Ripple Effects Could Extend Well Beyond

Yahoo Hack: Ripple Effects Could Extend Well Beyond
Breach of Yahoo scale are the security equivalent of ecological disasters
A big worry is a cybercriminal technique known as “credential stuffing”
Will the big Yahoo breach mean an explosion of smaller breaches?
As investors and investigators weigh the damage of Yahoo’s massive breach to the internet icon, information security experts worry that the record-breaking haul of password data could be used to open locks up and down the web.

While it’s unknown to what extent the stolen data has been or will be circulating, giant breaches can send ripples of insecurity across the internet.

“Data breaches on the scale of Yahoo are the security equivalent of ecological disasters,” said Matt Blaze, a security researcher who directs the Distributed Systems Lab at the University of Pennsylvania, in a message posted to Twitter.

 

A big worry is a cybercriminal technique known as “credential stuffing,” which works by throwing leaked username and password combinations at a series of websites in an effort to break in, a bit like a thief finding a ring of keys in an apartment lobby and trying them, one after the other, in every door in the building. Software makes the trial-and-error process practically instantaneous.

Credential stuffing typically succeeds between 0.1 percent and 2 percent of the time, according to Shuman Ghosemajumder, the chief technology officer of Mountain View, California-based Shape Security. That means cybercriminals wielding 500 million passwords could conceivably hijack tens of thousands of other accounts.

“It becomes a numbers game for them,” Ghosemajumder said in a telephone interview.

So will the big Yahoo breach mean an explosion of smaller breaches elsewhere, like the aftershocks that follow a big quake?

Ghosemajumder doesn’t think so. He said he didn’t see a surge in new breaches so much as a steady increase in attempts as cybercriminals replenish their stock of freshly hacked passwords. It’s conceivable as well that Yahoo passwords have already been used to hack other services; the company said the theft occurred in late 2014, meaning that the data has been compromised for as long as two years.

 
“It is like an ecological disaster,” Ghosemajumder said in a telephone interview. “But pick the right disaster. It’s more like global warming than it is an earthquake. … It builds up gradually.”

The first hint that something was wrong at Yahoo came when Motherboard journalist Joseph Cox started receiving supposed samples of credentials hacked from the company in early July. Several weeks later, a cybercriminal using the handle “Peace” came forward with 5,000 samples – and the startling claim to be selling 200 million more.

On August 1 Cox published a story on the sale, but the journalist said he never established with any certainty where Peace’s credentials came from. He noted that Yahoo said most of its passwords were secured with one encryption protocol, while Peace’s sample used a second. Either Peace drew his sample from a minority of Yahoo data or he was dealing with a different set of data altogether.

“With the information available at the moment, it’s more likely to be the latter,” Cox said in an email Tuesday.

The Associated Press has been unable to locate Peace. The darknet market where the seller has been active in the past has been inaccessible for days, purportedly due to cyberattacks.

At the moment it’s not known who holds the passwords or whether a state-sponsored actor, which Yahoo has blamed for the breach, would ever have an interest in passing its data to people like Peace .

 

Meanwhile, Yahoo users who recycle their passwords across different sites may be at risk. And while an internet-wide password reset is one option, Yahoo’s announcement that some security questions were compromised too means that the risks associated with the breach are likely to linger.

A password can be changed, after all, but how do you reset your mother’s maiden name?

Yahoo Hackers May Seek Intelligence, Not Riches

Yahoo Hackers May Seek Intelligence, Not Riches
Breach could be part of a strategy that’s aimed at gathering intelligence
Governments known to hack email accounts to keep tabs on citizens
No evidence yet that Yahoo attack was state-sponsored
If a foreign government is behind the massive computer attack that compromised a half billion user accounts at Yahoo, as the company says, the breach could be part of a long-term strategy that’s aimed at gathering intelligence rather than getting rich.

Yahoo says the breach involved users’ email addresses, passwords and other information – including birthdates – but not payment card or bank account numbers. Although the stolen data could still be used in financial crimes, such as identity theft, experts say a foreign intelligence agency might combine the Yahoo files with information from other sources to build extensive dossiers on US government or corporate officials in sensitive positions.

 

“With state-sponsored attacks, it’s not just financial information that’s of value,” said Lance Hoffman, co-director of the Cyberspace Security and Privacy Institute at George Washington University. “In the long run, if the state accumulates a lot of information on you, and especially if it corroborates that with other sources, it can assemble a pretty good profile.”

