Connect with us

Technology

Google extends right-to-be-forgotten to app permissions on older Android devices • The Register

Voice Of EU

Published

on

In December, Google plans to have app runtime permissions expire on older versions of Android for apps that haven’t been opened for several months, extending the availability of a privacy protection feature introduced in Android 11.

“In Android 11, we introduced the permission auto-reset feature,” explained Google software engineers Peter Visontay and Bessie Jiang in a blog post on Friday. “This feature helps protect user privacy by automatically resetting an app’s runtime permissions – which are permissions that display a prompt to the user when requested – if the app isn’t used for a few months.”

That behavior is the default in Android 11 and in Android 12, expected in a few weeks. Come December, it will become the default in older versions of Android that rely on Google Play services, specifically Android 6 (API level 23) through Android 10 (API level 29).

The behavior change is likely to affect about 2bn devices, given that only about 25 per cent of the 3bn active Android devices run Android 11 (API level 30) or greater, and a relatively tiny number run something older than Android 6.

It means that dormant apps will lose access to runtime permissions, also known as “dangerous permissions,” that were previously granted and might pose privacy problems if forgotten. These include permissions like READ_PHONE_NUMBERS, READ_SMS, RECORD_AUDIO, ACCESS_COARSE_LOCATION, CAMERA, and other similar settings that provide access to sensitive data.

Google has anticipated that this might cause problems in some cases, so it will exempt Device Administrator apps and the like that are used by large organizations and have permissions set via enterprise policy.

The Chocolate Factory has also provided a way for developers to request that Android device owners disable permission revocation. The rationale for doing so would be for apps that work mainly in the background – it wouldn’t be ideal, for example, if a child safety app that relies on location data suddenly stopped working.

The Register has asked whether anyone at Google would define “a few months” more precisely or whether the fuzzy time frame was a deliberate attempt to avoid providing a specific value that could be used to game the system. A company spokesperson confirmed it was the latter.

However, Android provides developers running Android 12 with a way to check and set the default permission reset time in milliseconds on their own devices using the Android Debug Bridge (adb) command line tool.

adb shell device_config get permissions auto_revoke_unused_threshold_millis2

Android 12 takes permission revocation further still. It includes a feature called Hibernation that “not only revokes permissions granted previously by the user, but it also force-stops the app and reclaims memory, storage and other temporary resources.”

Hibernating apps can’t run in the background or receive push notifications. This too can be disabled via Settings if necessary.

Google intends to begin a gradual rollout of its permission auto-reset feature in December, on devices with Android 6 through 10 and Google Play Services. Users should be able to access the auto-reset settings page to configure this feature for specific apps. Thereafter, the Android system will start counting down to a permission reset. The rollout is expected to reach all affected devices at some point in Q1 2022. ®

Source link

Technology

UK competition watchdog unveils advice for antivirus firms • The Register

Voice Of EU

Published

on

The UK’s Competition and Markets Authority (CMA) has unveiled compliance principles to curb locally some of the sharper auto-renewal practices of antivirus software firms.

The move follows the watchdog baring its teeth at McAfee and Norton over the issue of automatically renewing contracts.

The CMA took exception to auto-renewal contracts for antivirus software that customers in the UK signed up for and found difficult to cancel. Refunds and clearer pricing information (including making sure consumers were aware that year two could well end up considerably costlier than the first) were the order of the day.

Today’s principles build on that work, and are aimed at helping antivirus companies toe the line where UK consumer law is concerned. They are a bit more detailed than a simple “stop being horrid.”

The focus remains on auto-renewing contracts, where a customer signs up for a fixed period, then is charged again for subsequent periods. The CMA acknowledges that such arrangements are convenient, but they risk the consumer being locked into an agreement they no longer want or that they get stung with higher fees at renewal time.

While the principles are intended to be helpful, lurking in the background is consumer law and the threat of a potential trip to court for vendors stepping out of line.

First up comes a requirement to make sure customers are informed about auto-renewal, rather than hiding the detail in an End User Licence Agreement (EULA) or burying it in hard-to-read text through which a user must scroll.

Price claims must be “accurate” and “not mislead your customers” – so only show discounts against the normal price. It must also be possible to turn off the auto-renew easily, keep auto-renew turned off once it is off and, if on, make sure customers are reminded in good time that an auto-renew will happen.

Getting a refund must be easier and customers should be able to change their mind when auto-renewal happens. If the customer has stopped using the product, safeguards are needed around auto-renewal.

The last principle could pose a few challenges – how does a vendor become aware that a customer is not using its product? The suggestion from the CMA is to check if software updates are being received rather than simply charging users year after year.

The Register contacted McAfee and Norton for their thoughts on the principles, and will update should the companies respond. ®

Source link

Continue Reading

Technology

Grocery start-up Gorillas raises nearly $1bn in round led by Delivery Hero

Voice Of EU

Published

on

Just a few months after hitting unicorn status, Gorillas has raised another major round of funding from big-name investors.

