13 Best Mobile Game Controllers (2024): iPhone or Android



firebase google authentication android example :: Article Creator

Google Issues Fix For Android ClientLogin Authentication Flaw

serious ClientLogin authentication protocol vulnerability in its Android operating system

Google said it would start implementing a server-side patch last week, which will be automatically installed on Android operating systems without any user interaction.

"We're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days," Google said in a statement last week.

"The great news is that it doesn't require a software update on the Android devices themselves - meaning the fix is automatic and worldwide. Effectively this is a silent fix," said Graham Cluley, Sophos senior technology consultant, in a blog post .

The security flaw, detected earlier this month by researchers from the University of Ulm in Germany, occurred in the way that Android apps use the ClientLogin authentication feature to access any number of Google services. Security experts contend that the flaw affects at least 97 percent of Android smartphones.

During a sidejacking attack, hackers could capture authentication tokens if the authToken request is sent over an unencrypted http connection for any Google service that uses the ClientLogin protocol. Hackers could then impersonate a user to log onto numerous personal Web applications such as Google Calendar, Contacts, and Picassa as well as third party apps such as Facebook and Twitter.

The server-side fix will essentially equip Android with the more secure HTTPS protocol when connecting to the Internet. The HTTPS automatically encrypts transmitted data when users access Web services such as Google Calendar, subsequently preventing authentication tokens from being intercepted by hackers.

While Android OS users running the latest version 2.3.4 are protected against these kinds of sidejacking attacks, the vast majority are still using the vulnerable older versions of the operating system.

Thus far, no active attacks exploiting Android's ClientLogin authentication flaw have been detected in the wild.


Google Play Store Purchases Will Use Biometric Authentication Soon

Google will give you the option to use biometric authentication when making purchases on the Google Play Store. This will be an alternative to using the synced Google account password. The Android OS developer has started sending out email notifications alerting Android smartphone users about the upcoming change.

Google Play Store will let you use biometric authentication to authorize payments

Google has started sending out emails to Android smartphone and smart device owners. The email is reportedly encouraging users to switch on biometric authentication for purchases made on the Play Store. The email states:

"On Google Play, you can set biometrics (fingerprint or face) as your purchase verification method on mobile devices that have biometric capability. If you set biometrics, it means you'll be asked to verify it's you with biometrics each time you make a purchase through Google Play."

Enabling biometric verification for purchases in the Play Store currently requires a password rather than confirming biometrics with your finger or face.

Google is going to fix this nonsense soon. I think "Finally!" is well-deserved here.Https://t.Co/3YASu1i808 pic.Twitter.Com/2Jq56ZztYe

— Artem Russakovskii (@ArtemR) April 12, 2024

Google hasn't switched over to biometric authentication entirely. Moreover, the company isn't flipping the switch for everybody. Instead, Google has indicated that the change will take place over the next few weeks.

"In the coming weeks, there will be a change in how you confirm your setting when you choose biometric verification. For mobile devices, when you're asked to confirm this setting, you'll use your fingerprint or face instead of your Google Account password."

Is Google making biometric authorization mandatory?

The email from Google states that switching on biometric authentication is voluntary. In other words, the search giant is merely urging Android device users to adopt a better and more secure method of authorization.

Currently, if you want to enable the "Biometric Verification" feature in the Play Store settings, you need to enter your Google Account password. This might seem a bit redundant, especially when unlocking your phone already involves a secure biometric method. Google's update… https://t.Co/LH0w3GHclr

— PiunikaWeb – Everything Google Pixel (@PiunikaWeb) April 16, 2024

Google has been offering biometric authorization support for about 10 years now. Simply put, using a registered fingerprint or face to unlock a supported Android device and authorize transactions isn't new. However, it appears Google is streamlining and simplifying the process, and this does enhance convenience. Incidentally, Google recently mandated every Google Wallet transaction would need authorization.

Opting to authorize with just a glance or a thumbprint is indeed way more convenient than typing in a password. However, Google has warned about the pitfalls of relying solely on biometric authentication.

Android smartphone users often register multiple fingerprints, including those of their spouses and children. Needless to say, this is risky. Moreover, with Google pushing hard for biometric authorization, anybody could authorize a payment with their registered fingerprint.

Hence, moving forward, it would be wise to limit fingerprint registration to responsible adults. Meanwhile, children could be given devices on which biometric authentication is disabled.


