Category Archives: Android

WhatsApp News hidden features

FACEBOOK OPTION (iOS, Android and Windows Phone).
You probably already knew that WhatsApp will add a Facebook option in its application.
The Facebook option was born in the 2.12.14 iOS version as hidden feature and it was available in the 2.12.15 (iOS version) if you reinstalled it (WhatsApp developers did this error), but nobody knew what it meant.
If you never saw this option and you don’t know it, you can see a screenshot here: https://twitter.com/WABetaInfo/status/705869100610928640
As you can read, the Facebook option should improve your Facebook experiences using your WhatsApp data, but chats and number will never shared on Facebook.
If you tried to disable it, you couldn’t enable it again.
WhatsApp developers discovered their error in 2.12.15 and they fixed it in 2.12.16, disabling that option.
Since 2.12.16, WhatsApp improved so much the Facebook option: new Facebook option does more things than old one.
After some investigation, I understood many things about that option:
• This option is very important for WhatsApp, because developers are hiding very well every reference about that.
• The security was a very important feature for WhatsApp, so they wrote a page in their website.
I saw some references and I understand that they will wrote a page for this news too. They usually write an article only for very great features, so the Facebook option should be very important for WhatsApp, probably to solve some users doubts about privacy.
• WhatsApp will update their Terms of Privacy and Service, to add more information.
NOTE: When new Terms will be available, the Facebook option will be available for all users too.
• When you will accept new Terms of Privacy and Service, you will have 30 days of time to change the value of your Facebook option.
You will be able to try how your Facebook experiences works, enabling that feature and you will be able to disable that option, but attention: you will be not able to change that option after the 30 days since you accept new WhatsApp terms, so you will have to do a good choise.
There aren’t references about the ETA of this feature, but it will be available soon, when new Terms of Privacy and Service will be available.
WhatsApp for Android 2.16.31 and WhatsApp for iOS 2.16.3.118 support the NEW Facebook option too.
———————————–
CUSTOM DELETING MESSAGES FEATURE (iOS, Android and Windows Phone).
After many investigations in WhatsApp 2.12.14, 2.12.15 and 2.12.16 versions for iOS, I can affirm that WhatsApp is building a feature that allows users to clear their chats.
When the user will try to delete a chat, he will be able to choose a criteria for the cleaning.
At the moment, seems that the feature can allow to:
• Delete all messages older than 30 days. (iOS, Android, Windows Phone)
• Delete all messages older than 6 months. (iOS, Android, Windows Phone)
• Delete all messages, except starred ones. (iOS, Android, Windows Phone)
• Delete all messages that contain an URL. (iOS)
• Delete all messages, except docs and media files. (iOS)
• Delete all messages, except starred ones, docs and media files. (iOS)
• Delete everything.
• (NEW IN 2.12.17.224): delete all messages of old group participants. (iOS)
Note that actually this feature is still disabled.
———————————
ALL HIDDEN FEATURES LIST (iOS, Android and Windows Phone).
WhatsApp developers added some features in their iOS application, but they are keeping them disabled.
These are disabled features:
01) Facebook option (iOS, Android and Windows Phone).
02) Custom deleting mesages feature (iOS, Android and Windows Phone).
03) Replies to specific messages: you will be able to directly reply to specific, like the app Telegram does: https://telegram.org/blog/replies-mentions-hashtags
WhatsApp developers added this in 2.12.17.100, but they are keeping it disabled.
Screenshots of iOS 6 version (thanks to @iMokhles): https://twitter.com/WABetaInfo/status/715112165250826240
Screenshots of iOS 7+ version (thanks to @SUP3RGIU):
• http://i.imgur.com/4LTpciJ.png
• http://i.imgur.com/vsHK62r.png
• http://i.imgur.com/m7SI69Y.png
• http://i.imgur.com/XMbLxiP.png
Actually this is in iOS versions only, but recent WhatsApp beta for Android builds contain quoted messages feature (DISABLED/INCOMPLETE).
04) File Sharing: you will be able to share any file type. (iOS all, Android docs + zip).
The support is added in 2.12.16 iOS beta versions, but WhatsApp is keeping them disabled at the moment.
Using WhatsApp for Android, you will be able to send files of 100 MB (max), instead using WhatsApp for iOS you will be able to send files of 128 MB (max).
It’s possible that WhatsApp will allow the sharing of bigger files when the feature will be enabled.
I remember you that, thanks to some tests (@iMokhles), if you will share an image as File, WhatsApp will not compress it (GREAT!).
05) Incomplete videos backup: you will able to see if in your actual chat history iCloud Backup which videos aren’t backuped. (iOS)
06) Browser: you will be able to directly view links in WhatsApp thanks to the internal browser. (iOS)
07) iCloud keychain: with the in-app browser, WhatsApp added the iCloud keychain support to use your personal passwords that you saved in iCloud, if you enabled it in iCloud settings. (iOS)
08) FixedSys Font. (iOS) Screenshots: https://twitter.com/Geek_Break/status/712961243913580544
09) New Profile section! Opening this section, you will see a QR code: this is your personal QR code that identifies your WhatsApp Account! (iOS).
If your friend will scan your QR code in WhatsApp > Settings > Profile > Scan Code, his WhatsApp will recognize your number and the app will add it in your friend’s address book.
Remember: keep private your QR Code and you should not publish it if you don’t want that your number will be public.
You can see screenshots about this feature here: https://twitter.com/WABetaInfo/status/723308108513161216
10) WhatsApp will finally add video calls!
First reports of video calls are in WhatsApp for iOS versions and you can see some screenshots here: https://twitter.com/WABetaInfo/status/722432323195678720
11) WhatsApp will allow you to send invite links to let your friends to join your group.
So, every group will have an invite link.
You will be able to revoke a group’s invite link and WhatsApp will generate another new link.
This feature should be the same that has Messenger app.
Actually the feature is in WhatsApp beta  for Android. When developers will add it in WhatsApp beta for iOS, I will unlock it for publishing screenshots.
EXTRA:
But.. Will WhatsApp add usernames too? So this feature will have more sense, because it’s easier to manually add a friend: why should we send the link of a group if we can immediately add the friend into the group?
12) Multiple accounts.
I didn’t personally find this feature in WhatsApp beta for iOS versions, but a good developer (@iMokhles) leaked this news.
Multiple accounts should be available in future.
———————————
MORE INFO ABOUT WHATSAPP FOR BLACKBERRY VERSION
WhatsApp will allow to Blackberry users to export their chat history in an Android compatible format, so you will be able to import your WhatsApp for Blackberry chat history to Android versions!

