The Bluebox Security Scanner will scan your device to determine:
- If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws affecting most Android devices
- If your system settings allow 'Untrusted Sources' application installs
- If any installed application on your device is trying to maliciously take advantage of any of the 'Master Key' security flaws
Further details of the Android "Fake ID" and "Master Key" security flaws are available at:
Effectively addressing a vulnerability requires three steps:
1) Google produces a generic code fix
2) Android phone manufacturers then incorporate that fix into a firmware update for various phones
3) Carriers then distribute the final update, which ensures your phone is safe
As regards Fake ID, Google has provided the generic code fix to the phone manufacturers who are working with the carriers to distribute the updates. This scanner will help track when that finally happens. Alternatively, contact customer support at your phone manufacturer or carrier a realtime update.
NOTE: If it doesn't download that's a problem with your phone, NOT the app. ALSO, Google changed the refund period to 24 hours in stead of 3 days. If you don't get a refund, I have no control over that, you have to talk to Google.
About CM Security:
☆ No.1 antivirus engine: Ranked #1 by AV-TEST
☆ Top rated antivirus application: Highest rating (4.7) among antivirus
☆ Most trusted Android antivirus: Over 100,000,000 users downloaded
☆ Amazing AppLock: Beautiful and safe app lock
CM Security comprehensively detects virus, Trojan, vulnerabilities, malware, spyware, adware on Android mobile phone and tablet, and professional Anti-Theft protects your device from losing.
About OpenSSL Heartbleed Scanner:
☆ Developed by CM Security, the world's most trusted Android antivirus.
☆ Scan your system and accounts to make sure everything is okay.
Many websites use OpenSSL, an open source encryption technology that some of the world’s leading security experts have worked on to protect your data. Unfortunately, part of the implementation of this protocol had a human error, which had not been caught by the developers, introduced in December 2011. If a hacker sends a relatively large amount of data through this process, it causes an overflow error and allows them access to all of the data stored on that server.
Heartbleed is one of the biggest web security events in recent history; over 10,000 apps are affected by OpenSSL Heartbleed vulnerability! It makes your privacy data are all at risk, including your bank account, email, social media, etc. CM Security OpenSSL Heartbleed Detector detects whether your system, installed apps and websites are vulnerable by OpenSSL Heartbleed and keeps your phone and tablet safe.
CM Security News (4/25): The OpenSSL Heartbleed vulnerability is fixed in the following 17 apps.
• CharterX (Laws of Ghana)
• Onliner.by клиент
• Universities of Ghana
• Hits 97.9
• Take5 Feedback
• Novelas Mobile
• Parliamentary Watch
• Dünya Bülteni
• Livemargin Reader Beta
• 92.7 & 98.5 The Planet/WCMI-FM
• Supertalk 94.1 FM 930 AM
• VietnamWorks - Search Job
• 93.7 The Dawg
• Big Buck Country 101.5FM
Our Google+ community: http://goo.gl/4QFbNp
Our Facebook page: https://www.facebook.com/kscms
Our blog: http://www.cmcm.com/blog/2014-04-10/65.html
English, Simplified Chinese and Traditional Chinese.
Here are a few reasons why you should install it:
1) The app is recommended by TechRepublic as a must-have security app.
2) The app has been trusted by users from 163 countries/districts across the world.
3) Generic security apps (e.g., Lookout, Avast!, Norton, etc.) cannot be easily tuned to detect Pileup threats.
For more information, please visit our official website SecureAndroidUpdate.org.
Full description here : http://blog.indiandragon.in/2014/10/shellshock-vulnerability-in-android.html
Source code : https://github.com/indiandragon/Shellshock-Vulnerability-Scan
The app comes with No warranty whatsoever. Though it doesn’t do anything which could damage your mobile, you own responsibility for all your actions.
* Discover all UPnP devices in the network
* Discover DIAL devices including Chromecast and Fire TV
* Filter device by device type
* Automatic update when devices are added/removed from the network
* Device details for selected devices
** The application is based on the Cling - Java/Android UPnP library http://4thline.org/projects/cling/
Heartbleed Security Scanner is developed by Lookout, the leading mobile security company that builds security & antivirus technology that protects people, business, governments, and critical infrastructure from the growing threats in the post-PC era.
