In July alone, Google Play had 205 malicious apps with over 32 million installations, most of them containing hidden ads.
The bulk of the suspicious software – 188 to be exact – contained hidden ads, accounting for 19.2 million installs. The rest of the offenders fell under the categories of subscription scam, ad fraud, stalkerware, fake apps, fake antivirus tools, adware droppers, and software with built-in backdoors, according to data compiled by ESET malware researcher Lukas Stefanko.
Google’s security team Project Zero recently found six “interactionless” iOS bugs. If sold on the black market they would be worth over US$5 million.
According to the researcher, four of the six security bugs can lead to the execution of malicious code on a remote iOS device, with no user interaction needed. All an attacker needs to do is to send a malformed message to a victim’s phone, and the malicious code will execute once the user opens and views the received item.
The fifth and sixth bugs, CVE-2019-8624 and CVE-2019-8646, can allow an attacker to leak data from a device’s memory and read files off a remote device –also with no user interaction.
The Never-Googlers are people who avoid using Google services and try to convince family and friends to give them up as well.
These intrepid Web users say they’d rather deal with daily inconveniences than give up more of their data. That means setting up permanent vacation responders on Gmail and telling friends to resend files or video links that don’t require Google software. More than that, it takes a lot of discipline.
Wouldn’t you know it, I wrote a list of Google alternatives.
The YouTubers Union has joined with IG Metall, Germany’s biggest union and Europe’s biggest trade union. Together they created a venture called FairTube.
“We aren’t demanding things that cut into profits or are unrealistic. We want fairness. We want transparency. We want to be treated like partners. And we want personal communication instead of anonymous communication,” Sprave told Motherboard.
In a video announcing the move, IG Metall’s Vice President Christiane Benner, Sprave said that the partnership meant “a completely new time begins. It is no longer the case that we are helpless against Youtube. With the IG Metall, we have a strong, strong partner.” Benner added, “We know from experience that together we can achieve a lot.”
Accelerated Mobile Pages (AMP) is a Google invention that is meant to speed up web pages on mobile devices. But since it wraps the page in a Google-controlled container, it’s a harmful technology to the open web. The company has started to bring AMP URL technology for Google Images.
When you select an image, you’ll see a preview of the website header at the bottom of the screen. You can keep scrolling through Google Images, or swipe up on the preview to load the AMP (accelerated mobile pages) version of the site.
Earlier I found a shortcut that can clean AMP URLs. Or, use an alternative search engine like DuckDuckGo.
Bryan Chaffin and Andrew Orr join host Kelly Guimont for a discussion of an Apple “headset” patent and Google’s offer to buy facial data.
Google employees are stopping people in public and offering them a US$5 gift card in exchange for their facial data. The company is thought to be working on a Face ID authentication system for the Pixel 4.
“I assume they’ll use the data to train a neural network to be able to recognize what a face is,” he replied. “Then you train your own phone on what your specific face looks like. And that’s what gets used to unlock your phone, Face ID-style, but more accurately.”
Add three zeroes to that Google, and then I’ll discuss it.
After a report found a Google contractor accessed and leaked Google Home recordings, the company says it will investigate.
Google’s reCAPTCHA bot detector is now an invisible web beacon and currently on over 650,000 websites.
With reCaptcha v3, technology consultant Marcos Perona and Akrout’s tests both found that their reCaptcha scores were always low risk when they visited a test website on a browser where they were already logged into a Google account. Alternatively, if they went to the test website from a private browser like Tor or a VPN, their scores were high risk.
Google has canceled forthcoming tablet products an executive confirmed, with the company no longer trying to challenge the iPad.
Google will bring RCS messaging directly to Android users but, unlike iMessage, the service is not yet end-to-end encrypted.
Over at Inc.com,
More websites have encrypted their traffic than ever, but there is a loophole. Some use a mixture of HTTPS and unsecure HTTP. Google is closing this by building HTTPS protection directly into certain top level domains.
Which means that today, when you register a site through Google that uses “.app,” “.dev,” or “.page,” that page and any others you build off it are automatically added to a list that all mainstream browsers, including Chrome, Safari, Edge, Firefox, and Opera, check when they’re setting up encrypted web connections. It’s called the HTTPS Strict Transport Security preload list, or HSTS, and browsers use it to know which sites should only load as encrypted HTTPS automatically, rather than falling back to unencrypted HTTP in some circumstances. In short, it fully automates what can otherwise be a tricky scheme to set up.
Charlotte Henry and Andrew Orr join host Kelly Guimont to discuss Google approving of Sign in with Apple, and China’s attack on Telegram.
Google just shared a photo of its upcoming Pixel 4 phone, and I think it gives us a hint of what the iPhone XI will look like. Android manufacturers are notorious for copying the appearance of iPhones, like the notch. The Pixel 4 shows a square camera module on the back, so I think it’s likely the rumors and mockups of a square iPhone XI camera module with three cameras are probably correct.
Well, since there seems to be some interest, here you go! Wait ’til you see what it can do. #Pixel4
Charlotte Henry and Andrew Orr join host Kelly Guimont to discuss ad blocking in Safari and the latest report of plaintext password storage.
Google has stored passwords to some G Suite enterprise accounts in plaintext, since 2005, the company has admitted.
Last year Google announced its podcasting service called Google Podcasts. Today iOS users can find and listen to them within Google search.
Google CEO Sundar Pichai says privacy shouldn’t be a luxury item. Responding at Computerworld, Jonny Evans writes:
The crux of Google CEO Sundar Pichai’s argument against firms such as (obviously including but never named) Apple is that his company offers convenience in exchange for personal secrets, makes its services available for free, and has a “profound commitment” to protecting user privacy.
Author Evans lays bare the reality of how Google operates and the shallowness of Pichai’s whines.
Google’s premium music service continues to trail Apple Music and Spotify – YouTube Music has significantly fewer subscribers than its rivals.
Bryan Chaffin and John Martellaro join host Kelly Guimont to discuss Google’s assertion privacy is not a luxury item, and Apple’s “magic.”
Google CEO Sundar Pichai said privacy “cannot be a luxury good” in what amounts to thinly veiled criticism of Apple.
Google will launch tools limiting the use of tracking cookies on Chrome, however, it would not be as wide-ranging a restriction as on Safari.
Google auto delete controls are coming to the platform over the coming weeks. It’s a privacy feature that will automatically delete content.