German start-up Gorillas has raised nearly $1bn to expand its on-demand grocery delivery business.

The Series C funding round was led by Delivery Hero, the German food and grocery delivery giant that recently took a stake in Deliveroo.

Gorillas also received backing from existing investors including Coatue Management, DST Global and Tencent, as well as new investors G Squared, Alanda Capital, Macquarie Capital, MSA Capital and Thrive Capital.

The fresh funding comes just a few months after the company’s $290m Series B, which brought its valuation to more than $1bn.

Gorillas was founded in Berlin in 2020 by Kağan Sümer and Jörg Kattner, promising grocery deliveries in as little as 10 minutes.

It now operates more than 180 warehouses and has expanded to more than 55 cities in nine countries, including Amsterdam, London, Paris, Madrid, New York and Munich.

The company plans to use the latest funding for its next phase of development. This includes reinforcing its footprint in existing markets and investing in operations, technology and marketing.

“The size of today’s funding round by an extraordinary investment consortium underscores the tremendous market potential that lies ahead of us,” said Sümer, who is CEO of the start-up.

“With Delivery Hero, we have chosen a strong strategic support that is deeply rooted in the global delivery market, and is renowned for having unique experience in sustainably scaling a German company internationally.”

On-demand grocery delivery is a growing area in Europe that’s attracting investor attention.

Swedish start-up Kavall raised $5.8m in August, Czech player Rohlik hit unicorn status after its €100m Series C round in July, and Spain’s Glovo secured a €450m Series F round in April to expand in the grocery market.

Gorillas differentiates itself from other players in the market, such as Deliveroo, by employing its delivery drivers rather than relying on gig workers.

However, as the start-up has scaled rapidly over the past year, it has seen delivery workers protest over working conditions and pay, and been put under the spotlight for its treatment of employees.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

ICO to step in after schools use facial recognition to speed up lunch queue | Facial recognition

Voice Of EU

Published

on

The Information Commissioner’s Office is to intervene over concerns about the use of facial recognition technology on pupils queueing for lunch in school canteens in the UK.

Nine schools in North Ayrshire began taking payments for school lunches this week by scanning the faces of their pupils, according to a report in the Financial Times. More schools are expected to follow.

The ICO, an independent body set up to uphold information rights in the UK, said it would be contacting North Ayrshire council about the move and urged a “less intrusive” approach where possible.

An ICO spokesperson said organisations using facial recognition technology must comply with data protection law before, during and after its use, adding: “Data protection law provides additional protections for children, and organisations need to carefully consider the necessity and proportionality of collecting biometric data before they do so.

“Organisations should consider using a different approach if the same goal can be achieved in a less intrusive manner. We are aware of the introduction, and will be making inquiries with North Ayrshire council.”

The company supplying the technology claimed it was more Covid-secure than other systems, as it was cashless and contactless, and sped up the lunch queue, cutting the time spent on each transaction to five seconds.

Other types of biometric systems, principally fingerprint scanners, have been used in schools in the UK for years, but campaigners say the use of facial recognition technology is unnecessary.

Silkie Carlo, the director of Big Brother Watch, told the Guardian the campaign group had written to schools using facial recognition systems, setting out their concerns and urging them to stop immediately.

“No child should have to go through border-style identity checks just to get a school meal,” she said. “We are supposed to live in a democracy, not a security state.

“This is highly sensitive, personal data that children should be taught to protect, not to give away on a whim. This biometrics company has refused to disclose who else children’s personal information could be shared with and there are some red flags here for us.”

The technology is being installed in schools in the UK by a company called CRB Cunninghams. David Swanston, its managing director, told the FT: “It’s the fastest way of recognising someone at the till. In a secondary school you have around about a 25-minute period to serve potentially 1,000 pupils. So we need fast throughput at the point of sale.”

Live facial recognition, technology that scans crowds to identify faces, has been challenged by civil rights campaigners because of concerns about consent. CRB Cunninghams said the system being installed in UK schools was different – parents had to give explicit consent and cameras check against encrypted faceprint templates stored on school servers.

A spokesperson for North Ayrshire council said its catering system contracts were coming to a natural end, allowing the introduction of new IT “which makes our service more efficient and enhances the pupil experience using innovative technology”.

They added: “Given the ongoing risks associated with Covid-19, the council is keen to have contactless identification as this provides a safer environment for both pupils and staff. Facial recognition has been assessed as the optimal solution that will meet all our requirements.”

The council said 97% of children or their parents had given consent for the new system.

A Scottish government spokesperson said that local authorities, as data controllers, had a duty to comply with general data protection regulations and that schools must by law adhere to strict guidelines on how they collect, store, record and share personal data.

Hayley Dunn, a business leadership specialist at the Association of School and College Leaders, said: “There would need to be strict privacy and data protection controls on any companies offering this technology.

“Leaders would also have legitimate concerns about the potential for cyber ransomware attacks and the importance of storing information securely, which they would need reassurances around before implementing any new technology.”

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!