Google Play rejected 55% more app submissions, and suspended 66% more apps in 2018

As part of protecting Android users from new abuses, Google Play rejected numerous app submissions and increased app suspensions in 2018.

Google Play works as the official app store for Android OS. According to Statista, Google Play Store is the largest app store having 2.1 million apps, followed by Apple’s App Store that has almost 2 million apps.

The core developers behind the Play Store committed to make it a secure and safe platform for billions of Android users. Last year, Google Play improved abuse protection against the platform and increased their team of product managers, engineers, policy experts, and operation leaders in order to combat cyberattacks.

Last year, the company announced new policies for detecting and removing malicious apps and developers faster and to stop bad actors from entering Play Store. In 2018, the company rejected around 55% more app submissions, and suspended 66% more apps.

“These increases can be attributed to our continued efforts to tighten policies to reduce the number of harmful apps on the Play Store, as well as our investments in automated protections and human review processes that play critical roles in identifying and enforcing on bad apps,” wrote Andrew Ahn, Product Manager, Google Play, in a blog post.

Along with detecting and stopping malicious apps from becoming a part of Play Store, Google Play Protect system scanned more than 50 billion apps on user devices every day. This helped in ensuring that no bad apps are harming user devices.

Google claims that apps installed from Google Play Store are 8x less likely to harm user devices than the ones installed from other sources.

Google developers are focusing on three main things to protect users from bad apps and malicious developers. These three things include protecting user privacy, developer integrity, and stopping harmful app contents and behaviors.

To protect user privacy, the company has set certain requirements from developers to limit their device permission requests. Their apps can ask permissions only for necessary things and let users know the way their data is used by the app.

In 2018, Google Play rejected and removed tens of thousands of apps from store that were not compliant with the policies.

Google has further made it more complex for spammy developers to publish their apps on Play Store.

Also read: Google rolls out Chrome OS 72 with several new features and security improvements

“We find that over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks,” added Andrew Ahn.

Google said that it will continue to boost the security and privacy of Play Store by improving capabilities to offer users secure and safe store.


Google now validates enterprise mobility management solutions under Android Enterprise Recommended program

Google is welcoming the leading Enterprise Mobility Management (EMM) providers to its Android Enterprise Recommended program, so that enterprises can confidently choose the Android enterprise devices and services.

The Android Enterprise Recommended program was launched in February last year. Google validates the Android devices and services on the basis of a set of specifications for hardware, deployment, security updates, and user experience. If the devices and services built by vendors meet these requirements, Google lists them under the program.

After validation, these devices and services are recommended by Google to enterprises.  The aim of this program is to help enterprises find the devices and services that met necessary enterprise needs.

Android Enterprise Recommended program for Enterprise Mobility Management will include BlackBerry, Google Cloud, I3 Systems, IBM, Microsoft, MobileIron, Softbank, SOTI, and VMware.

“Since we’ve collaborated closely with EMM partners over the years, we understand what it takes to demonstrate excellence in this area. With this program, we’re recognizing partners who provide the most comprehensive technical solutions and have knowledgeable teams focused on modern Android security and management,” wrote Will Ro, Head of Android Enterprise Partnerships, Management and Security, in a blog post.

Android Enterprise Recommended EMMs will enable experience across multiple Android Enterprise management sets, and provide advanced security and management feature. The program will also demonstrate documentation and guides that comes with best practices for Android Enterprise set-up and configuration.

Google will provide training to vendors across sales, technical pre-sales and deployment support.

Also read: Google secures DNS traffic with DNS-over-TLS support for its public DNS

With this program, Google is raising the bar of excellence, so that enterprises globally can get the best equipped devices and applications for Android.


Every Wi-Fi enabled device vulnerable to a new security attack called KRACK

Security researchers have discovered weaknesses in the WPA2 (Wi-Fi Protected Access II), the security protocol for most modern Wi-Fi networks. An attacker within the range of victim can interrupt credit card numbers, passwords, photos, and other sensible information using the bug called KRACK (Key Reinstallation Attacks).

What this means is that the security built into Wi-Fi is likely ineffective, and we should not assume it provides any security. If the security problem which researchers have discovered is true, then it will be very difficult to fix it. Because the WPA2 is built into almost every internet connected device.

During the initial research, it was found that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of attacks. The attacks against Linux and Android 6.0 or higher devices could be devastating because these devices can be tricked into (re)installing an all-zero encryption key. Currently 41% of Android devices are vulnerable to this attack.

It is also possible that attackers can inject and manipulate data depending on the network configuration, such as ransomware or other malware data into websites.

US Homeland Security’s cyber-emergency unit US-CERT confirmed the news of vulnerability on Monday and described the research this way- “US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”

Most of the protected Wi-Fi networks including personal and enterprise WPA2 networks are affected by the KRACK and are at risk of attack. All the clients and access points that were examined by researchers were vulnerable to some variant of the attack. The vulnerabilities are indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.

“The weakness lies in the protocol’s four-way handshake, which securely allows new devices with a pre-shared password to join the network. If your device supports Wi-Fi, it is most likely affected,” said Mathy Vanhoef, a computer security academic, who found the flaw.

