Update, Dec. 04, 2024: This story, originally published Dec. 02, now includes more information from Google and others on how to best secure your Google account, and your Gmail application and usage, for Android and other users.
It’s too easy to imagine that any security update worth making is going to involve something complex, and more often than not, that leaves the user experience more convoluted than before.
The best security updates, however, are the ones that make usability easier rather than more cumbersome.
Passkeys replacing passwords are the obvious example to throw in the mix. Google has just
confirmed an incredibly simple new feature that is coming to the Gmail Android
app, and it’s one that truly deserves the security surprise label as you might
be forgiven for thinking it’s just another ease-of-use tweak. Here’s what
you need to know about the changes to how you send CC and BCC emails using
Gmail on Android will impact your security posture.
This One Surprising Interface Tweak Will Make Gmail More Secure For Millions Of Android Email Users
The Google Workspace team took to the official blog the day before Thanksgiving to drop an announcement regarding what appeared to be a relatively simple and straightforward interface tweak for users of the Gmail Android app. An
announcement that, totally unsurprisingly, has flown largely under the security updates radar as a result.
But you have to get up earlier in the day to sneak something Gmail and
security-related past me. So, what is the security surprise? “When writing
an email in the Gmail app on your Android device, you can now drag and drop
contacts in the addressee fields,” Google said.
Yes, seriously, that’s it. I told you it was both simple and surprising.
Now let me explain why it’s also a security update for the hundreds of
millions of people who use Gmail on an Android device.
Why Sending A Carbon Copy Can Be A Security Issue, And How Gmail Will Make It Less Likely To Happen
Mistakes made when sending a carbon copy or blind carbon copy of an email can be embarrassing at the best of times and a security risk at the worst. As a journalist, I have lost count of the number of times that a media relations agency has mistakenly sent a copy of a press release using the CC function rather than the BCC one.
This isn’t a huge problem apart from the fact that it then “publishes” the
email addresses of everyone on the list to everyone else on it which can
have huge data protection implications. But that accidental breach won’t be stopped by being able to drag an
email address to either of the carbon copy fields, although mine would hope
it would be more apparent.
No, the security side of things comes into play when someone has added the wrong person to a carbon copy field when inputting a bunch of addresses. Believe me, this is very easily done, especially with address auto-complete combined with a split-second lack of attention. That email could easily contain confidential or sensitive material not authorized for all the eyes that end up reading it.
Being able to draft and drop email addresses between the To, CC, and BCC
fields, should certainly reduce the number of such errors. Why? Because the
physical act of drag and drop is more attention-driven, requires a different
kind of focus than typing, and in my never humble opinion will be much
harder to get wrong.
The bonus here, and it really is a bonus when talking about any kind of
security implication, is that the new system is also a usability update that
makes Gmail easier to use. Boom. Double whammy win.
The new drag-and-drop functionality for the Gmail Android app has started to roll out now, and Google said that it should be complete before Dec. 14 to all users of Gmail, including personal accounts.
Three Gmail Security Tips For Android Users From Google Itself
Google has published a set of three security tips for Android users of the Gmail service which provide a good baseline for keeping your email secure. Here’s
what you need to know straight from the Google horse’s mouth.
Choose A Strong Password For Your Gmail Account
Google recommends that Android users first take a look at the guidance on creating a strong password, which includes the usual advice of keeping it unique and not sharing it
with other accounts, as well as potentially replacing your password with a passkey. It then suggests you change your password using the information you’ve
been given.
Check Your Gmail Security Settings
Google recommends checking certain Gmail security settings to ensure nobody
has access to your emails who shouldn’t have. You will need to check these
from a web browser, though, as they cannot be accessed from the Gmail app
itself.
·
Check your signature to make sure that the text looks correct.
·
Check your Office Auto Reply to make sure that the text looks correct and
that it isn't turned on if you don't need it to be.
·
Check 'Send email as' to make sure that all the email addresses listed
belong to you.
