other sensitive information by disguising themselves as other websites you may trust."


I reported this issue to Netcraft and Google, so hopefully it will be solved. I just don't understand what triggered these phishing warnings and why they're no longer limited to Netcraft.

Update: After a few hours, the issue was fixed.

{ Thanks, Manuel Janeiro. }

If you use Opera to visit the site, you'll probably see this warning: "This site has been reported as fraudulent. Exchanging sensitive or confidential information with this site could put you at risk for identity theft and/or financial fraud. Opera Software strongly discourages visiting this page."


Opera uses Netcraft's phishing blacklist. You'll get a similar warning if you install Netcraft's toolbar:


Netcraft's site report page doesn't provide too many useful information. I could only find that the Google OS blog has a 5/10 risk rating, but the rating varies depending on the URL. The recent post about the Google logo has a 7/10 risk rating.

Many factors contribute to the risk rating of each site. The dominant factor for most sites is the age of the domain name in which the site appears. Domain names that have never been seen in the Netcraft Web Server Survey are given a high risk rating, since many phishing sites and relatively few legitimate sites fall into this category. Other factors which can influence the risk rating include:

* Any other known phishing sites in the same domain.
* Whether a hostname or a numeric IP address is used in the URL.
* Whether or not a port number appears in the URL.
* The hosting ISP's history with respect to phishing sites.
* The hosting country's history with respect to phishing sites.
* The top level domain's history with respect to phishing sites.
* The site's popularity with Netcraft Extension users.

So just because other Blogger blogs are used for phishing, Netcraft decided that this is a phishing site? It's hard to say. Google's official blog has a 0/10 risk rating, while a random blog like googlelatlong.blogspot.com (it's not Google's Maps blog) has a 7/10 risk rating, but there's no warning.

A site that lets you check multiple anti-phishing blacklists is the Google-owned VirusTotal. "VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware." VirusTotal reported that there are 3 services that flag the Google OS blog: Opera, Netcraft and Kaspersky. They probably have the same source.


Here's Kaspersky's "access denied" message:


Ironically, a recent blog post from Kaspersky's site informs that: "Kaspersky's product blocked 99 percent of the 187 phishing websites while producing zero false alarms among the 400 legitimate URLs, earning first place among its competitors with an Advanced + award from AV-Comparatives."

I used Netcraft's browser extension to report that the URL was flagged by mistake and received this message after a few minutes: "Thank you for your enquiry. Following a review of the URL in question, I have unblocked the URL from the toolbar. Please allow a short period of time for the changes to propagate."


{ Thanks, Josh Rich. He reported this issue. }

There's a lot of talk about an Android security bug that affects almost all the Android devices. Jeff Forristal from Bluebox Security reported that "the vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature. Details of Android security bug 8219321 were responsibly disclosed through Bluebox Security's close relationship with Google in February 2013."

So the bug could allow someone to create a modified version of an system app and trick other people to install it. The modified version could include malicious code.

Actually, the bug is simple: APK files are ZIP archives and Android allows APK files to include files with the same name. "It's a problem in the way Android handles APKs that have duplicate file names inside," says Pau Oliva Fora, security engineer at security firm ViaForensics. "The entry which is verified for signature is the second one inside the APK, and the entry which ends up being installed is the first one inside the APK - the injected one that can contain the malicious payload and is not checked for signature at all."

The problem is that Android supported duplicate file names in APKs and the patch removed this support. The patch is extremely simple: return an error if the APK file has duplicate file names.


Apparently, Geremy Condra from Google wrote a patch in February. "Google made changes to Google Play in order to detect apps modified in this way and a patch has already been shared with device manufacturers," informs ComputerWorld. CyanogenMod included the bug fix in the latest release, faster than OEMs and even Google, which didn't update Nexus devices to address this issue.

The bug #8219321 is now a test that will show us how fast Google, OEMs and carriers can deploy security patches. For now, CyanogenMod is the place to go to get the latest features and security patches.

There's a new section in the Google Account settings page: recent activity. Google shows a list of recent sign-ins and other security-related actions, with information about the browser, device, IP address and approximate location.


The feature seems similar to Gmail's account activity feature, but it's not. Gmail's feature shows information about about recent activity, whether it's from a browser or an email client, and it's only limited to Gmail. Google's new recent activity feature shows "security-related actions you've taken, like signing in to your Google Account, changing your password, or adding a recovery email address or phone number. This information is for your entire Google Account, so sign-ins from any Google product (such as Blogger, Gmail, or YouTube) will be listed in this section."

There's a subtle difference: "A sign-in is only listed when you've actually typed your username and password to sign in. For example, if you've been signed in to your account for several weeks on your phone, checking your email from time to time, we'll only list the time and location of your initial sign-in." That's not the case for Gmail's account activity feature, which is not limited to the initial sign-ins.

In other related news, Google has a new security dashboard that shows information about your password, recovery options, notifications for unusual activity, 2-step verification and connected applications/sites.


{ Thanks, Florian K. and Herin. }