AndroidPolice reports: Google has confirmed to us that the Pixel 3 series has received its last update, marking the end of a three-year promise. But revisiting the 2018-era flagship, I still can't help but be disappointed that Google didn't try harder to keep it supported longer. Google may have met its marketing requirements, but as I've said before, it's hypocritical for a company committed to sustainability and customer security to leave old smartphones behind so quickly. Revisiting it for the last few days, the Pixel 3 is still a perfectly good phone that could have years of life left in it. And, according to everyone I've spoken to, there aren't any good technical reasons for it being left behind. Google just doesn't care.

Read more of this story at Slashdot.

Google said on Wednesday that it was working on privacy measures meant to limit the sharing of data on smartphones running its Android software. But the company promised those changes would not be as disruptive as a similar move by Apple last year. From a report: Apple's changes to its iOS software on iPhones asked users for permission before allowing advertisers to track them. Apple's permission controls -- and, ultimately, the decision by users to block tracking -- have had a profound impact on internet companies that built businesses on so-called targeted advertising. Google did not provide an exact timeline for its changes, but said it would support existing technologies for at least two more years. This month, Meta, the company founded as Facebook, said Apple's privacy changes would cost it $10 billion this year in lost advertising revenue. The revelation weighed on Meta's stock price and led to concerns about other companies reliant on digital advertising. Anthony Chavez, a vice president at Google's Android division, said in an interview before the announcement that it was too early to gauge the potential impact from Google's changes, which are meant to limit the sharing of data across apps and with third parties. But he emphasized that the company's goal was to find a more private option for users while also allowing developers to continue to make advertising revenue.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Here's a fun new feature of Android 13: working virtualization support. Google is building virtualization into Android for its own reasons, but Android developer kdrag0n has commandeered the feature to boot ARM Windows 11 and desktop Linux. The developer even got the Windows version of Doom running, all inside a VM on the Pixel 6. kdrag0n says that Android 13 has "full KVM functionality" at "near-native performance." You need root to enable the functionality, which doesn't support GPU acceleration. The functionality also doesn't support nested virtualization, so while you can now run Android on Windows and Windows on Android, making an infinitely nested OS turducken is out of the question. This makes for a neat demo that's not at all what Google wants to do with Android's upcoming VM support. Esper's Mishaal Rahman has been meticulously tracking Android's virtualization progress for some time now, and the apparent plan is to someday (maybe in Android 13) use virtual machines as a security and privacy sandbox for various features. Imagine instead of processing sensitive data at the normal app permission level, the data could be processed in a separate OS, so any attackers would have to break through the app security model, then Android, then the hypervisor, then this other, private OS.

Read more of this story at Slashdot.

Google today announced the first developer release of Android 13. These very early releases, which are only meant for developers and aren't available through over-the-air updates, typically don't include too many user-facing changes. From a report: That's true this time as well, but even in this early release, the company is already showing off a few changes that will impact how you'll use your Android phone. Unlike with Android 12, Google plans to have two developer releases and then launch a beta in April, a month earlier than in 2021. The final release could come as early as August, based on Google's roadmap, whereas Android 12 launched in early October. All of this is happening while Android 12L, the Android release for large-screen devices, is still in development, too, though Google notes that it will bring some of those features to Android 13 as well. These include improved support for tablets, foldables and Android apps on Chromebooks. One of the most visible changes in Android 13 so far is that Google will bring the dynamic color feature of Material You, which by default takes its cues from your home screen image to all app icons. Developers will have to supply a monochromatic app icon for this to work, which many will hopefully do, because the current mix of themed and un-themed icons doesn't make for a great look. For now, this will only be available on Pixel devices, though, and Google says it will work with its partners to bring it to more devices. With this release, Google supports the Pixel 6 Pro, Pixel 6, Pixel 5a 5G, Pixel 5, Pixel 4a (5G), Pixel 4a, Pixel 4 XL, and Pixel 4.

Read more of this story at Slashdot.

