Technology - Google News

Google doesn't dispute claims that third-party developers may read your Gmail messages
The Galaxy Note S Pen has plateaued and that's perfect
Phone apps aren't secretly listening to your calls: But what they do is still 'alarming'

Google doesn't dispute claims that third-party developers may read your Gmail messages

Posted: 04 Jul 2018 05:09 AM PDT

Another week, another data privacy brouhaha. A Wall Street Journal report on Monday reveals that third-party developers have been reading Gmail users’ emails. According to the WSJ, a number of companies admitted their engineers have read thousands of email messages for reasons such as training machine learning systems.

The controversy stems from apps — such as third-party email clients and customer relationship management (CRM) software — that require access to Gmail accounts. Such integrations offer users a wide range of additional functionality, but with the Facebook and Cambridge Analytica data scandal pushing data-sharing into the public consciousness, it was only a matter of time before Google came under closer scrutiny.

Suzanne Frey, director of security, trust, and privacy at Google Cloud, has now indirectly addressed some of the findings in the WSJ report, and her response is interesting in terms of both what it says and what it doesn’t.

Titled “Ensuring your security and privacy within Gmail,” the blog post makes no reference to specific data privacy allegations, so anyone who had missed the WSJ report would probably be left wondering why the issue was even being discussed.

Say wha’?

What Frey does say is that Google developers who request access to your Gmail messages must undergo a heavy vetting process. She explains that approval entails two core requirements: Apps must accurately represent themselves and be clear about how they are using the data, and they must only request relevant data.

“We review non-Google applications to make sure they continue to meet our policies, and suspend them when we are aware they do not,” Frey noted.

Frey doesn’t claim, however, that third-party developers are explicitly forbidden to read your emails. And once API access is granted, it would be difficult for Google to police such a policy anyway. A quick peek at Google’s developer policy guidelines doesn’t turn up any statement regarding developers’ right to read users’ emails, though presumably such activity should be expressly divulged in the developer’s own privacy policy (which every Gmail user will obviously read … right?).

It’s true that Google requires user consent for third-party access via permission screens, but, alas, many people likely just click “Allow” without fully appreciating what they’re giving permission to. Of course, if you’ve learned anything from recent data privacy shenanigans, you should now know to read everything before consenting. And this is something Google is quick to point out, too.

“Before a non-Google app is able to access your data, we show a permissions screen that clearly shows the types of data the app can access and how it can use that data,” Frey added. “We strongly encourage you to review the permissions screen before granting access to any non-Google application.”

Above: Gmail permissions

But such permissions don’t really make it clear that human eyes, as opposed to an automated algorithm, may in fact be reading your emails. There is no specific permission request that states: “An engineer at our company may read your emails from time to time,” an omission that raises questions around whether user consent is fully informed.

This is also reminiscent of the Cambridge Analytica debacle, whereby Facebook enabled access to its users’ data for one reason, and the data was then harnessed for more nefarious purposes. It’s just impossible to know for sure how Gmail users’ data is actually being used.

There is nothing to suggest that any wrongdoing or data misuse has occurred as a result of Google giving outside developers access to users’ emails. But the very fact that users’ private messages can be read by a bunch of strangers, a practice we now know does happen, becomes all the more notable in light of data privacy scandals elsewhere.

While Google seemingly doesn’t dispute the claim that third-party developers read your emails, the company is absolutely adamant that no one at Google itself does, and Frey reminded us that as of last year the company doesn’t even serve you ads based on the content of your emails. “To be absolutely clear: No one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse,” Frey continued.

Although Google didn’t refer specifically to the WSJ report in its thinly veiled response yesterday, it’s clear what the company is saying: You can trust us because we heavily vet third-party developers — who may well read your emails — and you gave us all permission for this to happen anyway.

Let's block ads! (Why?)

The Galaxy Note S Pen has plateaued and that's perfect

Posted: 04 Jul 2018 07:15 AM PDT

At first, the Galaxy Note 9 sounded like it was going to be yet another unexciting 2018 flagship like the Galaxy S9 earlier this year. Then came the rumors of a new S Pen feature that did stir up interest in next month’s phablet. It is definitely quite an improvement, considering there hasn’t been any significant change in the S Pen for years (the spring-loaded ejector doesn’t count). Suffice it to say, the S Pen may have reached its peak maturity, which makes it the perfect time to transform it into a more refined and more serious tool.

