Google Ups Their Security Ante

Share if the site was helpful

Google Ups Their Security Ante

If you’ve ever been interested in learning more about cyber-security (and are also interested in Android’s) then there’s never been a more enticing offer on the table.  This week Google has officially announced a new top reward for being able to pinpoint a security flaw in the operating system.  Are you hooked yet?  Well, here’s the new figure: $1.5 million dollars!

A Quick History:

Way back in 2015 Google announced the launch of a security rewards program for Android (The one we’ve come to know and love today as it’s improved the operating system). The program covered security vulnerabilities affecting Nexus phones and tablets, and asked individuals to try to find defensive holes.  In exchange for finding one of these you could earn up to $38,000.

This is no small chunk of change, but it’s also obviously a long way away from $1.5 million.  What happened?  Well Android grew in popularity and more security researchers came on board unearthing security flaws.  In fact, from it’s first bug bounty program in 2010 Google was paying over $1 million a year to hundreds of researches who found issues.  So it’s not a complicated story.  Google offers rewards for security help.  People find flaws.  Google makes a more secure environment and ups the ante.  Rinse and repeat.

The $1.5 Million Dollar Man:

Which brings us to the 2019 cap in the program.  Google won’t pay that large a sum to just any bug though.  Their looking for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.”  In simpler terms they want to find a bug that lets a hacker execute code on a device even after it’s been reset and without physical access. 

The Titan M security chip was first introduced in the Pixel 3.  Its job is to oversee security (passcodes, verify firmware signatures, and identify malicious apps).  It’s done a fairly good job and has been carried over into the new Pixel 4. And since it does such a good job security flaws are harder and harder to find.  But that doesn’t mean they aren’t there.  The only way security can get better is by someone figuring out how to hack it.  If you find a hole in your defenses, you know exactly what needs to be patched up.

So the $1.5 million dollar bug is the big one, but it’s not the only reward.  There are plenty of other security flaws that have led to hundred thousand-dollar payouts to dozens of individuals.  If you are interested in learning about Android security, it’s safe to say these prizes are only going to go up, so there’s no time like the present to start!

Pixel 4 Leaks Become Floodgates

Share if the site was helpful

Pixel 4 Leaks Become Floodgates

Over the past few years leaks of new phones have become a commonplace trend.  It almost has to happen nowadays in order for anticipation to build up.  But the Pixel 4 is shattering this trend.  Almost every other day it seems a new leak is springing up.  Let’s look at some of the recent unveilings:

Videos Galore:

This week we saw an influx of videos revealing details about the new device.  One of these was from the YouTube channel AnhEm TV showing almost 7 minutes of details about what the Pixel 4 looks like.  I’d recommend watching it for yourself, but it covers things pretty well showing that the phone has a square shaped camera module similar to what we saw on the iPhone 11 just 2 days ago.

Another video from the channel Rabbit TV shows off the three colors we’re expected to see soon.  These include black, white, and to mix things up a bright orange.  In addition, it seems that the phone does not wear the traditional Pixel fingerprint scanner.  As to what this means for face id or on screen fingerprinting we can’t say, but I would personally LOVE to see some print scanning available anywhere on the touch screen.

Cameras Sell Phones:

I think it’s safe to say most of us are not professional photographers, yet cameras have become one of the biggest selling points for new phones.  On Tuesday Apple spent a good portion of their iPhone 11 presentation fixated on the camera (in fact it was almost all they talked about), and every time a new Pixel comes out the camera is marketed heavily as a use feature of the phone.  The Pixel line always has top rated cameras so don’t get me wrong I’m excited to see what’s in store, but it seems some people forget there are other things to a phone!

But that rant aside, on Monday this week we got a video of a video showing off some new camera fun.  A recording of a Google ad marketing their phone being made “The Google way” demonstrated that the phone would be useful in low light environments again.  But on top of tis you “Even get the stars”.  The new camera will have an astrophotography mode designed to help take pictures of the night sky.  So whether you’ll actually be utilizing it or not, the camera is sure to be very impressive.

Coming Soon to a Store Near You:

Google isn’t expected to do an official announcement of the Pixel 4 until October, but it feels like we’re pretty much there right now.  As more details of the new device come out we’ll keep things updated here, so be sure to stay tuned!

What are your thoughts on the Pixel 4 and it’s leaks?  Let us know in the comments below.

The Inside Scoop on Internal App Sharing

Share if the site was helpful

The Inside Scoop on Internal App Sharing

 

            Testing your apps is a crucial component in a successful release.  Every time you issue updates to your app you run the risk of introducing bugs that can ruin a user’s experience.  We do what we can with unit and UI tests to check and limit these bugs, but some still manage to slip by (no one’s perfect!). So how can we deal with these bugs before they actually get into the hands of a user?

 

Internal App Sharing:

 

            Whether you’re a solo developer or working for a larger company, Internal App Sharing can help with this.  It essentially allows you to upload a second version of your app onto the Google Play Store.  It’s a private upload though that’s only available to people you share the URL with.  What this does is allow you to keep your production app intact while simultaneously letting a select group of people test the new version.

It’s somewhat similar to the beta feature that has been available for quite some time.  But the key difference here is that the app is private. It’s only available to those friends/family/coworkers that you choose to share it with.  It offers a great way for you to limit your testing to people you know. Very aptly names Internal App Sharing!

 

Some Caveats:

 

            Internal App Sharing was first released to us at Google I/O this year so it’s still very new.  After playing around with it and reading the documentation there are a few things to note.  First off, there is a maximum of 100 users that can download the app using this link. So if you are crazy popular then you won’t be able to let all of your friends test! Realistically this probably isn’t a big deal as 100 testers should be plenty to see major bugs that are introduced, but all the same the limit exists.

 

Another limit that might impose a little more on you is that the app you upload has to have a matching package name.  For most cases this will always match since it’s the same app, but if you have different schemes you’re building your app with (debug vs release) that offer different features you’ll need to make sure nothing is different in those package names. Other than these limits though it’s a fairly straightforward process with a positive experience.

 

I currently use Internal App Sharing and I would recommend that you check it out as well!  It’s a great way to share a build of your app with changes to those closest to you before officially releasing anything to the public.  What are your thoughts on the feature?  Let us know in the comments below.

en English
X