Category Archives: iOS

10 Best Free Skype Alternatives For Windows/Android/iOS

Since its advent in 2003, Skype has become an industry standard when it comes to video calling on Windows PC. In addition to video calls, Skype is also a full-fledged messaging and voice calling application that is available for smartphones as well.

Even after its immense popularity, Skype is still not the most feature-rich and secure video calling application.

So these are some of the best alternatives to Skype that will definitely enhance your video calling experience.

ALSO READ: 10 Best Anime websites of 2018 | Download and Watch Anime Online for Free

Best Free Skype Alternatives


The first Skype alternative for PC that you are probably already using is WhatsApp. This immensely popular messaging application also doubles up as a reliable video-calling application. WhatsApp is available for both smartphones and computers.

A majority of your friends and family members are already using WhatsApp, which eliminates the need for signing up for new services.

WhatsApp now supports group video calls, using which you can communicate with up to four friends at once. Overall WhatsApp is a reliable Skype alternative.


Google Hangouts

Google Hangouts is another popular video calling service that is mainly used by various organizations to interact with co-workers. Similar to WhatsApp Google Hangouts is also available for smartphones and computers.

Using Google Hangouts you can hold a video call with up to 25 participants. So as to invite and connect with different users you only need their email address or phone number.

During calls, Google Hangouts offers impressive audio and video quality and the connection is secure as well.

DOWNLOAD Google Hangouts


The next feature-rich Skype alternative is LINE. This alternative to Skype has a very well developed UI and cross-platform support offers a seamless messaging experience.

Similar to other Skype alternatives on the list, LINE can also be used for video calls, voice calls, and text messaging. Nifty features like Keep, Animated Stickers, LINE Today, Face Play, Stories, and Live help LINE to stand out from the crowd.

Lastly, using LINE you can also share all sort of media and document files with your contacts.


Facebook Messenger

The next best Skype alternative that you are possibly already using is Facebook Messenger. Using Messenger you can communicate with any of your Facebook friends and the quality of video calls is impressive as well.

In addition to video calls, Messenger also allows users to have voice calls with their friends. Messenger is available as a full-fledged application for Windows, iOS, Android, and MacOS.

DOWNLOAD Facebook Messenger


Tox is one of the most secure Skype alternative that has gained popularity in recent years. Well, if security and privacy is your major concern then Tox is the best Skype alternative for you. Since Tox is open-source it is completely advertisement free.

Similar to other Skype alternatives, Tox also offers messaging, file sharing, and voice calling features.

Using the Screen Sharing feature you can even share your desktop with your friends. Lastly, Tox is available for both Windows and MacOS.



The next smartphone oriented Skype alternative is WeChat. Similar to other Skype alternatives WeChat offers voice calls, text messaging, video calls and group chats.

As mentioned earlier, WeChat is a smartphone-oriented application but its still available for Windows and MacOS in their respective App Store. It is worth noting that, a smartphone is required for logging-in to WeChat Web version.

WeChat allows a maximum of four participants in a group video call. To sum it all, WeChat is a reliable Skype alternative that simply gets the job done.



The next capable Skype alternative on the list is ooVoo. This instant messaging application offers a great messaging experience and supports emoji, stickers, and GIFs. ooVoo supports HD video calling with up to 8 people simultaneously.

The SuperClear technology helps ooVoo to optimize the quality of video calls based on your internet speed. ooVoo is available for Android, iOS, Windows, and MacOS.

This feature-rich Skype alternative also doubles up as a reliable file transfer tool.



Viber is another impressive Skype alternative for secure video calls and messaging. Unlike other Skype alternatives, Viber allows users to play built-in games and interact with popular websites when no one is present at the moment.

If you worried about privacy and security then end-to-end encryption on Viber will definitely impress you. Viber even allows users to delete seen messages. In addition to Windows, Viber is also available for MacOS and Linux.

Viber is one among very few instant messaging applications that allow users to customize application’s theme and overall UI based on their preferences.



If security and privacy are on top of your priority list then Wire will definitely impress you. Wire is an ideal Skype alternative for business or organization based communication needs. This application offers end-to-end encrypted audio conference call with up to 10 people.

In addition to messaging and video calls, Wire also doubles up as a secure file and screen sharing tool. Since Wire is an open-source application its completely ad-free and there are no in-app purchases.

Overall, Wire is a professional alternative to Skype that is used by many big companies.



The last Skype alternative on the list is Riot. Nifty features like voice and video conferencing, file sharing, notifications, and project reminders definitely help Riot to stand out from the crowd.

Riot can be used on any web-browser and its available for smartphones and computers as well. Chats and calls on Riot are also end-to-end encrypted.

Overall Riot is a reliable Skype alternative that simply gets the job done.



So these were some of the best Skype alternatives that are more secure and feature-rich as compared to Skype. Do share your favorite Skype alternatives in the comments section below.

The post 10 Best Free Skype Alternatives For Windows/Android/iOS appeared first on TechWorm.

Apps on smartphones are selling and sharing our location data 24/7

By Waqas

It’s no surprise that the apps we download on our smartphones are tracking our movements and also transferring the information to third parties without our consent. Last year it was Google caught collecting location data of Android users even if their device’s location service was off then the Gay dating app Grindr, Facebook and the fitness app by […]

This is a post from Read the original post: Apps on smartphones are selling and sharing our location data 24/7

Something else is phishy: How to detect phishing attempts on mobile

In a report published in 2011, IBM revealed that mobile users are three times more likely to fall for phishing scams compared to desktop users. This claim was based on accessed log files found on Web servers used to host websites involved in phishing campaigns.

