Google issues

The Doctor

Staff member

14 December 2011 Last updated at 12:41 GMT

Google moves to delete 'RuFraud' scam Android apps

Google has removed 22 applications from its Android Market after they were discovered to contain fraudulent software.

Apps posing as popular third-party software such as Angry Birds tricked users into sending premium text messages.

Unlike some other app services, Android Market apps are not vetted prior to being added to the store.

Google has said it swiftly removes apps that violate its security policies.

Lookout, a mobile security company based in San Francisco, believes the fraud attempt originated from Russia.

After notifying Google of the 22 affected apps, Lookout said it then identified five more apps running the so-called "RuFraud" scam.

The scam would make a user believe they were about to download a game or program, but instead they were giving the phone "permission" to send a text message costing about £3.

Google has confirmed to the BBC that the additional apps have now been removed.

Lookout believes that there have been at least 14,000 downloads of apps containing RuFraud. Users across Europe were affected, including the UK.

The company said attacks of this nature have risen in the past few months.

More effort
Google has come under fire in the past for not doing enough to remove substandard or dangerous apps posing as popular software.

Rival stores, such as those from Microsoft and Apple, require all apps to go through a vetting process before being added.

Alternative app stores for Android have been created by companies such as Amazon, offering additional curation and more vigorous checks.

David Emm, a security researcher for Kaspersky, said Google needed to put in more effort to filter out harmful applications in their store.

"The flexibility of the Android Market is great, but that comes at a potential price to security.

"It will become a potentially bigger problem in the future. Android's market share is going up, and so is the number of malware-infected mobile software."

Mr Emm said Google might need third-party help to add screening functions for applications being added to the store.

"I think it's a question of using existing desktop technologies and transferring them to mobile," he said.

He worries that existing vulnerabilities in Android applications leaves the door open for wider breaches on Google's network.

"The concern is that your Android Market account is attached to your Gmail account - which means if my Market account is hacked, it adds another security problem."

Glass houses
Meanwhile Microsoft, whose Windows Phone is an Android competitor, has launched a competition offering a free smartphone to disgruntled Android users who tell their story.

Ben Rudolf, Microsoft's "Windows Phone evangelist", tweeted: "If you have #droidrage from Android malware, share your story with me and you could win a #windowsphone!"

The marketing ploy was dismissed by Graham Cluley, author of Sophos' Naked Security blog.

"Microsoft would be wise not to look too smug at the current focus on Android malware issue though - and using the issue as a promotion for Windows Phone 7 may be shortsighted," he wrote.

"Let's not forget, people who live in glass houses shouldn't throw stones."

Naked Security later reported on an apparent vulnerability which allowed a Windows Phone's messaging function to be disabled by simply receiving a text.

Mobile Security company Lookout identified several counterfeit versions of popular software containing the RuFraud scam. They included fake versions of:

Angry Birds
Cut the Rope
Twilight (wallpaper)
Need for Speed
Sim City
Puss in Boots

De Master Yoda

Google announces privacy changes across products; users can’t opt out

By Cecilia Kang,

Google will soon know far more about who you are and what you do on the Web.

The Web giant announced Tuesday that it plans to follow the activities of users across nearly all of its ubiquitous sites, including YouTube, Gmail and its leading search engine.

 The offices of Facebook and Google are more than your standard cubicle-filled corporate buildings.

Google has already been collecting some of this information. But for the first time, it is combining data across its Web sites to stitch together a fuller portrait of users.

Consumers won’t be able to opt out of the changes, which take effect March 1. And experts say the policy shift will invite greater scrutiny from federal regulators of the company’s privacy and competitive practices.

The move will help Google better tailor its ads to people’s tastes. If someone watches an NBA clip online and lives in Washington, the firm could advertise Washington Wizards tickets in that person’s Gmail account.

Consumers could also benefit, the company said. When someone is searching for the word “jaguar,” Google would have a better idea of whether the person was interested in the animal or the car. Or the firm might suggest e-mailing contacts in New York when it learns you are planning a trip there.

But consumer advocates say the new policy might upset people who never expected their information would be shared across so many different Web sites.

A user signing up for Gmail, for instance, might never have imagined that the content of his or her messages could affect the experience on seemingly unrelated Web sites such as YouTube.

“Google’s new privacy announcement is frustrating and a little frightening,” said Common Sense Media chief executive James Steyer. “Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out — especially the kids and teens who are avid users of YouTube, Gmail and Google Search.”

Google can collect information about users when they activate an Android mobile phone, sign into their accounts online or enter search terms. It can also store cookies on people’s computers to see which Web sites they visit or use its popular maps program to estimate their location. However, users who have not logged on to Google or one of its other sites, such as YouTube, are not affected by the new policy.