If you haven’t, please download Lookout Antivirus & Security for complete Android protection including free antivirus, backup, find my phone and more: http://ap.lookout.com/SH4U
❐ More About Heartbleed Security Scanner
Heartbleed Security Scanner works by determining what version of OpenSSL your device is using. If your device is using one of the affected versions of OpenSSL, we then check to see if the specific vulnerable feature called heartbeats is enabled.
■ What is Heartbleed?
Heartbleed is a software flaw in the OpenSSL “Heartbeat” function that helps keep secure connections alive. This function was found to be vulnerable to manipulation in a way that allows an attacker to steal up to 64K of data at a time from the active memory of affected systems. The bug, found by researchers from Codenomicon and Google, and filed with the following reference number – CVE-2014-0160, impacts any infrastructure that includes the affected versions of OpenSSL.
■ Will Heartbleed Security Scanner fix the Heartbleed vulnerability?
Heartbleed Security Scanner is not meant to fix this vulnerability, as the vulnerability will need to be patched by Google or your device manufacturer. Heartbleed Security Scanner is only meant to keep you informed about the status of your device. The good news is that Lookout has not yet seen the Heartbleed vulnerability exploited on a mobile device.
Stay updated with the latest information on our blog: https://blog.lookout.com/blog/2014/04/09/heartbleed
■ Will Heartbleed Security Scanner tell me if my apps are affected?
Heartbleed Security Scanner will not detect whether any of the services or accounts (the apps and websites you visit) on your device are vulnerable. Heartbleed Security Scanner is only meant to detect vulnerabilities in Android.
In other words, your operating system might be fine, but the websites you’re accessing might not. Look out for emails from companies with whom you have online accounts. If they needed to issue a patch, hopefully they will be alerting their consumers.
Note on Permissions
Heartbleed Security Scanner only uses the Internet permission when you explicitly share the results of your scan with us. If you choose not to, we won't collect any information.
➠Learn about the latest security threats at https://blog.lookout.com
➠Learn about our permissions at https://www.lookout.com/permissions
➠Like us on Facebook at http://facebook.com/mylookout
➠Follow us on Twitter at http://twitter.com/lookout
In its first version Nipper has 10 different modules, to collect information about a specific URL.
Its interface has been designed so that only some "hints" in its interface extraerías much of their information.
- IP Server
- CMS Detect & Version
- DNS Lookup
- Nmap SERVER IP ports
- Enumeration Users
- Enumeration Plugins
- Find Exploit Core CMS
- Find Exploit DB
- Solve CloudFlare
Nipper NOT require ROOT, only requires internet permission.
Compatible from Android 2.3 L.
The pandemic Android Privacy Disaster is a critical vulnerability in Android 4.3 and below involving a bypass of the universal browser safety mechanism “Same Origin Policy (SOP)”. It allows an attacker to retrieve cookies and page information (such as entered passwords) from a normally trusted domain by using a carefully crafted webpage - leading to a critical security breach. According to the current Android market data, 75% of Android users are at risk, a number which puts millions of Android users in danger.
This is a privacy disaster. The Same-Origin Policy is the cornerstone of web privacy, and is a critical set of components for web browser security.
Trustlook Privacy Disaster Scanner help android users to detect whether your android browser is vulnerable to Privacy Disaster vulnerability.
How to mitigation this risk
1. First you need to install this app to scan all browser you are using if you are not sure your browser is vulnerable or not
2. Please install and set Google Chrome Browser as your default browser.
Like us on Facebook:
Follow us on Twitter:
BETA FORUM > Malwarebytes Anti Malware Mobile
to download the latest beta version, giving feedback and suggestions, please visit the beta forum: https://plus.google.com/communities/102401317912771252555
SUPPORT FORUM > Malwarebytes Anti Malware Mobile
•For question, feedback and suggestions, please visit the support forum: http://www.malwarebytes.org/contact_consumer
Malwarebytes Anti-Malware Mobile
• Detects and eliminates malware, including spyware and Trojans
• Scans your apps for malicious code or Potentially Unwanted Programs (PUPs)
• Alerts you if a link to a malicious website is detected in an incoming text message (SMS).
