Android powers 81% of smartphones sold, report says

Devices running Google’s Android operating system accounted for 81 percent of all smartphones sold worldwide in the third quarter of 2013, according to a study released last week by IDC.

Of the more than 261 million units shipped, just under 140 million were Android phones, the report said. Samsung was far and away the most dominant vendor among Android makers, accounting for about 40 percent of the total, while competitors were restricted to single digits.

Windows Phone gains slowly

Still, author Ramon Llamas downplayed concerns that Samsung’s dominance could have negative effects on the Android ecosystem as a whole.

“As strong as Samsung has been, it still needs smaller vendors for a comparison point both from a feature set perspective and a price point perspective. Depending on who these smaller vendors are, these also help Samsung maintain an aspirational position in the market, leading to sales and market share,” he told Network World.

Android\’s numbers are record-setting, say Llamas and co-author Ryan Reith, but the operating system wasn’t the fastest-growing in the quarter. That title went to Windows Phone, which saw its sales numbers grow by 156 percent on a year-over-year basis to 3.6 percent of the total. BlackBerry’s slide into obscurity continued, having sold 4.5 million devices during the quarter, or less than half of Windows Phone’s 9.5 million.

In spite of Windows Phone’s strong showing, however, Llamas says there’s nothing to suggest that it’s going to overtake Android or iOS anytime soon.

“Triple digit growth is difficult to sustain, even starting from a smaller base,” he says. “The good news is that Windows Phone is making continued progress from where it was a year ago, and that\’s what we need to see.”

“We see Windows Phone having about 10 percent market share by the end of 2017 while Android and iOS will still be very far out,” Llamas added.

Apple’s iPhones saw their market share shrink slightly, dropping to just under 13 percent of the total, or roughly 27 million devices. The fact that 9 million of those sold in a single week at the end of September, however when the iPhone 5S and 5C were released suggests that Apple\’s fourth quarter figures could be considerably more robust.

Apple sales were high despite some indicators trending against its premium-priced devices: Average sale price declined in the third quarter, according to the researchers, reaching $317 a 12.5 percent drop from the previous quarter.

via Android powers 81% of smartphones sold, report says | TechHive.

Mobile malware reported riding on Google messaging service

\Mobile botnets are on the rise and cybercriminals are using the Google Cloud Messaging service as a conduit for sending data from command-and-control servers to malware, a new report says.

In its latest IT Threat Evolution report, Kaspersky Lab said the third quarter was \”undoubtedly the quarter of mobile botnets,” as cybercriminals tried to improve the ways they manage their networks of infected Android devices.

The latest weapon in criminals’ arsenal is GCM, which enables them to send short messages in the JSON format to instruct malware on Android devices. JSON, or JavaScript Object Notation, is an open standard format that uses human-readable text to transmit data from a server to Web applications.

GCM is being used to communicate with the most widespread SMS Trojans, Kaspersky said in the report released last week. SMS Trojans are a common form of mobile malware that sends text messages to premium-rate phone services. The charges, which are not easily recovered, show up later on the victim\’s wireless phone bill.

“The only way of preventing this channel from being used by malware writers to communicate to their malware is to block the GCM accounts of developers who use them to spread malware,” Kaspersky said.

Very few malicious programs use GCM, but those that can are growing in popularity, the security vendor said.

SMS Trojans, the most common type of mobile malware, are mostly found in Russia and other regions where Android users regularly download software from third-party app stores. Malware is much less likely to hide in Google Play, the official Android store.

Android infection low

Nevertheless, the overall rate of infection on Android devices is very low. A study by the Georgia Institute of Technology found an infection rate of 0.0009 percent, or roughly 3500 out of more than 380 million mobile devices.

Infection hurdles include bypassing defenses Google builds into the operating system and the lack of effective mechanisms for mass distribution. Criminals are turning to botnets to clear the latter, and Kaspersky in mid-July recorded what the vendor said were the first third-party botnets.

Criminals rent such networks to others for malware distribution. Among the malware distributed is the most sophisticated Android Trojan, known as Obad, Kaspersky said.

The malware opens a backdoor in an infected device in order to download additional malicious code for stealing money from victims’ bank accounts. While not common in the U.S., people in other countries often use their smartphone for money transfers.

Kaspersky found Obad being distributed through mobile devices infected with malware called Trojan-SMS.AndroidOS.Opfake.a. Upon receiving instructions from a command-and-control server, Opfake would send text messages to everyone on a victim’s contact list, inviting them to download multimedia content.

Clicking on the link in the text, automatically downloaded Obad, Kaspersky said.