Almost a decade later, we continue to see different organizations reporting an increased trend in phishing attacks targeting the mobile market. Surprisingly, phishers seem to have tipped the scales to a new preferred target: iPhone users. Wandera, a mobile security solutions provider, has observed that iOS users experience twice as many phishing attacks compared to their Android counterparts.

Mobile phishing by the numbers

Below is a quick rundown of current noteworthy mobile phishing statistics to date:

  • In the whitepaper “Mobile phishing 2018: Myths and facts facing every modern enterprise today” (PDF), Lookout has determined that the rate at which users are tapping phishing links has grown an average of 85% since 2011.
  • In the latest “Phishing Activity Trend Report” (PDF), the Anti-Phishing Working Group (APWG) has revealed that the Payments industry continues to rank as the top targeted sector by phishing threat actors (36%) in Q1 2018.
  • This same APWG report also claims that 35% of all phishing sites were using HTTPS and SSL certificates.

    With Google now labeling non-HTTPS website as “Non-Secure,” expect to see more phishers abuse the accepted concept that HTTPS sites are trustworthy and legitimate.

  • In their report, “2018 State of Phish”, Wombat Security hailed smishing, short for SMS phishing, as the attack vector to watch. This is due to its increased media reporting in 2017, which they believe will continue to trend, especially in countries with low awareness of mobile phishing.
  • PhishLabs stated in its “2018 Phishing Trends & Intelligence Report” (PDF) that Email/Online Services is the top targeted industry in the second half of 2017 (26.1%), with a high concentration of phishing URLs mimicking Microsoft Office 365 login pages. This suggests that there is an increasing trend of phishing campaigns targeting businesses.
  • This same PhishLabs report has also noted a dramatic increase of phishing campaigns banking on the trust of users towards software-as-a-service (SaaS) companies (7.1%). Such attacks are said to be non-existent before 2015 but have more than doubled in two succeeding years.
  • Wandera stated that 48% of phishing attacks happen on mobile. They also claim that iOS users are 18X more likely to fall for a phish than to download malware.

Mobile phishing scam types

Phishing attacks are no longer exclusive to emails, especially on mobile. A mobile device’s inherent design and features have made it possible for phishers to create ways on how they can get into users’ heads and get their hands on vital personal and business data.

While many users are quite familiar with what phishing looks like on the desktop, these same users are not as familiar with smishing or vishing—and other types of phish one might encounter on the mobile—as they are with email phishing.


SMiShing is phishing done through SMS. Android expert and Senior Analyst Nathan Collier has written about a smishing message a colleague received on their Android device that purportedly originating from a human resources company, promoting an open albeit fake position of Prime Agent for Amazon.

iOS users also have their share of spotted smishing campaigns. Below is a smishing message posted publicly on Reddit as a warning to other iPhone users:

Screenshot of an iOS SMS phishing message. Courtesy of Redditor u/jamesmt87.

Your Apple ID has been disabled until we hear from you ,
Prevent this by confirming your informations at { URL}
Apple inc


Vishing, or voice-mail phishing (at times, it also stands for VoIP phishing), is phishing done with the use of a device’s call feature. An attempt can be considered vishing if the potential phisher (1) leaves a recorded message to the target that something is wrong, (2) leaves a number that the target can use to call back, or (3) cold calls the target. Point two is precisely the tactic used by an iOS phishing scam that Ars Technica Editor Sean Gallagher revealed in a July 2018 post. According to Gallagher, an email directs users to a fake Apple website, which pops up a dialog box to start a call to a purported agent that goes by “Lance Roger at AppleCare.” AppleCare is Apple’s extended warranty service.

A vishing pop-up dialog box. Courtesy of Ars Technica.

In Android’s corner, we have the latest variant of Fakebank, a mobile Trojan that is capable of intercepting bank SMS and inbound and outgoing calls. A user, for example, making a call to a legitimate bank gets redirected to scammers who are posing as agents working for the bank. Security researchers have spotted this variant in affected apps geared towards Korean bank clients.

Vishing can also be a part of a greater business email compromise (BEC) attack.

Other types: messenger phishing, social phishing, and ad-network phishing

Apps continue to shape a user’s mobile experience for the better. Without them, one may likely just consider their phones as a pricey paperweight.

These brilliant little programs have made it possible for users to both access their personal and work emails while away from a desktop computer, keep in touch with family and friends via messaging platforms while on the go, share and access media in real-time, and stave off boredom while waiting.

Phishers, unfortunately, have leveraged the power of apps to their advantage. And the internet is rife with stories of people who got (or nearly got) phished via mobile apps.

Take, for instance, the Facebook message that used Messenger as a launchpad to spread a purported “viral video” of the recipient complete with their picture and name, and a number indicating the view count.

Screenshot of a Facebook Messenger phish. Courtesy of Security For Real People.

Clicking this “video” sent mobile users to a fake Facebook Videos login screen, wherein they were then encouraged to key in their Facebook credentials. Doing so sent a similar video bait to contacts, not to mention scammers hijacking the accounts of those who fell for this trick.

This is a case of messenger phishing. It is a type of phishing attempt that uses messaging services on mobile devices. Examples of these services are WhatsApp, Instagram, Viber, Skype, Snapchat, and Slack.

Then there’s social phishing, which is an attempt that abuses social networking sites to spread a phishing campaign. Below is a capture of a phishing message sent to a recipient via LinkedIn’s InMail feature:

Screenshot of a LinkedIn InMail phish. Courtesy of KnowBe4.

Here’s another case of social phishing: A Twitter account posing as NatWest bank inserted itself into a live conversation between a NatWest bank client and NatWest’s official Twitter channel in an attempt to present a bogus quick fix to the current concern the real bank was attempting to address.

