An anonymous reader quotes a report from SecurityWeek: Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before they are delivered to resellers, physical retail stores, and e-commerce warehouses, a backdoor was injected into their firmware. "Products known to contain the backdoor have been found on public school networks throughout the United States," Human says. Discovered in 2016, Triada is a modular trojan residing in a device's RAM, relying on the Zygote process to hook all applications on Android, actively using root privileges to substitute system files. Over time, the malware went through various iterations and was found pre-installed on low-cost Android devices on at least two occasions. As part of the BadBox operation that Human Security discovered, the infected low-cost Android devices allow threat actors to carry out various ad-fraud schemes, including one named PeachPit, which at its peak relied on 121,000 Android and 159,000 iOS devices infected with malware, and on 39 Android, iOS, and CTV-centric apps designed to connect to a fake supply-side platform (SSP). One of the modules delivered to the infected devices from the command-and-control (C&C) server allows the creation of WebViews that are fully hidden from the user, but which "are used to request, render, and click on ads, spoofing the ad requests to look like they're coming from certain apps, referred by certain websites, and rendered" on specific devices. BadBox, Human Security notes, also includes a residential proxy module that allows the threat actors to sell access to the victim's network. Furthermore, they can create WhatsApp messaging accounts and Gmail accounts they can then use for other malicious activities. "Finally, because of the backdoor's connection to C2 servers on BadBox-infected smartphones, tablets, and CTV boxes, new apps or code can be remotely installed by the threat actors without the device owner's permission. The threat actors behind BadBox could develop entirely new schemes and deploy them on BadBox-infected devices without any interaction from the devices' owners," Human notes.

Read more of this story at Slashdot.

Simon Sharwood writes via The Register: The Chinese manufacturer that took over IBM's PC business announced on Thursday that it's teamed with an outfit named Esper that specializes in custom cuts of Android, plus device management offerings. Android is most commonly used in handheld devices. Lenovo's taking it in an entirely different direction by making the ThinkCentre M70a: a desktop all-in-one. The first fruit of the collaboration with Esper, the ThinkCentre M70a boasts a 21 -- inch touch screen and offers a choice of 12th-gen Intel core CPUs from the Core i3 to the almost workstation-grade Core i9, at prices from $889 to beyond $1250. What could you do with Android on a Corei9, plus the maximum 16GB DDR4 3200MHz and 512GB PCIe SSD Lenovo's machines allow? Almost anything -- but Lenovo thinks its Android effort will first be appreciated by customers in the retail, hospitality, and healthcare industries. Esper pitches its wares as ideal for point-of-sale systems, kiosks, and digital signage -- environments where users don't need to access diverse apps but do need a machine that reliably boots into custom environments. Lenovo's not just doing desktop PCs. The number one PC maker by market share has promised it will also ship Esper's wares on the small form factor ThinkCentre M70q -- a machine designed to be bolted to the back of monitors. The ThinkEdge SE30 -- a ruggedized and fanless edge client -- will also have an Android option. So will the ThinkCentre M90n-1 IoT [PDF] -- another rugged client for edge applications.

Read more of this story at Slashdot.

Android 14 is out today, along with a new Pixel phone. The OS is shipping to supported Pixel devices now, which means the Pixel 4a (5G) and every variant of the Pixel 5, 6, and 7, plus the Fold and Tablet. From a report: The big feature this year is a somewhat customizable home screen. You can pick from several different lock screen clock styles and customize the two bottom app shortcuts. This feels like a response to iOS 16's lock screen widgets (a feature Android used to have back in the 4.2 days) but not nearly as customizable. It's honestly hard to highlight a second Android 14 feature because this is one of the smallest Android releases ever. The first feature Google mentions in its blog post is a new wallpaper picker. On the Pixel 8, Android now has a built-in text-to-image AI wallpaper maker, presumably a feature that lets the Android team adhere to Google's "mandatory AI" company mandate. There's also a new monochrome theme if you're tired of all those "Material You" colors.

