Almost 2 billion malware installs thwarted by Google Play Protect in 2019

That’s for apps from third-party marketplaces; another 790,000 policy-breaking apps were stopped from reaching Google Play

 Amer Owaida

Strengthened app safety policies, a better developer approval process, and enhancements to its machine learning detection system made the Google Play Store an even more secure place last year, according to Google’s 2019-in-review blog post this week.

“Last year, Google Play Protect also prevented more than 1.9B malware installs from non-Google Play sources,” Google Play Product Manager Andrew Ahn wrote in reference to Android’s built-in threat protection tool. The figure represents an increase from 1.6 billion malicious apps from outside of the official Android storefront that were blocked in 2018 and 2017 each.

Thanks to a new policy introduced in 2018, the Android marketplace also recorded a 98% decrease in apps accessing users’ SMS and call log data last year. The remaining 2% applied to apps that require access to these data in order to perform their core functions. (In some cases, the new policy affected legitimate services from using SMS permissions for security, privacy and safety reasons.)

The tech giant also ramped up its protection against malicious apps, praising its collaboration with partners in the Android App Alliance, of which ESET is an inaugural member. Enhanced vetting mechanisms helped Play Protect stop over 790,000 policy-violating apps from being published to Google Play. The store’s threat protection service now scans over 100 billion apps every day, which is double the number it scanned in 2018.

RELATED READING: Google’s data charts path to avoiding malware on Android

Other improvements include a new policy aimed at protecting children and families, which led to the removal or updates of tens of thousands of apps last year. The policy introduced new requirements concerning the disclosure of Personally Identifiable Information (PII) and the suitability of content and ads for children.

Having said all that, Google stressed that there’s more work to be done and reiterated its commitment to enhancing users’ privacy and security.

All things considered; you can always take several easy steps that will go a long way towards beefing up your protection. These include being cautious about the apps you install, especially – but not only – from outside the Play Store, paying attention to the permissions that the apps request, and having a reputable mobile security solution installed on your device.

Competing in esports: 3 thinhs to watch out for

If you’re looking to become a pro gamer, there are risks you shouldn’t play down

 By Amer Owaida

Gaming has been a popular pastime for decades. Over the past few years, it has also become a career path, with esports becoming a steadily growing phenomenon. Tournaments are taking place around the globe with huge prize pools and name recognition in play. Goldman Sachs expects the monetization of esports to reach an estimated US$3 billion by 2022. The competitive prize pool for the Fortnite World Cup last year was US$100 million. To put this into context: this is nearly the size of the entire esports prize pool for 2017. Education is trying to match pace, with university degrees offered on the subject.

All of this inspires generations of players to play online, grinding and polishing their skills, aspiring to be the next breakout stars of the esports scene.

To qualify for important tournaments and eventually to be scooped up by one of the elite teams, gamers have to practice and play a lot. With games being played online and the stakes being high, you may have to contend with a whole slew of unexpected risks. Since today is Safer Internet Day, we listed a few of the risks ambitious young gamers may encounter during their journey through the ranks.

Cheating

One of the dominant threats to gamers online are other gamers willing to cheat in order to get a competitive edge. You can encounter all kinds of cheats from scripting to third-party modifications; in Counter-Strike, for example, Aimbots and Wallhacks are well-known cheats used. If you’re playing on a competitive level, you’ll probably be playing on Valve Anti-Cheat (VAC) secured servers. That system should easily dispense with any form of identifiable cheating, resulting in a ban of the guilty party. But! There are ways to subvert that. Pro gamers have been caught using boutique cheats ordered from underground hacking forums, but those usually cost thousands of dollars since they are custom made.

