Android 11 Has Made Its Debut

Share if the site was helpful

Android 11 Has Made Its Debut

 

Gone are the days of Android versions with dessert themed names.  But by no means does that mean the end of Android!  Google is still keeping to their schedule of a new version every year, and 2020 marks the year of Android 11.  It won’t have a fun name, but this version may contain some long-awaited features for the world’s most popular operating system.

Android 11 Today:

Google has launched their first developer preview of Android 11.  What does this mean?  It doesn’t actually mean that you have to be a developer to view it, just that you can’t download the new version in the traditional sense.  Instead you can utilize the system images for Google’s Pixel devices to flash the software onto your phone.  For more detail on that check out this post.

Let’s take a look at what 11 is going to bring to the table. Google’s VP of Engineering Dave Burke spoke about it saying “With Android 11 we’re keeping our focus on helping users take advantage of the latest innovations, while continuing to keep privacy and security a top priority.”  The version is focused on helping manage sensitive files in an era where privacy feels non-existent.  For permissions that typically require user approval, Google is expanding their “Just this once” option to features such as accessing your contacts or camera.  Something introduced last year for locations that has proven to be useful.

New Developer APIs:

Android 11 actually seems to be bringing a lot of new features to the table right out of the box.  New APIs available to developers include 5G bandwith estimates, conversation sections in the notification shade, and fun chat bubbles that behave similarly to the Facebook chat we’ve all more than likely used in the past.

There are also improvements on existing features such as dark mode and NFC.  This will hopefully help with the issue of jumping back and forth between apps that have/have not implemented dark mode (it’s tough on your pupils!).  And an expansion on Project Mainline will allow Google to update key components of the OS via the Google Play Store instead of waiting for device manufacturers to release full rollouts.  More updates = better user experiences.

When we’ll learn more:

Unfortunately Google I/O has been cancelled this year as an in-person event, but the online portion will still be available.  It’s always a great event to see the new pieces of tech that Google has been working on both. We’re sure to learn more about Android 11 in May, so stay tuned to hear updates then.

What are your thoughts on what the latest Android version has to offer? It’s still being refined and will likely be officially available in Q3 of 2020.  While it’s just “Android 11”, we’d technically be on R.  So if you want to brainstorm what a good dessert would be for this version’s name let us know in the comments below!

Google Ups Their Security Ante

Share if the site was helpful

Google Ups Their Security Ante

If you’ve ever been interested in learning more about cyber-security (and are also interested in Android’s) then there’s never been a more enticing offer on the table.  This week Google has officially announced a new top reward for being able to pinpoint a security flaw in the operating system.  Are you hooked yet?  Well, here’s the new figure: $1.5 million dollars!

A Quick History:

Way back in 2015 Google announced the launch of a security rewards program for Android (The one we’ve come to know and love today as it’s improved the operating system). The program covered security vulnerabilities affecting Nexus phones and tablets, and asked individuals to try to find defensive holes.  In exchange for finding one of these you could earn up to $38,000.

This is no small chunk of change, but it’s also obviously a long way away from $1.5 million.  What happened?  Well Android grew in popularity and more security researchers came on board unearthing security flaws.  In fact, from it’s first bug bounty program in 2010 Google was paying over $1 million a year to hundreds of researches who found issues.  So it’s not a complicated story.  Google offers rewards for security help.  People find flaws.  Google makes a more secure environment and ups the ante.  Rinse and repeat.

The $1.5 Million Dollar Man:

Which brings us to the 2019 cap in the program.  Google won’t pay that large a sum to just any bug though.  Their looking for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.”  In simpler terms they want to find a bug that lets a hacker execute code on a device even after it’s been reset and without physical access. 

The Titan M security chip was first introduced in the Pixel 3.  Its job is to oversee security (passcodes, verify firmware signatures, and identify malicious apps).  It’s done a fairly good job and has been carried over into the new Pixel 4. And since it does such a good job security flaws are harder and harder to find.  But that doesn’t mean they aren’t there.  The only way security can get better is by someone figuring out how to hack it.  If you find a hole in your defenses, you know exactly what needs to be patched up.

So the $1.5 million dollar bug is the big one, but it’s not the only reward.  There are plenty of other security flaws that have led to hundred thousand-dollar payouts to dozens of individuals.  If you are interested in learning about Android security, it’s safe to say these prizes are only going to go up, so there’s no time like the present to start!

Google Minus And Project Strobe

Share if the site was helpful

Google Minus and Project Strobe

After 7 years of effort Google has decided that enough is enough for Google+.  The tech giant has admitted to failing its entrance into the social media marketplace. As both a business decision and safety concern they’ve decided to take Google+ off the web and focus on other things.

Project Strobe

Security has been at the forefront of everyone’s minds this year as privacy scandal after privacy scandal has surfaced.  Facebook’s Cambridge Analytics scandal made us hyper aware of how much data is exposed to third-parties.  In an attempt to combat privacy issues Google launched Project Strobe.  It’s a root-and-branch review of third-party developer access to Google accounts and Android devices.  Essentially it’s a research project to check up on how secure everyone’s information really is.

The findings: not the best.   Today Google announced four key findings from the project along with steps to remedy each.

1. There are significant challenges in creating and maintain a successful Google+ product that meets consumer’s expectations.

Google+ has a pretty serious bug in it that exposed user data to third-party applications that didn’t have proper access.  Google says that there is no evidence anyone else found this out before they did (hard to be sure).  But combining this with the lack of adoption among users and the end result has been to remove Google+ entirely.  I don’t think anyone is too upset at this move, and it’s probably for the best Google diverts its time towards new innovations.

2. People want fine-grained controls over the data they share with apps

When you download a new app that performs certain functions, it may need permission to do so.  Whether that’s accessing your camera to take a picture or seeing your contacts so that it can share a picture with others, apps can’t do these things until you let them.  This is a big plus for Android security, but unfortunately sometimes it’s not organized well enough.

There are some permissions that are grouped together when presented to a user, and this can potentially be a problem.  If you want an app to do one thing you shouldn’t have to grant it access to 3 permission, yet this is sometimes how things are organized.  Google has announced they’ll be launching more granular account permissions that will show individual dialog boxes for each.  Maybe a little more frustrating for relaxed users, but definitely a win for security.

3. When users grant apps access to their Gmail, they do so with certain user cases in mind

To correct the security issue of third-parties abusing contact information Google is limiting what kinds of apps are allowed to access Gmail data.  The only apps allowed will be those that are “directly enhancing email functionality”.  Basically, if there’s not real reason for your app to need to write an email, it’s banned.

4. When users grant SMS, Contacts and Phone permissions to Android apps they do so with certain use cases in mind.

3 and 4 are pretty similar to one another, but this other finding takes things past email and into the phone/contacts.  Google is limiting how many apps will be allowed to access this information.  In addition to this Contact interaction data will no longer be available vie the Android Contacts API.

The bottom line is that Google did a security sweep and decided a few things needed to change.  It seems that these changes are proactive which is always a good things, but if you’re one of the world’s Google+ user’s then I’m sorry you have to say goodbye.  For everyone else these changes should be nothing but good as security continues to improve.

What are your thoughts on Project Strobe?  Let us know in the comments below!

 

en English
X