All posts in “google-chrome”

Google Chrome will warn you before you fall for a phone subscription scam

About to fall into a mobile subscription scam? Google Chrome will give you a heads up.
About to fall into a mobile subscription scam? Google Chrome will give you a heads up.

Image: Getty Images/Cultura RF

Found yourself subscribed to a shady ringtone service? Even though it’s 2018? Google Chrome will soon stop you from falling into that trap.

In an upcoming version of Chrome, the browser will throw up a warning page when it suspects users could be unwittingly subscribed to a direct billing scam, leaving them with unexpected charges on their next bill.

Chrome will detect if the subscription information on a webpage is insufficient, and like its other warnings, give the user the opportunity to go back, or proceed if they like.

The warning page.

The warning page.

Image: google

Google has unveiled a series of best practices for mobile billing on Chrome, which includes telling the user how much they’ll be charged, what they’ll be charged for, how long for, and ensuring those details are clear and visible.

“We want to make sure Chrome users understand when they are going through a billing flow and trust that they’ll be able to make informed decisions while browsing the web,” reads a blog post by Google.

An example of a mobile subscription scam.

An example of a mobile subscription scam.

Image: google

The warning page will launch in Chrome 71, which is set to release in December. 

It also has a feature which blocks all ads from a website if they’re deemed to be abusive, in that they trick users to open new tabs or download files.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f86960%2f681e028e 478f 4910 9334 d22fa98c668f

Chrome adds new security features to stop mobile subscription scams

Google today announced that Chrome will soon get a new feature that aims to stop mobile subscription scams. Those are the kind of sites that ask you for your phone number and that then, unbeknownst to you, sign you up for a mobile subscription that’s billed through your carrier. Starting with the launch of Chrome 71 in December, Google will pop up a prominent warning when a site doesn’t make it clear that users are signing up for a mobile subscription.

To make sure that developers who are legitimately using this flow to offer users subscription don’t get caught up in this new system, Google also published a set of best practices for mobile billing today. Generally, developers are expected to make their billing information visible and obvious to users, display the actual cost and have a simple and straightforward fee structure.

If that information is not available, Google will through up a prominent full-page warning, but users can always opt to proceed. Before throwing up the warning page, Google will notify webmasters in the Search Console when it detects a potential scam (there’s always a chance for false positives, after all).

This new feature will be available on both mobile and desktop, as well as in Android’s WebView.

Google tweaks Android licensing terms in Europe to allow Google app unbundling — for a fee

Google has announced changes to the licensing model for its Android mobile operating system in Europe,  including introducing a fee for licensing some of its own brand apps, saying it’s doing so to comply with a major European antitrust ruling this summer.

In July the region’s antitrust regulators hit Google with a recordbreaking $5BN fine for violations pertaining to Android, finding the company had abused the dominance of the platform by requiring manufacturers pre-install other Google apps in order to license its popular Play app store. 

Regulators also found Google had made payments to manufacturers and mobile network operators in exchange for exclusively pre-installing Google Search on their devices, and used Play store licensing to prevent manufacturers from selling devices based on Android forks.

Google disputes the Commission’s findings, and last week filed its appeal — a legal process that could take years. But in the meanwhile it’s making changes to how it licenses Android in Europe to avoid the risk of additional penalties heaped on top of the antitrust fine.

Hiroshi Lockheimer, Google’s senior vice president of platforms & ecosystems, revealed the new licensing options in a blog post published today.

Under updated “compatibility agreements”, he writes that mobile device makers will be able to build and sell Android devices intended for the European Economic Area (EEA) both with and without Google mobile apps preloaded — something Google’s same ‘compatibility’ contracts restricted them from doing before, when it was strictly either/or (either you made Android forks, or you made Android devices with Google apps — not both).

“Going forward, Android partners wishing to distribute Google apps may also build non-compatible, or forked, smartphones and tablets for the European Economic Area (EEA),” confirms Lockheimer.

However the company is also changing how it licenses the full Android bundle — which previously required OEMs to load devices with the Google mobile application suite, Google Search and the Chrome browser in order to be able to offer the popular Play Store — by introducing fees for OEMs wanting to pre-load a subset of those same apps under “a new paid licensing agreement for smartphones and tablets shipped into the EEA”.

Though Google stresses there will be no charge for using the Android platform itself. (So a pure fork without any Google services preloaded still wouldn’t require a fee.)

Google also appears to be splitting out Google Search and Chrome from the rest of the Google apps in its mobile suite (which traditionally means stuff like YouTube, the Play Store, Gmail, Google Maps, although Lockheimer’s blog post does not make it clear which exact apps he’s talking about) — letting OEMs selectively unbundle some Google apps, albeit potentially for a fee, depending on the apps in question.

“[D]evice manufacturers will be able to license the Google mobile application suite separately from the Google Search App or the Chrome browser,” is what Lockheimer unilluminatingly writes.

Perhaps Google wants future unbundled Android forks to still be able to have Google Search or Chrome, even if they don’t have the Play store, but it’s really not at all clear which configurations of Google apps will be permitted under the new licensing terms, and which won’t.

“Since the pre-installation of Google Search and Chrome together with our other apps helped us fund the development and free distribution of Android, we will introduce a new paid licensing agreement for smartphones and tablets shipped into the EEA. Android will remain free and open source,” Lockheimer adds, without specifying what the fees will be either. 

“We’ll also offer new commercial agreements to partners for the non-exclusive pre-installation and placement of Google Search and Chrome. As before, competing apps may be pre-installed alongside ours,” he continues to complete his trio of poorly explained licensing changes.

