Category Archives: google

Google and Apple Ignore Calls to Remove Absher App

Absher is an app that allows men in Saudi Arabia to track women. The app is used by (at least some) men in Saudi Arabia to control where the women in their life can travel. There have been calls for Google to remove Absher from the Google Play store, but Google is ignoring those requests. Apple has also ignored requests to remove the App Store.

Google has declined to remove from its app store a Saudi government app which lets men track women and control where they travel, on the grounds that it meets all their terms and conditions.

Insider has some details about what the Absher app is and what it can be used for. It is a state-run e-service that contains an online expression of Saudi Arabia’s restrictive male-guardianship laws.

Some of what Absher can be used for include: paying a parking fine, registering a newborn baby, or renewing a driver’s license. All of these options are harmless.

Unfortunately, Absher can also be used by Saudi men to specify when and where women are allowed to fly out of the country. Absher allows the men to grant or revoke travel permission with a few clicks. The app will also send an SMS when a woman uses her passport at a border crossing or airport check-in.

Obviously, the Absher app puts Saudi women in danger. The women who need to escape from abusive situations can be tracked by the app. This will lead to even more violence inflicted upon the woman if she is caught before she can leave the country.

I find it extremely troubling that Google and Apple have so little regard for the safety of women. I strongly suspect that if the app was being used to track men – instead of women – that Google and Apple would rush to remove it. Absher should be removed until the app updates to a new version that does not include the ability to track women.

Google Provided Details About How it Fights Disinformation

Google presented a white paper titled “How Google Fights Disinformation” at the Munich Security Conference. The white paper provides details about Google’s work to tackle the spread of misinformation – across Google Search, Google News, YouTube and their advertising systems.

One thing Google is doing is giving users more context. Here is how they do that:

  • “Knowledge: or “Information” Panels in Google Search and YouTube, providing high-level facts about a person or issue.
  • Making it easier to discover the work of fact-checkers on Google Search or Google News, by using labels or snippets making it clear to users that a specific piece of content is a fact-checking article
  • A “Full Coverage” function in Google News enabling users to access a non-personalized, in-depth view of a news cycle at the tap of a finger
  • “Breaking News” and “Top News” shelves, and “Developing News” information panels on YouTube, making sure that users are exposed to news content from authoritative sources when looking for information about ongoing news events
  • Information panels providing “Topical Context” and “Publisher Content” on YouTube, providing users with contextual information from trusted sources to help them be more informed consumers of content on the platform. These panels provide authoritative information on well-established historical and scientific topics that have often been subject to misinformation online and on the sources of news content, respectively.
  • “Why this ad?” labels enabling users to understand why they’re presented with a specific ad and how to change their preferences so as to alter personalization of the ads they are shown, or to opt out of personalized ads altogether
  • In-ad disclosures and transparency reports on election advertising, which are rolling out during elections in the US, Europe and India as a starting point

Google is also empowering users to let them know when they are getting it wrong by using feedback buttons across Search, YouTube, and Google’s advertising products to flag content that might be violating Google’s policies.

In addition, Google is partnering with outside experts. Some of those experts include:

  • First Draft Coalition (which Google helped launch) – a non-profit that convenes news organizations and technology companies to tackle the challenges around combating disinformation online – especially in the run-up to elections
  • Trust Project (which Google is a founding member of) – explores how journalism can signal its trustworthiness online. The Trust Project developed eight indicators of trust that publishers can use to better convey why their content should be seen as credible, with promising results for the publishers who have trialed them.
  • Poynter’s International Fact-Checking Network (IFCN) – a non-partisan organization gathering fact-checking organizations from the United States, Germany, Brazil, Argentina, South Africa, India, and more.

In regard to political ads, the white paper says: “Finally, in order to help understand the context for the election-related ads they see online, we require additional verification for advertisers who wish to purchase political ads in the United States, provide transparency about the advertiser to the user, and have established an online transparency report and creative repository on US federal elections.”

There are a lot more details in the white paper than I have posted here. Overall, it appears to be a good start at fighting disinformation across Google’s products. Part of the white paper mentions “deep fakes”, which will likely be difficult to combat. Google is clearly aware of how malicious actors could use it, and seems to be at least attempting to get ahead of that.

Google+ Offers Download of Data

Announced back in October, Google+ is coming to an untimely demise on 2nd April, leaving many of us somewhat uncomfortable with the thought of having to move house over to Facebook. Never mind Facebook’s total disregard for privacy, the user interface is complete rubbish…

While Google+ may be ending, Google is making it easy to retrieve information from the service and all users should have received an email giving the details of what needs to be done.

The download and save links to a support page which provides guidance on downloading all your Google+ information, including photos. It’s straightforward to do, but Google does take a few days to assemble the data and make it ready for download. Google then makes the data set available for around a week. I requested the download on 3rd February and received a notification that it was ready on 7th Feb.

Once downloaded, the archive can be unpacked. Google sorts the data into folders relating to your activity on Google+ and provides some additional html files to make browsing the data a little easier. Having said that, if you are only after your pictures, a quick search from a file manager for jpg will get quick results.

