Tuesday January 21, 2020
Home Lead Story Google Slamme...

Google Slammed for Tricking Users to View Infected PNG Images

PNG is a raster-graphics file-format that supports lossless data compression.

0
//
google, ban, ads, unproven techniques
Google has announced to ban online ads for 'unproven or experimental medical techniques.' Pixabay

Google is reportedly being slammed by security experts following the disclosure of a vulnerability that has exposed Android to the risk of being compromised by infected images.

Revealed in Google’s February security update, the flaw leaves Android systems compromised with a modified Portable Network Graphics (PNG) that could trick users into viewing an infected image, Android Headlines reported on Saturday.

PNG is a raster-graphics file-format that supports lossless data compression. The security flaw affects devices running Android 7.0 Nougat and newer versions of the software.

PNG images trick users to view infected images.
Google slammed for risking Android with infected PNG images. Pixabay

According to experts, the root cause of this alarming vulnerability has been a light approach to media content on Google’s part.

The new firmware is currently only available on the Pixel handsets and a small number of Android One devices that run a stock version of the operating system (OS), the report informed.

ALSO READ: Addition of ‘Interpreter’ Mode on Google Assistant

However, Google’s February security update addresses the issue, but the global rollout of the security patch is expected to take more time. (IANS)

Next Story

50 Privacy Groups Ask Google CEO Sundar Pichai to Safeguard Android Users

Google was yet to reply to the Open Letter

0
privacy, google
FILE -Google CEO Sundar Pichai speaks during the keynote address of the Google I/O conference in Mountain View, Calif., May 7, 2019. VOA

More than 50 privacy groups including American Civil Liberties Union (ACLU) and UK-based Privacy International have called on Google and Alphabet CEO Sundar Pichai to take action against pre-installed ‘bloatware’ on Android devices as they pose security risk to customers.

“Android Partners – who use the Android trademark and branding – are manufacturing devices that contain pre-installed apps that cannot be deleted (often known as ‘bloatware’), which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent,” Privacy International said in a statement.

These phones carry the “Google Play Protect” branding, but research shows that 91 per cent of pre-installed apps do not appear in Google Play Store.

These pre-installed apps, said the Open Letter, can have privileged custom permissions that let them operate outside the Android security model.

“This means permissions can be defined by the app – including access to the microphone, camera and location – without triggering the standard Android security prompts.

“Users are, therefore, completely in the dark about these serious intrusions,” the privacy groups lamented.

Google CEO Sundar Pichai
Google CEO Sundar Pichai. (Wikimedia Commons)

They asked Pichai to allow Android users permanently uninstall the apps on their phones, including any related background services that continue to run even if the apps are disabled.

Pre-installed apps should adhere to the same scrutiny as Play Store apps, especially in relation to custom permissions, they added.

Pre-installed apps should have some update mechanism, preferably through Google Play and without a user account.

Also Read: Loneliness as Dangerous as Smoking or Obesity: Researchers

“Google should refuse to certify a device on privacy grounds, where manufacturers or vendors have attempted to exploit users in this way,” the privacy groups added.

Google was yet to reply to the Open Letter. (IANS)