go to sections menu

Is google starting to do the right thing in blocking http downloads over https? from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > Is google starting to do the right thing in blocking http downloads over https?

Go to Homepage, contents or to navigation menu

Is google starting to do the right thing in blocking http downloads over https?

There are multiple articles in the Sans News Bites in regards to Google blocking by October the mixed content aspect of web sites. Say you are downloading a file, and it says its mixed content. The site is https but your download is http. So far it has worked, but this google blog Protecting users from insecure downloads in Google Chrome gives an overview to Chrome and what is expected.

Google has a lot of resources, and applying them to make the Chrome browser more restrictive on unsecure downloads is a good thing. However, I’d really like to see more Google posts about improvements in pre-release security and privacy testing of apps in Google Play. Google’s Vulnerability Reward Program bug bounty payouts almost doubled from 2018 to 2019, which is kind of like a restaurant saying, “Our volunteer food testers removed twice as many glass shards from our food!” Google’s Play Protect was ranked at or the near the bottom of malware detection by AV-TEST in 2019 – it would be good to see many fewer glass shards in published apps.

One of the reasons why I don’t recommend android is because of this insecurity of their apps. The blind community may not get hit with these types of apps, but as shown way back in podcast 3 of the podcast, it can happen.

I recently sent podcast 3 to someone, and while the technology used in that podcast isn’t the greatest, the fact is, that it is still valuable today to have this podcast available. It was the reason why I got started in this business.

If Google is starting to do this protection in Chrome which they should be commended for, than Google needs to start fixing their store and making their apps more secure for everyone. No more apps that act one way in one country, and do something completely different somewhere else. NCSAM: Do you think Android is as secure as they claim? This Android app says not so much! talks about an app that did this.

You can definitely find articles on the topic of google and their insecurities in the play store. I’m not saying that IOS is any better, they all have their issues, but Google’s problems are well known because of the fact its more open.

What are your thoughts on this latest development on Google’s end to be able to blocked the mixed content and whether they could take this to their app store and finally boot these apps and make policies to only allow good apps there? Is it possible?

Informazioni sull'articolo

Is google starting to do the right thing in blocking http downloads over https? was released on February 20, 2020 at 11:15 am by tech in article commentary.
Last modified: February 20, 2020.

Comments (1)

  1. Comment by crashmaster date 24 February 2020 alle 12:38 (),

    I am in 2 different minds on this.
    1. yeah its a really good thing but.
    2. not every server is secured by https, and while most are, I know that not every download is.
    Depending what it is, if I have a secured site and my file depending what it is is in a location where its publically available but thats not secured but at the same time thats the only thing thats there why should I secure it.
    If its a demo of something that needs to et secured whatever from another place then its fine.
    Now granted a lot of stuff is secured some aint.
    The only thing that will happen is people switch to something else.
    Or find a way round it.
    And certs do expire.
    Suddenly you lose access to something.
    Right now I have lost access to some projects because their cert has expired.
    Here is the thing, those projects really don’t need securing exactly.
    I like the idea but autoblocking everything without user control of it means that if you find something that is not configured right things will go wrong fast.
    And depending on whatever it is it may be harder to get things to work right.
    For example if this site we are on now didn’t have security https and you didn’t have what you needed it just gets harder.

Leave a comment

You must be logged in to post a comment.

go to sections menu

navigation menu

go to sections menu