MacInTouch Amazon link...

Google (and Chrome) security issues

Channels
Security
I want to know what Google was smoking that would cause an application updater, even by accident, to unlink /var. That's like deleting the kernel. Things like that don't happen "by accident", and I would like to know what they thought they were trying to do.
As for testing, it also proves that Google doesn't check error logs as a part of their alleged test process. Looking at the screenshot on the MrMacintosh site, we can see that SIP logged a sandbox violation at the attempt. Clearly, Google either didn't look at the system log or they ignored the error.
Back in the day, an Apple iTunes updater script deleted all files on some drives due to missing quote marks:
Wired said:
Glitch in iTunes Deletes Drives
Some Macintosh users who rushed to download the latest version of iTunes – Apple's popular digital-music player –were singing a song of woe on Friday. A bug in the installation procedure caused the application to completely delete their computers' hard drives.
 


Well, I suppose this Google Update issue shows that SIP actually lives up to its name: it managed to protect the integrity of systems. It did what it was designed to do. This time it was (probably) just a moronic oversight from a legitimate developer, but it would have thwarted a malicious attempt to remove /var just as well. I feel safer for not having it disabled permanently.
 


Here's an illustrated remediation procedure for people hit by Google's silent Mac-killer Chrome updater:
I decided, given that I hardly ever use Chrome and its need to call home on a daily basis, to remove it. I used AppDelete this time. However, I discovered that AppDelete did not find and remove the Google directory and plist file in my User/Library folder, which I had to remove manually. Thought that was the entire point of using AppDelete in the first place, but whatever. It's gone.
 


Ric Ford

MacInTouch
This looks pretty bad, but the cause is unclear at the moment:
Here's a follow-up, with some quotes from Avid:
BleepingComputer said:
Buggy Google Chrome Update Behind Recent Unbootable Macs
A wave of reported Macs being no longer able to boot was caused by a recent Google Chrome update that was corrupting a necessary operating system folder. Once the update was installed, affected users found they were no longer able to boot into macOS.

Yesterday we reported that some users of the Avid Media Composer video editing program were not able to boot their Macs after shutting down or restarting. While some users were concerned it was a virus, the thought was that a system folder was being corrupted.

It turns out that this issue is not being caused by a virus or an Avid update, but rather by a faulty Google Chrome for Mac update that is causing the /var symlink to be removed.

According to a Google Chrome open bug post, this is being caused by a bug in a new version of Google's software updater, codenamed Google Keystone.
 


Thought that was the entire point of using AppDelete in the first place, but whatever. It's gone.
AppDelete (and most all other such utilities) isn’t that smart. It just knows the names of the app and developer, and looks for any files containing either or both names. You can do the same thing with a good find utility. But lots of apps have a habit of installing files that don’t refer to the app or developer, for a variety off reasons. That’s why it’s always preferrable to check with the developer for instructions. Not sure why it missed the .plist, but here are some other places to look for Chrome related data that were probably missed:
/Library/Application Support/Google/​
/Library/Google/​
~/Library/Application Support/Google/​
~/Library/Google/​
 


AppDelete (and most all other such utilities) isn’t that smart. It just knows the names of the app and developer, and looks for any files containing either or both names. You can do the same thing with a good find utility. But lots of apps have a habit of installing files that don’t refer to the app or developer, for a variety off reasons. That’s why it’s always preferrable to check with the developer for instructions. Not sure why it missed the .plist, but here are some other places to look for Chrome related data that were probably missed:
/Library/Application Support/Google/​
/Library/Google/​
~/Library/Application Support/Google/​
~/Library/Google/​
By the way, EasyFind couldn't locate the ~/Library/Google/ folder and contents either. If I hadn't read about them, I wouldn't have known either.
 


By the way, EasyFind couldn't locate the ~/Library/Google/ folder and contents either. If I hadn't read about them, I wouldn't have known either.
Robert, How in the world would the very reliable EasyFind app not find a folder named "Google" in your home/Library folder? I suggest you take a second look at the EasyFind settings prior to initiating a search with this app. (If we cannot rely on EasyFind to absolutely locate what we ask, what can we possibly trust?)
 


Robert, How in the world would the very reliable EasyFind app not find a folder named "Google" in your home/Library folder? I suggest you take a second look at the EasyFind settings prior to initiating a search with this app. (If we cannot rely on EasyFind to absolutely locate what we ask, what can we possibly trust?)
Dunno. I checked the box to find hidden folders/files, too. Tried different Word or Phrase settings, as well. I was a bit perplexed by its failure myself. However, a simple command line search in Terminal found it quite easily.
 


