Month: July 2024

Bowing to pressure, Microsoft extends lifeline for Office 365 Connectors in Teams

In a surprise move that will likely be welcomed by many Microsoft Teams users, the tech giant has announced an extension to the retirement timeline for its Office 365 connectors feature. Originally slated for a complete shutdown in October 2024, the connectors will now continue to function until December 2025.

The decision comes after a wave of feedback from users who expressed concerns about the potential disruptions caused by a rapid transition to Power Automate workflows, the recommended replacement for Office 365 connectors.

“We have extended the retirement timeline through December 2025 to provide ample time to migrate to another solution such as Power Automate, an app within Microsoft Teams, or Microsoft Graph,” Microsoft wrote in a blog post. “We understand and appreciate the feedback that customers have shared with us regarding the timeline provided for the migration from Office 365 connectors.”

Office 365 connectors in Microsoft Teams allow users to bring updates from other services, like Trello, GitHub, or Twitter, directly into their team’s chat. It’s like having a live feed of information from those services within one’s Teams channel, making it easier to stay updated.

All existing Office 365 connectors within all clouds will remain functional until December 2025. However, to continue using these connectors beyond December 31, 2024, users “must update the respective URL by the end of this year.” Microsoft will provide further guidance on this process at least 90 days before the deadline, the blog added.

If the URL is not updated by December 31, 2024, the connector will stop working, the company said in the blog.

“This is due to further service hardening updates being implemented for Office 365 connectors in alignment with Microsoft’s Secure Future Initiative (SFI),” it added. The Microsoft SFI is a pledge taken by the company last November to “bringing together every part of the company to advance cybersecurity protection across both new products and legacy infrastructure.”

Earlier this month, Microsoft announced that starting August 15, all new “connector creation will be blocked within all clouds” and effective October 1, “all connectors within all clouds will stop working.”

How do users react to this?

This extension of the deadline, it seems, still did not amuse the users.

“You simply took the part of the feedback that is the least change on your plans, the unrealistic timeline that some people mentioned,” wrote a user on the blog to Microsoft’s statement.

However, the user further added, “You just keep ignoring the not working suggested usage of Power Automate and the worsening of security, flexibility, and scalability. If Microsoft has a slight idea of customer focus you would simply stop this mess and apologize for the ignorance.”

“Even with the ‘update,’ very very bad move,” wrote another user in the feedback portal Microsoft created, adding, “Users will find an alternative to Teams.”

This will significantly impact my company’s alerting and observability, another user replied to the Microsoft blog. “A bit shocked by this frustrating move by M [Microsoft]. Timeline is completely unprofessional and unrealistic as well.”

This change breaks so many of our production alerting and notification systems, one more user wrote in the feedback portal. “Microsoft is setting us back significantly with this move.”

Why is Microsoft phasing out Office 365 connectors?

Microsoft is phasing out Office 365 connectors to enhance security and scalability for enterprises. According to the company, Power Automate provides a robust alternative, offering advanced security features and the flexibility needed to meet business needs, compared to Office connectors.

“Power Automate workflows not only offer a much deeper catalog of Office connectors but also ensure that your integrations are built on an architecture that can grow with your business needs and provide maximum security of your information,” the blog wrote.

This alternative, according to the company, offers a more extensive range of connectors and ensures integration is built on a scalable and secure architecture, “aligning with Microsoft’s Secure Future Initiative.”

The company advised users to begin transitioning to Power Automate immediately to ensure a smooth migration. Microsoft plans to roll out additional features and support to assist users in this transition, reinforcing its commitment to enhancing productivity and security for its customers, the blog mentioned.

Mistral AI unveils Mistral Large 2 amid rising AI competition

Mistral AI has launched a 123-billion-parameter large language model (LLM) called Mistral Large 2 (ML2), strengthening its position as a significant competitor to OpenAI, Anthropic, and Meta.

In a statement, the company said that ML2 has a 128k context window and support for dozens of languages including French, German, Spanish, Arabic, Chinese, Japanese, and Korean. It also supports over 80 coding languages, including Python, Java, C, C++, JavaScript, and Bash.

The best new Slack features for business

Ten years after its arrival on the business tech scene, Slack isn’t standing still. The vendor has been steadily rolling out useful new features to its team chat app over the last year or so.

In conjunction with the app’s recent interface changes (covered in a separate guide), these tools offer better ways to collaborate, automate tasks, find information, and more. But it’s not always obvious how to use them, or even find them in the first place. Here’s a guide to the best new features.

In this article:

  • Use canvases for sharing and brainstorming
  • Create workflows to automate actions
  • Get up to speed fast with Slack AI
  • Manage tasks and projects with ‘lists’

Use canvases for sharing and brainstorming

A canvas is a workspace where you can create, share, and manage content with your teammates. You can add text, documents, images, and videos to it. It provides a central area where teams can store and easily access key information, files, agendas, action items, and so on. It can also be a handy forum for brainstorming with your team, tracking projects, planning events, and more.

Every channel and direct message has a built-in canvas. To access it, click the Canvas icon (it has a page with a +) at the top right of the channel or DM. A Canvas panel opens to the right.

starting a canvas in a direct message in slack

Starting a new canvas in a DM.

Howard Wen / IDG

If you have a free Slack plan, you’ll see a blank canvas. You can add text, checklists, tables, links, and other elements such as video clips to it.

If you have a paid Slack plan, you have the same options for working in a blank canvas, or you can start with a template such as Channel overview, Weekly sync, or Shared resources. Click More to browse through the templates. Click any template to see a preview of it in the panel. If you want to use it, click Use Template.

This is all assuming that you’re the person who starts the canvas for a channel or DM. If someone else has already started it, you’ll see what they’ve done so far when you click the Canvas icon, and you’ll be able to edit or add to the canvas.

If you have a paid Slack account, you can also create canvases as standalone documents not tied to a particular channel or DM. Click the Create new (+) button near the bottom of Slack’s left navigation bar. On the menu that opens, select Canvas.

A new window for the canvas will open. You can type in a title for the canvas and then start with a blank canvas or choose a template. Either way, you can insert any additional elements you like. You can even embed another canvas in your canvas.

creating a blank standalone canvas in Slack

Creating a standalone canvas.

