Google Pressured 90,000 Android Developers Over Insecure Apps

An anonymous reader quotes PCWorld:

Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future u…

An anonymous reader quotes PCWorld:

Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps… In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them… Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces.

100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.

Read more of this story at Slashdot.

The Problem With Google AMP

Kyle Schreiber has raised some issues about Google’s AMP (Accelerated Mobile Pages), an open source project unveiled by the company in 2015 with which it aims to accelerate content on mobile devices. He writes on his blog: The largest complaint by far …

Kyle Schreiber has raised some issues about Google’s AMP (Accelerated Mobile Pages), an open source project unveiled by the company in 2015 with which it aims to accelerate content on mobile devices. He writes on his blog: The largest complaint by far is that the URLs for AMP links differ from the canonical URLs for the same content, making sharing difficult. The current URLs are a mess. They all begin with some form of https://wwww.google.com/amp/ before showing a URL to the AMP version of the site. There is currently no way to find the canonical link to the page without guessing what the original URL is. This usually involves removing either a .amp or ?amp=1 from the URL to get to the actual page. Make no mistake. AMP is about lock-in for Google. AMP is meant to keep publishers tied to Google. Clicking on an AMP link feels like you never even leave the search page, and links to AMP content are displayed prominently in Google’s news carousel. This is their response to similar formats from both Facebook and Apple, both of which are designed to keep users within their respective ecosystems. However, Google’s implementation of AMP is more broad and far reaching than the Apple and Facebook equivalents. Google’s implementation of AMP is on the open web and isn’t limited to just an app like Facebook or Apple.

Read more of this story at Slashdot.

The Problem With Google AMP

Kyle Schreiber has raised some issues about Google’s AMP (Accelerated Mobile Pages), an open source project unveiled by the company in 2015 with which it aims to accelerate content on mobile devices. He writes on his blog: The largest complaint by far …

Kyle Schreiber has raised some issues about Google’s AMP (Accelerated Mobile Pages), an open source project unveiled by the company in 2015 with which it aims to accelerate content on mobile devices. He writes on his blog: The largest complaint by far is that the URLs for AMP links differ from the canonical URLs for the same content, making sharing difficult. The current URLs are a mess. They all begin with some form of https://wwww.google.com/amp/ before showing a URL to the AMP version of the site. There is currently no way to find the canonical link to the page without guessing what the original URL is. This usually involves removing either a .amp or ?amp=1 from the URL to get to the actual page. Make no mistake. AMP is about lock-in for Google. AMP is meant to keep publishers tied to Google. Clicking on an AMP link feels like you never even leave the search page, and links to AMP content are displayed prominently in Google’s news carousel. This is their response to similar formats from both Facebook and Apple, both of which are designed to keep users within their respective ecosystems. However, Google’s implementation of AMP is more broad and far reaching than the Apple and Facebook equivalents. Google’s implementation of AMP is on the open web and isn’t limited to just an app like Facebook or Apple.

Read more of this story at Slashdot.

Google Maps Starts Showing Parking Availability For Some Users

An anonymous reader quotes a report from Ars Technica: Back in August, Cody found strings in his teardown of Google Maps v9.34 beta that hinted at an upcoming display of parking difficulty. The option may have crept up for some users since then, but no…

An anonymous reader quotes a report from Ars Technica: Back in August, Cody found strings in his teardown of Google Maps v9.34 beta that hinted at an upcoming display of parking difficulty. The option may have crept up for some users since then, but now we have our first glance into how the feature will work since it has started showing up for more users on Maps v9.44 beta. Parking availability will be shown as a small rounded P icon next to your route duration estimate when you search for driving directions, followed by more descriptive text. As Cody’s teardown showed, there are three levels to look for: Limited, Medium, and Easy. Limited parking will get the P icon to turn red. Once you start driving toward your destination, you can expand the directions to get a more descriptive explanation of the parking situation. Our tipster tells us that according to his tests, parking availability shows up for public destinations like malls and airports and various attractions. The option doesn’t seem to be live for everyone on Maps v9.44 beta (APK Mirror link), so you may need to be patient to see it on your phone.

Read more of this story at Slashdot.

Google Maps Starts Showing Parking Availability For Some Users

An anonymous reader quotes a report from Ars Technica: Back in August, Cody found strings in his teardown of Google Maps v9.34 beta that hinted at an upcoming display of parking difficulty. The option may have crept up for some users since then, but no…

An anonymous reader quotes a report from Ars Technica: Back in August, Cody found strings in his teardown of Google Maps v9.34 beta that hinted at an upcoming display of parking difficulty. The option may have crept up for some users since then, but now we have our first glance into how the feature will work since it has started showing up for more users on Maps v9.44 beta. Parking availability will be shown as a small rounded P icon next to your route duration estimate when you search for driving directions, followed by more descriptive text. As Cody’s teardown showed, there are three levels to look for: Limited, Medium, and Easy. Limited parking will get the P icon to turn red. Once you start driving toward your destination, you can expand the directions to get a more descriptive explanation of the parking situation. Our tipster tells us that according to his tests, parking availability shows up for public destinations like malls and airports and various attractions. The option doesn’t seem to be live for everyone on Maps v9.44 beta (APK Mirror link), so you may need to be patient to see it on your phone.