Read more of this story at Slashdot.

Esper: Starting in Android 14, it may not be necessary to use a third-party app to turn your smartphone into a webcam for your PC, as that functionality is getting baked into the Android OS itself -- though there's a catch. When you plug an Android phone into a PC, you have the option to change the USB mode between file transfer/Android Auto (MTP), USB tethering (NCM), MIDI, or PTP. In Android 14, however, a new option can appear in USB Preferences: USB webcam. Selecting this option switches the USB mode to UVC (USB Video Class), provided the device supports it, turning your Android device into a standard USB webcam that other devices will recognize, including Windows, macOS, and Linux PCs, and possibly even other Android devices. Webcam support in Android 14 is not enabled out of the box, however. In order to enable it, four things are required: a Linux kernel config needs to be enabled, the UVC device needs to be configured, the USB HAL needs to be updated, and a new system app needs to be preloaded.

Read more of this story at Slashdot.

According to Android specialist Mishaal Rahman, Android miscalculates the storage space taken up by system components, leading to inflated system storage utilization and potentially misleading users. Chandraveer Mathur writes via Android Police. From the report: We usually rely on Android's storage utilization utility to find apps and files eating up storage space, so we can uninstall or delete them if required. However, Android specialist Mishaal Rahman discovered that Google's calculation of the space consumed by Android system components is flawed. He executed shell commands to create a 3GB file in the /data/media/0 storage directory, which isn't a file path used for Android system files. However, the phone's storage breakdown showed a marked 3GB increase under the System heading, suggesting the OS suddenly became bigger. This happens because Android calculates system storage as the space used up by anything other than what's covered by other categories in the storage breakdown, including audios, videos, images, documents, trash, and games. This means the System heading in the break doesn't just include Android system files. Android 14 also uses this dangerously flawed logic for calculating storage usage. Moreover, the Files app by Google also shows similar storage utilization by Android system components, perhaps because it uses the same incredulous attribution logic. By association, all other Android skins use flawed calculation of used storage space, but Samsung reportedly fixed this issue with the One UI 6 update. After running similar ADB commands as in the previous experiment, Rahman could confirm the increased utilization showed up under the Other files heading in the storage breakdown, instead of the System heading.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Russia's military intelligence unit has been targeting Ukrainian Android devices with "Infamous Chisel," the tracking name for new malware that's designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. "Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices," intelligence officials from the UK, US, Canada, Australia, and New Zealand wrote (PDF). "The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military." Infamous Chisel gains persistence by replacing the legitimate system component known as netd with a malicious version. Besides allowing Infamous Chisel to run each time a device is restarted, the malicious netd is also the main engine for the malware. It uses shell scripts and commands to collate and collect device information and also searches directories for files that have a predefined set of extensions. Depending on where on the infected device a collected file is located, netd sends it to Russian servers either immediately or once a day. When exfiltrating files of interest, Infamous Chisel uses the TLS protocol and a hard-coded IP and port. Use of the local IP address is likely a mechanism to relay the network traffic over a VPN or other secure channel configured on the infected device. This would allow the exfiltration traffic to blend in with expected encrypted network traffic. In the event a connection to the local IP and port fails, the malware falls back to a hard-coded domain that's resolved using a request to dns.google. Infamous Chisel also installs a version of the Dropbear SSH client that can be used to remotely access a device. The version installed has authentication mechanisms that have been modified from the original version to change the way users log in to an SSH session. [...] The report didn't say how the malware gets installed. In the advisory Ukraine's security service issued earlier this month (PDF), officials said that Russian personnel had "captured Ukrainian tablets on the battlefield, pursuing the aim to spread malware and abuse available access to penetrate the system." It's unclear if this was the vector.

Read more of this story at Slashdot.

