Netflix, the video-streaming giant, began its expected foray into video games with the introduction of five mobile games to its users worldwide, playable initially on Android devices. From a report: The titles are included in a Netflix subscription, and there'll be no advertising or additional purchases required, Mike Verdu, Netflix's vice president of game development, said Tuesday. The streaming company has targeted video games as its next big thing -- it's an industry that's larger than the movie and TV businesses. Players logging in will see a dedicated games row and tab where they can choose which titles to play. Games for Apple's iPhone are also planned. The initial offering includes titles linked to Netflix shows, such as Stranger Things: 1984 and Stranger Things 3: The Game. Also included are Shooting Hoops, Card Blast and Teeter Up.

Read more of this story at Slashdot.

"New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks," reports BleepingComputer. Cybersecurity company Lookout said on its blog that they'd spotted the malware on Google Play "and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store.... To protect Android users, Google promptly removed the app as soon as we notified them of the malware." We named the malware "AbstractEmu" after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads... This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years. As the Android ecosystem matures there are fewer exploits that affect a large number of devices, making them less useful for threat actors... By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances... AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device. "Apps bundling the malware included password managers and tools like data savers and app launchers," reports BleepingComputer, "all of them providing the functionality they promised to avoid raising suspicions..." Lookout's blog post said they'd spotted people affected by the malware in 17 different countries.

Read more of this story at Slashdot.

Today, Google has officially launched Android 12 for select Pixel devices. The Verge reports: It's available to install right now on Pixel 3 and up, including the Pixel 3A, Pixel 4, Pixel 4A, Pixel 4A 5G, the Pixel 5, and the Pixel 5A. It'll launch on the Pixel 6 and Pixel 6 Pro, as well. Android 12 will be coming later this year to Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices. The most noticeable feature in Android 12 is the new Material You design, which lets you go a little deeper to tweak the look of the homescreen to your liking. It's more expressive than previous versions of Android, with tools to let you coordinate colors that can extend across app icons, pull-down menus, widgets, and more. Speaking of widgets, many of those have been updated to match the new look, and Google shared today that by the end of October, it plans to have over a dozen new or refreshed widgets available for its first-party apps. Google has published a blog post detailing more features available in this release, including the "Pixel-first" features like Material You.

Read more of this story at Slashdot.

Apple said today that one of the reasons it does not allow app sideloading or the use of third-party app stores on iOS is because of privacy and security reasons, pointing to the fact that Android sees between 15 to 47 times more malware compared to its app ecosystem. The Record reports: Apple says that the reason its iOS devices are locked into the App Store as the only way to install applications is for security reasons, as this allows its security teams to scan applications for malicious content before they reach users. Apple cited statements from multiple sources (DHS, ENISA, Europol, Interpol, NIST, Kaspersky, Wandera, and Norton), all of which had previously warned users against installing apps from outside official app stores, a process known as app sideloading. Apple's report then goes on to list multiple malware campaigns targeting Android devices where the threat actors asked users to sideload malicious apps hosted on internet sites or third-party app stores. [...] The list includes a host of threats, such as mundane adware, dangerous ransomware, funds-stealing banking trojans, commercial spyware, and even nation-state malware, which Apple said threat actors have spread by exploiting the loophole in Android's app installation process that allows anyone to install apps from anywhere on the internet. Today's 31-page report (PDF) is the second iteration of the same report, with a first version (PDF) being published back in June, shortly after EU authorities announced their investigation.

Read more of this story at Slashdot.

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table. It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these. In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."

Read more of this story at Slashdot.

