For many, Android smartphone updates are a sore point. On the one hand, they’re essential to fix dangerous bugs and vulnerabilities on your phone, delivering handy new features and support for the latest technologies at the same time. On the other hand, updates are often delayed, get installed at the worst possible time, they can slow down your phone, and in really bad cases cause data loss or even brick the device.

Let’s figure out how to install Android updates properly to get all the benefits and zero misery.

Different types of updates

“Installing updates” can refer to five quite different scenarios depending on what exactly is being updated.

Updating apps. Individual apps on devices are updated automatically or manually through an app store (Google Play, Huawei AppGallery and the like). Updating one app in this case rarely affects the rest and generally has little effect on the gadget.
Updating Android components. Google developers have long been committed to modularization, so many parts of the operating system (such as the call screen or photo viewer) are essentially separate apps. Some of these likewise download updates through an app store; others (like Google Play Services) are forcibly updated at a lower level.
Updating extensions from the smartphone manufacturer. All that distinguishes a Samsung, Oppo or Xiaomi smartphone from a “pure” Android device are proprietary extensions, which often radically alter the look of the operating system and sport fancy names like OneUI or ColorOS. The internal structure and update method differ from vendor to vendor — many try to time extension updates to coincide with the release of general Android updates, but this isn’t a hard-and-fast rule.
Updating Android itself. Google rolls out major Android updates once a year — upping the major version number by one — but bug fixes and security updates appear monthly. However, most smartphones don’t get the latest version of Android from Google directly: manufacturers of specific models must first add the correct low-level components and vendor-specific extensions, and only then offer the latest version of Android to users. Therefore, for any Android update, the time from rollout to availability on smartphones other than Google Pixel or devices running AOSP (Android Open Source Project) can be anything from a month to… eternity — depending on the manufacturer’s promptness.
Updating low-level components. This means the bootloader, 4G/Wi-Fi chip firmware, drivers and the like. As a rule, these components are updated along with the operating system, but they can get their own updates as and when required. In any case, updates of this type are released only by the company that made your phone.

Updates of the first two types (bootloader, 4G/Wi-Fi chip firmware) arrive either automatically or by pressing literally one button in your chosen app store, and usually take just seconds; others need much longer, require a smartphone restart, and are slightly more prone to side effects. Which means you need to cushion the potential blow.

What could go wrong

Nuisances. On many manufacturers’ devices, alerts about new updates appear in the notification drawer and remain stuck there. Sometimes they go full-screen and demand immediate installation. One mis-tap and your phone is already pulling gigabytes of data – heaven forbid if you’re in roaming mode.

Eating up phone space. Security updates and bug fixes are usually small in scope, but new versions of vendor extensions or Android itself can be significantly larger than their forebears. And this creates a separate problem for budget smartphones with low storage capacity.

Post-update bugs. Even Google makes mistakes. For example, users updating to Android 12 encountered all sorts of issues — from unstable network connection and flickering displays to bricked devices. Similar problems sometimes occur with vendor extensions.

Loss of data or functionality. A rare but most unpleasant occurrence is when, after an update, various apps stop working (if, say, they’re too outdated to receive updates) or user data vanishes.

Why you still need to update

Vulnerabilities. Stories about how smartphones can get infected with malware without any user action or with no signs that anything is wrong are not fiction, but rather the result of the exploitation of dangerous bugs in Android itself and installed apps. Vulnerabilities even crop up in cellular or Wi-Fi modules. And if you think this “spy fiction” doesn’t apply to you, beware — cybercriminals will quite happily use vulnerabilities of this kind to steal your money, passwords and anything else that isn’t bolted down. Each monthly Android update fixes a handful of serious vulnerabilities and a dozen or two low-risk ones.

Bugs. From increased power consumption and memory leaks to camera focus issues, the corresponding bug fixes in low-end components, Android itself, and/or vendor extensions make the smartphone experience more enjoyable.

Compatibility. Even if you don’t like new stuff, sooner or later you have to update the browser, programs, and operating system anyway just to be able to continue using your online apps and even visit certain websites. The support period for older versions of software is steadily dwindling, and, for example, in a severely outdated Chrome, many sites refuse to open properly.

Top tips for hassle-free updating

Use only official sources. Download updates only through your chosen app store or your smartphone’s system settings. Don’t install updates from websites unless the manufacturer offers no other way; in which case, as above, download updates only from said manufacturer’s official site — never from aggregators, news media or unknown sites.

Create backups. Android doesn’t fully back up everything automatically, but you can set up uploading of photos and documents to Google Drive, while your contacts, calendar and various other data are backed up to your Google account, and many apps (for example, WhatsApp) have built-in backup. Set up backup in all apps where possible, so that important information gets saved to the cloud on a nightly basis. If you don’t trust third-party clouds, there are utilities for syncing your phone with a storage server on your home network.