Typical for mobile malware reports, Kaspersky recorded an increasing number of samples. The number in the vendor’s collection rose nearly 20 percent from the second quarter to 120,000.

via Mobile malware reported riding on Google messaging service | TechHive.

With new Venue tablets, Dell signals its PC division is alive and kicking

Dell sent a message that it intends to keep its PC division alive with the launch of new Venue tablets on Wednesday.
The company launched two Venue tablets with Android, and two with Microsoft’s latest Windows 8.1 OS. The tablets will come with screen sizes ranging from 7 inches to 11 inches.
All the tablets will be available in November.
The Android tablets from Dell include the Dell Venue 7, which will have a 7-inch screen, and the Venue 8, which will have an 8-inch screen. The Venue 7 will be priced at $149, and the Venue 8 will be priced at $179.
The Venue 7 and 8 run on older Intel Atom processors that were announced last year, and not the latest Atom processors code-named Bay Trail. Both tablets have screen resolutions of 1280 x 800 pixels, Micro-SD slots and Wi-Fi.

The new Windows 8.1 tablets include the Venue 8 Pro, which will have an 8-inch screen, and the Venue 11 Pro, which has a 10.8 inch screen. The latter can be a tablet, or laptop with attachable keyboard or docking station. The tablets will run on Intel’s latest processors. The Venue 8 Pro starts at $299, and the Venue 11 Pro starts at $499.
The Venue 8 Pro has a Bay Trail processor and up to 64GB of storage. It has a 1.2-megapixel front camera and a 5-megapixel back camera. It weighs 388 grams.
The Venue 10 Pro has a range of processor options ranging from Bay Trail to the latest Haswell processors. The device weighs 726 grams. It has up to 256GB of storage, NFC capabilities and a 2-megapixel front camera and an 8-megapixel back camera.
Other features on Dell’s new Venue Pro tablets with Windows 8.1 include Micro-SD card readers and LTE mobile broadband connectivity.
Dell’s new tablet lineup did not include a device with Microsoft’s Windows RT OS. Dell’s last XPS 10 tablet with Windows RT was discontinued last week.
The company does not plan to refresh its line of Windows RT tablets, said Neil Hand, vice president at Dell, during a launch event in New York.
Dell’s new tablets also revive the Venue brand name, which the PC maker abandoned when it discontinued its shipment of smartphones early last year. Dell earlier launched Venue smartphones running Windows Phone and Android in 2011.
The new tablets also indicate that Dell is retaining its PC division. Michael Dell reassured customers that the company would retain its PC division after shareholders last month approved a deal in which the CEO and associate Silver Lake Partners would take the company private for $24.9 billion. It had been speculated that the poorly performing division might be axed after the company goes private.
A billion people will be using a tablet by 2017 and it remains an important category for Dell, Hand said.
“We are dedicated to growing a tablet business in the company,” Hand said.
During a video to start the presentation, the company invoked its reputation as a PC innovator.
“It’s a very exciting time for us at Dell,” said Sam Burd, vice president of personal computer group, during the event.
The company also launched three XPS laptops with Intel’s latest fourth-generation Core processors code-named Haswell. The XPS 11 is a Windows 8 laptop that converts into a tablet. It has a 2560×1440 resolution screen.
The other XPS laptops include the XPS 13, which has a 13-inch screen, and the XPS 15, which has a 3200×1800 display.
via With new Venue tablets, Dell signals its PC division is alive and kicking | PCWorld.

Firefox 24 delivers mass tab closing on desktop, WebRTC on Android

The latest revision of Firefox is now available for Windows, Mac, Linux and Android. Firefox 24 delivers a number of improvements including the ability to quickly and easily close a selection of tabs on the desktop as well as NFC sharing and WebRTC on Android.
Firefox 24 isn’t exactly a huge update for desktop users but there are a few noteworthy changes. Mac users will find a new scrollbar style when using OS X 10.7 or newer while a new social feature allows users to tear-off chat windows to view separately by dragging them out. The biggest change on the desktop, however, is probably the ability to close all tabs “to the right” with a single click.

On the mobile side, WebRTC is now enabled by default on Android. WebRTC, is a new HTML5 API that enables real-time communication like video calls directly in the browser. The three WebRTC components (getUserMedia, PeerConnection and DataChannels) will grant developer access to a user’s webcam and microphone, enable calls from one browser to another and allow peer-to-peer data transfer between browsers without the assistance of a server, respectively.
Firefox 24 for Android now also supports sharing via NFC. Enabled devices can share open tabs simply by bumping two devices together. Elsewhere, the built-in Reader now lets users change fonts, add an article to the Reading List and even save all content offline. There’s even an option to reverse background and text color (dark text on a light background or light text on a dark background).
via Firefox 24 delivers mass tab closing on desktop, WebRTC on Android – TechSpot.