In a significant departure from previous years, Google today rolled out Android 12 to AOSP but did not launch any devices, including Pixel phones. "Today we're pushing the source to the Android Open Source Project (AOSP) and officially releasing the latest version of Android," [said Dave Burke, VP of Engineering, in a blog post. "Keep an eye out for Android 12 coming to a device near you starting with Pixel in the next few weeks and Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices later this year." 9to5Google reports: Traditionally, the AOSP launch of the next version of Android coincides with day one availability for Google phones. That is not the case this year, with Google only revealing that Pixel phones can expect an update in the "next few weeks." Google says over 225,000 people tested Android 12 over the course of the developer previews and betas. [...] Google officially highlights four Android 12 tentpoles for developers as part of today's AOSP availability. This starts with a "new UI for Android" that incorporates Material You (referred to today as "Material Design 3"), redesigned widgets, Notification UI updates, and App launch splash screens. In terms of "Performance," Google says it has "reduced the CPU time used by core system services by 22% and the use of big cores by 15%." We've also improved app startup times and optimized I/O for faster app loading, and for database queries we've improved CursorWindow by as much as 49x for large windows. "More responsive notifications" are achieved by restricting notification trampolines, with Google Photos launching 34% faster after this change. Other changes include Optimized foreground services, Performance classes for devices, and Faster machine learning. "Privacy" is led by the new Settings Dashboard, the ability to only grant apps Approximate location, and a new Nearby devices permission for setting up wearables and other smart home accessories without granting location access. There are also the microphone and camera indicators/toggles. Developers can take advantage of "Better user experience tools" like new APIs to better support rounded screen corners, rich content insertion, AVIF images, enhanced haptics, and new camera/sensor effects. There's also Compatible media transcoding, better debugging, and an Android 12 for Games push.

Read more of this story at Slashdot.

After years of Samsung filling up its stock apps with ads, the company is finally stopping that practice. As of today, Samsung Pay, Weather, and Health have officially stopped serving ads. 9to5Google reports: Users in the Samsung Community Forums found that ads had suddenly disappeared from the Samsung Pay app, and an investigation from the folks over at TizenHelp unearthed a comment from a Samsung employee that confirms some good news. As of today, October 1, Samsung has stopped serving ads to Samsung Pay and Samsung Health. Samsung has technically only confirmed this change in its home country, but we're seeing the changes in the United States as well. Notably, force stopping these apps seems to force the ads to be removed, just in case they're still live for you.

Read more of this story at Slashdot.

Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis. The Record reports: Discovered by mobile security firm Zimperium, the new GriftHorse malware has been distributed via benign-looking apps uploaded on the official Google Play Store and on third-party Android app stores. If users install any of these malicious apps, GriftHorse starts peppering users with popups and notifications that offer various prizes and special offers. Users who tap on these notifications are redirected to an online page where they are asked to confirm their phone number in order to access the offer. But, in reality, users are subscribing themselves to premium SMS services that charge over $35 per month, money that are later redirected into the GriftHorse operators' pockets. Zimperium researchers Aazim Yaswant & Nipun Gupta, who have been tracking the GriftHorse malware for months, described it as "one of the most widespread campaigns the zLabs threat research team has witnessed in 2021." Based on what they've seen until now, the researchers estimated that the GriftHorse gang is currently making between $1.5 million to $4 million per month from their scheme.

Read more of this story at Slashdot.

Google announced plans today to port its Permission Auto-Reset feature from Android 11 to older versions of its mobile operating system, as far back as Android 6. From a report: Launched last fall, the Permission Auto-Reset feature works by automatically withdrawing user permissions from an app that hasn't been opened and used for a few months. "Starting in December 2021, we are expanding this [feature] to billions more devices," Google said today. "This feature will automatically be enabled on devices with Google Play services that are running Android 6.0 (API level 23) or higher." Exempt from this new feature will be device admin apps and enterprise apps where the permissions have been fixed through a general enterprise policy.

Read more of this story at Slashdot.

An anonymous reader writes: Facebook unveiled a new compression technique they call 'Superpack compression.' In a blog post written by software engineer Sapan Bhatia, they claim that their compression improves Android app size by 20% over the default Zip compression used by Android. The post gives an overview of the compression ideas. The basis of these ideas is called out to be a key insight in Kolmogorov Complexity, that any data can be represented in the form of programs that generate that data. Facebook's tool, Superpack, mines out such small programs and optimizes them using compiler techniques.

Read more of this story at Slashdot.

