Advertisements

Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware

Millions of shiny new Android smartphones are being purchased with dangerous malware factory-installed, according to Google’s own security research team. There have been multiple headlines about the millions of harmful apps being installed from the Play Store, but this is something new. And the danger to unsuspecting users, trusting that new boxed devices are safe and clean, is that some of that preinstalled malware can download other malware in the background, commit ad fraud, or even take over its host device.

Android is a thriving open-source community, which is great for innovation but not so great when threat actors seize the opportunity to hide malware in basic software loads that come on boxed devices. New phones can have as many as 400 apps factory-installed, many of which we just ignore. But it transpires that many of those apps have not been vetted. The apps themselves will work as billed, providing a useful capability or service, so we can be forgiven for not considering the risk that might lurk within.

Google’s Maddie Stone, a security researcher with the company’s Project Zero, shared her team’s findings at Black Hat on Thursday. “If malware or security issues come as preinstalled apps,” she warned, “then the damage it can do is greater, and that’s why we need so much reviewing, auditing and analysis.”

The risk impacts Android’s Open-Source Project (AOSP), a lower-cost alternative to the full-fat version. AOSP is installed on lower-cost smartphones where cheaper software alternatives help keep prices down. This means owners of Android-badged devices from the likes of Samsung and Google itself are safe from this particular risk.

For an attacker, Stone warned, the benefit of supply chain compromise is that they “only have to convince one company to include their app, rather than thousands of users.” The Google team didn’t disclose any details of the brands of phones involved, but more than 200 device manufacturers fell foul of the testing, with malware allowing the devices to be attacked remotely.

Of particular concern were two particularly virulent malware campaigns: Chamois and Triada. Chamois generates various flavors of ad fraud, installs background apps, downloads plugins and can even send premium rate text messages. Chamois alone was found to have come installed on 7.4 million devices. Triada is an older variant of malware, one that also displays ads and installs apps.

Google is working to help device manufacturers screen for such vulnerabilities, and between March 2018 and March 2019, Stone claims such screening helped reduce the instances of devices infected by Chamois from 7.4 million to “only” 700,000. “The Android ecosystem is vast,” she warned, “with a diversity of OEMs and customizations—if you are able to infiltrate the supply chain out of the box, then you already have as many infected users as how many devices they sell—that’s why it’s a scarier prospect.”

In the meantime, the usual advice applies around downloading and installing apps from the Play Store. A healthy dose of skepticism does not go amiss when the app is from an unknown source. Not much users can do if those threats come preinstalled, though, and that’s why this revelation is so dangerous. For this one we need to rely on manufacturers to do the right thing and follow Google’s advice in screening software fully to eradicate such risks.

I am the Founder/CEO of Digital Barriers, a provider of video surveillance and analytics technologies to security and defense agencies as well as commercial organizations. I cover the sectors in which DB operates, potential conflicts are highlighted.

Source: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware

Advertisements

Viral App FaceApp Now Owns Access To More Than 150 Million People’s Faces And Names

Everyone’s seen them: friends posting pictures of themselves now, and years in the future.

Viral app FaceApp has been giving people the power to change their facial expressions, looks, and now age for several years. But at the same time, people have been giving FaceApp the power to use their pictures — and names — for any purpose it wishes, for as long as it desires.

And we thought we learned a lesson from Cambridge Analytica.

More than 100,000 million people have downloaded the app from Google Play. And FaceApp is now the top-ranked app on the iOS App Store in 121 countries, according to App Annie.

While according to FaceApp’s terms of service people still own their own “user content” (read: face), the company owns a never-ending and irrevocable royalty-free license to do anything they want with it … in front of whoever they wish:

You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.

FaceApp terms of use

That may not be dangerous and your likeness may stay on Amazon servers in America, as Forbes has determined, but they still own a license to do whatever they want with it. That doesn’t mean the app’s Russian parent company, Wireless Labs, will offer your face to the FSB, but it does have consequences, as PhoneArena’s Peter Kostadinov says:

You might end up on a billboard somewhere in Moscow, but your face will most likely end up training some AI facial-recognition algorithm.

Peter Kostadinov 

Whether that matters to you or not is your decision.

But what we have learned in the past few years about viral Facebook apps is that the data they collect is not always used for the purposes that we might assume. And, that the data collected is not always stored securely, safely, privately.

Once something is uploaded to the cloud, you’ve lost control whether or not you’ve given away legal license to your content. That’s one reason why privacy-sensitive Apple is doing most of its AI work on-device.

And it’s a good reason to be wary when any app wants access and a license to your digital content and/or identity.