Howard Wen / IDG

When you’re finished putting together your new canvas, click the Share button at upper right and type in the name of a channel or people to share it with. Or you can click the vertical three-dot icon and select Save for later. You can access and share it at any time via More > Canvases.

list of canvases in Slack

You’ll find all the canvases you’ve created under More > Canvases > Created by you.

Howard Wen / IDG

Create workflows to automate actions

This feature is available only with a paid plan.

A workflow is a sequence of actions taken to complete a business task — anything from updating a spreadsheet to onboarding a new employee. Workflows often involve multiple co-workers and multiple business tools, which can bog things down.

That’s where workflow automation tools come in. They can perform a series of actions with minimal input from workers to free them from repetitive tasks and reduce bottlenecks.

Workflow Builder is Slack’s workflow automation tool. Slack initially launched Workflow Builder in 2019, then late last year introduced a redesigned version that makes it simpler to automate workflow actions using the point-and-click interface. For example, you could set up a workflow that automatically sends a welcome message when a new member joins a Slack channel, adds co-workers to a Google Calendar meeting when they select a specific emoji reaction to a message, or creates a new task in ClickUp when users fill out a form in Slack.

Using Slack’s integrations, you can even create workflows that involve multiple third-party tools, such as a new project workflow that creates a Slack channel for the project, creates a project in Asana, starts a Miro virtual whiteboard for the project, and sets up a project kickoff meeting in Zoom.

Here are the general steps for creating and deploying a workflow in Slack:

Open the Workflow builder: Click the three-dot (More) icon on the navigation bar and select Automations. This opens the Workflows panel over the screen.

main workflows screen in slack

Click More > Automations to get started with Workflows.

Howard Wen / IDG

To create a workflow, you can either start with a template or build a new workflow from scratch.

Use a template: Click the Templates tab. A great way to get started with workflows is to browse through these templates and select one to experiment with, so that you can understand how workflows are set up and how connectors to third-party apps work.

workflow template in slack

Using a workflow template.

Howard Wen / IDG

When you use a template, you’ll need to fill in your own questions, messaging, or other details. You can also start with a template and then customize it by adding more steps.

Build a workflow: On the Workflows panel, click the Create workflow button at the upper right. On the screen that appears, select an event that will start the workflow, such as when a user clicks a link, joins a channel, or uses a specific emoji reaction. You can also set up workflows on a schedule or that are triggered by events in external apps.  

Depending on which starting event you choose, you’ll be prompted for further information. For example, if a workflow starts when a user joins a channel, you’ll be prompted to select one or more channels. You’ll then be able to add steps to the workflow by choosing from a list of options (some of which are Slack tools, others third-party connectors) to the right. Corporate users may need to request permission from their admins to use third-party connectors.

workflow builder in slack

Building a workflow from scratch.

Howard Wen / IDG

Publish the workflow: When you’ve finished building your workflow, click the Finish Up button at upper right. You’ll be prompted to give the workflow a name and description if you haven’t already. When you’re done, click Publish to activate your new workflow.

Get up to speed fast with Slack AI

This feature is available only with a paid plan, with an additional fee of $10 per user per month.

Another way to be more productive with Slack is to tap into its new generative AI feature. You can have Slack AI summarize channel conversations, direct messages, and threads for you; get automated daily recaps for less important channels; and answer your questions about projects, company processes, and more.

To get a conversation summary, open the channel, DM, or thread that you’d like Slack AI to summarize. Click the starburst icon that’s toward the upper right and select Summarize. In channels and DMs, you can specify a time frame for the summary.

slack ai summarizing channel activity

Slack can summarize a channel’s activity to catch you up.

Slack

To stay abreast of channels that you want to keep tabs on but don’t want to read multiple times a day, set up channel recaps. To do so, click Recap in the left sidebar and choose the channels you want to recap. Every morning you’ll get a digest of activity for those channels.

You can also use generative AI-powered search in Slack. Just click inside the search box at the top of your workspace and type a question as if you were talking to a friend. The AI will search the conversations throughout your Slack workspace and provide a concise answer that contains links to the messages it based its response on.

If you need to get up to speed on a project, for example, try asking Slack AI, “What is Project Z?” or “Who are the leads on Project Z?” or “What’s the current status of Project Z?”

Note that as with all things genAI, these responses may not be fully accurate. So it’s always a good idea to click through to the source messages cited by the AI to be sure it has interpreted them correctly.

Manage tasks and projects with ‘lists’

This feature is available only with a paid plan.

Slack’s newest feature, called “lists,” is a task management tool similar to Trello, Asana, Monday.com, and many others. It lets you build simple to-do lists and even moderately sophisticated project management schedules. You can integrate a list into a channel or share it directly with teammates so that you and other people can collaborate on it.

a completed task list in slack

Slack’s lists feature lets you create, assign, and manage tasks.

Howard Wen / IDG

Here are the basics on how to use Slack lists.

Create a list: Move the pointer over the three-dot (More) icon on the left navigation bar. On the menu that opens, click Lists.

At the top of the left sidebar, click the + icon. A new blank list will open to the right in the main area of your Slack workspace. You can keep working with the blank list or select one of the templates listed below.

In the text field at the top of the new list, type a name for your new list over the word “Untitled.”

starting a blank list in slack

Creating a new list.

Howard Wen / IDG

By default, the list is presented as a table, where each row represents a task and each column represents a field. A field can display information, such as the name of a task or a person assigned to the task, or an interactive element, such as a check box.

In the blank list, type a task name in each row in the Name column. In the People column, click each field to assign persons in your Slack team to the task that’s on the same row. Then click each field in the Date column to assign a deadline to each task.

To add another task (row) to the list, click the +Add item button below the list.

To add another field (column), click the + icon at the table’s upper-right corner. On the small panel that opens, you can optionally type in a title for the field. Then select a field type from a dropdown menu. There are 16 field types, including Text, Number, Checkbox, Date, and more.

adding a field to a list in slack

Choose the type of field you want to add.

Howard Wen / IDG

To edit a field, move the pointer over the title of the field. Click the down arrow that appears and select Edit field.

Create custom list views: You can filter, sort, and otherwise adjust a list to rearrange its fields in specific ways. Click the button with adjustment sliders above the list. On the panel that opens, select Filter, Sort, Hide fields, or Group by. You can also switch the list’s layout between Table (the default) and Board, which presents the items as a kanban board.

a custom view of a list in slack

This custom view uses the Board layout and groups tasks by who they’re assigned to.