New submitter throx shares a report from Android Police: For months users of the three-year-old Pixel 3 series have been complaining of a common and dreadful problem: seemingly random shutdowns that completely lock their devices. The Pixel 3 and 3 XL have been plagued by the "EDL Mode" bug, which locks the device with no screen or button inputs and makes it more or less impossible to use. To date there's no clear solution to this problem, at least not one that's easily available to even advanced users. Google's official support channels are aware of the issue, and that it seems to be accelerating in terms of users in the last few months. But since more or less every Pixel 3 and 3 XL sold is out of warranty at this point, options are limited. You can start an official support ticket with Google and pay for a repair, or (as one volunteer on the Google support forums suggests) take it into an authorized repair shop to see if their Qualcomm tools can get the phone to wake up. At the time of writing there doesn't seem to be any indication of a user-accessible fix for the EDL issues.

Read more of this story at Slashdot.

If you plan on unlocking the bootloader to root your Galaxy Z Flip 3 or Galaxy Z Fold 3 -- Samsung's two newest foldabes announced earlier this month, you should know that the Korean OEM will disable the cameras. Technically, this has only been confirmed for the Galaxy Z Fold 3, but the Galaxy Z Flip 3 likely has similar restrictions. XDA Developers reports: According to XDA Senior Members [...], the final confirmation screen during the bootloader unlock process on the Galaxy Z Fold 3 mentions that the operation will cause the camera to be disabled. Upon booting up with an unlocked bootloader, the stock camera app indeed fails to operate, and all camera-related functions cease to function, meaning that you can't use facial recognition either. Anything that uses any of the cameras will time out after a while and give errors or just remain dark, including third-party camera apps. It is not clear why Samsung chose the way on which Sony walked in the past, but the actual problem lies in the fact that many will probably overlook the warning and unlock the bootloader without knowing about this new restriction. Re-locking the bootloader does make the camera work again, which indicates that it's more of a software-level obstacle. With root access, it could be possible to detect and modify the responsible parameters sent by the bootloader to the OS to bypass this restriction. However, according to ianmacd, Magisk in its default state isn't enough to circumvent the barrier.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 9to5Google: Google's ambitions in the car led to Android Auto being redesigned a couple of years ago, mostly to positive feedback. However, the version of Android Auto on phone screens was meant to shut down at the time and has been on life support ever since. Now, that version has stopped working for some users. The aptly named "Android Auto for Phone Screens" was launched in 2019 as Google was forced to delay Google Assistant Driving Mode. That feature, which finally started rolling out in 2020, continued into earlier this year, and has expanded since, was supposed to replace the experience on phone screens. At the time, Google called this app a "stopgap" for users who needed an in-car experience but lacked a vehicle compatible with Android Auto. In speaking with Google, we are able to confirm that Android Auto for Phone Screens is, indeed, shutting down with the release of Android 12. The experience will not be available for users on Android 12, but still on older versions of the OS. Google says that Assistant Driving Mode will be "the built-in mobile driving experience" on Android 12. Google's full statement follows: "Google Assistant driving mode is our next evolution of the mobile driving experience. For the people who use Android Auto in supported vehicles, that experience isn't going away. For those who use the on phone experience (Android Auto mobile app), they will be transitioned to Google Assistant driving mode. Starting with Android 12, Google Assistant driving mode will be the built-in mobile driving experience. We have no further details to share at this time."

Read more of this story at Slashdot.

Google's next midrange smartphone is the Pixel 5a, featuring a slightly bigger display than last year's Pixel 4a, a considerably larger battery and IP67 water and dust resistance. It's priced at $449, which is $100 more than the Pixel 4a, and is expected to be the last Google phone to include a charger in the box (sorry Pixel 6 fans). Ars Technica reports: Part of the reason for the price increase is that the Pixel 5a is a bigger phone, with a 6.34-inch display and 73.7 mm width compared to the Pixel 4a's 5.8-inch display and 69.4 mm width. Another big change is the addition of IP67 dust and water resistance, which means the phone should survive submersion in 3 feet of water (1 meter) for 30 minutes. As with the Pixel 5, the Pixel 5a's body is metal coated in plastic instead of the pure plastic body of the Pixel 4a. We didn't see the appeal of this construction in the Pixel 5, but the new phone is presumably stronger now. As usual, we're getting a no-frills design that takes care of the basics. On the front, there's a slim-bezel OLED display and a hole-punch camera in the top right, while there are two cameras (main and wide-angle) and a capacitive fingerprint reader on the back. Specs include a Snapdragon 765G (that's a 7 nm chip with two Cortex A76 cores and six Cortex A55 cores), 6GB of RAM, 128GB of storage, and the biggest battery of any Pixel: 4680 mAh. The main camera is 12.2 MP and looks like the same Sony IMX363 sensor that Google has used for the past four years. There's a 16 MP wide-angle and an 8 MP front camera. Oh yeah, the headphone jack is sticking around for at least one more year. If there's a disappointment with the Pixel 5a, it's the 60 Hz display, which is looking pretty slow in a world where 90 Hz and 120 Hz are often the norm. Another important note is that the Pixel 5a will get three years of major updates and three years of security updates. It's currently available for preorder now and starts shipping on August 26.