What’s coming

According to the latest rumors, the S Pen in the Galaxy Note 9 will have a multi-talented button. Instead of simply calling up Air Command or allowing other Samsung-specific functionality, the button will also serve as a Bluetooth remote control button for things like taking a photo, pausing or resuming music, and maybe even taking calls.

In theory, that Bluetooth functionality can be used for a lot of things. Perhaps it could be used to ring the phone when it’s misplaced. Depending on how much freedom Samsung will give app developers or how Samsung’s own limited commands will conflict with it, it can be used for third-party functions as well. It definitely turns the S Pen into more than just the input device that it really is, which hopefully won’t distract Samsung from what actually needs to be done.

What’s already there

Bluetooth or no Bluetooth, the S Pen is really a pointing device just like any other stylus. Of course, it differs from those styluses in three significant ways:

• It is always there
• It has an ultra-thin tip
• It has pressure sensitivity (thanks to the Wacom digitizer inside the Galaxy Note)

While that has opened up the Galaxy Note and related tablets to more creative and productive uses, most of the new features that the S Pen has received, both hardware and software, have been limited to that. Pressure sensitivity, for example, is now almost on par with professional digital pens at 4,096 levels of pressure. The pen itself is so thin that it’s almost not ergonomic. To some extent, it has pretty much reached the limits of what a “stylus-in-a-phone” can be, which is the perfect time for Samsung to sit down and address the nitpicks that users have had over the years.

What’s still missing

French author Antoine de Saint-Exupery was quoted to have said that “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.” That definitely sounds appropriate for the S Pen. There is very little you can add in terms of pressure sensitivity, buttons, electronics, or size reduction without things actually becoming worse rather than better. That’s not to say, however, that nothing can be done to improve it. In fact, there’s still quite a lot, and they don’t always require adding new features, especially hardware ones.

Here’s a tip

That the S Pen has an extremely thin and precise tip is definitely a huge benefit. Not even LG’s tip in its Stylo/Stylus models can compare. That, however, also comes with a disadvantage, especially when compared to other styluses from Wacom or, of course, the Apple Pencil. While the S Pen has had tilt and rotation support for a year or two now, it isn’t actually that easy to use because of the diminutive size of that tip. The moment you do tilt the pen to shade, for example, you immediately hit the side of the pen. In other words, it’s near impossible to make use of it anyway. A more conical tip could perhaps solve that.

Anorexic stick

This has actually been a problem with the S Pen from the very beginning but nowhere is it more evident than in the Galaxy Note 8. It is, of course, a design puzzle that requires Samsung to shrink the S Pen down to have more room for more important components inside the Galaxy Note phablet. The drawback, however, is that it also sacrifices on ergonomics. It can literally be painful to use the super thin S Pen for long stretches of time. Like when trying to create artwork. It’s almost as if the pen has an innate RSI break feature. Curiously, some hardcore S Pen users recommend buying the S Pen for the Galaxy Tab S3 or Galaxy Book (they’re compatible) if you want a more ergonomic experience.

Pushing your button

Although powered by Wacom, the S Pen is not like any other Wacom stylus or digital pen in that it has only one button. Another difference is that you can’t really use that button for things other than what Samsung has dictated, which can range from launching Air Command to selecting a section of the screen to copy to doing nothing. The rumored Bluetooth capability definitely adds more functions to that button but it might not address one of the biggest gripes creatives have over it: they can’t use it for anything else inside apps. Stylus buttons are often used to bring up menus in art and note-taking apps and you have none of that with the S Pen.

Notable software

And speaking of apps, the biggest criticism about Samsung’s S Pen ecosystem isn’t actually the S Pen itself. It’s about its apps with the biggest culprit being Samsung’s own S Notes, now Samsung Notes. While the S Pen itself leaped forward in features and capabilities, the S Note seemingly regressed and was reduced to feeling more like an app to demonstrate those stylus features. While you have oodles of inking features, even including some handwriting recognition, you have lost templates, embedded media, cross-platform support, and backward compatibility with the older S Note. It is utterly ironic and tragic that for a device named the Galaxy Note, its Notes app is its most unimpressive feature.