According to a report from Technews Taiwan, ASUS has shut down its Zenfone division responsible for making some of the best compact Android flagships on the market. The reason is due to "internal restructuring." Employees in the Zenfone division are being moved over to the ROG Phone team and other parts of the business. Android Authority reports: The report further asserts that the Zenfone 10 will be the last phone in the Zenfone series. Since the team no longer exists, there is unlikely to be a successor to this phone. The report follows other incidents around Zenfone. Earlier in the month, ASUS stopped allowing bootloader unlocks for Zenfone owners. The company maintained that they are not stopping the possibility of unlocking, just that the tool is currently unavailable. A few weeks ago, community members also spotted that ASUS had removed older Zenfone firmwares from its website. Community moderators responded that ASUS no longer provides previous firmware versions or downgrade packages to ensure users remain on up-to-date firmware. Both of these incidents do not directly point to the shutdown of the Zenfone division. But they add the value of hindsight to the report, and we can't help but wonder if the writing was on the wall all this time.

Read more of this story at Slashdot.

The latest update to the Android Runtime (ART) -- the "engine behind the Android operating system (OS)" -- has resulted in app startup time "improvements of up to 30% on some devices," says Google. 9to5Google reports: Behind the scenes, "ART is the same for all devices" and: "The ART APEX module is a complex piece of software with an order of magnitude more APIs than any other APEX module. It also backs a quarter of the developer APIs available in the Android SDK. In addition, ART has a compiler that aims to make the most of the underlying hardware by generating chipset-specific instructions, such as Arm SVE." The testing process for Android Runtime updates involves "compiling over 18 million APKs and running app compatibility tests, and startup, performance, and memory benchmarks on a variety of Android devices that replicate the diversity of our ecosystem as closely as possible." There's then a very gradual rollout process. Google also notes developer improvements with every update "like OpenJDK improvements and compiler optimizations that benefit both Java and Kotlin," with ART 13 resulting in the "fastest-ever adoption of a new OpenJDK [11] release on Android devices." ART 14 is rolling out "in the coming months" with "new compiler and runtime optimizations that improve performance while reducing code size," as well as OpenJDK 17.

Read more of this story at Slashdot.

Scott DeVaney, writing at Mozilla blog: In the coming months Mozilla will launch support for an open ecosystem of extensions on Firefox for Android on addons.mozilla.org (AMO). We'll announce a definite launch date in early September, but it's safe to expect a roll-out before the year's end. Here's everything developers need to know to get their Firefox desktop extensions ready for Android usage and discoverability on AMO. For the past few years Firefox for Android officially supported a small subset of extensions while we focused our efforts on strengthening core Firefox for Android functionality and understanding the unique needs of mobile browser users. Today, Mozilla has built the infrastructure necessary to support an open extension ecosystem on Firefox for Android. We anticipate considerable user demand for more extensions on Firefox for Android, so why not start optimizing your desktop extension for mobile-use right away?

Read more of this story at Slashdot.

OpenAI has released ChatGPT for Android, months after launching the free iOS app for iPhones and iPads. You can download it in the Google Play Store. The Verge reports: According to a company tweet, it's available first in the US, India, Bangladesh, and Brazil, with other countries set to follow later, mimicking the staged rollout we saw for the iOS version. On July 27th, OpenAI announced additional availability, saying the Android ChatGPT app is now available in Argentina, Canada, France, Germany, Indonesia, Ireland, Japan, Mexico, Nigeria, the Philippines, the UK, and South Korea.

Read more of this story at Slashdot.

Google is changing the Play Store ranking algorithms to increase the visibility of apps that better support large screens. Google detailed the changes in a blog post: "Apps and games that adhere to our large screen app quality guidelines will now be ranked higher in search and Apps and Games Home. This helps users find apps that resize well, aren't letterboxed, and support both portrait and landscape orientations. Editors' Choice and other curated collections and articles will also consider these criteria going forward, creating new featuring opportunities for optimized apps." Ars Technica reports: The large-screen app guidelines have various tiers, but they recommend keyboard, mouse, and stylus support, a two-pane tablet layout, drag-and-drop support, and foldable display awareness. The post also reiterates some improvements that Google has already rolled out, like showing tablet screenshots to tablet users and downranking apps that crash a lot. The big news is that the search results will switch to a two-pane layout on big screens. The search result list will live on the left-hand side, and tapping on each result will load a details page on the right. Previously, the results page was a stretched-out phone interface, with results on the left and nothing on the right. It would be nice if the top charts got this two-pane design, too, but that hasn't changed yet. Google says these changes are "just the beginning of our journey in creating a tailored Play Store experience for large screens." So hopefully, Google's developers will follow Google's developer guidelines soon.