Read more of this story at Slashdot.

A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. The Hacker News reports: Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was distributed via the official Google Play Store and masqueraded as an app named "Protection Guard," attracting over 5,000 installations. Banking and crypto-wallet apps from entities located in Italy, Australia, and Spain were the primary targets. "For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," researchers from ThreatFabric said in a write-up shared with The Hacker News. "The actors chose to steer away from the common HTML overlay development we usually see in other Android banking Trojans: this approach usually requires a larger time and effort investment from the actors to create multiple overlays capable of tricking the user. Instead, they chose to simply record what is shown on the screen, effectively obtaining the same end result." Vultur [...] takes advantage of accessibility permissions to capture keystrokes and leverages VNC's screen recording feature to stealthily log all activities on the phone, thus obviating the need to register a new device and making it difficult for banks to detect fraud. What's more, the malware employs ngrok, a cross-platform utility used to expose local servers behind NATs and firewalls to the public internet over secure tunnels, to provide remote access to the VNC server running locally on the phone. Additionally, it also establishes connections with a command-and-control (C2) server to receive commands over Firebase Cloud Messaging (FCM), the results of which, including extracted data and screen captures, are then transmitted back to the server. ThreatFabric's investigation also connected Vultur with another well-known piece of malicious software named Brunhilda, a dropper that utilizes the Play Store to distribute different kinds of malware in what's called a "dropper-as-a-service" (DaaS) operation, citing overlaps in the source code and C2 infrastructure used to facilitate attacks. These ties, the Amsterdam-based cybersecurity services company said, indicate Brunhilda to be a privately operating threat actor that has its own dropper and proprietary RAT Vultur.

Read more of this story at Slashdot.

Google's updated its inappropriate content policy to ban "compensated sexual relationships" -- i.e., sugar daddy or sugar dating apps. Ryne Hager writes via Android Police: If somehow you aren't familiar with the term, a "sugar daddy" is more than a caramel candy on a stick. In the more common vernacular, a sugar daddy is a person -- usually an older man, but you could have a "sugar mommy" or maybe a gender-neutral "sugar parent?" -- that spends or gives money in what is typically a transactional relationship, often for sexual favors. I don't judge, different people enjoy different things, and if all parties are consenting with full knowledge, I don't see how an arrangement like that really harms anyone. But, it seems Google does care, though the company is clear it's not objecting to the nature of the relationship, merely the fact that they're often sexual relationships with a perceived compensation basis, and the company has a blanket ban on sexual content -- at least partly ignoring the primary impulse for many customers behind more generalized dating apps like Tinder and Hinge, as well as many of the messages that even mainstream dating app users swap.

Read more of this story at Slashdot.

Security researchers have discovered a novel piece of Android malware that uses the VNC technology to record and broadcast a victim's smartphone activity, allowing threat actors to collect keyboard presses and app passwords. From a report: First spotted in March 2021 by Dutch security firm ThreatFabric, this new piece of malware, named Vultur, is a departure from other Android malware strains that usually rely on fake login screens floating on top of legitimate apps to collect a victim's credentials. Instead, Vultur opens a VNC server on the infected phone, and broadcasts screen captures to an attacker command and control server, where the Vultur operator extracts passwords for desired apps.

Read more of this story at Slashdot.

