Google’s Titan Security Key Is Now Available For $50

Google's Titan Security Key Is Now Available For $50

This $50 Titan Security Key from Google secures your online accounts

Google’s Titan Security Key is finally available for customers in the U.S. for $50 from the Google Play Store. The in-house security key was first publicly announced in July, and since then it has been available to Google Cloud customers.

For those unaware, Google’s Titan Security Key is a physical device that is built on the FIDO (Fast Identity Online) specification. This device can be used to add an extra layer of security to protect data on the sites and services against phishing attacks. Just like other security keys, it can be used over Bluetooth or USB. The Titan Security Key can not only be used to secure the host of services offered by Google, but also with other non-Google services.

According to Google, the production process of the Titan Security Key makes it more resilient to supply chain attacks. “This firmware is sealed permanently into a secure element hardware chip at production time in the chip production factory,” Cloud product manager Christian Braand said in a post. “The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material.”

In 2017, Google had started giving out physical security keys to all 85,000 employees to login accounts. Following this implementation, no employee has experienced any account hacks and phishing attacks since then. With the use of physical security keys, Google has removed the need for its employees to remember passwords or use one-time access codes.

For those unaware, Physical Security Keys are simple USB-based devices that work as an alternate approach to the now universal two-factor authentication (2FA). They work on an open-authentication standard known as ‘Universal 2nd Factor (U2F)’ that removes the need to remember multiple passwords for various sites.

The $50 kit comes with a USB key, a Bluetooth Low Energy key, and an adapter for devices with USB Type-C ports. You can enable security keys in your Google account from the two-step verification page.

Made in China?

While Google’s Titan Security Key is certainly an interesting device to keep users’ online accounts safe from phishing attacks, the search giant has however come under fire for manufacturing the key in China in partnership with manufacturer Feitian, according to a report from CNBC.

The product is labeled as “Produced in China,” indicating that the security key is manufactured there. Adam Meyers, a security expert at the security firm CloudStrike, is of the opinion that producing security keys overseas will make Google vulnerable not only to infiltration by hackers but also by the Chinese government during the assembly process.

However, Google said that the hardware that provides the keys’ security is sealed before it heads to the manufacturer to guard against supply chain attacks. The company declined to comment further.

read more

Google is secretly tracking what you buy offline using Mastercard cards

Google is secretly tracking what you buy offline using Mastercard cards

Google and Mastercard have a secret deal to track user shopping details offline

A partnership between Google and Mastercard allows the search giant to track offline sales data, says a Bloomberg report who cited four people “with knowledge of the deal”. In other words, Mastercard is basically selling customer data to Google.

“For the past year, select Google advertisers have had access to a potent new tool to track whether the ads they ran online led to a sale at a physical store in the U.S. That insight came thanks in part to a stockpile of Mastercard transactions that Google paid for.

“But most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking. That’s because the companies never told the public about the arrangement,” Bloomberg mentions in its report.

The data is used for Google’s Store Sales Measurement tool, which allows the search giant to find a connection between clicks on digital ads and purchases in brick-and-mortar stores. A part of the solution matches clicks with purchases in offline stores, made with debit or credit cards. If there’s a match, Google shares the feedback with the advertisers and show them how their adverts on Google’s network led to purchases in retail locations.

It is important to note that this feature works only if a customer is logged into a Google account and has not switched off the Google Ad Tracking. Also, it works only if the customer makes a purchase within 30 days of the click. Currently, only select retailers can access the data.

“People don’t expect what they buy physically in a store to be linked to what they are buying online,” Christine Bannan, counsel with the advocacy group Electronic Privacy Information Center, told Bloomberg. “There’s just far too much burden that companies place on consumers and not enough responsibility being taken by companies to inform users what they’re doing and what rights they have.”

Although Google has not commented on the partnership with Mastercard, it has commented on the tool used to share the data to help calm fears about privacy.

Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information. We do not have access to any personal information from our partners’ credit and debit cards, nor do we share any personal information with our partners. Google users can opt-out with their Web and App Activity controls, at any time,” a Google spokeswoman explained.

Although Mastercard couldn’t be reached for comment, a spokesperson sent a statement to Slate, which read, in part:

Regarding the [Bloomberg] article you cited, I’d quickly note that the premise of what was reported is false. The way our network operates, we do not know the individual items that a consumer purchases in any shopping card — physical or digital. No individual transactions or personal data is provided. That delivers on the expectation of privacy from both consumers and merchants around the world. In processing a transaction, we see the retailers name and the total amount of the consumer’s purchase, but not specific items.

According to Bloomberg, Google had once claimed that the company has access to “approximately 70 percent” of credit and debit card data in the U.S. However, earlier this year, Google made some tweaks to the settings that allow the user to opt out of ad tracking via its “Web and App Activity” console.

Also Read- Google tracks Android, iPhone users’ location even with location history turned off

read more

Google tracks Android, iPhone users’ location even with location history turned off

Google tracks Android, iPhone users’ location even with location history turned off

Google tracks your movements even when location services are disabled

Many of us turn off location services on our smartphones so that we can avoid being tracked. But what if you get to know that in spite of taking this precaution, Google tracks you everywhere.

According to an Associated Press report released Monday, Google services is storing users’ location data on Android devices and iPhones even if you have privacy settings explicitly set to not do it. These findings were confirmed by computer-science researchers at Princeton on AP’s request.

In fact, Google’s own support page encourages user autonomy to decide what information to share. “You can turn off Location History at any time. With Location History off, the places you go are no longer stored,” reads the company’s privacy page. However, even with Location History turned off, some Google apps automatically store time-stamped location data without permission, the AP found.

For instance, every time you use an app like Google Maps for navigating, the company asks permission to access your location information on its app. However, this isn’t true, as AP found that Google tracks your location even when you have paused “Location History” on your mobile devices.

“For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are,” the AP explains.

“And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude—accurate to the square foot—and save it to your Google account.”

In order to completely turn off location tracking, users must adjust settings in “web and app activity,” and not only “location services.” For those unaware, “web and app activity” is a setting that is enabled by default and stores a variety of information from Google apps and sites to your Google account. Despite turning off “web and app activity” and “location services”, it is still difficult to avoid the phone from recording users’ locations, according to the report.

Google Admits Tracking Users’ Location

Google issued the following statement in response to AP’s investigation:

“There are a number of different ways that Google may use location to improve people’s experience, including Location History, Web, and App Activity, and through device-level Location Services. We provide clear descriptions of these tools, and robust controls so people can turn them on or off, and delete their histories at any time.”

However, Jonathan Mayer, a Princeton computer scientist and former chief technologist for the Federal Communications Commission’s enforcement bureau argued that storing location data in violation of a user’s preferences is wrong.

“If you’re going to allow users to turn off something called ‘Location History,’ then all the places where you maintain location history should be turned off. That seems like a pretty straightforward position to have,” Mayer said.

Here’s How You Can Stop Google From Tracking Your Location

If you wish to stop Google from saving time-stamped location markers, you need to turn off “Web and App Activity.” Once disabled, it will not only stop Google from storing location markers but also stop the company from storing information produced by searches and other activities.

For Android Devices:

Go to the “Security & location” setting, scroll down to “Privacy”, and tap “Location.” Now, you can toggle it off for the entire device. If you wish to disable access to various apps, you can use “App-level permissions” to do so.

For iOS Devices:

If you use Google Maps, Go to Settings select Privacy Location Services and adjust your location setting to ‘While Using’ the app. This will stop the app from accessing your location when it is inactive.

Any device:

Go to on your web browser. Choose “Activity Controls” from the upper left drop-down menu. Now, turn off both “Web & App Activity” and “Location History.” You can also delete your time-stamped location data by clicking on specific geo-stamped entries. Additionally, you can also delete batches of entries sorted by date or web service.

