Google to shut down Google+ and Inbox on April 2





After its social media website Google+, the company has announced that they are now shutting down its Inbox app.

Google will start notifying all its users about the closure of its Inbox from March 18th through a pop-up screen that will pop up every time users will be on the app.

The notification will also include a link to the Gmail app to ensure that it does not disappoint its users. Gmail has recently updated its app with new eye-catching features like Smart Reply, Smart Compose, and Follow-ups.

Now, it is really difficult to find Inbox by Gmail on the Google Play Stores.

The notification released by Google reads:
“This app will be going away in 13 days,” the alert reads. “You can find your favorite inbox features in the Google app. Your messages are already waiting for you.”

While on their official website Google said:

“Inbox is signing off. Find your favorite features in the new Gmail. We are saying goodbye to Inbox at the end of March 2019. While we were here, we found a new way to email with ideas like snooze, nudges, Smart Reply and more. That’s why we’ve brought your favorite features to Gmail to help you get more done. All your conversations are already waiting for you. See you there.”

Google fined by EU for blocking its rivals advertisements



Google has been imposed fine of  $1.68 billion (1.49 billion euro/£1.28billion) by European Union regulators for blocking the advertisement of rival search engine companies.

This is the third time in the last two years when the company has been fined multi-billion dollar by the EU antitrust.

The EU's commissioner, Margrethe Vestager, notified the company about their decision at a news conference in Brussels on Wednesday.

'Today's decision is about how Google abused its dominance to stop websites using brokers other than the AdSense platform,' Vestager said.

According to the probe, the Google and its parent company, Alphabet,  violated the EU antitrust rules by limiting the contract clauses with other websites which uses AdSense, the clauses prevented websites from placing ads of Google rival companies.

The company 'prevented its rivals from having a chance to innovate and to compete in the market on their merits,' Vestager said.

'Advertisers and website owners, they had less choice and likely faced higher prices that would be passed on to consumers.'

Just after the announcement of fine, the company said that they have made several changes and will make a number of other changes to address EU antitrust regulators' concerns.

'We've always agreed that healthy, thriving markets are in everyone's interest,' Kent Walker, senior vice-president of global affairs, said in a statement.

'We've already made a wide range of changes to our products to address the Commission's concerns.

'Over the next few months, we'll be making further updates to give more visibility to rivals in Europe,' he continued.

Google Maps, Gmail, Drive, Facebook and Instagram Suffered Outage




Google addressed an influx of complaints it received from the users regarding the misbehavior of its popular services like Gmail, YouTube, and Google Drive among others. Users all across the world were troubled by the outage of the services they heavily rely upon for various day-to-day activities. 

Though the cause of the outage has not been confirmed, the issues of the users were addressed by Google.

Besides Google, Youtube has also received complaints by its users which it addressed on Twitter telling them that the platform is aware of the service disruption and the problems faced by its users. Alongside, YouTube assured the sufferers that it is already looking into the matter and will come up with a fix.

Notably, YouTubers and content creators were facing problems while uploading videos and viewers were unable to watch the videos smoothly.

Addressing the issues with Google Drive, the company said, “We’re investigating reports of an issue with Google Drive. We will provide more information shortly. The affected users are able to access Google Drive, but are seeing error messages, high latency, and/or other unexpected behavior.”

Similarly, for Gmail, the company stated, we’re investigating reports of an issue with Gmail. We will provide more information shortly. The affected users are able to access Gmail but are seeing error messages, high latency, and/or other unexpected behavior.

Furthermore, Google mentioned in its G Suite Status Dashboard that the issue has been rectified and the services, i.e., Gmail and Google Drive will be functioning properly soon.

“The problem with Google Drive should be resolved. We apologize for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better.”

While acknowledging the disruptions faced by its Cloud Engine, Google said, “We are still seeing the increased error rate with Google App Engine Blobstore API. Our Engineering Team is investigating possible causes. Mitigation work is currently underway by our Engineering Team. We will provide another status update by Tuesday, 2019-03-12 20:45 US/Pacific with current details.”

