David Kleidermacher

I started an (occasional) personal blog, inaugural post on #protectedcomputing. davek.substack.com/p/journey-to-p…

@trucku_kun @ssamat Many folks aren't aware how scammers use sideloading to harm users at scale, e.g. broadcasting texts to massive databases to trick people into installing malware. A great example is FluBot. Check out how that scam worked: europol.europa.eu/media-press/ne… ADV stops these attacks.

@ssamat "experts say" all over again I don't listen to "experts" but real world events , how this could help manipulated victims? lets think like a bad actor , a scammer acting like a girlfriend and connected to the victim phone , the "one time" step completed , the scammer install app

Android has always been about choice. Today, we’re sharing how we’re evolving the ecosystem so you don’t have to choose between an open platform and a secure one. We’re introducing a new advanced flow for sideloading where power users can go through a one time flow to enable their devices to load software from unverified developers. We’ve designed this process to stop more vulnerable users from being coerced to do this during a guided scam (which are a major problem today for people) We also have new account types for students and hobbyists that address their feedback.

We appreciate the public/private partnerships with governments around the world working with us to fight crime and protect the security and privacy of billions of users

Worried about “passkey lock-in”? This should help put your mind at ease: wired.com/story/passkey-…

@MishaalRahman Correct, we didn't request that Samsung turn on the Auto Blocker by default either

@DaveKSecure Thanks for responding, Dave. Just to clarify, are you saying that Google did not have anything to do with Samsung making the Auto Blocker feature enabled by default? Your original post used the word "create" which is why I'm asking.

You probably heard about Epic's latest lawsuit against Google, which alleges they were involved in the decision to make Samsung's Auto Blocker feature be enabled by default in the latest version of One UI. (Auto Blocker, if you aren't aware, is a feature that, when enabled, blocks sideloading apps from outside the Google Play Store or Samsung Galaxy Store.) Google is now coming out to say that Epic's lawsuit is a "meritless and dangerous move" and that they did not request Samsung create their Auto Blocker feature. Google goes on to state that "Android device makers are free to innovate and design additional safety features for their devices."

@MishaalRahman No we did not

I find the use of the word "create" in Google's statement to be interesting. Epic didn't allege that Google made Samsung create the Auto Blocker feature but rather made them turn it on by default. However, Epic admitted that they don't yet have any proof that there was any collusion. We'll have to see how things go in court. theverge.com/policy/2024/9/…

To make this about access to a game is deliberately misleading; this is about user safety. And Epic’s lawsuit puts their corporate interests above user protections. (5/5)

That’s why Google offers its own safety features such as Google Play Protect, which checks for harmful apps on a user’s device, regardless of where the app was downloaded. Android device makers are free to innovate and design additional safety features for their devices. (4/5)

🧵Epic’s latest lawsuit is a meritless and dangerous move. Google did not request that Samsung create their Auto Blocker feature. (1/5)

Putting aside their opinions on Wired, iVerify, and Palantir, the GrapheneOS account raises a lot of good points about how this "vulnerability" is way overblown and being misrepresented. And given how brutally critical of Google they often are, the fact that the GrapheneOS folks are coming out this hard in defense of them really shows how bad the reporting on this issue has been. The original report makes for a salacious headline but it falls apart really quickly when you actually look at the details.

@OpenAI claimed in their GPT-4 system card that it isn't effective at finding novel vulnerabilities. We show this is false. AI agents can autonomously find and exploit zero-day vulnerabilities. Paper: arxiv.org/abs/2406.01637 🧵 1/7

It's going to be a big day tomorrow! All that's left is to🙏 to the demo gods and try to get some good 💤's

Proud @Google joined @CISAgov + others to sign today's secure by design pledge.W/new tech&growing cyber threats I'm proud to work for a company w/such a strong security culture. That's why we've been using secure by design for years&amplify its criticality cisa.gov/securebydesign…

It's #WorldPasswordDay!! At @Google we're celebrating the journey on deprecating passwords! We're happy to report passkeys have been used 1B+ times across 400M Google Accounts. We're also sharing how we'll use them to protect high risk users blog.google/technology/saf…

Why AVF? open.substack.com/pub/davek/p/wh…

Thanks to AI Cyber Challenge collaborators such as @Google, competing teams will have access to state-of-the-art large language models and resources that uniquely support their development process. youtube.com/watch?v=JawYn4…

Two schools have both teams in the NCAA Final 4, first time! Win or lose, congrats NC State and UConn!

While at the Singapore Member Meeting, we seized the moment and recognized the inspiring women of the Alliance whose transformative work not only changes the world in which we live but also breaks barriers for the generations of women who will follow! #csaiot #womenintech pic.twitter.com/8ZhvKtg0Za