Security News

Google is announcing two new security measures aimed at minimizing the number of malicious / potentially unwanted apps available for download from the Google Play Store: additional Android developer identification requirements and 2-step verification. To be able to do it, they must either hijack an existing Google Play developer account or create a new one and associate an email address and phone number with it.

Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification, provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace, Google Play Trust and Safety team said.

Google recently unveiled the next evolution of Google Workspace, including new security and privacy capabilities to help users take advantage of trusted, cloud-native collaboration. How does Google Workspace help the remote workforce stay secure?

Google this week announced a security update for Google Drive that is meant to make sharing links more secure for files stored with the service. "Once the update has been applied to a file, users who haven't viewed the file before will have to use a URL containing the resource key to gain access, and those who have viewed the file before or have direct access will not need the resource key to access the file," Google said in a note accompanying the update.

The revised timelines comes close on the heels of a fresh regulatory setback in the European Union, after the European Commission opened a wide-ranging investigation into Google's digital advertising business to examine its "Plans to prohibit the placement of third party 'cookies' on Chrome and replace them with the 'Privacy Sandbox' set of tools," and assess its "Effects on online display advertising and online display advertising intermediation markets." Third-party tracking cookies have emerged as a point of privacy concern as the technology enables marketers and ad platforms to monitor user activity online as they hop from one website to the other for purposes of behavioral targeting.

Google will delay by nearly two years the phase out of Chrome web browser technology that tracks users for ad purposes, saying that it needs more time to develop a replacement system. The tech giant on Thursday moved its deadline to remove so-called third-party cookies to late 2023 rather than January 2022 as was initially planned.

Google today announced the expansion of the Open Source Vulnerabilities database to include information on bugs identified in Go, Rust, Python, and DWF open source projects. Launched in February 2021 with details on thousands of vulnerabilities from Google's OSS-Fuzz project, the OSV database is meant to provide automated, improved vulnerability triage for both developers and users of open source software.

An upcoming security update for Google Drive will increase the security of your shared documents but likely break many of your shared links. Yesterday, Google began emailing Google Workspace admins about a new security update for Google Drive rolling out on September 13th, 2021, to make file sharing more secure.

Google on Thursday introduced a unified vulnerability schema for open source projects, continuing its current campaign to shore up the security of open source software. The as-yet-unnamed vulnerability interchange schema aspires to bridge gaps that make it difficult to connect current, fragmented vulnerability databases by providing a common interchange format.

About 20 percent of the Top 500 kids' mobile apps in the Google Play store are collecting data on users in a way that likely violates the Children's Online Privacy Protection Act. COPPA, imposed by the Federal Trade Commission, applies to online services, apps and websites that target children under 13, and it requires child-directed websites, apps and online services to provide notice of their data-collection practices and obtain parental consent prior to collecting personal information from children under 13.