Android Police

Articles Tagged:



[Update: More details] Chrome will display all HTTP sites as 'not secure' starting July 24

HTTPS adoption has surged over the past few years, mostly thanks to the availability of free SSL/TLS certificates from Let's Encrypt. Browser vendors have also been encouraging sites to switch to HTTPS, and Google said earlier this year that Chrome would eventually mark all HTTP-only sites as 'Not Secure.'

Chrome 68 is due to be released tomorrow (at least on desktop platforms), and it's the first release that will display a 'Not secure' message in the address bar on HTTP pages. Chrome already displays the message on HTTP sites with data entry fields, but starting tomorrow, all non-secure pages will be shamed.

Read More

Chrome outlines further changes to security indicators for HTTP/HTTPS sites

Earlier this year, the team behind Chrome stated that all HTTP pages will be marked as 'Not secure' later on this year, in a bid to encourage even more site owners to move to the more secure HTTPS standard. We now know a little bit more about planned changes to Chrome's security indicators, including how HTTPS pages will be shown as default pages going forward.

Read More

[Update: Public registration now live] Google opens early registration for .app domains

Three years ago, Google paid $25 million for exclusive rights to the '.app' top-level web domain. At long last, the company is now opening up registrations for .app, with the Early Access Program in full swing. The general public will have to wait until May 8, but various companies have already bought over 3,000 .app domains.

Read More

Android Police has switched to HTTPS

The whole web is slowly marching towards HTTPS, especially since browsers like Chrome are starting to shame HTTP-only sites. After years of readers asking why we haven't already done so, I'm proud to announce that Android Police now supports HTTPS! If you're wondering what exactly that is, or why it matters, read on.

Read More

Chrome will show all HTTP sites as 'not secure' later this year

For years, HTTPS was regarded as only necessary for sites handling critical information, like bank portals. The movement for all sites to use HTTPS has gained traction over the past few years, partially thanks to the availability of free SSL/TLS certificates from Let's Encrypt, and partially thanks to browsers encouraging sites to switch. Starting with version 68, Chrome will start marking all HTTP sites as 'Not Secure.'

Read More

Chrome 62 will mark all HTTP pages with data entry fields as "Not Secure"

Google has been planning to mark all HTTP sites as non-secure in Chrome for a while now, but the company is taking baby steps to ensure users (and owners of HTTP-only sites) don't freak out. Chrome already identifies HTTP sites with password or credit card fields as "Not Secure" in the address bar, and Chrome 62 will expand that to any HTTP site with any data entry fields.

Read More

PSA: Google Drive Can Now Open PDF Files Directly Without Downloading Them First

Ever noticed how your Android Downloads folder easily gets cluttered with useless files and documents that you viewed once and never needed again? This is especially true of PDF files since Chrome can't open them natively and thus hands them over to other applications, the default being Google Drive's PDF viewer. Well, I noticed a strange thing recently: sometimes PDF files would just load in Drive directly and it seemed that my phone's Downloads folder clutter wasn't getting out of hand as fast as it used to. Some investigation was in order.

Turns out that a new feature crept up in Google Drive's 2.3.544.17 release on January 28.

Read More

Instagram Android App Susceptible To Session Hijacking Due To Unencrypted HTTP Transfers

Alert! Alert! If you use Instagram's Android app, complete strangers could be looking at your photos of appetizers and makeup techniques right now! ...which is kind of the point of Instagram, I suppose. But security researcher Mazin Ahmed discovered that the app uses standard HTTP to transmit photos, cookies, and authentication (including usernames and unique IDs), instead of the encrypted HTTPS protocol. As Mr. Mackie is so fond of saying, that's bad.


Using a set of freely-available tools, Ahmed was able to hijack the app's connection from a PC on the same network and authenticate as the relevant user. It's a fairly standard technique for hackers, which is why most sites and services with any kind of log-in functionality usually use HTTPS by default, including Instagram's owner, Facebook.

Read More