As former Rackspace manager Rob La Gesse mentioned today:

To make FaceApp actually work, you have to give it permissions to access your photos – ALL of them. But it also gains access to Siri and Search …. Oh, and it has access to refreshing in the background – so even when you are not using it, it is using you.

Rob La Gesse

The app doesn’t have to be doing anything nefarious today to make you cautious about giving it that much access to your most personal computing device.

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.

I forecast and analyze trends affecting the mobile ecosystem. I’ve been a journalist, analyst, and corporate executive, and have chronicled the rise of the mobile econom

Source: Viral App FaceApp Now Owns Access To More Than 150 Million People’s Faces And Names

How Google’s Work With Motorbike Riders In India Demonstrates Its Plan For Emerging Markets

India is the world’s largest market for motorbikes, with two-wheelers making up 70% of all vehicles registered by its 1.3 billion residents. It’s these motorbike drivers, more so than car owners, that Google needs to please as it competes for mindshare in this emerging market. So when user research showed that motorbikers in India didn’t find Maps useful, a team in Google’s Seattle office was tasked with figuring out how to change it.

A dive into the data revealed that motorbike drivers would only open the app for about 30 seconds and then close it. The team of product experts hypothesized that drivers needed more guidance on their route, so they spun up a prototype that would provide more in-ride prompts. But when they tested it with users in Jaipur, the largest city in the Indian state of Rajasthan, the prototype flopped.

The trials and errors to make Maps work better in India were a wake-up call, says Lauren Celenza, lead designer on Google’s two-wheeler project. As Google aims to reach more users in emerging markets like India, South East Asia, Africa and Latin America, the company needed to better integrate user research with product design.

“Opening up of the process beyond the walls of our offices is a playbook that we’re looking to for future projects,” Celenza says.

After actually spending time in India talking to people, the product team realized that the exact opposite of their initial assumption was true: Motorbike drivers didn’t want to look at or listen to their phones at all as they navigated the crowded and often chaotic roads. Instead, they wanted clearer guidance before starting out.

That initial design process highlights the too common tech industry hubris wherein companies launch tools for people far away without proper preparation or understanding of regional wants, needs or cultural differences. At its most anodyne, this approach leads to unpopular products. But it can also fuel real-world crises, like fake news and hate-speech going viral in Myanmar because Facebook didn’t have enough Burmese-speaking moderators.

The Google Maps team on the project ended up building a “two-wheeler mode” with customized routes for motorbikes that simplifies the maps and highlights landmarks to make it easier for drivers to understand and memorize the way before starting out. Since that product launched about a year and a half ago, its usage has grown from one million daily users to 5 million, and Google has launched the feature in more than a dozen new markets.

Two-wheeler mode falls under the domain of what Google calls its “Next Billion Users” initiative to reach users in emerging markets, either by launching new products or adapting old ones. For example, Google launched data-light and offline versions of Search, YouTube and Maps, and created an India-specific payments service called Tez.

At Google’s I/O developers conference last week, the company announced several other features geared at emerging markets. For example, it will start allowing people to pay for Android apps using cash and demoed an automatic text-to-speech service that will initially launch in Google’s Go app for entry-level devices.

“We need to do a lot more work to make sure our technologies and our services actually work really well for these users, including designing the right products for their unique needs,” Caesar Sengupta, vice president of Google’s Next Billion Users group, tells Forbes. “The amount of work we have left to do is still huge.”

In the past year, Google has faced a handful of controversies about how it cooperates with foreign governments. In August, the Intercept reported that the company was working on a version of its search engine in China that would comply with the country’s strict censorship laws. U.S. politicians, human rights activists and Google employees criticized the project, describing it as a tool for oppression and a slap in the face of Internet freedom. Google eventually told Congress in December that it has “no plans” to launch a search engine in China.

This spring, Google (and Apple) received widespread criticism for offering a Saudi Arabian smartphone app that allows husbands to track their wives. The country’s “male guardianship system,” which requires women to obtain male approval for certain actions, makes tracking legal, and Google said it would not remove the app.

Sengupta, who reportedly had a leadership role in the Dragonfly project, said that the company is “really engaged” in debates about the services it provides.

“The world is evolving fast,” he said. “We need to be constantly looking at what we’re doing and what are the right ways to be doing something.”

Contact this reporter at jdonfro [at] forbes.com. Have a more sensitive tip? Reach Jillian via encrypted messaging app Signal at 978.660.6302 using a non-work phone or contact Forbes anonymously via SecureDrop (instructions here: https://www.forbes.com/tips/#6ebc8a4f226a).