On the other hand, Facebook was down for more than 14 hours due to which millions of users across the globe were denied access to the platform. It was on Thursday morning, Facebook along with its associated apps seemed to be regaining operational status.

While Facebook is yet to provide an explanation for the services being disrupted, it said, "We're aware that some people are currently having trouble accessing the Facebook family of apps,"
"We're working to resolve the issue as soon as possible."

Being fallen prey to the same crisis, the issues faced by Instagram users included not being able to refresh the feed and other glitches while accessing the content.

Commenting on the matter, Elizabeth Warren, a potential Democratic candidate in the next US presidential election, said in a statement to New York Times, "We need to stop this generation of big tech companies from throwing around their political power to shape the rules in their favor and throwing around their economic power to snuff out or buy up every potential competitor."








Google’s security program has caught issues in 1 million apps in 5 years

Security is a common concern when it comes to smartphones and it has always been especially important for Android. Google has done a lot over the years to change Android’s reputation and improve security. Monthly Android security patches are just one part of the puzzle. Five years ago, the company launched the Application Security Improvement Program. Recently, they shared some of the success they’ve had.

First, a little information on the program. When an app is submitted to the Play Store, it gets scanned to detect a variety of vulnerabilities. If something is found, the app gets flagged and the developer is notified (above). Diagnosis is provided to help get the app back in good standing. Google doesn’t distribute those apps to Android users until the issues are resolved.

Google likens the process to a doctor performing a routine physical.

Google recently offered an update on its Application Security Improvement Program. First launched five years ago, the program has now helped more than 300,000 developers fix more than 1 million apps on Google Play. In 2018 alone, it resulted in over 30,000 developers fixing over 75,000 apps.

In the same year, Google says it deployed the following six additional security vulnerability classes:

▬ SQL Injection

▬ File-based Cross-Site Scripting

▬ Cross-App Scripting

▬ Leaked Third-Party Credentials

▬ Scheme Hijacking

▬ JavaScript Interface Injection

The list is always growing as Google continues to monitor and improve the capabilities of the program.

Google originally created the Application Security Improvement Program to harden Android apps. The goal was simple: help Android developers build apps without known vulnerabilities, thus improving the overall ecosystem.

Google understands that developers can make mistakes sometimes and they hope to help catch those issues for years to come. Security will continue to be a big talking point as technology evolves. It’s important for users to be able to trust the apps on their phones.

Google refuses to delete "Absher" that allows men to track women





Google has refused to remove a Saudi Arabia government app "Absher" that allows men to track and control women's movements.

After reviewing the app, the company said that the software does not violate any of its agreement, and terms and conditions.

The tech giant has conveyed their decisions to the office of Representative Jackie Speier, a California Democrat who, with other 13 colleagues in Congress, demanded the removal of the app from the Google Play store.

The app allows men guardians of the women to a state where their dependents can go, for how long and which airports they can visit.

If a woman leaves a certain area, then immediately an alert is triggered to their male guardians.

The app has been criticized for its oppressive nature. It was initially designed for  Saudi citizens to access e-government services, but it also allows men to track their female dependents and migrant workers, in order to track their movements and restrict their free passage through passport data.

The app is available on both Google Play Store and Apple App Store.

However, Apple says it is still reviewing Absher. 

Google updates Google Play Protect


Google has made some significant changes to Google Play Protect for protecting Android users from unwanted and malicious apps.

The company has launched the Google Play Protect feature in 2017, it performs the following functions:


  •  It does a safety check for apps before users download it from the Google Play Store.
  •  It  also checks for potential harmful apps available from the other sources 
  •  It warns and detect potentially harmful apps, and removes malicious apps from your device.
  •  It warns about apps that violate our Unwanted Software Policy by hiding or misrepresenting important information.


In a blog post, Google said that Google Play Protect has protected over 2 billion devices every day.