Changing the passwords is not going to work even if you set a strong one. So, update all your devices and operating systems to the latest versions. As of now, users can protect themselves by sticking with sites that have HTTPS security, and keeping the Wi-Fi off. Since the security issue is related to Wi-Fi, the attacker has to be within a range, and the odds of widespread attacks are apparently low.

Also read: Many organizations unprepared for DNS attacks, reveals new global survey

The warning came at Black Hat security conference, and is scheduled to be formally presented on November 1 at ACM Conference on Computer and Communications Security (CCS) in Dallas.


GitHub introduces new code security and collaboration features for developers

At GitHub Universe conference in San Francisco, GitHub announced a number of new tools that leverage its community data to protect code, provide greater security, improve ways of collaboration and enhance the developer experience.

GitHub had begun its journey almost ten years ago as a platform that brings together the developer community around the globe. Now that the millions of developers worldwide use its platform for various purposes, the company shared its future plans to expand the ecosystem and transform the way developers code through new tools and data.

Dependency Graph

The new dependency graph lets developers manage complexity of dependencies in their code. Developers can now keep track of their packages and applications easily without leaving their repository. Dependency graph currently supports Ruby and JavaScript, with GitHub planning to add Python support soon.

“Development hasn’t had that much innovation arguably in the past 20 years. Today, we finally get to talk about what we think is the next 20 years, and that is development that is fundamentally different and driven by data,” said Miju Han, engineering manager of data science at GitHub.

Security alerts (to be launched soon)

The new security features will use human data and machine learning, so that dependencies associated with public security vulnerabilities can be tracked. Developers will get notified about vulnerabilities when they happen and will get a security fix recommendation for it.

News feed

Additionally, GitHub is adding a newsfeed which will help developers in discovering new open-source projects from 25 million active repositories. They can participate in and find out what’s popular within the community. They can follow and star the repositories they want to see in their newsfeed.


GitHub has also updated the ‘Explore’ option. The users can now connect with curated collections, topics, and resources, and can browse their specific interests like data protection, game development or machine learning.

GitHub’s topic pages will help in finding the projects related to languages, technologies, Android or CSS projects, etc. The users can also suggest edits to topic pages in public repository.

GitHub plans to introduce more helpful features soon, as per the company blog.

Cloud Cloud News Hosted Cloud Apps Hosting Innovation New Products News Technology

XO Communications Launches XO Enterprise Cloud, XO Cloud Drive and XO Cloud Vault

XO Communications today announced launch of XO Enterprise Cloud, XO Cloud Drive, and XO Cloud Vault, its three new cloud service offerings that leverage Tier III data centers and the XO nationwide network to offer IT infrastructure-as-a-services ideal for SMBs and enterprises who want to to virtualize their data centers, back up enterprise-wide data to the cloud, and enable cloud-based file sharing and storage for employees.

Providing SLAs, integrated security, and high-performance data center and network, the new enterprise-class cloud solutions help IT professionals and the organizations run a wide range of applications, from test and development to mission-critical applications, in the cloud.

XO Enterprise Cloud

Designed to meet customer requirements for enterprise-grade cloud computing services delivered over a private and secure network environment, XO Enterprise Cloud gives customers the flexibility of multiple network connectivity options to access the Enterprise Cloud platform and multiple computing resource allocation options, such as Shared, Reserved and Dedicated, depending on what best supports their application needs.

Some specifications of XO Enterprise Cloud are as follows:

  • Performance – The XO Enterprise Cloud server and storage infrastructure is built using best-in-class products from HP, VMware Inc., and EMC Corporation and offers three tiers of high performance storage, including Solid State Drives.
  • Network Security – Networked Fortinet security appliances and subscription services provide broad, integrated and high-performance protection against dynamic security threats.
  • Availability – Redundant N+1 architectural design provides for 100% availability.
  • Compliance – The XO Enterprise Cloud platform is deployed in Tier III data centers located in Northern Virginia and Southern California with SSAE 16 Type 2 compliance.
  • Scalability – XO Enterprise Cloud provides a highly flexible platform that can support 1 Gbps dedicated bandwidth per virtual machine, as well as scale-up capabilities that can reach 32 vCPUs and 512 GB RAM per server.

XO Cloud Drive

XO Cloud Drive allows companies to give their employees the ability to store, share, synchronize and collaborate on business content and files in the cloud while giving IT organizations the ability to control and centralize how business content is shared.

With XO Cloud Drive, files can be drag-and-dropped, saved virtually for consistent version control and shared anywhere, anytime, across multiple platforms and among numerous users for seamless collaboration.

The cloud-based platform provides uniform access to files across the following platforms, including iOS, Android, Mobile Web, Windows, Mac and Linux.