Malwarebytes has caught a fake NatWest Twitter account red-handed.

Finally, ad-network phishing. On mobile, ads can come in many forms: They can be in free apps, on web pages the user visits, and as a pop-up notification or banner. Because apps communicate with other services (like an ad network) at the background, they can potentially expose mobile users to risks like a phishing campaign (at best) or malware (at worst).

We’d be remiss if we don’t mention phishing apps. These are fake apps that bank on the names of popular online brands, usually promising one or more perks if downloaded and installed. Such is the case of multiple fake Instagram apps that were pulled from the Google Play store after being found to collect credentials. These apps have been downloaded 1.5 million times, and they promise to boost follower count, post likes, and comments.

Mobile phish spotting

Mobile phishing attempts are quite a challenge to detect, more so for the uninitiated and the unacquainted. Regardless of your level of know-how or your computing platform of choice, as a rule of thumb, it is always best to familiarize yourself with common phishing tactics and trends. We already have a great and very comprehensive list of red flags that can guide you in determining phishing attempts in general. However, mobile users can significantly benefit from our listing of tell-tale signs of potential mobile phishing attempts (below) just as well:

  • The message comes out of the blue, claiming that you either (1) won a prize, (2) have an account or subscribed service suddenly deactivated (often without disclosing a reason), or (3) there is a very urgent need for you to do something to address a problem. Such claims are tried-and-tested social engineering ploys that more often than not give the game away.

    When it comes to being truly notified for actual breaches and that steps must be taken to mitigate its effects, however, it is best for users to avoid clicking links in these notifications (which we agree is faster and more convenient) in favor of going directly to the legitimate domain (either by loading it from bookmark or manually typing in the address in the address bar) and logging in from there.

  • The message comes from an unknown number or sender. And if it claims to be from a service you actually use, be doubly cautious. As it’s near impossible to determine on mobile if the service provider is who they say they really are, you might be better off verifying any claims for yourself, just like in the above point, and checking for logged suspicious activities. If you’re still a bit bothered, contact your service provider’s customer support department.
  • The message comes with a bogus hyperlink, which may be obvious to some but not to others. It pays to be very familiar with URLs of official web addresses of services you use online. If you feel or think that something is off, even if you’re unsure what is triggering this, err on the side of caution and avoid clicking that link.
  • The message comes with a shortened URL. Shortening URLs is an excellent method to make effective use of space that has a limited character count. Unfortunately, this can be abused to mask potentially malicious URLs from being detected at first glance.
  • If the message or caller asks for personal information, if not more information, from you. A majority of legitimate and reputable businesses don’t call or send messages asking for sensitive information. In some cases, banks do call if they suspect potential fraud activity with your account. They do this to check that you are who you say you are. However, there are certain information they will never ask you to divulge, such as your account PIN or Social Security Number (SSN).
  • If the message or caller doesn’t address you by your name. Again, a majority of businesses know who their clients are and will always address you by your name.
  • If the URL you get directed to doesn’t have a green padlock. Yes, having HTTPS on a website is no longer a solid proof that one is not on a malicious page, but there are still a lot of phishing campaigns out there that forgo using HTTPS.
  • If the URL you get redirected to appears to be right, but also has unexplained dashes after it. Phishers are already using a technique called URL padding, wherein they pad the subdomain, which consists of a legitimate website address, with hyphens to hide the real domain and create believability.

    Screenshot of a fake Facebook login screen where phishers used URL padding. Courtesy of PhishLabs.

    In this example, the complete URL is hxxp://[dot]com/sign_in.html, where rickytaylk[dot]com is the domain and is the long subdomain. Users would likely find it difficult to view the complete URL given the mobile’s small screen size, but what they can do is copy the URL and paste it on a notepad app. From there, users can scrutinize the URL more effectively.

A word on homograph attacks: Yes, they work on mobile devices, too. Fortunately, many of modern internet browsers are already programmed to display the Punycode version of domains that contain confusables (or non-English characters that visually appear similar to one or more English alphabets).

Users seeing a Punycode URL on their mobile browser could be alerted that they’re on a page they’re not supposed to be on. And this is a good thing. However, not all apps that accept and display text have considered the possibility of homograph attacks. According to Wandera’s research, many communications and collaboration tools used by employees on both Android and iOS don’t flag Punycode URLs as suspicious.

“Only Facebook Messenger, Instagram and Skype provided an opportunity for the user to identify the punycode URL by either showing a preview of the webpage with the xn prefix, or, in the case of skype, by not providing a hyperlink for domains using unicode, meaning users can’t click through from the message.” writes Liarna La Porta, Content Marketing Manager for Wandera, in a blog post. “While these apps are not providing the best methods of defense, they at least provide an opportunity to asses suspicious links more closely.”

Phish-proof no more?

In April of 2017, a Lithuanian man who posed as Quanta Computer, a Taiwanese electronics manufacturing company, successfully conned two big names in the tech industry, each paying him over $100M. These companies eventually got the bulk of their money back, but not after making headlines that made readers gasp. Who were these phishing victims? They’re Google and Facebook.

When it comes to a target’s low potentiality to fall for a phishing lure, it appears that tech savviness is slowly becoming a non-factor. It is challenging enough for desktop users to successfully determine a believable phish. With mobile devices, which already have a size limitation and more potential attack points, users are doubly challenged, especially if the adversary is motivated enough to steal the sensitive corporate data stored in them.

Indeed, phishing has branched beyond email. And using commodity-level phishing protection on mobile is inadequate in defending users from attacks. Being truly phish-proof (or akin to it) may require necessary adjustments on the side of both man and machine: improved security features on mobile devices and their apps, and knowing the red flags and what steps to take to adequately respond to a phishing attempt are key.