"Google Play Protect is the technology we use to ensure that any device shipping with the Google Play Store is secured against potentially harmful applications (PHA)," stated Google's blog post. "It is made up of a giant backend scanning engine to aid our analysts in sourcing and vetting applications made available on the Play Store, and built-in protection that scans apps on users' devices, immobilizing PHA and warning users."

Google has enabled Google Play Protect by default for all Google Play users, but a user can also confirm that Google Play Protect is enabled by going into the Play Store, tapping, and tapping Play Protect.

Google’s Nest Secure had a built-in microphone no one knew about


After the hacking fiasco a few weeks ago, Nest users have been more on edge about their security devices than ever before. The recent discovery of a built-in, hidden microphone on the Nest Guard, part of the Nest Secure security system, has only served to further exacerbate those concerns.

Alphabet Inc's Google said on February 20 it had made an "error" in not disclosing that its Nest Secure home security system had a built-in microphone in its devices.

Consumers might never have known the microphone existed had Google not announced support for Google Assistant on the Nest Secure. This sounds like a great addition, except for one little problem: users didn’t know their Nest Secure had a microphone. None of the product documentation disclosed the existence of the microphone, nor did any of the packaging.

Earlier this month, Google said Nest Secure would be getting an update and users could now enable its virtual assistant technology Google Assistant on Nest Guard.

A microphone built into its Nest Guard alarm/motion sensor/keypad wasn't supposed to be a secret, Google said after announcing Google Assistant support for the Nest Secure system but the revelation that Google Assistant could be used with its Nest home security and alarm system security was a surprise.

“The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part. The microphone has never been on and is only activated when users specifically enable the option,” Google said.

Google’s updated product page now mentions the existence of the microphone.

If your first thought on hearing this news is that Google was spying on you or doing something equally sinister, you aren’t alone. Ray Walsh, a digital privacy expert at BestVPN.com, said “Nest’s failure to disclose the on-board microphone included in its secure home security system is a massive oversight. Nest’s parent company Google claims that the feature was only made available to consumers who activated the feature manually. Presumably, nobody did this; because the feature wasn’t advertised.

Google’s Research App- 'Screenwise Meter' To Encroach Apple’s Policies?



Apparently, a research application was being run by Google, which could potentially violate Apple’s policies, the same way Facebook once did.

“Screenwise Meter” is the name of the infamous application, so being mentioned.

It’s an invitation-only program which works on collecting data and its monitoring onto phones and in return guarantees gift cards.

The application uses an “Enterprise Certificate”, named “Sideload” which was revoked from Facebook.

Due to this revocation, a lot of havoc was wreaked within the ‘employee-only’ apps of Facebook on iPhones.

After what happened with Facebook, there were likewise chances of Google’s certificate being revoked by Apple too.

But before that could happen, Google, shut its ‘Screenwise Meter’ down and apologized for putting the application into Apple’s Enterprise Program in the first place.

The application was always meant to be voluntary, cited one of the spokespersons of Google, and also that it has now been entirely disabled on all the iOS devices.


Casthack Exploits A Weakness In The Universal Plug And Play (Upnp) Networking Standard




Pair of ethical hackers known as CastHack have reportedly figured out how to hijack an apparent high number of Chromecast dongles cautioning their users about yet another security threat. This risk clearly attacks Google's Chromecast streaming devices driving users to play any YouTube video of the attacker’s choice.

The hackers, went on to display a message cautioning users about the security defect alongside a link clarifying how it can be fixed, at the same time requesting that users subscribe in to a prominent YouTuber PewDiePie.

CastHack exploits a shortcoming in the Universal Plug and Play (UPnP) networking standard in specific routers, which permits a part of the connected devices that are accessible on the web. The bug though, can be effectively fixed by disabling UPnP on the Internet router.

The company however says that it’s a 'flaw'  that influences the routers instead of the Chromecast itself, therefore it isn't Google's fault in the least.