Source: THN

read more

Google announces Android Pie SDK that is more “Kotlin-friendly”

Google announces Android Pie SDK that is more “Kotlin-friendly”

Google’s Android Pie SDK is now more Kotlin-friendly

At Google’s I/O 2017 Developers Conference last year, the search giant had announced Kotlin would be an officially supported language in Android and it will join the list of existing programming languages used for Android app development, such as Java and C++. It is also predicted that Kotlin will be surpassing Java as the primary programming language used for Android apps by December 2018.

Moving further in this direction, Google who recently announced Android’s new operating system, Android 9.0 Pie has also released an SDK that is more Kotlin-friendly.

For those unaware, developed by JetBrains for JVM (Java Virtual Machine), Android, JS browser and native applications, Kotlin can be compiled to Java source code and can be used alongside Java to build apps. Like Java, Kotlin as a language is object-oriented and statically typed and fully interoperable with Java code. It is designed to solve the similar problem that Java does. It also adds a lot of nice-to-have features that Java itself doesn’t currently support, a much cleaner syntax, improved code readability, ideas from functional programming, and other improvements over Java. Also, Kotlin’s interoperability with Java makes it possible to call Kotlin code from Java or Java code from Kotlin.

Google in its new blog post announced that the newly released Android SDK contains nullability annotations for some of the most frequently used APIs, which will preserve the null-safety guarantee when your Kotlin code is calling into any annotated APIs in the SDK.

“Normally, nullability contract violations in Kotlin result in compilation errors. But to ensure the newly annotated APIs are compatible with your existing code, we are using an internal mechanism provided by the Kotlin compiler team to mark the APIs as recently annotated. Recently annotated APIs will result only in warnings instead of errors from the Kotlin compiler. You will need to use Kotlin 1.2.60 or later.

“Our plan is to have newly added nullability annotations produce warnings only, and increase the severity level to errors starting in the following year’s Android SDK. The goal is to provide you with sufficient time to update your code,” Google added.

If want to know how you can use the “Kotlin-friendly” SDK, simply follow the steps below.

1. Go to Tools > SDK Manager in Android Studio.

2. Choose Android SDon the left menu, and ensure that the SDK Platforms tab is open.

3. Check Android 8.+ (P) and click OK. This will install the Android SDK Platform 28 revision 6 if it is not already installed.

4. Then, set your project’s compile SDK version to API 28 to start using the new Android Pie SDK with nullability annotations.

Also, note that if your Kotlin plugin in Android Studio is not up-to-date, you will have to update it. Ensure that your Kotlin plugin version is 1.2.60 or later by going to Tools > Kotlin > Configure Kotlin Plugin Updates.

Once it’s set up, your builds will start showing warnings if you have any code that violates nullability contracts in the Android SDK. You will also start seeing warnings in Android Studio’s code editor if you call an Android API with the incorrect nullability.

For more information on the “Kotlin-friendly” SDK, you can click here.

Source: Android Developers Blog

read more

After EU ruling, Google CEO Pichai hints Android may not remain free

After EU ruling, Google CEO Pichai hints Android may not remain free

Google warns that Android may not be free in the future

We reported yesterday that Google has been imposed a record $5 billion (4.34 billion euros) fine by the European Union Commission on Wednesday for illegally abusing the dominance of its Android operating system.

Reacting to the EU ruling, Google’s CEO Sundar Pichai in a lengthy blog post said that “the decision rejects the business model that supports Android, which has created more choice for everyone, not less.”

The EU wants Google to stop pre-loading its Chrome browser and its search engine to Android. However, Google countered this statement by saying that the search giant doesn’t force anyone to use either of them and allows phone makers and developers to easily disable or delete pre- loaded apps on the phone and choose other apps instead.