I’m a San Francisco-based staff writer for Forbes reporting on Google and the rest of the Alphabet universe, as well as artificial intelligence more broadly.

Source: How Google’s Work With Motorbike Riders In India Demonstrates Its Plan For Emerging Markets

Why Google’s Theme For Its Big Developers’ Conference Could Fall Flat

This week, thousands of visitors will swarm Google’s home city of Mountain View, California, for the company’s annual I/O developers’ conference. The event serves as a state of the union of sorts for Google, allowing it to parade out new products, share milestones for existing ones, and lay out its vision for the future as techies and press from all over the world tune in.

“This year, you’ll hear a lot about how we’re building a helpful Google for everyone,” the company wrote in a press teaser ahead of the show, which starts Tuesday (the bold emphasis is the company’s).

But while Google hopes to wow audiences with presentations on artificial intelligence and accessibility, that rosy messaging may fall flat in light of the company’s recent controversies.

In the past year, Google has faced an unprecedented level of criticism from experts and its own employees on issues like censorship, workplace misconduct, and AI ethics. One consistent theme of the various accusations has been how Google has not, in fact, been helpful for everyone. Google’s timeline since its 2018 conference is studded with complaints of exclusionary behavior.

Take, for example, last fall when The Intercept revealed that the company was secretly developing censored search products in China. Lawmakershuman rights activists, and Google employees alike denounced the plans, and in an open letter, workers admonished the company for building technology that would “aid the powerful in oppressing the vulnerable.” Google ultimately said it has tabled its plans.

Not long after, employees staged a massive walkout to protest what organizers described as a “workplace culture that’s not working for everyone” following a New York Times report on how Google shielded executives from misconduct claims. Demonstrators shared stories of inequity and harassment, including for Google’s “shadow workforce” of temporary and contract workers, who have less job security and fewer protections than their direct-employee peers. Google has updated a handful of policies and practices since the walkout, but its organizers have continued to push for other changes.

More recently, employees and outsiders called out Google for including Kay Coles James, the president of a conservative think tank, on a new advanced technology advisory council, citing her anti-LGBTQ views. Google eventually disbanded the so-called AI ethics board, saying in a statement that it had “become clear that in the current environment, [the council] can’t function as we wanted,” but didn’t address protestors’ arguments about underrepresented groups, like LGBTQ people, being especially at-risk for unintended consequences for AI.

For Google to hang its conference on the theme of being helpful for everyone without acknowledging its slew of exclusion-based issues may make the company’s intended theme seem hollow or ironic.

This wouldn’t be the first time Google has undermined its own messaging: Last year it sabotaged its recurring I/O mantra about developing “responsible AI” by launching a product that imitated humans but didn’t self-identify as a robot, which raised major ethical red flags.

Gartner research director Werner Goertz, who plans to attend the conference, doubts that any of the many product managers and executives who get up on the main stage will directly address Google’s litany of recent controversies. Viewers will hear details about a cheaper Pixel smartphone and the next edition of Android, but no atonement.

“Remember, I/O is a developers’ conference,” he says. “Google will focus on addressing the technical details, and I don’t think these other topics will really distract from that message.”

Perhaps they should.

Contact this reporter at jdonfro [at] forbes.com. Have a more sensitive tip? Reach Jillian via encrypted messaging app Signal at 978.660.6302 using a non-work phone or contact Forbes anonymously via SecureDrop (instructions here: https://www.forbes.com/tips/#6ebc8a4f226a).

I’m a San Francisco-based staff writer for Forbes reporting on Google and the rest of the Alphabet universe, as well as artificial intelligence more broadly.

Source: Why Google’s Theme For Its Big Developers’ Conference Could Fall Flat

Google Confirms It Will Automatically Delete Your Data — What You Need To Know

uncaptioned
ASSOCIATED PRESS

Ahead of the annual Google I/O developer festival opening its doors on Tuesday, Google has already made one major announcement: it will soon start deleting your data automatically.

Writing in the official Google safety and security blog, David Monsees and Marlo McGriff, the product managers for Google search and maps respectively, say that the company is responding to user feedback asking to make managing data privacy and security simpler. “You can already use your Google Account to access simple on/off controls for Location History and Web & App Activity,” they say, “and if you choose, to delete all or part of that data manually.” What’s new is the soon to be rolled out “auto-delete controls” that will enable users to set time limits on how long Google can save your data.