Regardless, this new risk to Chromecast isn't the first as there have been many comparable issues before. To be specific in 2014 and 2016, when the security firm Bishop Fox had revealed that it could effectively gain control of a Chromecast by disengaging it from its present Wi-Fi system and returning it to a factory state and when another cyber security firm called Pen Test Partner affirmed that the gadget was as yet defenseless against such comparable attacks.


Google Wins a Dismissal of a Lawsuit over the Biometric Privacy Act


The world's largest search engine had a lawsuit filed against it by its users, allegedly stating that Google had violated the privacy of its users by utilizing facial recognition software to examine their photos without their consent.

U.S. District Judge Edmond E. Chang in Chicago dismissed it referring to an absence of "concrete injuries" to the offended parties.

The original suit was known to have been documented in March 2016, a user sued Google for supposedly transferring their information to Google Photos by means of using the facial recognition software and further scanning it in order to create a template of their face without their permission, all the while crossing paths with a unique Illinois law.

In spite of the fact that Google is the first among those well-known who violated the law explicitly as Snapchat and Facebook also have had faced lawsuits for the same ,  Google emerges as the first to prevail upon a dismissal of a lawsuit over the biometric security act.

Google's triumph comes in the midst of open public backlash against the U.S. technology goliaths over misusing of user information and expanded the further examination of privacy policies.


Bug in Google Breaking Search Result Links




Discovered by a Twitter account of the site wellness-heaven.de , there exists a bug in Google Search known to break the search results when utilizing Safari in macOS if the connection contains a plus symbol.


First observed on around September 28th, when there was critical drop in the site's activity from Safari users.For example, on the off chance that you search for a specific keyword and one of the search results contains a plus symbol, similar to https://forums.developer.apple.com/search.jspa?q=crash+app+store&view=content,
then when you tap on the connection it won't do anything.

At the point when the issue was accounted for to John Mu, a webmaster trends analyst at Google, he answered back that it was undoubtedly unusual and that he would pass on the bug report.

The BleepingComputer could affirm this bug utilizing the search results for Apple found on Safari in macOS Sierra. They have likewise reached out to Google as well for more comments in regards to this bug, however did not heard back.

This bug is likewise influencing Firefox 61.0.1 in macOS, however seems, by all accounts to be working fine with Chrome 69.


Anyway, it is recommended for the users who may have seen a plunge in traffic beginning around September 28, to check their analytics software to decide whether this is originating from Safari users being unable to click on their links.


Wordpress Websites Compromised; Injected With JavaScript Code



A recent decision from Google to prohibit technical support advertisements from unverified operators leads to the trading off of thousands of Wordpress websites on the while being injected with JavaScript code that side-tracks users to these technical support scam pages.

Jérôme Segura of Malwarebytes was the one who pinned the attacks as they began in early September. He observed a substantial encoded ad spot, usually in the HTML header, or one line of code indicating the external JavaScript code.


The code in the HTML header would deobfuscate to something like this:


Attackers utilize the technique in order to imitate the practices of lawful organizations and use a legit advertisement platform for the promotion of their technical support services, which additionally paints them as reliable according to the potential victim.

The as of late observed attacks take after the classic formula to persuade users to call for technical support: a divert to a page demonstrating a notice about viruses running uncontrolled on the PC, and an advantageous toll-free support phone number.

Segura while talking with the Bleeping Computer says that, "We are  pushing ads for some geolocations and user agents, we’ve also seen campaigns designed to redirect to websites that inject the CoinHive JavaScript miner, allowing the attacker to spend the resources of users' computers to mint Monero cryptocurrency for as long as the compromised page is opened.”

A few sites apart from Malwarebytes have also likewise recognized the compromised 'wp_posts' table of the WordPress database, which stores all the content posts, pages, and their corrections, alongside navigation menu item, media records, and substance utilized by plugins.


Spectre Rises Yet Again With a Vulnerability In Tow


Spectre ,a class of vulnerabilities in the theoretical execution mechanism utilized in present day modern processor chips, is indeed living up to its name by ending up being unkillable.