Appdome Extends Build2Test For Google Firebase Robo Test

Firebase Extension Expands Developer Choice and Streamlines Automated Testing of Appdome-Protected Android and iOS Mobile Apps in DevOps Pipelines

SINGAPORE, April 17, 2024 /PRNewswire/ -- Appdome, the mobile app economy's one stop shop for mobile app defense, today announced at Black Hat Asia an extension to its Build2Test automated testing option for Google Firebase Robo Test. The extension enables mobile developers, DevOps and QA teams with more mobile app testing choices and streamlines the testing of Appdome-protected mobile apps using Google Firebase Robo Test.

Appdome logo (PRNewsfoto/Appdome)

The Appdome Build2Test capability enables automated functional testing of Appdome-secured mobile applications inside mobile app testing services like Google Firebase Robo Test. With Build2Test, Appdome-protected mobile apps recognize when trusted automated mobile app testing suites are in use and allow automated testing of the secured mobile apps without interruption. The service logs all security events triggered by Google Firebase Robo Test so the developer can track and monitor all mobile app defenses in the QA, test, and release lifecycle. The Appdome Build2Test service is part of the Appdome Dev2Cyber initiative and is designed to accelerate the delivery of secure mobile apps globally.

"Earlier this year, Appdome was the first mobile app security vendor to be named as a DevOps platform leader," said Chris Roeckl, Chief Product Officer at Appdome. "Adding Google Firebase Robo Test as another option in Build2Test takes us one step closer to solving one of the last operational challenges of releasing secure mobile applications at scale."

In continuous integration, continuous delivery (CI/CD) pipelines, mobile app quality assurance is done via automated testing services so the functionality of the mobile app can be validated across hundreds or thousands of real-world mobile devices and OS versions. However, automated testing services can also leverage methods and tools that violate cybersecurity policies or that cybersecurity professionals find problematic and dangerous such as emulators, virtualization, resigning, debugging, dual spaces, Magisk and more. Once security protections are added to a mobile app, they can detect these methods and tools, and the resulting cyber defense may prevent testers from using these automated testing services. The new Appdome Build2Test for Google Firebase Robot Test allows Appdome-protected mobile applications to recognize the Google testing vendor and securely complete testing runs without interruption.

Story continues

"We support the mobile development community by ensuring all Appdome-secured mobile apps deliver an amazing user experience," said Karen Hsu, SVP Mobile DevOps and Security at Appdome. "Adding Google Firebase Robo Test to Appdome's Build2Test opens up this bedrock service and empowers developers to ensure the highest quality and stability of their protected applications with ease."

Advantages of the Appdome Build-to-Test for Google Firebase Robo Test include:

  • Enables fully automated QA testing for Appdome-protected mobile apps

  • Trusted mobile app testing services with Google Firebase Robo Test

  • Visualize Build2Test data for Google Firebase Robo Test and other mobile app testing services in Appdome ThreatScope™ Mobile XDR

  • Eliminate the need to test protected and unprotected builds separately

  • Continuously protect mobile app builds with Appdome defenses to ensure faster releases with improved DevSecOps compliance

    • Stop by booth #400 to see the Appdome unified mobile app defense platform in action at Black Hat Asia in Singapore on April 17-18.

    For more information on how to use Appdome Build2Test with Google Firebase Robo Test, please see this knowledge base article for Android and this knowledge base article for iOS.

    About Appdome 

    The Appdome mission is to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry's only Unified Mobile App Defense platform,

    Learn more at www.Appdome.Com.

    Cision

    View original content to download multimedia:https://www.Prnewswire.Com/news-releases/appdome-extends-build2test-for-google-firebase-robo-test-302118589.Html

    SOURCE Appdome

    View comments





    -

    Comments

    Post a Comment

    Popular Posts

    Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

    Image
    Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
    Read more

    WhatsApp beta update seeks to remind everyone why encryption is so vital - iMore

    WhatsApp beta update seeks to remind everyone why encryption is so vital - iMore WhatsApp beta update seeks to remind everyone why encryption is so vital - iMore 5 features your next cloud storage provider needs to offer - TechRadar This Week In Security: Pacman, Hetzbleed, And The Death Of Internet Explorer - Hackaday Anonymity Online Is In - The Atlantic What is a Cyberattack? Types and Defenses - eSecurity Planet Best Private Instagram
    Read more

    VPN browser extensions: Why you shouldn't use then - Tech Advisor

    VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
    Read more