Privacy, Security Archive

The next generation of Google's Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones.

Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically; only somebody who enters a device's password will be able to see the pictures, videos and communications stored on those smartphones.

Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company - or anyone but the device's owner - from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.

The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails and recordings.

A recent article in Taiwan and a related report by F-Secure raised privacy concerns by stating that Xiaomi devices are sending phone numbers to Xiaomi's servers. These concerns refer to the MIUI Cloud Messaging service described above. As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change. After the upgrade, new users or users who factory reset their devices can enable the service by visiting "Settings > Mi Cloud > Cloud Messaging" from their home screen or "Settings > Cloud Messaging" inside the Messaging app - these are also the places where users can turn off Cloud Messaging.

We apologize for any concern caused to our users and Mi fans. We would also like to thank the media and users who have been sending us feedback and suggestions, allowing us to improve and provide better Internet services.

For the first time ever, the experts at the German security vendor have discovered a smartphone that comes with extensive spyware straight from the factory. The malware is disguised as the Google Play Store and is part of the pre-installed Android apps. The spyware runs in the background and cannot be detected by users. Unbeknownst to the user, the smartphone sends personal data to a server located in China and is able to covertly install additional applications.

Over the past 24 hours the website for TrueCrypt (a very widely used encryption solution) was updated with a rather unusually styled message stating that TrueCrypt is "considered harmful" and should not be used.

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA's decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

Heartbleed, a long-undiscovered bug in cryptographic software called OpenSSL that secures Web communications, may have left roughly two-thirds of the Web vulnerable to eavesdropping for the past two years. Heartbleed isn't your garden-variety vulnerability, so here's a quick guide to what it is, why it's so serious, and what you can do to keep your data safe.