The following lines were added (+) and removed (-):
The basic types of security risks associated with downloading and installing android apps range from those that collect general usage stats about your online activity, those that invade your privacy collecting personal information, to those that install outright backdoor trojans granting strangers access to your android device and potentially your entire private network.Android is unlike Apple's IOS in one fundemental way. For better or worse, Google (Android) does not exercise much control or oversight on what developers put on the Android Marketplace / Google Play while the Apple App Store is strictly moderated by Apple. Developers have more freedom to create and share android apps. Unfortunately, malicious app developers find it relatively easy to take advantage of this lack of oversight and make their malware available to the public though Google Play. Google will remove apps when too many complaints are made, but they do little to inform users of what apps are adware and how intrusive the level of adware may be. They only classify apps as either free or buy. This is a clear deficiency that is entirely on Google to correct, and so far they don't seem to care.Some free android apps do not have advertisements, while others do. Adware is free software that has advertisements for other products and services displayed within the app that you see while you use the app. They connect to the Internet, using your data, and update the advertisements. The more aggressive ones collect data about you from your device memory and send it back to companies that use that data. Finally, the most aggressive adware actually downloads and installs trial apps onto your device without your permission.Some free android apps do not have advertisements, while others do. Adware is free software that has advertisements for other products and services traditionally displayed within the app that you see while you use the app. Some adware is benign for the most part. Basically, while you have the app open, you will see a banner advertisement somewhere on the interface. Note that recently some of the new adware has been breaking the boundary of showing ads within the app, and invading other areas of the Android device, becoming intrusive. A Major criticism of Google Play is that it is not clear which apps are adware and which are not. In the days of Tucows, Freeware is not the same as adware. What's worse is that passive adware is being replaced by more aggressive push adware, and furthermore by outright spyware that is collecting data about you from your own android device and sending it back to 3rd parties.Often adware will connect to the Internet, using your data plan or wifi connection, and update the advertisements. The more aggressive adware will collect data about you from your device memory and send it back to companies that use that data. Finally, the most aggressive adware actually downloads and installs trial apps onto your device without your permission.Detect addons (push adware and some malware related to advertising): Use https://market.android.com/details?i...addonsdetectorA Major criticism of Google Play is that it is not clear which apps are adware and which are not. In the days of shareware sites like Tucows for the PC, there was a clear distinction between Freeware and Adware. You always knew what you were getting. Google doesn't seem to care if you are aware that a free ap is actually adware. Google clearly lacks the ethics of the PC shareware predecessors. There is also "Lookout Security launched its free Ad Network Detector" but it does not flag apps that exhibit aggressive ad serving. Lookout only protects against malware that threatens your phone as opposed to adware. On Google Play (also known as Android Market) more passive adware is being replaced by new aggressive push adware, and furthermore by outright spyware that is collecting data about you from your own android device and sending it back to 3rd parties. In some cases certain apps that were previously benign have become malware after updates for that app were released by the developer. This is when a good app turns bad."''The intent of this product is to clarify for users the behaviour of applications that display ads," said Derek Halliday, senior product manager for security at San Francisco-based Lookout. "And two, to show users what privacy and information collection apps and their ad networks are doing. We're trying to provide transparency.''"reference: Detect addons (push adware and some malware related to advertising): Use https://market.android.com/details?i...addonsdetector Some companies are looking to address the security risks being introduced by these offending adware / spyware apps. There is one called Lookout Security. Lookout Security launched its free Ad Network Detector in early 2012 but it does not flag apps that exhibit aggressive ad serving. Lookout only protects against malware that threatens your phone as opposed to adware. "''The intent of this product is to clarify for users the behaviour of applications that display ads,''" said Derek Halliday, senior product manager for security at San Francisco-based Lookout. "''And two, to show users what privacy and information collection apps and their ad networks are doing. We're trying to provide transparency.''"