Recommended reading:

  • “Phishing attacks on modern Android” (direct PDF link here)
  • “Social Phishing” (direct PDF link here)


The post Something else is phishy: How to detect phishing attempts on mobile appeared first on Malwarebytes Labs.

How to Use “Find my iPhone” To Track Your Lost iPhone?

Guide on How to find your Lost iPhone using Find my iPhone

Have you ever lost your iPhone?. Did you felt that there should be some app to find it?.

Well, you need not to worry because there is an app called “Find my iPhone” from Apple itself.

It’s a great app which not only allows you to Find the iPhone but also lock, or even wipe out the entire iPhone using iCloud or any other iOS device.

Now before moving further, there are some certain things you need to keep in mind.

  • First Check the requirements
  • Then find the app
  • Activate “Find my iPhone”
  • Hide your iOS device
  • Locate it

1. Checking the requirements

“Find my iPhone” is available on any iOS device which is supported with iOS 5 or later versions. Means it’s even compatible with iPhone 3GS, third-generation iPod Touch, iPad and of course all the later versions of Apple products.

You just need to have a valid iCloud account to track your lost device.

2. Find the App

Finding the app is the easiest part because you need not to download it separately. It’s already available on your iOS device (assuming that you are running on an iOS 5 or later versions).

To find out, just simply swipe down on the middle of the screen and in search box type “Find iPhone” (See the image below).

find my iphone

Then simply tap on the app icon and login with your Apple ID.

3. Activate Find my iPhone

In order to activate the “Find my iPhone” app, you need to go to the main Settings > then tap your Apple ID banner > go to iCloud > and then scroll down to the Find my iPhone icon, tap on it and make sure it is turned on.

Click to view slideshow.

This app not only allows you to find the lost iPhone but even does more of it.

For example, you can force iPhone to ring, lock or erase data remotely with the help of Apple ID or other iOS devices.

4. Hide your iOS device

Yes, this may sound a bit inappropriate but it’s true.

In order to find, if this app really works or not you have to do it. Just hide your iOS device under some pillow or in a different room to check.

5. Locate it

Once you are done with the hiding part, then you need to locate it with the help of your iCloud account on the web or on another iOS device.

Locating iOS Device using an iCloud account on the Web

  • Just open your Favourite internet browser and search for

find my iphone

  • Enter Your Apple ID and Password to Sign in.
  • Then navigate towards the “Find iPhone” icon and tap on it.

find my iphone

  • You will see a page asking for your Apple ID Password, Just enter it and sign in.

find my iphone

  • Then the iCloud server will automatically start Locating your iOS devices (Connected with that Particular Apple ID).

find my iphone

  • Once it’s done, you will come up with the choice of devices connected with that particular Apple ID.

find my iphone

  • Simply tap the device you want to locate and server will provide you with it’s three main options Play Sound, Lost Mode, and Erase iPhone (See the image below).

find my iphone

  • If you selected the Play sound option then your iPhone will start ringing wherever it is.

find my iphone

  • And if you opted for the Lost Mode option then there will be a message displayed on the iPhone screen which should be as follow (see the image below).

find my iphone

  • And at last, the erase option simply erase all your iPhone data and once it’s done, you just can’t restore anything back. The option is good for that situation when you lost the phone and has no hope of having it back.

Locating iOS Device using another iOS device

Locating the iOS Device using another iOS Device is much easier as compared with the web option.

All you need is to grab the iOS device from which you want to locate the missing one.

  • Navigate towards the “Find my iPhone” option.

find my iphone

  • Open it and Enter your Apple ID and Password.

find my iphone

  • Once you are in, the rest process is the same as we mentioned above.

find my iphone

  • And if everything goes well, you will find your lost iPhone.


So this was all regarding How to Use “Find my iPhone”?. If you find it helpful then do let us know in the comment section below, would love to hear that.

Stay tuned for more.

The post How to Use “Find my iPhone” To Track Your Lost iPhone? appeared first on TechWorm.

Apple releases security updates for Macs, iDevices, AppleTV

Another month, another set of Apple security updates: if you’re using macOS, iOS, Shortcuts for iOS, tvOS, Safari, and iCloud and iTunes for Windows, it’s time to get patching. The updates The Safari, iCloud and iTunes updates have a lot of overlap – two Safari bugs that can lead to address bar or user interface spoofing, six WebKit issues that can be triggered by the processing of maliciously crafted web content to achieve remote code … More

The post Apple releases security updates for Macs, iDevices, AppleTV appeared first on Help Net Security.

Smashing Security #107: Sextorting the US army, and a Touch ID scam

Smashing Security #107: Sextorting the US army, and a Touch ID scam

Fitness apps exploit TouchID through a sneaky user interface trick, tech giants claim to have a plan to banish passwords, and you won’t believe who was behind a sextortion scam that targeted over 400 members of the US military.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by ferret-loving ethical hacker Zoë Rose.

Two iOS Fitness Apps Were Caught Using Touch ID To Trick Users Into Payments of $120

secwatcher shares a report from Threatpost: Two apps that were posing as fitness-tracking tools were actually using Apple's Touch ID feature to loot money from unassuming iOS victims. The two impacted apps were the "Fitness Balance App" and "Calories Tracker App." Both apps looked normal, and served functions like calculating BMI, tracking daily calorie intake or reminding users to drink water; and both received good reviews on the iOS store. However, according to Reddit users and researchers with ESET, the apps steal money -- almost $120 from each victim -- thanks to a sneaky popup trick involving the Apple Touch ID feature. According to heated victims who took to Reddit to air their complaints, after a user launches one of the apps, it requests a fingerprint scan prompting users to "view their personalized calorie tracker and diet recommendations." After the users use Touch ID, the app then shows a pop-up confirming a payment of $119.99. The pop-up is only visible for a second, according to users. "However, if the user has a credit or debit card directly connected to their Apple account, the transaction is considered verified and money is wired to the operator behind these scams," said Lukas Stefanko, malware analyst with ESET security, in a Monday post on the scam.

