Recently, updated on November 18 with a law enforcement alert for risky email connections as the Christmas season draws near, as well as a new email threat warning since malicious image attachments have been discovered to circumvent current security measures.
This is the most recent development in Google’s continuous effort to close the security and privacy gap between the iPhone and Android operating systems, as well as between the larger Google and Apple ecosystems. This has the potential to revolutionise email usage for the 2 billion Gmail users.
With Apple’s Hide My Email feature, customers may protect their private email addresses from information brokers that sell lists of phone numbers and email addresses that fuel the global problem of cold calling and spam.
It appears that Google has now made the same choice, which was unexpected and not promoted alongside this year’s other privacy and security changes. According to Android Authority, “Gmail is a master at removing spam, but do you feel like you’re playing with fire and risking a whole bunch of unwanted contact every time you share your email with someone even slightly shady?” Based on our most recent teardown, it appears that Google may have a solution in the pipeline.
“You can create distinct, random email addresses that go to your personal email account with Hide My Email,” according to Apple, “so you don’t have to share your real email address when filling out forms, signing up for newsletters online, or sending emails.”
Although users can forward these ghost email addresses to any email address linked to their iCloud account, Apple’s Mail and Safari apps are where it really shines. In addition to enabling you to send messages straight from those protected addresses, this also gives you the choice to quickly generate a phantom email address anytime a Safari form requests one.
Google Play Services’ latest 24.45.33 APK version was torn down, and the website reports that after “cracking it open,” it discovered “a whole boatload of strings referencing and in support of something called ‘Shielded Email.'”
“To create limited-use or single-use email aliases that will forward messages along to your primary account,” according to the system. The new expose is centred on “specifically addressing apps that ask for your email address,” which is why it was discovered in a Play update, even though “we could imagine that something like this might be pretty useful in Chrome,” which would be similar to Apple’s strategy.
Google will only have complete control over the operation and usage of such shielded emails if it controls the email platform itself, which does include Gmail. This is similar to what happened with Apple and the iPhone, although it probably won’t be limited to Gmail.
Google’s action is commendable, and if it becomes as popular as Apple’s Hide My Email, Android users—the majority of whom will have one or more Gmail accounts linked to them—would greatly benefit.
“The experience appears to be integrated with Android’s autofill and presumably the Google Password Manager,” according to 9to5Google. Google’s plans to charge for Shielded Email are yet unknown. Making Google One pay could be a way to ensure that feature isn’t abused in addition to enticing people to sign up.
It’s evident that the security and privacy gap is closing presently, especially in light of live threat detection and spam call alerts. How quickly these updates will be released and which device OEMs will receive them are still the primary questions facing Android users. However, based on what we’ve already witnessed this week, it’s probable that the Pixels will receive this update first, which is another worry for Samsung customers who are already waiting for new features.
As of right now, this leaked update appears to be limited to Android users, unlike Apple’s equivalent. There is no word on whether it will eventually be available on desktop Gmail and other Google services that are accessed through Chrome. However, it would make sense to emulate Apple’s Hide My Email application throughout the whole Google/Gmail ecosystem, not just apps, once this is accessible.
Whether it’s one-time veiled email addresses or a universal email address for use on websites and other services where you’re worried about scams or your information getting onto malicious lists, third-party apps also accomplish the same thing.
By using cloaked email addresses, you can prevent cross-contamination by preventing attackers from using your real email address, which is also probably a login to websites and services, and you can quickly spot scams because you will know where your email address was stolen and can filter those emails straight into the trash.
The majority of images on the web are JPG or PNG files, which are made up of grids of tiny squares called pixels, each of which has a specific colour value, and together these pixels form the entire image. SVG, or Scalable Vector Graphics, displays images differently, as instead of using pixels, the images are created through lines, shapes, and text described in textual mathematical formulas in the code. This highlights the growing tactics of phishing emails, according to Bleeping Computer, which reports that “threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection.”
The goal of employing such strategies is to avoid automated detection on computers and phones as well as to more effectively deceive users into clicking on inappropriate links or filling out forms intended to steal financial or personally identifiable information as soon as possible, before suspicions are aroused.
Bleeping Computer claims that other SVG attachments used in a recent operation “look like official documents or requests for more information, and then you click the download button, which downloads malware from a remote site.”
We have already seen numerous warnings that harmful websites and manipulated search results are waiting to entice victims as we reach the holiday season, which is a scammer’s dream. These websites will all receive traffic from search engine poisoning, phishing emails, messaging applications, and social media.
Using limited-time offers or pushing things that appear scarce or not widely available, thieves frequently create false urgency, therefore UK law enforcement recently cautioned consumers “to exercise vigilance against any tactics that push them to act quickly without thinking.”
Remember the lure again. Falling victim is all in the hook, even if you ignore SEO poisoning, which is becoming a bigger hazard in and of itself. Identifying the initial approach is your best chance to prevent an assault before you become a victim.
“As Black Friday draws near, we have a straightforward message for anyone who shops online,” the UK cybersecurity organization cautions. “If something doesn’t feel right, stop what you’re doing, cut off communication, and avoid clicking on any links.”
In actuality, email is still a very basic technology in comparison to other platforms, and it is far too simple for an attacker to launch a harmful campaign that targets tens of thousands of victims at once. Our email clients still struggle to identify these kinds of attacks, particularly on small mobile screens that obscure a lot of information that could raise red flags on a larger device.
It is therefore not surprising that this new Google product is only available on mobile devices for the time being. As most of us now do, bringing your device to work or connecting it to company networks puts your data security and privacy at risk.
“A strategic evolution in mobile security – evasive cyberattacks are now the new normal, as cybercriminals are becoming more sophisticated in their mobile phishing attacks,” Nico Chiaraviglio of Zimperium recently warned. The weekly news of new mobile virus attacks make this very evident. Phishing lures, which arrive by email or social media messaging applications, are the starting point for nearly all of these attacks.
By next year, “mishing,” or mobile phishing, attacks “will become so sophisticated and evasive that modern tooling won’t be able to detect it,” according to Chiaraviglio. AI-driven mobile malware that can imitate user behaviour will become more prevalent, making it much more difficult to identify with conventional techniques. In addition to being the focal point of this treat, Android is more susceptible than iPhone, which makes Google’s platform defences even more important.
The bottom line is to make sure you use the new Gmail email cloaking when it arrives on your device, even though there isn’t any assurance on when it will happen.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