According to Pichai, the free distribution of the Android platform, and of Google’s suite of applications, is “not only efficient” for phone makers and operators but is also of “huge benefit” for developers and consumers. He also added that “if phone makers and mobile network operators couldn’t include our apps on their wide range of devices, it would upset the balance of the Android ecosystem.” In other words, Pichai said that the phone makers will no longer be forced to bundle these apps but can still choose to do so.

However, Pichai warned that its Android business model could now change due to the EU ruling. “So far, the Android business model has meant that we haven’t had to charge phone makers for our technology or depend on a tightly controlled distribution model. We’ve always agreed that with size comes responsibility. A healthy, thriving Android ecosystem is in everyone’s interest, and we’ve shown we’re willing to make changes. But we are concerned that today’s decision will upset the careful balance that we have struck with Android, and that it sends a troubling signal in favor of proprietary systems over open platforms,” Pichai said.

Pichai also added that Google would be appealing against the EU decision. The search giant has 90 days to change its practices or face penalty payments of up to five percent of the worldwide average daily revenue of its parent company, Alphabet.

With Google’s CEO hinting that the free distribution of its own apps earns the company revenue required to maintain the development of the expensive platform, we could very soon see Google start charging phone makers for using the Android platform.

Source: The Verge

read more

EU slaps Google with record $5 billion fine in Android Antitrust Case

EU slaps Google with record $5 billion fine in Android Antitrust Case

Google fined $5 billion fine for illegal restrictions on Android use

The European Union Commission on Wednesday imposed on Google a record $5 billion (4.34 billion euros) fine for illegally abusing the dominance of its Android operating system.

Margrethe Vestager, EU Antitrust Chief who is in charge of the competition policy, said that the U.S. tech giant has been unlawfully using Android’s near-monopoly since 2011 to improve usage of its own search engine and browser and to strengthen its dominant position in general Internet search.

“Today the commission has decided to fine Google 4.34 billion euros (USD 5 billion) for breaching EU antitrust rules,” Vestager told a press conference in Brussels. “Google has used Android as a vehicle to cement the dominance of its search engine. These practices have denied rivals the chance to innovate and compete on the merits. They have denied European consumers the benefits of effective competition in the important mobile sphere.”

Vestager said Google “must put an effective end to this conduct within 90 days or face penalty payments” of up to five percent of the worldwide average daily revenue of its parent company, Alphabet.

“Our case is about three types of restrictions that Google has imposed on Android device manufacturers and network operators to ensure that traffic on Android devices goes to the Google search engine,” said Vestager.

Particularly, Google required manufacturers to pre-install the Google Search app and browser app (Chrome), as a condition for licensing Google’s app store (the Play Store).

The search giant ultimately gave “financial incentives” to manufacturers and mobile network operators, if they exclusively pre-installed the Google Search app on their devices, the commission said.

The Commission also found that Google used the so-called anti-fragmentation agreements to stop phone makers from selling modified versions of Android.

Google said it would be appealing against the fine imposed by EU. “Android has created more choice for everyone, not less. A vibrant ecosystem, rapid innovation, and lower prices are classic hallmarks of robust competition. We will appeal the Commission’s decision,” a Google spokesperson said in a statement.

This statement was backed by Google’s CEO Sundar Pichai on Twitter, who said that Android’s existence has led to robust competition in a blog post on the subject.

It would be interesting to see how does the EU’s decision affect Google’s advertising business, as well as mobile phone manufacturers and app developers.

read more

Google brings free MLCC Study Jam Series to India

Google brings free MLCC Study Jam Series to India

Google gets the Machine Learning Crash Course (MLCC) Study Jam series to India

In May 2018, Google and National Institution for Transforming India (NITI) Aayog had jointly signed a Statement of Intent (SoI) with an objective of developing growth in India’s Artificial Intelligence (AI) and Machine Learning (ML) ecosystem through a variety of initiatives across the country.

