Archive for Google

Bell Partners with Google Cloud To Deliver Next-Generation Network Experiences For Canadians

Posted in Commentary with tags , on July 15, 2021 by itnerd

Bell Canada and Google Cloud today announced a strategic partnership to power Bell’s company-wide digital transformation, enhance its network and IT infrastructure, and enable a more sustainable future. This new, multi-year partnership will combine Bell’s 5G network leadership with Google’s expertise in multicloud, data analytics, and artificial intelligence (AI), to deliver next-generation experiences for Bell customers across Canada.

As a strategic technology partner, Google Cloud will enable Bell to drive operational efficiencies, increase network automation, and deliver richer customer experiences through the following initiatives:

  • Shifting critical workloads to the cloud: By moving and modernizing IT infrastructure, network functions, and critical applications from on-premise to Google Cloud, Bell will be able to drive greater operational efficiencies and enable better application performance.
  • Unlocking multicloud, next-generation network technology: With the combined power of Bell’s 5G network and Anthos, Google Cloud’s multicloud solution, Bell will deliver a consistent customer experience with greater automation and enhanced flexibility that scales with customer demand. The increased speed and bandwidth capacity of the Bell 5G network will support applications that can respond faster and handle greater volumes of data than previous generations of wireless technology.
  • Leveraging the power of AI, data and analytics: Bell will leverage Google Cloud’s expertise in AI and big data to gain unique insights through real-time network data analytics that will enhance the customer experience, improve service assurance, and assist with network capacity planning.     
  • Joining forces on a sustainable future: Bell and Google share a common goal to run more sustainable businesses. As the cleanest cloud in the industry, Google Cloud will contribute to Bell’s target of achieving carbon neutral operations by 2025, and reducing greenhouse gas emissions by 2030 in line with the Paris Climate Agreement.

As demands on mobile networks evolve and increase, Bell and Google Cloud will collaborate throughout the next decade on new innovations, including cloud solutions for enterprise customers and consumers powered by Google edge solutions, and enhanced customer service through automation and AI. In addition, the two companies will look at new ways to expand Bell’s existing partnership with Google to evolve the network experience and introduction of next-generation services across residential, mobile, and more.

Ok Google, You’re Getting Sued Over Play Store Abuse

Posted in Commentary with tags , on July 8, 2021 by itnerd

The attorneys general of 36 states and Washington, D.C., sued Google “alleging that the company illegally abused its power over developers that distribute apps through the Google Play store on mobile devices,” according to Bloomberg:

State attorneys general are targeting the fees Google takes from developers for purchases and subscriptions inside apps. The complaint was filed by 36 states and the District of Columbia in San Francisco federal court Wednesday. The complaint marks a new attack by government officials in the U.S. against the search engine’s business practices. The Justice Department and a group of states filed separate complaints over Google’s search business last year, while another state coalition sued over Google’s digital advertising business. The states are taking on Google even after a federal judge in Washington last week threw out their antitrust lawsuit against Facebook. That case accused Facebook of illegally crushing competition by buying Instagram and WhatsApp because it saw them as threats to its business. The judge said the states waited too long to challenge the acquisitions.

This article didn’t have anything about the states suing Apple, who has a similar app policy as Google. Actually, Apple’s stance is worse since they prevent users from side-loading apps or using alternate app stores. So this seems like a strange lawsuit to me. And I wonder if it will actually go the distance. I guess we’ll see.

UPDATE: There’s a story that outlines the accusation that Google used anticompetitive practices in an attempt to “preemptively quash” Samsung’s Galaxy Store, and prevent it from becoming a viable competitor to its own Play Store. 

This Is Bad: Apps With 5.8 Million Google Play Downloads Stole Users’ Facebook Passwords

Posted in Commentary with tags on July 3, 2021 by itnerd

I’ve said for years that the Google Play Store is a gong show as apps that have massive security issues keep ending up in the store to cause all sorts of havoc for Android users. And today I have another example of that. Google just punted a bunch of apps out of the Play Store that stole the login credentials for Facebook:

Google has given the boot to nine Android apps downloaded more than 5.8 million times from the company’s Play marketplace after researchers said these apps used a sneaky way to steal users’ Facebook login credentials. In a bid to win users’ trust and lower their guard, the apps provided fully functioning services for photo editing and framing, exercise and training, horoscopes, and removal of junk files from Android devices, according to a post published by security firm Dr. Web. All of the identified apps offered users an option to disable in-app ads by logging into their Facebook accounts. Users who chose the option saw a genuine Facebook login form containing fields for entering usernames and passwords. 

Then, as Dr. Web researchers wrote: “These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login… into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals. Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts. However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.” 

