CybserSecurity News

Tag: Tech Regulation

  • The Sideloading Purgatory: Google’s Draconian Architecture to Subjugate the Independent APK

    Google is orchestrating a profound transfiguration within the Android dominion, an evolution destined to irrevocably alter the landscape of application installation beyond the confines of the Play Store. Whilst an absolute prohibition upon APKs birthed from auxiliary origins is not imminent, the orthodox, uninhibited protocol shall be subjected to draconian strictures. Driven by a resolute ambition to curtail the rampant contagion of malicious software, the enterprise is instituting a nascent architecture of trust: henceforth, the provenance of the package shall bear a weight equal to, if not exceeding, the package itself.

    The underlying philosophy of this reformation is exquisitely straightforward. The Android architecture shall bestow a vastly elevated degree of trust upon applications crafted by developers who have submitted to Google’s rigorous validation, even should these creations circumvent the Play Store’s distribution channels. To achieve sovereign publication, the artisan must authenticate their corporeal identity, consecrate cryptographic signature telemetry, and remit a nominal tariff. This cryptographic seal transcends mere bureaucratic formality. Through this instrument, the systemic architecture meticulously scrutinizes the package’s genesis, unmasks its publisher, and ascertains with absolute certainty whether the contents have suffered any clandestine transmutation post-publication.

    Google promulgates this nascent paradigm as an impregnable defensive aegis, vehemently denying any machinations to subjugate the entirety of the software ecosystem dwelling beyond its sovereign bazaar. The enterprise harbors no intention of subjecting the application’s contents to inquisition during the registration epoch, nor does it pledge any antecedent moderation. The gambit rests upon a profoundly disparate principle: when an application is inextricably tethered to a specifically authenticated artisan, an unequivocal domain of accountability materializes. Should such a participant commence the proliferation of venomous software, Google commands the absolute authority to sever their ingress to the sovereign distribution mechanism.

    The liberty to install software from virtually any conceivable origin has long stood as one of the platform’s most venerated hallmarks. Historically, this endeavor was the epitome of simplicity: acquire the APK, grant the requisite permissions, and ignite the installation. Google is not outright annihilating this subterranean conduit, but rather transmuting it into a labyrinthine choreography replete with rigorous scrutinies and mandatory hiatuses.

    The sovereign developer commonwealth shall be the vanguard to acutely perceive the reverberations of this nascent order. The further an artisan strays from Google’s sprawling ecosystem, the more labyrinthine the bureaucratic gauntlet they must endure. Whilst the nominal tariff is unlikely to manifest as an insurmountable barricade, the draconian mandate of identity verification may ruthlessly alienate those accustomed to operating devoid of cumbersome red tape, those fiercely protective of their personal telemetry, or those who conscientiously eschew colossal platforms. For boutique studios, fervent developer-enthusiasts, and clandestine projects, this September transfiguration shall erect a profoundly palpable barricade from the very onset.

    Hence, the wellspring of critique. Adversaries of this nascent architecture posit that Google is inexorably constricting the proliferation of software beneath its sovereign dominion, even in the absence of overt censorship. Nominally, the enterprise shall abstain from dictating which creations are ideologically permissible; nevertheless, the sheer imposition of this mandatory validation stratum irrevocably alters the foundational rules of engagement. The promulgation of software beyond the Play Store remains nominally viable; however, the unfettered proliferation of such packages absent Google’s benediction shall become an exponentially more arduous endeavor.

    Concurrently, Google harbors no immediate designs for the absolute extirpation of sideloading. A manual circumvention conduit shall be preserved for the seasoned cognoscenti, though navigating to it shall prove an arduous odyssey. The requisite configuration shall be buried deep within the esoteric developer parameters—a labyrinth the pedestrian smartphone proprietor customarily never traverses. Even upon the ignition of this specific toggle, the Android architecture shall violently refuse the immediate installation of an unverified application. The system shall first demand a solemn affirmation of intent, rigorously audit access to the apparatus, and only then mandate a coercive systemic resurrection.