The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity. BleepingComputer reports: BRATA was first spotted by Kaspersky back in 2019 as an Android RAT (remote access tool) that mainly targeted Brazilian users. In December 2021, a report by Cleafy underscored the emergence of the malware in Europe, where it was seen targeting e-banking users and stealing their credentials with the involvement of fraudsters posing as bank customer support agents. Analysts at Cleafy continued to monitor BRATA for new features, and in a new report published today, illustrate how the malware continues to evolve. The latest versions of the BRATA malware now target e-banking users in the UK, Poland, Italy, Spain, China, and Latin America. Each variant focuses on different banks with dedicated overlay sets, languages, and even different apps to target specific audiences. The authors use similar obfuscation techniques in all versions, such as wrapping the APK file into an encrypted JAR or DEX package. This obfuscation successfully bypasses antivirus detections [...]. On that front, BRATA now actively seeks signs of AV presence on the device and attempts to delete the detected security tools before proceeding to the data exfiltration step. The best way to avoid being infected by Android malware is to install apps from the Google Play Store, avoid APKs from shady websites, and always scan them with an AV tool before opening. During installation, pay close attention to the requested permissions and avoid granting any that appear unnecessary for the app's core functionality. Finally, monitor battery consumption and network traffic volumes to identify any inexplicable spikes that may be attributed to malicious processes running in the background.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard, written by Aaron Gordon: Not quite three years ago, I bought a Pixel 3, Google's flagship phone at the time. It has been a good phone. I like that it's not too big. I dropped it a bunch, but it didn't break. And the battery life has not noticeably changed since the day I got it. I think of phones in much the same way I think of refrigerators or stoves. It's an appliance, something I need but feel no attachment to, and as long as it keeps fulfilling that need, I don't want to spend money replacing it for no real reason. The Pixel 3 fulfills my needs, so I don't want to spend $600 on the Pixel 6, which seems to be just another phone that does all the phone things. But I have to get rid of it because Google has stopped supporting all Pixel 3s. Despite being just three years old, no Pixel 3 will ever receive another official security update. Installing security updates is the one basic thing everyone needs to do for their own digital security. If you don't even get them, then you're vulnerable to every security flaw discovered since your last patch. In response to an email asking Google why it stopped supporting the Pixel 3, a Googles spokesperson said, "We find that three years of security and OS updates still provides users with a great experience for their device." This has been a problem with Android for as long as Android has existed. In 2015, my colleague Lorenzo Franceschi-Bicchierai wrote a farewell to Android because of its terrible software support and spotty upgrade rollouts. Android has long blamed this obvious issue on the fact that updates need to run through the cellphone company and phone manufacturer before being pushed to the user. At the time, Google didn't make any Android phones; the Nexus line was the closest thing, a partnership with other manufacturers like Motorola and HTC (I had one of those, too). But for the past six years, Google has made the Pixel line of phones. They are Google-made phones, meaning Google can't blame discontinuing security updates on other manufacturers, and yet, it announced that's exactly what it would do. Gordon goes on to say that he's "switching to an iPhone for the first time," noting how the most recent version of iOS can be installed on phones going as far back as the iPhone 6s, which was released more than six years ago. "Unless you routinely destroy your phone within two or three years, there's no justification from a sustainability perspective to keep using Android phones," he adds. "Of course, Apple is only good by comparison, as it also manufactures devices that are difficult to repair with an artificially short shelf life. It just happens to have a longer shelf life than Google."

Read more of this story at Slashdot.