Robert, How in the world would the very reliable EasyFind app not find a folder named "Google" in your home/Library folder? I suggest you take a second look at the EasyFind settings prior to initiating a search with this app. (If we cannot rely on EasyFind to absolutely locate what we ask, what can we possibly trust?)
I just ran EasyFind 4.9.1 and it found a "Google" folder in my ~/Library/ folder. My search included "Invisible Files & Folders", so you may need to be sure you are checking for those.
 


I just ran EasyFind 4.9.1 and it found a "Google" folder in my ~/Library/ folder. My search included "Invisible Files & Folders", so you may need to be sure you are checking for those.
Just tried again and realized I had selected some subdirectory in my user folder to search rather than the Macintosh HD or Users/ directories. After that, it located the items (in the Trash). I see, however, that there's also an empty cache folder in Library/ as well. So, my error.
 



Dunno. I checked the box to find hidden folders/files, too. Tried different Word or Phrase settings, as well. I was a bit perplexed by its failure myself. However, a simple command line search in Terminal found it quite easily.
When using EasyFind, make sure the location you are searching is your complete disk, not limited to a specific folder. EasyFind will default to the last folder (or other designated area) for searching when you open it, and it is easy to forget to update the search area (mea culpa).

When I searched using EasyFind v4.9.3 (El Capitan), it found five instances of a "Google" folder, two under the general /Library, two under the user ~/Library, and one in the caches folder under the user.
 


When using EasyFind, make sure the location you are searching is your complete disk, not limited to a specific folder. EasyFind will default to the last folder (or other designated area) for searching when you open it, and it is easy to forget to update the search area (mea culpa). When I searched using EasyFind v4.9.3 (El Capitan), it found five instances of a "Google" folder, two under the general /Library, two under the user ~/Library, and one in the caches folder under the user.
Yup, that's exactly what happened. I forgot to change the default location. I also had the settings set to look for only specific file types. After changing those setting, it worked as anticipated. User error in this case.
 


Ric Ford

MacInTouch
Here's a pretty good write-up on the Google Chrome disaster:
Sophos said:
Chrome cripples movie studio Mac Pros
... When Mac users install Chrome, they’re not just getting the browser. Google also installs another module under the hood called Keystone. It’s an update manager that regularly checks to see if there are new versions of Google programs and updates them behind the scenes. Doesn’t that make you feel safe? Well, it does, until it goes wrong. The latest version of Keystone was broken.

... Macs are supposed to prevent programs from tinkering with the system by default, using a projective measure called System Integrity Protection (SIP). Also known as rootless, it’s a feature introduced in the El Capitan version of macOS that protects system-owned files from alteration. It even protects them from sudo, which is the Linux command that people use when they’re doing dangerous stuff on the system and need to escalate their privileges.

SIP is switched on by default, but programs wanting deep access to graphics cards, like, say, a movie editing program, often need it turned off. That’s why Avid users were so vulnerable to the issue, but it also affects pre-El Capitan versions of macOS that didn’t have SIP installed.
 


Ric Ford

MacInTouch
A stealth program, sneaking in under the covers of a major app and constantly running with all-powerful "root" priviliges... what could possibly go wrong?
Eclectic Light Co. said:
Hollywood’s lessons
... Google’s rogue Keystone update erroneously attempted to remove the /var symbolic link on the startup volume. As that’s normally protected by SIP, if your Mac was running with SIP enabled, it couldn’t do that, and no harm was done. However, many of the affected Macs were running with SIP disabled, apparently to enable support for third-party video cards. As the Keystone updater also cast aside the last protection on that symbolic link by running as root, it was able to delete that vital link. Without the /var symbolic link, the affected Mac is unable to boot normally.

... This is also a good illustration of how automatic updating can be dangerous. In a studio full of Macs, it’s a wise plan to update one test system first, and verify that isn’t adversely affected as a result. Had that been observed here, the bug should have become manifest on that test system alone, and others not updated until the bug was fixed.

That Google should have released an auto-update, which it knew would be rapidly deployed across millions of Macs, that contained a script or tool which attempted to delete a key symbolic link within macOS, should also be cause for grave concern. To perform this, the script or tool would have to be running as root, and this bug is prime evidence that Google’s update quality assurance was woefully inadequate.

Several wise people have laid part of the blame on SIP, which is a bit like blaming a sprinkler system for causing a fire.
 