    The choreography does not conclude there. Following the resurrection, an unyielding, mandatory twenty-four-hour purgatory commences. Even with the circumvention paradigm wholly ignited, the instantaneous installation of an unverified APK remains an absolute impossibility. Google is unequivocally maneuvering to shatter the orthodox paradigm of social engineering chicanery, wherein the digital marauder ruthlessly rushes their quarry, weaponizing urgency: imploring the immediate installation of an update, the download of a banking application, or the granting of access for spurious technical support. Within such a Machiavellian stratagem, velocity serves as the assailant’s most potent ally. A diurnal delay decisively shatters this coercive pressure and wholly dissipates the paralyzing miasma of panic.

    Upon the expiration of this diurnal epoch, the patron is compelled to re-enter that selfsame configuration labyrinth, endure the barrage of admonitions anew, and definitively elect the magnitude of the permission bestowed—be it ephemeral or perpetual. Only after conquering this exhaustive sequence shall the Android architecture permit the manual consummation of the installation. Such an action can no longer be characterized as inadvertent or precipitous. The systemic architecture shall halt the individual upon multiple occasions, brandish stark warnings, and ruthlessly compel the affirmation of their resolve.

    For the overwhelming majority of Android smartphone proprietors, these profound transfigurations shall likely transpire with near-absolute imperceptibility. The colossal bulk of applications is already ushered through the Play Store, wherein Google’s intrinsic scrutinies are perpetually active. The brunt of this monumental update shall fall with crushing force upon those who patronize alternative bazaars, manually install APKs, experiment with esoteric utilities, or disseminate their sovereign creations directly into the ether.

  • The Source Code Standoff: India’s New Security Rules Alarm Apple and Samsung

    A formidable confrontation is brewing in India between the state and preeminent smartphone manufacturers. The nation’s authorities are contemplating stringent new security mandates for mobile devices, which have already provoked sharp, albeit largely unspoken, resentment from titans such as Apple and Samsung.

    According to the Indian government’s initiative, smartphone architects may be compelled to relinquish the proprietary source code of their devices and implement specific software modifications. This proposal encompasses a suite of 83 security standards, which further dictates a mandatory notification to the authorities regarding significant software updates. Industry representatives contend that such requirements are globally unprecedented and pose a severe risk of exposing guarded trade secrets. These revelations emerged from sources familiar with the deliberations and internal documents scrutinized by Reuters.

    The strategy is a cornerstone of Prime Minister Narendra Modi’s policy, designed to fortify the protection of user data amidst a surge in online fraud and information breaches. India currently stands as the world’s second-largest smartphone market, boasting an ecosystem of approximately 750 million devices. The Ministry of Electronics and Information Technology has asserted its willingness to consider the legitimate apprehensions of the business sector with transparency, urging stakeholders to eschew premature conclusions.

    Following the dissemination of the Reuters report, the ministry specifically emphasized that its consultations with corporations are intended to cultivate a resilient and appropriate regulatory framework for mobile security. Nevertheless, the department refuted the allegation that it intends to demand source code from manufacturers, though it remained elusive as to how this denial reconciles with the documents currently under discussion.

  • Apple Urges EU to Repeal Digital Markets Act, Citing Delayed Features and Security Threats

    Apple has appealed to the European Commission with a call to reconsider and repeal the Digital Markets Act (DMA), a law introduced to curb the influence of the largest technology corporations. The company argues that the legislation has resulted in delays in delivering new features to users in the European Union, while simultaneously increasing risks to privacy and security.

    The law, which came into force in 2024, obliges major players—designated as “Gatekeepers”—to open their platforms to third-party developers and competitors. Brussels emphasizes that for Apple and others, this is not a matter of choice but a binding legal obligation.