Read more of this story at Slashdot.

Which is better: iPhone or Android? Instagram head Adam Mosseri weighed in on the topic earlier this week, reigniting a debate that has waged on since the dawn of smartphones. From a report: "Android's now better than iOS," Mosseri posted in response to tech YouTuber Marques Brownlee, aka MKBHD, who had asked for people's best tech "hot takes." Mosseri didn't get into why he felt Android to be superior, but his use of the words "now better" implies that he may have previously felt Apple's iOS had the edge.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: No one in the Android ecosystem can hold a candle to Apple's software support timeline for the iPhone, but there is one company that comes the closest: Fairphone. Following in the footsteps of the Fairphone 2, the Fairphone 3 is also getting an Android-industry-best seven years of OS support. Fairphone continues to run circles around giant tech companies that have a lot more resources than it does, and it's doing this even in the face of component vendors like Qualcomm dropping support for the phone's core components. The company announced today that the Fairphone 3, which was released in 2019, has had its support extended to 2026, making for seven years of updates. The company also just released Android 13 for the Fairphone 3. Google's own 2019 phone, the Pixel 4, shut down support in October 2022. Fairphone strives to make sustainable smartphones, designing its products to be repairable and also offering replacement parts for sale online. Part of that sustainability mission is an absolutely herculean effort to keep the Android updates flowing, even when Qualcomm drops critical software support for the SoC. Fairphone says the Snapdragon 632 SoC in the Fairphone 3 was only supported up to Android 11, so continuing to support the Fairphone 3 meant doing the upgrades all by itself.

Read more of this story at Slashdot.

The new Nubia RedMagic 8S Pro+ features support for up to 24GB of RAM -- the same amount of RAM found in a 13-inch top-spec M2 MacBook Pro. Ars Technica reports: The base model of the RedMagic 8S Pro+ starts with 16GB of RAM, but GSMArena has pictures and details of the upgraded 24GB SKU, which is the most amount of memory ever in an Android phone. Because we're all about big numbers, it also comes with 1TB of storage. This suped-up 24GB version of the phone appears to be a China-exclusive, with the price at CNY 7,499 (about $1,034), which is a lot for a phone in China. Other specs include a new "Snapdragon 8+ Gen 2" variant, which appears to be the same higher-clocked version that Samsung gets for the S23. This runs at 3.36 GHz as opposed to the normal 3.2 GHz. There's a 6.8-inch, 120 Hz 2480x1116 OLED display and a 5000 mAh battery with a blazing-fast 165 W charging that can fully charge in 14 minutes. The display has an under-screen front camera, because selfies would just get in the way of gaming. The design is interesting -- it's just all right angles without a single smoothed-over edge on the entire phone. The sides are flat, the back is flat, and the corners are super tall, with almost no corner radius at all. In landscape mode, there are touch-sensitive shoulder buttons along the top edge for additional gaming controls, but it does not look comfortable to have to wrap your fingers around those hard corners. Just picture the smooth curves of an SNES controller compared to this thing -- even the example image does not look very comfortable. For color options, it comes in black, silver, or a clear back panel with a faux-mechanical design under it, just like a Nothing Phone. That little rainbow circle on the back is a spinning, 20,000 RPM blower fan that pushes heat out the side, so you'll presumably be gaming with cool temps for a long time. The phone is up for pre-order today in China and ships on July 11.