Read more of this story at Slashdot.

How to fix youtube playback error on any device

Struggling with playing Youtube Videos on your device?

Tired of finding the Best possible solution for that? Well, don’t worry, because here in this article we are providing you with the Best ways to fix youtube playback error on any of your devices.

So stay tuned for that.

Ways to Fix Youtube Playback Error ( Android/iOS )

1. Shifting to Wifi Connection

youtube playback error

Yes, If you are in habit of watching Youtube videos on your cellular Data connection, then you must need to shift to Wifi.

This is because the Wifi has a very strong network and signal strength as compared with Cellular Data. But if you still face the problem then just delete the current Wifi account and reconnect it.

2. App/Browser Detox

youtube playback error

The next possible way to get those Youtube videos run on your device smoothly is just by Clearing the Cache files, cookies, history, and browsing data.

You can even use the separate Cache Cleaner to clear those Cache files from your device.

3. Simply swipe down

youtube playback error

The easiest and perhaps the best way to play stopped or unloaded video on your device is to swipe down the video and release it.

Then just sign out from the YouTube app and log in again to find the videos to play.

4. Updating the app

youtube playback error

This might be the common reason why many people are facing the Youtube playback error. So if you feel that you are facing the same then you must update it from the Appstore or Playstore respectively.

5. Adjusting Video Quality

youtube playback error

Yes, by doing this you can also get rid of this youtube playback error. Simply tap on the gear icon, then bring down the quality level to at least 240p or even lower than that if possible.

6. Disabling hardware Acceleration

youtube playback error

Yes, disabling the hardware acceleration in flash player might prevent you from having this error again. All you need is to Just Right-click on the video > Click Settings > Find Enable Hardware Acceleration and then uncheck it.

How to fix this Youtube playback error in Nintendo Switch

Recently on Reddit, the Nintendo users reported about the same issue we discussed above and Youtube also replied on it (See the images below).

  • Issue Reported On Reddit

youtube playback error

  • Youtube Reply

youtube playback error

Basically, if you go to settings > system and set your audio output to stereo instead of mono then it might work for you.


So this was all regarding the best possible ways on How to fix youtube playback error. if you find it helpful then do let us know in the comment section below, would love to hear that.

Stay tuned for more.

The post How to fix youtube playback error on any device appeared first on TechWorm.

After Months of Heated Argument, Apple Permits Indian Telecom Regulator To Release Anti-Spam App, TRAI DND, On App Store

After months of back and forth, Apple has permitted Indian telecom regulator TRAI to release its anti-spam app on the App Store. The app, called TRAI DND - Do Not Disturb, went live on the iPhone app store on Friday. The free app, a version of which has existed on Android platform since 2016, allows customers to block unsolicited texts and calls from marketers, a rampant issue that continues to plague customers in India. The app has been the subject of months-long, heated argument between Apple and TRAI. Apple had argued that the app, which by design accesses message and call logs of a user, violates its privacy policy. The company, however, had agreed to provide some help to the regulator to tap into new iOS features to build the "Do Not Disturb" app. In response, R.S. Sharma, who heads the Telecom Regulatory Authority of India, had threatened to take legal action against Apple. "This is unjust, it shows the approach and attitude of this company," he told Reuters in March. Further reading: Apple approves Indian government's Do Not Disturb app, avoiding iPhone ban.

Read more of this story at Slashdot.

Google Assistant iOS Update Lets You Say ‘Hey Siri, OK Google’

The Google Assistant app on iOS has been updated to allow you to launch it on your iPhone by saying "Hey Siri, OK Google." As TechCrunch notes, you will need to open the app to set up a new Siri Shortcut for the Google Assistant in order for this to work. From the report: As the name suggests, Siri Shortcuts lets you record custom phrases to launch specific apps or features. By default, Google suggests the phrase "OK Google." You can choose something shorter, or "Hey Google," for instance. After setting that up, you can summon Siri and use this custom phrase to launch Google's app. You may need to unlock your iPhone or iPad to let iOS open the app. The Google Assistant app then automatically listens to your query. Again, you need to pause and wait for the app to appear before saying your query.

Read more of this story at Slashdot.

Malvertising in Apple Pay Targets iPhone Users

The Media Trust has discovered a recent malvertising campaign involving Apple Pay that is part of a large-scale phishing and redirect campaign targeting iPhone users visiting premium newspapers and magazines.

The post Malvertising in Apple Pay Targets iPhone Users appeared first on The Cyber Security Place.

Mac Virus: Apple and Android updates 17th November 2018

Bleeping Computer: iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo – “iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 all fell at the hands of hackers that found bugs in various components and crafted exploits that allowed complete take over of the targeted device.”

 for ESET: Google’s data charts path to avoiding malware on Android
“How much higher are the odds that your device will be exposed to malware if you download apps from outside Google Play or if you use one of Android’s older versions? Google has the numbers”

Cyberscoop: Apple’s new security chip kills access to microphone – “In a security pamphlet released after Apple’s press event on Tuesday, the company revealed that the chip will completely cut off access to the device’s microphone when the MacBook lid is shut.”