    According to Apple, several services had to be postponed in Europe, including iPhone-to-Mac screen mirroring, real-time translation via AirPods, and location-based features in Maps. The company claims these delays stem from the need to adapt them for compatibility with third-party products and applications. Furthermore, Apple contends that the protective mechanisms it proposed to safeguard user privacy were rejected by the European Commission, leaving no viable compromise.

    Apple warns that the new rules have led to a less seamless and more hazardous user experience. The ability to install applications from external sources and access alternative app stores, the company argues, has opened the door to fraudulent services, malicious software, and content that was previously filtered out by the App Store.

    In June, Apple had already modified its policies and pricing in the European App Store to comply with EU antitrust requirements. Now, however, the corporation asserts that the DMA is not fostering market growth but instead complicating business operations in the region.

    The European Commission is currently conducting an initial review of the law’s effectiveness, collecting feedback from across the industry, including Apple. Officials maintain that the DMA’s primary purpose is to ensure competition and interoperability of services, with user interests remaining paramount. Criticism of the law has also emerged beyond Europe: the Trump administration in the United States has consistently opposed the DMA. Nevertheless, the European Commission insists that the regulations will be enforced in full, regardless of external pressure.

  • Is GitHub a Social Network? Australian Regulator Asks Code Platform to Self-Assess for Under-16 Ban

    The Australian eSafety Commissioner has issued a letter to GitHub, requesting clarification on whether the platform should be classified as a social network that could pose potential risks to children. The inquiry arises in anticipation of new legislation requiring certain platforms to restrict access for users under the age of 16.

    According to the law, these restrictions will take effect on December 10. However, the regulator does not independently determine which services must enforce the age ban. Instead, it identifies a range of companies expected to conduct self-assessments to determine whether they fall under the new requirements.

    The Commission has already stated that Facebook, Instagram, Snapchat, TikTok, X, and YouTube meet “many of the conditions” outlined in the law. A broader list of services subject to self-assessment includes Meta (Facebook, Instagram, WhatsApp), Snap, TikTok, YouTube, X, Roblox, Pinterest, Discord, Lego Play, Reddit, Kick, GitHub, HubApp, Match, Steam, and Twitch.

    Although GitHub’s primary function is software development rather than social interaction, it has nevertheless been included among platforms potentially subject to regulation. The law defines several criteria, including the ability for users to communicate with one another, publish content, and provide materials accessible to Australian audiences.

    While GitHub is not explicitly designed for social engagement, it does allow user comments, which at times foster hostile or aggressive exchanges. The platform also permits image uploads and supports the creation of personal websites through GitHub Pages.

    As a result, GitHub could theoretically host content unsuitable for children. Moreover, the service has previously been exploited by malicious actors as a channel for distributing harmful code.

    Experts note that the inclusion of GitHub on the list remains a contentious aspect of the new policy. The law lacks robust enforcement mechanisms to prevent minors from accessing social networks altogether: underage users may still exploit adult accounts or view certain materials without registering.

    As The Guardian recently revealed, even without logging in, users can encounter content involving gambling, violent imagery, or extremist propaganda.

  • Why the FTC’s Accusations Against Gmail’s Spam Filter Are Misguided

    Andrew Ferguson, Chairman of the U.S. Federal Trade Commission (FTC), sent a letter to Google CEO Sundar Pichai accusing Gmail of disproportionately filtering emails from Republican fundraising organizations into spam compared to similar Democratic messages. The controversy gained traction after a New York Post report alleged that communications from WinRed, a platform tied to the Republican Party and Donald Trump’s campaign, were being systematically blocked. As evidence, the article cited a study by the consulting firm Targeted Victory, which had worked with the National Republican Senatorial Committee and several members of Congress.

    In his letter, Ferguson referenced this material, claiming that Gmail’s selective treatment of political emails could constitute an unfair or deceptive practice, warning that such “bias” might harm consumers. In reality, however, the picture appears far more nuanced. Specialists monitoring global spam flows note that the issue lies not in ideology, but in WinRed’s mailing practices.

