Google to enable 2FA for all users, add privacy labels to Android apps
On World Password Day, on Thursday, Google has announced two upcoming security and privacy changes that will help the company's customers stay safe in the face of an ever-increasing wave of cyber-attacks and intrusive tracking technologies.
The first of these is a step that everyone has been pushing the company to take for years.
In a blog post, Mark Risher, Director of Product Management, Identity and User Security at Google, said that starting later this year, the company plans to automatically enable two-factor authentication for all its eligible users if the users haven't done so already.
The process is currently underway. Google said it is already prompting users who have enabled 2FA for their accounts to verify their identities. Every time they access their web accounts, they'll be asked to tap a message on their phone.
Once this step is complete, Google said it plans to move into the second phase of its plan, where it will ask users to enable one of the multiple 2FA security features that the company makes available for users, such as SMS, security keys, or authentication apps.
Furthermore, there are also changes incoming for Android users on the privacy front. Apple has recently ruffled many feathers in the advertising and tech world by forcing all iOS apps to show detailed labels of the data they collect from users.
Called privacy labels, they are also coming to Google's official Play Store in 2022, per a Google blog post.
While Apple's labels were so detailed that they made Mark Zuckerberg's company have a hissy fit last year, it is unclear what implementation Google will go with, since, unlike Apple, Google depends more on advertising revenue and won't likely try to discourage advertisers from using its products through intrusive labels.
Per Google's Android team, here's what the labels will be supposed to show:
- What type of data is collected and stored: Examples of potential options are approximate or precise location, contacts, personal information (e.g. name, email address), photos & videos, audio files, and storage files.
- How the data is used: Examples of potential options are app functionality and personalization.
"Starting Q2 2022, new app submissions and app updates must include this information," Google said.
However, we'll reserve judgment for next y ear on how all of this will turn out.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.