Read more of this story at Slashdot.

The Fairphone 4 -- a user-repairable smartphone built using ethically sourced materials -- is finally coming to the US, almost two years after it first debuted back in September 2021. The Verge reports: Fairphone is partnering with Murena, a company best known for de-Googling Android phones, to launch the US pilot of the Murena Fairphone 4 -- a variant of the handset that runs on a privacy-oriented Android-based operating system: /e/OS. There are two configurations available: one with 6GB of RAM and 128GB of storage for $599 and another with 8GB of RAM and 256GB of storage for $679. The storage of both models can be expanded via microSD, and the phone features a modular design that can be easily disassembled using a standard Phillips #00 screwdriver to replace broken components. It also has an IP54 rating, meaning the device is protected against dust and water sprays. The Murena Fairphone 4 will ship to US customers with 5G and dual SIM support, a removable 3905mAh battery, a 48-megapixel main camera, a 48-megapixel ultrawide, and a 25-megapixel selfie camera. The phones will be available to order exclusively from Murena's webstore starting today. The Murena Fairphone 4 also comes with the /e/ operating system preinstalled, which is described as a privacy-focused, Google-free mobile ecosystem for folks who want to avoid handing any data over to the search giant. Instead of the usual Google apps, the Fairphone 4 will come with a range of default Murena Cloud apps for things like email, calendar, and cloud storage as well as a dedicated app store that highlights the privacy ratings of each app to help users monitor how their online activity is being tracked. The Fairphone comes unlocked, but the press release mentions that T-Mobile and other operators based on T-Mobile's network are the only US carriers recommended to be used with the device. Fairphone is also providing an extended five-year warranty for the hardware, and /e/OS is similarly committed to fixing bugs and supporting security and feature updates for five years. The Murena version is the only Fairphone 4 model being introduced to the US, and there's no mention of the standard Android OS model joining it anytime soon.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Police forces in the UK are seeing a "record number" of false calls to 999, the UK's emergency services number, and the culprit is apparently Android. As the BBC reports, Android 12 added an easy-access feature for emergency services: just press the power button five times, and your phone will dial emergency services for you. That's apparently pretty easy to do accidentally when a phone is sitting in your pocket, or if you have a wonky power button, resulting in a surge of totally silent accidental calls to emergency dispatch. The National Police Chiefs Council tweeted earlier this month that "Nationally, all emergency services are currently experiencing record high 999 call volumes. There's a few reasons for this, but one we think is having a significant impact is an update to Android smartphones." The BBC report says one department "received 169 silent 999 calls between 00:00 and 19:00 BST on Sunday alone." In response to these most recent complaints, Google says it's working on a fix with Android OEMs. The funny thing is, Android 12 -- and this easy emergency call feature -- came out a year and a half ago. Thanks to the unique (uniquely bad) way that Android is rolled out, the feature is only now hitting enough people to become a national problem. Google's Pixel devices get new Android updates immediately, but everyone else can take months or years to get new versions of Android because it's up to your device manufacturer to make new, bespoke Android builds for every device they have ever released. When this landed on Pixel devices in 2021, it was immediately flagged as a problem by some people, with one Reddit post calling it "dangerous." Since then, there has been a steady stream of posts warning people about it. Until a patch comes out, Google's current recommendation is to turn the feature off. While Google developed the feature, it's up to the manufacturers to decide how and when the emergency SOS feature works. Google said in a statement: "To help these manufacturers prevent unintentional emergency calls on their devices, Android is providing them with additional guidance and resources. We anticipate device manufacturers will roll out updates to their users that address this issue shortly. Users that continue to experience this issue should switch Emergency SOS off for the next couple of days."

Read more of this story at Slashdot.