Governments have also been known to hack email accounts to keep tabs on their own citizens or dissidents. Experts believe that was one motive behind a 2010 hacking of Google Gmail accounts used by Chinese human rights activists.

Yahoo hasn’t revealed the evidence that led it to blame a “state-sponsored actor” for the latest attack, which the Sunnyvale, California, company said occurred two years ago and was discovered only in recent weeks.

Some analysts warn that “state sponsored” can be a vague term. It might also be an easy excuse to deflect blame for a company’s own security lapses, by suggesting it had no hope of defeating hackers who had all the resources of a government intelligence agency behind them, warned Gunter Ollmann, chief security officer at Vectra Networks, a San Jose, California, security firm.

 

 

o Hack Raises ‘Serious Questions’ From EU Privacy Watchdogs)Yahoo declined comment, but its top security official, Bob Lord, has said the company would make that claim only “when we have a high degree of confidence.” In a policy statement last year, Lord also said the company wouldn’t release details about why it believes attacks are state-sponsored because it doesn’t want to risk disclosing its methods of investigating breaches.
This wouldn’t be the first time that governments were implicated in high-profile hacking attacks.

US officials have hinted that China might be to blame for a 2015 breach at the US Office of Personnel Management, in which background files and even fingerprints of millions of federal employees were stolen. China denied any official involvement. More recently, news reports say US intelligence officials have blamed Russian spies for the hack of Democratic National Committee files, although Russia’s government has also denied this.

Some security experts believe the OPM attack was carried out by the same hackers who also stole data files from large US insurance and health-care companies in 2014 and 2015. It may have been part of an effort to gather sensitive or compromising information to blackmail or coerce individuals working at a variety of federal agencies.

Hackers could also use such personal information to concoct bogus emails and send them to a person’s Yahoo account, in what might be a sophisticated “phishing” scheme aimed at getting the target to click on a link containing “spyware” or other malicious computer code.

“They’d have the ability to conduct targeted phishing attacks against individuals with potentially valuable information, without going through their government email accounts,” said Tim Erlin, senior director of security and risk strategy at Tripwire, a cyber-security firm.

Similarly, governments might want to target executives at multi-national corporations, especially if they’re competing with companies based in the country that sponsored the attacks. In such cases, intelligence officials might share useful commercial secrets with their home-grown industries, said Jeremiah Grossman, an official at SentinelOne, a Silicon Valley computer security firm. He noted that the 2010 attack on Google was blamed on Chinese hackers who also targeted US companies outside the tech industry.

 

In any event, security experts warn that the Yahoo breach could still put ordinary users at risk, particularly if the hacked information finds its way to online marketplaces where stolen data are bought and sold. Many people use the same email address and password for a variety of online services, where they might also have provided financial information such as credit card numbers. And hackers with access to a Yahoo email account could try to reset passwords for other services, if a user registered for those accounts with a Yahoo address.

Tamil Nadu to Set Up ‘Amma Free Wi-Fi Zones’ in the State

Tamil Nadu to Set Up 'Amma Free Wi-Fi Zones' in the State

In yet another people-friendly initiative, the ruling AIADMK government Friday issued orders to set up ‘Amma Free Wi-Fi’ zones in 50 places across the state.

Cashing in on the ‘Amma’ brand, the state government had earlier introduced several people-friendly schemes like Amma Water, Amma Cement, Amma Medicine besides launching Amma Canteen offering food at subsidised rates.

“In a move to implement the Free Wi-Fi zone scheme as announced in the party manifesto, Chief Minister Jayalalithaa issued orders to set up Amma Wi-Fi zone in 50 spots, comprising larger bus terminuses, commercial complexes and parks,” a release from Chief Minister’s office said.

Similarly, higher secondary school and college students would also be given free access to internet as per the poll promise, it said.

In the first phase, 50 schools will be covered at a cost of Rs. 10 crores. Jayalalithaa is fondly called ‘Amma’ (Mother) by her cadres.

Meanwhile, Jayalalithaa has issued orders to construct an integrated IT complex, spread across two lakh square feet at the Electronic Corporation of Tamil Nadu Special Economic Zone in Sholinganallur at a cost of Rs. 80 crores, another release said.

The proposal to construct the complex was against the backdrop of exports from the Special Economic Zone constituting 25 percent, valued at Rs. 16,536 crores, it said.

The government said, 650 permanent e-registration centres will be set up by the Tamil Nadu e-governance Agency allowing people to access the services offered by government departments. “The Centres will be set up at a cost of Rs. 25 crores,” it said.

