An anonymous reader quotes a report from Ars Technica: Android is slowly entering the RISC-V era. So far we've seen Google say it wants to give the up-and-coming CPU architecture "tier-1" support in Android, putting RISC-V on equal footing with Arm. Qualcomm has announced the first mass-market RISC-V Android chip, a still-untitled Snapdragon Wear chip for smartwatches. Now Google has announced a timeline for developer tools via the Google Open Source Blog. The last post is titled "Android and RISC-V: What you need to know to be ready." Getting the Android OS and app ecosystem to support a new architecture is going to take an incredible amount of work from Google and developers, and these tools are laying the foundation for that work. First up, Google already has the "Cuttlefish" virtual device emulator running, including a gif of it booting up. This isn't the official "Android Emulator" -- which is targeted at app developers doing app development -- Cuttlefish is a hardware emulator for Android OS development. It's the same idea as the Android Emulator but for the bottom half of the tech stack -- the kernel, framework, and hardware bits. Cuttlefish lets Google and other Android OS contributors work on a RISC-V Android build without messing with an individual RISC-V device. Google says it's working well enough now that you can download and emulate a RISC-V device today, though the company warns that nothing is optimized yet. The next step is getting the Android Emulator (for app developers) up and running, and Google says: "By 2024, the plan is to have emulators available publicly, with a full feature set to test applications for various device form factors!" The nice thing about Android is that most app code is written with no architecture in mind -- it's all just Java/Kotlin. So once the Android RunTime starts spitting out RISC-V code, a lot of app code should Just Work. That means most of the porting work will need to go into things written in the NDK, the native developer kit, like libraries and games. The emulator will still be great for testing, though.

Read more of this story at Slashdot.

Google says it'll issue a system update to fix a major storage bug in Android 14 that has caused some users to be locked out of their devices. Ars Technica reports: Apparently one more round of news reports was enough to get the gears moving at Google. Over the weekend the Issue tracker bug has been kicked up from a mid-level "P2" priority to "P0," the highest priority on the issue tracker. The bug has been assigned to someone now, and Googlers have jumped into the thread to make official statements that Google is looking into the matter. Here's the big post from Google on the bug tracker [...]. The highlights here are that Google says the bug affects devices with multiple Android users, not multiple Google accounts or (something we thought originally) users with work profiles. Setting up multiple users means going to the system settings, then "Multiple users," then "Allow multiple users," and you can add a user other than the default one. If you do this, you'll have a user switcher at the bottom of the quick settings. Multiple users all have separate data, separate apps, and separate Google accounts. Child users are probably the most popular reason to use this feature since you can lock kids out of things, like purchasing apps. Shipping a Google Play system update as a quick Band-Aid is an interesting solution, but as Google's post suggests, this doesn't mean the problem is fixed. Play system updates (these are alternatively called Project Mainline or APEX modules) allow Google to update core system components via the Play Store, but they are really not meant for critical fixes. The big problem is that the Play system updates don't aggressively apply themselves or even let you know they have been downloaded. They just passively, silently wait for a reboot to happen so they can apply. For Pixel users, it feels like the horse has already left the barn anyway -- like most Pixel phones have automatically applied the nearly 13-day-old update by now. Users can force Play system updates to happen themselves by going to the system settings, then "Security & Privacy," then "System & updates," then "Google Play system update." If you have an update, you'll be prompted to reboot the phone. Also note that this differs from the usual OS update checker location, which is in system settings, then "System," then "System update." The system update screen will happily tell you "Your system is up to date" even if you have a pending Google Play system update. It would be great to have a single location for OS updates, Google Play System/Mainline updates, and app updates, but they are scattered everywhere and give conflicting "up to date" messages.

Read more of this story at Slashdot.

