A Big Thank You to Our Patron

A Big Thank You to Our Patron

Thank you Jonathan Mark Lunsford. We do not know who you are or where you are, but your generosity, acknowledgement and support really really spur us on to continue development of useful apps for people.


Thank you Sir.

Android One Update in Feb 2019

Android One Update Status in Feb 2019

Following the previous post on Android One, this is a screen shot of Mi A2 phone with the February security updates.

Screenshot of a Mi A2 Phone
Screenshot of a Mi A2 phone

Mi A2 is a phone from Xiaomi on the Android One program. So far updates are regular in the Android One phones. If you like your phones to be regularly updated, look for a phone on the Android One program.

Screenshot taken by our app, Device Information (Zero Permission App).

Zero Permission App - Clipboard data

Android Q Adds New Permissions for Clipboard Access and Blocks Background Clipboard Reads

One of the function that our app, Device Information (Zero Permission App), provides is to display the data or information in the Android clipboard. This demonstrates to the user that sensitive data such as document, passwords, SSNs if copied may be leaked to Android app that reads the clipboard without user knowledge.

Our app has no permission and thus it is safe to download and test. It displays information on Android device with zero permission required. The goal of the app is to spread the message of the danger of information leakage via Android app.

The good news is when Android Q arrives, the problem of malicious apps copying the clipboard data may finally be patched. Android Q is found to have new permissions, READ_CLIPBOARD_IN_BACKGROUND, for applications to request if they required clipboard access. This will definitely blocks some of the malicious apps that steal information or uses this as a covert channel to communicate with another app.

Android is definitely moving in the correct direction for closing this vulnerability. The problem of relying on users to keep abreast of the numerous permissions may not be a good security fallback.