Android 12 is one of the platform's most ambitious updates in recent history, bringing a major design overhaul to every corner of the operating system. It has also been one of the rockiest Android OS launches in the past few years. From a report: Both Samsung and OnePlus paused the rollout of their stable Android 12-based updates amid reports of serious bugs. Google itself has addressed a laundry list of bug reports from Pixel 6 owners, just as it's trying to convince them it's finally figured out how to build a truly premium phone. What in the heck is going on? The short answer is that there are some unique complicating factors at play this year but also that Android is inherently a little bit messy -- that just comes with the territory when you're designing a delightful public park compared to Apple's walled garden. Despite a refreshed look and some appealing new high-end handsets, Android is still Android -- the good and the bad. To try and figure out what the heck is going on, we talked to Mishaal Rahman, former editor-in-chief of XDA Developers, who's well known for digging into Android codebases and discovering Google's secrets. Speaking to the Pixel 6 bugs in particular, Rahman guesses that it has a lot to do with the unusually large size of the update. "Many people have called it, myself included, the biggest OS update to Android since Android 5.0 Lollipop, and that was many years ago. There are just so many massive changes to the interface and to the feature set." He also suggests that Google's commitment to issue a new Android update every year can make things worse when it's trying to do so much, and the self-imposed one-year development cycle doesn't leave much wiggle room in the timeline. "They started immediately after Android 11 was released to the public -- and they have a hard cutoff date... After that, they just focus on fixing bugs." Delay any longer, and they'd risk bumping into next year's development cycle. It's also possible that the attempt to bring timely Android updates to non-Google devices wound up backfiring. Android phone owners have been asking for faster updates for a long time -- outside of Google's Pixel phones and pricey flagships, many devices face long waits for OS updates. Sure enough, the updates have come faster this year. Case in point: Samsung users are accustomed to waiting about three months after an Android stable release to get their finished One UI update with the new version of the OS, but this year, One UI 4.0 arrived just one and a half months after Android 12. But the way things have gone this year, many users would likely have opted for a slower, stable update rather than a fast one riddled with bugs.

Read more of this story at Slashdot.

The number of people using Android Apps on Chromebooks grew 50 percent year over year, according to a blog post from Chrome OS product managers Fahd Imtiaz and Sanj Nathwani this week. The execs cited internal Google data recorded from 2020-2021. From a report: In 2021, as some smartphones moved to Android 12, Google worked on updating Chromebooks to support Android 11, while attempting to boost security and performance by bringing Android on Chrome OS to a virtual machine, rather than a container. The company also improved its general usability, using runtime improvements to make the resizing and scaling of Android apps on Chromebooks work better, as well as app rendering. As the developer-focused blog noted, Chromebooks on Chrome OS 93 or newer (the latest is Chrome OS 96) automatically run Android apps made for mobile devices in a window that's set to stay in a "phone or tablet orientation." And, yes, you can turn this feature off. Additionally, Imtiaz and Nathwani pointed to Android's Nearby Share feature coming to Chrome 96 for Android 11 and Android 9 apps as another way to try to get developers excited about making their apps fit devices with larger screens.

Read more of this story at Slashdot.

Google's Pixel 6 line may have served as Android 12's big debut for higher-end phones, but Android 12 (Go edition) plans to bring many of the enhancements and features of Android 12 to lower-end phones, too. Google on Tuesday unveiled a host of new features for the Go edition that are set to roll out to devices in 2022. From a report: Google says that in addition to speed enhancements that'll help apps launch up to 30% faster, Android 12 (Go edition) will include a feature that'll save battery life and storage by automatically "hibernating apps that haven't been used for extended periods of time." And with the Files Go app, you'll be able to recover files within 30 days of deletion. Android 12 (Go edition) will also help you easily translate any content, listen to the news and share apps with nearby devices offline to save data, Google says. The company said Android Go has amassed 200 million users.

Read more of this story at Slashdot.

Apple has released a new Android app called Tracker Detect, designed to help people who don't own iPhones or iPads to identify unexpected AirTags and other Find My network-equipped sensors that may be nearby. CNET reports: The new app, which Apple released on the Google Play store Monday, is intended to help people look for item trackers compatible with Apple's Find My network. "If you think someone is using AirTag or another device to track your location," the app says, "you can scan to try to find it." If the Tracker Detector app finds an unexpected AirTag that's away from its owner, for example, it will be marked in the app as "Unknown AirTag." The Android app can then play a sound within 10 minutes of identifying the tracker. It may take up to 15 minutes after a tracker is separated from its owner before it shows up in the app, Apple said. If the tracker identified is an AirTag, Apple will offer instructions within the app to remove its battery. Apple also warns within the app that if the person feels their safety is at risk because of the item tracker, they should contact law enforcement. [...] The Tracker Detect app, which Apple first discussed in June, requires users to actively scan for a device before it'll be identified. Apple doesn't require users have an Apple account in order to use the detecting app. If the AirTag is in "lost mode," anyone with an NFC-capable device can tap it and receive instructions for how to return it to its owner. Apple said all communication is encrypted so that no one, including Apple, knows the location or identity of people or their devices.

