When I was in the process of opening my small pharmacy more than 3 years ago, I contacted a security firm and installed several thousands of dollars worth of surveillance and alarm equipment. It works reliably, but it's a huge pain to change any setting in the system (there's no user interface, just a bunch of wires and keys) or get any footage out of it. It feels antiquated compared to today's more modern Internet-connected smart solutions with simplified experiences, but that was the most appropriate choice at the time.
At the Google I/O 2014 keynote, Sundar Pichai took to the stage to let us know that the L release of Android is set to make massive improvements in security for the enterprise as well as regular users. The Washington Post has received word from Google that gives us another glimpse of what we should expect in the next version. It seems that devices shipping with Android L will have disk encryption enabled by default.
Alarm.com is one of those ubiquitous home security companies that sells home safety packages, and like a lot of their competitors, they had an Android app simply as a check mark for comparison shoppers. Before today, the previous version of the security system's mobile component looked like it hadn't been touched since 2010. Yesterday's update fixed that primary problem with an extensive user interface refresh, granting easy access to all the security and automation features installed in a home.
When a vastly updated 1Password app hit the Play Store earlier this summer, developer AgileBits still wasn't sure on how it was going to price its revamped product. At the time, the app was free to use for anyone who wanted to put it through its paces, but the company planned to eventually tuck most of the features into a premium version. Now the team has followed through and settled on a freemium pricing model, which it is introducing with the app's 4.1 update.
Alert! Alert! If you use Instagram's Android app, complete strangers could be looking at your photos of appetizers and makeup techniques right now! ...which is kind of the point of Instagram, I suppose. But security researcher Mazin Ahmed discovered that the app uses standard HTTP to transmit photos, cookies, and authentication (including usernames and unique IDs), instead of the encrypted HTTPS protocol. As Mr. Mackie is so fond of saying, that's bad.
Just like any open marketplace, there's a lot of crap in the Play Store. In a strange and roundabout way, I'm actually OK with that - separating the silver from the dross of Android apps is one of our core functions at Android Police. But a recent promotion from antivirus vendor Trend Micro painted an extremely dim picture of the Play Store. The company claimed, among other things, that the Play Store was full of "potentially evil doppelgangers...
Account security is a tough issue for a lot of people. It's a constant balancing act between having a stronger system to keep out would-be invaders while also making it convenient enough that users won't reject it. After Google began offering its own 2-step verification system, several other services adopted the same mechanism and opt-in model for people that wanted more than a single password protecting their personal data. This generally left users with Google's Authenticator app, which got the job done, but it lacked features and languished on an early Holo dark design.
When certain things finally happen, they make us want to search for that hidden ladder that takes people up to the rooftop and scream "Hallelujah," religious or no. This is one of those things. Google apparently no longer requires people with two-factor authentication enabled to sign in twice when setting up a new Android device or adding another account. Better yet, this change doesn't require Android L or anything fancy. Here's a video of the magic taking place on an HTC One M8.
Users of newer versions of Windows or just about any Microsoft web service might be familiar with the company's rudimentary two-factor authentication system. If it's been a while since you've logged in or you're setting up a new Windows device, it might ask you for a verification code, accessible from a backup email account. Of course that can be a pain if you don't remember the password for that account, or simply don't want to dig it out.
Let's face it, as the world becomes more dependent on computers and the Internet for the functions of day-to-day life, security will become ever more important. Clearly encouraged by employee Neel Mehta's discovery of Heartbleed, Google has decided to do more in the area of Internet security. To help combat this ever increasing problem, they're offering up Project Zero. Essentially, Google will begin hiring "the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet." Their work will not be limited to just Google products, but will instead be focused on "any software depended upon by large numbers of people." The idea is that researchers will find the threats, then inform only the software developer.