5 Surprising Ways Google Improves Your Online Security

James Frew 05-07-2018

Google is famous for a lot of things, but privacy and security aren’t usually on the top of that list. Alongside Facebook, they are often heavily criticized for their behavior with your data. Whether it’s scanning your Gmail inbox to show you targeted ads or cooperating with the NSA to spy on users around the world, there’s a lot to be critical of.


At first glance, it would seem like you shouldn’t trust Google at all. But looks can be deceiving. Behind the countless headlines on privacy concerns, Google is working hard to improve your security.

1. Capture The Flag

Google's Capture the Flag game

Bug bounty programs 25 Awesome "Bug Bounty" Programs for Earning Pocket Money If you have expertise in security protocols, you could make some extra money hunting for bugs in popular apps and websites, and being rewarded with a bug bounty. Here are the best-paying programs in 2016. Read More are common in the tech world. Software companies promise rewards to programmers, hackers, and security experts who find vulnerabilities in their products. The company harnesses the power of a worldwide network of experts, who get to hone their skills and earn money at the same time. Capture The Flag (CTF) events also take advantage of the skill of experts, but use gamification 3 Unusual Ways Gamification Is Changing Your Life Today Gamification is about motivation, participation, and loyalty. It is a popular trend and a powerful business strategy. But have you noticed its subtle impact on your daily life? Read More and teamwork to get the job done.

CTF events differ from bug bounty programs though. To be rewarded for on a bounty program, developers have to spend time hunting through the software’s code looking for potential problems. CTF sets challenges around known issues as part of a timed competition, with points awarded to the winning team. The organizers can set challenges around any topic, but the most popular focus is on reverse engineering, exploitation, and real-world attacks like ransomware.

Google hosted their first CTF in April 2016, and it is now an annual event. Teams sign up to the qualifying round, typically hosted a few weeks before the main contest. Four members from each of the top ten teams then get flown to one of Google’s offices to participate. Prizes are paid out to the top three teams, with the first place winners receiving $13,337.


All competing teams can submit challenge write-ups and could earn between $100 and $500 for their efforts. For the 2018 contest, Google introduced Beginners’ Quests for any first timers or those new to security. Although these quests don’t qualify for contest points, they are an enjoyable introduction to security research.

2. Safe Browsing

Google's Safe Browsing tool

In May 2007, a year before Google launched their Chrome web browser, the search engine debuted its Safe Browsing anti-malware effort. They’d recognized that malware is commonly spread through “drive-by downloads” from compromised web servers. Google couldn’t patch the vulnerabilities in your web browser and plugins, but they decided they could alert you to potentially compromised websites in your search results.

Safe Browsing now protects over three billion devices worldwide. It’s not just Google products either—Safe Browsing is integrated into Firefox and Safari too. Even apps like Snapchat have begun to use Google’s Safe Browsing API to keep their users safe. As we live in an increasingly mobile world, Google has set an Unwanted Software Policy for Android. Any apps found to be in breach of that policy display warnings about misuse of data through Safe Browsing too.


3. HTTPS Everywhere

Google used Chrome to push for HTTPS adoption

Your connection to a website isn’t secure; at least it didn’t use to be. If the URL of a site begins HTTP, then the connection isn’t encrypted. This means that any data sent between your device and the website’s server could be intercepted. These are known as man-in-the-middle attacks What Is a Man-in-the-Middle Attack? Security Jargon Explained If you've heard of "man-in-the-middle" attacks but aren't quite sure what that means, this is the article for you. Read More and allow an attacker to insert themselves between both devices and read all the data. Sites that handle sensitive data, like email and online banking providers, have used HTTPS encryption for many years to secure your data in transit.

Google decided that Chrome should do more to warn you when your connection isn’t encrypted. This helps you decide whether to enter payment details and to identify phishing websites. The padlock next to the URL bar is a simple and clear visual aid to keep you informed. Although this was progress, Google decided this still wasn’t enough.

Chrome is the world’s most popular web browser with a 60.6% usage share. Decisions and features implemented in Chrome have a significant impact across the internet. So when Google decided to advocate for the adoption of HTTPS it had a huge knock-on effect. They began moving non-HTTPS websites lower down search rankings, and displaying a “not secure” warning alongside Chrome’s padlock. It was initially placed only on HTTP sites that asked for your data, but in July 2018, Google enabled the “not secure” warning for all non-HTTPS sites Google Is Making HTTPS the Chrome Default With well over half of all websites now encrypted, it's time to think of HTTPS as the default option rather than the exception. That is, at least, according to Google. Read More .