In the midst of a progression of alleviations proposed by Intel, Google and others, the on-going claims by Dartmouth computer scientists to have comprehended Spectre variation 1, and a proposed chip configuration fix called Safespec, new variations and sub-variations continue showing up.

The discoveries likewise restore questions about whether the present and past chip plans can ever be really fixed. Just two weeks back, new data-stealing exploits named Ghost 1.1 and 1.2 were made public by specialists Vladimir Kiriansky and Carl Waldspurger. 


Presently there's another called SpectreRSB that endeavors the return stack buffer (RSB), a framework in the current modern CPUs utilized to help anticipate the return addresses, rather than the branch predictor unit.

In a paper titled Spectre Returns! Speculation Attacks utilizing the Return Stack Buffer , circulated through pre-print server ArXiv, boffins Esmaeil Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Tune, and Nael Abu-Ghazaleh detail another class of Spectre Attack that accomplished the similar from Spectre variation 1 – enabling pernicious programming software to take passwords, keys, and other sensitive data, from memory it shouldn't be permitted to contact.

These specialists by coincidence, are among the individuals who built up the SafeSpec mitigation in the first place.

The most recent data-theft burglary system includes constraining the processor to misspeculate utilizing the RSB. Utilizing a call direction on x86, SpectreRSB enables an attacker to push an incentive to the RSB with the goal that the return address for the call guideline never again coordinates with the contents of the RSB.

The paper, dated July 20, plots the steps associated with the SpectreRSB attack, which itself has six variations:         

"(1) after a context switch to the attacker, s/he flushes shared address entries (for flush reload). The attacker also pollutes the RSB with the target address of a payload gadget in the victim’s address space; (2) the attacker yields the CPU to the victim; (3) The victim eventually executes a return, causing speculative execution at the address on the RSB that was injected by the attacker. Steps 4 and 5 switch back to the attacker to measure the leakage."


Google bans AI used for weapons and war


Google CEO Sundar Pichai on Thursday announced that Google is banning the development of Artificial Intelligence (AI) software that could be used in weapons or harm others.

The company has set strict standards for ethical and safe development of AI.

“We recognize that such powerful technology raises equally powerful questions about its use,” Pichai said in a blog post. “As a leader in AI, we feel a deep responsibility to get this right. So today, we’re announcing seven principles to guide our work going forward. These are not theoretical concepts; they are concrete standards that will actively govern our research and product development and will impact our business decisions."

The objectives Google has framed out for this include that the AI should be socially beneficial, should not create or promote bias, should be built and tested safely, should have accountability, and that it should uphold privacy principles, etc.

The company, however, will not pursue AI development in areas where it threatens harm on other people, weapons, technology that violate human rights and privacy, etc.

“Where there is a material risk of harm, we will proceed only where we believe that the benefits substantially outweigh the risks, and will incorporate appropriate safety constraints,” the post read.

However, while the company will not create weapons, it had said that it will continue to work with the military and government.

"These include cybersecurity, training, military recruitment, veterans’ healthcare, and search and rescue. These collaborations are important and we’ll actively look for more ways to augment the critical work of these organizations and keep service members and civilians safe," Pichai said.

This decision comes after a series of resignation of several employees after public criticism of Google’s contract with the Defense Department for an AI that could help analyze drone video, called Project Maven.


Android Devices with Pre-Installed Malware


The Avast threat Labs have recently discovered pre-installed adware  on a few hundred diverse Android gadget models and versions, also incorporating gadgets from makers like ZTE and Archos.
The adware, analyzed has previously been portrayed by Dr. Web and has been given the name "Cosiloon."

The adware has been on the move for no less than three years, and is hard to remove as it is introduced on the firmware level and utilizes solid obfuscation. Thousands of users are said to have been affected , and in the previous month alone it has been observed that the most recent adaptation of the adware on around 18,000 devices having a place with Avast users situated in excess of 100 nations which includes Russia, Italy, Germany, the UK, and as well as a few users in the U.S.