And Google's entire business plan depends on sucking every bit of personal information about you and your e-mail correspondents, and selling it. Thanks, but no thanks. I have foresworn Google and all its minions.
I think you're confusing them with Facebook. Google has specific privacy policies in place that contradict your claim.

Of course, if you leave yourself logged into your Google account and then use Google services (like YouTube or Google Search, for example), Google does keep track of things you've searched for, video searches, the history of what you've watched (all of which you may delete if you wish or even turn off the tracking) but those details are yours and are not shared with advertisers (which I assume is what you are referring to).

Those details are only provided to third parties if there's a legal requirement to do so (as in some sort of criminal matter - a request by law enforcement) or a query by a G Suite admin whose domain you are a part of, but in this latter case, it's your company's privacy policy that trumps your personal privacy; take that up with your company's IT/HR personnel.

Do note that there are exceptions to this, but they involve things like "endorsements", which, of course, involve you promoting yourself as an authority; in this case, yes, you are spreading your own info across the web.

Have there been leaks or errors in the execution of their policies? Sure; but Apple manages to fubar things, as well.
 


I think you're confusing them with Facebook. Google has specific privacy policies in place that contradict your claim.
Of course, if you leave yourself logged into your Google account and then use Google services (like YouTube or Google Search, for example), Google does keep track of things you've searched for, video searches, the history of what you've watched (all of which you may delete if you wish or even turn off the tracking) but those details are yours and are not shared with advertisers (which I assume is what you are referring to).

Those details are only provided to third parties if there's a legal requirement to do so (as in some sort of criminal matter - a request by law enforcement) or a query by a G Suite admin whose domain you are a part of, but in this latter case, it's your company's privacy policy that trumps your personal privacy; take that up with your company's IT/HR personnel.

Do note that there are exceptions to this, but they involve things like "endorsements", which, of course, involve you promoting yourself as an authority; in this case, yes, you are spreading your own info across the web.

Have there been leaks or errors in the execution of their policies? Sure; but Apple manages to fubar things, as well.
Google lies through their teeth, which certainly puts them in a class with Facebook, but they have clever dodges, such as saying they don't personally identify any things, but the whole point is that they don't have to, since their data science allows them to reconstruct all of that. Use any of their services at your own peril.

See, for instance, this article, which includes this simple statement:
NYTimes said:
10 Tips to Avoid Leaving Tracks Around the Internet
“The number one thing that people can do is to stop using Google,” wrote privacy consultant Bob Gellman. “If you use Gmail and use Google to search the web, Google know more about you than any other institution. And that goes double if you use other Google services like Google Maps, Waze, Google Docs, etc.”
And:
"I don’t like Apple’s phones, their operating systems, or their looks,” wrote Aaron Soice, "but the one thing Apple gets right is valuing your data security. Purely in terms of data, Apple serves you; Google serves you to the sharks."
 


Ric Ford

MacInTouch
Purely in terms of data, Apple serves you...
Let's not fool ourselves, because that's patently untrue on its face, regardless of Apple's clever reality distortion fields and marketing. The company very obviously uses you and me and the rest of its customers and all our very personal data and interactions to serve itself and its profits/shareholders (as I've described in past posts and others have documented all over the Internet).

That's not to say Google isn't equally as bad or worse, and I don't have enough space or energy to begin to describe Facebook's abuses and destruction, but let's not paint Apple as the panacea or our benefactor.
 


Let's not fool ourselves, because that's patently untrue on its face, regardless of Apple's clever reality distortion fields and marketing. The company very obviously uses you and me and the rest of its customers and all our very personal data and interactions to serve itself and its profits/shareholders (as I've described in past posts and others have documented all over the Internet).

That's not to say Google isn't equally as bad or worse, and I don't have enough space or energy to begin to describe Facebook's abuses and destruction, but let's not paint Apple as the panacea or our benefactor.
It was a direct quote, and not my own opinion, which is somewhat more guarded: Apple will always use whatever data you allow it to have to sell products and services to you, and probably to help it decide which new products/features and services to offer. But its basic business model stands alone. It does not exist to sell ads, nor to enable "analytics" that threaten democracy. It sells such information on to no one. And with Microsoft, it has made a firm stand against the intrusion of government into private information.

Google is in another class altogether, and then there's (shudder) Facebook.

Yes, Apple does use "you and me and the rest of its customers and all our very personal data and interactions to serve itself and its profits/shareholders." Just like every company, ever, starting with the ma and pa general store that kept a record of the credit extended to each customer in town. The question is whether it shares or abuses that normal business relationship with a customer, or buckles under government threats to constitutional guarantees of privacy. I'm old and suspicious enough not to trust Apple or any other large corporation without proof, but what evidence there is indicates that Apple does not abuse that trust, unlike almost any other tech giant (possibly Microsoft excepted).
 