WhatsApp will allow this because

  • they will be ending support Blackberry and Symbian platforms and they will give the possibility to users to keep their chat history.

 

Maybe they will allow this for Symbian users too.
Probably, for WhatsApp for iOS limitations, Blackberry exported chats will be not compatible with iOS if WhatsApp developers doesn’t add other cloud storages in their iOS application (for example Google Drive) because, actually, WhatsApp for iOS supports iCloud only and you cannot import other backups.
———————————
Follow this WhatsApp for iOS bot on Twitter: @WhatsAppBetaBot
Follow me on Twitter: @WABetaInfo.
Follow this Twitter account for changelogs of many other apps: @iOSAppChanges.

Phone Spy Resources and prevention

Phone monitoring software – some good some bad and some just pure scams!

Recommended Mobile Spy Software

FlexiSpy

flexispy resources

Without doubt the leading program right now. There is no argument, they simply offer more features and functionality than any other monitoring program on the market. If you need any recording – voice calls or phone surroundings, Flexi Spy is your Only option.

They now have cheaper options with 1, 3, 6 and 12 monthly contracts – suitable for most budgets. If I am forced to recommend just one program, FlexiSpy is the one.

Visit their site

mSpy

mspy resources

Coming a close second to Flexispy in my view, mainly because they don’t have any recording features. What they do offer is a reliable service and a pretty slick dashboard. Very easy to set up and use.

One added benefit is that Mspy now have a separate service to monitor any iPhone without having to Jailbreak – it isn’t as full featured as their regular spy software but still offers a good alternative if Jailbreaking isn’t possible.

Visit their site here for their latest deal!

MobiStealth

mobistealth resources

This is an older program – not quite as snazzy looking as the others but I still like it. They have been around for years and just quietly work!

It may not have all the bells and whistles of FlexiSpy but if you need the best price and software that is reliable MobiStealth is worth a look.

Check them out here.

All of them can monitor cell phones and Tablets.

I deliberately do not recommend loads of different spy software programs – I let other sites do that! I test any that I recommend and will stand by my recommendations.