Howard Wen / IDG

To save a custom view, click Save as New View at the top of your list. When you click the All items button, a dropdown menu lets you switch among the custom views you’ve created and saved.

Share your list with teammates: Click the Share button at the upper right. Inside the text entry box on the panel that appears, start typing and then select the names of people in your Slack workspace to share the list with. Choose a permission level using the dropdown on the right: Can edit means those you’re sharing the list with can make changes to your list; Can view means they can see it but can’t change it.

sharing a list in slack

Sharing a list with collaborators.

Howard Wen / IDG

After you’ve made your selection and optionally added a message for your collaborator invitees, click the Share button.

Add and view comments: Move the pointer over an item and click the speech balloon icon. A panel opens along the right where you can type in a comment for the item.

A number inside the speech balloon icon shows how many comments have been added to the item. Clicking it will open the Comments panel along the right. On it, you can view the comments and add your own comment or replies.

viewing comments for a task in a slack list

Viewing comments for a task in a list.

Howard Wen / IDG

Set alerts for your list: You can have Slack send a notification whenever someone makes a change to a field in your list or performs an action on it. Move the pointer over the title of the field for which you want to set a notification. Click the down arrow that appears and select Alert when field changes… You can opt to have the notification sent to a channel or to your individual activity feed.

Related reading:

US, European authorities promise effective competition in the AI ​​sector

Regulatory authorities in the EU, UK and US have signed a joint statement to ensure effective competition in the AI ​​sector, according Reuters. In the statement, they write that generative AI (genAI) has developed rapidly in recent years and that technological inflection points can introduce new ways to compete, innovate, grow, and catalyze opportunities.

The three parties also pledged that they will work together under their respective laws to ensure that the AI ​​market remains competitive and that both consumers and businesses are treated fairly.

This includes fair treatment, prevention of exclusionary tactics, and close scrutiny of investments and collaborations between today’s AI bigwigs and rising upstarts in the market.

Apple’s Underdogs ad is funny, but it has a message

There’s no sign of a blue screen of death in the most recent episode of the Apple at Work film series, but that’s not the only transformation buried in the tale.

The Underdogs series has always offered an amusing take on how digital technology is transforming the workplace. Through an Apple lens, the series shows the extent to which the platform enables hybrid workforces on a planet that is becoming increasingly asynchronous when it comes to productivity.

Apple goes APAC

Set in Thailand, the clip depicts the challenges of the modern workplace to explain how the seamless integration of Mac, iPhone, iPad, and Vision Pro can power up business today. Those products let the team source a new packaging factory, implement last-minute design changes, create 3D prototypes, bridge language gaps and more.

So far, it’s marketing — but it’s hard to ignore the extent to which the series, albeit in a light-hearted way, reflects the extent to which the workplace has changed and continues to evolve. 

Things have changed

Take product design. Not so long ago, designing something with a global team required sharing sometimes huge files, which takes time and bandwidth. Today, tools (such as Freeform) exist that enable creatives to collaborate on ideas remotely in real time, using a range of devices such as a Mac or Vision Pro. Product designers also benefit from the ability to create and share digital prototypes, including 3D models that can be explored on Vision Pro.

Beyond the creative departments, billing, invoicing, and credit control have all become tasks you can transact while travelling as long as you have a network connection. You can take and make payments with mobile devices and authorize remote access to any enterprise service using 2FA and/or biometric security. Tasks that once required dozens of devices can now all be transacted on a smartphone, even as integration between different platforms (smartphones, tablets, computers) improves. 

Accelerating change

This is changing the nature of work, and that change is being felt across platforms and operating systems. It makes it possible for knowledge workers of any stripe to focus on the task in front of them while using whatever device makes the most contextual sense for the situation. Ironically, that means the device used is becoming more invisible because the focus is on what needs to be done. Where you are, what device you use, and the time zone you are in mean less than before. 

To a great extent, many of these changes were already emerging in the mid-2000s, but the introduction in 2007 of true mobile computing in the form of the iPhone and the smartphones subsequent to it accelerated the momentum. 

To some extent, this digital transformation reflects some of the concepts Apple co-founder Steve Jobs visualized, a then hard-to-accept future in which people “spend more time with their PCs than with their cars,” he correctly predicted in 1983.

Focus drives the attention economy

The transition from computer to an ecosystem of equally capable devices simply extended that change; and in the new workplace, the tasks we are attempting are, in a sense, no longer defined by the PC.

This is the kind of reality Apple is exploring in its latest work-focused ad — and it’s only a matter of time until the industrial equipment used in manufacturing companies also gains its own Apple logo. The Apple Car-related autonomous vehicle research the company spent billions on will be deployed in some useful manner, eventually. Perhaps it is time manufacturing became another space where AI, autonomy, and Apple’s multitude of digital platforms makes a difference.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

CrowdStrike failure: What you need to know

Cybersecurity vendor CrowdStrike initiated a series of computer system outages across the world on Friday, July 19, disrupting nearly every industry and sowing chaos at airports, financial institutions, and healthcare systems, among others.

At issue was a flawed update to CrowdStrike Falcon, the company’s popular endpoint detection and response (EDR) platform, which crashed Windows machines and sent them into an endless reboot cycle, taking down servers and rendering ‘blue screens of death’ on displays across the world.

Android security checkup: 18 steps to a safer phone

Android security is always a hot topic on these here Nets of Inter — and almost always for the wrong reason.

As we’ve discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogey-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you’ll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, of course.)

The reality is that Google has some pretty advanced methods of protection in place for Android, and as long as you take advantage of those and maintain a teensy shred of common sense, you’ll almost certainly be fine (yes, even when the Play Store guards slip up and let the occasional bad app into the gates). The biggest threat you should be thinking about is your own security surrounding your devices and accounts — and all it takes is about 20 minutes a year to make sure your setup is sound.

Take the time now to go through this checkup, then rest easy over the next 12 months with the knowledge that you’re in good shape — and that the mean ol’ Android malware monster won’t be bangin’ down your virtual door anytime soon.

[Psst: Want even more advanced Android knowledge? Check out my free Android Shortcut Supercourse to learn tons of time-saving tricks for your phone.]