Researchers from Cisco's Talos security team have uncovered detailed information about Predator, a sophisticated spyware sold to governments worldwide, which can secretly record voice calls, collect data from apps like Signal and WhatsApp, and hide or disable apps on mobile devices. Ars Technica reports: An analysis Talos published on Thursday provides the most detailed look yet at Predator, a piece of advanced spyware that can be used against Android and iOS mobile devices. Predator is developed by Cytrox, a company that Citizen Lab has said is part of an alliance called Intellexa, "a marketing label for a range of mercenary surveillance vendors that emerged in 2019." Other companies belonging to the consortium include Nexa Technologies (formerly Amesys), WiSpear/Passitora Ltd., and Senpai. Last year, researchers with Google's Threat Analysis Group, which tracks cyberattacks carried out or funded by nation-states, reported that Predator had bundled five separate zero-day exploits in a single package and sold it to various government-backed actors. These buyers went on to use the package in three distinct campaigns. The researchers said Predator worked closely with a component known as Alien, which "lives inside multiple privileged processes and receives commands from Predator." The commands included recording audio, adding digital certificates, and hiding apps. [...] According to Talos, the backbone of the malware consists of Predator and Alien. Contrary to previous understandings, Alien is more than a mere loader of Predator. Rather, it actively implements the low-level capabilities that Predator needs to surveil its victims. "New analysis from Talos uncovered the inner workings of PREDATOR and the mechanisms it uses to communicate with the other spyware component deployed along with it known as 'ALIEN,'" Thursday's post stated. "Both components work together to bypass traditional security features on the Android operating system. Our findings reveal the extent of the interweaving of capabilities between PREDATOR and ALIEN, providing proof that ALIEN is much more than just a loader for PREDATOR as previously thought to be." In the sample Talos analyzed, Alien took hold of targeted devices by exploiting five vulnerabilities -- CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003, CVE-2021-1048 -- the first four of which affected Google Chrome, and the last Linux and Android. [...] The deep dive will likely help engineers build better defenses to detect the Predator spyware and prevent it from working as designed. Talos researchers were unable to obtain Predator versions developed for iOS devices.

Read more of this story at Slashdot.

A class-action lawsuit has been filed against DoorDash, alleging that the company uses deceptive and fraudulent practices to charge higher delivery fees to iPhone users compared to Android users. Ars Technica reports: The lawsuit (PDF), filed May 5 in the District of Maryland, came in hot. Plaintiff Ross Hecox, in addition to his two children and a presumptive class of similarly situated customers, briefly defines DoorDash as an online marketplace with 32 million users and billions of dollars in annual revenue. "Yet, DoorDash generates its revenues not only through heavy-handed tactics that take advantage of struggling merchants and a significant immigrant driver workforce, but also through deceptive, misleading, and fraudulent practices that illegally deprive consumers of millions, if not billions, of dollars annually," the suit adds. "This lawsuit details DoorDash's illegal pricing scheme and seeks to hold DoorDash accountable for its massive fraud on consumers, including one of the most vulnerable segments of society, minor children." Specifically, the suit claims that DoorDash misleads and defrauds customers by - Making its "Delivery Fee" seem related to distance or demand, even though none of it goes to the delivery person. - Offering an "Express" option that implies faster delivery, but then changing the wording to "Priority" in billing so it is not held to delivery times. - Charging an "Expanded Range Delivery" fee that seems based on distance but is really based on a restaurant's subscription level and demand. - Adding an undisclosed 99 cent "marketing fee," paid by the customer rather than the restaurant, to promote menu items that customers add to their carts. - Obscuring minimum order amounts attached to its "zero-fee" DashPass memberships and coupon offers. - Generally manipulating DashPass subscriptions to appear like substantial savings, when the company is "engineering" fees to seem reduced. One of the more interesting and provocative claims is that DoorDash's fees, based in part on "other factors," continually charge iPhone users of its app more than Android users placing the same orders. The plaintiffs and their law firm conducted a few tests of DoorDash's system, using different accounts to order the same food, from the same restaurant, at almost the same exact time, delivered to the same address, with the same account type, delivery speed, and tip. [...] The plaintiffs are asking for $1 billion in damages for those who "fell prey to DoorDash's illegal pricing" over the past four years. The suit also includes allegations that DoorDash improperly allows children to enter into contract with the company without proper vetting. "The claims put forward in the amended complaint are baseless and simply without merit," said a DoorDash spokesperson in a statement. "We ensure fees are disclosed throughout the customer experience, including on each restaurant storepage and before checkout. Building this trust is essential, and it's why the majority of delivery orders on our platform are placed by return customers. We will continue to strive to make our platform work even better for customers, and will vigorously fight these allegations."

