It’s too simple to assume that any worthwhile security update would include something complicated, and more often than not, this makes the user experience even more complicated. However, the most effective security updates are those that simplify, rather than complicate, usage. The most apparent example to include in this context is the replacement of passwords with passkeys. Google just revealed a very basic new feature that will be available in the Gmail Android app. You might assume that this is just another convenience feature, but it’s actually a security surprise. Here’s what you need to know about how your security posture will be affected by changes to the way you send CC (Carbon Copy) and BCC (Blind Carbon Copy) emails using Gmail on Android.
The day before Thanksgiving, the Google Workspace team announced on the official blog that users of the Gmail Android app would be able to enjoy a reasonably easy-to-use layout change. Unexpectedly, a news that has mostly gone unnoticed due to security patches. However, in order to get something past me that has to do with Gmail and security, you must rise earlier in the day. What is the surprise in terms of security, then? Google stated, “You can now drag and drop contacts in the addressee fields when writing an email in the Gmail app on your Android device.”
Yes, that’s it, really. It was both easy and unexpected, I told you. Let me now explain why the hundreds of millions of users who use Gmail on Android devices also benefit from this security update.
The Potential Security Risk of Sending Carbon Copy (CC) and How Gmail Can Reduce the Chance, errors committed when sending a blind carbon copy or carbon copy of an email can be a security concern at worst and embarrassing at best. As a journalist, I can’t even begin to count how many times a PR firm has accidentally sent a press release using the CC feature instead of the BCC one. Apart from the fact that it subsequently “publishes” the email addresses of every person on the list to every other person on it, which may have serious data protection ramifications, this isn’t a major issue. Although I would expect it would be more obvious, being able to drag an email address to any of the carbon copy fields won’t prevent such unintentional breach.
No, when someone enters a number of addresses into a carbon copy area, they add the incorrect person, which raises security concerns. I assure you that this is quite simple to accomplish, particularly when address autocomplete is used in conjunction with a momentary inattention. It’s possible that the email contains sensitive or private information that isn’t appropriate for everyone who reads it. This should undoubtedly lower the number of such errors by allowing email addresses to be drafted and dropped between the To, CC, and BCC fields. Why? Drag and drop is a more attention-grabbing activity that demands a different type of focus than typing, and it will be much more difficult to get wrong, in my humble view.
The new system is also a usability enhancement that makes Gmail easier to use, which is a bonus in this case and it is a bonus when discussing any security implications. Boom. Win by double whammy.
The Gmail Android app’s new drag-and-drop feature has begun to roll out, and according to Google, it should be finished for all Gmail users including those with personal accounts by December 14.
Google Provides Three Security Tips for Android Users Using Gmail
Google advises examining certain Gmail security settings to make sure that no one who shouldn’t have access to your emails can do so. However, these cannot be viewed from within the Gmail app itself, so you will need to check them via a web browser.
Make sure the wording appears correctly by checking your signature.
Make sure the text appears correctly and that Out of Office Autoreply isn’t activated if it isn’t needed.
Ensure that all of the email addresses mentioned are yours by checking the ‘Send email as’ box.
Turn on ‘Grant access to your account’ to make sure that no unidentified individuals can access your account.
‘Check email from other accounts (using POP3)’ should be checked to ensure that all of the provided email addresses are yours.
Make sure a ‘Forward to’ filter isn’t automatically forwarding emails to an unidentified account.
Verify if you set up any filters that automatically remove messages (‘Delete it’).
Verify that no unidentified account is receiving your communications.
Check to see if your IMAP or POP settings are accurate.
Update the Gmail App
Last but not least, update your Gmail Android app in accordance with the guidance frequently offered by writers for Forbes.com’s cybersecurity section. The logic is straightforward: any security upgrades needed to keep you safe are likewise included when you update the app. Simply search for the Gmail app in the Google Play Store. If it says “Open” and nothing else, you already have the most recent version; if it says “Update,” you already know how to keep your Gmail secure.
For peace of mind, all Gmail users should finish the Google Account Security Check-Up.
For Android users of the Gmail app, all of the aforementioned Google security suggestions should be regarded as sound advice. However, there is one more suggestion that all Gmail users should heed: complete the Google account security check-up.
Imagine Gmail as a large, tasty cake with many layers of delicious frosting. Threat actors aim to obtain that cream in any way they can, whether they are scammers, hackers, or classic cybercriminals. They must consume the sponge layers in between in order to accomplish it. Okay, I realize that’s a corny analogy, but the point is still that the secret to keeping the cream out of reach is to make sure the layers of security sponge are as inedible to the hacker pallet as possible. This is why securing Gmail requires completing the Google account security check-up.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