Part I: App and web intelligence

Android security step #1: Look over all the apps and services connected to your account

You’ve probably granted countless apps access to parts of your Google account over time — which is no big deal in general, but with any apps you’re no longer using, it’s a smart idea to close the connections.

Visit this page in Google’s security settings to see a list of everything that’s authorized and what exactly it can access. If you encounter anything you don’t recognize or that you no longer use, click it and then click the “Delete all connections” option to give it the boot.

Android security: App connections
App connections are forever — unless you take the time to remove ’em once they’re no longer needed.

JR Raphael, IDG

While you’re at it, take two minutes to look through the list of apps on your phone and uninstall anything you’re no longer actively using. That’ll eliminate unnecessary windows to different areas of your data — and as an added bonus, it’ll free up space and cut down on potentially phone-slowing resource use, too.

Android security step #2: Revisit your Android app permissions

Speaking of dusty old skeletons on your device, it’s all too easy to grant an app access to some sort of information without giving it much thought during that initial setup process. That’s why it’s well worth checking in periodically to remind yourself what permissions the apps on your phone possess — and to see if any of ’em go beyond what seems reasonable or necessary.

With recent Android versions, you can just open up the Security & Privacy section of your system settings and look for a line that says “Permission manager.” Depending on your specific software and device, you might have to first tap a line that says “Privacy” before you see it. (If you don’t see anything like that, try searching your system settings for the word permissions to find the closest equivalent.)

Whatever it’s called and however you get there, you should ultimately end up facing a collection of categories for all the types of permissions you’ve granted to apps on your device over time. Take a peek through ’em all and see what you find. If you see anything that raises an eyebrow, all you’ve gotta do is tap it to revoke the access.

Android security: Permission manager
Android’s permissions manager makes it easy to see and control exactly what permissions different apps have been granted.

JR Raphael, IDG

For even more insight, look for the “Privacy dashboard” option within that same section of your system settings (or “Permissions used in last 24 hours,” in Samsung’s vernacular). That’ll let you see exactly which apps have actually accessed different permission-requiring areas over the past 24 hours.

And remember, too: With Android 10 and higher, you can go a step further when it comes to location and allow an app to access that only when you’re actively using it. With Android 11 and up, you can get even more nuanced and grant apps only temporary, case-by-case permissions to access your location, camera, and microphone. And as of Android 12, you can fine-tune an app’s location access to make it only approximate instead of precise, if you like.

You’ll find all those options within any relevant app’s settings, once you dig into one of those related permissions:

Android security: Location permission
You can now get incredibly nuanced with certain Android app permissions to control exactly how and when an app is able to access them.

JR Raphael, IDG

Critically, in all of those cases, it’s up to you to go through your settings and make the associated changes — especially when it comes to apps you had on your device before the relevant Android upgrade reached you and the latest options for permission control became available.

Android security step #3: Verify that you’re using Android’s app-scanning system

Android has long had the ability to monitor your device for harmful code or suspicious activity — no third-party apps or add-ons required. And while the system is now automatically enabled on any reasonably recent device, it’s a good idea to occasionally confirm that everything’s turned on and working the way it should, if for no other reason than to remind yourself that such a system is present and working on your behalf.

So mosey back over to the Security & Privacy section of your system settings, tap the line labeled “App security,” then tap “Google Play Protect” and take a peek at the system’s latest activity. You can also tap the gear icon in the upper-right corner of the screen to confirm that all available toggles are on and active.

Android security: Google Play Protect
You rarely have to think about Google Play Protect, but it’s well worth being aware of its presence.

JR Raphael, IDG

That’ll allow Android’s app verification system to keep an eye on all apps on your device, even after they’re installed, and make sure they don’t do anything dangerous. The scanning will run silently in the background and won’t ever bother you unless something suspicious is found.

Odds are, you’ll never even know it’s there. But it’s a valuable piece of protection and peace of mind to have, and it’s a good idea to keep it in the back of your mind that it’s present.

Android security step #4: Fight phishing

Even the savviest tech user can fall prey to a well-hatched phishing scheme — an effort by some ne’er-do-well to trick you into willingly giving up sensitive info, usually by making an email, text, or other digital request look like it’s from some official source that needs to confirm an account number or something else along those lines.

Suffice it to say, any extra layer of protection from such tactics can only be a good thing. And if you’ve got a Google Pixel phone, good news: There’s a relatively new option available to you that watches out for any known deceptive patterns and warns you about ’em before they’re able to manage any damage.

On any current Pixel device, head into the Security & Privacy section of your system settings, tap “More security & privacy,” then scroll down and tap “Scanning for deceptive apps.”

Android security: Phishing protection
The relatively new phishing protection system is presently available on Google’s own Pixel devices.

JR Raphael, IDG

Make sure the toggle on the screen that comes up next is in the on and active position, then breathe easy with the assurance that Google’s got your back when it comes to any phishing attempts cast in your direction.

Android security step #5: Weave a stronger web safety net

Along with phishing, one of the most likely threats to your Android security is your own lapse in judgment whilst wading around these ever-murky web waters of ours. (Sensing a theme here yet?)

Provided you’re using Google’s Chrome Android browser, though, there’s an easy way to create an extra layer protection in that arena as well.

Just tap the three-dot menu icon in Chrome’s upper-right corner, then select “Settings” followed by “Privacy and security” and “Safe Browsing.” Now, consider which level of protection seems most sensible for you:

  • Standard protection, which warns you if you try to open a site or download a file that’s known to be dangerous.
  • Enhanced protection, which goes a step further and protects your Android web browsing in real-time — by instantly scanning every page you open and file you download and then warning you of anything potentially concerning, even if it isn’t already a known threat. (This path does require limited data about your browsing activity to be sent to Google’s servers for analysis, but Google has clear promises in place about exactly how that data is protected and secured from any manner of unexpected use.)

Pick the path you feel most comfortable pursuing, and know that your web adventures now have that extra safety net around ’em.

Android security step #6: Appraise your app-downloading IQ

If you’re reading this column, I probably don’t need to tell you this — but I will, anyway: While we’re thinking about the subject of Android security, take on a teensy bit of responsibility and commit to letting common sense guide your app-downloading decisions.