New programs come and go all the time – only a few work reliably and stay around in the longer term – so you need to chose carefully. Is this the definitive list … no, it is just mine!

Next Up: Jailbreaking and Rooting Resources.

Jailbreaking and Rooting are always top of my questions and comments lists. I understand people can struggle with these but they are not that complicated really. Sometimes you just need to go for it – follow the instructions and most people end up surprised at just how easy it really is.

I have several articles and guides on the site that I have created to help with:

The problem is that no one guide can cover every make and model of device with clear instructions for all. I confess that I am not the leading expert in these fields! Below I have listed a few good resources to help you find information quickly. Thanks to those sites!

Jailbreaking Resources:

www.iclarified.com/jailbreak/index.php

http://www.reddit.com/r/jailbreak

http://www.jailbreakqa.com/

Rooting Android Resources:

http://www.digitaltrends.com/mobile/how-to-root-android/

http://www.androidauthority.com/root-android-277350/

Need to find out what version of Android you are running?

Just visit the link below from your Android device and it will tell you!

http://whatismyandroidversion.com/

The monitoring software companies also have some good guides for Rooting and Jailbreaking so check them out too. Just be careful and don’t read too much – you will end up more confused. Just pick a guide and get stuck in.

Computer Monitoring Software Programs

More and more people have been asking me to review some PC monitoring software programs. I’m still at the testing stage and as usual there is a lot of variation in terms of features and reliability.

mSpy and Mobistealth both offer PC Spy programs and you can save money by buying them with a mobile package.

Recommended PC Spy Software

Mobistealth for PC

A long established and popular program – available for both Windows and Mac computers and laptops.

Features include : keystroke logging; browser history; chat/ messenger monitoring including Skype, Yahoo and Facebook; remote screenshots allow you to see the PC being used.

All in all a decent application with some good features at a low price. Watch out for my full review soon!

Find out more here.

mSpy PC Monitoring

Mspy computer monitoring has been available for a few years now and has seen a huge growth in popularity – in part helped by the success of their mobile monitoring app. The company has a solid reputation for quality and reliability. It can be bundled with mobile monitoring – good value!

Features include: keystroke logs; live screenshots; time logs of computer use and activity; applications installed and their use. It all works in stealth mode and gives very detailed and reliable reports.

Find out more at mSpy

Mobile Security Solutions

With the rise of cell phone monitoring comes the rise of people concerned that they are being spied on …. illegally! You can read my articles on cell phone security :

How to do a Factory Resethttp://www.talkandroid.com/guides/beginner/how-to-factory-reset-and-wipe-your-android-device/

What About Mobile Antivirus?

You know, sometimes I think people’s heads haven’t caught up with the technology in their new Smartphones. Most of us recognize the dangers of going on the internet from a PC or laptop and would never do it without proper anti-virus software.

How many access the internet from a mobile device – tablet or phone – without having installed mobile antivirus software? …..  It is incredible!

Antivirus software may not be foolproof in detecting spy software (although it can help … sometimes) but it will protect your expensive device from known virus and malware threats.

The first step after starting your new device should always be to install a good antivirus software – free or paid!

Click to Tweet

Recommended Mobile Security Software

Some of the top mobile Antivirus / Security programs that I have tested are:

Norton Mobile Security

This regularly appears in the “Top” lists – for performance, value and extra features – and it is one of the best at finding spy threats. Available for Android and iOS cell phones and tablets.

Of course they are well known for their main PC antivirus and utilities programs aimed at home and business users.

Extra features: call and text blocking, remote data wipe, locate phone and remote locking – plus virus and anti spyware protection you would expect.

I have tested their mobile Android version and it is definitely worth a look.

Visit Norton Here

F-Secure Mobile Security

Another antivirus and security app that has had good results against some monitoring software programs. They cover PC and Mac but for mobile devices they only support Android devices right now.

They offer good value with discounts for multiple devices and there is a Free Trial – always good to try!

F Secure are competing well with some big names in this market and they offer several extra features including a password manager, bank safe features, phone locate and public WI-FI protection.

See what you think of F Secure here

AVG Mobile Security

AVG are one of the big guns – offering a range of solutions for PC, Mac, Android and iOS phones and tablets. Everything from antivirus and internet protection to registry cleanup.

I have used their paid and free versions of Mobile Android antivirus software – paid versions come with more features and support, but their free version is better than no protection!