For customers who opt to make use of government services through mobile applications, the release said, a new scheme, Assured Multi-Modal Access, would be launched offering the services of government department in mobile phones.

“Initially, 25 government schemes will be launched through this facility at a cost of Rs. one crores,” it added.

Noting that the offices of Tamil Nadu e-governance agency and the Tamil Nadu Arasu Cable TV Corporation were operating in rented premises, the release said new buildings at a cost of Rs five crore would be constructed to house the government offices.

 

Google Accelerated Mobile Pages Now Rolling Out to All Supported Search Results

Google Accelerated Mobile Pages Now Rolling Out to All Supported Search Results

  • Google introduced the AMP project to reduce load time for mobile webpages
  • Google is now rolling out AMP optimised pages for all supported results
  • Users are more likely to click on the AMP link than a non-AMP one

Google in February introduced its Accelerated Mobile Pages (AMP) project to reduce load time for mobile webpages. If you’ve noticed some stories with a small ‘lightning’ symbol on it, it means those pages open within a second. Initially, the AMP initiative was limited to only ‘Top Stories’. In August, Google announced that the initiative would make its way to all of Google’s search results.

Google is now rolling out AMP optimised pages for all supported results (including non-news) to users around the world. Google AMP is designed to improve mobile user experience, reducing load times by creating stripped down versions of webpages. Doing so not only saves time and battery life but also cuts data by 10 times.

The rollout doesn’t change the search result, but only shows which sites have pages that can load ‘lightning’ fast. In a blog post by Google Inside Search, the company claims to “have over 600 million AMP documents created by sites such as eBay, Reddit, Shopify, WikiHow, and many more.”

Google has also stressed that the Search engine doesn’t rank pages based on AMP support but adds that mobile users are more likely to click on the AMP link than a non-AMP one. Google’s ranking system does prioritise small load times and page speed, however, Google VP of Engineering David Besbrisexplained that if there are two identical pages – one mobile friendly and the other AMP-powered – it will show the AMP one.

The announcement on Tuesday is more of a signal to Web developers to ‘AMP’ up their content so that they can hop on to the lightning fast bandwagon.

 

180 Indian Firms Hit by Ransomware So Far in 2016 Trend Micro

180 Indian Firms Hit by Ransomware So Far in 2016: Trend Micro
Over 180 Indian companies were victims of “ransomware” – or online extortion schemes – in the first six months of this year, a report said on Tuesday.

Ransomware, also called Business Email Compromise (BEC), globally caused companies a loss of a whopping $3 billion (roughly Rs. 19,946 crores), the report said – although no figure has been provided for losses in India.

BEC schemes are scam tactics which compromise business accounts in order to facilitate an unauthorised fund transfer and is considered one of the most dangerous threats to organisations.

According to Trend Micro Incorporated, a global leader in security software and solutions, 2016 has proven to be a year of online extortion through various malicious attacks.

“While it’s unfortunate for us, cybercriminals are resilient and flexible when it comes to altering an attack method each time we find a patch or solution,” said Ed Cabrera, Chief Cybersecurity Officer for Trend Micro, in a statement.

“It bodes well for businesses to anticipate being targeted and to prepare accordingly, implementing the latest security solutions, virtual patching and employee education to mitigate risks from all angles,” he added.
In total, 79 new ransomware families were identified in the first six months of the year, which surpasses the total number of new families found in all of 2015.

Both new and old variants caused a total of $209 million (roughly Rs. 1,389 crores) in monetary losses to enterprises globally. Ransomware attacks found in the first half of 2016 – like BEC scams – originated from emails 58 percent of the time.

The effectiveness of BEC scams lies in the techniques employed against its preferred targets. Attackers are able to deceive victims by combining their knowledge of social engineering techniques and well-researched information about the target.

Once attackers had picked someone of authority to spoof, their next move would involve tricking their victims to permit a fund transfer to serve as payment for an invoice or perhaps a legal settlement.

“An effective way to defend against BEC scams should be a mixture of proper employee education and security solutions that will help identify threats even before they reach a person’s inbox,” the report said.

An email solution that is able to flag social engineering techniques is needed to effectively block malicious email messages that are used in BEC campaigns, it added.

Super Mario Bros. 30th Anniversary Google Easter Egg

Google tends to throw in Easter eggs that tie-in to real life events such as decking up the logo on its home page for the Olympics. Monday however, the Mountain View-based company decided to pay homage to the Super Mario Bros. to celebrate the 30th anniversary of the classic video game.