    The Estonian firm Koli-Lõks OÜ, which operates a network of “spam traps” for detecting unsolicited mail, reported that WinRed addresses far more frequently triggered these traps than the Democratic counterpart ActBlue. In the final week of July 2025, WinRed’s hits were nearly four times higher. Koli-Lõks explained that many traps are linked to old .com, .org, and .net domains once owned by U.S. organizations, and being flagged by them strongly suggests the use of outdated or purchased email lists.

    Other experts argue that it is precisely WinRed’s overly aggressive campaign tactics and frequent appearance in spam traps that degrade its domain reputation. Email filters, they emphasize, do not evaluate content or ideology—they treat a political donation request no differently than an advertisement for Viagra.

    Ferguson nevertheless also invoked a 2022 study often cited by Republicans, which claimed that Gmail disproportionately marked Republican emails as spam. Subsequent investigations, however, revealed the opposite trend across other email providers, where Democratic messages were filtered more often. Media outlets further reminded readers that lawsuits and complaints to election commissions on this matter failed, and Gmail’s prominence in the debate was driven largely by political convenience.

    Meanwhile, WinRed and its affiliates continue to face criticism for their aggressive fundraising tactics. In June, a family in Utah filed a complaint against the National Republican Committee, alleging they had received dozens of SMS donation requests even after repeated attempts to opt out. Messages arrived from rotating numbers, making them impossible to block. According to experts, such practices only erode trust in the platform and worsen its reputation among the anti-spam community.

    Koli-Lõks OÜ added that WinRed representatives had inquired about why their resources were appearing on risk lists but showed little interest in the technical explanations. Instead, they claimed that obstacles were being placed in the way of their political campaigning. In the view of specialists, however, the real culprits are purchased mailing lists and indiscriminate mass distribution—not political bias.

  • The Verdict Is In: Google Found Guilty, but Not Broken Up

    A U.S. federal court has taken a significant step in the antitrust case against Google. Judge Amit P. Mehta of the District Court for the District of Columbia ruled that the company will not be forced to divest its search business, but it must overhaul a range of practices deemed anticompetitive. Specifically, Google is now prohibited from entering into or maintaining exclusive agreements that tie the distribution of Search, Chrome, Google Assistant, or Gemini to other applications or financial arrangements. For example, Google will no longer be allowed to condition Play Store licensing on the mandatory installation of certain apps, nor link revenue-sharing payments to the preservation of specific services.

    The court also ordered Google to share part of its search index and user interaction data with so-called “qualified competitors,” in order to prevent rivals from being squeezed out of the market. In addition, Google must provide search and search advertising services to third parties at standard rates, enabling them to develop their own technologies and deliver quality results to users. A final ruling has not yet been issued: Google and the Department of Justice must submit a jointly agreed draft by September 10, reflecting the court’s position. The measures, once approved, are to last for six years and take effect sixty days after adoption, with a technical committee established to oversee compliance.

    These measures stem from Judge Mehta’s decision a year ago, in which he found Google guilty of unlawfully maintaining a monopoly in the search market. The DOJ, which launched the case in 2020, had sought far harsher remedies, including the separation of Chrome and possibly Android, as well as the termination of multibillion-dollar default search contracts with Apple, Samsung, and others. In 2021 alone, Apple received approximately $18 billion from Google for setting its search engine as the default option; total payouts exceeded $26 billion. By 2022, Apple’s share rose to over $20 billion, with the company collecting 36% of search ad revenue in Safari. Following news that the arrangement would remain intact, Apple’s stock rose in after-hours trading.

    During the proceedings, Judge Mehta highlighted that the vast majority of users never change their default settings, making such positions “extraordinarily valuable real estate” that locks out competitors and prevents them from gaining market traction. The DOJ had even proposed requiring Google to share not only its index and user data but also synthetic queries, ad statistics, and, in some iterations, source code and ranking algorithms—effectively transferring the company’s intellectual property. Google objected, arguing that such measures would stifle innovation, endanger user privacy, and undermine investment in R&D. CEO Sundar Pichai, in an April hearing, described the mandated data-sharing as “a de facto breakup of the search business.”