Extra features include: app locking, find your phone, anti theft measures, call blocker and backup utility.

Have a look for yourself here

All give good protection for antivirus etc. but as I mentioned none are foolproof in detecting cell spy software. I’m afraid they can all be a bit hit and miss when it comes to flagging some of the better monitoring apps.

In my testing, Norton and FSecure gave the best detection rates – but my main reason for using them is to protect my devices from other online threats such as viruses and malware.

Internet Security Suites?

These offer more features than regular antivirus software – usually bundled to cover multiple devices and a great idea for small business and family protection.

One I have tested recently with good results is:

Total Defense Mobile Security

They offer different versions according to how many devices you need to protect – PC and Mobile Devices. They also have extra features such as cloud backups and some parental controls.

Definitely worth a look if you need a Family option or antivirus and internet security for small business.

Check them out here

from

SpyzRus.net

SMS Gateway using Android Phone

With Internet and the variety of mobile messaging app available, nowadays people can communicate through many channels, be it through email, WhatsApp, LINE, WeChat, Facebook Messenger, Skype, Telegram and many others. However, SMS is still relevant due to its reliability. In this article, we will turn an Android phone into an SMS gateway by installing a free app and start sending and receiving SMS through C# or any other programming languages that you prefer.

it is developed solution to bundle it with other product (MessagingToolkit). This free Android app is now available at Google Play Store.

Of course there are other similiar solutions available, just Google “Android SMS gateway” and you can see all other options available.

In order to turn your Android phone into a SMS gateway, you will need to install the free app myMobKit available at Google Play Store.

After installing, start the control panel service, and you should be able to see the URL to access the hosted website.

 

The hosted website shows the available APIs and their usage. You can use the APIs to access device information, photos and video, as well as send and receive SMS.

 

To get started quickly, you can use Chrome extensions like Advanced REST Client or Postman – REST Client to access the messaging services. Below is a screen capture of Advanced REST Client retrieveing all the SMS in the phone.

 

 

Using C# to access the APIs is straightforward using ASP.NET Web API client library.

In Visual Studio, from the Tools menu, select Library Package Manager, then select Package Manager Console.

In the Package Manager Console window, type the following command:

Install-Package Microsoft.AspNet.WebApi.Client

To retrieve all messages in the phone, use the following code snippet.

using (var client = new HttpClient())
{
    string url = ConstructBaseUri();
    client.BaseAddress = new Uri(url);
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    if (!string.IsNullOrEmpty(txtUserName.Text) && !string.IsNullOrEmpty(txtPassword.Text))
    {
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
                    "Basic",
                     Convert.ToBase64String(
                     ASCIIEncoding.ASCII.GetBytes(
                     string.Format("{0}:{1}", txtUserName.Text, txtPassword.Text))));
    }

    HttpResponseMessage response = await client.GetAsync(MessagesUrlPath);
    if (response.IsSuccessStatusCode)
    {
        GetMessageResponse result = await response.Content.ReadAsAsync<GetMessageResponse>();
        if (result.IsSuccessful)
        {
            txtOutput.Clear();
            foreach (DeviceMessage msg in result.Messages)
            {
                AddToOutput(msg.ToString());
                AddToOutput("");
            }
        }
        else
        {
            MessageBox.Show(result.Description, Application.ProductName, MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
    }
    else
    {
        MessageBox.Show(response.ToString(), Application.ProductName, MessageBoxButtons.OK, MessageBoxIcon.Error);
    }
}

To send a message, use the following code snippet,

using (var client = new HttpClient())

{

    string url = ConstructBaseUri();
    client.BaseAddress = new Uri(url);
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    if (!string.IsNullOrEmpty(txtUserName.Text) && !string.IsNullOrEmpty(txtPassword.Text))
    {
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
                    "Basic",
                     Convert.ToBase64String(
                     ASCIIEncoding.ASCII.GetBytes(
                     string.Format("{0}:{1}", txtUserName.Text, txtPassword.Text))));
    }

    var postData = new List<KeyValuePair<string, string>>();
    postData.Add(new KeyValuePair<string, string>("to", txtContact.Text));
    postData.Add(new KeyValuePair<string, string>("message", txtMessage.Text));
    HttpContent content = new FormUrlEncodedContent(postData); 

    HttpResponseMessage response = await client.PostAsync(MessagesUrlPath, content);
    if (response.IsSuccessStatusCode)
    {
        PostMessageResponse result = await response.Content.ReadAsAsync<PostMessageResponse>();
        if (result.IsSuccessful)
        {
            txtOutput.Clear();
        }
        else
        {
            MessageBox.Show(result.Description, Application.ProductName, MessageBoxButtons.OK, MessageBoxIcon.Error);
        }
    }
    else
    {
        MessageBox.Show(response.ToString(), Application.ProductName, MessageBoxButtons.OK, MessageBoxIcon.Error);
    }
}

The screenshot of the sample application.

