Google has made some substantial changes to measures intended to keep user accounts safe and the search giant has now revealed that at least one more is on the way that will notify account holders anytime their Google data is shared. The change is an extension of the current notification system that already provides alerts when applications or websites have been granted access to sensitive information from Gmail, Contacts, or any other aspect of Google services. In short, that will be adjusted to inform a user anytime “any data” is shared from their Google Account. Presumably, that means users will be alerted to apps, services, or sites that gain access even if they didn’t initiate the interaction themselves. Beyond that, the associated Security Checkup tools have been updated again to include recommendations about applications that have been installed on a user’s device. That will incorporate not just suggestions about applications that might be going unused but also prompts to remove apps marked by the Play Store’s Protect features as being harmful.
Stepping back from the more in-depth controls for account holders, Google has also built a comprehensive JavaScript-based risk assessment algorithm that performs an analysis to check for suspicious activity that could indicate a compromised account before a sign-in takes place. If JavaScript is disabled, that won’t run but Google is circumventing that possible bypass method by implementing a prompt that will cancel the process and explain how the feature keeps users safe if that happens. Although that’s not going to be a perfect solution, it should help prevent at least some breaches caused by phished or otherwise stolen passwords. Finally, the company has implemented a new multi-step process that users can go through to regain their account if a security lapse does happen. If any unauthorized activity happens to be detected, that will be triggered automatically for the user. The process will involve a walkthrough of changes to security settings, in addition to checks on the financial activity of any payment methods that are connected to a given account and the content or files saved in Google Drive or Gmail. Moreover, the company will help secure secondary accounts linked to the Google Account itself.
Background: Of course, these are not the only changes to have been made to Google’s security settings or policies over the past several months and that’s not without good reason. Following a grievous mishandling of user’s Google Plus data and a security flaw that went unreported for months, ultimately leading to the planned shutdown of the service, Google needs to prove to users that it is taking security seriously. Now, steady progress has been made toward better security specifically for mobile devices and other individual branches of the company. For Android, in particular, Google is working toward a policy that will ensure more timely and frequent updates and patches and is joining with third-party component manufacturers to try and pursue updates that bypass OEMs and carriers alike. However, with the Google Plus breach, Google seems to have actively tried to sweep the problem out of view and keep details from the public.
Impact: The new measures, on the other hand, seem to be pushing security-first features in a much more transparent direction. Users will have the ability to check more of their data and usage via Security Checkup than ever and the prompts about user data that is being used on a secondary basis should cover a wider range of circumstances. Meanwhile, the new step-by-step breach recovery process will ensure that users can revert or rollback critical change made while their account may have been out of their hands. None of that means that Google accounts are now completely safe but it is a step closer to that, at very least.