The majority of the downloads were for an app called PIP Photo, which was accessed more than 5.8 million times. The app with the next greatest reach was Processing Photo, with more than 500,000 downloads. The remaining apps were: Rubbish Cleaner: more than 100,000 downloads; Inwell Fitness: more than 100,000 downloads; Horoscope Daily: more than 100,000 downloads; App Lock Keep: more than 50,000 downloads; Lockit Master: more than 5,000 downloads; Horoscope Pi: 1,000 downloads; and App Lock Manager: 10 downloads. A search of Google Play shows that all apps have been removed from Play.

Now you can say that Google did punt these apps. And to be fair they did. But these apps have been installed thousands of times, or in some cases hundreds of thousands of times. Which means that in some cases they were on the Play Store for a while. And that’s bad. You can also say that this happens on the Apple App Store. And it does. But not to the scale that it happens on the Google Play Store. That’s something that both companies need to improve.

Google Commits $2M In Digital Skills To Help Underserved Communities Reskill For New Careers In Six Months

Posted in Commentary with tags on May 17, 2021 by itnerd

Given the current spotlight on employment and job displacements as a result of the pandemic, Google has announced a $2 million commitment to digital skills training aimed at reskilling job seekers for new careers in technology – in under six months. 

As part of a three-year grant, Google is working with NPower Canada to deliver Google Career Certificate programs, along with 5,000 need-based scholarships focusing on young adults in underserved communities. The aim is to give these Canadians the necessary skills to find entry-level, high-paying jobs in high-demand tech sectors – with no previous experience required. Google Career Certificates scholarships will be distributed by NPower Canada, in collaboration with  non-profits like Pathways to EducationToronto Public Library and the YMCA

The initiative not only focuses on providing digital skills training but on making tech jobs more accessible through an Employer Consortium, where some of Canada’s biggest employers – including Google, KPMG, TELUS and Loblaw – are jumping on board to consider Google Career Certificate program graduates for eligible jobs.

Some additional details about Google’s Career Certificate programs can be found in Google’s latest blog post.

Some Key Facts About Google Career Certificates

  • Google Career Certificates were developed by Google employees as part of Grow with Google, a global initiative designed to create economic opportunities.
  • Certificate programs are available in Data Analytics, Project Management, UX Design, IT Support.
  • Outside of NPower Canada’s programming, the certificates are delivered through the online learning platform Coursera and are available in English, with select programs available in French starting in 2022. 
  • Every certificate has been created to equip learners with theoretical and practical knowledge and real-life problem-solving skills to be successful in an entry-level technology job.

Google Adds YouTube TV Channel To Main App To Get Around Roku Related Dispute… Get Ready For Vengeance From Roku

Posted in Commentary with tags , on May 7, 2021 by itnerd

You might remember that Google and Roku were in a dispute over the YouTube TV channel that Roku has characterized as an anti-trust dispute. Then Roku pulled the YouTube TV app from Roku’s their store. To get around this, it appears that Google has added a new “Go to YouTube TV” option within the primary YouTube app on Roku which remains available to download on the streaming platform. In short, Google has put the YouTube TV channel into the YouTube channel. And by extension, they’ve now basically dared Roku to pull the main YouTube channel. The Verge has additional details:

In essence, Google has basically stuffed the YouTube TV app into YouTube itself, a solution that seems unlikely to make Roku very happy. Google says it’s “still working to come to an agreement with Roku to ensure continued access to YouTube TV for our mutual customers,” and it notes the YouTube TV app remains usable for those who already have it installed.

But in the event that things totally fall apart, Google says it’s “in discussions with other partners to secure free streaming devices in case YouTube TV members face any access issues on Roku.” A Google spokesperson told The Verge that this workaround is only for consumption of YouTube TV; customers cannot sign up for new subscriptions through the YouTube app at this time.

Roku had this to say:

Google’s actions are the clear conduct of an unchecked monopolist bent on crushing fair competition and harming consumer choice. The bundling announcement by YouTube highlights the kind of predatory business practices used by Google that Congress, Attorney Generals and regulatory bodies around the world are investigating. Roku has not asked for one additional dollar in financial value from YouTubeTV. We have simply asked Google to stop their anticompetitive behavior of manipulating user search results to their unique financial benefit and to stop demanding access to sensitive data that no other partner on our platform receives today. In response, Google has continued its practice of blatantly leveraging its YouTube monopoly to force an independent company into an agreement that is both bad for consumers and bad for fair competition.

It now seems that this dispute has gone nuclear. And I’ll be watching for the mushroom clouds.