Ric Ford

MacInTouch
Apple will always use whatever data you allow it to have to sell products and services to you, and probably to help it decide which new products/features and services to offer. But its basic business model stands alone. It does not exist to sell ads...
It may not literally “exist” to sell ads, but note the facts in this previous post regarding Apple’s ad businesses.

Meanwhile...

#advertising
 


Ric Ford

MacInTouch
Yes, Apple does use "you and me and the rest of its customers and all our very personal data and interactions to serve itself and its profits/shareholders." Just like every company, ever, starting with the ma and pa general store that kept a record of the credit extended to each customer in town. The question is whether it shares or abuses that normal business relationship with a customer, or buckles under government threats to constitutional guarantees of privacy.
I guess it depends on where you live...
The Guardian said:
What price privacy when Apple gets into bed with China?
... Apple’s website contains thefollowing bold declaration: “At Apple we believe privacy is a fundamental human right.” What ancient English adage does this bring to mind? Answer: “Fine words butter no parsnips.” In other words, what matters is not what you say, but what you do.

What brings this to mind is the announcement that from now on, iCloud data generated by Apple users with a mainland Chinese account will be stored and managed by a Chinese data management firm – Guizhou-Cloud Big Data (GCBD). “With effect from 28 February 2018,” the notice reads, “iCloud services associated with your Apple ID will be operated by GCBD. Use of these services and all the data you store with iCloud – including photos, videos, documents and backups – will be subject to the terms and conditions of iCloud operated by GCBD.”

The new terms and conditions for Apple users in China contain a clause. “If you understand and agree,” it reads, “Apple and GCBD have the right to access your data stored on its servers. This includes permission sharing, exchange and disclosure of all user data (including content) according to the application of the law.”
Top10VPN said:
In China, Apple Isn’t the Privacy Advocate It Claims to Be
... The first shift in what Apple offered its Chinese users took place in mid 2017, when it suddenly removed more than 60 VPN apps from its China App Store, including those from popular providers like ExpressVPN, StarVPN, and VyprVPN, all of whom were not registered in China. Suddenly, accessing content beyond the Great Firewall became significantly more difficult. Developers were only sent a short notification saying that their app was removed because “it includes content that is illegal in China.” Only after the removals received significant media attention did Apple release a statement saying that it was complying with local laws.

... While this censoring of apps received significant attention among China watchers and Asia privacy experts, it got little coverage in the US, where Apple was taking advantage of the controversy around Facebook’s role in the Cambridge Analytica data-harvesting scandal to promote itself as a tech company that cared about user privacy.

For global tech and human rights advocates, this positioning reeked of hypocrisy.
#applesecurity #appleprivacy
 


I guess it depends on where you live...
Didn't the EU enact legislation some years back to insure that all cloudy data owned by EU citizens and entities had to be stored on systems in the EU?

If I also recall correctly, Apple has stated for years that it abides by the laws invert jurisdiction in which it does business. You can certainly complain about the laws there or here, but at least there's an internal consistency to their actions. The cloud data service requirement and banning of VPNs in China are parts of a larger governmental effort to enable the government to monitor all Internet traffic in the country) and limits its access to parts of the Internet beyond its borders. It will be interesting to see where Apple comes down in its oft-stated commitment to protecting users' privacy when that is fully implemented.
 


Ric Ford

MacInTouch
For those of you still using Chrome after it destroyed a bunch of Mac systems via its invisible updater rootkit:
BleepingComputer said:
Chrome Zero-Day Bug with Exploit in the Wild Gets A Patch
Google on Thursday night started to roll out an update for Chrome that patches two use-after-free vulnerabilities, one of them having at least one exploit in the wild. Both security issues are serious as they could be leveraged to take control of a vulnerable system ... a fix for them is delivered with Google Chrome 78.0.3904.87, available for Windows, Mac, and Linux users. The update will reach the entire user base of the browser in the coming days, possibly weeks, Google informs in a blog post.
 


Ric Ford

MacInTouch
As if Google didn't already have enough extremely personal data on everyone...
Ars Technica said:
Google has access to detailed health records on tens of millions of Americans
Google quietly partnered last year with Ascension—the country's second-largest health system—and has since gained access to detailed medical records on tens of millions of Americans, according to a November 11 report by The Wall Street Journal.