    Mehta indicated that he looked to the European Digital Markets Act as a reference point, which obliges Google to share portions of click and search data with third parties. However, the U.S. ruling is narrower and time-limited, unlike Europe’s permanent obligations, and considerably lighter than the DOJ’s original proposals. Experts note that the debate reflects a broader tension over which regulatory approach is more effective—strict codified rules or flexible, case-based judgments. They also emphasize that the legal battle with Google is far from over: appeals are expected, with the possibility of Supreme Court review extending proceedings well into 2027–2028.

    Meanwhile, Google faces another major trial concerning its advertising technologies. In April 2025, Judge Leonie Brinkema found the company guilty of illegally monopolizing AdTech markets. A new hearing on remedies is scheduled for late September and will focus on additional DOJ demands, including the potential separation of ad businesses and restrictions on Google’s advertising services.

  • Amnesty International Calls for Big Tech to Be Broken Up

    Amnesty International has released a new report titled Breaking up with Big Tech, calling on governments to curb the influence of the world’s largest technology corporations in order to safeguard human rights. The focus is on the so-called “Big Five”—Alphabet (Google), Meta, Microsoft, Amazon, and Apple. These companies dominate critical areas of digital life, from search engines and social networks to cloud infrastructure and app marketplaces. Amnesty warns that such de facto monopolies threaten rights to privacy, non-discrimination, freedom of expression, and access to information.

    The report explores in detail how these corporations amassed their power, the mechanisms they use to sustain it, and the strategies by which they seek to entrench themselves further in the emerging domain of artificial intelligence. Hannah Storey, Amnesty’s technology and human rights expert, noted that a handful of private actors have effectively become digital landlords, dictating the terms of engagement online. Concentrating such immense power in so few hands, she argued, endangers not only fair competition but also fundamental rights, with consequences that often spill over into the offline world. Amnesty recalls that its own investigations uncovered Facebook’s role in fueling ethnic conflicts in Ethiopia and Myanmar.

    In many countries, the services of these platforms have become so pervasive that it is nearly impossible to participate fully in public life without them. This gives the corporations extraordinary leverage over public discourse and information flows. Amnesty underscores that documented cases of selective content removal, biased algorithms, and inconsistent moderation clearly illustrate the dangers of allowing a small cluster of corporations to dominate the digital sphere.

    Under international human rights law, states are obliged to protect their citizens, including by regulating and restraining corporate power. This is the first time Amnesty has issued such a report, directly urging urgent intervention to rein in Big Tech’s dominance. The organization sent its findings to Meta, Google, Amazon, Microsoft, and Apple on August 12. Only Meta and Microsoft responded; Google, Amazon, and Apple had not replied at the time of publication.

    Amnesty supports the efforts of regulators and civic initiatives worldwide, urging that antitrust and competition law be regarded as tools for protecting human rights. In its view, governments must investigate anti-competitive practices by major firms and their impact on rights, block mergers and acquisitions that may harm society, and, where harm is proven, break up corporations. Special attention, the report stresses, must be given to the fast-growing sector of generative artificial intelligence to prevent abuses at an early stage.

    Ultimately, only decisive state action can prevent the digital realm from hardening into an oligopoly where the rules are dictated by a narrow circle of global corporations.

  • Germany Demands DeepSeek Chatbot Ban: Accuses Chinese AI App of Illegally Transferring User Data to China

    The Berlin Commissioner for Data Protection has formally called upon Google and Apple to remove the DeepSeek AI service from their app stores, citing serious violations of the General Data Protection Regulation (GDPR). Meike Kamp, head of the authority, stated that the Chinese company Hangzhou DeepSeek Artificial Intelligence, headquartered in Beijing, has been unlawfully collecting data from German users and transferring it for processing on servers located in China.