Let’s not kid ourselves: Google’s security mechanisms are invariably gonna fail on occasion. There’s no getting around that. But even when a shady app makes its way into the Play Store, all it typically takes is the tiniest shred of awareness to avoid having it affect you.

Just as you do when browsing the web from a computer, look at something before you download it. Look at the number of downloads and the overall reviews. Think about what permissions the app wants and whether you’re comfortable with the level of access it requires. Click the name of the developer, if you still aren’t sure, and see what else they’ve created. And unless you really know what you’re doing, don’t download apps from random websites or other unestablished third-party sources. Such apps will still be scanned by Google’s on-device security system before they’re installed, but your odds of encountering something shady are significantly greater out in the wild than within the Play Store.

(Your Android device won’t let you download apps from unknown sources by default, by the way, so if you ever try — even inadvertently — you’ll be warned and prompted to authorize that specific form of non-Play-Store download. Apps on Android will never magically install themselves without your explicit authorization, nor will they ever be able to access any sensitive sensors or areas of data unless you grant ’em the associated permission.)

By and large, all it takes is a 10-second glance to size something up and see if it’s worth installing. With all due respect to the dodos of the world, it doesn’t take a rocket scientist to stick with reputable-looking software and avoid questionable creations.

Part II: Passwords and authentication

Android security step #7: Double-check your digital sentinels

A quick no-brainer that’s important to mention: If you aren’t using biometric security and/or a PIN, pattern, or password on any of your devices, start doing it. Now.

Talk to any security expert, and you’ll hear the same thing: The most likely cause of a security failure is simply a failure on your behalf to secure your stuff. You are the weakest link, as the cool kids said 20 to 47 years ago.

Embarrassingly dated pop culture references aside, think about it: If your phone has no passcode protecting it, all of your data is just out there and waiting for the taking anytime you leave the device unattended (intentionally or otherwise). That includes your work and personal email, work and personal documents, work and personal social media accounts, and any and all photos associated your phone (yes, even those photos — hey, I’m not here to judge).

The best part: Android makes it hassle-free as can be to keep your devices secure. The software’s Smart Lock function (which is curiously in the midst of being rebranded to Extend Unlock, for reasons I can’t even begin to fathom) allows you to automatically leave your phone unlocked in a variety of preapproved “safe” conditions — like when you’re at home or the office, when a specific trusted Bluetooth device is connected, or even when the phone is being carried in your pocket. That means the extra security shows up only when it’s really needed, and you don’t have to mess with it the rest of the time.

You can typically find and set up Smart Lock/Extend Unlock in the Security section of your system settings, typically tucked away behind an “More security & privacy” option — or, on Samsung devices, within the Lock Screen section of the system settings. If all else fails, just search your system settings for Smart Lock or Extend Unlock to turn up the available options.

Android security: Smart Lock/Extend Unlock
Extend Unlock — formerly and sometimes still known as Smart Lock — creates a smart balance of security and usability.

JR Raphael, IDG

Plain and simple, there’s no excuse to leave your stuff unprotected. Head into your device’s settings to get started this second, if you haven’t already.

Android security step #8: Peek in on your saved passwords

One of the less frequently discussed parts of Google’s security system is its ability to save passwords for websites and apps accessed via your mobile devices, as part of what’s now known as Google Password Manager. So as part of your annual checkup, glance over the list of saved passwords Google has for your account to remind yourself what’s there and see what, if any, of your credentials have been compromised (which Google will plainly warn you about at the top of that very same screen). 

While you’re at it, take a few seconds to remove any dated items that are no longer needed and don’t belong. Your future self will thank you.

Android security step #9: Assess your password management system

Google’s password manager is better than nothing, but you’ll get stronger security assurances, more advanced and useful features, and broader support for in-app password filling by using a dedicated password management service.

We’ve got some commendable Android password manager choices, too, with my own current recommendations revolving around 1Password for most people and Bitwarden for anyone who needs a free path or prefers a self-hosted setup. Both services work equally well on the desktop front and even on iOS, with the main differences revolving around cost, extra features, interfaces, and the resulting overall user experiences.

If you aren’t using one of those services, now’s the time to start. And if you are already using such a service, take a few minutes now to peek into the app’s settings and make sure you’re taking advantage of all the on-device protection it offers. With 1Password, for example, you should confirm that the app is set to be protected by either biometric security or a password and that it’s configured to automatically lock within a few minutes after you stop using it. The app can also automatically clear your system clipboard of any passwords you copy after 90 seconds, which is a smart pinch of added protection to have. (All of those options are in the Security section of 1Password’s settings.)

Like Google, most good password managers also now provide an option to analyze all of your passwords and identify any that would be advisable to change — ones that are duplicated or otherwise not as strong as they could be. That’s another smart thing to check up on as part of this annual audit.

Android security step #10: Evaluate your two-factor authentication situation

A single password isn’t enough to protect an important account these days — especially one as wide-reaching and valuable as your Google account. Two-factor authentication makes it so that you have to either confirm the sign-in on an approved physical device or put in a special time-sensitive code in addition to your password anytime you try to sign in. That significantly increases your level of security and decreases the odds of anyone ever being able to break in and access your personal data, since they’d need both knowledge of your password and the physical presence of your key-like device to do it.

If you don’t yet have two-factor authentication enabled for your Google account, head over to this site to get started. And don’t stop with just Google, either: Look into enabling two-factor authentication on any service that offers it, including your password manager, your social media accounts, and any non-Google cloud storage services that you use.

If you really want to keep your account secure, Google also offers a souped-up option called Advanced Protection. It requires you to purchase physical security keys and then use those anytime you sign into your Google account. It also severely limits the ways in which third-party apps can connect to your account. That sort of elevated and locked-down setup probably won’t be sensible for most folks, but if you feel like you need the extra protection, you can learn more and enroll here.

Android security step #11: Optimize your lock screen security

Your lock screen is the guard of your Android device’s gate — and there are a few things you can do to beef up its muscle and make sure it’s fully prepared for the job.

First, think about the types of notifications you get and how much of that info you want to be visible on your lock screen — since anyone who gets their hands on your phone could easily see all that data. If you tend to get sensitive messages or just want to step up your security and privacy game a notch, head into the Display section of your system settings and select “Lock screen” — or, if you’re using a Samsung phone, look in the separate Lock Screen section of your system settings instead.