Now, almost two months later, Google has brought the free Machine Learning Crash Course (MLCC) Study Jam series to India. According to Google, AI has helped farmers detect the onset of crop infections, enables doctors to identify the occurrence of diabetic blindness among millions and many more. Through this course, the company aims to enhance developers’ technical proficiency in ML, enabling them to apply cutting-edge methods to help take on a range of practical challenges.

Chetan Krishnaswamy, Director of Public Policy at Google India, in a blog post said that “In India, the AI ecosystem is nascent but is developing rapidly. With companies of all sizes adopting AI in their solutions, there is a clear and present need for trained and technically-equipped developers to drive these AI-related challenges and projects.”

He further added, “MLCC covers numerous machine learning fundamentals, from basic concepts such as loss function and gradient descent, then building through more advanced theories like classification models and neural networks.”

MLCC is Google’s flagship machine learning course, initially created for Google engineers and was taken up by more than 18,000 Googlers. The tech giant will train Indian developers in the field of ML with the same course as part of the program. Recently, the course was made available to the public with a view towards “making AI and its benefits accessible to everyone”. MLCC offers exercises, interactive visualizations, and instructional videos that anyone can use to learn and practice ML concepts.

Since this is a free course, MLCC is intended for those who wish to learn about ML from a practical, applied perspective that will enable them to understand TensorFlow and incorporate best practices into their everyday projects. Further, this course is also suitable for developers with basic machine learning knowledge, who are eager to gain experience in ML and TensorFlow.

For more details regarding the free course, you can visit the website and apply for a study jam here.

Source: Google

read more

Google allows third-party app developers to read your emails

Google allows third-party app developers to read your emails

Gmail app developers might be reading your personal emails

The Facebook-Cambridge Analytica privacy data scandal had created an unrest when it was discovered that the latter illegally harvested up to 87 million Facebook users’ personal data without their knowledge and consent. Apparently, Facebook allowed thousands of app developers to harvest data through third-party online games and quizzes.

Now, a similar kind of accusation has been made against the search giant, Google for allowing third-party app developers access to user’s private messages in Gmail, according to a Wall Street Journal report.

Google “continues to let hundreds of outside software developers scan the inboxes of millions of Gmail users who signed up for email-based services offering shopping price comparisons, automated travel-itinerary planners or other tools,” the report said late Monday.

With nearly 1.4 billion users around the world, Gmail has more users than the next 25 largest email providers combined.

“Google does little to police those developers, who train their computers– and, in some cases, employees — to read their users’ emails,” the report further stated.

Last year, after receiving a lot of criticism for having computers scan every Gmail email to deliver targeted ads. Back then, Google assured Gmail users that it would stop reading emails and won’t display ads based on the content of the emails.

According to Google, it provides data only to those third-party apps and services that it has vetted and to whom users have explicitly granted access to check their inbox.

Google’s own employees read emails only “in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse,” the report states.

“Email data collectors use software to scan millions of messages a day, looking for clues about consumers that they can sell to marketers, hedge funds and other businesses,” the report added, saying data miners basically have access to other email services besides Gmail.

Several app developers have termed accessing its users’ inboxes a “common practice”, which is done in order to build a new feature and to develop machine algorithms. Many software developers also said they go through inboxes to enhance the user experience.

They defended this action by saying, “The practice is specified in their user agreements and they have implemented strict rules for employees regarding the handling of emails.”

Commenting on the issue through a blog post, written by Suzanne Frey, the director of the company’s Security, Trust, & Privacy division of Google Cloud, the company said, “A vibrant ecosystem of non-Google apps gives you choice and helps you get the most out of your email. However, before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.”

Further, while calming controversy over app developers having access to your Gmail, Frey reiterates in the blog post that, “The practice of automatic processing has caused some to speculate mistakenly that Google ‘reads’ your emails. To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”

If you do not wish third-party apps scan your emails, then it is suggested that you uninstall extensions that you don’t trust and use apps from reputed developers.