Using Google Maps Service and GPS in Android

Snapz - Innovative Phone Cases for iPhone 5 and 5s
 

The first thing you need to make before use Google maps v2 is get a key for Google:

  • Navigate to your project in the Google APIs Console.
  • In the Services page, verify that the “Google Maps Android API v2” is enabled.
  • In the left navigation bar, click API Access.
  • In the resulting page, click Create New Android Key…
  • In the resulting dialog, enter the SHA-1 fingerprint, then a semicolon, then your application’s package name. For example:
    BB:0D:AC:74:D3:21:E1:43:67:71:9B:62:91:AF:A1:66:6E:44:5D:75;com.example.android.mapexample
  • The Google APIs Console responds by displaying Key for Android apps (with certificates) followed by a forty-character API key, for example:
    AIzaSyBdVl-cTICSwYKrZ95SuvNw7dbMuDt1KG0

Set this Key in your Android manifest file:

 <meta-data
            android:name="com.google.android.maps.v2.API_KEY"
            android:value="@string/google_maps_key" />
<string name="google_maps_key" 
templateMergeStrategy="preserve">...your key ...</string>

After that, you can use class com.google.android.gms.maps.GoogleMap.

The steps to use GoogleMaps are:

  1. Create a view activity_main.xml:
    <?xml version="1.0" encoding="utf-8"?>
    <RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
        android:layout_width="fill_parent"
        android:layout_height="fill_parent"
        android:id="@+id/mainView">
     
        <fragment
            android:id="@+id/map"
            android:name="com.google.android.gms.maps.MapFragment"
            android:layout_width="match_parent"
            android:layout_height="match_parent"/>
     
    </RelativeLayout>
  2. Create activity MainActivity.java, and reference to @+id/map:
    private GoogleMap googleMap; // Might be null if Google Play services APK is not available.
    
    if (googleMap == null) {
    
        googleMap = ((MapFragment) getFragmentManager().findFragmentById(R.id.map)).getMap();
     
        // check if map is created successfully or not
        if (googleMap == null) {
           Toast.makeText(getApplicationContext(),
                    "Sorry! unable to create maps", Toast.LENGTH_SHORT).show();
        }
        else {
            // Changing map type
            //TODO
        }
    }

The Toast.makeText action shows a text indicating that the service of Google maps are not available.

The second thing is initialize the GPS:

To do this, we create a class (GpsLocation) that implements LocationListener to manage the logic of Gps.

We have a constructor, with the context and TextView to show Gps Status:

public GpsLocation(Context mContext, TextView gpsStatusTextView) {
    this.mContext = mContext;
    this.gpsStatusTextView = gpsStatusTextView;
    getLocation();
}

A method getLocation that initializes the gps service and obtains gps location:

public Location getLocation() {
    try {
        locationManager = (LocationManager) mContext
                .getSystemService(Context.LOCATION_SERVICE);
 
        // getting GPS status
        isGPSEnabled = locationManager
                .isProviderEnabled(LocationManager.GPS_PROVIDER);
 
        // getting network status
        isNetworkEnabled = locationManager
                .isProviderEnabled(LocationManager.NETWORK_PROVIDER);
 
