Android API level requirements to ‘improve the security of the app ecosystem’
Google today said that it’ll require Android apps in major app stores from third-party manufacturers like Huawei, Oppo, Vivo, Xiaomi, Baidu, Alibaba, and Tencent to target API level 26 (Android 8.0) or higher in 2019, in a bid to “improve the security of the app ecosystem.” It also said it’ll require all new apps to target API level 28 (Android 9) or higher by August 2019, and mandate that updates to existing apps target API level 28 or higher by November 2019.
The target API levels will “advance annually,” Google says, and existing apps that aren’t receiving updates won’t be affected by the changes.
“Thanks to the efforts of thousands of app developers, Android users now enjoy more apps using modern APIs than ever before, bringing significant security and privacy benefits. For example, during 2018, over 150,000 apps added support for runtime permissions, giving users granular control over the data they share,” Edward Cunningham, product manager on the Android Security and Privacy Team, wrote in a blog post. “Over 95 percent of spyware we detect outside of the Play Store intentionally targets API level 22 or lower, avoiding runtime permissions even when installed on recent Android versions.”
In addition to those new policies, Google says that, on devices with Developer options enabled, Google Play Protect — an automated security solution that scans more than 50 billion apps on billions of devices each day — will begin to warn users when they attempt to install apps from any source that don’t target a recent API level.
“For example, a user with a device running Android 6.0 (Marshmallow) will be warned when installing any new [app] that targets API level 22 or lower,” Cunningham explained. “Users with devices running Android 8.0 (Oreo) or higher will be warned when installing any new APK that targets API level 25 or lower.”
The announcement comes after Google said it would continue to improve the automated systems that help root out unscrupulous developers in the Google Play Store — and after researchers with security firm Eset and Trend Micro discovered malicious Android apps hosted on the Play Store that were designed to steal cryptocurrency and trick users into downloading and installing a trojan. In a recent blog post, the company revealed that in 2018, the number of apps rejected and suspended from the Play Store increased by more than 55 percent and 66 percent, respectively, and that tens of thousands of apps not adherent to the Play Store’s user data and privacy policies were rejected or removed.
Google announced late last year that it’s paid out over $15 million since launching its bug bounty program in November 2010. And it said it’s regularly conducting both “static” and “dynamic” analyses of apps with inappropriate content, impersonators, and PHAs, and “intelligently” using user engagement and feedback data to help find bad apps with “higher accuracy and efficiency.”
How to reverse search an image on Google with your phone, tablet, or computer
Google Images is a great place to do a traditional search for pictures of tuxedo cats or skull tattoos. You can also do a reverse image search to find information about a specific photo or graphic.
There are other reverse image search tools, but Google Images is robust, easy to use - and free.
Here's how to search by image on Google.
What is reverse image search?
When you do a reverse image search on Google, you place a photo or a link to an image in the browser. Google finds websites featuring your image as well as related images.
Google Images also detects the subject of your photo and brings up other websites related to, for example, tuxedo cats.
Here are just a few of the uses for reverse image search:
You can do a reverse image search on Android devices, iPhones, and iPads. This search is limited to images found on the internet. If you want to search with photos or graphics from your own files, you'll have to use a computer.
You'll need to download the Google Chrome app to do a reverse image search on your smartphone.
Click the camera icon or drag and drop an image onto the Google Images page. Google; Business Insider You can do a more robust Google image search on your computer. You can upload a file from your computer or search for an image you find on the web. Google Images works with the Chrome, Firefox, and Safari browsers.
To search for an image from your files:
It's that simple. You'll have hundreds of photos of tuxedo cats that look like your Bootsie within seconds.
You can also copy the URL of a photo you find online and use that to search.
Search an image by URL. Google; Business Insider
There are two more ways to search for images you find on the web.
Google says 'hidden' microphone in Nest product never intended to be a secret
Google says that a failure to make users aware of a microphone in Nest Guard was nothing more than a mistake -- but the oversight is enough to make us increasingly paranoid about our smart home and voice assistant products.
The issue came to light after Google said in early February that the Nest Guard, the centerpiece of the Nest Secure home alarm system, will soon receive Google Assistant functionality.
In order to use Google Assistant and voice-based controls, devices must have both a speaker and microphone elements.
The problem is, users were not made aware that the Nest Guard had a microphone at all.
TechRepublic: How to help CISOs understand their role in cloud security
"The Google Assistant on Nest Guard is an opt-in feature, and as the feature becomes available to our users, they'll receive an email with instructions on how to enable the feature and turn on the microphone in the Nest app," Google said. "Nest Guard does have one on-device microphone that is not enabled by default."
Nest Guard contains an alarm, keypad, and motion sensors, but the product's original specifications list said nothing about a microphone.
Speaking to Business Insider, a Google spokesperson said the emission had been made in "error" and was "never intended to be a secret."
Virtual and voice-based assistants have been creeping into our daily lives for years due to smartphones, tablets, and the emergence of Internet of Things (IoT) products ranging from smart lighting to fridges.
CNET: Nike's Android app doesn't run well with its Adapt BB self-tying shoes
Home hubs containing voice technologies & microphones including Google Assistant and Amazon's Alexa are generally accepted by the public and have proven to be popular purchases, but they may be strategically placed in areas such as a lounge rather than a bedroom, for example, as they are required to listen-in for commands.
There is always a balance between convenience and privacy to consider, but by failing to inform users of the existence of microphones in a device, Google may have sparked a case of severe paranoia in some users.
The on-device microphone was included in the Nest Guard as a form of future-proofing, as the tech giant considered the feature useful should new security features be included down the line, such as the "ability to detect broken glass" through sound-sensing.
Google has further attempted to reassure users that the "microphone has never been on, and is only activated when users specifically enable the option."
See also: Why I replaced Google Wifi with Synology's mesh networking gear (and why you might, too)
The news comes at a time when consumers are becoming increasingly aware of privacy-related issues which technology is bringing into the home.
A previous Google Home mini security flaw created an opportunity for the smart speaker to become a spying device able to record everything in 2017, and last month, a Nest camera was compromised by a hacker who then convinced a terrified family that North Korea was attacking the United States.
The rival Amazon Echo, however, also hits the headlines when it comes to privacy issues.
Not only was the product a central element of a case relating to murder in 2018, but Alexa has also frightened users out of their wits with random, hysterical laughter, and was slammed after recording a private conversation between a couple and sharing it with a random person on their contact list without consent last year.
Previous and related coverage.
No comments:
Post a Comment