Date:15/05/17
According to Google, last week’s phishing scam that imitated a Docs invite was quickly countered by existing security measures. The company is now announcing changes aimed at developers to prevent future attacks.
The fact that a third-party app was able to have "Google" in its title — let alone fully copying the name of an existing product — was widely seen as a major flaw.
The company’s app identity guidelines already state that "app names should be unique to your application and should not copy others’." But to better detect spoofed or misleading app identities, Google has updated its application publishing process, risk assessment systems, and user-facing consent page.
For the time being, this might result in developers seeing an error message when registering new apps or modifying existing ones in the Google API Console, Firebase Console, or Apps Script editor.
Additionally, there is a new review process specifically for web apps that request user data, as well as other restrictions.
This enhanced risk assessment might require that some web apps undergo a manual review. During the process, users will not be able to approve permissions and will encounter an error message instead of the consent page. These initial reviews will take 3-7 business days, with Google eventually permitting earlier review requests during the development process.
As a result of these two changes, the company recommends that developers review the data request guidelines and account for the delays.
Google implementing 3rd-party developer changes to prevent future phishing attacks
According to Google, last week’s phishing scam that imitated a Docs invite was quickly countered by existing security measures. The company is now announcing changes aimed at developers to prevent future attacks.The fact that a third-party app was able to have "Google" in its title — let alone fully copying the name of an existing product — was widely seen as a major flaw.
The company’s app identity guidelines already state that "app names should be unique to your application and should not copy others’." But to better detect spoofed or misleading app identities, Google has updated its application publishing process, risk assessment systems, and user-facing consent page.
For the time being, this might result in developers seeing an error message when registering new apps or modifying existing ones in the Google API Console, Firebase Console, or Apps Script editor.
Additionally, there is a new review process specifically for web apps that request user data, as well as other restrictions.
This enhanced risk assessment might require that some web apps undergo a manual review. During the process, users will not be able to approve permissions and will encounter an error message instead of the consent page. These initial reviews will take 3-7 business days, with Google eventually permitting earlier review requests during the development process.
As a result of these two changes, the company recommends that developers review the data request guidelines and account for the delays.
Views: 348
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