Source: WSJ

read more

Google Admits That Microsoft Beat Them To Buy GitHub

google about github microsoft

Google Cloud CEO Diane Green says that Microsoft beat Google to buy GitHub

Earlier this month, we reported that the software giant Microsoft had officially acquired GitHub Inc. for $7.5 billion in an all-stock deal. While the news of Microsoft acquiring GitHub did not go well with the global developer community, it appears that Microsoft was the only party that was interested in purchasing the largest source-code repository in the world.

According to a report from Bloomberg, Chief of Google’s cloud business, Diane Greene while addressing Microsoft’s GitHub deal at Fortune’s annual “Most Powerful Women Evening” event in San Francisco, said, “I wouldn’t have minded buying them, but it’s OK.”

For those unaware, GitHub, is a web-based hosting service for software development projects that allows developers to use the tools of the privately-held company to store code, change, adapt and improve software from its public repositories for free. It has more than 23 million individual users in more than 1.5 million organizations. Apple, Amazon, Facebook, Google, and many other big tech companies use GitHub.

According to sources familiar with the GitHub deal, said that representatives from Alphabet’s Google were also in talks with the company about an acquisition in recent weeks but the deal eventually went to Microsoft. It has also been reported that GitHub’s founder Chris Wanstrath chose Microsoft because of his relationship with CEO Satya Nadella and the latter’s apparently favorable attitude towards the open-source ecosystem.

“Microsoft is a developer-first company, and by joining forces with GitHub we strengthen our commitment to developer freedom, openness and innovation,” said Nadella said when news of the GitHub acquisition was first announced. By acquiring GitHub, Nadella is hoping to restore growth and attract third-party developers to Windows.

“We recognize the community responsibility we take on with this agreement and will do our best work to empower every developer to build, innovate and solve the world’s most pressing challenges,” Nadella added.

While Alphabet’s Google has yet to confirm the bid reports, Greene too did not divulge more information on the bid by Google.

Greene, however, added that two Google products are among the most popular ones on GitHub. “I really hope Microsoft can keep them totally neutral,” she said. She echoed the feelings of the developer community, who have raised concerns over Microsoft’s purchase of the platform, as they fear that the tech giant may use its ownership of GitHub to see what projects are popular, and then launch rivals of its own.

read more

Google’s Files Go App can transfer files upto 490 Mpbs offline

google's file go

Google takes on Apple’s AirDrop by speeding up offline file sharing in Files Go app

Last year, Google had released a new app called Files Go for Android devices that was designed to help with file management and making offline sharing easier for users with lower-end devices in regions with limited connectivity.

For those unaware, Files Go, the default files manager app of Android Go devices, helps users to quickly locate content on their devices in one place, free up space on their devices, show users how much space they have used on their device, find and delete duplicate files, lengthy videos, back up files to the Google Drive, clean cache, uninstall unused applications and more. It also allows users to share files locally without the need for internet connection just like Apple’s AirDrop feature.

Now, in the latest update to the Files Go app, Google brings improvements to the software’s offline sharing feature with a new sharing tab and faster transfers.

The major upgrade to the Files Go app includes the following features:

Easier to find and use: Nearby sharing is now available in its own dedicated tab called “Share.” This tab has a simplified and smoother interface, and it works on any Android phone from the latest Google Pixel back to Android 5.0 (Lollipop).

Faster connections: Thanks to improved connection techniques, the average time it takes to connect two phones is now just five seconds.

Faster transfers: Files Go picks the fastest method of sending files available on your phone, such as 5GHz Wi-Fi Direct, so you get the highest transfer speeds possible. Users have seen speeds up to 490 Mbps—that’s four times faster than before, or 100 original quality photos sent in less than five seconds.

More secure: Files Go helps you verify that you are connecting to the right person and encrypts all your transfers for additional security.

Users can download the updated Files Go app from the Google Play Store here.

read more