Google Now draws caution among security experts

Google Now, the smart assistant in the latest upgrade of the Android operating system, draws an uneasiness among security experts evaluating the risks the search-based feature for mobile devices brings to businesses.

Google introduced Now on Wednesday in unveiling Android 4.1 Jelly Bean at the company's I/O developer conference in San Francisco. Now is designed to use a person's search history, calendar, location and Google Maps to deliver useful information, such as the next bus for that appointment downtown or a weather warning on the day you plan to bike to work.

Several security experts told CSO they were concerned over Now, while acknowledging it was too early to say for sure whether there are risks to businesses. Like companies, consumers may also be uneasy with the amount of information going to Google and what the company can do with it.

Jon Oberheide, chief technology officer for mobile security vendor Duo Security, said: "I'm sure there will be opinions on both sides of the aisle: Privacy-focused users who are spooked by knowledge of Now and everyday users who are impressed and drawn to the utility of Now."

While consumer advocates worry about privacy, corporations will be thinking about the implications of having Now on the same device an employee is using to tap a company's web application or email server. At the very least, companies will want to have control to shut off the feature.

"Google states that you must opt-in to use these services, but it is unclear whether the management APIs (application programming interfaces) provided by Google will allow centralized control of these settings," Chester Wisniewski, security research analyst for Sophos, said.

Besides control, there's the question of third-party apps that will have access to Now and an employee's personal information, which could also include some corporate data. In addition, those apps could also be tied to the device's native Web browser, a favorite entry point for hackers.

"This could be especially concerning for corporate web-based apps if they depend on the native browser," Stacy K. Crook, analyst for IDC, said. "So a recommendation there would be for companies that have mobile web applications to look into secure browsers that they can have some control over to launch those apps in."

The challenge of securing mobile devices in light of the growing number of features is likely to push more corporations toward adopting security tools used in online banking today, Gartner analyst Peter Firstbrook said. Like banks, companies won't know in advance whether a device is infected with malware when it connects to web applications. As a result, companies will also need authentication, encryption, database monitoring tools and browser isolation software.

"We anticipate the bring-your-own-device (BYOD) trend will force organizations to use the same types of tools," Firstbrook said.

In the meantime, Wisniewski has found his own way to use features like Now and still keep corporate data safe. He uses a Research In Motion BlackBerry for business and an Android smartphone for his own use. "Personally, I hate carrying two devices, but I don't see a lot of safe alternatives," he said.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts