Google adds biometric verification to Play Store to keep your in-store wallet safe

Google has been emailing Android users about an update to the Play Store allowing you to enable biometric verification for purchases. We got the message over the weekend buried in our inbox. It states users can set fingerprint or facial recognition on the digital storefront as long as they have a mobile device that supports the technology. Once set up, “you’ll be asked to verify it’s you with biometrics” every time you buy something on the platform. 

We can confirm the update is live as it appeared on our phone. To turn it on, open the Play Store app then tap Settings near the bottom. Expand Purchase Verification and toggle the switch to activate Biometric Verification. The storefront will then ask you to type in your password to confirm the setting change. 

It’s important to mention that the final step will change within the coming weeks. According to the email, Google will let users use biometrics instead of requiring them to enter their account password.

The purpose of this feature is to seemingly provide an extra layer of safety to protect yourself against unauthorized transactions in case your phone is ever compromised. You don’t have to use a password anymore, although you will always have the option.

Google Play Store's new biometric verification

(Image credit: Future)

Minor, yet important detrails

There are a few minor details you should know regarding the feature. 

At a glance, it seems the biometric verification will primarily live on the Play Store. We attempted to purchase an ebook and were met with a fingerprint reader to authenticate our identity before checkout. Then we discovered the security feature will appear on third-party apps, but its presence on them varies. 

We purchased items for the game Arknights on our Android phone to see if a biometric verification reader popped up. It didn’t. The checkout went through without any hindrance. However, when we signed up for a three-month trial on Amazon Music, a Play Store message showed up asking if we would like to enable biometrics for future purchases. 

This leads us to believe that some apps will support the new verification method while others won’t. It may depend on whether or not a developer decides to support the security fixture on their product. 

Do note this has been our personal experience with the tool. It may operate differently for you. Google didn’t provide much information in their email or Play Store Help page. Of course, we reached out to the tech giant for clarification and will update the story if we learn anything new.

If you're looking for a great new app to download, be sure to check out the best 10 Android apps of 2023 according to Google.

You might also like

TechRadar – All the latest technology news

Read More

There’s a new Gmail verification scam; here’s how to avoid getting caught up in it

There’s a new Gmail scam making the rounds online as bad actors are taking advantage of the service’s recently launched verification system. 

Back at the beginning of May, Google introduced blue checkmark verification in order to combat internet scams like phishing attacks. Companies and organizations can apply to the program to verify their identity, and upon approval, Gmail will display the aforementioned blue checkmark next to the brand logo. What was supposed to be a way to protect people is instead, in some instances, being used to go after them. Cybersecurity engineer Chris Plummer posted on Twitter an image of a spoofed email claiming to officially be from UPS. The scammer apparently somehow got past Google’s own safeguards.

Bug exploit

Identifying the fake email was easy enough to do. Plummer shows the header sporting an email address consisting of mostly random letters and numbers ending in a UPS URL. However, hovering over the checkmark displays a window stating the message is coming from a legitimate source.

It’s unknown how the bad actor got around the security checks. Plummer claims there’s a bug in Gmail that scammers are exploiting to trick the platform’s “authoritative stamp of approval”. From there, the bad actors hop through multiple domains before zeroing in on their target.

Initially, when he reported the problem to Google, the company reportedly hand-waved it away saying the system was working as intended. But in the days since Plummer’s discovery, the tech giant made an about-face and announced it is currently working on a fix.

How to not get scammed

Since we don’t know when the patch will roll out, it makes sense to protect yourself until then. TechRadar has a couple of guides on how to avoid online phishing scams and how to protect your inbox. We strongly recommend reading both to get a full understanding, but here are some pieces of advice to get you started.

First, double-check the header. If you see a bunch of random letters, numbers, and symbols in the email address, that’s your first clue that something is fishy.

Secondly, double-check the spelling in the header. Some scammers will replace certain characters with a lookalike to trick people. For example, the letter “O” will be replaced with the number “0” or the capital “I” with a lowercase “l” (that's an “L”). Gmail’s default font can make this tough to discern. 

Be wary of any emails urging you to share your financial information, whether updating your account details or a refund offer you didn’t ask for. 

Of course, don’t click on any links or attachments you don’t recognize.

Also, be sure to check out TechRadar’s list of the best identity theft protection apps for June 2023 to better safeguard your personal details. 

TechRadar – All the latest technology news

Read More

IRS drops use of facial recognition for ID verification

The IRS has backtracked on plans to allow users to verify their identities using facial recognition after a major backlash.

The government body had announced it would be using a a third-party facial recognition system built by a contractor called ID.me to verify US taxpayers looking to log in to its online portal.

However, following concerns over how much biometric data would be collected by the tool, and worries of possible identity theft, the IRS now says it will drop the technology for good.

No ID.me

“The IRS takes taxpayer privacy and security seriously, and we understand the concerns that have been raised,” IRS Commissioner Chuck Rettig said in a statement

“Everyone should feel comfortable with how their personal information is secured, and we are quickly pursuing short-term options that do not involve facial recognition.”

The move had drawn the attention of several prominent US lawmakers, with Republican and Democrats alike raising concerns over possible cybersecurity risks, as well as recent findings claiming facial recognition systems can often feature in-built racial bias against non-white faces.

Instead of ID.me, the IRS will now be implementing an “additional authentication process” that doesn’t collect facial images or video, with the changeover set to be completed within the next few weeks.

Along with the uncomfortable amount of data being given over, users had also complained that if the system failed, they would instead spend hours aiming to have their identities manually approved in video calls with a separate third-party company.

The IRS statement added that the change does not interfere with the taxpayer's ability to file their return or pay taxes owed, and that the IRS will continue to accept tax filings, meaning users should continue to file their taxes as normal.

“The IRS will also continue to work with its cross-government partners to develop authentication methods that protect taxpayer data and ensure broad access to online tools,” the statement concluded.

First launched back in 2010, Virginia-based ID.me was originally created to help ecommerce sites validate the identities of customers like veterans, teachers and students who might be eligible for discounts at online retailers. 

Unlike other online verification services, ID.me requires applicants to submit even more documents, including copies of utility bills and details about their mobile phone service in addition to scans of their driver's license or other government-issued IDs.

TechRadar – All the latest technology news

Read More