The adware makes an overlay to display an advertisement over a webpage within the users' browser, it can be observed in the screenshots given below:




Google is taking a shot at fixing the malware's application variations on Android smartphones utilizing internally created strategies and techniques. Despite the fact that there is Google Play Protect, the malware comes pre-installed which makes it harder to address. Google is as of now, contacting various firmware engineers and developers to bring awareness to these concerns and energize in making effective steps likewise.

Anyway it is misty in the matter of how the adware got onto the gadgets, and the malware creators continued updating the control server with new payloads. Then again, Producers likewise kept on delivering new gadgets with the pre-installed dropper.

The payload was updated again on April eighth, 2018 and the name in application launcher changed to "Google Download," and some class names in the code changed likely trying to keep away from discovery.Since the malware is a part of the chipset platform bundle which is reused on different brands also and the chipset being referred to happens to be from MediaTek running different Android variants going from 4.2 to 6.0.

Avast says that some anti-virus applications report the payloads, however the dropper will install them back again immediately, and the dropper itself can't be expelled in that way the gadget will always host a strategy permitting an obscure party to install any application they need on it.




A Command Injection Critical Vulnerability Discovered In DHCP




The Dynamic Host Configuration Protocol (DHCP) client incorporated in the Red Hat Enterprise Linux has been recently diagnosed with an order infusion vulnerability (command injection ), which is capable enough to  permit a vindictive mime proficient for setting up a DHCP server or generally equipped for satirizing DHCP reactions and responses on a nearby local network to execute summons with root benefits.

The vulnerability - which is denominated as CVE-2018-1111 by Red Hat - was found by Google engineer Felix Wilhelm, who noticed that the proof-of-exploit code is sufficiently little to fit in a tweet. Red Cap thinks of it as a "critical vulnerability", as noted in the bug report, demonstrating that it can be effectively misused by a remote unauthenticated attacker.

DHCP is utilized to appoint an IP address, DNS servers, and other network configuration ascribes to gadgets on a network. DHCP is utilized as a part of both wired and remote systems. Given that the necessities of utilizing this exploit are basically being on a similar network, this vulnerability would be especially concerned on frameworks prone to be associated with distrustful open Wi-Fi systems, which will probably influence Fedora clients on laptops.

Eventually, any non-isolated system that enables gadgets and various other devices to join without explicit administrator approval, which is ostensibly the purpose of empowering DHCP in any case, is at last a hazard.

This bug influences RHEL 6.x and 7x, and in addition to CentOS 6.x and 7.x, and Fedora 26, 27, 28, and Rawhide. Other operating frameworks based over Fedora/RHEL are probably going to be influenced, including HPE's ClearOS and Oracle Linux, as well as the recently interrupted Korora Linux. Since the issue identifies with a Network Manager Combination script, it is probably not going to influence Linux circulations that are not identified with Fedora or RHEL as they aren’t easily influenced.



Gmail Gears Up For Tougher Data Privacy Laws


Google's email service as it gets ready for tougher data privacy laws has now added the option to enable messages to become unreachable after a definite set time.

The new "confidential mode" can be utilized to stop recipients being readily able to forward, copy, download or print correspondence sent by means of Gmail.

BBC News reports that the new facilities are a part of a much pervasive overhaul of the cloud-based administration.Experts say that the options were "long past due" although should enable Google to persuade more organizations and businesses to join.

Chris Green, from tech consultancy Lewis says:

"Other platforms, like Microsoft Exchange, let you use plug-ins to do something similar. So this isn't anything unique. But none of the cloud-based mail services have offered these data protection features until now, so they are quite distinctive in that respect.”

Since screen grabs and photos of a computer display are as yet conceivable , the anti-copy functions though won't keep the determined users from replicating  messages – - yet they have planned to limit the risk of the confidential information being coincidentally passed on to the wrong party, which may constitute an information break or in other simpler terms , a data breach.

This move comes a month prior to another EU data privacy law - the General Data Protection Regulation (GDPR) - comes into force.

It requires organisation to inform nearby information curators of a breach inside 72 hours of getting to be mindful, and expands the amount that they can be fined for non-conformity.