The Register: Android fans get fat November security patch bundle – if the networks or mobe makers are kind enough to let ’em have it – “And Apple fixes Watch-killing security patch of its own”

Graham Cluley for BitDefender: Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe

John E. Dunn for Sophos: Another day, another update, another iPhone lock screen bypass

Sophos: Update now! Apple releases security fixes for iOS, MacOS, Safari, others

Brian Krebs: Busting SIM Swappers and SIM Swap Myths – “KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.”

David Harley


Mac Virus

Has Your Phone Become Your Third Child? Ways to Get Screen Time Anxiety Under Control

smartphone screen timeYou aren’t going to like this post. However, you will, hopefully, find yourself nodding and perhaps, even making some changes because of it. Here it friends: That love-hate relationship you have with your smartphone may need some serious attention — not tomorrow or next week — but now.

I’m lecturing myself first by the way. Thanks to the June iOS update that tracks and breaks down phone usage, I’m ready — eager in fact — to make some concrete changes to my digital habits. Why? Because the relationship with my phone – which by the way has become more like a third child — is costing me in time (75 days a year to be exact), stress, and personal goals.

I say this with much conviction because the numbers don’t lie. It’s official: I’m spending more time on my phone than I am with my kids. Likewise, the attention I give and the stress caused by my phone is equivalent to parenting another human. Sad, but true. Here’s the breakdown.

Screen time stats for the past seven days:

  • 5 hours per day on my device
  • 19 hours on social networks
  • 2 hours on productivity
  • 1 hour on creativity
  • 18 phone pickups a day; 2 pickups per hour

Do the math:

  • 35 hours a week on my device
  • 1,820 hours a year on my device
  • 75 days a year on my device

Those numbers are both accurate and disturbing. I’m not proud. Something’s gotta give and, as Michael Jackson once said, change needs to start with the man (woman) in the mirror.

A 2015 study by Pew Research Center found that 24% of Americans can’t stop checking their feeds constantly. No surprise, a handful of other studies confirm excessive phone use is linked to anxiety, depression, and a social phenomenon called FOMO, or Fear Of Missing Out.

Efficiency vs. Anxiety

There’s no argument around the benefits of technology. As parents, we can keep track of our kids’ whereabouts, filter their content, live in smart houses that are efficient and secure, and advance our skills and knowledge at lightning speeds.

That’s a lot of conveniences wrapped in even more pings, alerts, and notifications that can cause anxiety, sleeplessness, and stress.  In our hyper-connected culture, it’s not surprising to see this behavior in yourself or the people in your social circles.

  • Nervousness or anxiety when you are not able to check your notifications.
  • An overwhelming need to share things — photos, personal thoughts, stresses — with others on social media.
  • Withdrawal symptoms when you are not able to access social media.
  • Interrupting conversations to check social media accounts.
  • Lying (downplaying) to others about how much time you spend on social media sites.

We often promote balance in technology use, but this post will go one step further. This post will get uncomfortably specific in suggesting things to do to put a dent in your screentime. (Again, these suggested changes are aimed at this mom first.)

Get Intentional

  • Look at your stats. A lot of people don’t go to the doctor or dentist because they claim “not knowing” about an ailment is less stressful than smartphone screen timeknowing. Don’t take that approach to your screen time. Make today the day you take a hard look at reality. Both iOS and Android now have screen time tracking.
  • Get reinforcements.  There are a lot of apps out there like Your Hour, AppBlock, Stay Focused, Flipd, and App Off Timer designed to help curb your smartphone usage. Check out the one/s that fits your needs and best helps you control your screen time.
  • Plan your week. If you have activities planned ahead of time for the week — like a hike, reading, a movie, or spending time with friends — you are less likely to fritter away hours on your phone.
  • Leave your phone at home. Just a decade ago we spent full days away from home running errands, visiting friends, and exploring the outdoors — all without our phones. The world kept turning. Nothing fell to pieces. So start small. Go to the grocery store without your phone. Next, have dinner with friends. Then, go on a full day excursion. Wean yourself off your device and reclaim your days and strengthen your relationships.
  • Establish/enforce free family zones. Modeling control in your phone use helps your kids to do the same. Establish phone free zones such as homework time, the dinner table, family activities, and bedtime. The key here is that once you establish the phone free zones, be sure to enforce them. A lot of parents (me included) get lax after a while in this area. Research products that allow you to set rules and time limits for apps and websites. McAfee Safe Family helps you establish limits with pre-defined age-based rules that you can be customized based on your family’s needs.
  • Delete unused apps. Give this a try: Delete one social app at a time, for just a day or a week, to see if you need it. If you end up keeping even one time-wasting app off your phone, the change will be well worth it.
  • Engage with people over your phone. If you are in the line at the grocery store, waiting for a show to begin, or hanging out at your child’s school/ sports events, seek to connect with people rather than pull out your phone. Do this intentionally for a week, and it may become a habit!
  • Do one thing at a time. A lot of wasted device time happens because we are multi-tasking — and that time adds up. So if you are watching a movie, reading, or even doing housework put your phone in another room — in a drawer. Try training yourself to focus on doing one thing at a time.smartphone screen time
  • Give yourself a phone curfew. We’ve talked about phone curfews for kids to help them get enough sleep but how about one for parents? Pick a time that works for you and stick to it. (I’m choosing to put my phone away at 8 p.m. every night.)
  • Use voice recorder, notes app, or text. Spending too much time uploading random content? Curb your urge to check or post on social media by using your voice recorder app to speak your thoughts into. Likewise, pin that article or post that photo to your notes to catalog it in a meaningful way or text/share it with a small group of people. These few changes could result in big hours saved on social sites.
  • Turn off notifications. You can’t help but look at those notifications so change your habitual response by turning off all notifications.
  • Limit, don’t quit. Moderation is key to making changes stick. Try limiting your social media time to 10 minutes a day. Choose a time that works and set a timer if you need to. There’s no need to sever all ties with social media just keep it in its proper place.