Read more of this story at Slashdot.

Google is bringing Android games from Google Play to Windows laptops, PCs, and tablets, the company announced on Thursday. Gizmodo reports: Google announced a standalone Google Play Games launcher that lets gamers play mobile titles on Windows PCs at The Game Show Awards on Thursday. The upcoming app will allow players to close out of their game on one device and resume playing where they left off on another. This means you could switch between a Chromebook, Windows PC, and Android phone without losing saved data. The app, which is being built and distributed by Google, runs games locally on your system, no cloud streaming required. So far, Google has only teased the service in a brief video clip, so some important details haven't been revealed. We do, however, know it is set to arrive sometime in 2022.

Read more of this story at Slashdot.

JoeyRox writes: Last week, a Reddit user reported that they weren't able to call 911 using their Pixel 3 and later said they were working with Google support to figure out the issue. Yesterday, Google announced what was causing the issue in a reply to the post: an "unintended interaction between the Microsoft Teams app and the underlying Android operating system." In its comment, Google says that the bug happens when someone is using Android 10 or later and has Teams installed but isn't logged into the app. The company says that Microsoft will be releasing an update to Teams "soon" to prevent the issue and that there's an update to Android coming January 4th.

Read more of this story at Slashdot.

Over 300,000 Android smartphone users have downloaded what turned out to be banking trojans after falling victim to malware that has bypassed detection by the Google Play app store. ZDNet reports: Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions that are advertised in order to avoid users getting suspicious. In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections. The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users -- researchers describe it as an "advanced" banking trojan that can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user's screen, while a keylogger allows attackers to record all information entered into the phone. [...] The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan that can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store. [...] The other two forms of malware that have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber-criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information. ThreatFabric has reported all of the malicious apps to Google and they've either already been removed or are under review.

Read more of this story at Slashdot.

Amid a heightened amount of scrutiny and tension surrounding the App Store and how users download and install apps on the iPhone, Apple CEO Tim Cook said today that customers who wish to sideload apps should consider purchasing an Android device as the experience offered by the iPhone maximizes their security and privacy. From a report: Speaking at The New York Times "DealBook" summit, Cook said that customers currently already have a choice between wanting a secure and protected platform or an ecosystem that allows for sideloading. "I think that people have that choice today, Andrew. If you want to sideload, you can buy an Android phone." Cook drew the comparison of sideloading to a carmaker selling a car without airbags or seatbelt, saying it would be "too risky." "I think that people have that choice today, Andrew, if you want to sideload, you can buy an Android phone. That choice exists when you go into the carrier shop. If that is important to you, then you should buy an Android phone. From our point of view, it would be like if I were an automobile manufacturer telling [a customer] not to put airbags and seat belts in the car. He would never think about doing this in today's time. It's just too risky to do that. And so it would not be an iPhone if it didn't maximize security and privacy," he said.

Read more of this story at Slashdot.

Netflix, the video-streaming giant, began its expected foray into video games with the introduction of five mobile games to its users worldwide, playable initially on Android devices. From a report: The titles are included in a Netflix subscription, and there'll be no advertising or additional purchases required, Mike Verdu, Netflix's vice president of game development, said Tuesday. The streaming company has targeted video games as its next big thing -- it's an industry that's larger than the movie and TV businesses. Players logging in will see a dedicated games row and tab where they can choose which titles to play. Games for Apple's iPhone are also planned. The initial offering includes titles linked to Netflix shows, such as Stranger Things: 1984 and Stranger Things 3: The Game. Also included are Shooting Hoops, Card Blast and Teeter Up.

Read more of this story at Slashdot.

"New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks," reports BleepingComputer. Cybersecurity company Lookout said on its blog that they'd spotted the malware on Google Play "and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store.... To protect Android users, Google promptly removed the app as soon as we notified them of the malware." We named the malware "AbstractEmu" after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads... This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years. As the Android ecosystem matures there are fewer exploits that affect a large number of devices, making them less useful for threat actors... By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances... AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device. "Apps bundling the malware included password managers and tools like data savers and app launchers," reports BleepingComputer, "all of them providing the functionality they promised to avoid raising suspicions..." Lookout's blog post said they'd spotted people affected by the malware in 17 different countries.

