U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Project Strobe, what will change after the Google security breach?

Google announced a security breach that may have exposed data of over 500,000 users of its Google+ social network, these are the measures in response to the incident. Yesterday Google announced a security breach that may have exposed data of over 500,000 users of its Google+ social network. Security experts and privacy advocated criticized the […]

Google project-strobe privacy

Google announced a security breach that may have exposed data of over 500,000 users of its Google+ social network, these are the measures in response to the incident.

Yesterday Google announced a security breach that may have exposed data of over 500,000 users of its Google+ social network.

Security experts and privacy advocated criticized the company because it did not disclose the flaw in the Google+ when it first discovered the issue in March because it feared regulatory scrutiny and reputational damage.

.Now the company in order to prevent potential leakage of sensitive data to third-party app developers implemented significant changes to give users a granular control over the data they allow to share with each app.

Google has updated its Account Permissions system in order to allow users to grant individual permission rather than grant a full set of permissions at once.

Google project-strobe privacy

The company introduced several changes as a result of the work of its internal group Project Strobe, an internal task force charged of conducting a companywide audit of the company’s APIs in recent months.

The team reviewed the third-party developers access to Google account and Android device data, the IT giant has changed the way permissions are approved for Android apps to prevent the abuse and potential leakage of sensitive call and text log data by third-party developers.

While the apps are only supposed to request permission those are required for functioning properly, any Android app can ask permission to access your phone and SMS data unnecessarily.

The new rule is part of the Google Play Developer Policy and aims to prevent the abuse of  Call Log and SMS permission usage to your “default” phone or SMS apps only.

“Some Android apps ask for permission to access a user’s phone (including call logs) and SMS data. Going forward, Google Play will limit which apps are allowed to ask for these permissions.” reads a blog post published by Google on the Project Strobe.

“Only an app that you’ve selected as your default app for making calls or text messages will be able to make these requests. (There are some exceptions—e.g., voicemail and backup apps.),” 

Google has also limited access to Gmail API only for apps expressly developed to improve/implement email features, including email clients and email backup services.

The measure aims at limiting APIs access to data from your Gmail email account.

What will happen from today?

The developers will have to update their application in compliance with the new policy within January 6th, 90 days from now.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Google, Project Strobe)

[adrotate banner=”5″]

[adrotate banner=”13″]