        if (!isGPSEnabled && !isNetworkEnabled) {
            // no network provider is enabled
        } else {
            this.canGetLocation = true;
            // First get location from Network Provider
            if (isNetworkEnabled) {
                locationManager.requestLocationUpdates(
                        LocationManager.NETWORK_PROVIDER,
                        MIN_TIME_BW_UPDATES,
                        MIN_DISTANCE_CHANGE_FOR_UPDATES, this);
                Log.d("Network", "Network");
                if (locationManager != null) {
                    location = locationManager
                            .getLastKnownLocation(LocationManager.NETWORK_PROVIDER);
                    if (location != null) {
                        latitude = location.getLatitude();
                        longitude = location.getLongitude();
                    }
                }
            }
            // if GPS Enabled get lat/long using GPS Services
            if (isGPSEnabled) {
                if (location == null) {
                    locationManager.requestLocationUpdates(
                            LocationManager.GPS_PROVIDER,
                            MIN_TIME_BW_UPDATES,
                            MIN_DISTANCE_CHANGE_FOR_UPDATES, this);
                    Log.d("GPS Enabled", "GPS Enabled");
                    if (locationManager != null) {
                        location = locationManager
                                .getLastKnownLocation(LocationManager.GPS_PROVIDER);
                        if (location != null) {
                            latitude = location.getLatitude();
                            longitude = location.getLongitude();
                        }
                    }
                }
            }
        }
 
    } catch (Exception e) {
        e.printStackTrace();
    }
 
    return location;
}

This class has two attributes, latitude and longitude which are initialized in getLocation method.

In MainActivity, we get these values:

gpsLocation = new GpsLocation(this, gpsStatusTextView);
 
if (gpsLocation.canGetLocation()){
    double longitude = gpsLocation.getLongitude();
    double latitude = gpsLocation.getLatitude();
}

Points of Interest

Universal ADB Utility Simplifies Common Android Command Line Tasks

 

Universal ADB Utility Simplifies Common Android Command Line Tasks

Windows: ADB and fastboot are two immensely powerful tools. If you’re new to using them, or just want to simplify the process a bit, Universal ADB Helper can make certain tasks a snap.

The tool, which runs as a Windows batch file, allows you to reboot, backup, restore, factory reset, or change the boot animation for your phone with a simplified menu. You can still use the tool to run your own custom commands, so Universal ADB Helper can run as your main ADB interface without changing your normal flow when you need to do more complex tasks.

[UTILITY] Universal_ADB-Helper 1.2 | XDA

Release Android App Using Eclipse

Follow the Steps Given Below
  1. Project should be bug free.
  2. Remove extra validation from Android tool
    1. Windows -> Preferences -> Android -> Lint Error Checking =>Ignore All
  3. Create Key Store
    1. Right click on project -> Android tool -> Export Signed Application Package
    2. Select Project name
    3. Give location path where key will save.
    4. Enter Password as android and alias as androiddebugkey
    5. Enter details in the following image:
    6. Give release apk path:
  4. Now APK is ready to place into Google play console.
  5. If application uses some Google API like Map, then you need to do several steps more which are in the following way:
    1. Go to Windows -> Preference -> Android -> Build -> custom debug key Store -> Browse. You will get the following screen:
    2. Click on browse and select keystore file:
    3. Copy SHA1 fingerprint and Click on Ok. Replace SHA1 fingerprint with old one in Google API console.

10 Android hacking tools

Lets see 10 Android tools that are meant for hacking and hackers.
1.Hackode :- Hackode : The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

2.Androrat:- Remote Administration Tool for Android. Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

3.APKInspector:- APKinspector is a powerful GUI tool for analysts to analyse the Android applications. The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code.

4.DroidBox:- DroidBox is developed to offer dynamic analysis of Android applications.

5.Burp Suite:- Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

6.zANTI:- zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

7.Droid Sheep:- DroidSheep can be easily used by anybody who has an Android device and only the provider of the web service can protect the users. So Anybody can test the security of his account by himself and can decide whether to keep on using the web service.

8.dSploit:- dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

9.AppUse – Android Pentest Platform Unified Standalone Environment:- AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs.

10.Shark for Root:- Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump.

How to Create Your Own Android Trojan in 5 Easy Steps

It seems that every few weeks a new crop of malicious Android apps turns up in the market. Sometimes Google just removes them from the market; other times it uses the “kill switch” to disable already-downloaded apps from Android devices around the world.

Typically these threats are perfectly ordinary-looking apps. Like the Trojan Horse of legend, they enter your device freely, with your permission. Once installed they do something nasty. Some users are shocked that Google can remove stuff from your Android phone remotely. I’m more alarmed at the ridiculous ease with which malicious coders can create Trojans for Android.

Here are the five simple steps :

One. Start by downloading a free app. You can choose any app at all, but of course you’ll want to pick something that will draw plenty of downloads.

