Google

Google Pulls 500+ Backdoored Apps With Over 100 Million Downloads From Google Play (helpnetsecurity.com) 3

Orome1 shares a report from Help Net Security: Security researchers have identified over 500 apps on Google Play containing an advertising software development kit (SDK) called Igexin, which allowed covert download of spying plugins. The apps in question represent a wide selection of photo editors, Internet radio and travel apps, educational, health and fitness apps, weather apps, and so on, and were downloaded over 100 million times across the Android ecosystem. Lookout researchers did not name the apps that were found using the malicious SDK, but notified Google of the problem. The latter then proceeded to clean up house, either by removing the offending apps altogether, or by forcing app developers to upload an updated version with the invasive features (i.e. the Igexin SDK) removed. "Users and app developers have no control over what will be executed on a device after the remote API request is made. The only limitations on what could potentially be run are imposed by the Android permissions system," the researchers pointed out. "It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server. Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality -- nor are they in control or even aware of the malicious payload that may subsequently execute. Instead, the invasive activity initiates from an Igexin-controlled server."
Hardware

Samsung Unveils Galaxy Note8 With 6.3-inch Infinity Display, Dual Rear Cameras (venturebeat.com) 90

VentureBeat reports: After months of leaks, Samsung today unveiled the Galaxy Note8 in an event in New York City. The company's latest stylus-equipped flagship smartphone is expected to be available for preorder starting tomorrow, August 24. The phone ships "in mid-September" with Android 7.1.1 Nougat, but you can expect it will be upgradeable to Android Oreo, which was only officially announced two days ago. The Galaxy Note8 succeeds the Galaxy Note7 (you may think that's obvious, but the Note7 succeeded the Note5). Samsung is likely holding its breath with the Galaxy Note8 given the Galaxy Note7 fiasco due to exploding batteries that led to a product recall. The direct result of this is that the Note8 has a smaller 3300mAh battery, which can be charged either via the USB-C port or wirelessly. Samsung's Galaxy Note8 features a 6.3-inch SuperAMOLED edge display (1440 x 2960 resolution, 18.5:9 aspect ratio, 521 pixels per inch) and has minimal top and bottom bezels which the company markets as Infiniti. For those wondering, yes, this is the biggest screen ever on a Note device. The phone is powered by an Exynos 8895 system-on-chip globally and Qualcomm's Snapdragon 835 in the U.S., 6GB of RAM, and starts at 64GB of internal storage (128GB and 256GB variants also available, all expandable via a microSD slot). The device is also IP68-certified, meaning it is dust and water resistant. The phone weighs 195g and physical dimensions come in at 162.5mm by 74.6mm by 8.5mm. No word on pricing yet. Update: Between $930-$960.
The Internet

Wal-Mart To Enter Voice-Shopping Market Via Google Platform (reuters.com) 28

Wal-Mart Stores is teaming up with Google to enter the nascent voice-shopping market, currently dominated by Amazon.com, adding another front to Wal-Mart's battle with the online megastore. From a report: Google, which makes the Android software used to run most of the world's smartphones, will offer hundreds of thousands of Walmart items on its voice-controlled Google Assistant platform from late September, Walmart's head of e-commerce, Marc Lore, wrote in a blog post on Wednesday. Lore, who joined the world's largest retailer after it bought his e-commerce company Jet.com, said Wal-Mart would offer a wider selection than any retailer on the platform. Amazon, whose voice-controlled aide Alexa allows users to shop from the retailer, has the lion's share of the U.S. voice-controlled device industry, with its Echo devices accounting for 72.2 percent of the market in 2016, far ahead of the Google Home gadget's 22 percent, according to research firm eMarketer.
Software

Slashdot Asks: What Are Your Favorite Android Oreo Features? (thehackernews.com) 266

