The situation with malicious apps on Android is so grime that Google had to ally with third-party security firms in order to provide increased security for users of the world's most popular mobile OS.
On the other hand, the firm partnered with one of the largest health systems in the U.S and received access to medical records of tens of millions of U.S citizens, dire news for their online privacy.
Finally, WhatsApp continues to be targeted by hacking attacks, the latest giving potential hackers access to users’ private files by sending a malicious video file over the messaging app.
Android malware problem led Google to partner with three antivirus firms and to create an App Defense Alliance
Android has a serious malware problem.
The openness of the system doesn’t help since the presence of third-party app stores is a perfect way for malicious apps to find their way to mobile devices of unsuccessful users.
Worse still is the fact that many apps that get approved by Google and that find their way to the Play Store also end up carrying malicious code.
The situation is so serious Google decided the company cannot handle the issue on itself, leading to them asking for help from three security firms.
A couple of weeks ago Google partnered with ESET, Lookout, and Zimperium and created a new entity called the App Defense Alliance.
The main job of the new alliance will be preventing malicious apps from reaching the Google Play Store in the first place. The three firms will implement their scanning and threat detection tools to increase the security of the biggest app store in the world.
"What the App Defense Alliance enables us to do is take the open ecosystem approach to the next level. We can share information not just ad hoc, but really integrate engines together at a digital level, so that we can have a real-time response, expand the review of these apps, and apply that to making users more protected," explained Dave Kleidermacher, Google's vice president of Android security and privacy.
In other words, each company will use its own threat detection system to search for potentially dangerous apps and by integrating the said systems apps will have to pass three levels of the security scan, hopefully removing every malicious app before it can inflict damage to users.
ESET features a cloud-based engine that includes a repository of known malicious binaries paired with various tools to scan and assess potentially dangerous apps.
Zimperium has a scanning engine capable of creating a profile of potentially malicious behaviors.
And Lookout owns a huge collection of more than 80 million binaries along with telemetry tools that are used to recognize the malicious activity.
Integrating these systems wasn’t easy with Google spending some time searching for the best potential partners for the project.
Lookout CEO Jim Dolce explained that "Google narrowed down the vendors that they wanted to engage with and everyone did a pretty elaborate proof of concept to see if there's any added benefit, and if we find more bad stuff together than either of us is able to independently," adding that "We were sharing data over a period of a month—millions of binaries effectively. And the results were very positive."
At the moment it isn’t certain whether the newly founded App Defense Alliance will actually reduce the number of malware apps on Android but according to Kleidermacher, "When you’re at the massive scale that we have in these platforms, when you can get even 1 percent incremental improvement it matters." And we concur, any notable decrease in the number of malicious apps on Android would be considered a success.
Google partners with Ascension, gets access to medical data of tens of millions of Americans
Another Google-related headline isn’t so positive.
The Wall Street Journal uncovered that Google has private medical records of tens of millions of Americans, the result of the company’s partnership with Ascension, one of the biggest medical systems in the U.S.
The deal took place during last year and, what’s interesting, neither patients or physicians were notified about the fact that Google now has access to their complete medical data.
That includes diagnoses, hospitalization records, patient names, and birth dates as well as many other forms of medical data that should be held private.
Instead, since Google and Ascension partnered, 150 Google employees gained access to the data, which is a major impact on those patients’ privacy.
The partnership, codenamed “Project Nightingale” allows Google to use medical data to train its machine learning-based software so it can make accurate care suggestions to patients as well as developing a cloud-based tool capable of hosting a repository of patient data that can be searched and examined massive amounts of data quickly and efficiently.
This would allow Google to put its foot in the health industry, by marketing its cloud-based, AI-driven solution to other private health systems.
On the other side of the line we have Ascension, aimed to use the project for perfecting patient care, and also increasing revenue from patients with the help of Google medical software.
Ascension issued a statement – after The Wall Street Journal piece got published – in which they explained that “As the healthcare environment continues to rapidly evolve, we must transform to better meet the needs and expectations of those we serve as well as our own caregivers and healthcare providers. Doing that will require the programmatic integration of new care models delivered through the digital platforms, applications, and services that are part of the everyday experience of those we serve.”
According to health privacy experts contacted by The Wall Street Journal, the project is legal under the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Legal or not, the news again raises concerns about tech giants and their increased levels of access to private data that should stay private.
WhatsApp latest security flaw allows hackers to access private data by sending MP4 videos to potential victims
The last piece of news regards WhatsApp-related security flaw capable of giving hackers access to personal files on affected devices.
The issue was tied to a malicious MP4 video file, which could’ve given potential attackers access to private data after they would send the video to a victim’s device over WhatsApp.
According to Facebook (which owns WhatsApp) the security flaw in question was successfully patched in the latest WhatsApp version and all users are advised to update the app.
The latest WhatsApp issue got the attention of Pavel Durov, creator of Telegram, another messaging app that prides itself in high security and encryption of messages.
"Unless you are cool with all of your photos and messages becoming public one day, you should delete WhatsApp from your phone,"- Pavel Durov, creator of Telegram
P. Durov shared a statement on his Telegram channel, advising his followers that “Unless you are cool with all of your photos and messages becoming public one day, you should delete WhatsApp from your phone,” further explaining that “Facebook has long been part of surveillance programs, long before it acquired WhatsApp.” He followed the statement with two pieces linking WhatsApp with the infamous PRISM revelation by Edward Snowden back in 2013.
While Facebook updated the latest flaw, the company cannot deny that WhatsApp has a long history of security flaws that endangered its users.
Everything from deficiencies in the signup process to malicious tools capable of reading other people’s WhatsApp messages to dangerous security flaws WhatsApp was constantly in the news regarding its security and privacy flaws for the last eight years.
And this isn’t the first time Pavel Durov criticized WhatsApp.
Back in May, he explained that WhatsApp will always be prone to security breaches and that Facebook’s claim about end-to-end encryption is fallible since messages lose their encryption when they are backed-up.
At the end of the day, WhatsApp’s history of security breaches is deeply concerning but the fact probably won’t affect its massive popularity.