Scripts can be applied to Multiplayer Online Battle Arena games such as League of Legends and DOTA2 as well. These can detect the trajectory of a skill shot, the cooldowns of the abilities of your opponents or automate some mechanisms. Gamers can usually tell that something smells fishy and report the guilty party. The practice often results in sanctions. On the professional scene, this translates to bans, penalties and even paying fines. In South Korea, it went as far as a police crackdown on the hackers behind the scripts and cases going to court. In essence, most developers have their own mechanisms in place to combat cheating … but if you suspect that something is amiss, you should always report it.

Malware

Various types of malware can also be a thorn in your side, especially if you’re the victim of a targeted attack. Depending on the objective of the bad actor, the method or the tool may vary. One mechanism to disrupt active players is by attacking them with ransomware. This can be designed specifically to lock up your game files, hence preventing you from taking part in an important qualifying match. As a result, you may lose access to your data and incur financial losses trying to recover it – either by paying the ransom (but with no guarantee of getting your files back, of course) or by taking the computer to a specialist, who may be able to save your files if a decryptor is available.

Keyloggers take it a bit further. By mapping your keystrokes while logging in and sending the results to them, the adversaries can then compromise your account and lock you out. To add insult to injury, you may lose everything in your account: ranks, unlocked or purchased items, and other valuables. If your credit card is also connected to your account, hackers may rack up an expensive list of purchases. You will not only lose your money, but your credit score may be tarnished as well. Moreover, your account might end up on the underground market and be sold with all of the achievements you poured your sweat and tears into achieving. Sometimes players can even be targeted due to a bug or flaw in a gaming client, such as the one that affected Origin.

DDoS attack

A distributed denial-of-service attack (or DDoS, for short) is an attack where a computer or network is overwhelmed to the point that it disrupts the services of a host connected to the internet.

In online gaming, that translates to lagging: a delay between your action and the reaction of the server on which the video game is running. In esports, where players have to make split-second decisions, lag can mean the difference between glory and ignominy. In some cases, if one of your teammates fails to connect, you may even have to forfeit a match, depending on the rules of the game you’re playing. Individual players can be attacked to make their team perform worse, but there have been cases where all members of a team have been DDoSed. For example, the now inactive Turkish team ZONE suffered so many DDoS attacks that it went in prepared by deleting any unnecessary software from their machines and played in the same room so they wouldn’t need VoIP to communicate, yet they were hit all the same.

Gamers aren’t the only victims of these attacks; even gaming service giants such as Microsoft and Sony have been hit, bringing their online services to a screeching halt. To mitigate the chance of being hit by a DDoS attack while competing, you should use a reputable endpoint security solution, audit your network security and: last but not least, try using a VPN while playing.

Final thoughts

As esports continue to gain traction and more widespread recognition, we can expect the ranks of gamers to swell with newcomers hoping to make it big. There have been talks of including it in the Olympics in the future, but we have yet to see how that pans out. In a bid to explore the intersection between esports and the Olympic Movement, the International Olympic Committee and Intel partnered up to announce the Intel World Open tournament in the lead-up to the Tokyo 2020 Olympic Games.

So, if you have ambitions to make it big, train hard and always remember the golden rule of cyberspace: stay safe.

De Top 5 van de invloedrijke vrouwen in de informatica

Sinds zijn oprichting in 2015 is de Internationale dag voor vrouwen in de wetenschap een dag om de prestaties van vrouwen over de hele wereld te erkennen, toe te juichen en om erover na te denken. Gevierd op 11 februari, is het een gelegenheid om de vrouwen die ons inspireren te herdenken. Bij deze gelegenheid herdenkt ESET vijf vrouwen die bekend staan voor hun werk op  gebied van informatica. Van Ada Lovelace, uit het middan van de negentiende eeuw en geprezen als de eerste computerprogrammeur, tot Caterina Fake,  mede-oprichtster van Flickr. Deze vrouwen hebben een enorme impact gehad en niet enkel op computertechnologieën maar ook op de hele wereld.