Slow but Specific Changes

Lastly, go at change slowly (but specifically) and give yourself some grace. Change isn’t easy. You didn’t rack up those screen time stats overnight. You’ve come to rely on your phone for a lot of tasks as well as entertainment. So, there’s no need to approach this as a life overhaul, a digital detox, or take an everything or nothing approach. Nor is there a need to trumpet your social departure to your online communities. Just take a look at your reality and do what you need to do to take back your time and control that unruly third child once and for all. You’ve got this!

The post Has Your Phone Become Your Third Child? Ways to Get Screen Time Anxiety Under Control appeared first on McAfee Blogs.

Cloudflare launches its DNS service for Android and iOS smartphones

Cloudflare’s privacy-focused DNS service now available on iOS and Android

Earlier this year, Cloudfare Inc., a website performance and security company, had rolled out a new free public domain name system (DNS) resolver service with as its IP address on April Fool’s day. The company has now released the mobile apps of the privacy-first DNS resolver service for Android and iOS users.

“The app makes your Internet faster and more private. It is darn easy to set up. And, the best part: it’s free!

“It is the right thing to do. We are making it easier for everyone to make their experience when they use the Internet more private. People should not have to pay to have a more private Internet.

“Beyond that, millions of websites rely on Cloudflare for performance and security. By getting more users on, we make those sites faster. That makes Cloudflare better, and it makes the Internet better, a win-win,” Mohd Irtefa the Product Manager at Cloudflare, said in a blog post.

For those unaware, DNS services are usually provided by Internet Service Providers (ISPs), and allow you to change a domain name, for instance, like into an IP address that routers and switches can understand. DNS basically changes names of websites into numbers, which could slow down your web browsing if you aren’t using a speedy DNS server.

While Cloudflare’s DNS service is a basic DNS server, it is different from your ISP’s or other DNS alternatives like Google Public DNS and Cisco OpenDNS, as its goal is to provide users’ faster internet connection and offer utmost privacy.

“Any time you are on a public internet connection people can see what sites you visit. Even worse, your Internet Service Provider is very possibly selling all of your browsing history to the highest bidder. We have a tool called which makes it easy to get a faster, more private, Internet experience” added Mohd Irtefa.

The mobile app uses a support feature like VPN (virtual private network), which directs your mobile traffic towards the DNS servers. Cloudflare’s DNS server funnels DNS traffic that not only makes it difficult for your ISP to track the sites you are visiting, but it also allows you to freely browse the site you want without having your connection censored or hijacked.

Cloudflare is committed to not tracking users or selling advertising. However, it needs to keep logs of user data for 24 hours to prevent abuse and debugging issues, after which all the logs will be purged. The company has also retained KPMG, the well-respected auditing firm, to audit their code and practices annually and publish a public report to confirm that it’s not selling user information.

The Cloudflare app is user-friendly and mobile users can easily push the on/off button to operate the DNS service. You can download the free app from Apple’s App Store and Google Play to make your internet connection faster and safer.

The post Cloudflare launches its DNS service for Android and iOS smartphones appeared first on TechWorm.

Cloudflare Launches Android and iOS version of DNS Service

By Waqas

Download the app and toggle on it to generate a VPN profile that will automatically reroute the DNS traffic using the DNS servers. On April 1, 2018, Cloudflare and APNIC launched the public DNS service to speed up the searching process for web addresses faster and more secure. It is basically a DNS […]

This is a post from Read the original post: Cloudflare Launches Android and iOS version of DNS Service

How to create your own WhatsApp stickers on Android smartphones

Create your own custom stickers for WhatsApp, here’s how

WhatsApp, the Facebook-owned instant messaging platform, had last week rolled out a new feature of Stickers in the chats for both iOS and Android platform. The Stickers feature allows users to send different stickers while chatting just like its competitors such as Hike Messenger, Telegram, WeChat and more.

WhatsApp rolled out 12 stickers pack for its users in the latest update version 2.18. The users can now view these stickers under a new option in the emoji section of the app called Stickers, which they can share with friends and family on personal and group chats.

“Whether with a smiling teacup or a crying broken heart, stickers help you share your feelings in a way that you can’t always express with words. To start, we’re launching sticker packs created by our designers at WhatsApp and a selection of stickers from other artists,” WhatsApp had said in a blog post.

Additionally, it has also added support for third-party sticker packs to allow users to create their own personal stickers for WhatsApp.

If you want to make things more interesting, you can create your own sticker packs, and then load them onto WhatsApp by following the step-by-step guide below. These stickers can be published on Google Play Store from where they can be downloaded by multiple users.

Before you start, there are two pre-requisites needed to create your own stickers pack: (1) Latest version (2.18) or above of WhatsApp, and (2) Working Internet connection.

  1. Go to Google Play Store for Android and search for an app called ‘Sticker maker for WhatsApp’ by the developer Viko & Co.
  2. Download and install the app on your Android device. Please note that is a third-party app.
  3. Once installed, launch the app, you will see an option called ‘Create a new sticker pack’. It will ask to input details like Stickerpack name and Sticker pack author. You can choose to fill the requested details or totally skip this step. Once you are done, tap the option ‘Create.’
  4. Once done, open the folder/pack you have just created. You will see a ‘tray icon’ (an empty sticker tray) with a capacity of up to 30 stickers. (Note, you will need to add all 30 stickers at once as the pack cannot be edited once published on WhatsApp. Further, you can publish your stickers pack with fewer stickers, but cannot add more to the pack upon publishing.)
  5. Click on the place ‘tray icon’. You will have an option to add a file from your phone storage or click a new one for the sticker pack.
  6. After getting the image, you will have to outline the part of the picture you want in the sticker. Click on the ‘Yes, Save Sticker’ option. Note, you need to add at least three stickers to publish your sticker pack.
  7. Once you are done adding all the stickers, click on the green-color ‘Publish Sticker Pack’ button on the bottom right. It will then give a prompt if you want to add the pack to WhatsApp. Accept it.