Searching for ‘Super Mario Bros’, ‘Super Mario’, or even ‘Mario Bros’ results in a block with a question mark shown off on the search screen. Depending on the device you’re on, if you click or tap it, it will result in hearing the classic ‘ding’ sound when you collect a coin in the game. Regardless of how often you click, it will be the only sound you hear so old-timers looking for power-ups will have to make do with playing the game instead.

(Also see: Top 5 Mario Games Everyone Should Play)

The character had earlier made an appearance in the Nintendo arcade game “Donkey Kong”, but under the name Jumpman. With his distinctive uniform and moustache, the hyperactive little plumber is instantly recognisable, a rare quality in the games market.

To mark the three-decade milestone, Nintendo last Thursday released in Japan “Super Mario Maker” on the Wii U console. This allows players to create their own worlds for Mario, or use those created by other players and shared through the Internet. In the run up to which, series creator, Shigeru Miyamoto featured in a video that answered a host of fan theories including if the revered classic, Super Mario Bros. 3 was a play, and the origins of the video game hero’s name.

Tamil Nadu Government to Implement ‘BharatNet’ Project

Tamil Nadu government on Monday said it will provide internet services, including IPTV, through the state-run cable TV operator TACTV and implement the Centre’s broadband project “BharatNet” linking more than 12,500 rural local bodies in the state at an investment of Rs 3,000 crore.

Making a suo motu statement in the Assembly, Chief Minister J Jayalalithaa said the Tamil Nadu Arasu Cable TV Corporation (TACTV) has received Internet Service Provider Licence (ISP) from the Union IT Ministry and signed a pact with Indian RailTel for providing high-speed broadband Internet services.

Already, 552 cable operators had been roped in and services were being provided to the people and the ISP Licence will be used to take internet across every household in the state, she added.

“Further, I am happy to announce that Internet Protocol Television (IPTV) services will also be provided along with high-speed broadband and other internet services,” she said. As regards Bharatnet, the Chief Minister said she had been insisting that it should be implement through the state government and this had been accepted by the Centre.

Accordingly, 12,524 rural local bodies will be connected through Optical Fibre at an investment of Rs 3,000 crore with Central Assistance and a Tamil Nadu FibreNet Corporation will be created for this purpose, she added. In another statement, Jayalalithaa said specially designed wheelchairs would be provided to 960 differently-abled persons with spine problems at an estimated cost of Rs 1.92 crore.

She said the foldable wheelchairs supplied already were not comfortable to those with spine problems.

Excessive use of Wi-Fi can trigger headaches, allergies

wi-fi-hotspot-stock-image

Should you worry about ‘wireless allergies’? Addressed with skepticism by most, the term electromagnetic hypersensitivity (EHS) or wireless allergy or gadget allergy, is ascribed to a range of non-specific symptoms like headache and fatigue apparently due to heavy use of wireless communicating devices, especially those that emit electromagnetic radiation (EMR).

Common sources of this Wi-Fi tsunami include mobile phone signals, Wi-Fi hotspots, Wi-Fi enabled devices like tabs, cellphones, laptops and a plethora of other gadgets. The controversial issue was recently thrust in the limelight when a French court in a landmark ruling granted disability allowance to a 39-year-old woman who claimed to be experiencing discomfort from alleged EHS. She was forced to live in a countryside barn far away from the Wi-Fi and the Internet.

Despite such examples, the legitimacy debate rages on – is it a real thing or cooked up – fueled by the absence of hard evidence and conclusive research. According to WHO, EHS has no clear diagnostic criteria and there is no scientific basis to link its symptoms to EMF (electromagnetic field) exposure, but it also says: “The symptoms are certainly real and can vary widely in their severity. Whatever its cause, EHS can be a disabling problem for the affected individual.”

Experts in India who have been studying such emerging problems (for example, the link between EHS and cellphone usage) say that with the introduction and expansion of wireless communication technologies, complaints related to mobile phones, base stations and gadgets have become more prominent. ”The radio frequency electromagnetic radiation (RFR – a type of electromagnetic radiation) exposure levels have amplified manifold because of the extensive use of mobile phones and other devices,” Neeraj Kumar Tiwari, Assistant Professor, Faculty of Computer Science and Engineering, SRM University, Lucknow, told IANS in an e-mail interview.