Millions of Android users vulnerable to security threats, say feds

Android remains the world’s most widely used operating system, based on market and usage share statistics, used by hundreds of millions of customers worldwide.
But, according to a new document obtained by Public Intelligence, the U.S. Dept. of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are increasingly aware of the threats its law enforcement users and officials face at a federal, state, and local level in using older versions of the mobile platform.
Read this
Android app malware rates jump 40 percent
Android app malware rates jump 40 percent
A new report released by Trend Micro says that mobile malware rates are skyrocketing.
Read more
According to the roll call release — marked as unclassified but “for official use only,” and designed for police, fire, emergency medical services (EMS) and security personnel — upwards of 44 percent of Android users worldwide are still using Android versions 2.3.3 to 2.3.7, which still contain security vulnerabilities fixed in later versions.
The document does not state, however, how many U.S. government staff use Android, let alone older versions of Android, on its networks.
Android continues to be a “primary target for malware attacks due to its market share and open source architecture,” the document says, and an uptick in mobile device use by government users “makes it more important than ever to keep mobile [operating systems] patched and up-to-date.”
As many will know, staying ahead of the Android security curve requires actively ditching existing handsets and buying a new device, particularly in a bring-your-own-device world where this falls down to the responsibility of the user. Many manufacturers and carriers do not issue the latest Android versions for older devices.
Some highlights from the report:
79 percent of malware threats affect Android, with 19 percent targeting Symbian. Windows Mobile, BlackBerry, iOS, and others all peg in at less than 1 percent each. (The source of the figures is not known.)
SMS text messages represent “nearly half” of the malicious applications circulating today on older Android operating systems. Users can mitigate by installing Android security suites on their devices.
Rootkits also pose a massive threat. The DHS/FBI document notes that in late 20111, a popular rootkit Carrier IQ was installed on millions of devices, including Apple iPhones (though Apple later removed the software) and dozens of Android devices. These rootkits often go undetected and can log usernames, passwords, and traffic without the user’s knowledge — a serious security risk in a government enterprise setting.
Fake Google Play domains are sites created by cybercriminals, the document notes, which replicate the Android application store to trick users into installing fake or malicious apps. DHS/FBI note that only IT approved updates should be allowed, hinting that IT department should ensure secure IT policies from back-end mobile device management services.
via Millions of Android users vulnerable to security threats, say feds | ZDNet.

Malware hijacks mobile ad networks to siphon money

Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network to siphon money from their victims.
The new method represents another step in the evolution of mobile malware, which is booming with more smartphones shipping than PCs. Mobile ad networks open up the perfect backdoor for downloading code.
“It’s a very, very clean infection vector,” said Wade Williamson, a senior security analyst at Palo Alto Networks who discovered the new trickery.
Follow the ads
In legitimate partnerships between ad distributors and developers, the latter embeds the former’s software development kit (SDK) into the app, so it can download and track ads in order to split revenue.
Unfortunately, how well developers vet the ad networks they side with varies from one app maker to another. If the developer does not care or simply goes with the highest bidder, then the chances of siding with a malicious ad network is high.
Wiliamson found one such network’s SDK embedded in legitimate apps in online Android stores for several Asian countries, including Malaysia, Taiwan, and China. Once installed, the SDK accesses an Android application package file (APK) and runs it in memory where the user cannot easily discover it.
The APK typically waits until another app is being installed before triggering a popup window that seeks permission to access Android’s SMS service.
“It doesn’t have to go through the whole process of doing a full install,” Williamson said. “It just sits there and waits on the smartphone to install something else and then piggybacks in.”
Once installed, the APK takes control of the phone’s messaging service to send text to premium rate numbers and to download instructions from a command and control server. About 77 percent of Android malware today wring money from victims through paid messaging services, said Juniper Networks’ latest mobile threat report.
New tactic catches on
Williamson has seen more than a half dozen samples of the latest malware, which he believes is coming from one criminal group, while acknowledging multiple groups is possible.
Android users in Asia and Russia are more susceptible to Android malware, because many apps are downloaded from independent online stores. In the U.S., most Android users take apps from the Google Play store, which scans for malware and malicious ad networks.
Because of the effectiveness of the latest malware, Williamson expects criminals in the future to use the same scheme to download more insidious malware capable of stealing credentials to online banking and retail sites where credit card numbers are stored.
The same pathway could also be used to steal credentials for entering corporate networks.
“As soon as you have a vector like this, the difference between creating malware that sends spoof SMS messages versus looks for the network and tries to break in is just malware functionality,” Williamson said.
via Malware hijacks mobile ad networks to siphon money | TechHive.