An anonymous reader quotes a report from OPP.Today: Android 14, the latest operating system from Google, is facing a major storage bug that is causing users to be locked out of their devices. This issue is particularly affecting users who utilize the "multiple profiles" feature. Reports suggest that the bug is comparable to being hit with "ransomware," as users are unable to access their device storage. Initially, it was believed that this bug was limited to the Pixel 6, but it has since been discovered that it impacts a wider range of devices upgrading to Android 14. This includes the Pixel 6, 6a, 7, 7a, Pixel Fold, and Pixel Tablet. The Google issue tracker for this bug has garnered over 350 replies, but there has been no response from Google so far. The bug has been assigned the medium priority level of "P2" and remains unassigned, indicating that no one is actively investigating it. Users who have encountered this storage bug have shared log files containing concerning messages such as "Failed to open directory /data/media/0: Structure needs cleaning." This issue leads to various problematic situations, with some users experiencing boot loops, others stuck on a "Pixel is starting..." message, and some unable to take screenshots or access their camera app due to the lack of storage. Users are also unable to view files on their devices from a PC over USB, and the System UI and Settings repeatedly crash. Essentially, without storage, the device becomes practically unusable. Android's user-profile system, designed to accommodate multiple users and separate work and personal profiles, appears to be the cause of this rarely encountered bug. Users have reported that the primary profile, which is typically the most important one, becomes locked out.

Read more of this story at Slashdot.

Ron Amadeo reports via Ars Technica: To help combat the surge of sideloaded malware, Google Play can now pop up a malware scanner at install time if it decides the app you're trying to sideload is interesting. Google Play's malware system, called "Google Play Protect," has always been able to check sideloaded apps for malware, but it used faster techniques like a definition file, and this happened quietly in the background. This new technique will delay your app installation with a full-screen "scanning" interface while Google runs a deep scan of the app code. Google's blog post says this is "real-time scanning at the code-level to combat novel malicious apps" and that Google Play Protect can "recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats." The scan will involve sending bits and pieces of the app to Google for analysis. Google says: "Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection." [...] Google is first rolling this feature out in India -- a country that topped the malware distribution charts in that 2018 report -- with the company saying the feature "will expand to all regions in the coming months."

Read more of this story at Slashdot.

The Android ecosystem is hurtling toward a RISC-V future. From a report: The puzzle pieces for the up-and-coming CPU architecture started falling into place this past year when Google announced official RISC-V support in Android and plans to make it a "tier 1 platform" on equal footing with Arm. With the OS support underway, what we need now is hardware, and Qualcomm is stepping up to announce the first-ever mass-market RISC-V Android SoC. It doesn't have a name yet, but Qualcomm says it's developing a "RISC-V Snapdragon Wear" chip in collaboration with Google. The company says it plans to "commercialize the RISC-V based wearables solution globally including the US." For Google and Qualcomm, this chip represents everyone's first swing at a commercial RISC-V Android project, and as far as we can tell, it's the first announced mass-market RISC-V Android chip ever. Qualcomm says the groundwork it and Google lay out "will help pave the way for more products within the Android ecosystem to take advantage of custom CPUs that are low power and high performance." RISC-V represents a big threat to the Arm CPU architecture that currently dominates all mobile devices. RISC-V architecture is open source, which can make it cheaper and more flexible than Arm. If companies want to design their own chips, they can do that without paying a licensing fee to Arm. Since the architecture is open source, it's possible to create a fully open source chip. If you're a chip-design firm, you can make your own proprietary chip designs and license them, making you a competitor to Arm's chip-design business. RISC-V is also a way to sidestep all of the various problems with Arm.

Read more of this story at Slashdot.