“Very common symptoms and sensations of EHS are irritation, headache, stammering, hearing loss, dizziness, ringing delusion, disrupted sleep, stress, fatigue and restlessness,” he added. Further at the genetic level, electromagnetic radiation from mobiles cause damage if their exposure time and level are high, said M. Y. Khan, Dean, School for Biosciences and Biotechnology, Babasaheb Bhimrao Ambedkar University (BBAU), Lucknow, who has extensively dealt with the issue as a scientist.

In fact, he said, the situation in India compared to the West is worse. “Because we tend to use cheap mobile sets made by companies which do not follow the standard norms about the radiation safety,” Khan, Professor and Head, Department of Biotechnology at the varsity, said in an e-mail interview. The electromagnetic fields produced by mobile phones are classified by the International Agency for Research on Cancer as possibly carcinogenic to humans.

Tiwari added that children may be more vulnerable than adults to EMF effects due to their “developing brain, greater absorption of energy in brain and a longer span of exposure over their lifetime”. But all said and done, the fact is Wi-Fi, mobile phones and the internet are a necessity today, so much so that the number of internet connections in India has swelled to 300 million. And, in a population of 1.25 billion, there are 980 million mobile connections, as per the latest data released by telecom regulator TRAI. Factor into this Prime Minister Narendra Modi’s ‘Digital India’ initiative which will be driven by mobile technology.

The Cellular Operators Association of India (COAI) states EMFs produced by the antennae on mobile towers and mobile phones are at the lower end of the electromagnetic emission spectrum and are ‘non-ionizing radiations’, which means that the energy carried by them is not enough to break the chemical bonds between molecules. ”The Indian government has adopted one of the strictest global safety norms for EMF, which is one tenth of the emission levels (recommended by WHO) followed by most of the countries in the world.

“The government’s support and guidance in allaying the misplaced fears regarding EMF emissions from towers in the minds of the people would be paramount in addressing the issue of misplaced EMF fear psychosis, and help develop and deliver the Digital India dream of the government,” COAI Director General Rajan S. Mathews told IANS. While EHS battles an existential crisis and as teenagers get more and more hooked to gadgets, Tiwari and Khan suggested ‘green communication’ – an approach to minimize the risks or defects associated with wireless communication systems.

Madhumita Dobe of the All India Institute of Hygiene and Public Health stressed on more research on EHS in India. As for now, following simple tips like texting instead of talking, keeping cellphones and gadgets at a distance and not placing cell phones under pillows is the way to go.

Lower prices, hassle-free purchasing sees a surge in online grocery shopping

online-shopping

Shopping for vegetables, fruits or bread wasn’t fun – not as a regular chore in the least. But online grocery marketplaces are fast changing the habits and mindsets of people, especially the young urban professional, on what was once mundane into fun. Plus, no more scurrying around for parking space, small change or wading through dirty marketplaces.

In the past year or so, India has seen a virtual mushrooming of such online grocery portals – with some even promising free delivery on the same day, if ordered within the first half, not counting the attractive discounts and promotional offerings they excite you with. ”This was almost the last piece of the parcel that was left,” said 23-year old, Harvard-educated Pratik Jindal, chief executive of SRSGrocery.com, speaking about the online market. “The main reason behind grocery portals is: People are getting more tech-savvy,” Jindal told IANS.

ALSO READ: CCI to oppose rebate on entry taxes on online shopping

Names such as Zip.in, SeaToHome.com, AaramShop.com, LocalBanya.com, EkStop.com, BigBasket.com, AtMyDoorSteps.com, MyGrahak.com, ZopNow.com, Omart.in, RationHut.com and SeaToHome.com are just a handful of such stores that have set up shop — some with deliveries at multiple locations. Let’s take the case of Zip.in, which New Jersey-based Kishore Ganji started in December 2014. “We ventured into this area as the food business in India is very large but fragmented as well. Our main operation is in Hyderabad. But now we have also started in Vizag,” Ganji told IANS.

The numbers and the growth potential also seem to add up in favour of such stores. As per the latest data released by the Internet and Mobile Association of India, the online food delivery market saw an impressive 40-percent growth in 2014 and reached Rs.350 crore by the end of December. ”The online grocery market garners six percent of the total online services pie.” It’s also not that big physical retailers or the small kirana shops in the neighbourhood are scared. This is primarily because the online stores need them. ”We already home-deliver goods to our customers in the locality – only that we take orders over the phone. If the big chains or online portals tieup with us, then I think that will help in our business,” Yadav Kumar, who runs a kirana store in Mayur Vihar in east Delhi, told IANS.