• Stops unauthorized access to your personal data
• Scans your Android device for security vulnerabilities
• Identifies applications that are tracking your location
Take your anti-malware protection to go
Malwarebytes Anti-Malware Mobile guards your identity and personal data on-the-go. So you and your Android smartphone or tablet are safe from malware and unauthorized surveillance. Wherever you are. Whenever you go.
Make your smartphone smarter
Is that app or downloaded photo safe? With Malwarebytes Anti-Malware Mobile, you never have to worry again. Powerful anti-malware and anti-spyware technology protects your Android device. Detecting Trojans, spyware, and other Potentially Unwanted Programs (PUPs) before they can steal your identity, eavesdrop, or degrade your mobile experience.
Choose what you keep private
Cybercriminals, and even legitimate companies, can collect private information from your Android device. Where you go. Who your contacts are. Malwarebytes Anti-Malware Mobile identifies what your applications are doing, and which private information is being accessed. So you can control who knows, and what they know.
Close the security holes
Malwarebytes Anti-Malware Mobile automatically recognizes security vulnerabilities in your Android device’s settings. Then it makes recommendations on how to close those holes.
Make your smartphone lighter
Mobile security software is typically bloated with location features (Remote Lock, Locate on a Map, etc.). These features can already be found in your Android Device Manager—why duplicate them? Malwarebytes Anti-Malware Mobile preserves your device’s performance by adding only the necessary security features. And you can update its database over a WiFi network to reduce your data usage.
• Scans applications and files for malware and spyware
• Scans automatically when files or apps are accessed (real-time) or only when activated manually (on-demand)
• Scans native memory and SD card
• Schedules automatic scans
• Detects Potentially Unwanted Programs (PUPs)
• Updates the protection database automatically
• Updates over a WiFi network if preferable
• Identifies every application’s access privileges in detail
• Breaks down access privileges by category: Contacts, Identity Information, Simple Message Service (SMS), and Security Settings
• Identifies security vulnerabilities on your device, suggests remediation
• Links seamlessly to Android Device Manager’s device location features so the device can be located, locked, or reset if it is lost or stolen
• Identifies which applications are currently running
• Identifies installed applications
• Enables custom whitelisting of approved apps
Malwarebytes on Twitter: https://twitter.com/Malwarebytes
Malwarebytes on Facebook: https://www.facebook.com/Malwarebytes
Updated on Aug 25, 2014
Content rating: Everyone
The Heartbleed vulnerability is a flaw in the OpenSSL library, used for secure communications.
Android devices ship with OpenSSL library by default. In addition, many apps will bundle their own copy of the library. The Bluebox Heartbleed Scanner from Bluebox Labs will check all of these copies and let you know if any appear to be vulnerable to the Heartbleed vulnerability.
For more information, please visit the Bluebox Labs writeup available at: https://bluebox.com/blog/technical/heartbleed-bug-impacts-mobile-devices/
Version 2.0.0 Uploaded. I am not sure if Google still have the same bug in Play Store 3.5.15, so I don't know if this will fix your problem or not. Please test and report. Thanks
IF YOU SEE MESSAGE LIKE "no such table: android_metadata", then either your market DB is corrupted, or the version is not supported.
This is my attempt to fix the market problem where the "My Apps" section fail to show the Installed and Purchased apps.
What this app does is:
1) load the market database from /data/data/com.android.vending/databases/market_assets.db
2) for each record in there, search market https://market.android.com/details?id=com.whateverpackage.name
3) if the entry doesn't exist in the market, flag it and show in the list
4) user select apps/links to remove
5) remove apps/links selected.
I have tested this app on my Atrix, but I believe it should work on other devices as well.
This is tested with Market (Google Play) version 3.4.4 and 3.4.7.
Required access to SD card as the working folder.
Required Network state to check Internet connection.
Required Internet access to compare records to Android Market and to display ads.
Required Kill Backgroun Process permission to kill the market process after the fix.
Please use the Report function if the app crash. Thanks!