4. Google Play Protect

To stem the flow of Android malware, Google introduced Google Play Protect How Google Play Protect Is Making Your Android Device More Secure You may have seen "Google Play Protect" popping up, but what exactly is it? And how does it help you? Read More at their developer conference I/O 2017. Android had security protections, but they often didn’t communicate with one another, gave vague advice, and required a fair amount of input from you. Play Protect unites a lot of these features under one name. It now protects over two billion devices and scans 50 billion apps every day.

Play Protect uses machine learning What Is Machine Learning? Google's Free Course Breaks It Down for You Google has designed a free online course to teach you the fundamentals of machine learning. Read More to help identify Potentially Harmful Apps (PHA). By training the system to recognize patterns of behavior similar to known PHAs, it can scan new apps and identify any that may be PHAs. According to Google, the behaviors include “apps that attempt to interact with other apps on the device, access or share your personal data, download something without your knowledge, connect to phishing websites, or bypass built-in security features.” Google’s security team reviews potential PHAs for confirmation. That information is fed back into the machine learning algorithms to improve its detection capabilities.

5. Accounts Settings & Security Checkup

Account settings let you control your Google accounts

Hopefully, this won’t come as a surprise, but Google knows a lot about you How Much Does Google Really Know About You? Google is no champion of user privacy, but you might be surprised just how much they know. Read More ; probably more than you realized. Unlike some of their contemporaries, though, they understand the importance of trust. You’d only feel comfortable with Google handling your location, emails, calendar, search history, YouTube uploads, and more, if you could be sure that data stays safely locked away inside your account.


As it contains so much personal information, the security of your Google account is critical, not just to you, but to Google too. The My Account dashboard What Does Google Know About You? Find Out and Manage Your Privacy and Security For the first time, search giant Google is offering a way for you to check the information it has about you, how it is gathering that data, and new tools to start reclaiming your privacy. Read More has been designed to make securing your account and managing the data Google holds about you easy to maintain. The sidebar navigation lets you quickly switch between Sign-In & Security, Personal Info & Privacy, and Account Preferences.

Their Security check-up tool even guides you through the most crucial security settings so that if you don’t want to deep dive into all the settings, you don’t have to. When using Google products, you’ll occasionally be prompted to review your security settings. In the past, Google has even given away free Google Drive storage as a reward for completing the checkup.

Unlike Facebook, where a labyrinth of complex options get in your way, Google makes it very easy to view and remove data stored in your account. Navigate to the My Activity page, and you’ll be able to find your full history, filterable by product and date. Either select the data you want to delete or use the “Delete activity by” tool to easily find the information you want to be removed.

Do You Trust Google?

In many ways, Google deserves its reputation as a security and privacy nightmare. Their longstanding motto “don’t be evil” was even recently removed from the preface of their code of conduct. This was right around the time they courted controversy with their involvement in developing AI for military drones.

Despite these apparent concerns, Google is a large, complex company with many aims. Their commitment to security—even if it comes at the detriment to your privacy—is commendable. By using their considerable influence to remove malware from Android, and nurture the development of security professionals around the world, Google makes the internet safer for us all.

Related topics: Google, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Ty
    September 10, 2018 at 4:25 pm

    Here is a repost without links just in case.

    Wow I had no idea it would get this bad: Chromium/Google Chrome has introduced DNS Proof Fetching which is arguably one of the greatest privacy concerns the international community has ever seen. Google calls this "Certificate Transparency DNS-based protocol." For maintaining a database of all known and unknown ssl certificates. You will see the new DNS queries begin after the installing the latest Chromium v69.0.3497.81-r576753-win64 (stable).