=== Adware Getting More Aggressive ===Thousands of Android apps now include software that shoves marketing icons onto your phone's start screen or pushes advertising into your notification bar--and many of the apps give you no warning about the ad invasion. Many of these ads come from mobile marketing firms such as AirPush, Appenda, LeadBolt, Moolah Media, and StartApp. The companies work with greedy app developers.Push AdsThe mobile ads are called "push notification ads" and "icon ads." Push notification ads deliver small alerts to an Android phone's notification bar. Icon ads, as the name implies, are icons that are inserted onto an Android phone’s start screen.Push notification and icon ads are more intrusive than in-app ads. In-app ads are only visible whilst you use the app that the advertisement supports development of. Push and icon ads invade areas of your phone outside of the adware program they came with. The main crime is that the app developer is often not disclosing the push ad payload that goes on your android when you install their app. These obnoxious intrusive ads are being installed without the android owner's consent. Both AirPush and Appenda offer clear ways to opt out of receiving ads via their websites. But it isn't obvious that consumers would know they should visit those sites to opt out. On Appenda’s site, you submit your phone number to opt out of receiving push notification ads, which leads to privacy concerns. What will they do with your phone number later on? Do you like telemarketers and text spam?source: PC World [http://www.pcworld.com/article/245305/sneaky_mobile_ads_invade_android_phones.html Sneaky Mobile Ads Invade Android Phones]== Google Spying and Harvesting User Data ===== Google+ (formerly Picasa) automatically stealing pictures off your phone ===The Google+ application which is pre-installed, will by default automatically upload photos you take on your Android device.references:* [http://google-plus.com/499/how-to-disable-instant-upload-to-google-plus-from-your-android-or-iphone-app/ How to disable instant upload to google plus from your android or iphone app?]* [http://productforums.google.com/forum/#!topic/picasa/nqIVL_cdI9I How do I stop my phone from automatically uploading pics to ogle plus]== Wipe android phone before selling ==Before you sell or dispose of your Android phone or tablet* Transfer your phone number off the phone* Factory reset the phone or tablet* Remove or wipe microSD card* Optionally change your Google account passwordTo elaborate on the summary above: erase your Android device before selling it or throwing it away. You need to do this to keep your personal data secure. All Android devices, the phones and tablets, allow a way to wipe via a hard reset. The reset process is different from one Android device manufacturer to the next. The best thing to do is to go to your settings menu and look for a reset option. Settings > SD & Phone Storage and hit the "Factory Data Reset" Keep in mind that a reset does not clear your microSD card. You should remove your microSD card. If you plan to sell it with the phone, you should wipe and reformat it manually. Some phones give you the option to format the SD card at the same time you erase the rest of the device. If not, you'll want to connect the device to a computer and format the card. Technically data can still be recovered after a format by someone with advanced technical skill and/or the right tools. There are programs that will do a secure wipe or overwriting format. This extra step will prevent recovery of your data from the microSD card.Make sure you have de-activated your number from the phone with your carrier. Remove your account from the phone so your buyer can't make calls from your number. If you have already switched your number to another phone then you are good to go. Check with your carrier to ensure your number is no longer associated with the old phone if you are not sure.Finally, if you want to be extra extra careful, you should change the Google account password associated with your phone. Each time you change Android devices and dispose or sell it, go in to Google and change your account password.=== Personal Data ===The sort of data that is on your phone includes all your music, email, text messages. Your Google account username and password. Your iTunes login information as well as other membership resources. POP3 email or enterprise mail login information. Android phones have multiple forms of storage inside. They have internal memory, where most of your apps and system settings are stored, and the SD card, where music, pictures, and some app settings are stored.Recommended reading: [http://www.androidcentral.com/securely-wiping-your-android-phone-makes-it-just-fine-sell-fud Securely wiping any device makes it just fine to sell]Also, going a step further than doing a factory reset is flashing with the original ROM. === Hard Reset on Specific Phone Models ===* [[Motorola_Droid_Pro#Hard_Reset|Hard Reset on Motorola Droid Pro]]=== Root / Jail Break ===Doing a factory reset will not remove root access to your phone. It will also not undo any custom ROM you have installed. Use a program such as Motorola's RSD Lite (if you have a Motorola phone) to fully wipe your phone. You may need a different program depending on your manufacturer. It is not necessary to undo the root, in some cases it makes the phone more valuable at resell. It is up to you if you want to sell it like that or remove root access.=== Changing your Google account password ===You can access your Google account from a PC. Goto https://accounts.google.com/ and sign in with your username and password. On the left column menu click "Security" and then towards the right side of the screen click the box "Change Password" and follow the prompts from there. {{:Change the Google Account Password on an Android Device}}== App Visibility ==When an app is installed, from Google Play or directly from the apk file, it is typically visible in the app list and manage apps area. Users refer to something called the apps drawer, which is what you see when you tap the icon typically located in the bottom right of the screen that shows icons for all installed apps, including those not visible on the desktop overlay. There is a launcher, dock, app drawer which are all different from the manage apps area. [[Android Application Visibility]] discusses the areas were apps are visible and icons are placed to open or manage an app. It is possible for an app to be well hidden. It is very difficult to hide an app from the Manage Apps area. [[Android Terminology]] also clarifies terms like launcher, app drawer, etc. [[Category:Security]]