Read more of this story at Slashdot.

Today, Google has officially launched Android 12 for select Pixel devices. The Verge reports: It's available to install right now on Pixel 3 and up, including the Pixel 3A, Pixel 4, Pixel 4A, Pixel 4A 5G, the Pixel 5, and the Pixel 5A. It'll launch on the Pixel 6 and Pixel 6 Pro, as well. Android 12 will be coming later this year to Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices. The most noticeable feature in Android 12 is the new Material You design, which lets you go a little deeper to tweak the look of the homescreen to your liking. It's more expressive than previous versions of Android, with tools to let you coordinate colors that can extend across app icons, pull-down menus, widgets, and more. Speaking of widgets, many of those have been updated to match the new look, and Google shared today that by the end of October, it plans to have over a dozen new or refreshed widgets available for its first-party apps. Google has published a blog post detailing more features available in this release, including the "Pixel-first" features like Material You.

Read more of this story at Slashdot.

Apple said today that one of the reasons it does not allow app sideloading or the use of third-party app stores on iOS is because of privacy and security reasons, pointing to the fact that Android sees between 15 to 47 times more malware compared to its app ecosystem. The Record reports: Apple says that the reason its iOS devices are locked into the App Store as the only way to install applications is for security reasons, as this allows its security teams to scan applications for malicious content before they reach users. Apple cited statements from multiple sources (DHS, ENISA, Europol, Interpol, NIST, Kaspersky, Wandera, and Norton), all of which had previously warned users against installing apps from outside official app stores, a process known as app sideloading. Apple's report then goes on to list multiple malware campaigns targeting Android devices where the threat actors asked users to sideload malicious apps hosted on internet sites or third-party app stores. [...] The list includes a host of threats, such as mundane adware, dangerous ransomware, funds-stealing banking trojans, commercial spyware, and even nation-state malware, which Apple said threat actors have spread by exploiting the loophole in Android's app installation process that allows anyone to install apps from anywhere on the internet. Today's 31-page report (PDF) is the second iteration of the same report, with a first version (PDF) being published back in June, shortly after EU authorities announced their investigation.

Read more of this story at Slashdot.

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table. It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these. In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."

Read more of this story at Slashdot.

In a significant departure from previous years, Google today rolled out Android 12 to AOSP but did not launch any devices, including Pixel phones. "Today we're pushing the source to the Android Open Source Project (AOSP) and officially releasing the latest version of Android," [said Dave Burke, VP of Engineering, in a blog post. "Keep an eye out for Android 12 coming to a device near you starting with Pixel in the next few weeks and Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices later this year." 9to5Google reports: Traditionally, the AOSP launch of the next version of Android coincides with day one availability for Google phones. That is not the case this year, with Google only revealing that Pixel phones can expect an update in the "next few weeks." Google says over 225,000 people tested Android 12 over the course of the developer previews and betas. [...] Google officially highlights four Android 12 tentpoles for developers as part of today's AOSP availability. This starts with a "new UI for Android" that incorporates Material You (referred to today as "Material Design 3"), redesigned widgets, Notification UI updates, and App launch splash screens. In terms of "Performance," Google says it has "reduced the CPU time used by core system services by 22% and the use of big cores by 15%." We've also improved app startup times and optimized I/O for faster app loading, and for database queries we've improved CursorWindow by as much as 49x for large windows. "More responsive notifications" are achieved by restricting notification trampolines, with Google Photos launching 34% faster after this change. Other changes include Optimized foreground services, Performance classes for devices, and Faster machine learning. "Privacy" is led by the new Settings Dashboard, the ability to only grant apps Approximate location, and a new Nearby devices permission for setting up wearables and other smart home accessories without granting location access. There are also the microphone and camera indicators/toggles. Developers can take advantage of "Better user experience tools" like new APIs to better support rounded screen corners, rich content insertion, AVIF images, enhanced haptics, and new camera/sensor effects. There's also Compatible media transcoding, better debugging, and an Android 12 for Games push.

Read more of this story at Slashdot.