Google to display new device sign-ins on Android
Google announced yesterday that Android users will receive notifications when sign-ins from new devices are recognized directly on their Android devices.
Up until now, Google used email messages to inform users about new sign-ins. These messages are sent out when a sign-in are successful on devices that are unknown to the company (read not yet associated with the Google account).
The messages lists the device used to sign-in, and a link that enables you to review the recently used devices in a web browser of choice.
This leads to the recently used devices listing on Google's Security website where additional information such as the location, date and time of access, and browser or device version is provided.
Android notifications
Android users may soon receive notifications about new sign-ins directly on their Android devices instead.
Whenever a new device is added to an account -- by signing in using it -- a notification is displayed on the user's Android device that informs about the event.
The notification is basic, merely asking "did you just sign in". It does not provide more information than that.
Android users may tap on "review account activity" to retrieve information about the event. This includes time it took place, location the user signed in from, the browser used, IP address and the device type.
Additionally, Android users may confirm that the sign in was legitimate, or open the secure account process if it was not. This is done by tapping on "yes, that was me" to confirm the device, or "no, secure account" if it is suspicious or clearly by a third-party.
Considering that attackers have access to the account already when they sign-in successfully, simply kicking them out would not be enough to resolve it.
According to Google, Android notifications are up to four times as likely to be reviewed by Google users than email notifications. One reason for that is that email may not always be accessible, while users usually have their mobile devices in reach.
The feature will roll out over in the next weeks to rapid release and scheduled release channels according to Google.
Verdict
The new notification feature will reach more Google users, and it is also likely that it will impact the reaction time positively as well.
For years, Google sent out an email alert email say if someome signed in from another country, or if incorrect passwords too many times, etc. This was all fine and dandy until the “new device” emailed alerts came along seemingly lumped together with all security related alerts. The only way to get rid of them is to disable everything. – or only have one device and never install a new app, browser, or clear cookies. Now this? *PLEASE* allow separate opt out of this garbage!
Super annoying feature. My phone is constantly bombarded with “Did you just sign in?” messages. I always wipe my browser history and do not stay signed in under chrome on my laptop. I’ve been locked out of countless gmail accounts because Google doesn’t “recognize” my device. Seems they want you to stay signed in 24/7 so they can track your every move. Google is the Evil.
Do you know if there is a way to disable this feature. We use one google account across multiple device in multiple locations and now this message pops up on all devices every time we configure a new device. Help.
Martin, you use Thunderbird for Gmail?
I use Thunderbird.
Yes.
Good to know.
I thought that you still need to downgrade Gmail security for Thunderbird. That’s why asked.
Now, I switched all Gmail accounts to use with Thunderbird.
You mean using app passwords if you have enabled two-factor authentication? No, that is no longer required.
Android 7.0 releases next month, with the 8/5 security patch. Sorry Nexus 5 owners, no Nougat for you.
Evan Blass: https://twitter.com/evleaks/status/759266685891248131
And no Nougat for the other 25,000+ distinct Android devices :-)
I’m using 5x, will I receive it?
Yes.
Yes.