·
Check 'Grant access to your account' to ensure that no unknown people have
access to your account.
·
Check 'Check email from other accounts (using POP3)' to make sure that all
the email addresses listed belong to you.
·
Check to make sure that emails aren't being automatically forwarded to an
unknown account using a 'Forward to' filter.
·
Check that any filters that automatically delete messages ('Delete it')
were set up by you.
·
Check that your messages aren't being forwarded to an unknown account.
·
Verify that your POP or IMAP settings are correct.
Update Your Gmail App
And finally, following the advice often given by contributors to the Forbes.com cybersecurity section, update your Gmail Android app.
The reasoning is simple enough: when you update the app, you also get any
security updates that are required to keep you protected. Just visit the
Google Play Store and look for the Gmail app, if it says “Open” and nothing
else then you already have the latest version, if it says “Update” then you
know what to do to keep your Gmail protected.
All Gmail Users Should Complete The Google Account Security Check-Up For Peace Of Mind
All of the above security tips from Google should be treated as solid
advice for Android users of the Gmail application, but there is another
recommendation that all Gmail users really shouldn’t ignore: take the Google
account security check-up.
Think of Gmail as being a cake, a big juicy one made up of lots of creamy layers. Threat actors, be that in the form of scammers, hackers, or good old-fashioned cybercriminal chancres, want to get hold of that cream any way they can.
To do that, they have to eat their way through the layers of sponge
in-between. OK, a cheesy analogy, I know, but the point remains that
ensuring those layers of security sponge are as inedible to the hacker
palette as possible is key to ensuring the cream remains out of reach. This
is why taking the Google account security check-up is so vital when it comes
to protecting Gmail.
Gmail Security Recommendations
Although your version of the Google security check-up interface will necessarily be different from the example account I’m using to illustrate it here, as it is composed on the fly around your own account and own settings, the basics remain the same.
As you can see above, top of the list here is an amber alert for the Gmail account in question. This has been flagged because there are automatic email forwarding rules in place.
This is a tactic that can be employed by a hacker or stalker looking to see copies of all your incoming emails without you knowing, so the suggestion is to check that the forwarding rule is something you recognize and ditto when it comes to the address your email is being forwarded to.
The same section of the Google account security check-up flagged further actions for me to take: check the reply-to address that people replying to my emails are configured to go to, check the email address that is configured as being the one to appear when sending emails from the Gmail account and a list of blocked email addresses to check.
The latter, in my case, is quite extensive as I have an itchy blocking
trigger finger and no tolerance for repeat offenders. However, this is
another tactic that can be used by an attacker looking to ensure certain
people or services aren’t able to contact the Gmail account holder.
Who Is Reading Your Gmail?
Moving further down the security check-up checklist, you can see details of all the devices that have signed into your Google account, including those that have been dormant for a long period and which you can safely remove with a click or two.
Being able to see, at a glance, not only what devices are signed into
your Google account but also where they are located and when they were last
active is a huge benefit when it comes to protecting your Gmail account from
snoopers. It’s easy to spot when someone has accessed your emails from a
device or location you don’t recognize and take appropriate action as a
result.
Enhanced Safe Browsing Helps Protect Gmail Users
The safe browsing section checks to see if you have Google’s safe browsing protections enabled or not.
The enhanced safe browsing feature works automatically in the background to “provide faster, proactive protection against dangerous websites, downloads, and extensions,” Google said, adding that if you choose to turn on enhanced safe browsing for your account, it “keeps you safe when you’re signed in and improves your security in Google Chrome and Gmail.”
Essentially, this provides real-time security scanning concerning
dangerous websites, downloads, and extensions and improves Google’s ability
to detect and protect against phishing and malware as well as offering
enhanced protection from dangerous links across Google apps.
In this example check-up, you can see that the remaining sections all have
green checkmarks, which means they don’t require any further action to keep
your Gmail account secure.
0 Comments