For support, discussion, feature request, please go to
Recently a new vulnerability was discovered called “Shellshock,” that targets BASH, a popular software widely used to control the command prompt on many *nix computers. Shellshock has the potential to wreak havoc on websites, web servers, PCs, routers and more because it enables hackers to gain complete control of an infected machine, which is bad news for consumers and enterprises everywhere. With this power impacted organizations can suffer from web site attacks, network shutdowns, lost data – not to mention lost customers and the cost of operational down-time spent patching such a vulnerability.
Is my Android mobile device vulnerable to ShellShock?
If you want to find out if your Android device is vulnerable, check out the Zimperium Shellshock Vulnerability Scanner. This app will determine if your mobile device is running vulnerable version of BASH or apps that includes BASH process, which exposes your mobile device to the ShellShock vulnerability.
There are two features of this app:
1) Shellshock Device Vulnerability Scanner: Determines if the device is running BASH.
2) Shellshock App Vulnerability Scanner: Determines if you have any mobile apps on your device that include BASH process.
Zimperium is the leader in advanced mobile threat defense. The Zimperium Mobile Threat Defense Suite delivers enterprise-class protection for Android and iOS devices against the next generation of advanced mobile threats. Developed for mobile devices, Zimperium uses patented, behavior-based analytics that sit on the device to protect mobile devices against network- and host-based threats wherever business takes them. For more information on Zimperium please go to www.zimperium.com.
With the advent of vulnerabilities on Mobile Platforms and components like Operating System and associated native applications like browser etc, mobile devices are continuously prone to hacking and exploitation attempts.
Security flaws help attackers to launch further attacks, which may be undetectable by anti-viruses. Such flaws are generally specific to Vendor, Operating System, Version and sometimes specific application/components as well.
The best way to prevent these attacks is to stay updated with the vulnerabilities associated with own and other mobile platforms in use.
Varutra MVD has been launched with an objective to give a common place for mobile users to get acquainted with what vulnerabilities are existent on their devices.
User can register with their Name and Email ID on "Register for Vulnerability Report" and then select the desired mobile platform and version to receive the report.
MVD covers major mobile smartphone / tablet platforms such as Android, Blackberry, iOS and Windows Phone.
How it works:
1. Select your Mobile Operating System platform.
2. Search by Title, Version, KVID or CVE ID.
3. Click on search.
4. User can also Register and Download or Email the vulnerability report.
Visit us @ http://www.varutra.com/mvd
Our Sites: http://www.varutra.com
Follow us on LinkedIn : http://www.linkedin.com/company/3203720
Like us on Facebook : http://www.facebook.com/pages/Varutra-Consulting/136105459900291
Follow us on Twitter : http://twitter.com/@varutra
Follow us on Google+ : https://plus.google.com/b/115480211678137395528/115480211678137395528/about
More than 80% of employees now use personal smartphones for work-related purposes. Vulnerable smart phones can spread malware to business infrastructure and potentially leak sensitive information when connected to the Internet or even the corporate networks.
With the Retina CS Mobile Assessment Agent, IT security teams can identify and analyze potential vulnerabilities on their organization’s mobile assets as they do on its servers and desktops. Smart phone users can also leverage the Agent to find vulnerabilities on their own devices – for free.
Retina CS is the first and only product to integrate mobile device assessment and vulnerability management for complete visibility and context on all vulnerabilities. As a result, you can quickly and easily discover, prioritize and fix security weaknesses.
• Reduce overall IT security risk by extending vulnerability management to your BlackBerry, Android and ActiveSync-managed mobile devices
• Reduce resource demands by automating vulnerability assessment for mobile devices with in-depth scanning.
• Simplify and improve IT security by managing mobile devices and all other ITassets using vulnerability assessment technology powered by Retina.
• Gain greater visibility through vulnerability profiles of mobile devices accessing your network.
• Streamline remediation through advanced threat prioritization according to severity of mobile vulnerabilities.
• Use built-in and custom audits (when licensed with Retina CS) to scan for weaknesses in mobile device hardware, applications and configurations.
• Report on mobile device vulnerabilities and demonstrate compliance locally on the agent or through BeyondTrust’s IT Risk Management Platform, BeyondInsight.