My online life with Google+ was quite small at 108 MB, but a friend who was an enthusiastic contributor to the server downloaded several gigs of data.

While it’s sad to see Google+ going away, it’s great to see Google making it easy to retain your Google+ data.

Google Password Checkup Protects Accounts from Data Breaches

How many things is your Gmail account connected to? It is definitely connected to Google+ (which will shut down soon). You might be using your Gmail account as a log in to apps or other websites.

Google says it regularly resets the passwords of Google accounts affected by third-party data breaches in the event of password reuse. According to Google, the strategy has helped protect over 110 million users in the last two years.

Google is now taking password protection one step further. It has created a Password Checkup Chrome extension. When you log into a site (while using the Chrome browser) Password Checkup will trigger a warning if the username and password you use is one of over 4 billion credentials that Google knows to be unsafe.

Obviously, the Chrome extension is only going to work on the Chrome browser. People who use other browsers aren’t going to get any benefit from Password Checkup. One could take a cynical view of this situation and suspect that Google’s main goal is to get more people to switch over to Chrome.

As you may recall, Google has been in the news for doing some very negative things. It recently had its enterprise certificates removed because it used them in a app that sucked up user’s data.

It ended its Project Dragonfly that was, in short, building a censored search engine for China. Google was silent about the bug that exposed private data of hundreds of thousands of Google + users until after the Wall Street Journal reported about it.

There is potential that Password Checkup (which is described as an “experiment” by Google) will improve user’s ability to find out if their username or password is unsafe. I think it will be hard to convince users to trust Google enough to install it.

Apple Shut Down Google’s Enterprise Certificates

Apple has revoked Google’s enterprise certificates. According to The Verge, this caused early versions of Google Maps, Hangouts, Gmail and other pre-release beta apps to stop working. It also broke Google’s employee-only apps like the Gbus app for transportation and Google’s internal cafe app.

This comes shortly after Apple revoked Facebook’s enterprise certificates. This was done because Facebook was using its enterprise certificates, which were only supposed to be used on employee-only apps, in its “Facebook Research” app.

In short, the “Facebook Research” app was paying teenagers (and adults) to install a VPN that sucked up all of the user’s phone and web activity and allowed Facebook to collect it.

Google had its enterprise certificates removed because it was running a app called Screenwise Meter. TechCrunch reported that the app let users (some as young as 13 if they were part of a family group) to earn gift cards. The app allowed Google to monitor and analyze the user’s traffic and data.

In both cases, the companies were using their enterprise certificates in ways that they were not supposed to. The enterprise certificates were intended to be used in the company’s employee-only apps.

Recode reported that Apple made a statement after it revoked Facebook’s enterprise certificates. Part of that statement said: “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

To me, it sounds like companies that have iOS apps, and have been using their enterprise certificate in it to sneakily gather user’s data, should be worried. Apple has made it clear that they are willing and able to revoke enterprise certificates from companies that misuse it.

Google has “Effectively Ended” Project Dragonfly

Google had been working on a project called Dragonfly, which was being developed as censored search engine that would be used in China. The decision comes after hundreds of Google employees called on the company to cancel the project.

The Intercept has a very detailed article about what Project Dragonfly was. It was a very secretive project that relied upon data gleaned from, a Beijing-based website.

The controversy over Dragonfly is largely because it was being built as a censored search engine. From the Intercept:

The dispute began in mid-August, when The Intercept revealed that Google employees working on Dragonfly had been using a Beijing-based website to help develop blacklists for the censored search engine, which was designed to block out broad categories of information related to democracy, human rights, and peaceful protest, in accordance with strict rules on censorship in China that are enforced by the country’s authoritarian Communist Party government.

I’m certainly not the first person to say this, but it bears repeating. If Google were to create and launch Dragonfly in China, it would not stop there. The existence of a tailor-made censored search engine for one country could influence other countries to demand that Google create a highly censored search engine for them – blocking whatever that government chooses to censor.

The existence of Project Dragonfly is dangerous and disturbing. The Intercept points out that Google’s CEO, Sundar Pichai, appeared before Congress and stated that “right now” there were no plans to launch Dragonfly. That doesn’t mean it is gone for good, and we need reporters to continue to monitor the situation.

Google Expedites Closure of Google+ After Bug Investigation

Google announced that it will expedite the closure of Google+ for consumers. In October of this year, Google said it would shut down Google+ for consumers “over a ten month period”.

That timeframe has been shortened to “within the next 90 days”. This decision comes after the discovery of a new bug that impacted approximately 52.5 million users in connection with a Google+ app.

We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API. We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.

As a result of discovering this bug, Google has decided to shut-down all Google+ APIs within the next 90 days. Google is also going to accelerate the sunset of consumer Google+ from August 2019 to April 2019.

Google says it wants to give users ample opportunity to transition off consumer Google+. It will also provide users with ways they can safely and securely download and migrate their data.

In addition, Google is in the process of notifying any enterprise customers that were impacted by the bug. That notification will come by email to those affected.

In my opinion, Google enterprise customers should take a minute and consider how much they trust Google to keep Google+ secure. This isn’t the first time this year that Google+ has had a data breach.