Keumars Afifi-sabet reports via TechRadar: Lenovo has the green light to see a portfolio of new enterprise-focused devices powered by Esper Foundation -- a custom Android operating system -- and bundled with a complementary mobile device management (MDM) platform. The firm's first device running Esper Foundation is the Lenovo ThinkCentre M70a, an all-in-one desktop PC fitted with an up to 12th-Gen Intel Core i9 CPU, alongside 16GB DDR4 RAM and up to 512GB SSD. It'll be followed by the Lenovo ThinkCentre M70q, M90n-1 IoT, and the ThinkEdge SE30 v2 machines by the end of 2023. Esper Foundation is based on Android 11 and has customizable branding, peripheral compatibility, quarterly security patches, and three years of support. The MDM system, meanwhile, remotely deploys, manages, and updates devices from a single view. By integrating a custom version of Android in its PCs, Lenovo is banking on the Esper Foundation OS appealing to businesses as an alternative to Windows, as well as Google's own ChromeOS. With platforms like Esper's, there may well be a means to find a rival to compete with Windows in the enterprise, particularly in highly niche industries such as the retail, hospitality, and healthcare industries -- at which Esper Foundation is directed. "This collaboration is another step forward in Lenovo's drive to meet changing customer demand across retail, hospitality, healthcare, and other industries," said Johanny Payero, Lenovo's director of global advanced solutions marketing and strategy. "Dedicated devices are proliferating across several key industries, and our new joint solution with Esper allows us to deliver the best of Android with the consistency and predictability of Lenovo's x86 devices."

Read more of this story at Slashdot.

Since 2012, Google Pixel phones have had a Photo Sphere Mode, allowing users to capture 360-degree images. Now, according to Android Authority, Google has dropped the feature from the Pixel 8 series with no explanation given. From the report: Photo Sphere Mode allowed you to capture panoramic 360-degree pictures by stitching multiple images together. The feature was first introduced back in 2012 on the Nexus 4 and persisted well into the Pixel era, with the likes of the Pixel Fold and Pixel 7a still offering it. The act of capturing a Photo Sphere wasn't exactly seamless owing to the sheer number of images required, although it had an admittedly intuitive UI. Significant stitching issues and exposure/white balance differences were also very common. We're therefore not surprised Google has decided to drop the feature. Even without taking the aforementioned issues into account, the mode's utility seemed limited beyond some scenarios like mapping purposes (e.g. viewing environments in Google Maps) and VR. In saying so, we hope the company rebounds with a more polished take on 360-degree photos in the future.

Read more of this story at Slashdot.

An anonymous reader quotes a report from SecurityWeek: Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before they are delivered to resellers, physical retail stores, and e-commerce warehouses, a backdoor was injected into their firmware. "Products known to contain the backdoor have been found on public school networks throughout the United States," Human says. Discovered in 2016, Triada is a modular trojan residing in a device's RAM, relying on the Zygote process to hook all applications on Android, actively using root privileges to substitute system files. Over time, the malware went through various iterations and was found pre-installed on low-cost Android devices on at least two occasions. As part of the BadBox operation that Human Security discovered, the infected low-cost Android devices allow threat actors to carry out various ad-fraud schemes, including one named PeachPit, which at its peak relied on 121,000 Android and 159,000 iOS devices infected with malware, and on 39 Android, iOS, and CTV-centric apps designed to connect to a fake supply-side platform (SSP). One of the modules delivered to the infected devices from the command-and-control (C&C) server allows the creation of WebViews that are fully hidden from the user, but which "are used to request, render, and click on ads, spoofing the ad requests to look like they're coming from certain apps, referred by certain websites, and rendered" on specific devices. BadBox, Human Security notes, also includes a residential proxy module that allows the threat actors to sell access to the victim's network. Furthermore, they can create WhatsApp messaging accounts and Gmail accounts they can then use for other malicious activities. "Finally, because of the backdoor's connection to C2 servers on BadBox-infected smartphones, tablets, and CTV boxes, new apps or code can be remotely installed by the threat actors without the device owner's permission. The threat actors behind BadBox could develop entirely new schemes and deploy them on BadBox-infected devices without any interaction from the devices' owners," Human notes.

Read more of this story at Slashdot.