After the above process is complete, open WhatsApp and go to the Stickers section by tapping on the Emoji icon from the left of the text box. Choose the Stickers option and look for the stickers you have added. Tap on it to send the stickers you have created with your friends and family.

If you want to create a sticker app which anybody can use, then you need to follow the below instructions given by WhatsApp:

To create your own sticker art, your stickers must meet the following requirements:

* Each sticker is an image that has a transparent background.
* Stickers must be exactly 512×512 pixels.
* Each sticker must be less than 100 KB. See the README files associated with the sample apps for tips on reducing the file size of your stickers.

You must also provide an icon that will be used to represent your sticker pack in the WhatsApp sticker picker or tray. This image should be 96×96 pixels and must be less than 50 KB. See the README files associated with the sample apps for tips on reducing the file size of your tray icon.

In addition to the requirements above, we strongly recommend the following when designing your stickers:

* Stickers will render on a variety of backgrounds, including white, black, colored and patterned. For this reason, we recommend you add an 8-pixel #FFFFFF stroke to the outside of each sticker. View this sample Photoshop (PSD) file.
* There should be a 16-pixel margin between the actual sticker image and the edge of the 512×512 pixel canvas.

The post How to create your own WhatsApp stickers on Android smartphones appeared first on TechWorm.

iOS 12.1 Vulnerability

This is really just to point out that computer security is really hard:

Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users' contact information with no need for a passcode.


A bad actor would need physical access to the phone that they are targeting and has a few options for viewing the victim's contact information. They would need to either call the phone from another iPhone or have the phone call itself. Once the call connects they would need to:

  • Select the Facetime icon
  • Select "Add Person"
  • Select the plus icon
  • Scroll through the contacts and use 3D touch on a name to view all contact information that's stored.

Making the phone call itself without entering a passcode can be accomplished by either telling Siri the phone number or, if they don't know the number, they can say "call my phone." We tested this with both the owners' voice and a strangers voice, in both cases, Siri initiated the call.

Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples


Wirelurker for Windows (WinLurker)

Research: Palo Alto Claud Xiao: Wirelurker for Windows

Sample credit: Claud Xiao


Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware

Palo Alto |Claud Xiao - blog post Wirelurker

Wirelurker Detector

Sample credit: Claud Xiao


Download Part I
Download Part II

Email me if you need the password

List of files
List of hashes 

Part II

s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd
apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a

zlib1.dll c7d4d685a0af2a09cbc21cb474358595

│   apps.ipa
│   σ╛«σìÜ 3.4.1.dmg

└───WhatsAppMessenger 2.11.7
            WhatsAppMessenger 2.11.7.exe

Part I

BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e dca13b4ff64bcd6876c13bbb4a22f450 c4264b9607a68de8b9bbbe30436f5f28 94a933c449948514a3ce634663f9ccf8 f92640bed6078075b508c9ffaa7f0a78 f92640bed6078075b508c9ffaa7f0a78 83317c311caa225b17ac14d3d504387d 6507f0c41663f6d08f497ab41893d8d9 6507f0c41663f6d08f497ab41893d8d9 e6e6a7845b4e00806da7d5e264eed72b bda470f4568dae8cb12344a346a181d9 fd7b1215f03ed1221065ee4508d41de3 af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102 3fa4e5fec53dfc9fc88ced651aa858c6 dea26a823839b1b3a810d5e731d76aa2 dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c 9adfd4344092826ca39bbc441a9eb96f

File listing

│       foundation
│   ├───version_A
│   │   │
│   │   │
│   │   │   globalupdate
│   │   │   machook
│   │   │   sfbase.dylib
│   │   │
│   │   │
│   │   ├───dylib
│   │   │       libcrypto.1.0.0.dylib
│   │   │       libiconv.2.dylib
│   │   │       libimobiledevice.4.dylib
│   │   │       liblzma.5.dylib
│   │   │       libplist.2.dylib
│   │   │       libssl.1.0.0.dylib
│   │   │       libusbmuxd.2.dylib
│   │   │       libxml2.2.dylib
│   │   │       libz.1.dylib
│   │   │
│   │   ├───log
│   │   └───update
│   ├───version_B
│   │
│   │
│   │
│   │
│   │       globalupdate
│   │       itunesupdate
│   │       machook
│   │       start
│   │       WatchProc
│   │
│   └───version_C
│       │
│       │
│       │
│       │
│       │
│       │
│       │   periodicdate
│       │
│       │   systemkeychain-helper
│       │
│       └───manpath.d
│               libcrypto.1.0.0.dylib
│               libiconv.2.dylib
│               libimobiledevice.4.dylib
│               libiodb.dylib
│               liblzma.5.dylib
│               libplist.2.dylib
│               libssl.1.0.0.dylib
│               libusbmuxd.2.dylib
│               libxml2.2.dylib
│               libz.1.dylib
│               libzip.2.dylib
│       sfbase.dylib
│       sfbase_v4000.dylib
│       sfbase_v4001.dylib
│       start
│       7b9e685e89b8c7e11f554b05cdd6819a
│       pphelper
│       BikeBaron
│       CleanApp
│       FontMap1.cfg