In a post titled "What Wear OS 3 means for you," Google provides a few more details about its upcoming Wear OS update plans, which will be the first major Wear OS update since Wear OS 2 in 2018. Unfortunately, as Ars Technica points out, the list of devices receiving the new update are limited to some of Mobvoi's TicWatch devices and Fossil Group's new generation of devices launching later this year. Older Wear OS devices featuring the Wear 3100 SoC, which makes up almost all the current Wear OS devices, will not support the new update. From the report: We still have next to no information about Wear OS 3, but there are a few tidbits in the upgrade announcement indicating that things will be very different. One line in the announcement lays out the requirement for a mandatory factory reset for any Wear 4100 devices upgrading from Wear OS 2 to version 3. Wear OS 3 is apparently so different that user data can't be ported over, and all local data will need to be wiped. We've certainly heard Google and Samsung talk about how Wear OS 3 will combine the "best of Wear OS and Tizen," indicating that even the base OS might be rebuilt. Google also vaguely tells 4100 upgraders that "in some limited cases, the user experience will also be impacted." Is this a reference to the 4100 performance or the app selection and features compared to Wear OS 2? It's hard to say. Because Wear OS 3 will be so different, Google says it won't force the upgrade on 4100 users: "We expect that for these reasons, some of you will prefer to keep your current Wear OS experience. Therefore, we will offer the system upgrade on an opt-in basis for eligible devices. We will provide more details in advance of the update so you can make an informed decision. We expect our partners to be able to roll out the system update starting in mid to second half of 2022." The Samsung Watch with Wear OS 3 is expected to ship sometime in August 2021, so the partner time of "2H 2022" -- potentially a year after Samsung's release -- is surprisingly late. Android has typically been very good at letting partners get early access to code, so (at least the ones that care) can be ready for launch, but this suggests Samsung is getting a huge head start. Google's message that upcoming Fossil watches, launching later this year, will be "eligible for upgrade" to Wear OS 3 also suggests that we might see Wear OS 2 devices launch from other companies after Samsung launches Wear OS 3 next month.

Read more of this story at Slashdot.

Nvidia's Shield TVs are some of the best streaming video boxes on the market, but following a recent update to Android TV, Shield TV users are starting to see ads on their home screen and they aren't happy about it. From a report: The latest update to Android TV on Shield TV devices began rolling out earlier this month and featured a small UI redesign that added large banner images to Android TV's home screen, similar to what you get when using Google TV devices like the Chromecast with Google TV. Now technically, Google calls these banner images "recommendations," as they are regularly updated and rotated to help users find new streaming content Google thinks they might enjoy. However, a number of Shield TV users consider these images to be advertisements (especially when they recommend shows on services users aren't even subscribed to), and as such, have taken to showing their displeasure with the recent update by review bombing the listing for the Android TV Home app, which now has a one-star rating across more than 800 reviews.

Read more of this story at Slashdot.

ASUS and Qualcomm have teamed up to make a smartphone that shows off some of the latter's mobile tech. Although the phone is ostensibly for the 1.6 million members of the Snapdragon Insiders program (which is a bit like Microsoft's Windows Insider early-access scheme), it'll be more broadly available by August. From a report: The snappily named Smartphone for Snapdragon Insiders harnesses Qualcomm's Snapdragon 888 5G chipset with a 2.84 GHz octa-core processor and the Adreno 660 GPU. It has what Qualcomm describes as "the most comprehensive support for all key 5G sub-6 and mmWave bands" of any device, along with WiFi 6 and WiFi 6E support with speeds of up to 3.6 Gbps. You'll get 16GB of LPDDR5 memory and 512GB of storage. The 6.78-inch AMOLED display from Samsung has a 144 Hz refresh rate, which could help make it a solid gaming phone. The screen has up to 1,200 nits of brightness and it's HDR10 and HDR10+ certified. The phone has three rear cameras: a 64MP main lens, 12MP ultrawide camera and 8MP telephoto. The array can capture video in up to 8K. The device also has a 24MP front camera and AI auto-zoom. You'll be able to buy the $1,499 device at ASUSTeK's eShop and other retailers.

Read more of this story at Slashdot.