We’ve asked Google to clarify the various permitted and not permitted app configurations, as well as which apps will require a fee (and which won’t), and how much the fees will be, and will update this post with any response.

The devil in all those details should become clear soon though, as Google says the new licensing options will come into effect on October 29 for all new (Android based) smartphones and tablets launched in the EEA.

Chrome 70 will let you opt-out of Google’s controversial automatic sign-in feature

Google Chrome 70 will let you opt-out of its controversial automatic sign-in feature.
Google Chrome 70 will let you opt-out of its controversial automatic sign-in feature.

Image: Jaap Arriens / NurPhoto via Getty Images

We can all breathe easy now. Google says it will let users of its Chrome web browser opt-out of the controversial automatic login feature that debuted earlier this month.

Chrome had historically let users decide whether they wanted to log into the browser while using it across devices, saving them precious seconds while jumping between various Google services. But in the  Chrome 69 update that rolled out earlier this month, the browser automatically signed in people who used sites like Gmail, YouTube, and Google Search.

Now, Google promises to do the right thing and give people a chance to opt-out of the automatic sign-in feature. The company says the feature was originally introduced to prevent data from leaking between accounts on shared computers (i.e. Google doesn’t want to mix up the cookies on a shared machine used by multiple accounts.)

“We want to be clear that this change to sign-in does not mean Chrome sync gets turned on,” Google Chrome product manager Zach Koch assured Chrome users in an announcement post. “Users who want data like their browsing history, passwords, and bookmarks available on other devices must take additional action, such as turning on sync.”

However, not everyone was convinced. Cryptographer and professor at Johns Hopkins University, Matthew Green, was a vocal critic of the change. He argued in a scathing blog post that there was no justifiable reason for the change — at least from a security perspective.

“Google’s reputation is hard-earned, and it can be easily lost,” wrote Green. “Changes like this burn a lot of trust with users. If the change is solving an absolutely critical problem for users, then maybe a loss of trust is worth it. I wish Google could convince me that was the case.”

Luckily for Green (and thousands of other concerned users), Google will make it easy to opt-out of the automatic login feature upon the next stable release of the Chrome browser. Until then, if you’re truly worried about being tracked, maybe try going back to Firefox

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f86306%2f33b94f50 1aac 4af5 a734 51471bb8262a

Why experts are freaking out over the new way Google Chrome sign-in works

Google latest Chrome update forces  users to login to their Google account.
Google latest Chrome update forces  users to login to their Google account.

Image: Thomas Trutschel/Photothek via Getty Images

The internet has erupted over Google’s latest Chrome release — and not in a good way.

With an updated user interface, enhanced password manager, and a slew of other updates, you would assume the latest version of Google’s popular web browser, Chrome 69, would be eliciting some pretty good responses.

But security experts just shined a light on a controversial feature that came with the latest Google Chrome that previously wasn’t announced by the search giant.

A Google Chrome user recently pointed out on Hacker News that Google now forces you to login to your Google account on Chrome if you login to any other Google service using the browser. Logging out of a Google service will also force log you out of Google Chrome.

While there are a number of concerns being leveled at Google here, the issue is essentially two-part. The major issue is the obvious one. Users don’t understand why logging into Gmail, Google Docs, or any other Google service would need to force Google Chrome to also connect to their Google accounts, presumably giving Google access to its browser history, saved passwords, and other personal information. The other issue of focus is Google’s decision to be so quiet about such a major change.

Google’s Adrienne Porter Felt, an engineer and manager for the Chrome browser, took to Twitter to explain a little bit more about the forced login changes. 

Felt, tackling the first main concern, points out that Chrome’s Sync feature, which shares browser information such as history with Google so it can be shared across your devices, is turned off by default. 

Felt also explains that the reason Google decided to make this change was to put an end to any confusion users may have had when trying to sign out of public or shared devices. Basically, Google tied Chrome and Google accounts together so you wouldn’t sign into a service on Chrome and accidentally sync information with someone else’s account.

But a number of security professionals simply weren’t buying it.

Matthew Green, a cryptographer and professor at Johns Hopkins University, wrote a lengthy blog post explaining why this move from Google was enough cause for him to stop using Google Chrome entirely. In his post “Why I’m done with Chrome,” Green points out that a user would have had to be signed into Google Chrome to begin with for this to be a problem needing a fix to begin with. So, why force users to sign in? 

Additionally, Green makes the case that if this was such a positive fix to a major issue, Google would have presented it publicly along with all the other new features and changes. He also points to an issue Mashable has discussed before: dark patterns. With settings options presented by a design and in a language Google sees fit, do Google Chrome users even know what they’re really opting in for if they choose to opt-in to Sync?

Going a step further, security expert Bálint made the case that Google Chrome is essentially a Google service now as opposed to a separate application that can live on its own without being tied to a Google account. The argument here is if you wouldn’t trust Google with your documents, files, or photos due to privacy concerns, then you now can no longer trust Google Chrome with your information either.

The issue here is that there’s no simple fix. Google Chrome is the most popular web browser. According to StatsCounter, Chrome holds nearly 60 percent of the marketshare, so opinions are bound to be all over the place. You can agree with the security experts who find the changes to be a massive privacy issue. You can agree with those who find Google’s new forced login changes to be helpful. There’s certainly truth to both. But there’s no doubt Google self-sabotaged whatever its intentions were by keeping mum about it.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f86306%2f33b94f50 1aac 4af5 a734 51471bb8262a