Read more of this story at Slashdot.

Porn Pirates Exploit Well-Known Loophole To Upload Raunchy Videos On YouTube

Adult video websites appear to be exploiting a YouTube loophole to host explicit material on the platform. An anonymous reader shares a report on The Next Web: A number of adult streaming websites have begun using a known backdoor that ultimately makes…

Adult video websites appear to be exploiting a YouTube loophole to host explicit material on the platform. An anonymous reader shares a report on The Next Web: A number of adult streaming websites have begun using a known backdoor that ultimately makes it possible to store infringing material on Google’s servers — entirely free of charge. To pull this off, the pirates essentially take advantage of YouTube’s option to upload content without sharing it publicly, which effectively allows them to embed the videos on their websites and bypass Google’s Content-ID takedown system. This means the content remains unlisted on YouTube and is served directly from the GoogleVideo.com domain instead. While the move hasn’t gone unnoticed by the porn industry, California-based adult content-maker Dreamroom Productions claims it has made it much harder for producers to hunt down and flag infringing material, since the videos are not shared publicly.

Read more of this story at Slashdot.

Google Reveals Its Servers All Contain Custom Security Silicon

Google has published an Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services. From a report on The Register: The document outlines six layers of security and reveals…

Google has published an Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services. From a report on The Register: The document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary’s operations, none more so than the disclosure that: “We also design custom chips, including a hardware security chip that is currently being deployed on both servers and peripherals. These chips allow us to securely identify and authenticate legitimate Google devices at the hardware level.” That silicon works alongside cryptographic signatures employed “over low-level components like the BIOS, bootloader, kernel, and base operating system image.” “These signatures can be validated during each boot or update,” the document says, adding that “the components are all Google-controlled, built, and hardened. With each new generation of hardware we strive to continually improve security: for example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a microcontroller running Google-written security code, or the above mentioned Google-designed security chip.”

Read more of this story at Slashdot.

Google’s New Compression Tool Uses 75% Less Bandwidth Without Sacrificing Image Quality

An anonymous reader quotes a report from The Next Web: Google just released an image compression technology called RAISR (Rapid and Accurate Super Image Resolution) designed to save your precious data without sacrificing photo quality. Claiming to use …

An anonymous reader quotes a report from The Next Web: Google just released an image compression technology called RAISR (Rapid and Accurate Super Image Resolution) designed to save your precious data without sacrificing photo quality. Claiming to use up to 75 percent less bandwidth, RAISR analyzes both low and high-quality versions of the same image. Once analyzed, it learns what makes the larger version superior and simulates the differences on the smaller version. In essence, it’s using machine learning to create an Instagram-like filter to trick your eye into believing the lower-quality image is on par with its full-sized variant. Unfortunately for the majority of smartphone users, the tech only works on Google+ where Google claims to be upscaling over a billion images a week. If you don’t want to use Google+, you’ll just have to wait a little longer. Google plans to expand RAISR to more apps over the coming months. Hopefully that means Google Photos.

Read more of this story at Slashdot.

Google is Killing Its Solar-Powered Internet Drone Program

An anonymous reader writes: Google’s “moonshot” X division is ending its Titan drone program, which planned to use solar-powered drones to beam internet down to earth. Google bought Titan Aerospace in 2014. The company was developing solar-powered dron…

An anonymous reader writes: Google’s “moonshot” X division is ending its Titan drone program, which planned to use solar-powered drones to beam internet down to earth. Google bought Titan Aerospace in 2014. The company was developing solar-powered drones that could fly for several days at a time and take images of earth or beam down internet. When Google reorganized into Alphabet in 2015, Titan was folded into X, the Alphabet division that focuses on wild tech projects in hopes of stumbling on the next big thing.

Read more of this story at Slashdot.

Google is Killing Its Solar-Powered Internet Drone Program

An anonymous reader writes: Google’s “moonshot” X division is ending its Titan drone program, which planned to use solar-powered drones to beam internet down to earth. Google bought Titan Aerospace in 2014. The company was developing solar-powered dron…

An anonymous reader writes: Google’s “moonshot” X division is ending its Titan drone program, which planned to use solar-powered drones to beam internet down to earth. Google bought Titan Aerospace in 2014. The company was developing solar-powered drones that could fly for several days at a time and take images of earth or beam down internet. When Google reorganized into Alphabet in 2015, Titan was folded into X, the Alphabet division that focuses on wild tech projects in hopes of stumbling on the next big thing.

Read more of this story at Slashdot.