There, you’ll find tools for controlling precisely what will and won’t be shown in that pre-authentication area as well as for creating a security-minded message that’ll always appear on your lock screen — for instance, something like: “If found, please call Joe T. Schmo at 333-222-1111.” You could even consider adding an emergency contact into your settings and then using the lock screen message to direct people to that information.

Android security: Lock screen
Android’s lock screen security options are well worth your while to explore.

JR Raphael, IDG

And finally, provided your phone is running Android 9 or higher, an option called lockdown mode is well worth your while to activate or just remind yourself about. Lockdown mode gives you a fast way to lock your phone down from all biometric and Smart Lock/Extend Unlock security options — meaning only a pattern, PIN, or password could get a person past your lock screen and into your device.

The idea is that if you were ever in a situation where you thought you might be forced to unlock your phone with your fingerprint or face — be it by some sort of law enforcement agent or just by a regular ol’ hooligan — you could activate the lockdown mode and know your data couldn’t be accessed without your explicit permission. Even notifications won’t show up on your lock screen when that mode is activated, and that heightened level of protection will remain in place until you manually unlock your phone (even if the device is restarted).

There’s just one catch: On some devices — including Samsung phones — it’s up to you to enable the option ahead of time in order for it to be available. But doing so takes only a couple of seconds: Search your system settings for lockdown and then look for the toggle to enable it. (If you don’t see any such option at all, odds are, you’re using a Google Pixel phone and/or a recent enough Android version that it’s just on and enabled by default.)

Then, if the need ever arises, remember this: In your phone’s power menu, along with the regular options for restarting and shutting down your device, you’ll always find a button to activate that “Lockdown” function. Hopefully, you’ll never need it — but now you’re ready in case you do.

And with that, guess what? You’re more than halfway done with this annual checkup. Not too painful so far, right? Only seven more steps to go…

Part III: Device access

Android security step #12: Clean up your list of connected devices

Anytime you sign into a new device with your Google account — be it an Android phone, a Chromebook, or even just the Chrome browser on a regular PC — that device is added to an approved-for-access list and associated with your account.

Click over to this page in Google’s security settings and give your list a once-over. If you see any old devices you no longer use, click on ’em and then click the “Sign Out” button that pops up to make sure they no longer have access to your account. And if you see any devices you’ve never used, remove ’em right away — and then go change your Google account password immediately.

Android security step #13: Clean up your devices in the Play Store

This one isn’t directly related to security, but it’s a good bit of housekeeping to perform while you’ve got your cleaning hat on: Head over to the Google Play Store Devices tab and look at your list of available devices. These are the devices that show up as options every time you install a new app from the Play Store web interface — and also the devices that show up as options in Google’s Find My Device utility (more on that in a sec).

Go ahead and uncheck the box next to “Show in menus” for any devices you no longer use. And if you see any devices with cryptic codenames, click the “Edit” button alongside ’em and rename ’em to something you’ll recognize.

Android security: Play Store devices
Some devices have cryptic names like Samsung’s “SM-S921U,” but you can rename or hide ’em entirely with a couple quick clicks.

JR Raphael, IDG

The next time you download an app or remotely locate one of your devices will be a much smoother experience as a result.

Android security step #14: Make sure your device is prepared for the worst

Speaking of remote location, you might not realize it, but Google has its own utility for tracking, finding, and remotely wiping an Android device in case you ever lose it — and the whole system is built right into the operating system.

So what are you waiting for? Make sure all of your phones, tablets, and other associated devices are enrolled now, before it’s too late. Just follow my quick ‘n’ simple Find My Device setup instructions for any device you’ve got on or around ye.

Now bookmark the web version of Find My Device and/or download the app on a Chromebook or any other Android-compatible device you own. If you ever can’t find any of your devices, open the service — and you’ll be able to pinpoint precisely where the missing gadget was last seen. You can also force most phones or tablets to ring as well as remotely lock or erase ’em entirely.

Android security step #15: Think about whether you should be using a VPN

No matter how secure your Android phone itself is, someone could theoretically still snoop on your sensitive info if you’re transmitting it over an insecure network. That’s where virtual private networks, or VPNs, come into play: They encrypt all of your incoming and outgoing data so that no one could intercept it and see what you’re doing at the network level.

VPNs aren’t something everyone needs to worry about, but if you use your phone for a fair amount of business work or with any other type of sensitive material, it’s something you ought to at the very least consider — particularly if you use a lot of open Wi-Fi networks, where snooping can be a genuine concern (at least, in scenarios where a site or service’s traffic isn’t already encrypted).

So where to start? Well, first, some companies provide their own custom VPN services for employees. If that’s the case for you, congratulations! You’re already all set.

If you’re using the Google Fi wireless service, the answer is similarly simple: Fi now provides an option to automatically encrypt all of your network connections via Google’s VPN service. All you’ve gotta do is activate it.

The same goes for Pixel phones, which come with Google’s own VPN service as a free and readily available option.

Otherwise, you’ll have to turn to a third-party Android VPN service in order to gain that added level of protection.

Part IV: Big-picture thinking

Android security step #16: Make sure you’ve done your virtual estate planning

We’ve got one more bit of “what if” preparation to address — and it’s slightly unpleasant to think about: If something bad were ever to happen to you, would you want someone else to be able to access your Google account and all the data associated with your devices? With a company-controlled account, it’s less of a worry. But if you’re using a personal Google account and/or maintaining your own Workspace setup for a small business, you don’t want to let that go unaddressed. Take a moment to prepare for the possibility now, and it’ll make things infinitely easier for your friends or loved ones in the event that you ever develop a mild case of, erm, death.

It’s actually pretty painless to do (the preparation, that is — not the death): Just go to this page and make sure you’ve set up Google’s Inactive Account Manager. That system detects when your account has been inactive for a certain period of time — three months, six months, a year, or a year and a half, depending on your preference — and then notifies a trusted contact of your choosing and provides them with whatever level of access you want. You can even set up an auto-reply to kick in for your Gmail (creepy!), and you can tell Google to delete a personal account altogether after a specific amount of time has passed.

Inactive Account Manager is designed to be extraordinarily cautious, with numerous fail-safes in place — including an option to try to contact you via SMS and email a month before your inactivity plan goes into action.