Two. The language compilers that create applications on your PC take textual source code and convert it into assembly language that the CPU can read and process. It’s a one-way translation; there’s no way to go from the final executable file back to the source code. Android apps are written in Java, though, and that means that you can decompile them back to the original source code using simple, easily-available tools. For the next step, decompile your target app.

Three. The third step is a little tricky. You’ll need to obtain Java source code that does something nasty, like sending personal information from the device to a third party. For the demonstration, Chien used a known threat called Android.Geinimi.

Four. Adding the Trojan code is absurdly simple. You copy it into the folder containing the existing source code, make a small change in the manifest to run the Trojan code before the rest of the app, and edit the permissions to give the Trojanized app free access to the entire device. While you’re at it, tweak the app’s name. We added “FREE!” to the name for his demo.

Five. Compile the modified app and upload it to the market. You’re done!

Of course, malicious apps don’t last long in the Android Market. If you really want to spread a dangerous program, you’re better off uploading it in China, where there is no official Android market. I

Not planning to do this yourself? Good! But I’m sure that like me you’re shocked at how easily someone with bad intentions can create a brand new Android Trojan. It’s time to look into mobile security for your Android device.

NSA spying: What’s the best phone encryption & IMEI random number generator?

I never understood WHY people say that the IMEI number matters to the
telco. I put different SIM cards in my phone all the time, and thereby
use either tw mobile companies and I haven’t explicitly registered the
cell phone with either company.

The only thing the telco cares about is the SIM card.

They don’t care what phone you put it in. So, for example, if I borrowed
your phone, and put my SIM card in it, then I’d have the same service
as if I had that same SIM card in my cell phone.

The IMEI number was immaterial to the phone company (yes, I know it’s
transmitted to them – but it’s meaningless to them from the standpoint
of my service). [Yes, I know about the mobile companies policy of smartphones having
to have a data plan – that’s a *policy* issue that only clouds the issue
so let’s ignore that unless it actually matters, bearing in mind that
T-Mobile doesn’t have that problem so it’s not a technical issue.]

And, the argument that you have to have a “similar” IMEI number was used
for MAC address changing also – but it’s really statistically a weak
argument. I doubt it would ever matter *what* IMEI number you used, since
the chance of actually colliding with another duplicate IMEI is
vanishingly small. Let’s say I’d have a better chance of winning the
lottery, so, IMEI collisions are a tiny issue that can easily be averted
but since the chances are so slim, they’re not even worth the effort.

And, while my argument has nothing to do with stolen phones, it’s my
understanding that in the USA, there is no stolen phone list. Certainly
I’ve had *my* phone stolen (well, ok, I left it on a cafe table and it
was gone when I returned) – and the telcos did absolutely NOTHING about
it except replace my SIM card. So I don’t think, in the USA and Europe, matching
an IMEI of a stolen phone is also something to worry about.

The thing that confuses me is that the IMEI is nearly meaningless from
the standpoint of the contract between the owner and his telco. I, for
one, have a SIM card from GIFFGAFF, and they just shipped me that SIM
card. That’s it. I never gave them *any* IMEI, and I used that SIM card
in multiple phones. They never cared.

The *only* effect, it seems to me, of randomizing the IMEI, is to keep
the NSA off base, in that their meta data will be off by a tiny amount.
Of course, if they were DIRECTLY observing me (which I hope they’re not,
then that slight inconsistency would be meaningless); but if they’re
on a fishing expedition, if EVERYONE changed their IMEI daily, it would
benefit us all, by adding just one more level of privacy to our daily
intrusions.

The procedure

http://www.youtube.com/watch?v=AmpXFju2XTk
This looks like what he did on his Android phone (with an iOS theme).

0. *#06# (reveals the old IMEI as 123456789012345 / 10)
1. root the device
2. install terminal emulation
3. start terminal application
4. su (switch to the super user)
5. echo ‘AT+EGMR=1,7,”546765676567656″‘ > /dev/pttycmd1
6. reboot
7. *#06# (reveals the new IMEI as 546765676567656 / 10)

Seems simple enough.

 

 

Android Fake ID bug exposes smartphones and tablets

An Android flaw has been uncovered that lets malware insert malicious code into other apps, gain access to the user’s credit card data and take control of the device’s settings.

BlueBox Labs said it was particularly concerning as phone and tablet owners did not need to grant the malware special permissions for it to act.

The company added it had alerted Google to the problem in advance to allow it to mend its operating system.

Google confirmed it had created a fix.

 

click for full story