Optimize update downloading. Explore your smartphone settings. If updates are customizable, opt to download them at night, assuming Wi-Fi and power are available. That way, downloading updates won’t interrupt your daytime work, chew through your mobile data, or drain your battery. If there are no such settings, and update notifications often come at a bad time, you can risk turning off notifications or automatic checking for updates. In this case, you must set a regular reminder (say, once a month on a weekend) to check for updates manually through the device settings. It’s best to choose an installation time when you can afford to put your phone down for a while.

Be selective. If it’s not a critical vulnerability fix, you can put off installing it — but not for long, of course; however, waiting a few days to a week should be ok, all the while checking on forums to see if owners of the same smartphone are having issues with the update. If so, that will give time for hundreds of them to voice a complaint, and, if you’re lucky, time also for a patched version to come out.

Get rid of unnecessary stuff. Binning downloaded documents no longer needed, clearing caches, deleting unused apps and moving photos and videos to the cloud helps free up a lot of smartphone memory and reduce the likelihood of update problems. Incidentally, our mobile application for Android comes with a handy junk cleaner tool.

Update apps and firmware separately. To make it easier to track the source of potential issues, don’t update apps and firmware at the same time: after updating the operating system and vendor extensions, wait a few days before installing app updates — again, only if there are no critical vulnerability fixes.

Install Kaspersky: Antivirus & VPN on your Android device. Our application warns and protects you against known vulnerabilities, scans downloaded apps for viruses, fixes dangerous device settings, manages app permissions, blocks dangerous links, and keeps your data safe if ever your phone is lost or stolen.

Kaspersky official blog – ​Read More

The Nothing Chats app is a messenger created by the developer of the quite popular smartphone Nothing Phone — yet another “iPhone killer”. The main selling point of Nothing Chats is was the promise of giving Android users the ability to fully communicate using iMessage — a messaging system previously available only to iPhone owners.

However, Nothing Chats was almost immediately found to have a whole host of security and privacy issues. These problems were so serious that less than 24 hours after its release in the Google Play Store, the application had to be removed. Let’s delve into this in more detail.

Nothing Chats, Sunbird, and iMessage for Android

The Nothing Chats messenger was announced on November 14, 2023, in a video by the well-known YouTube blogger Marques Brownlee (aka MKBHD). He talked about how the new messenger from Nothing had plans to allow owners of a Nothing Phone (which is Android-based) to communicate with iOS users through iMessage.

By the way, I recommend watching the video by MKBHD, at least to see how the messenger worked.

The video also briefly outlines how the messenger operates from a technical point of view. To begin, users have to provide Nothing Chats with the login and password to their Apple ID account (and if they don’t have one yet, they need to create one). After this, to indirectly quote the video, “on some Mac mini somewhere on a server farm”, this Apple account is logged in to, after which this remote computer serves as a relay transmitting messages from the user’s smartphone to the iMessage system, and vice versa.

To give credit where credit is due, at the end of the sixth minute, the author of the video makes a point of emphasizing that this approach carries some serious risks. Indeed, logging in with your Apple ID on some unknown device that doesn’t belong to you, located who knows where, is a very, very bad idea for a number of reasons.

The Nothing company made no secret of the fact that “iMessage for Android” was not their own development. The company partnered with another company, Sunbird, so the Nothing Chats messenger was a clone of the Sunbird: iMessage for Android application, with some cosmetic interface changes. By the way, the Sunbird app was announced to the press back in December 2022, but its full launch for a wide audience was constantly postponed.

Nothing Chats and security issues

After the announcement, suspicions immediately arose that Nothing and Sunbird would face serious privacy and security issues. As mentioned earlier, the idea of logging in with your Apple ID on someone else’s device is highly risky because this account gives full control over a significant amount of user information and over the devices themselves through the Apple feature Find My…

To reassure users, both Sunbird and Nothing asserted on their websites that logins and passwords aren’t stored anywhere, all messages are protected by end-to-end encryption, and everything is absolutely secure.

However, the reality was way off even the most skeptical predictions. Once the application became available, it quickly became clear that it totally failed to deliver on its promises regarding end-to-end encryption. Worse still, all messages and files sent or received by the user were delivered by Nothing Chats in unencrypted form to two services simultaneously — the Google Firebase database and the Sentry error monitoring service, where Sunbird employees could access these messages.

And if that still wasn’t enough, not only Sunbird employees but anyone interested could read the messages. The issue was that the token required for authentication in Firebase was transmitted by the application over an unprotected connection (HTTP) and could, therefore, be intercepted. Subsequently, this token provided access to all messages and files of all users of the messenger — as mentioned earlier, all this data was sent to Firebase in plain text.

Once again: despite assurances of using end-to-end encryption, any message from any user on Nothing Chats and all files sent by them — photos, videos, and so on — could be intercepted by anyone.

One of the researchers involved in analyzing the vulnerabilities of Nothing Chats/Sunbird created a simple website as proof of an attack’s feasibility, allowing anyone to see that their messages in iMessage for Android could indeed be easily intercepted.

