Google’s Advanced Protection program for high-risk users now includes malware protection

Google is expanding the feature set for its Advanced Protection Program, a security offering that helps safeguard Google Accounts of those at risk for targeted attacks — like politicians, journalists, activists, business leaders and others. The program already provides an increased level of protection for these accounts by limiting access to data, blocking fraudulent account access, supporting the use of physical security keys and more. Today, Google is adding new malware protections to the program, as well.

For starters, those enrolled in the Advanced Protection Program will have Google Play Protect automatically enabled. This is Google’s built-in malware protection for Android that’s currently used to scan and verify 100 billion apps per day, Google notes. The system uses machine learning to automatically scan users’ devices and apps to check for harmful behavior and potential security issues. Now, this will be enabled for Advanced Protection Program members and will not be able to be shut off.

The program will also now limit users’ ability to install apps from outside the Play Store, where apps are now scanned for malware before approval. Those from outside the store can present a greater risk. Google will now prevent the download of non-Play Store apps on any devices enrolled in the Advanced Protection Program, with a few exceptions. Users will be able to install non-Play Store apps through other third-party app stores that may have shipped on your device from the device manufacturer. Others can be installed through the developer tool Android Debug Bridge. However, Google says non-Play Store apps that have already been installed won’t be removed and can continue to be updated.

Google launched its Advanced Protection Program in fall 2017, as an opt-in option for those who believe they’re at increased risk of online attacks. The program focuses on defending against phishing, locking down malicious apps, and fending off hackers. The trade-off is reduced convenience as there are additional steps to take during authentication and more limitations on what can be done. But the result is a safer, and free, way to increase the security of your account and device.

The new added protections will roll out gradually to accounts enrolled in the Advanced Protection Program on Android devices, to be later this year followed by new malware protections for Chrome, Google says. However, G Suite users won’t get these new protections now — instead, they’re offered through endpoint management, which helps secure devices belonging to mobile workforces.

US is preparing to ban foreign-made drones from government use

The Trump administration is preparing an executive order to ban federal departments and agencies from buying or using foreign-made drones, citing a risk to national security, TechCrunch has learned.

The draft order, which was drafted in the past few weeks and seen by TechCrunch, would effectively ban both foreign-made drones or drones made with foreign components out of fear that sensitive data collected during their use could be transferred to adversarial nation-states. The order specifically calls out threats posed by China, a major hub for drone manufacturers that supply both government and consumers, with the prospect that other countries could be added later.

The order says it’s government policy to “encourage” the use of domestically built drones instead.

If passed, federal agencies would have a month to comply with the order, it said. But the military and the intelligence community would be granted broad exemptions under the draft order seen.

When reached, a spokesperson for the White House did not comment.

It’s the latest move to crack down on Chinese-built technology, amid fears that Beijing is using its authority and influence to compel companies to spy at its behest. Huawei and ZTE among others have faced bans from operating inside the U.S. government, despite protests from the companies, which have long rebutted claims that they pose a risk due to their Chinese connections. Beijing responded in kind by banning from its state offices U.S. and other foreign-made technology.

The U.S. government’s prevalent use of predominantly Chinese-made drones has come under more intense scrutiny in recent months. In January, the Dept. of the Interior issued an order grounding its fleet of close to 800 foreign-made drones, except for in emergencies, amid concerns that any data collected would be “valuable” to U.S. adversaries.

But an email seen by TechCrunch dated July 2019 appears to show internal disagreements about the risks of using foreign-made drones, just months before the grounding order would come into force. Interior’s chief information officer William Vajda said in an email to two senior staffers that the department’s drone program “understands the risks” of foreign-made drones and has “taken appropriate steps to mitigate them.”

“The only more effective mitigation would be to use exclusively U.S. manufactured, non-foreign technologies,” he wrote.

Most of the department’s fleet is built by China-based manufacturers — including DJI — which stands to lose the most if the order is signed. DJI supplies some 70% of the world’s drones in a market said to be worth about $15 billion by the end of the decade.

A spokesperson for the Dept. of the Interior said the department was working to “further assess the risks” of foreign-made drones.

DJI spokesperson Michael Oldenburg said in a statement: “While we haven’t seen the document, this proposal is another attack on drone technology based on its country of origin, which recent reporting has shown has been criticized within federal agencies including the U.S. Department of Agriculture, Department of the Interior, Fish and Wildlife Service and even the White House Office of Management and Budget.”

“When communicating among themselves, these agencies’ officials have explained how such an approach damages American interests and does not solve any cybersecurity issues, and have acknowledged that DJI’s products have been validated as secure for use in government operations,” the spokesperson said.


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849.