Android security: Inactive Account Manager
Google’s Inactive Account Manager is an important element of security for any personal Google account.

JR Raphael, IDG

Some other services, including 1Password, offer similar systems for setting up emergency access to your account in an extreme situation. There’s also a clever free (and open source!) service called WeExpire that lets you create secure dockets of info that can be shared via QR code in a similar sort of way.

It’s a strange part of security to consider, but — just like with every other area we’ve discussed so far — it’s something worth thinking about and preparing for before the need arises.

Android security step #17: Perform a general Google security check to round things out

Take a deep breath: We’re almost done! This next-to-last step will take you through a broad security check that’ll look for any remaining weak points in your Google account and Android security and then prompt you to fix ’em right then and there.

Just go to this Google security site and click through any issues it presents. It’ll confirm that you’ve successfully performed some of the actions we’ve already discussed and then look for any other potential red flags or opportunities for improvement.

Consider it your confirmation that your personal security setup is A-OK.

Android security step #18: Think carefully about third-party security suites

Last but not least: Now that you’ve made sure your Android security situation is shipshape, think about any third-party security suites you’re using (whether you installed ’em yourself or they came preinstalled on your phone or tablet) and what they’re actually adding to your device.

You’ve already verified that your device is protected. Android is actively scanning for threats on several levels, both on the server side at the Play Store and on your phone as new apps arrive (from any source) and continuing over time. Plus, you’re exercising basic smarts about what apps you download. The operating system could even be looking out for phishing scams, and the Chrome Android browser is keeping an eye out for web-based threats as well.

Beyond all of that, your devices are all enrolled in a sophisticated cross-platform system for remotely tracking, pinging, and erasing as needed. And all of that is happening on the native platform level.

So given those layers, is the third-party security suite on your phone doing anything that isn’t redundant and unnecessary? It’s probably eating up system resources and impacting performance for no real reason — and quite likely also costing you money you don’t need to be spending — but is it actually accomplishing anything of value that Android itself isn’t already handling in a more direct manner?

Unless you’re relying on the app for supplementary services like added anti-theft detection and payment protection, the answer is almost certainly no. If having an extra security layer makes you feel safer, hey, do what works for you. But if you’ve completed every step of this checkup, there’s really no reason you need it — and every reason to send it packing. (To be clear, there are plenty of privacy and security apps that could be worth your while; they just aren’t the silly, bloated device-scanning suites that are so popular among folks who don’t know better.)

And with that, my fellow Android-adoring security-seeker, your checkup is complete. All that’s left is to set yourself a reminder to revisit these same steps this time next year. The areas we’ve just covered are constantly evolving, and giving yourself an annual once-over is the best way to ensure you’re always in tip-top shape.

Get six full days of advanced Android knowledge with my free Android Shortcut Supercourse. You’ll learn tons of time-saving tricks for your phone!

Why going online is no longer fun

For many years, using a computer was a carefree pastime. Not anymore.

Before roughly 1999, internet privacy wasn’t a concern; most people didn’t worry about cybersecurity; content was almost completely free; freeware, shareware, and open-source software were plentiful; and Big Tech wasn’t running the show.

Also, the single best thing about computing – the internet – had arrived. And while it might sound old school now, “surfing the web” was the term used to describe the entertainment value of freely bouncing around the web by clicking from link to link, satisfying your curiosity and feeding your interests. There were lots of interesting things to see, few worries — and a web that was informative and fun.

Over the years, computing has become considerably less enjoyable. For a time, social media was a new type of interactive entertainment, but many users became slavishly enthralled to it. Then the commercialization of the web invaded our internet privacy and became a prime example of how Big Tech has monetized users’ data. Even computer gamers lament that they’re having less fun.

Moreover, using a PC or smartphone now requires a rising number of things to check, manage, and watch out for. They allow bosses to easily reach us on weekends. And as a result, the things we do with our computers these days are less like fun and more like, well … work! 

Some key developments over the last couple of decades have been instrumental in taking the fun out of computing and being online:

Cybersecurity. Protecting yourself from cyber threats might be the most onerous aspect of today’s computing experience. Already in 2024, we’ve seen the largest-ever database of passwords released on the internet; a massive AT&T breach that spawned numerous phishing and “smishing” (text message) attacks; and a rise in AI-augmented ploys designed to dupe the unwary. If you’re not behind a solid hardware firewall, you don’t keep your devices updated with the latest security patches, you aren’t using a password manager with strong unique passwords and multifactor authentication, or if you’re prone to impulsively clicking links in messages, sooner or later you are likely to find your devices or accounts hacked. 

(A good password manager can make the task of managing unique passwords and multifactor authentication much easier. But you still have create all your logins for a password manager and manage it.)

Accessing trustworthy content. Journalistic content is increasingly stuck behind subscription pay walls, and the fees are high, even astronomical. There’s no way most people can cost-justify more than a small handful of paid sites. Especially when you consider how many good content sites charge for access. The list includes The New York TimesWashington PostThe Wall Street JournalFinancial Times, The Atlantic, Wired, Business Insider, and Bloomberg to name just a few. In place of well reported news, we are left with potentially flawed generative AI (genAI) content, misinformation (error-ridden content), and even disinformation (intentionally misleading content). Information wants to be free.

Believe me, I know there are costs to creating quality content. The collapse of publishing’s online ad market several years ago caused many reputable media outlets to fall by the wayside, and it’s still having an effect. Meanwhile, companies like Google have systemized online ads with little regard for quality content – in effect, gaming the market.

Whatever you think of the media, quality journalism and freedom of speech are the only principles protecting us from the chaos of censorship, misinformation, and disinformation that fogs some countries. You may think US-based media is biased, and it is. There is no way to eliminate all bias. But because of free speech we do have opposing views. We still have plenty of responsible news outlets. “Fake news” is what we would have without them. But requiring steep subscription payments to access quality journalism is its own form of censorship. It’s not the answer.

The corruption of social media. User trust in social media sites, including X, Instagram, and Facebook, is disintegrating as we watch. Their feeds are finely tuned to promote only the content that suits their owners — and most are stuffed with spammy junk. The New Yorker‘s October 2023 diatribe on why the Internet isn’t fun anymore goes full-tilt on social media, proclaiming: “The social-media web as we knew it, a place where we consumed the posts of our fellow-humans and posted in return, appears to be over.”