[embedded content]

Wrap-up

In terms of hardware capability, the S Pen is definitely at its finest. OK, maybe the Bluetooth remote control is a nice touch but it’s pretty much at its hardware and feature limit. Samsung should, perhaps, admit that as much and, instead of spending resources thinking of fancy new features to add, they should spend the time refining and perfecting what’s already there. Unless, of course, they’re going to start from scratch with a foldable Galaxy X.

Let's block ads! (Why?)

Phone apps aren't secretly listening to your calls: But what they do is still 'alarming'

Posted: 04 Jul 2018 05:15 AM PDT

Video: Apple's Tim Cook says better regulation needed after Cambridge Analytica scandal.

More security news

For years people have suspected apps on their phone are listening to what they say after suddenly seeing ads for things they only spoke of but never searched for.

But, as Gizmodo reports, researchers from Northeastern University who analyzed over 17,000 popular Android apps found that none of them activates the microphone and sends out audio without a user prompt.

Of course, that doesn't mean apps aren't secretly listening to you through your phone's mic but if they are, they found no evidence of it.

The researchers nonetheless say they have found "alarming" privacy risks in the Android ecosystem after discovering that some apps share image and video data with third parties without the user knowing or consenting to it.

Over 9,000 of the 17,260 apps in the study have camera and microphone permissions. The researchers used 10 Android phones to look at traffic generated by them when their software interacts with the apps.

They found that some apps are transmitting screen recordings and video recordings of what people are doing in the software.

One of the apps that displays this behavior is goPuff, a food delivery app, which records how the user interacts with the app and sends the data to mobile analytics firm Appsee.

The main problem the researchers see is that it isn't clear to the user that this data is being captured and shared.

The goPuff app uses Appsee's analytics library, which is promoted as a tool for helping developers fix bugs and promises to let developers "[w]atch every user action and understand exactly how they use your app, which problems they're experiencing, and how to fix them".

The service is similar to session-replay scripts that help website owners understand how users interact with the site, but are a potential privacy risk because they can replay keystrokes, mouse movements, and scrolling, as well as the contents of the page.

That process is risky when users are interacting with a page that they've used to enter personal or financial details.

In this case, the researchers only found that a user's ZIP code is exposed to Appsee, but they note that "Appsee requires no special permission to record the screen, nor does it notify the user that she is being recorded."

Appsee explained to Gizmodo that developers can blacklist sensitive parts of the app to prevent Appsee from recording it.

However, as the researchers point out, few developers using Appsee use that method for avoiding sensitive data.

The researchers reported the issue to Google, which reviewed the findings and determined that "part of Appsee's services may put some developers at risk of violating Play policy".

"We're working closely with them to help ensure developers appropriately communicate the SDK's functionality with their apps' end-users."

Previous and related coverage

Android P will stop apps from silently using your phone's camera and mic

Android P gets a privacy boost by preventing backgrounded apps from recording or taking pictures.

Google cracks down on apps that snoop on you, even if they're not in Play Store

Unless apps come clean about the personal data they collect, Google will slap them with Safe Browsing warnings.

New LTE attacks can snoop on messages, track locations and spoof emergency alerts

One of the ten attacks can create "artificial chaos" by sending fake emergency alerts to a large number of devices.

Android security: This newly discovered snooping tool has remarkable spying abilities

The mobile malware can steal WhatsApp messages, eavesdrop on targets based on GPS coordinates, and more.

Google AI will alert you when someone is sneaking glances at your smartphone TechRepublic

Google researchers are developing an 'Electronic Screen Protector' that will notify smartphone users when someone is looking over their shoulder.

Mozilla's Firefox tries closing more privacy holes with new network tech CNET

Mashing up two network technologies -- DNS and HTTPS -- thwarts snooping and tampering.

Let's block ads! (Why?)

This posting includes an audio/video/photo media file: Download Now