Security News
It's possible to track someone's user location via Google Play sign-ins, a researcher has discovered - a potential stalker avenue that, so far, the internet behemoth has yet to address. In short: Arntz logged into his Google Play account from his wife's phone, in order to pay for an app that that she wanted to install.
Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. Two of the apps added insult to injury by requiring users to purchase them, researchers found: Crypto Holic - Bitcoin Cloud Mining costs $12.99 to download, while Daily Bitcoin Rewards - Cloud Based Mining System cost $5.99.
Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against. While always running and scanning every app installed and launched on the device, "The endurance test revealed that this service does not provide particularly good security: every other security app offers better protection than Google Play Protect."
Bogus cryptomining apps for Android available for download on Google Play are estimated to have scammed more than 93,400 victims to date, researchers said, stealing at least $350,000. In addition to offering the "Apps" themselves for a fee, the scammers also promote additional services and upgrades that users can purchase within the apps, either by transferring Bitcoin or Ethereum cryptocurrencies directly to the developers' wallets or via the Google Play in-app billing system.
A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them. The malicious apps were detected as trojans called Android.
Google on Monday announced new security measures for developer accounts on Google Play, meant to ensure that each account is created by a real person. Google Play, which provides access to millions of Android applications and games, has been abused by threat actors for the distribution of malware, and Google is looking for new ways to strengthen the security of both developers and users.
Google is announcing two new security measures aimed at minimizing the number of malicious / potentially unwanted apps available for download from the Google Play Store: additional Android developer identification requirements and 2-step verification. To be able to do it, they must either hijack an existing Google Play developer account or create a new one and associate an email address and phone number with it.
About 20 percent of the Top 500 kids' mobile apps in the Google Play store are collecting data on users in a way that likely violates the Children's Online Privacy Protection Act. COPPA, imposed by the Federal Trade Commission, applies to online services, apps and websites that target children under 13, and it requires child-directed websites, apps and online services to provide notice of their data-collection practices and obtain parental consent prior to collecting personal information from children under 13.
Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings. The data-harvesting ad giant on Thursday detailed plans to create a "Safety section in Google Play" that it says "Will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security."
Google announced the introduction of a privacy information section on the entries of Android applications listed in its Google Play Store digital distribution service starting with Q1 2022. "Today, we're pre-announcing an upcoming safety section in Google Play that will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security," Suzanne Frey, Product VP for Android Security and Privacy, said.