"The timing of this is not a coincidence," Mr Green adds later “A lot of this will be about ensuring that Gmail will continue to be a viable for enterprise users, as it will help them show they are GDPR-compliant.”



Google Appeals Watchdog That Declared It Guilty of “Search Bias”

Google has allegedly filed an appeal at the National Company Law Appellate Tribunal (NCLAT) against the Competition Commission of India’s (CCI) judgement that ruled the search giant guilty of “search bias.”

Two sources who were aware of this matter informed Reuters, and according to one of them, the appeal was filed on Monday.

The CCI had in February imposed a $20.95 million fine on Google for taking advantage of its dominance in the online search and advertising markets, stating in its 190-page judgement that, "Google was found to be indulging in practices of search bias and by doing so, it causes harm to its competitors as well as to users."

A CCI official called their judgement “robust” and said that the competition watchdog will be defending its verdict at NCLAT.

The commission had discovered that using search results from its database, Google had placed its commercial flight search function at a prominent position on the resulting search page.

The CCI ruling has brought to an end a probe started in 2012 due to complaints by matchmaking website Bharat Matrimony and Consumer Unity and Trust Society (CUTS).

This judgement is the latest anti-trust setback to the search engine company. In a similar case last year, the European Commission had imposed a €2.4 billion fine on Google for being biased towards its own shopping service and demoting its rivals.

Google Rejecting All Cryptocurrency Mining Extensions Submitted To The Chrome Web Store

Google is taking action against all Chrome extensions that incorporate a cryptographic money mining segment and is banning them from the Chrome Web Store. Up until now, Google had permitted cryptocurrency mining extensions till mining was the extension's just reason, and clients were appropriately informed about this conduct, Google's Extensions Platform Product Manager James Wagner noted in a blog post on Monday .

While the organization has no issue listing extensions with a solitary reason for straightforwardly mining digital coins in the background rather, Google has an issue with the developers uploading and posting Chrome extensions promoting one particular functionality, and furthermore furtively mining digital coins in the background without the client's assent.

In the course of recent months, there has been an ascent in virulent extensions that seem to provide useful functionality at first glance, acknowledged Wagner and this happens he further adds, while the embedded and concealed cryptographic money mining scripts keep running in the background without the user's assent.

 These mining scripts often consume significant CPU resources and can severely impact system performance and power consumption.

"Unfortunately, approximately 90 per cent of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with the company’s policy, of adequately informing users about the full behaviour of a listed extension and have been either rejected or removed from the store," Wagner adds.

Nonetheless Google is further planning to delist every current extension that mines cryptocurrency in "late June" however extensions with "block chain-related purposes other than mining" are still permitted. The ban has nothing to do with ads running mining scripts in the background, yet rather the plans and schemes related with the "unregulated or speculative financial products.”


Less Than 10% Gmail Users Enable Two-Factor Authentication

At the Usenix Enigma 2018 security conference this week, a Google software engineer revealed that only about 10% of Gmail users actually have Two-Factor Authentication enabled.

He further said that even this 10% has had trouble figuring out how SMS authentication codes work.

Two-Factor Authentication, or 2FA, is an additional layer of security that prompts users to enter an additional bit of information before they’re allowed to log in, usually codes sent via SMS or through an app like Google Authenticator.

At the question of why Google doesn’t make 2FA default, Grzegorz Milka, the above-mentioned software engineer, answered, “It’s about how many people would we drive out if we force them to use additional security,” saying that it’s about the “usability.”

According to research, people don’t use two-factor authentication because they don’t trust it and fear that their privacy will be compromised.

Experts have agreed that these fears aren’t entirely baseless as SMS authentication has a risk of interception by attackers who spoof phone numbers. However, things have become safer since Google rolled out “Google Prompt,” which offers built-in verification in Google Play services for Android and the Google app on iOS.

The company also launched a new service called “Advanced Protection Plan” for high-profile accounts which enables them to use hardware-based USB 2FA security keys instead.