Testing – New Google Search “Personal” Tab absent in gSuite for Education

This weekend Google rolled out a change to Google.com search to add a “personal” tab described by cmswire as…

“results come directly from your Google accounts. According to reports, personal ads may also appear in these results. The tab can be found under the ‘More’ option on the search page and surfaces everything related to a keyword in email messages, calendar events and photos.”

Recently I’ve been testing the differences between Consumer Google Accounts and gSuite for Education accounts, so I thought it would be good to check if this feature was rolled out to gSuite users.

Short answer, it is currently not. 

Google features often appear the consumer version first and move to gSuite but Google has to announced any plans to move the feature into gSuite for Education.

Here is my consumer gmail account, with the “personal” tab highlighted and the “more” menu shows videos, shopping, books and flights

consumer google search

Here is my gSuite for Education account, with  videos highlighted, no “personal” tab and the drop down only shows books and flights

gSuiteGoogle search

Tracking Google and Microsoft Adoption in Higher ED

Earlier this month, New York Times columnist Natasha Singer wrote How Google Took Over the Classroom, a detailed look at the rise of Google in primary and secondary education. (Also worth a listen is the NPR interview on All Sides with Ann Fisher).

The article did not address Google at the post-secondary level, but Joshua Kim of Inside Higher ED asked “I’ve been looking for recent data on the Google vs. Microsoft enterprise e-mail battle – but I can’t find anything recent. Can you help?”

Challenge Accepted.

I have a history (or a mild obsession) of tracking edtech. Back in 2010 and for a few years after, Forbes blogger Eric Lai and I tracked the growth of the iPad in K12, Higher Ed and the enterprise. I have been tracking the growth of Google Apps (now gSuite) and Office 365 in K12 and to a lesser extent Higher Ed since 2014.

Back in December, I posted a domain / DNS analysis of adoption in K12 for O365 and gSuite, so I thought it would be a good time to update the numbers for Higher ED.

The methodology is the same as I used for K12 districts, a scan of DNS records, looking for specific known markers in MX, TXT and other records. However, for Higher Ed the data is likely more accurate given that the root domains are well know (.EDU)

For this analysis, I pulled the US based listing from a list of EDU domains on GitHub. The list included only the root EDU domain, and individual colleges or campuses (sub-domains) may run different email systems than what is used on the primary domain but this approach of  using a large data set provides an overview of the adoption of Google and Microsoft email systems.

I scanned the DNS records of 2,276 US EDU domains and got the following results for domains that had DNS MX records that indicated they were routing mail directly through Google or Microsoft servers. The Google numbers are lower than I had expected.

Google MX Records  18.31%
Microsoft MX Records  40.84%

 

One result worth noting was that 30.96% of the sites returned DNS markers that were indicative of a domain that had started the process of verifying domain ownership with Google . Take together with the 18.31% of domains that are actively routing mail through Google, this would strongly indicate that  12.65% of root EDU domains had either started or were using Google and are now not using Google for mail. 

 

Google’s Response to gSuite Admins in Phishing Incident

[Updated: as Doug Levin notes, Google was warned about the potential of this problem in 2011]

On May 3rd, a small percentage (~.1%) of Google users were hit with a sophisticated phishing attack (it used at least 13 different application “clientIds”) . The phishing took the form of a link that directed users to an application  claiming to be “Google Docs” and routed users to Google’s login/permission pages (Oauth2) to grant access to gmail and contact scopes.

For districts using gSuite for Euducation, it was impressive to see how quickly the EDU user community jumped on this issue. AmplifiedIT crowd-sourced the collection of clientIds and posted remediation steps. Google shut down the applications within an hour and Admins of impacted domains received an email similar to the one below late on the evening of 5/4/17.

 


Dear G Suite Administrator,

On Wednesday, May 3, we identified, investigated, and resolved an email phishing campaign . This issue was addressed within approximately one hour from when Google became aware of it. Please note that we have already taken action to protect all users, and no further action is necessary. To assist you in understanding what happened and better educating your users on email security, we are sharing details on how the campaign worked and how we addressed it.

What happened:

The affected users received an email that appeared to be from a contact offering to share a Google doc. Clicking the link in the attacker’s email directed the user to the attacker’s application, which falsely claimed to be Google Docs and asked for access to the user’s account. If the user authorized the application, it accessed the user’s contacts for the purpose of sending the same message to those contacts. This access only retrieved contacts and sent the message onward—customer data such as the contents of emails and documents were not exposed.

Upon detecting this issue, we immediately responded with a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems.

We have taken the following steps to protect your users:

  • Disabled the offending Google Accounts that generated the phishing link
  • Revoked any access that the affected users authorized to the attacker
  • Disabled the malicious projects and apps that sought access

In addition, Google is taking multiple actions to combat this type of attack in the future such as updating our policies and enforcement on OAuth applications, updating our email filters to help prevent campaigns like this one, and augmenting the monitoring of suspiciously behaving third-party apps that request consent from our users.

As a general precautionary measure, you may choose to take the following actions regularly for your users:

We thank you for your continued business and support. If you have any questions, please let us know by contacting Google Support and referencing the issue number [removed].

Sincerely,

The G Suite Team