Ada Lovelace
Ada Lovelace werd geboren in 1815. Ze werkte nauw samen met Charles Babbage, die als eerst een digitale programmeerbare computer bedacht. In haar nota’s over de ‘Analytical Engine’, een erg complexe wiskundige machine, toonde Lovelace dat ze de  informatica  goed begreep wat een eeuw lang ongeëvenaard zou blijven. Ze schreef een aantal computerprogramma's voor de machine, waardoor ze de titel van eerste computerprogrammeur uit de geschiedenis verdient.

Lovelace ging de opvatting van Babbage over de vroege computer verder uitwerken en besefte dat de Analytical Engine zowel symbolen als getallen kon verwerken. Zo bedacht ze  een computer voor algemene doeleinden, die niet alleen complexe bedragen zou kunnen berekenen maar ook muziek zou componeren en afbeeldingen zou creëren. In het midden van de negentiende eeuw was dit een baanbrekend idee.

Zuster Mary Kenneth Keller

Hoewel computers misschien een ongebruikelijke onderwerp voor een non lijken, was zuster Mary Kenneth Keller de eerste vrouw die in de VS, in 1965, een Ph.D. in informatica behaalde aan de universiteit van Wisconsin. Als afgestudeerde hielp ze bij het ontwikkelen van BASIC (Beginner's All-purpose Symbolic Instruction Code), een computertaal die de nullen en enen van computercode in een meer eenvoudige en intuïtieve vorm vertaalde. Zuster Mary richtte de computerafdeling  van de staat Iowa op  alsook een masteropleiding voor toepassingen in de informatica. Ze was eveneens een gepassioneerde voorstander van vrouwen in de informatica.

Shafi Goldwasser
Shafi Goldwasser heeft niet alleen twee maal de Gödel-prijs gewonnen, ze was ook de winnares, in 2012, van de Turing Award voor haar werk in cryptografie en behaalde ook een groot aantal andere prijzen. Goldwasser maakte deel uit van het team dat voor het eerst de nulkennis bedacht  en is de mede-uitvindster van probabilistische codering, die de gouden standaard werd voor beveiliging van gegevenscodering. Haar werk in interactieve en nulproeven zorgde voor de veilige overdracht van informatie via het internet. Ze  opende ook de weg naar de technologie voor andere vrouwen.

Hedy Lamarr
Hedy Lamarr, een Hollywood-actrice en filmproducente, vond de technologie uit die de basis zou vormen voor de moderne WiFi-, GPS- en Bluetooth-communicatie. Samen met mede-uitvinder George Antheil, ontwikkelde Lamarr een toestel dat radiofrequenties met onregelmatige intervallen manipuleerde om een onbreekbare code te creëren  met een signaal dat niet kon gevolgd of  gestoord worden. Deze technologie vormde de technische ruggengraat voor WiFi- en Bluetooth-apparaten. In 2014, veertien jaar na haar dood,  werd Lamarr opgenomen in de National Inventors Hall of Fame als erkenning voor haar inspirerende werk.

Caterina Fake
In 2004 was Caterina Fake mede-uitvindster van  Flickr, een van de eerste websites voor het uploaden van foto's, die een grote populariteit kende. Ze stond ook aan het hoofd van  de technologische ontwikkelingsgroep van Yahoo, en was verantwoordelijk voor  het innoveren van internetinteracties. Ze ging verder met het ontwikkelen van Hunch, een collectief intelligentie-aanbevelingssysteem. Fake werd voor haar prestaties door Bloomberg  en Forbes erkend en werd in de Time 100 opgenomen.

Door de geschiedenis van informatica heen hebben inspirerende vrouwen meegewerkt aan het ontwikkelen van computertalen, het creëren van foto-upload sites, het  mede-uitvinden van baanbrekende technologie en nog veel meer.

Vandaag blijven vrouwen innovaties op het gebied van informatica stimuleren en nemen ze de voortouw bij veel nieuwe opkomende technologieën. Wat nog komen zal,  kunnen we alleen maar raden.