eBay has announced today that the AMP version of its mobile online shopping experience has gone live, with about 8 million “browse nodes” currently available to view in AMP form.
Samsung has already shown off the new Edge panel for devices like the Galaxy S6 Edge and Edge+ which comes as part of the Android Marshmallow update. Today, it detailed some of the other, perhaps more important, additions coming to Galaxy phones with Android 6.0 which started rolling out two days ago.
AgileBits has promised to beef up the security of 1Password after a Microsoft software engineer discovered that details of which websites you visit are unencrypted and indexed by Google if you use the 1PasswordAnywhere feature. Dale Myers said that he discovered this by chance after a sync problem led him to investigate the files used to store the metadata.
It turns out that your metadata isn’t encrypted [allowing someone to] go through and find out exactly what shady sites I have accounts on, what software I have licences for, the bank card and accounts I hold, the titles of any secure notes I have, any anything else I’ve decided to store in there.
While passwords remain secure, privacy is placed at risk and the data obtained could, says Myers, be used in a phishing attempt.
Thanks to people having links for easy access to their keychain on their websites, Google has indexed some of these. A simple search brings up results. By looking at one of these it was a simple matter to identify the owner of the keychain and where he lived. I know what his job is. I even know the names of his wife and children. If I was malicious, it would be easy to convince someone that I had compromised their account and had access to all of their credentials.
AgileBits said that the decision not to encrypt metadata was taken back in 2008, when decryption on mobile devices involved significant performance and battery-drain issues, and that it introduced a secure file format in 2012, but that it didn’t want to break compatibility with older versions by making that format the default.
The company said that work on making the secure file format the default was already in hand.
We’ve already started making changes to use OPVault as the default format. In fact, the latest beta of 1Password for Windows does this already. Similar changes are coming to Mac and iOS soon, and we’re planning on using the new format in Android in the future. Once all of these things are complete, we will add an automatic migration for all 1Password users.
For those who don’t want to wait, the company has posted instructions for manually migrating to the new format.
The 1Password Android app was updated in August with a freemium pricing model and the ability to create vaults on mobile. If you’re not yet using a password manager, check out our how-to guide over on 9to5Mac.
Google is extending their Safe Browsing feature that protects desktop users from malicious exploits on the web to mobile in Chrome for Android. Launched eight years ago, the feature has protected a billion desktop users from malware, unwanted software, and social engineering sites according to Google.
The feature was rolled out a long time ago as part of Play Services 8.1 and Chrome for Android 46, but was just officially announced today. It is enabled by default and users can check that it’s on by going to the Privacy menu in Chrome’s settings. When users come across an unsafe webpage, a bright red warning screen with a return to safety button will pop up first.
The team behind the feature notes the difficulties of bringing it over to mobile from desktop, mobile’s most limiting constraint being limited data and reduced data speeds. As such, every single bit of security data sent to the device is optimized. For instance, as social engineering attacks only happen in certain parts of the world, only devices in those regions will get those types of warnings. The security feature is also optimized from a memory and processor usage standpoint, making sure it does not reduce battery life.