    Under the provisions of the GDPR—specifically Article 46(1)—personal data collected from residents of the European Union must be safeguarded in accordance with the stringent legal standards of EU law. However, China is widely recognized for its lax data protection norms and frequent cases of excessive state interference in the operations of private enterprises. Given this context, it is highly doubtful that DeepSeek can ensure an adequate level of data security for European users.

    As Kamp explained, DeepSeek lacks an official presence within EU member states. Nevertheless, its application remains freely available for download in Germany through both the Google Play and App Store platforms. The service is presented in the German language and functions in it as well, which automatically subjects the company to the jurisdiction and obligations of the European regulation.

    DeepSeek is a Chinese artificial intelligence platform that surged in popularity in January 2025 following the release of its third-generation chatbot, featuring enhanced capabilities. Despite its meteoric rise, the company soon faced allegations of unsafe data handling practices, drawing sharp criticism. Yet these controversies did little to hinder DeepSeek’s continued prominence within the global AI community.

    According to app store data, DeepSeek AI has been downloaded over 50 million times on Google Play alone, while amassing thousands of user ratings on the App Store.

    Back in May 2025, Berlin authorities offered the company the opportunity to voluntarily withdraw the app from German digital storefronts. DeepSeek, however, declined to comply. Now, regulators are invoking powers granted under Article 16 of the Digital Services Act (DSA), which allows public authorities to formally notify platform operators—in this case, Apple and Google—about the presence of unlawful content. Both companies are now required to review the submitted report and determine the fate of DeepSeek AI in their respective ecosystems.

    Though the request originated from a regional body, it is backed by regulators from Baden-Württemberg, Rhineland-Palatinate, and Bremen, as well as the Federal Network Agency (Bundesnetzagentur), underscoring the gravity of the situation. Google, Apple, and DeepSeek have all received inquiries for comment, yet none have issued official statements as of this writing.

  • Germany Demands DeepSeek Chatbot Ban: Accuses Chinese AI App of Illegally Transferring User Data to China

    The chatbot developed by the Chinese company DeepSeek has once again found itself in the European spotlight. Earlier this year, the product garnered attention when its creators claimed they had successfully developed and maintained their own artificial intelligence at a fraction of the cost compared to their American counterparts. Now, the service faces potential removal from app stores in Germany.

    The Berlin Data Protection Authority has requested that Apple and Google restrict access to the DeepSeek app for users in Germany. The demand stems from alleged violations of European privacy regulations. According to the agency’s head, Meike Kamp, the company transmits personal data beyond the borders of the European Union—an action deemed unlawful in this context.

    While cross-border data transfers are not outright banned, they are permissible only if the company can guarantee the same level of protection for individuals as required by EU standards. German regulators assert that DeepSeek has failed to provide sufficient evidence of compliance with these obligations. Particularly concerning is the possibility that Chinese commercial entities may gain access to user information.

    A ban on distributing an app through the Google Play Store and Apple App Store is a relatively rare move. The General Data Protection Regulation (GDPR) stipulates severe penalties for violations—fines may reach up to four percent of a company’s global revenue. It also allows for restrictions or outright bans on specific business practices.

    To enforce the ban on mobile applications, Berlin authorities are also invoking the Digital Services Act (DSA). Although the Federal Network Agency is formally responsible for its implementation in Germany, the capital’s data protection office has independently initiated proceedings, citing provisions of the GDPR.

    It is important to note that the restrictions will apply only to the mobile version of DeepSeek available via official app stores. The web-based version of the service, accessible through browsers, will remain operational.

    This is not the first instance of such regulatory action. In 2023, similar measures were temporarily enacted in Italy against ChatGPT, citing insufficient safeguards for minors and a lack of transparency in data processing.

    The situation surrounding DeepSeek is further complicated by the absence of an official company representative within the EU. Under European law, this enables any national authority within the bloc to initiate investigations and take enforcement actions independently, even if the organization is based outside the EU.

    Berlin officials have exercised precisely this right. It remains to be seen how Apple and Google will respond—and whether they will comply with the request.