Simon Sharwood writes via The Register: The Chinese manufacturer that took over IBM's PC business announced on Thursday that it's teamed with an outfit named Esper that specializes in custom cuts of Android, plus device management offerings. Android is most commonly used in handheld devices. Lenovo's taking it in an entirely different direction by making the ThinkCentre M70a: a desktop all-in-one. The first fruit of the collaboration with Esper, the ThinkCentre M70a boasts a 21 -- inch touch screen and offers a choice of 12th-gen Intel core CPUs from the Core i3 to the almost workstation-grade Core i9, at prices from $889 to beyond $1250. What could you do with Android on a Corei9, plus the maximum 16GB DDR4 3200MHz and 512GB PCIe SSD Lenovo's machines allow? Almost anything -- but Lenovo thinks its Android effort will first be appreciated by customers in the retail, hospitality, and healthcare industries. Esper pitches its wares as ideal for point-of-sale systems, kiosks, and digital signage -- environments where users don't need to access diverse apps but do need a machine that reliably boots into custom environments. Lenovo's not just doing desktop PCs. The number one PC maker by market share has promised it will also ship Esper's wares on the small form factor ThinkCentre M70q -- a machine designed to be bolted to the back of monitors. The ThinkEdge SE30 -- a ruggedized and fanless edge client -- will also have an Android option. So will the ThinkCentre M90n-1 IoT [PDF] -- another rugged client for edge applications.

Read more of this story at Slashdot.

Android 14 is out today, along with a new Pixel phone. The OS is shipping to supported Pixel devices now, which means the Pixel 4a (5G) and every variant of the Pixel 5, 6, and 7, plus the Fold and Tablet. From a report: The big feature this year is a somewhat customizable home screen. You can pick from several different lock screen clock styles and customize the two bottom app shortcuts. This feels like a response to iOS 16's lock screen widgets (a feature Android used to have back in the 4.2 days) but not nearly as customizable. It's honestly hard to highlight a second Android 14 feature because this is one of the smallest Android releases ever. The first feature Google mentions in its blog post is a new wallpaper picker. On the Pixel 8, Android now has a built-in text-to-image AI wallpaper maker, presumably a feature that lets the Android team adhere to Google's "mandatory AI" company mandate. There's also a new monochrome theme if you're tired of all those "Material You" colors.

Read more of this story at Slashdot.

Esper: Starting in Android 14, it may not be necessary to use a third-party app to turn your smartphone into a webcam for your PC, as that functionality is getting baked into the Android OS itself -- though there's a catch. When you plug an Android phone into a PC, you have the option to change the USB mode between file transfer/Android Auto (MTP), USB tethering (NCM), MIDI, or PTP. In Android 14, however, a new option can appear in USB Preferences: USB webcam. Selecting this option switches the USB mode to UVC (USB Video Class), provided the device supports it, turning your Android device into a standard USB webcam that other devices will recognize, including Windows, macOS, and Linux PCs, and possibly even other Android devices. Webcam support in Android 14 is not enabled out of the box, however. In order to enable it, four things are required: a Linux kernel config needs to be enabled, the UVC device needs to be configured, the USB HAL needs to be updated, and a new system app needs to be preloaded.

Read more of this story at Slashdot.

According to Android specialist Mishaal Rahman, Android miscalculates the storage space taken up by system components, leading to inflated system storage utilization and potentially misleading users. Chandraveer Mathur writes via Android Police. From the report: We usually rely on Android's storage utilization utility to find apps and files eating up storage space, so we can uninstall or delete them if required. However, Android specialist Mishaal Rahman discovered that Google's calculation of the space consumed by Android system components is flawed. He executed shell commands to create a 3GB file in the /data/media/0 storage directory, which isn't a file path used for Android system files. However, the phone's storage breakdown showed a marked 3GB increase under the System heading, suggesting the OS suddenly became bigger. This happens because Android calculates system storage as the space used up by anything other than what's covered by other categories in the storage breakdown, including audios, videos, images, documents, trash, and games. This means the System heading in the break doesn't just include Android system files. Android 14 also uses this dangerously flawed logic for calculating storage usage. Moreover, the Files app by Google also shows similar storage utilization by Android system components, perhaps because it uses the same incredulous attribution logic. By association, all other Android skins use flawed calculation of used storage space, but Samsung reportedly fixed this issue with the One UI 6 update. After running similar ADB commands as in the previous experiment, Rahman could confirm the increased utilization showed up under the Other files heading in the storage breakdown, instead of the System heading.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Russia's military intelligence unit has been targeting Ukrainian Android devices with "Infamous Chisel," the tracking name for new malware that's designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. "Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices," intelligence officials from the UK, US, Canada, Australia, and New Zealand wrote (PDF). "The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military." Infamous Chisel gains persistence by replacing the legitimate system component known as netd with a malicious version. Besides allowing Infamous Chisel to run each time a device is restarted, the malicious netd is also the main engine for the malware. It uses shell scripts and commands to collate and collect device information and also searches directories for files that have a predefined set of extensions. Depending on where on the infected device a collected file is located, netd sends it to Russian servers either immediately or once a day. When exfiltrating files of interest, Infamous Chisel uses the TLS protocol and a hard-coded IP and port. Use of the local IP address is likely a mechanism to relay the network traffic over a VPN or other secure channel configured on the infected device. This would allow the exfiltration traffic to blend in with expected encrypted network traffic. In the event a connection to the local IP and port fails, the malware falls back to a hard-coded domain that's resolved using a request to dns.google. Infamous Chisel also installs a version of the Dropbear SSH client that can be used to remotely access a device. The version installed has authentication mechanisms that have been modified from the original version to change the way users log in to an SSH session. [...] The report didn't say how the malware gets installed. In the advisory Ukraine's security service issued earlier this month (PDF), officials said that Russian personnel had "captured Ukrainian tablets on the battlefield, pursuing the aim to spread malware and abuse available access to penetrate the system." It's unclear if this was the vector.

