Full Report
Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android. The idea is to create unique, single-use email addresses that forward the messages to
Analysis Summary
# Main Topic
Google is developing a new security/privacy feature named "Shielded Email" designed to combat spam by allowing users to create unique, single-use email aliases when registering for online services.
## Key Points
- The feature was discovered through a teardown of the latest version of Google Play Services for Android.
- Shielded Email generates random, single-use email addresses that forward messages to the user's primary email account.
- This mechanism prevents services from obtaining the user's real email address, thereby mitigating spam risks.
- This concept is analogous to existing features like Apple's "Hide My Email" and offerings from providers like Bitwarden and DuckDuckGo.
- Google has previously released similar privacy tools, such as virtual card numbers for payments, though those are currently U.S.-limited.
## Threat Actors
- No specific threat actors are mentioned in connection with the development or introduction of this feature, as it is a defensive tool being implemented by Google.
## TTPs
- The primary "threat" being addressed is mass data collection, spamming, and unwanted communication resulting from sharing a primary email address during online registration.
- The feature mitigates the TTP of **Email Harvesting** by presenting a disposable intermediary address.
## Affected Systems
- **Systems/Software:** Google Play Services for Android (implied dependency for the feature rollout).
- **Users:** Google/Gmail users who sign up for online services requiring an email address.
## Mitigations
- The implementation of Google's Shielded Email acts as a *proactive defense/mitigation* against email harvesting and spam.
- Users can utilize this upcoming feature to mask their primary address.
- Users concerned about email security may consider using established analogous services until this feature is widely available (e.g., Apple Hide My Email, DuckDuckGo Email Protection).
## Conclusion
The introduction of Shielded Email marks a significant defensive step by Google to enhance user privacy within the Gmail ecosystem, similar to countermeasures already adopted by competitors. The immediate threat is spam and email exposure from third-party sign-ups, which this feature is specifically designed to neutralize by providing disposable forwarding addresses. Users should monitor updates related to the rollout of this feature across Google Play Services.