Yesterday, Android O officially became Android Oreo and started rolling out to Pixel and Nexus devices. While there are many new features available in the new OS, we thought we'd ask you: what are your favorite Android Oreo features? The Hacker News highlights eleven of the new features "that make Android even better" in their report: 1. No More 'Install From Unknown Sources' Setting: Prior to Android Oreo, third-party app installation requires users to enable just one setting by turning on "Install from unknown sources" -- doesn't matter from where the user has downloaded an APK file, i.e. from a browser, Bluetooth, transferred from a computer via USB or downloaded using another app. Android 8.0 Oreo has completely changed the way this feature works, bringing a much smarter and safer system called "Install other apps," in which a user has to manually permit 3rd-party app installation from different sources.
2. Autofill API Framework: Android 8.0 Oreo brings a built-in secure AutoFill API that allows users-chosen password manager to store different types of sensitive data, such as passwords, credit card numbers, phone numbers, and addresses -- and works throughout the entire system.
3. Picture-in-Picture: With Android Oreo, you can view a YouTube video while reading through a report in Word or be chatting on WhatsApp on your Android device -- thanks to Picture-in-Picture (PIP) feature.
4. Google Play Protect: Play Protect helps in detecting and removing harmful applications with more than 50 billion apps scanned every day.
5. Wi-Fi Aware (Neighborhood Aware Networking -- NAN): Android Oreo has added support for a new connectivity feature called Wi-Fi Aware, also known as Neighborhood Aware Networking (NAN), which allows apps and devices to automatically find, connect to, and share data with each other directly without any internet access point or cellular data.
6. Android Instant Apps: With Android 8.0 Oreo, you can now access a range of Instant Apps without downloading them.
7. Battery-Saving Background Limits: Google has blocked apps from reacting to "implicit broadcasts" and carrying out certain tasks when they are running in the background in an effort to enhance the battery life of Android device. Besides this, Android Oreo will also limit some background services and location updates when an app is not in use.
8. AI-based Smart Text Selection: Android Oreo brings the 'Smart Text Selection' feature, which uses Google's machine learning to detect when something like physical addresses, email addresses, names or phone numbers is selected, then automatically suggests the relevant information on other apps.
9. Notification Dots (Limit notifications): Oreo introduces Notification Dots that offers you to manage each app individually with "fine-grained control," allowing you to control how many notifications you see and how they come through.
10. Find my Device: Google has introduced a new feature, called Find my Device, which is a similar feature to Apple's Find my iPhone and allows people to locate, lock and wipe their Android devices in the event when they go missing or get stolen.
11. New Emoji and Downloadable Fonts: Android Oreo introduces 60 new emoji and a redesign of the current "blob" characters. The update also offers new color support to app developers and the ability to change or animate the shape of icons in their apps.

Android

Android O Is Now Officially Android Oreo (theverge.com) 132

Android O is now officially going by the name of Android Oreo. The operating system is available today via Google's Android Open Source Project. OTA rollout is expected to arrive first to Pixel and Nexus devices, with builds currently in carrier testing. The Verge reports: The use of an existing brand makes sense for Google here -- there aren't a ton of good "O" dessert foods out there, and Oreos are pretty much as universally beloved as a cookie can be. There's also precedent for the partnership, as Google had previously teamed up with Nestle and Hershey's to call Android 4.4 KitKat.
Android

postmarketOS Pursues A Linux-Based, LTS OS For Android Phones (liliputing.com) 109

An anonymous reader quotes Liliputing: Buy an iPhone and you might get 4-5 years of official software updates. Android phones typically get 1-3 years of updates... if they get any updates at all. But there are ways to breathe new life into some older Android phones. If you can unlock the bootloader, you may be able to install a custom ROM like LineageOS and get unofficial software updates for a few more years. The folks behind postmarketOS want to go even further: they're developing a Linux-based alternative to Android with the goal of providing up to 10 years of support for old smartphones...