Roku & Google Get Into Anti-Trust Fight…. And Users As Usual Are Caught In The Middle

Posted in Commentary with tags , on April 26, 2021 by itnerd

There’s some bad news for users of the Roku platform. The company is warning its customers with YouTube TV subscriptions that the service could go dark in the coming days due to what it calls Google’s “predatory” and “monopoly” behavior:

In a lengthy statement, a Roku spokesperson blasted Google’s actions in detail. The tech giant is “attempting to use its YouTube monopoly position to force Roku into accepting predatory, anti-competitive and discriminatory terms that will directly harm Roku and our users.” The company has also sent an email to customers this morning expressing the concerns. Roku is arguing that YouTube and Google are out to manipulate the user experience to siphon data and tilt search results in YouTube’s favor, among other complaints. It also maintains that Google could require Roku to spend money upgrading microchips or other equipment in order to accommodate YouTube TV. The current agreement between the companies will expire in the next few days. While the Roku statement did not specify a date, this week will see April end and May begin, a turning of the calendar that matches with most distribution contract deadlines.

The thing is that I can see this escalating quickly. For example, Google has pulled the YouTube app off of Fire TV devices before. Which means that users will be affected by this fight. So if you have a Roku device, do not be surprised if the YouTube app disappears from your device in the next few days unless these two companies can work something out.

Australia Finds Google Misled Users Over Data Collection

Posted in Commentary with tags on April 16, 2021 by itnerd

Australia’s federal court found that Google misled users about personal location data collected through Android mobile devices between 2017 and 2018, the country’s competition regulator said Friday. That would qualify as a #Fail:

The Australian Competition and Consumer Commission (ACCC) — which launched legal proceedings against Google in 2019 — said the ruling was an “important victory for consumers” with regard to the protection of online privacy. Google misled Android users into thinking the search giant could collect personal data only if the “location history” setting was on, the ACCC said. The court found that Google could still collect, store and use personally identifiable location data if the setting for “web and application activity” was on — even if “location history” was turned off. “This is an important victory for consumers, especially anyone concerned about their privacy online, as the Court’s decision sends a strong message to Google and others that big businesses must not mislead their customers,” ACCC Chair Rod Sims said in a statement.

Google is likely to appeal this. But this is a great decision that I hope that other countries copy. That would send a message that Google and other companies will notice. On top of that, I hope that Australia really lays the smack down on Google.

Google Voice Outage Caused By Expired Certificates…. REALLY?

Posted in Commentary with tags , on March 1, 2021 by itnerd

Back in mid February, Google Voice went down for about four hours. That left users unable to log in and use their Google Voice accounts. That’s a problem if you rely on Google Voice. And a lot of people and companies do given the times that we live in. Well, Google has released an incident report [Warning: PDF] and it is eyebrow raising. The outage was caused by expired TLS certificates:

Google Voice uses the Session Initiation Protocol (SIP) to control voice calls over Internet Protocol. During normal operation, Google Voice client devices aim to maintain continuous SIP connection to Google Voice services. When a connection breaks, the client immediately attempts to restore connectivity. All Google Voice SIP traffic is encrypted using Transport Layer Security (TLS). The TLS certificates and certificate configurations used by Google Voice frontend systems are rotated regularly.

Due to an issue with updating certificate configurations, the active certificate in Google Voice frontend systems inadvertently expired at 2021-02-15 23:51:00, triggering the issue. During the impact period, any clients attempting to establish or reestablish an SIP connection were unable to do so. These clients were unable to initiate or receive VoIP calls during the impact period. Client devices with an SIP connection that was established before the incident and not interrupted during the incident were unaffected.

And this is what they are going to do to stop this from happening again:

To guard against the issue recurring and to reduce the impact of similar events, we are taking the following actions:

  • Configure additional proactive alerting for upcoming certificate expiration events.
  • Configure additional reactive alerting for TLS errors in Google Voice frontend systems.
  • Improve automated tooling for certificate rotation and configuration updates.
  • Utilize more flexible infrastructure for rapid deployment of configuration changes.
  • Update resource allocation systems to more efficiently provision emergency resources during incidents.
  • Develop training and practice scenarios for emergency rollouts of Google Voice frontend systems and configurations.

Now I expect a small or medium company to have issues keeping track of when certificates that power their infrastructure expire. But for a company the size of Google to have this issue is mind blowing.

Chris Hickman, chief security officer at Keyfactor (www.keyfactor.com), a provider of cloud-first PKI as-a-Service and crypto-agility solutions has this to say:

An outage happens when expired certificates fail to authenticate or establish secure communication tunnels. A certificate expiration on its own is not necessarily a security response incident but is disruptive and can lead to outages like that experienced by Google Voice customers. Certificate expiration is an important mechanism to make sure certificates are still being issued to a valid system, similarly to why a driver’s license or passport needs to be renewed periodically. It offers a check and balance system, in the form of workflow and approvals, to maintain legitimacy and authorization. Changes implemented last year by the CA/B forum reduced the lifetime of an SSL/TLS certificate to 398 days and therefore has compounded the issue of keeping up with expiring certificates.

