Search the Community

Google has pulled several “stalkerware” ads that violated its policies by promoting apps that encouraged prospective users to spy on their spouses’ phone. These consumer-grade spyware apps are often marketed to parents wishing to monitor their child’s calls, messages, apps, photos and location, often under the guise of protecting against predators. But these apps, which are often designed to be installed surreptitiously and without the device owner’s consent, have been repurposed by abusers to spy on the phones of their spouses. The rise in the use of so-called “stalkerware” (or spouseware) prompted an industrywide response in recent years to combat the spread of phone monitoring apps. Antivirus makers have worked to better detect stalkerware, and federal authorities are taking action against spyware makers that further expose their victims to security threats. Last August, Google banned ads in users’ search results that promoted apps that are designed “with the express purpose of tracking or monitoring another person or their activities without their authorization.” Read More Here

Google is ending support for signing into its app on Android 2.3.7 and below (via 9to5Google). The announcement was made through email to all the users who are still actively using these Android versions. Google stated that "signing in to your account on Google apps will no longer be supported." Android versions below version 2.3.7 are: Android 1.0 Android 1.1 Android 1.5 Cupcake Android 1.6 Donut Android 2.0 Eclair Android 2.2 Froyo Android 2.3 Gingerbread The company says that the change will only impact system and application-level sign-ins and will not affect web browsers. This means that users will no longer be able to sign in to apps like YouTube, Gmail, Google Drive, and other apps that need a Google account. Users will only be able to sign into their accounts with Android versions 3.0 or newer.

In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout randomization (ASLR). About two weeks later, Google software security engineer Chris Palmer marked the bug "WontFix" because Google has resigned itself to the fact that ASLR can't be saved – Spectre and Spectre-like processor-level flaws can defeat it anyway, whether or not Oilpan can be exploited. Or as Palmer put it, "we already have to plan for a world in which ASLR is bypassable." On Wednesday, Chromium's bug tracking bot lifted the curtain on the previously private discussion and made it publicly accessible. Security researchers have been warning about the shortcomings of ASLR for years. The defense mechanism works by placing parts of software in randomly selected regions of the code's memory address space, and these positions change every time the software is started. This makes life hard for those writing malware that exploits vulnerabilities in applications and operating systems: the miscreants can't be sure where components needed to attack the code are located in memory, and their exploits will fail to work. But, as we said, ASLR is not bombproof. It simply increases the barrier miscreants have to jump over before they can hack a victim's system. In a 2017 paper, Vrije Universiteit Amsterdam researchers wrote, "ASLR is fundamentally flawed in sandboxed environments such as JavaScript and future defenses should not rely on randomized virtual addresses as a building block."

In a recent blog post, Drew Rowny, Google’s Product Lead, Messages, has shared the tech giant’s future plans. As revealed, Google is rolling out the end-to-end encryption feature to its Messages app. The Messages by Google is one of the popular Android apps among users for general communication. It is also often available as the default pre-installed messaging app in the latest Android phones. However, despite being popular, it still lagged behind other instant messaging apps like WhatsApp and Signal as it lacks key features such as end-to-end encryption. Nonetheless, Google now gears up to compete with other apps with its plans to roll out e2e encryption to Messages. This feature will ensure superior privacy to the users’ chats. As described in the post, Attribution link: https://latesthackingnews.com/2020/11/23/google-to-add-end-to-end-encryption-to-android-messages-app/