The change to its privacy policies come as Google is facing stiff competition for the fickle attention of Web surfers. It recently disappointed investors for the first time in several quarters, failing last week to meet earnings predictions. Apple, in contrast, reported record earnings Tuesday that blew past even the most optimistic expectations.

Some analysts said Google’s move is aimed squarely at Apple and Facebook — which have been successful in building unified ecosystems of products that capture people’s attention. Google, in contrast, has adopted a more scattered approach, but an executive said in an interview that the company wants to create a much more seamless environment across its various offerings.

“If you’re signed in, we may combine information you’ve provided from one service with information from other services,” Alma Whitten, Google’s director of privacy for product and engineering, wrote in a blog post.

“In short, we’ll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience,” she said.

Google said it would notify its hundreds of millions of users of the change through an e-mail and a message on its Web sites. It will apply to all of its services except for Google Wallet, the Chrome browser and Google Books.

The company said the change would simplify the company’s privacy policy — a move that regulators encouraged.

Still, some consumer advocates and lawmakers remained skeptical.

“There is no way anyone expected this,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy group. “There is no way a user can comprehend the implication of Google collecting across platforms for information about your health, political opinions and financial concerns.”

Added Rep. Edward J. Markey (D-Mass), co-chair of the Congressional Privacy Caucus: “It is imperative that users will be able to decide whether they want their information shared across the spectrum of Google’s offerings.”

Google has increasingly been a focus of Washington regulators.

The company recently settled a privacy complaint by the Federal Trade Commission after it allowed users of its now-defunct social-networking tool Google Buzz to see contacts lists from its e-mail program.

And a previous decision to use its social network data in search results has been included in a broad FTC investigation, according to a person familiar with the matter who spoke on the condition of anonymity because the investigation is private.

Federal officials are also looking at whether Google is running afoul of antitrust rules by using its dominance in online searches to favor its other business lines.

Claudia Farrell, a spokeswoman for the FTC, declined to comment on any interaction between Google and regulators on its new privacy changes.

Central Scrutinizer

Staff member
Check the quiz.

There's A New Scam To Steal Your Gmail Info, And It's Hard To Catch
The Huffington Post | by Alexis Kleinman

Posted: 03/18/2014 3

Warning: If you receive an email with the subject "Documents," and it directs you to a webpage that looks like a Google Drive sign-in page, do not enter your information.

It's likely a new phishing scam, in which a thief creates a fake portal that asks for people's private information and then steals it. (Netflix recently faced a similar issue.)

This one uses a fake Google Drive landing page to get your Gmail address and password, cyber security company Symantec's official blog reported last Thursday. You're meant to think that the documents you'll be viewing are on Google Docs and that you need to sign in to see them. Remember, though, it's all a scam.

"We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again," a representative from Google tells The Huffington Post. "If you think you may have accidentally given out your account information, please reset your password.....


Watch Out for Fake Gmail Messages in Your Inbox

BBB Accredited
Watch Out for Fake Gmail Messages in Your Inbox
BBB Scam Stopper
– January 9, 2015Posted in: Alerts/Scams, Identity theft, National, Phishing, Scam, Security

Have a Gmail account? Watch out for scam emails posing as messages from Google. They may look like official notices about your account, but they carry malware.

How the Scam Works:

You receive an email that appears to be a message about your Google or Gmail account. One version of this scam informs you that “You have exceeded your email limit quota.†Another tells you that “you have a deferred email.†The text is hyperlinked in both, implying that you should click for more information. Don’t do it!

Gmail Scam Watch Out for Fake Gmail Messages in Your Inbox

Clicking on the link will download malware to your computer. Once on your machine, it can hunt through your files for personal and banking information. This opens you up to the possibility of ID theft.

These scam emails are particularly tricky because they look so real. They have details like Google’s address in the footer. One version actually has a link to “unsubscribe†and “change my notification settings.†Be sure not to click these links because they also may contain malware.

How to Spot a Scam Email:

Check out the “From†field: Scammers have the ability to mask email addresses, making the message appear to come from a legitimate source. But they don’t always use it. In this scam, the “Google†emails aren’t actually from a address.

Watch for typos, strange phrasing and bad grammar. Scammers can easily copy a brand’s logo and email format, but awkward wording and poor grammar are typically a give away that the message is a scam. In the example above, the phrases “limit quota†and “deferred email†are a sign that something’s not right.

Hover over URLs to reveal their true destination. Typically, the hyperlinked text will say one thing, but the link will point somewhere else. Scammers either set up fake websites or hack into third-party sites and use them to host malware.

Watch for look alike URLs. Be wary of sites that have the brand name as a subdomain of another URL (i.e. or part of a longer URL (i.e.

For more information about scams impersonating Gmail and other Google products, check out