Said to be arriving within weeks, the new controls will apply to location history as well as web and app activity data to start with. Users will be able to choose a time limit of between three and 18 months after which the data concerned will automatically delete on a rolling basis. You can already delete this data manually if you want, but the ability to have it deleted automatically is long overdue in my never humble opinion. Especially given reports last year that suggested Google was storing location data even when users had turned off location history and considering the somewhat arduous manual deletion process.

Not that everyone will want to delete this data of course. As with most things online these days it comes down to a choice between privacy and function. Actually, make that a balance between the two as it’s rare for anyone to be totally binary when it comes to such matters truth be told. Google says that this data “can make Google products more useful for you, like recommending a restaurant that you might enjoy, or helping you pick up where you left off on a previous search.” If you are of the don’t store any of my location data thank you very much persuasion, then disabling location history altogether would seem like a better option given that some mobile apps can track location data when they aren’t running. For everyone else, the new auto-deletion controls will be a welcome weapon in the “taking back control of at least some of your data” arsenal.

Keep checking the Data & Personalization section of your Google account settings, specifically the “Manage your activity controls” option I would imagine, to see if the function has rolled out for you in the coming weeks.

Please follow me on Twitter or connect with me on LinkedIn, you can find more of my stories at happygeek.com

I have been covering the information security beat for three decades and Contributing Editor at PC Pro Magazine since the first issue way back in 1994.

Source: Google Confirms It Will Automatically Delete Your Data — What You Need To Know

French regulator orders Google to take measures on advertising — peoples trust toronto

http://bit.ly/2RqgIqZ January 31, 2019 PARIS (Reuters) – France’s competition regulator has ordered Google to take measures regarding some of its advertising methods, saying these had hit French firm Amadeus which runs a directory service in France. “Google will need to quickly clarify the rules for its Google Ads online advertising platform that apply to electronic […]

via French regulator orders Google to take measures on advertising — peoples trust toronto

Four Fake Cryptocurrency Wallets Found on Google Play Store – Ana Alexandre

1.jpg

Malware researcher Lukas Stefanko has found four fake cryptocurrency wallets on the Google Play Store that were trying to steal users’ personal data, according to a blog post published Nov. 13. The apps were posing as cryptocurrency wallets for NEO, Tether and an extension for accessing Ethereum (ETH), MetaMask. They were purportedly designed to phish users’ mobile banking credentials and credit card information. Stefanko classified the wallets into two groups, wherein the fake MetaMask app was a “phishing wallet” and the other three apps were “fake wallets………

Read more: https://cointelegraph.com/news/four-fake-cryptocurrency-wallets-found-on-google-play-store

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you

Google is Not Just An Answer Machine It Monitors Your Responses Too – Ed Finn & Andrew Maynard

1.jpg

In 1998, began humbly, formally incorporated in a Menlo Park garage, providing search results from a server housed in Lego bricks. It had a straightforward goal: make the poorly indexed World Wide Web accessible to humans. Its success was based on an algorithm that analyzed the linking structure of the internet itself to evaluate what web pages are most reputable and useful. But founders Sergey Brin and Larry Page had a much more ambitious goal: They wanted to organize the world’s information. Twenty years later, they have built a company going far beyond even that lofty goal……

Read more: https://www.business-standard.com/article/technology/google-is-not-just-an-answer-machine-it-monitors-your-responses-too-118092700143_1.html

 

 

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you

 

 

Niche Genetics Expert v2 – A Complete In Depth Analysis of Google Ranking Algorithm

We all know by now… Ranking on Google is more difficult than ever before. With its never-ending stream of algorithm updates and “slaps”, Getting a site to rank consistently has become a major challenge. Until now! NicheGenetics will analyze, dissect and then reveal Google’s hidden and ever-changing algorithm. This allows you to “crack the Google code”…So you can find out exactly what to do in order to get your site ranking on top of Google, for the best keywords in your niche. The keywords that matter most to your bottom line! Our intuitive, easy-to-navigate design will make you an expert in no time. Let our advanced keyword analysis help you discover new opportunities to increase sales and profits …..

Read more: http://www.nichegenetics.com/

Google Says The Best Managers Have These 10 Qualities – Zack Friedman

1.jpg

It’s called Project Oxygen. Beginning in 2008, Google researchers wanted to understand what makes a manager great at Google. Here’s what they found.Project Oxygen…Google sought to identify the common threads among Google’s highest performing managers. Based on internal research, Google then applied its findings to its manager development programs….

Read more : https://www.forbes.com/sites/zackfriedman/2018/08/30/best-managers-google/#2e67c5054f26

 

 

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you
https://www.paypal.me/ahamidian

 

%d bloggers like this:
Skip to toolbar