Right now postmarketOS is a touch-friendly operating system based on Alpine Linux that runs on a handful of devices including the Samsung Galaxy Nexus, Google Nexus 4, 5, and 7 (2012), and several other Samsung, HTC, LG, Motorola, and Sony smartphones. There are also ports for some non-Android phones such as the Nokia N900 and work-in-progress builds for the BlackBerry Bolt Touch 9900 and Jolla Phone. Note that when I say the operating system runs on those devices, I basically mean it boots. Some phones only have network access via a USB cable, for instance. None of the devices can actually be used to make phone calls. But here's the cool thing: the developers are hoping to create a single kernel that works with all supported devices, which means that postmarketOS would work a lot like a desktop operating system, allowing you to install the same OS on any smartphone with the proper hardware.

One postmarketOS developer complains that Android's architecture "is based on forking (one might as well say copy-pasting) the entire code-base for each and every device and Android version. And then working on that independent, basically instantly incompatible version. Especially adding device-specific drivers plays an important role... Here is the solution: Bend an existing Linux distribution to run on smartphones. Apply all necessary changes as small patches and upstream them, where it makes sense."
Android

Android O Is Officially Launching August 21 (techcrunch.com) 86

Android O is set to arrive on August 21, with a livestreamed unveiling event timed for 2:40 PM ET in NYC -- which is roughly when the maximum solar eclipse is set to occur for New York. TechCrunch reports: Android O will get a full reveal at that time, which seems like kind of a weird time to do it since a lot of people will be watching the NASA eclipse livestream that Google is also promoting, or staring at the sky (with the caveat, hopefully, that they have procured proper glasses for safe viewing). Google says that Android O will have some "super (sweet) new powers," most of which we know all about thanks to pre-release builds and the Android O teaser Google provided at its annual I/O developer event this past May. WE know, for instance, that the notification panel has been changed significantly, and there's new optimization software to improve battery life on all devices. While Android O's name has yet to be confirmed, the official consumer name is speculated to be "Oreo." Prolific leaker Evan Blass posted a picture of an Oreo to Twitter on Friday following the announcement of the reveal date and event.
Google

Google Explains Why It Banned the App For Gab, a Right-Wing Twitter Rival (arstechnica.com) 530

AmiMoJo shares a report from Ars Technica: When right-wing trolls and outright racists get kicked off of Twitter, they often move to Gab, a right-wing Twitter competitor. Gab was founded by Andrew Torba, who says it's devoted to unfettered free expression online. The site also hosts controversial right-wing figures like Milo Yiannopoulos, Andrew 'weev' Auernheimer and Andrew Anglin, editor of the neo-Nazi site Daily Stormer. On Thursday, Gab said that Google had banned its Android app from the Google Play Store for violating Google's ban on hate speech. The app's main competitor, Twitter, hosts accounts like the American Nazi Party, the Ku Klux Klan, and the virulently anti-gay Westboro Baptist Church, yet the Twitter app is still available on the Google Play store. Apple has long had more restrictive app store policies, and it originally rejected the Gab app for allowing pornographic content to be posted on the service -- despite the fact that hardcore pornography is readily available on Twitter. In an email to Ars, Google explained its decision to remove Gab from the Play Store: "In order to be on the Play Store, social networking apps need to demonstrate a sufficient level of moderation, including for content that encourages violence and advocates hate against groups of people. This is a long-standing rule and clearly stated in our developer policies. Developers always have the opportunity to appeal a suspension and may have their apps reinstated if they've addressed the policy violations and are compliant with our Developer Program Policies."
Android

The Verge's Essential Phone Review: An Arcane Artifact From an Unrealized Future (theverge.com) 55

