Tag Archives: Google Apps

Posted on Author Atlantic Computer Services Categories Blog

Google Is Searching For Unauthorized Gambling Apps On Play Store

Google heavily regulates gambling and gaming apps on its Play Store.  It’s not hard to understand why.  The industry has a long history of gouging and otherwise abusing the people who play their games, to say nothing of the flouting of local laws. In response to the company’s heavy-handed regulation of their industry, some app developers have taken to disguising the nature of their apps.

On the surface, these stealth gaming apps appear to have other, more mundane functions, but of course once you actually install them, their true natures become readily apparent. Researchers found one app that was described as a hub for holiday information but once installed, its only function was to redirect users to a lottery system.

Unfortunately, it’s a strategy that pays from the standpoint of the developers.  Some of the apps discovered to be little more than shells were spotted in Top 100 lists. Many had been rated more than a hundred thousand times, which gives a sense of the scope and scale of the problem.

Google has taken note of the trend and has begun ruthlessly removing any apps that employ this kind of strategy, with Apple taking a similar stance.  Unfortunately, about the best the two tech giants can do is clean up the mess after the fact, because many of the app developers making use of this redirect strategy have gotten quite cunning about it. They are deploying an app that appears perfectly normal and then flipping a virtual switch to activate its redirect features once it has been inspected by Google and Apple, respectively.  That, of course, makes it virtually impossible to spot on the front end.

The best thing you can do to prevent downloading such an app is to carefully read and heed the user reviews.  It’s certainly not a perfect solution, but it’s better than nothing.

0
Posted on Author Atlantic Computer Services Categories Blog

Some Android Apps Are Charging People Big Money

Security researchers at Sophos Labs have alerted Google to the presence of more than two dozen apps on the Play Store that are abusing a loophole in Google’s policies that allow them to charge hefty fees to unsuspecting users.  Here’s how it works: Many apps offer a free and a subscription-based service, and many of those allow users to try the full version of the app for a free trial period.

If they decide they don’t want to pay for the full version, they can cancel their subscription before the free trial ends and avoid any fees.

According to the letter of the law of Google’s policies though, canceling a free trial and uninstalling the app in question are two separate events.  Most developers interpret an uninstall as a cancellation of the free trial, but not all.  A few unsavory developers have decided that unless the user specifically cancels their free trial prior to uninstalling the app, they’ll charge them anyway.

In many cases, the charges are modest. However, the worst abusers of this policy have hit unsuspecting users with charges amounting to hundreds of dollars for very simple apps like calculators, GIF creators or QR code readers.

Since being alerted to the issue, Google has removed more than half of the offending apps, but a few of them remain. Be sure you look closely at the terms of any app you install.  The last thing you want is to be hit with a hefty fee for what amounts to a moderately useful app.

It should be noted that the apps in question can, in no way, be described as malware.  They’re perfectly innocent apps that developers have built excessive, even predatory fees into.  Kudos to Google for taking a stand against the practice but we wish they had washed them all away.  As it stands, there are still a few bad actors on the Play Store, so be mindful of that.

0
Posted on Author Atlantic Computer Services Categories Blog

Your Google Calendar Settings May Be Sharing Your Info

Twelve years ago, Google introduced a new feature to Google Calendar that allowed users to share their calendars with others.  It’s a great feature and invaluable in a corporate environment because it gives teams an easy way to collaborate.  Google itself even touted the “make it pubic” feature of their calendar as being a cool way to use their search engine to discover upcoming events.

Unfortunately, as with most things, there’s a potential downside.  Recently, a security researcher named Avinash Jain discovered more than 8,000 publicly accessible Google Calendars, searchable via Google’s own search engine.  Many of these calendars contain sensitive information (which is bad enough), but worse, they allow any user to add new events that can cause real harm to the system hosting the calendar. This is done via maliciously crafted events or poisoned links.