    New Privacy Concerns for every human on planet earth:

    1. Requesting an inclusion proof leaks each and every visited domain to the client software supplier in realtime, that being Google, even for Chromium users; This gives Google droves of data once only accessible to the users ISP, and consolidates further the American companies monopoly on international population surfing data, statistics, & demographics. Chrome does this for local hosts and hosts not obtained by a DNS resolver, including IP to IP, IP to router, local SQL servers and any other local server accessed through a Chrome browser... potentially mapping sensitive global server infrastructure. To clarify, now every time you connect to your HTTPS protected router UI, a query is sent to ct-googleapis-com.
    2. Cross-resolver leakage (after enabling/disabling VPN/TOR, or switching DNS services)
    3. Leakage of client information via edns-client-subnet
    4. Realtime Disclosure of actual visited hosts vs DNS resolved hosts [previously only known by ISP]
    5. Realtime Disclosure for hosts whose address was not obtained via DNS lookup
    6. Local authoritative resolver leakage

    Not sure I can post links, so do some research on Privacy implications of Certificate Transparency’s DNS-based protocol
    Mitigation? Remove AuditProofQuery from Chrome source code and recompile.

    Until then you must block the ct-googleapis-com domain. This can only be done with wildcard/subdomain supported hosts like dnsmasq and dnscrypt. Given the unique inclusion hash in the dns subdomain, this cannot be blocked in a windows hosts file.

    As of have I have not been able to block it using the only Windows hosts replacement software that supports wildcards, Acrylic DNS Proxy.

    Google claims they chose the DNS protocol for privacy reasons to prevent collecting users IP address, thus data is only linked to the DNS Resolver. The caveat is less a privacy threat for individual users, and more a privacy threat for entire populations of people. Google will know _exactly_ what every town is up-to on planet earth. Here is an example of what google does to large populations of people:

    Two days ago a number of Syrian STATE and media-linked YouTube accounts have gone dark, as the battle for Idlib looms amid Russia’s warnings of an imminent false-flag chemical attack and Western preparations for retaliatory strikes. Yes Google will ensure you die in the dark, without a voice or audience to hear it. Far from a passive observer in war.

    It may be worth to noting this code was released the day before the blackout. On top of the censorship, the potential that this data will be siphoned via FISA court orders and used by the American military and intelligence establishment for espionage and assisting their high priority targets in illegal wars of aggression against sovereign states around the world should make blocking of this protocol a top priority for ISP's, DNS revolvers, and users around the globe who value living.

    Thank you!

  2. ty
    September 10, 2018 at 4:17 pm

    Interestingly, I noticed safebrowsing dns requests in dnsmasq while it was turned off... so I blocked the domain with diversion on my asuswrt router with merlin. Do you allow links here? Just a test to see if this gets through as well.

  3. dragonmouth
    July 5, 2018 at 1:35 pm

    Ostensibly, Safe Browsing, protects browser users from malware. In actuality, it is used by Google to track user's browsing habits.

    • James Frew
      July 5, 2018 at 1:46 pm

      That's why I was interested to do this article - the idea that things can be both good and bad at the same time.

  4. ReadandShare
    July 5, 2018 at 5:54 am

    Yes, granted that Google does a lot to protect us from third-party baddies. But never forget that everything we do/read within Google (search, browser, mail, voice, maps, etc., etc. are all essentially transparent to Google itself -- which is at heart the world's most powerful and most successful marketing company!

    • James Frew
      July 5, 2018 at 6:16 am

      They are definitely incentivized to secure your data for their own purposes, but some things like promoting a switch to HTTPs work out great for everyone.

      • dragonmouth
        July 5, 2018 at 1:49 pm

        " some things like promoting a switch to HTTPs work out great for everyone."
        Just because Google encourages the use of HTTPS does not mean they have turned into the paragons of security and privacy. Everything Google does has only one goal - to increase the bottom line, not for any altruistic reasons. If it doesn't improve the profits, it gets deep-sixed. How many projects has Google killed in the last few years? Google is as ruthless and rapacious as Microsoft and Facebook. Whether the hand that has you by the throat wears a steel gauntlet or a a velvet glove, it still has you by the throat.

        • James Frew
          July 5, 2018 at 1:53 pm

          I don't disagree - their business model is generally harmful to protecting privacy and security. But, the profit motive incentivises them to put more effort into improving security outside of their own products, which has a positive effect.

      • dragonmouth
        July 5, 2018 at 2:17 pm

        "the profit motive incentivises them to put more effort into improving security outside of their own products, which has a positive effect."
        Do you perchance work as a spinmeister for a politician?

        "Positive effect" for whom? Google? The question is whether Google is not a greater threat to security/privacy than the actors it is trying to stop.

        • James Frew
          July 5, 2018 at 2:21 pm

          Well, yes, that is the right question - so although it has a positive effect, its not necessarily a net positive.