Acer: Expect more Android and Chromebooks, less Windows

Acer has shied away from venting its frustrations with Windows 8. The company is taking things a step further by vowing to sell more Android devices and Chromebooks.
“We are trying to grow our non-Windows business as soon as possible,” Acer president Jim Wong said in a Thursday conference call, as reported by the Wall Street Journal. “Android is very popular in smartphones and dominant in tablets…I also see a new market there for Chromebooks.”
Wong expects Android and Chromebooks to bring in 10 to 12 percent of the company’s revenue this year; that figure could rise to 30 percent next year, he added. Although Wong didn’t talk about revenue splits for last quarter, he did say that Chromebooks accounted for 3 percent of Acer’s shipments. During the second quarter, Acer posted a net loss $11.4 million, compared to a profit of about $1.9 million a year earlier.

Acer makes this Gateway-branded Android desktop. If the manufacturer has its way, Android and Chromebooks will make up a growing percentage of its business.
Acer chairman J.T. Wang said Microsoft needs to somehow “reestablish or reinforce confidence among PC users,” saying people are holding off on purchase decisions. (For what it’s worth, Windows 8.1 is much friendlier to desktop users, and new chips from Intel will help make Windows tablets and hybrids more practical.)
Despite Acer’s tough talk, the company hasn’t shied away from experimenting with Windows machines. Acer’s Iconia W510 and W700 were part of the first wave of Windows 8 hybrid devices, combining tablets with laptop and desktop-style docks. The Iconia W3 is the first 8-inch Windows tablet, while the Acer Aspire R7 is somewhat of a cross between a laptop and a desktop.
At the same time, Acer is keeping busy with alternatives. The company launched a $200 Chromebook last year, and has since expanded the line to include a solid state drive option and a $300 model with beefier specs. In addition, Acer has begun to dabble in Android-based desktop PCs.
Acer’s not alone in diversifying beyond Windows for laptops. Taiwanese rival Asus is working on its own Chromebook for later this year, and HP just launched a new hybrid called the Slatebook X2, running Android. Expect this trend to continue if PC sales keep slowing down.
via Acer: Expect more Android and Chromebooks, less Windows | PCWorld.

Android 4.3 hides support for 4K displays and granular permissions options

We already knew Android 4.3 focused on under-the-hood improvements, but it appears there are at least a couple more hidden features than Google let on.
The permissions list for the Bump app, as seen through App Ops. (Click to enlarge.)
As Android Police first discovered, Android 4.3 includes a hidden permissions manager, called “App ops,” which can prevent apps from accessing certain types of information.
This feature clearly isn’t ready for the average user, so Google has kept it well-hidden. You can find it yourself through any app that lets you view Activities, such as Nova Launcher or Activity Launcher. When looking through these Activities, look under Settings and find the option for App ops. If that sounds too complicated, you can just download the Permission Manager app, which is simply a shortcut to this hidden feature.
Once inside App ops, you’ll see a list of all your apps, along with a granular list of their permissions. Tapping on any app lets you toggle those permissions on and off. This could be useful if you don’t want an app to check for your location, but the app itself doesn’t provide a way to turn off location checking.
It is, however, a brute force tactic. The apps themselves won’t really know what’s going on when you’ve turned off a permission. If you turn off location checking, for example, the app will simply fail to find your location. It won’t show any kind of reminder that its permissions have been shut down. (By comparison, if you turn off GPS in phone settings, many apps will remind you that you need to turn it back on.)
Also, as Android Police notes, some apps don’t show all of their permissions until you’ve actually used them within the app itself. In Bump, for instance, the permissions for “Vibrate” and “Post notification” only show up once you’ve opened the app and tried to transfer something. As it stands, App ops could help for the occasional location-based permission, but it won’t be too useful for anything else.
4K for the future
4K resolution support? Yeah, Android 4.3 has that.
Another intriguing hidden nugget, also discovered by Android Police, is support for 4K resolution. More specifically, the source code supports “XXXHDPI” pixel densities, going beyond those found in the sharpest-looking Android phones. “A typical use of this density would be 4K television screens—3840×2160, which is 2x a traditional HD 1920×1080 screen which runs at DENSITY_XHIGH,” says a note in the source code.
Although there’s little need for a phone with higher than 1080p resolution, or a tablet with higher than 2560-by-1600 resolution, support for 4K could be useful down the line if 4K televisions and monitors become more popular.
We’re going out on a limb here, but with Miracast support now built into Android, and Google showing more interest in phone-to-TV controls with Chromecast, it’s clear that Google wants Android to play a bigger role in the living room. 4K support is of little use for Android now, but it might as well be in place for the future.
via Android 4.3 hides support for 4K displays and granular permissions options | TechHive.

Google: Critical Android security flaw won't harm most users

A security flaw could affect 99 percent of Android devices, a researcher claims, but the reality is that most Android users have very little to worry about.
Bluebox, a mobile security firm, billed the exploit as a “Master Key” that could “turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user.” In a blog post last week, Bluebox CTO Jeff Forristal wrote that nearly any Android phone released in the last four years is vulnerable.
Bluebox’s claims led to a fair number of scary-sounding headlines, but as Google points out, most Android users are already safe from this security flaw.
Speaking to ZDNet, Google spokeswoman Gina Scigliano said that all apps submitted to the Google Play Store get scanned for the exploit. So far, no apps have even tried to take advantage of the exploit, and they’d be shut out from the store if they did.
If the attack can’t come from apps in the Google Play Store, how could it possibly get onto Android phones? As Forristal explained to Computerworld last week, the exploit could come from third-party app stores, e-mailed attachments, website downloads and direct transfer via USB.
Google Play’s app verification feature.
But as any Android enthusiast knows, Android phones can’t install apps through those methods unless the user provides explicit permission through the phone’s settings menu. The option to install apps from outside sources is disabled by default. Even if the option is enabled, phones running Android 4.2 or higher have yet another layer of protection through app verification, which checks non-Google Play apps for malicious code. This verification is enabled by default.
In other words, to actually be vulnerable to this “Master Key,” you must enable the installation of apps from outside Google Play, disable Android’s built-in scanning and somehow stumble upon an app that takes advantage of the exploit. At that point, you must still knowingly go through the installation process yourself. When you consider how many people might go through all those steps, it’s a lot less than 99 percent of users.
Still, just to be safe, Google has released a patch for the vulnerability, which phone makers can apply in future software updates. Scigliano said Samsung is already pushing the fix to devices, along with other unspecified OEMs. The popular CyanogenMod enthusiast build has also been patched to protect against the peril.
Android’s fragmentation problem does mean that many users won’t get this patch in a timely manner, if at all, but it doesn’t mean that unpatched users are at risk.
None of this invalidates the work that Bluebox has done. Malicious apps have snuck into Google’s app store before, so the fact that a security firm uncovered the exploit first and disclosed it to Google is a good thing. But there’s a big difference between a potential security issue and one that actually affects huge swaths of users. Frightening headlines aside, this flaw is an example of the former.
via Google: Critical Android security flaw won’t harm most users | TechHive.

Bitdefender: Free apps are the 'equivalent of [smartphone] spyware'

We all know that free apps are almost never truly free and that most of them are monetized with ads inside the app itself. But according to the security and antivirus company Bitdefender, we grossly underestimate how much these apps really cost.
In a recent report, Bitdefender named free apps the “equivalent of spyware” because users unknowingly hand over a lot of personal information when installing them. Bitdefender looked at iOS and Android apps targeting more than 500,000 free applications. The research revealed that there’s little difference between the two operating systems when it comes to the user’s privacy. As for the apps themselves the results are somewhat alarming.
About 45 percent of the iOS apps that were looked at had location tracking capabilities, with 35 percent of Android apps also featuring this capability. And while this may not sound too bad, here’s where the scary part starts: 19 percent of iOS and 8 percent of Android apps have the ability to look at the user’s contact list.
Somewhere around 9 percent of Android apps have a chance to leak the device’s phone number to third-party advertisers, while 15 percent may leak the device ID. Apple has phased out the apps’ ability to check the Device ID since iOS 5 was released.
Targeting users with ads is nothing new but Catalin Cosoi, chief security strategist at Bitdefender, says that this process is a much more insidious one on smartphones. “On mobiles, advertising frameworks can learn your communications habits, friends, friends’ contacts, location and – more frequently – all of the above at the same time,” he added.
And the real problem here is that folks either don’t even know this is happening or that many didn’t realize they’ve actually agreed to this when they downloaded the application.
via Bitdefender: Free apps are the ‘equivalent of [smartphone] spyware’ – Neowin.