An anonymous reader shares Dieter Bohn's review of the Essential Phone: Even though it was announced less than three months ago at the Code Conference, there's already enough mythology surrounding the Essential Phone to fill a book. It comes from a brand-new billion-dollar startup led by the person who helped create Android itself, Andy Rubin. That origin binds it up with the history of all smartphones in a way that doesn't usually apply to your run-of-the-mill device. The phone was also delayed a bit, a sign that this tiny company hasn't yet quite figured out how to punch above its weight class -- which it's certainly trying to do. Although it runs standard Android, it's meant to act as a vanguard for Essential's new ecosystem of smart home devices and services connected by the mysterious Ambient OS. Even if we trust that Rubin's futuristic vision for a connected home will come to pass, it's not going to happen overnight. Instead, all we really have right now is that future's harbinger, a well-designed Android phone that I've been testing for the past week. Available unlocked or at Sprint, the $699 Essential Phone is an ambitious device. It has a unique way to connect modular accessories, starting with a 360-degree camera. It has a bold take on how to make a big, edge-to-edge screen paired with top-flight materials such as ceramic and titanium. And it has a dual camera system that is meant to compete with other flagship devices without adding any thickness to the phone. That would be a lot for even a massive company like Samsung or Apple to try to do with a single phone. For a tiny company like Essential, the question is simply this: is it trying to do too much? In conclusion, Bohn writes: "The Essential Phone is doing so much right: elegant design, big screen, long battery life, and clean software. And on top of all that, it has ambitions to do even more with those modules. If you asked Android users what they wanted in the abstract, I suspect a great many of them would describe this exact device. But while the camera is pretty good, it doesn't live up to the high bar the rest of the phone market has set. Sometimes artifacts are better to behold than they are to use."
Security

Secret Chips in Replacement Parts Can Completely Hijack Your Phone's Security (arstechnica.com) 62

Dan Goodin, writing for ArsTechnica: People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device. The concern arises from research that shows how replacement screens -- one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0 -- can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness. There would be no sign of tampering unless someone with a background in hardware disassembled the repaired phone and inspected it. The research, in a paper presented this week (PDF) at the 2017 Usenix Workshop on Offensive Technologies, highlights an often overlooked disparity in smartphone security. The software drivers included in both the iOS and Android operating systems are closely guarded by the device manufacturers, and therefore exist within a "trust boundary."
Media

Video Is Coming To Reddit (variety.com) 74

An anonymous reader shares a report from Variety: Videos are coming to Reddit, thanks to a new feature that allows users to upload video clips directly to the service. Reddit rolled out the new video feature Tuesday after testing it with around 200 communities over the past couple of weeks. Reddit users are now able to upload videos of up to 15 minutes in length, with file sizes being limited to 1 gigabyte. Users will be able to upload videos via Reddit's website and its mobile apps for iOS and Android, with the latter offering basic trimming functionality as well. And, in keeping with the spirit of the site, Reddit is also offering a conversion tool to turn videos into animated Gifs. Videos are being displayed persistently, or pinned, meaning that users can scroll through the comments while the video keeps playing in the corner of their screen. And community moderators can opt not to allow videos in their Subreddits at all, with Le arguing that some discussion-heavy Subreddits may decide that the format just doesn't work for them.
Desktops (Apple)

In Defense of the Popular Framework Electron (dev.to) 138

Electron, a popular framework that allows developers to write code once and seamlessly deploy it across multiple platforms, has been a topic of conversation lately among developers and users alike. Many have criticised Electron-powered apps to be "too memory intensive." A developer, who admittedly uses a high-end computer, shares his perspective: I can speak for myself when I say Electron runs like a dream. On a typical day, I'll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. [...] So, how does it feel to run this bloat train of death every day? Well, it feels like nothing. I don't notice it. My laptop doesn't get hot. I don't hear the fan. I experience no lags in any application. [...] But aside from how it makes end-users feel, there is an arguably more important perspective to be had: how it makes software companies feel. For context, the project I work in is an open-source cross-platform notes app that's available on most platforms, including web, Mac, Windows, Linux, iOS, and Android. All the desktop applications are based off the main web codebase, and are bundled using Electron, while the iOS and Android app use their own native codebases respectively, one in Swift and the other in Kotlin. And as a new company without a lot of resources, this setup has just barely allowed us to enter the marketplace. Three codebases is two too many codebases to maintain. Every time we make a change, we have to make it in three different places, violating the most sacred tenet of computer science of keeping it DRY. As a one-person team deploying on all these platforms, even the most minor change will take at minimum three development days, one for each codebase. This includes debugging, fixing, testing, bundling, deploying, and distributing every single codebase. This is by no means an easy task.
Google

Google Allo For Chrome Finally Arrives, But Only For Android Users (engadget.com) 88

Google Allo, the chat app that arrived on the iPhone and Android devices last year, now has a web counterpart. Head of product for Allo and video chat app Duo, Amit Fulay, tweeted: "Allow for web is here! Try it on Chrome today. Get the latest Allo build on Android before giving it a spin." Engadget reports: To give it a go, you'll need to open the Allo app on your device and use that to scan a QR code you can generate at this link. Once you've scanned the code, Allo pulls up your chat history and mirrors all the conversations you have on your phone. Most of Allo's key features, including smart replies, emoji, stickers and most importantly the Google Assistant are all intact here. In fact, this is the first time you can really get the full Google Assistant experience through the web; it's been limited to phones and Google Home thus far.
Software

App Developers Should Charge More If They Want People To Buy Subscriptions, Suggests Report (theverge.com) 50

A new report from Liftoff, a Silicon Valley-based mobile app marketing and retargeting firm, says that subscription-based apps may do better if developers charge a higher price for services, rather than setting prices too low to lure users in initially. The Verge reports: The Liftoff report, which analyzed data gathered between June 2016 and June 2017, categorized app subscriptions into low-cost monthly subs ($0.99 to $7), medium ($7 to $20), and high-cost subs ($20 to $50), while also factoring the cost of acquisition per customer. The company found that apps in the medium price range had the highest conversion rate -- 7.16 percent -- and the lowest cost to acquire a subscriber, at just over $106 dollars. This was five times higher than the rate of people who subscribed to apps when the apps were in the low-cost category. This may partly be because streaming media apps, like Netflix and Spotify, have already conditioned people to pay around $10 a month for services. But it also might be attributable to the sunk cost fallacy, Liftoff says: the "cognitive bias people have that makes them stay the course because they have already spent time or resources on it." The report also examines apps that fulfill "need states," like dating apps or cloud services. These have the potential to offer services that customers are willing to pay for, again and again. But, according to Liftoff, utility apps have a much higher install-to-subscriber rate compared to dating apps. Blame those who eventually find love?
Businesses

Snap Sold Fewer Than 42K Spectacles, Down 35% In Q2 (androidheadlines.com) 50

The hype surrounding Snap's Spectacles appears to be dwindling. Their sales have decreased by 35 percent in the second quarter of the year, with the company's latest consolidated financial report revealing that its "Other" revenue amounted to $5.4 million over the three-month period ending June 30. Android Headlines reports: With Spectacles being the company's only miscellaneous endeavor at this point in time and sporting a $130 price tag that has yet to see any discounts, it seems that the Venice, Los Angeles-based social media giant managed to only sell approximately 41,500 units of its first wearable in Q2 2017. During the first quarter of the year that also disappointed investors, Snap's "Other" business category recorded a revenue of $8.3 million, suggesting that the firm managed to sell around 64,000 units. The overall commercial performance of Spectacles may still improve during the current quarter as Snap just recently made the smart sunglasses available on Amazon, in addition to partnering with a number of physical retailers. Likewise, the Snapbot vending machines selling Spectacles only started appearing in Europe in June and are still popping up in a number of major cities on the Old Continent, which is another factor that could help improve the sales figures of Snap's camera-equipped pair of sunglasses. Regardless, the current state of affairs is unlikely to please investors, especially in light of the fact that Snap recently proclaimed itself to be "a camera company," noting how Snapchat is just one aspect of its product vision that's meant to incorporate a wide variety of photography-oriented hardware.
The Military

US Army Walks Back Decision To Ban DJI Drones Ever So Slightly (suasnews.com) 27

garymortimer shares a report from sUAS News: News has reached me that another DJI memo was passed around on Friday the 11th of August. An exception to policy with recommendations from the asymmetric warfare group that will permit the use of DJI kit once some conditions have been met. The Android Tactical Assault Kit will become the ground control station (GCS) of choice when a DJI plugin has passed OPSEC (Operational Security) scrutiny. In a separate report from Reuters, DJI said it is "tightening data security in the hopes that the U.S. Army will lift its ban on DJI drones because of 'cyber vulnerabilities.'" The company is "speeding deployment of a system that allows users to disconnect from the internet during flights, making it impossible for flight logs, photos or videos to reach DJI's computer servers," reports Reuters. While the security measure has been in the works for several months, it's being rolled out sooner than planned because of the Army's decision to discontinue the use of DJI drones.
Businesses

Andy Rubin's Essential Is Now Valued at Over a Billion Dollars Without Shipping a Single Phone (theverge.com) 75

An anonymous reader shares a report: Essential, the new phone startup from Android founder Andy Rubin, is now a unicorn, according to reports from over the weekend. If you're not up to date on the parlance of Silicon Valley, a unicorn is a company that's valued at over $1 billion dollars, which is no small feat in today's market. This title is even more impressive, given that Essential has yet to ship a single device to consumers. According to a report, Foxconn's FIH Mobile filing for a $3 million investment in Essential for around 0.25 percent of the fledgling phone company revealed Essential's new unicorn status with a valuation of around $1.2 billion.
Security

Spyware Apps Found on Google Play Store (bleepingcomputer.com) 37

Researchers at the security firm Lookout have identified a family of malicious Android apps, referred to as SonicSpy. From a report: Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store. In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself. At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.
Iphone

Apple Refuses To Enable iPhone Emergency Settings that Could Save Countless Lives (thenextweb.com) 279

An anonymous reader shares a report: Despite being relatively easy, Apple keeps ignoring requests to enable a feature called Advanced Mobile Location (AML) in iOS. Enabling AML would give emergency services extremely accurate locations of emergency calls made from iPhones, dramatically decreasing response time. As we have covered before, Google's successful implementation of AML for Android is already saving lives. But where Android users have become safer, iPhone owners have been left behind. The European Emergency Number Association (EENA), the organization behind implementing AML for emergency services, released a statement today that pleads Apple to consider the safety of its customers and participate in the program: "As AML is being deployed in more and more countries, iPhone users are put at a disadvantage compared to Android users in the scenario that matters most: An emergency. EENA calls on Apple to integrate Advanced Mobile Location in their smartphones for the safety of their customers." Why is AML so important? Majority of emergency calls today are made from cellphones, which has made location pinging increasingly more important for emergency services. There are many emergency apps and features in development, but AML's strength is that it doesn't require anything from the user -- no downloads and no forethought: The process is completely automated. With AML, smartphones running supporting operating systems will recognize when emergency calls are being made and turn on GNSS (global navigation satellite system) and Wi-Fi. The phone then automatically sends an SMS to emergency services, detailing the location of the caller. AML is up to 4,000 times more accurate than the current systems -- pinpointing phones down from an entire city to a room in an apartment. "In the past months, EENA has been travelling around Europe to raise awareness of AML in as many countries as possible. All these meetings brought up a recurring question that EENA had to reply to: 'So, what about Apple?'" reads EENA's statement.
Android

T-Mobile To Launch Its Own Branded Budget Smartphone (cnet.com) 17

In a throwback to a time when carriers differentiated themselves by branding and selling exclusive phones, T-Mobile announced Wednesday that it's launching its very own budget Android smartphone called the Revvl. CNET reports: The Revvl, which runs on Android Nougat, offers pretty basic specs: a 5.5 inch HD display, 2GB of RAM, 32GB of storage, a 13-megapixel rear-facing camera a 5-megapixel front-facing camera. But it also throws in a fingerprint sensor and will cost T-Mobile customers just $5 a month with no down payment through the company's Jump! upgrade program. It goes on sale Thursday. In a blog post, T-Mobile COO Mike Sievert said the company is catering to those who want the latest smartphone technology but can't afford to pay for high-end devices.

Slashdot Top Deals