Shortly after the vulnerabilities were made public, Nothing decided to remove their app from the Google Play Store “to fix a few bugs”. However, even if Nothing Chats or Sunbird: iMessage for Android returns to the store, it’s best to avoid them — as well as any similar apps. This story demonstrates vividly that when creating an intermediary service that allows access to iMessage, it’s very easy to make catastrophic mistakes that put users’ data at extreme risk.

What Nothing Chats users should do now

If you’ve used the Nothing Chats app, you should do the following:

Log into your Apple ID account from a trusted device, find the page with active sessions (devices you’re logged in to), and delete the session associated with Nothing Chats/Sunbird.
Change your Apple ID password. It’s an extremely important account, so it’s advisable to use a very long and random sequence of characters — Kaspersky Password Manager can help you generate a reliable password and store it securely.
Uninstall the Nothing Chats app.
You can then use a tool created by one of the researchers to remove your information from Sunbird’s Firebase database.
If you’ve sent any sensitive information through Nothing Chats, then you should treat it as compromised and take appropriate measures: change passwords, reissue cards, and so on. Kaspersky Premium will help you track possible leaks of your personal data linked to email addresses or phone numbers.

Kaspersky official blog – ​Read More

At Malwarebytes, we’re constantly evolving to protect our customers. These days, our products don’t just protect you from malware, we protect your identity, defend you from ads, safeguard your social media, and keep your mobile safe too.

Here are the innovations we’ve made in our products recently. Are you making the most of them?

Malwarebytes Premium

Windows

Tamper / Uninstall Protection. This allows you to password protect your software so that it can’t be removed remotely.

Trusted Advisor. This dashboard provides an easy-to-understand assessment of your computer’s security with a single comprehensive protection score, and clear, expert-driven advice.

Brute Force Protection. This blocks Remote Desktop Protocol (RDP) attacks, which are attempts by cybercriminals to access a computer remotely. We do this by blocking IP addresses that exceed a threshold of invalid login attempts.

Smart Scan. This enables you to schedule scans at a time when you’re not using your computer, which is best for productivity.

Mac

The old adage about Macs not getting viruses is simply not true. Macs need protection too and our Premium for Mac is now compatible with macOS Sonoma.

Mobile Security

Whether you’re on iOS or Android, our Mobile Security app just got an upgrade. Our Premium Plus plan now includes a full-featured VPN to help keep your connections private, no matter where you are. Using the latest VPN technology, WireGuard® protocol, you can enjoy better online privacy at a quicker speed than traditional VPNs.

What you get with our apps:

Android: Scan for viruses and malware, and detect ransomware, android exploits, phishing scams, and even potentially unwanted apps.

iOS: Detect and stop robocalls and fake texts, phishing links, malicious sites, and annoying ad trackers (while browsing in Safari).

Browser Guard

Available for both Windows and Mac, Malwarebytes Browser Guard is our free browser extension for Chrome, Edge, Firefox, and Safari that blocks unwanted and unsafe content, giving users a safer and faster browsing experience. It’s the world’s first browser extension to do this, while at the same time identifying and stopping tech support scams.

Browser Guard adds an extra layer to your personal security, on top of your antivirus or firewall. Because it’s a browser extension, it can offer protection in the browser that other means of protection do not have access to.

We’ve recently made enhancements to Browser Guard:

Improved protection: Stops even more threats with enhanced phishing detection. 

New scanning blocks: Prevents websites from scanning for vulnerable network ports. 

Facebook support: Blocks ads and sponsored content from appearing on Facebook feeds. 

Monthly overview: Summary showcases what has been blocked. 

On top of that, Malwarebytes Premium Security users (Windows only) can now take advantage of:

Content control: Take control of your browsing experience and define what’s appropriate for you and your family. Fully customize the content you want to block while browsing.

Import and export: Use your preferences and customized rules with all your browsers, even on other devices. This helps you to experience a consistent and clean web experience. Discover on this video how to transfer Malwarebytes Browser Guard settings to another browser.

Historical Detection Statistics: View past detections and see what we’ve protected you from.  

Want to see Browser Guard in action? Read the 25 most popular websites vs Malwarebytes Browser Guard

Malwarebytes Identity Theft Protection

Newly released, Malwarebytes Identity Theft Protection scours the dark web for your personal information, prevents your social media account from being hacked, and even keeps an eye on your credit (US only) — and it’s all backed by an up-to-$2 million identity theft insurance. (Insurance coverage is $1 or $2 million depending on selected package (latter only available in the US plan Ultimate))

Here’s what you get (based on your selected plan):

Ongoing monitoring: Peace of mind that we are actively working in the background to keep you safe

Real-time alerts: Immediate notifications if we identify suspicious activity

Recommendations and best practices: Advice on how to prevent identity theft, and help if it happens

Identity restoration helpline and top-notch customer support.

Black Friday sale

Save 50% on our Home bundles for a limited time only!

Malwarebytes – ​Read More