Read more of this story at Slashdot.

"Multiple lines of Android devices came with preinstalled malware," reports Ars Technica, "that couldn't be removed without users taking heroic measures." Their article cites two reports released Thursday — one from Trend Micro and one from TechCrunch: Trend Micro researchers following up on a presentation delivered at the Black Hat security conference in Singapore reported that as many as 8.9 million phones comprising as many as 50 different brands were infected with malware... ["It's highly likely that more devices have been preinfected," the report clarified, "but have not exchanged communication with the Command & Control server, have not been used or activated by the threat actor, or have yet to be distributed to the targeted country or market... The threat actor has spread this malware over the last five years. "] "Guerrilla" opens a backdoor that causes infected devices to regularly communicate with a remote command-and-control server to check if there are any new malicious updates for them to install. These malicious updates collect data about the users that the threat actor, which Trend Micro calls the Lemon Group, can sell to advertisers. Guerrilla then surreptitiously installs aggressive ad platforms that can deplete battery reserves and degrade the user experience... Guerrilla is a massive platform with nearly a dozen plugins that can hijack users' WhatsApp sessions to send unwanted messages, establish a reverse proxy from an infected phone to use the network resources of the affected mobile device, and inject ads into legitimate apps... TechCrunch detailed several lines of Android-based TV boxes sold through Amazon that are laced with malware. The TV boxes, reported to be T95 models with an h616, report to a command-and-control server that, just like the Guerrilla servers, can install any application the malware creators want. The default malware preinstalled on the boxes is known as a clickbot. It generates advertising revenue by surreptitiously tapping on ads in the background... Android devices that come with malware straight out of the factory box are, unfortunately, nothing new. Ars has reported on such incidents at least five times in recent years (here, here, here, here, and here). All the affected models were in the budget tier. People in the market for an Android phone should steer toward known brands like Samsung, Asus, or OnePlus, which generally have much more reliable quality assurance controls on their inventory. To date, there have never been reports of higher-end Android devices coming with malware preinstalled. There are similarly no such reports for iPhones.

Read more of this story at Slashdot.

Google mistakenly released a test version of its Personal Safety app that includes a new feature called "Dashcam" on select Android devices. As the name suggests, it allows users to record video and audio while driving in the event of an accident or unexpected situation, with automatic recording triggered when connecting to a specific Bluetooth device and videos automatically deleted after three days unless saved. 9to5Google reports: Once available, the feature can be launched through a new "Dashcam" shortcut in the "Be prepared" section of the home page. Here, you can begin recording manually or view your recent videos. While Dashcam is recording, your phone is still fully usable, including for navigating with Google Maps. Alternatively, you can save power by locking your screen, and the recording will continue. More importantly, Google has built this feature to work without you needing to think much about it. When setting up, you can choose to have recordings begin automatically when you connect to a particular Bluetooth device (e.g., your car stereo or infotainment system) and end when you disconnect. To conserve storage space, your recordings are automatically deleted after three days unless you save them. Additionally, the app says that the videos themselves are compressed, averaging "30 MB per minute," with a maximum recording length of 24 hours. Overall, this feature seems to be impressively well thought out and looks essentially ready to launch. Using a smartphone as a dashcam also makes quite a bit of sense, as your phone probably has a better camera than some cheaper dashcams would offer. It's unclear if this feature will be available on other phones with Google's Personal Safety or exclusive to Pixel phones.

Read more of this story at Slashdot.