Even big retailers like Future Group, which owns Big Bazaar, are planning to go online sometime soon. To converge its digital and physical channels, Big Bazaar it has roped in SAP company Hybris, which helps transform businesses to meet the demands of the digital age. With Hybris solutions, it plans to give customers thje flexibility to buy anywhere, pay anywhere and get things delivered anywhere. It had also launched Big Bazaar Direct where it is partnering with mom-and-pop shops and even individuals.

With this, the franchisees can sel both their own and Big Bazaar products, through a tablet provided to them. So far, there are some 700 franchisee uner this concept. Globally, as per a Nielsen Global E-commerce and the New Retail Survey released a few months ago, a quarter of the respondents said they were already ordering groceries online for home delivery and more than half were willing to use it in the future. The majority of the 30,000 respondents in 60 countries felt physical shopping had its charm. But the study added: “Research also shows clicks do lead to bricks and this is an important take-away for retailers and manufacturers who must engage the consumer early on the path to purchase.”

A study on online grocery done by the US Department of Agriculture (USDA) also predicts strong growth. “The availability of multiple payment methodologies such as online banking, credit cards, debit cards, and cash-on-delivery have meant that it is convenient for urban Indian consumers to shop online while saving both time and money,” the study said. Navneet Singh, chief executive and co-founder of PepperTap, told IANS that growth has been rather good for his portal. “We are now present in 12 cities and will be present in 35 cities by year-end. It is a capital-efficient model. Logistics is provided by us,” he said.

In January, Singh said, the company saw only 50 orders a day, which is now touching 12,000-15,000 orders. He said, their mantra was to partner with local stores and put their catalogues online. “We have tie-ups with 140 retailers so far.” Jindal of SRSGrocery said the venture — which is a part of SRS Grocery stores spread across the Delhi NCR region in the name of Value Bazaar — started in January this year. The company has 45 stores. ”Our thought was why not provide everything to the customers at their doorsteps? We have added two crucial things to our existing retail business — procurement technology and a logistics team,” he said, adding: “We do not have any minimum order specs and no delivery charges.”

Stakeholders like Jindal also explained there were also attractive captive shoppers in working couples and even old people. Plus, another attraction is that the number of products available in the online format is much higher than neighbourhood mom and pop shops. ”We have a wide range of products. Now we have our own logistics team. We follow the hybrid model – where we have tie-ups with large retailers, wholesalers and vegetable markets. Capital cost is less since we don’t hold inventory. We pack products well and ensure quality,” Ganji added. But the final say in all this, the stakeholders concede, has to be the price.

Ganji says it is but natural for online grocery stores to be cheaper. “We are not into price war with other portals. But things are much cheaper online. We don’t have to set up a shop in a high street mall. We don’t have decoration cost or any such recurring costs.” The USDA report also gave a risk-benefit analysis. ”Compared to these (physical) stores, online retailers will need to overcome delivery challenges (traffic, poor roads, greater distance, cost). Nevertheless, online retailers enable consumers to bypass parking and traffic congestion in most Indian cities while providing better selection than a neighborhood store.”

Google may be on cusp of re-entering mainland China market

Google could be making moves to reassert itself in the biggest smartphone market in the world.CNET

Google may be finding its way back to mainland China, five years after the company shut down many operations there following disagreements with the Chinese government.

As early as this fall, the tech giant hopes to gain regulatory approval to distribute a special China version of its Google Play app store for smartphones running on its Android operating system, the website The Information reported Friday, citing unnamed sources. Google is also preparing to unveil as soon as this month a new China version of its Android Wear software to run wearables such as smartwatches, the publication said.

For the app store, Google agreed to abide by local laws and block apps the government sees as objectionable, the report said.

Google declined to comment on the report.

If Google makes these announcements, this would be a marked softening of its stance on China. In 2010, Google shut down its local search engine there and moved some operations to Hong Kong so it could avoid self-censoring its search results, as the Chinese government requires. Around the same time, Google also accused China of being involved in cyberattacks against it.

The creation of software specific to China could give Google more control in that country over Android, which smartphone makers have been free to modify for their own devices, making for a fragmented market. Tighter control would make it easier for app developers to create new Android apps for China, the biggest smartphone market in the world, by users. A new Google app store would also help the company compete with local app stores, including those from Tencent, Baidu and Xiaomi.

Still, Google may also open itself up to criticism that it’s capitulating to China after it took a hard stance against censorship there.

The Information in November also reported that a new version of the Google Play app store was on the way for China, though the publication now reports that an announcement may be more imminent.