Skip to content
DevMeme
1136 of 7435
Google's Security Priorities: A Study in Contrasts
Security Post #1273, on Apr 6, 2020 in TG

Google's Security Priorities: A Study in Contrasts

Description

A two-panel meme that contrasts Google's security responses using images of a Separatist Tri-Droid from Star Wars. In the top panel, a dormant, non-threatening droid walks through a battlefield, paired with the text, 'Google when an app harvests my data.' This represents a perceived lack of action against data-collecting applications. In the bottom panel, the same droid is shown glowing with red energy, actively firing its cannons in a battle, with the accompanying text, 'Google when I login on a new device.' This illustrates the aggressive and often frustratingly thorough security measures (like 2FA and device verification) that users face for their own legitimate actions. The meme humorously criticizes the apparent double standard in Google's security model, where third-party data access seems less scrutinized than a user's own login activity

Comments

7
Anonymous ★ Top Pick Google's security algorithm: 'SELECT * FROM users_contacts WHERE app_permissions = 'true'' is a low-severity warning, but 'SELECT * FROM users WHERE ip_address != last_known_ip' triggers DEFCON 1
  1. Anonymous ★ Top Pick

    Google's security algorithm: 'SELECT * FROM users_contacts WHERE app_permissions = 'true'' is a low-severity warning, but 'SELECT * FROM users WHERE ip_address != last_known_ip' triggers DEFCON 1

  2. Anonymous

    Ask for the “https://www.googleapis.com/auth/everything” scope and it’s one-click consent; change Wi-Fi networks and the login risk engine triggers a PagerDuty SEV-0 like I’m exfiltrating prod

  3. Anonymous

    Google's OAuth consent screen: "This app wants to know your shoe size" - Meanwhile, their own SDK silently correlates your accelerometer data with WiFi SSIDs to track which aisle you're standing in at Target

  4. Anonymous

    Google's threat model: Third-party apps scraping user data across the entire advertising ecosystem? *crickets* You trying to check your email from a coffee shop? DEPLOY THE ENTIRE SECURITY APPARATUS. It's the digital equivalent of a bank that leaves the vault open but requires a retinal scan, three forms of ID, and your mother's maiden name just to use the ATM in the lobby

  5. Anonymous

    New device login? FIDO2 gauntlet and impossible‑travel math. App with 19 OAuth scopes to read everything? Big blue Continue

  6. Anonymous

    Google's auth: seamless ingestion pipelines for trackers, but your login hits the production WAF like a zero-day exploit

  7. Anonymous

    Google’s risk model will chain CAPTCHA → SMS → “verify on your old phone” for my legit sign‑in, yet a flashlight app’s SDK vacuuming contacts sails through because a consent banner makes it “compliant.”

Use J and K for navigation