As Avinash Jain reports:

“I was able to access public calendars of various organizations leaking out sensitive details like their email IDs, their event name, event details, location, meeting links, zoom meeting links, google hangout links, and much, much more.

This is more of an intended setting by the users and intended behavior of the service. The main issue however, is that anyone can view anyone’s public calendar, add anything on it – just by a single search query without being shared the calendar link.

Jain goes onto say that several calendars belonging to many of the top 500 Alexa company’s employees were made public, which is certainly cause for concern.

This most recent finding adds to the chorus already warning of the dangers of calendar sharing.  Just a few months ago, researchers from Kaspersky Lab discovered scammers abusing Google Calendar in a variety of ways. For example, there were phishing scams that contained poisoned links masquerading as google calendar event links.

Stay vigilant and be sure you have all employees check their Google Calendar security settings so you’re not revealing more than you intended to.

0
Posted on Author Atlantic Computer Services Categories Blog

Popular PDF Creator App Found To Have Malware

Do you use the PDF Creator App called CamScanner?  If you do, you’ve got plenty of company.  Since the app was first published in 2010, it has been downloaded more than a hundred million times.

Unfortunately, Google recently pulled it from the Play store when they discovered that it began delivering malware to user devices.

For much of the app’s life, its creators, Shanghai-based CC Intelligence, have relied on ads and in-app purchases to generate revenue from the app.  That shifted in recent months, and Kaspersky Lab discovered that recent versions of the app introduced a new library that contained a Trojan designed to deliver malware to Android devices.

According to a spokesperson at Kaspersky, the “malicious code may show intrusive ads and sign users up for paid subscriptions.”  Granted, this isn’t as bad as it could be, because intrusive ads are more of an annoyance than a genuine threat. However, the issue of unwanted paid subscriptions is a bit more worrisome.

Even so, based on their investigation into the matter, Kaspersky concluded that it was probable that this is simply a case of the developer accidentally using a malicious ad library.  It seems unlikely that they’d run the risk of ruining a reputation that’s been nearly a decade in the making. This conclusion is underscored by the fact that the developers have removed the offending library from the most recent build of their app.

Unfortunately, this kind of thing is all too common.  There are a disturbing number of instances where legitimate apps have been found to be using poisoned libraries, so in that regard, CamScanner is as much a victim as the users who wound up with paid subscriptions.

Even so, kudos to Kaspersky, Google and CC Intelligence for swift, decisive action. If you use the app and have been noticing intrusive ads, be sure to upgrade to the latest version as soon as possible.

0
Posted on Author Atlantic Computer Services Categories Blog

Google Hangouts Extending  Support Until Next Year

If you’re a G Suite user, you’re probably already aware that Google has been making plans to shut down Google Hangouts.  In fact, the original plan was to begin phasing it out of the G Suite in October of this year (2019).

If you’re a fan of the service and rely on it for interoffice communications, you can breathe a short-lived sigh of relief.

The company recently announced that they’re pushing their timetable back. G Suite users will continue to have access to it through the first half of 2020, with Google beginning their process of shutting it down starting in June.

Once Google does formally retire Hangouts, the plan is to replace it with a pair of new services:  Hangouts Meet (which is a video conferencing service) and Hangouts chat (for real time text-based communications).  The new services will have a similar look and feel to classic Hangouts, so there shouldn’t be a big learning curve when migrating from the old to the new. Of course, the new services will feature some additional functionality that it’s hoping will wow its impressively sized user base.

On balance, this is good news.  People who are attached to classic Hangouts get to keep using it for a little longer than originally anticipated. The new features and similar look and feel should assuage concerns about the switch over when it actually occurs.

It is also worth mentioning that Google has a longstanding habit of shifting gears and changing plans mid-stream. So, news of these most recent changes to the company’s plans should be taken with a proverbial grain of salt.  Between now and next June, it’s entirely within the realm of possibility that the company’s plans will change yet again, which may give classic Hangouts users even more time.  Stay tuned.

0
1 4 5 6 7