Recent research found that 73% of enterprise respondents experienced unplanned downtime and outages due to mismanaged digital certificates. More than half of those organizations said they experienced four or more certificate-related outages in the past two years. Service outages due to expired certificates are fairly common – and avoidable. Whether you’re a large enterprise or a small business, certificates expire. The key is maintaining visibility to every certificate on the network to stay ahead of expirations and renewals or better yet, using automation to ensure certificates are renewed prior to expiration without the need for human intervention.

These steps can help IT teams avoid similar outages and potential disruptions: 

  • Conduct an audit to understand how many digital certificates the organization has.
  • Build an inventory to identify where certificates live and what they’re used for. 
  • Document the hash algorithm they use and their overall health. 
  • Flag certificate expiration dates. 
  • Assign or note who owns every certificate.
  • Map the methods used to protect valuable code-signing certificates. 
  • Ensure a centralized method is used to securely update every certificate.”

Maybe Google should reach out to Keyfactor as clearly this is a weak point for them.

TELUS & Google Announce Strategic Alliance

Posted in Commentary with tags , on February 9, 2021 by itnerd

Google Cloud and TELUS today announced a strategic alliance to co-innovate on new services and solutions that support digital transformation within key industries, including communications technology, healthcare, agriculture, security, and connected home. The 10-year collaboration will also accelerate TELUS’ IT and network modernization initiatives, enabling further operational agility and supporting improved customer experiences. 

As part of the partnership, TELUS and Google will collaborate on the following initiatives:

  • Reimagining the future through co-innovation: Google Cloud and TELUS will generate new industry solutions and go-to-market strategies that will drive growth in adjacent industries, commencing with communications technology, healthcare, agriculture, security and automation. One of the areas of focus will be on redefining the way healthcare and agriculture solutions are delivered, increasing collaboration and efficiency between healthcare providers, providing consumers with fresher and healthier food by improving traceability, and enabling business customers to streamline their IT and network operations. Both companies will also collaborate on the evolution of entertainment and smart home technology, bringing state-of-the-art connectivity, control, and convenience to more families and businesses.
  • Accelerating TELUS’ digital transformation: TELUS will accelerate its public cloud adoption on Google Cloud’s enterprise platform to drive greater operational efficiency of its core IT and network infrastructure. Through this partnership, Google Cloud will also become one of TELUS’ partners in the delivery of 5G services and Multi-Access Edge Computing (MEC), which leverages Google Cloud’s managed application platform, Anthos. TELUS will utilize Google Cloud Contact Center AI to reinvent the customer experience, improving customer interactions and realizing significant savings. To increase growth opportunities, TELUS can expect enhanced agility, scalability, and reliability across its wireless and wireline services and numerous lines of business including security, agriculture and healthcare. 
  • Embracing sustainability and social responsibility: As recognized global leaders in corporate social responsibility, TELUS and Google Cloud will prioritize working together to improve the social, economic, environmental, and health outcomes for Canadians. TELUS and Google Cloud will strengthen their respective commitments to building a more sustainable world through technology by reducing TELUS’ carbon footprint, creating value along the entire supply chain for businesses significantly impacted by COVID-19, and optimizing industry solutions for social impact through data analytics and machine learning.

TELUS and Google will continue to partner with TELUS International, a digital customer experience (CX) innovator that designs, builds and delivers next-generation solutions for global and disruptive brands, to help enterprises achieve their digital transformation goals.

Microsoft Defender ATP is Detecting Yesterday’s Chrome Update As A Backdoor Trojan

Posted in Commentary with tags , on February 3, 2021 by itnerd

While there are some that say Google’s software is a backdoor to them gathering as much info on you as possible, this is the first time that I have ever heard of antivirus software actually flagging Google software as a backdoor trojan. Microsoft Defender Advanced Threat Protection (ATP), the commercial version of the ubiquitous Defender antivirus and Microsoft’s top enterprise security solution, is currently having a bad day and labeling yesterday’s Google Chrome browser update as a backdoor trojan:

The detections are for Google Chrome 88.0.4324.146, the latest version of the Chrome browser, which Google released last night. As per the screenshot [embedded in the linked story], but also based on reports shared on Twitter by other dismayed system administrators, Defender ATP is currently detecting multiple files part of the Chrome v88.0.4324.146 update package as containing a generic backdoor trojan named “PHP/Funvalget.A.” The alerts have caused quite a stir in enterprise environments in light of recent multiple software supply chain attacks that have hit companies across the world over the past few months. System administrators are currently awaiting a formal statement from Microsoft to confirm that the detection is a “false possitive” and not an actual threat.

The consumer version isn’t behaving the same way. Thus my assumption is that this is a mistake by Microsoft in terms of it’s detection engine and we should have official confirmation of that at some point. Until then, the safe thing to do is to wait until Microsoft comments publicly on this just in case it is a real threat.