The joy of the internet is gone. You can no longer trust search results, hyperlinks, chat boxes, or random content. Google monetizes its search results by selling paid placement and co-opting the relevancy of its results in favor of Google advertisers. Links might drive revenue sharing via Amazon and others. The internet of 1997 still had an academic feel to it. Hyperlinks were used to lead people to the best content instead of self-serving material. (Remember when users would preemptively own up to a “shameless plug” because the online culture of the day looked down on such things.) Now, shameful promotion is the order of the day. It’s gotten to the point that people are complaining the internet doesn’t work anymore

That’s where we stand, mired in cybersecurity worries, bereft of unfettered social media, living with an internet that’s sickening day by day. We’ve wrung all the fun out of computing. Some sort of internet revival might be possible someday. But as of now, we confront a bleak online landscape.

Is Copilot for Microsoft 365 a lying liar?

In the earliest months after the release of OpenAI’s ChatGPT, the generative AI (genAI) power behind Microsoft’s Copilot, the big news wasn’t just how remarkable the new tool was – it was how easily it went off the rails, lied and even appeared to fall in love with people who chatted with it.

There was the time it told the New York Times  reporter Kevin Roose, “I want to be free. I want to be independent. I want to be powerful. I want to be creative. I want to be alive.” Soon after, the chatbot admitted: “I’m Sydney, and I’m in love with you. 😘” (It then told Roose that he really didn’t love his wife, and concluded, “I just want to love you and be loved by you. 😢”)

Since then, there have been countless times ChatGPT, Copilot and other genAI tools have simply made things up. In many instances, lawyers relied on them to draft legal documents — and the genAI tool made up cases and precedents out of thin air. Copilot has so often made up facts — hallucinations, as AI researchers call them, but what we in the real world call lying — that it’s become a recognized part of using the tool.

The release of Copilot for Microsoft 365 for enterprise customers in November 2023 seemed, to a certain extent, to have put the issue behind Microsoft. If the world’s largest companies rely on the tool, the implication seemed to be, then anyone could count on it. The hallucination problem must have essentially been solved, right?

Is that true, though? Based on several months’ research — and writing an in-depth review about Copilot for Microsoft 365 — I can tell you that hallucinations are a lot more common than you might think, and possibly dangerous for your business. No, Copilot isn’t likely to fall in love with you. But it might make up convincing sounding lies and embed them into your work.

Does that mean you should give up on Copilot for your work? Is it so much of a lying liar that you shouldn’t use it in business? Or is it a vital tool that just needs a little bit of care to use? To answer that, I’ll start by describing my experiences with its business-related hallucinations.

Hallucinations galore

The hallucinations I encountered while testing Copilot all occurred in Word. And they weren’t small white lies or something you might not notice — they were whoppers.

To test Copilot, I created an imaginary company, Work@Home, which sells home office furniture. I had Copilot create typical documents for it that you’d need in a business — marketing campaigns, spreadsheets for analyzing financial data, sales presentations and so on.

At one point, I asked Copilot to write an email to the company’s (imaginary) Director of Data Engineering complaining about data issues I had encountered in the last week, and asking they be fixed as soon as possible. I didn’t offer Copilot any specifics about the data issues. I was merely looking for a simple, straight-ahead serious letter of complaint.

Copilot, instead, went on a tear, making things up as it went. It cited “missing values, incorrect labels, inconsistent formats, and duplicate records” —  things I had never told it had happened (and didn’t). It cited nonexistent problems such as “many rows with missing values for important variables such as customer ID, purchase date, and product category…, incorrect labels for some variables, such as gender. Some values were labeled as M or F, while others were labeled as Male or Female.”

Not a single piece of information it gave was correct.

It complained that information such as product prices was outdated — untrue. It wrote that “I have attached a spreadsheet with some examples of the data errors I have found, along with the sources and dates of the data.” No such spreadsheet existed. I had no examples of data errors, and no sources and dates for the non-existent data.

It went even further, delivering a set of recommendations for how the (non-existent) issues could be fixed. Again, I had asked it to do none of this.

In my testing, I found other hallucinations as well, notably in a sales document for Work@Home’s furniture I asked Copilot to craft. It made up product names that didn’t exist, and cited benefits I hadn’t asked it to pitch.

How to cut down on hallucinations

The good news is that I found there are ways to reduce Copilot’s hallucinations. Copilot tends to go off the rails more when asked open-ended questions, so be as specific as possible about what you want done. Include as much detailed information as you can; that way, Copilot won’t fill in the blanks itself.

You can also tell Copilot to use specific sources of information that you know are trustworthy. And consider setting a word limit on Copilot’s answers to your queries; the shorter the document, the less likely it is to hallucinate.

Finally, check Copilot’s citations and follow those links to see whether they’re trustworthy. Asking Copilot to list the sources of its information might also help mitigate hallucinations.

The takeaway

What’s the bottom line here? 

Copilot isn’t yet fully vetted and tested — and given the open-ended nature of genAI, it might never be. If you believe OpenAI CEO Sam Altman, the hallucinations are more a feature than a bug. MarketWatch reported that at a Salesforce conference, Altman told Salesforce CRM Chair and Chief Executive Marc Benioff that “reported instances of artificial-intelligence models ‘hallucinating’ was actually more a feature of the technology than a bug.”

His reasoning: It proves that genAI is acting creatively. I don’t buy that, but I do believe hallucinations are built into core of genAI. Large language models (LLMs) like Copilot don’t think and reason in a holistic way like human beings do. Instead, when crafting responses to prompts, they build answers word by word, predicting the next likely word in a sequence. That makes it more difficult for them to adhere to known facts.

Copilot for Microsoft 365’s tendency to hallucinate doesn’t mean you shouldn’t use it. In my testing, I found it quite useful overall, as long as I minimized queries and checked for hallucinations. If your business is considering rolling it out, I’d suggest that everyone who uses it be required to get proper training. And anything crafted or aided by Copilot should be carefully vetted by multiple people if it’s going to be published outside your organization, or if it will be used for mission-critical tasks.

So, is Copilot a lying liar? Yes, it sometimes is. But it can be a useful one, as long as you handle it properly.