Google is making it easier to prevent a nasty CC surprise in Gmail
It’s too easy to imagine that any security update worth making is going to involve something complex, and more often than not, that leaves the user experience more convoluted than before. The best security updates, however, are the ones that make usability easier rather than more cumbersome. Passkeys replacing passwords are the obvious example to throw in the mix. Google has just confirmed an incredibly simple new feature that is coming to the Gmail Android app, and it’s one that truly deserves the security surprise label as you might be forgiven for thinking it’s just another ease-of-use tweak. Here’s what you need to know about the changes to how you send CC and BCC emails using Gmail on Android will impact your security posture.
This One Surprising Interface Tweak Will Make Gmail More Secure For Millions Of Android Email Users
The Google Workspace team took to the official blog the day before Thanksgiving to drop an announcement regarding what appeared to be a relatively simple and straightforward interface tweak for users of the Gmail Android app. An announcement that, totally unsurprisingly, has flown largely under the security updates radar as a result. But you have to get up earlier in the day to sneak something Gmail and security-related past me. So, what is the security surprise? “When writing an email in the Gmail app on your Android device, you can now drag and drop contacts in the addressee fields,” Google said.
Yes, seriously, that’s it. I told you it was both simple and surprising. Now let me explain why it’s also a security update for the hundreds of millions of people who use Gmail on an Android device.
Why Sending A Carbon Copy Can Be A Security Issue, And How Gmail Will Make It Less Likely To Happen
Mistakes made when sending a carbon copy or blind carbon copy of an email can be embarrassing at the best of times and a security risk at the worst. As a journalist, I have lost count of the number of times that a media relations agency has mistakenly sent a copy of a press release using the CC function rather than the BCC one. This isn’t a huge problem apart from the fact that it then “publishes” the email addresses of everyone on the list to everyone else on it which can have huge data protection implications. But that accidental breach won’t be stopped by being able to drag an email address to either of the carbon copy fields, although mine would hope it would be more apparent.
No, the security side of things comes into play when someone has added the wrong person to a carbon copy field when inputting a bunch of addresses. Believe me, this is very easily done, especially with address autocomplete combined with a split-second lack of attention. That email could easily contain confidential or sensitive material not authorized for all the eyes that end up reading it. By being able to draft and drop email addresses between the To, CC and BCC fields, this should certainly reduce the number of such errors. Why? Because the physical act of drag and drop is more attention-driven, requires a different kind of focus than typing, and in my never humble opinion will be much harder to get wrong.
The bonus here, and it really is a bonus when talking any kind of security implication, is that the new system is also a usability update that makes Gmail easier to use. Boom. Double whammy win.
The new drag-and-drop functionality for the Gmail Android app has started to roll out now, and Google said that it should be complete before Dec. 14 to all users of Gmail, including personal accounts.