Android Police

Articles Tagged:

HTTPS

...

Chrome outlines further changes to security indicators for HTTP/HTTPS sites

Earlier this year, the team behind Chrome stated that all HTTP pages will be marked as 'Not secure' later on this year, in a bid to encourage even more site owners to move to the more secure HTTPS standard. We now know a little bit more about planned changes to Chrome's security indicators, including how HTTPS pages will be shown as default pages going forward.

Read More
...

[Update: Public registration now live] Google opens early registration for .app domains

Three years ago, Google paid $25 million for exclusive rights to the '.app' top-level web domain. At long last, the company is now opening up registrations for .app, with the Early Access Program in full swing. The general public will have to wait until May 8, but various companies have already bought over 3,000 .app domains.

Read More
...

Android Police has switched to HTTPS

The whole web is slowly marching towards HTTPS, especially since browsers like Chrome are starting to shame HTTP-only sites. After years of readers asking why we haven't already done so, I'm proud to announce that Android Police now supports HTTPS! If you're wondering what exactly that is, or why it matters, read on.

Read More
...

Chrome will show all HTTP sites as 'not secure' later this year

For years, HTTPS was regarded as only necessary for sites handling critical information, like bank portals. The movement for all sites to use HTTPS has gained traction over the past few years, partially thanks to the availability of free SSL/TLS certificates from Let's Encrypt, and partially thanks to browsers encouraging sites to switch. Starting with version 68, Chrome will start marking all HTTP sites as 'Not Secure.'

Read More
...

Chrome 62 will mark all HTTP pages with data entry fields as "Not Secure"

Google has been planning to mark all HTTP sites as non-secure in Chrome for a while now, but the company is taking baby steps to ensure users (and owners of HTTP-only sites) don't freak out. Chrome already identifies HTTP sites with password or credit card fields as "Not Secure" in the address bar, and Chrome 62 will expand that to any HTTP site with any data entry fields.

Read More
...

PSA: Google Drive Can Now Open PDF Files Directly Without Downloading Them First

Ever noticed how your Android Downloads folder easily gets cluttered with useless files and documents that you viewed once and never needed again? This is especially true of PDF files since Chrome can't open them natively and thus hands them over to other applications, the default being Google Drive's PDF viewer. Well, I noticed a strange thing recently: sometimes PDF files would just load in Drive directly and it seemed that my phone's Downloads folder clutter wasn't getting out of hand as fast as it used to. Some investigation was in order.

Turns out that a new feature crept up in Google Drive's 2.3.544.17 release on January 28.

Read More
...

Instagram Android App Susceptible To Session Hijacking Due To Unencrypted HTTP Transfers

Alert! Alert! If you use Instagram's Android app, complete strangers could be looking at your photos of appetizers and makeup techniques right now! ...which is kind of the point of Instagram, I suppose. But security researcher Mazin Ahmed discovered that the app uses standard HTTP to transmit photos, cookies, and authentication (including usernames and unique IDs), instead of the encrypted HTTPS protocol. As Mr. Mackie is so fond of saying, that's bad.

3

Using a set of freely-available tools, Ahmed was able to hijack the app's connection from a PC on the same network and authenticate as the relevant user. It's a fairly standard technique for hackers, which is why most sites and services with any kind of log-in functionality usually use HTTPS by default, including Instagram's owner, Facebook.

Read More