Some salient features of XO Cloud Drive are:

  • Content aggregation from multiple sources
    • Microsoft Office documents, presentations and spreadsheets
    • Google apps, emails and documents
    • Bookmarks
    • RSS feeds
    • Social media
    • Images and embedded media
  • Dynamic file synchronization to keep important files and folders up-to-date across multiple devices.
  • Conflict-free, automatic synchronization to mitigate offline/online, as well as multi-user file editing.
  • Full-text indexed search of all content and team collaboration with permission-based file access.
  • File version history stored allowing customers to preserve and restore from all previous versions of business files.
  • List, view, rename, share, download and delete files.
  • Intuitive editor to create text and illustrative notes.
  • Easy-to-use web-based management interface.

XO Cloud Vault

XO Cloud Vault automates and simplifies backup services for businesses with multiple locations or complex, distributed IT environments. Customers can replicate data from the XO Enterprise Cloud platform as well as from premise-based servers and desktops.

An intelligent backup design provides compression, encryption and copy of only those documents, emails and databases that have changed since the most recent backup across the following platforms: Windows, Linux, Mac, Solaris and FreeBSD.

To restore, the virtual design allows users to point and click to refresh files to a single point in time, streamlining and automating disaster recovery/business continuity planning for businesses of all sizes.

Some salient specifications of XO Cloud Vault are as follows:

  • Flexible backup schedule including continuous, every few hours, by day and time, incremental and multiple full backups.
  • Powerful compression algorithms to reduce bandwidth usage.
  • Support Microsoft Exchange server, Microsoft SQL Server, MySQL SharePoint, etc.
  • Support Mapped Network Drives and external USB drives.
  • Block level incremental backups with options to configure multiple full backups.
  • User configured (up to 448 bit) encryption key guarantees data privacy and facilitates compliance with regulatory requirements.
  • Virtually unlimited versioning with advanced data retention policies.
  • Comprehensive reports & dashboards with email notification options.
  • Bandwidth throttling.
  • Automatic updates of agent and plugin software.

“IT organizations are continually pressured to support an increasing number of mission-critical applications with fewer resources, causing businesses to seek out virtual solutions as a way to effectively and efficiently expand core operations without spending unnecessary capital,” said Jake Heinz, Vice President of marketing, XO Communications.

“In response to this industry need, XO Communications has expanded our services for dedicated cloud resources. This deeper commitment to the Infrastructure-as-a-Service market puts XO Communications in the best position to serve mid- and large-sized businesses for their computing, data and network requirements,” he added.

For more information, click here.


Are you updating Google Play Store? STOP!

TrustGo, a mobile security company, recently reported that a new malware named FakeLookout.A has been discovered on Google Play.

According to TrustGo blog post, this malware hides itself in the full Application List after installation. It only shows up in the Downloaded app list where it uses Lookout’s icon and the name “Updates”. It can receive and execute commands from remote server. According to remote server’s commands, the malware can steal user’s SMS messages and MMS messages and upload them to remote server via secure FTP. It also uploads the complete file list from the user’s SD card to the remote server. Then remote server controls the malware to upload specific files.

“The brazen use of a trusted app’s logo shows just how aggressive malware makers are becoming. These fake apps not only put users’ data and privacy at risk, they can damage the reputation of respected developers,” TrustGo CEO, Xuyang Li said in the report. “TrustGo continually monitors new apps uploaded to more than 185 marketplaces worldwide and is able to provide App Certification and Brand Protection services that alert developers when malicious clones and apps that falsely use their logos have been found,” added Li.

According to the report, “The malware can steal an Android device user’s MS/MMS messages, video files, and SD card files, meaning the potential for sensitive, identifying information to be lifted by the malware developer is real. Stolen data is transmitted to a domain in Thornton, Colo., TrustGo said, noting the same domain hosts a malicious website.”


Aakash-2 now at an increased price

With enhanced features and specifications, the Aakash tablet will now be available at a cost almost double its introductory price.

Supposedly, the gadget failed to meet expectations of hundreds of students studying in Indian Institute of Technology all across the country. The IIT Rajasthan has released some criterion for Aakash tablet.

According to the standards released by IIT Rajasthan, the inexpensive tablet should function at a temperature of 20 degree and up to 50 degree Celsius. It also stresses the tablet to be waterproof along with enduring steep and sudden fall.

Not only this, it has specified a 1.2 Giga Hertz (GHz) microprocessor as against 366 megahertz (MHz) in Aakash and 700 RAM (Random Access Memory) megabytes, double of the original. The battery specified can run up to eight hours.

British manufacturing and marketing company ‘Datawind’ had got an order to supply the government one lakh tablets at a price of US $ 50. Reportedly, the technology companies who received orders from government to manufacture ‘Aakash’ say that it is impossible to supply a million tablets of Aakash -2 with these features at the original cost.

“Because of the higher price for a US dollar component will cost much more. Insulation costs are also very high”, quoted an officer of the public sector companies who wished to meet government’s requirement of a million tablets at the same price of US $ 50 or so.

Aakash tablet was launched in October 2011 by India’s Minister of Human Resource Development Kapil Sibal. According to reports taking round the new water and shock proof Aakash 2 with four time faster processor and better battery life will now cost US $ 100 (Rs 4900 approx.).



Copyright 2012