The endeavor, code-named "Project Nightingale," has enabled at least 150 Google employees to see patient health information, which includes diagnoses, laboratory test results, hospitalization records, and other data, according to internal documents and the newspaper's sources. In all, the data amounts to complete medical records, WSJ notes, and contains patient names and birth dates.
Of course, Apple has jumped into the same arena with both feet....
CB Insights said:
Apple Is Going After The Healthcare Industry, Starting With Personal Health Data
The market opportunity in healthcare is huge, and Apple sees healthcare and wellness as a core part of its app, services, and wearables strategies. Now the company is aiming to become your personal health record, jumping into research, medical devices, and more.
 


Ric Ford

MacInTouch
What could possibly go wrong with storing personal photos/videos in the "cloud" – in this case, Google's?
Bleeping Computer said:
Google Bug Sent Private Google Photos Videos to Other Users
In a serious privacy lapse, Google is notifying users that videos stored in their Google Photos account were mistakenly shared with other unrelated users.

... As you can imagine, for those who are affected, this is a serious privacy lapse as users expect their photos and videos to remain private and not be shared with any others.

This bug also illustrates the inherent risks of storing your data in the cloud. Unless you can encrypt your cloud data using a passphrase you supply and that only you know, bugs like this or inappropriate access by cloud storage employees could lead to your private information, photos, and videos being exposed.
 


For those of you still using Chrome after it destroyed a bunch of Mac systems via its invisible updater rootkit:
With all the problems being reported about Chrome and constant updates, is the Chromium browser affected by any of them? The problem I have with Chromium is finding out when there is an update. I know I can manually check for an update, but that takes planning for something I don't often use.
 


Ric Ford

MacInTouch
The problem I have with Chromium is finding out when there is an update. I know I can manually check for an update, but that takes planning for something I don't often use.
I haven't tried it, but there'a a Chromium updater extension that checks FreeSMUG for new releases.

Apart from Google's dangerous Chrome updater and a few other proprietary parts, it uses the Chromium engine, so vulnerabilities and fixes there apply to both.
 


A stealth program, sneaking in under the covers of a major app and constantly running with all-powerful "root" priviliges... what could possibly go wrong?
I was curious about the hidden updater issue so did the Terminal check for com.google.Keystone.Agent - seems not on board in my system. But I do not
recall manually deleting it. Had Google desisted in installing the auto updater at some point? ... I have to take that back. Apparently the Terminal command did not reveal the file. I did a manual search in the LaunchAgents folder and, voila, there it was.
 



Thanks. Funny, one system I had with the "agent" installed did not reveal via the terminal command, indicating "not found" even though it did reside in the Launch Agents folder. Another system did reveal the existence, and a manual alternative to Terminal is also useful:

User > Library > Launch Agents​
I assume the file will reappear at the next update.
 


Another system did reveal the existence, and a manual alternative to Terminal is also useful:
User > Library > Launch AgentsI assume the file will reappear at the next update.
FWIW, I just checked the user library folder and did not find the Google file there, but it was in [MacHD] > Library > Launch Agents
with a datestamp of Feb 5.
 


I haven't tried it, but there'a a Chromium updater extension that checks FreeSMUG for new releases.
I've tried that before, and I tried it again a couple of days ago. It seems to work for one day, but disappears the next. It no longer appears with the other extensions. Any idea about what's happening? Do I need to keep the folder that contains the "unpacked extension" somewhere?
 


I've tried that before, and I tried it again a couple of days ago. It seems to work for one day, but disappears the next. It no longer appears with the other extensions. Any idea about what's happening? Do I need to keep the folder that contains the "unpacked extension" somewhere?
I think I solved the issue. I put the Chromium.app and the Updater extension-0.1.1.5 folder together in a folder (ChromiumStuff) in the Applications folder. The updater extension now appears with the other extensions.
 


Ric Ford

MacInTouch
I haven't tried it, but there'a a Chromium updater extension that checks FreeSMUG for new releases.
I think I solved the issue. I put the Chromium.app and the Updater extension-0.1.1.5 folder together in a folder (ChromiumStuff) in the Applications folder.
I looked at the extension's Github pages, and it seems to be unsupported and old, so I don't know how well it will work. You should probably check what it does at the next Chromium/Chrome update.
 


I looked at the extension's Github pages, and it seems to be unsupported and old, so I don't know how well it will work. You should probably check what it does at the next Chromium/Chrome update.
It worked today and showed the new Chromium update. I'll see if the extension still shows up in Chromium in a few days.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts