An anonymous reader shares a report: Ads are the worst, yet we see them everywhere. They fund the content we consume, for free, on a daily basis. It's one thing to receive ads on a website you are going to for free, but it's quite another when an OEM goes out of its way to force an app onto your phone in order to serve you more ads. Sadly, that is exactly what Samsung just did with its new Samsung Visit In update through the Galaxy Store. On December 15, Samsung in the United States updated a system app called "IPS Geofencing" with the new Samsung Visit In app. This offers and coupons app has been rolling out in other countries and regions over the past year, but just hit the United States. IPS Geofencing was previously unused, or at least it was not user-accessible, and its function was unknown. As part of Visit In, it will be used to track your location, see when you're in a store that sells Samsung products or services, then serve you related ads. While you do need to opt-in for this service, the update allowing the functionality was installed automatically in the background of devices via the Galaxy Store. Further reading: Ads Are Taking Over Samsung's Galaxy Smartphones.

Read more of this story at Slashdot.

Google plans to shut down Android Things, a stripped-down version of Android designed for smart home devices. The OS never really got off the ground, so this isn't all that much of a loss, but it is yet another entry in Google's expansive graveyard of shut-down projects. The Verge reports: The smart home project got its start in 2015 under the name Brillo, which was meant to provide the "underlying operating system for the internet of things." In 2016, Google revamped Brillo and relaunched the initiative as Android Things, which was likewise meant to run on products like connected speakers, security cameras, and routers. By relying on Android, the OS was supposed to be familiar to developers and easy to get started with. Then nothing happened. In 2018, some initial smart speakers and smart displays came out using the underlying OS. It seems no other companies were interested, because in February 2019, Google announced it was "refocusing" Android Things to cater specifically to smart speakers and smart displays. Nearly two years later, and Android Things is now on track to be shut down. The Android Things Console, which lets developers push updates to their devices, will stop accepting new non-commercial projects starting January 5th, 2021. A year later, on January 5th, 2022, "the console will be turned down completely and all project data will be permanently deleted." That essentially means developers have a year to wind down any Android Things projects they already have set up.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Android Police: Today, Google and Qualcomm announced what seemed like a big improvement to updates for Android smartphones. The headlines (ours included! We were confused, too) largely read as though Android phones with Qualcomm chipsets would now receive "four years" of Android updates, an additional year on top of what manufacturers like Google and now Samsung have offered on their top-tier smartphones. Except, that's not actually what it said. After confirming with both Google and Qualcomm (and chatting with AP alumnus Ron Amadeo), I received confirmation of what I suspected was the point of confusion about today's news, and that, in fact, very little is changing if you have a Google Pixel or high-end Samsung smartphone. Currently, Google and Samsung both offer three major OS updates on their well-known smartphones. Today's announcement from Google and Qualcomm does not add to that figure. Instead, the announcement merely makes policy what has long been an optional extra for smartphone OEMs who work with Qualcomm, and does not actually "extend" the lifespan of Qualcomm's highest-end chipsets in a meaningful way. If you're confused, I empathize. But Qualcomm and Google kind of hid the ball on this one in a way that was really, really easy to miss, and which most people (including me) didn't spot at first glance. Here's what's actually changing: — Qualcomm will support three major Android OS updates for its entire portfolio of smartphone chips going forward, starting with the Snapdragon 888 — Smartphone OEMs will likely be able to now offer four full years of Android security updates going forward (based on our reading of the announcement) That's it! So, where does all that "four years" and "four Android OS versions" business come from? It's really just a very generous marketing explanation of what was already the policy for Google's Pixel phones (and, again, now many of Samsung's), and it's a tad misleading. Right now, Google's Pixel phones get three years of Android OS and security updates from the time they are released. That means around 36 months of security patches and three major platform updates. Under the new system from Qualcomm, that could be extended to 48 months of security patches, but it would still be just three major platform updates. Neither Google nor Qualcomm is promising more major platform updates for high-end Android smartphones, they're only saying that all Android smartphones with Qualcomm's chips from the newly-announced Snapdragon 888 forward will be eligible for three major platform updates and, as far as we can tell, four years of security updates. As for the four versions business, Google's own slide from today's announcement makes clear that this includes the version of Android the phone shipped with. As in, your phone will, over its lifetime, run four versions of Android: the one it came with, and three subsequent platform updates.

Read more of this story at Slashdot.

Qualcomm has officially announced the Snapdragon 888 at its Snapdragon Tech Summit, offering a first look at its next-generation flagship smartphone processor. The 888 will power the next wave of 2021 Android flagships from companies like Samsung, OnePlus, LG, Sony, and more. From a report: In a first for the company's top-of-the-line 8-series chipsets, the Snapdragon 888 is making a big improvement for 5G: it'll finally offer a fully integrated 5G modem, unlike last year's Snapdragon 865 (which required that manufacturers include a separate modem chip inside the cramped interior of a modern smartphone). The Snapdragon 888 will feature Qualcomm's X60 modem, announced earlier this year, which jumps to a 5nm process for better power efficiency and improvements for 5G carrier aggregation across the mmWave and sub-6GHz bands of the spectrum. Between the new 5nm architecture and the power efficiency gains from an integrated modem, the new chip looks to offer some substantial battery improvements when it comes to 5G. In addition to the 5G improvements, Qualcomm also teased several other advances coming to the Snapdragon 888, including the company's sixth-gen AI Engine (running on a "redesigned" Qualcomm Hexagon processor), which promises a big jump in performance and power efficiency for AI tasks.

Read more of this story at Slashdot.

Samsung may discontinue its premium Galaxy Note phone next year, Reuters reported Tuesday, citing sources with knowledge of the matter, a move that would reflect the sharp drop in demand for high-end smartphones due to the coronavirus pandemic. From the report: The Galaxy Note, known for its large screen and a stylus for note-taking, is one of two Samsung premium phone series -- the other being the more compact Galaxy S which draws in consumers with its state-of-the-art parts. At present, the South Korean tech giant does not have plans to develop a new version of the Galaxy Note for 2021, three sources said, declining to be identified as the plans were not public. Instead, the Galaxy S series' top model, the S21, will have a stylus and the next version of Samsung's foldable phone will be compatible with a stylus, which will be sold separately, one of the sources said.

Read more of this story at Slashdot.

Two Android applications belonging to Chinese tech giant Baidu were removed from the official Google Play Store at the end of October after they were caught collecting sensitive user details. From a report: The two apps -- Baidu Maps and Baidu Search Box -- were removed after Google received a report from US cyber-security firm Palo Alto Networks. Both apps had more than 6 million downloads combined before being removed. According to the US security firm, the two apps contained code that collected information about each user's phone model, MAC address, carrier information, and IMSI (International Mobile Subscriber Identity) number. The data collection code was found in the Baidu Push SDK, used to show real-time notifications inside both apps. Palo Alto Networks security researchers Stefan Achleitner and Chengcheng Xu, who identified the data collection code, said that while some of the collected information is "rather harmless," some data like the IMSI code "can be used to uniquely identify and track a user, even if that user switches to a different phone." The research team said that while the collection of personal user details is not specifically forbidden by Google's policy for Android apps after they reported the issue to Google, the Play Store security team confirmed their findings and "identified [additional] unspecified violations" in the two Baidu apps, which eventually led to the two apps being removed from the official store on October 28.

Read more of this story at Slashdot.

An anonymous reader shares a report: Google was sued last week for allegedly stealing Android users' cellular data allowances through unapproved, undisclosed transmissions to the web giant's servers. The lawsuit, Taylor et al v. Google, was filed in a US federal district court in San Jose on behalf of four plaintiffs based in Illinois, Iowa, and Wisconsin in the hope the case will be certified by a judge as a class action. The complaint contends that Google is using Android users' limited cellular data allowances without permission to transmit information about those individuals that's unrelated to their use of Google services. Data sent over Wi-Fi is not at issue, nor is data sent over a cellular connection in the absence of Wi-Fi when an Android user has chosen to use a network-connected application. What concerns the plaintiffs is data sent to Google's servers that isn't the result of deliberate interaction with a mobile device -- we're talking passive or background data transfers via cell network, here. "Google designed and implemented its Android operating system and apps to extract and transmit large volumes of information between Plaintiffs' cellular devices and Google using Plaintiffs' cellular data allowances," the complaint claims. "Google's misappropriation of Plaintiffs' cellular data allowances through passive transfers occurs in the background, does not result from Plaintiffs' direct engagement with Google's apps and properties on their devices, and happens without Plaintiffs' consent." The allegation: "The device, stationary, with all apps closed, transferred data to Google about 16 times an hour, or about 389 times in 24 hours. Assuming even half of that data is outgoing, Google would receive about 4.4MB per day or 130MB per month in this manner per device subject to the same test conditions."

Read more of this story at Slashdot.

The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study -- considered the largest one of its kind carried out to date. From a report: Using telemetry data provided by NortonLifeLock (formerly Symantec), researchers analyzed the origin of app installations on more than 12 million Android devices for a four-month period between June and September 2019. In total, researchers looked at more than 34 million APK (Android application) installs for 7.9 million unique apps. [...] The results showed that around 67% of the malicious app installs researchers identified came from the Google Play Store. Google did not respond to a request for comment made by ZDNet almost three weeks ago.

Read more of this story at Slashdot.

This year Let's Encrypt announced that it's issued a billion certificates, and it's been estimated they've made certs for almost 30% of web domains. But Friday they posted that "The DST Root X3 root certificate that we relied on to get us off the ground is going to expire — on September 1, 2021. Fortunately, we're ready to stand on our own, and rely solely on our own root certificate." "However, this does introduce some compatibility woes." Some software that hasn't been updated since 2016 (approximately when our root was accepted to many root programs) still doesn't trust our root certificate, ISRG Root X1. Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let's Encrypt. Android has a long-standing and well known issue with operating system updates. There are lots of Android devices in the world running out-of-date operating systems. The causes are complex and hard to fix: for each phone, the core Android operating system is commonly modified by both the manufacturer and a mobile carrier before an end-user receives it. When there's an update to Android, both the manufacturer and the mobile carrier have to incorporate those changes into their customized version before sending it out. Often manufacturers decide that's not worth the effort. The result is bad for the people who buy these devices: many are stuck on operating systems that are years out of date. Currently, 66.2% of Android devices are running version 7.1 or above. The remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let's Encrypt certificate. In our communications with large integrators, we have found that this represents around 1-5% of traffic to their sites. Hopefully these numbers will be lower by the time DST Root X3 expires next year, but the change may not be very significant. Let's Encrypt engineer Jacob Hoffman-Andrews explains that "In the time between now and September 29 we plan to start serving certificates with the 'alternate' link relation 186 to allow Automatic Certificate Management Environment (ACME) clients to programmatically select a chain they prefer." But Friday's blog post explains that won't solve everything: There will be site owners that receive complaints from users and we are empathetic to that being not ideal. We're working hard to alert site owners so you can plan and prepare. We encourage site owners to deploy a temporary fix (switching to the alternate certificate chain) to keep your site working while you evaluate what you need for a long-term solution: whether you need to run a banner asking your Android users on older OSes to install Firefox, stop supporting older Android versions, drop back to HTTP for older Android versions, or switch to a CA that is installed on those older versions. Gizmodo notes that Firefox will be unaffected "since it relies on its own certificate store that includes Let's Encrypt's root, though that wouldn't keep applications from breaking or ensure functionality beyond your browser." They describe Let's Encrypt as "the Mozilla-partnered nonprofit," and offers this succinct summary of the problem. "One of the world's top certificate authorities warns that phones running versions of Android prior to 7.1.1 Nougat will be cut off from large portions of the secure web starting in 2021."

Read more of this story at Slashdot.

Google officially introduced its Android mobile operating system on November 5th, 2007, which just so happens to line up with today, so happy 13th birthday, Android. Ryne Hager from Android Police reports: On November 5th, 2007, the "Open Handset Alliance" was revealed after long speculation that Google would enter the smartphone market, following the purchase of a little startup named "Android." Rumors had swirled surrounding a potential "Gphone," but Google quashed them as it announced that Android would be an open platform for anyone. Companies including Motorola, Qualcomm, HTC, and T-Mobile were all on board to help deliver the hardware and partnerships the nascent platform would require. Google promised that Android would change the status quo, and it definitely delivered, with it now claiming over 72% of the worldwide smartphone market share, according to some recent estimates (if not more). It's the primary vehicle that has allowed billions of people to get online in emerging markets, and it's the reason our site even exists.

Read more of this story at Slashdot.

Samsung is back on top as the world's biggest smartphone vendor one quarter after losing its spot to Huawei, according to reports from IDC, Counterpoint, and Canalys. The news comes just as Samsung posted its highest quarterly revenue figures ever, which the company said was helped by a boost in demand for smartphones. From a report: Huawei became the number one vendor for the first time three months ago, benefiting from strong sales in China while much of the rest of the world was operating under constrained retail conditions due to the COVID-19 pandemic. But Huawei's shipments fell 7 percent quarter-on-quarter and 24 percent year-on-year, according to Counterpoint, while Samsung's shipments increased by 47 percent over the last quarter. Xiaomi was able to regain the number three spot for the first time in several years, overtaking Apple for the first time with year-on-year growth of 46 percent. Apple's shipments fell 7 percent year-on-year in the July-September quarter, no doubt affected by the fact that its new iPhones this year slipped until October and November release dates.

Read more of this story at Slashdot.

OnePlus, the Chinese smartphone manufacturer that has turned into one of the most popular Android smartphone brands worldwide, is reportedly missing one of its cofounders. According to Android Police, citing Reddit user JonSigur, who published alleged screenshots of internal memos at OnePlus, co-founder Carl Pei has left his role at the company after nearly seven years. From the report: The messages listed the company's leadership structure, with Pei notably absent. The memos also noted Emily Dai, who was in charge (or could still be in charge) of OnePlus operations in India, was recently appointed as the head of the Nord product line globally. Pei was previously in charge of Nord, and was prominently featured in the documentary about the phone's development. We reached out to OnePlus for a statement, and a spokesperson declined to comment. That adds more credibility to the story -- if it were false, it would be extremely easy for OnePlus to outright deny it. The report notes that OnePlus' other co-founder, Pete Lau, remains the company's CEO.

Read more of this story at Slashdot.

Google has removed this summer more than 240 Android apps from the official Play Store for showing out-of-context ads and breaking a newly introduced Google policy against this type of intrusive advertising. From a report: Out-of-context ads (also known as out-of-app ads) are mobile ads that are shown outside an app's normal container. They can appear as popups or as fullscreen ads. Out-of-context ads are banned on the Play Store since February this year, when Google banned more than 600 apps that were abusing this practice to spam their users with annoying ads. But despite the public crackdown and ban, other apps showing out-of-context ads have continued to be discovered -- such as in June this year. The latest of these discoveries come from ad fraud detection firm White Ops. In a blog post today, the company said it discovered a new cluster of more than 240+ Android apps bombarding their users with out-of-context ads -- but made to look like they originated from other, more legitimate applications.

Read more of this story at Slashdot.

"Google is hiring to create a special Android security team that will be tasked with finding vulnerabilities in highly sensitive apps on the Google Play Store," reports ZDNet: "As a Security Engineering Manager in Android Security... Your team will perform application security assessments against highly sensitive, third party Android apps on Google Play, working to identify vulnerabilities and provide remediation guidance to impacted application developers," reads a new Google job listing posted on Wednesday. Applications that this new team will focus on include the likes of COVID-19 contact tracing apps and election-related applications, with others to follow, according to Sebastian Porst, Software Engineering Manager for Google Play Protect.

Read more of this story at Slashdot.

Google has recently removed 17 Android applications from the official Play Store because they were infected with the Joker (aka Bread) malware. ZDNet reports: "This spyware is designed to steal SMS messages, contact lists, and device information, along with silently signing up the victim for premium wireless application protocol (WAP) services," Zscaler security researcher Viral Gandhi said this week. The 17 malicious apps were uploaded on the Play Store this month and didn't get a chance to gain a following, having been downloaded more than 120,000 times before being detected. Following its internal procedures, Google removed the apps from the Play Store, used the Play Protect service to disable the apps on infected devices, but users still need to manually intervene and remove the apps from their devices. But this recent takedown also marks the third such action from Google's security team against a batch of Joker-infected apps over the past few months. [...] The way these infected apps usually manage to sneak their way past Google's defenses and reach the Play Store is through a technique called "droppers," where the victim's device is infected in a multi-stage process. Malware authors begin by cloning the functionality of a legitimate app and uploading it on the Play Store. This app is fully functional, requests access to dangerous permissions, but also doesn't perform any malicious actions when it's first run. Because the malicious actions are usually delayed by hours or days, Google's security scans don't pick up the malicious code, and Google usually allows the app to be listed on the Play Store. But once on a user's device, the app eventually downloads and "drops" (hence the name droppers, or loaders) other components or apps on the device that contain the Joker malware or other malware strains.

Read more of this story at Slashdot.

Google has removed an Android app from the Play Store that was used to collect personal information from Belarusians attending anti-government protests. ZDNet reports: The app, named NEXTA LIVE, was available for almost three weeks on the official Android Play Store, and was downloaded thousands of times and received hundreds of reviews. To get installs, NEXT LIVE claimed to be the official Android app for Nexta, an independent Belarusian news agency that gained popularity with anti-Lukashenko protesters after exposing abuses and police brutality during the country's recent anti-government demonstrations. However, the app contained code to to collect geolocation data, gather info on the device owner, and then upload the data to a remote Russian server at regular intervals. [...] While there is no official link between the fake Nexta app and the Minsk government, this would hardly be the first time that a government would try to spy on its citizens in the midst of anti-government protests, in attempts to identify protest-goers.

Read more of this story at Slashdot.

An anonymous reader shares a report: If you're going to spend $1,000 on a phone, you might as well spend $2,000. And honestly, if you're going to spend $2,000, why not just go for it and spend $3,300? That seems to be a chief guiding principle behind the Samsung Galaxy Fold Z 2 Thom Browne edition -- a handset for those who want the priciest mobile device you can buy -- and then some. Samsung has been partnering with the high-end American fashion designer for a couple of devices now. The Z Fold 2 edition follows the release of the Thom Browne Galaxy Z Flip, which also cost an additional $1,100 over the price of the standard foldable. Further justifying the device's cost is the inclusion of a Galaxy Watch 3 and the Galaxy Buds Live -- neither of which ship with the standard Fold Z 2. And perhaps even more importantly, it's something you can lord over the heads of your slightly more frugal friends who only shelled out for the regular Fold.

Read more of this story at Slashdot.

Comcast wants to turn the software running on its set-top boxes into an operating system for smart TVs, Protocol reported Friday, citing multiple industry insiders with knowledge of the company's plans. From the report: The company began pitching TV manufacturers on the idea in recent months and had some conversations on the subject at CES in January. It's unclear how far these talks have progressed, but the push underlines the growing importance of smart TVs as a major platform for the future of entertainment. At the center of these discussions has been Comcast's X1 platform, which the company built as an operating system for its own set-top boxes over the past decade. In addition to running on the company's cable boxes, X1 also powers Flex, the Roku-like streaming hardware launched by Comcast last year. Comcast has also for some time pitched X1 to fellow cable operators. Cox, for instance, runs X1 hardware and software under its Contour brand, and Charter executives have publicly acknowledged that the two companies have been negotiating a similar licensing deal.

Read more of this story at Slashdot.

Google today released the alpha version of Jetpack Compose, its UI toolkit for helping developers "build beautiful UI across all Android platforms, with native access to the platform APIs." From a report: While an alpha release means it is definitely not production ready, Jetpack Compose promises to let Android developers build apps using "dramatically less code, interactive tools, and intuitive Kotlin APIs." The alpha release also includes new tools including Animations, Constraint Layouts, and performance optimizations. Android Jetpack, which Google launched at its I/O 2018 developer conference, is a set of components for speeding up app development. Think of it as the successor to Support Library, a set of components that makes it easier to leverage new Android features while maintaining backwards compatibility. Jetpack Compose, which Google first showed off at its I/O 2019 developer conference, is an unbundled toolkit meant to simplify UI development by combining a reactive programming model with Kotlin.

Read more of this story at Slashdot.