Read more of this story at Slashdot.

According to a report from Technews Taiwan, ASUS has shut down its Zenfone division responsible for making some of the best compact Android flagships on the market. The reason is due to "internal restructuring." Employees in the Zenfone division are being moved over to the ROG Phone team and other parts of the business. Android Authority reports: The report further asserts that the Zenfone 10 will be the last phone in the Zenfone series. Since the team no longer exists, there is unlikely to be a successor to this phone. The report follows other incidents around Zenfone. Earlier in the month, ASUS stopped allowing bootloader unlocks for Zenfone owners. The company maintained that they are not stopping the possibility of unlocking, just that the tool is currently unavailable. A few weeks ago, community members also spotted that ASUS had removed older Zenfone firmwares from its website. Community moderators responded that ASUS no longer provides previous firmware versions or downgrade packages to ensure users remain on up-to-date firmware. Both of these incidents do not directly point to the shutdown of the Zenfone division. But they add the value of hindsight to the report, and we can't help but wonder if the writing was on the wall all this time.

Read more of this story at Slashdot.

The latest update to the Android Runtime (ART) -- the "engine behind the Android operating system (OS)" -- has resulted in app startup time "improvements of up to 30% on some devices," says Google. 9to5Google reports: Behind the scenes, "ART is the same for all devices" and: "The ART APEX module is a complex piece of software with an order of magnitude more APIs than any other APEX module. It also backs a quarter of the developer APIs available in the Android SDK. In addition, ART has a compiler that aims to make the most of the underlying hardware by generating chipset-specific instructions, such as Arm SVE." The testing process for Android Runtime updates involves "compiling over 18 million APKs and running app compatibility tests, and startup, performance, and memory benchmarks on a variety of Android devices that replicate the diversity of our ecosystem as closely as possible." There's then a very gradual rollout process. Google also notes developer improvements with every update "like OpenJDK improvements and compiler optimizations that benefit both Java and Kotlin," with ART 13 resulting in the "fastest-ever adoption of a new OpenJDK [11] release on Android devices." ART 14 is rolling out "in the coming months" with "new compiler and runtime optimizations that improve performance while reducing code size," as well as OpenJDK 17.

Read more of this story at Slashdot.

Scott DeVaney, writing at Mozilla blog: In the coming months Mozilla will launch support for an open ecosystem of extensions on Firefox for Android on addons.mozilla.org (AMO). We'll announce a definite launch date in early September, but it's safe to expect a roll-out before the year's end. Here's everything developers need to know to get their Firefox desktop extensions ready for Android usage and discoverability on AMO. For the past few years Firefox for Android officially supported a small subset of extensions while we focused our efforts on strengthening core Firefox for Android functionality and understanding the unique needs of mobile browser users. Today, Mozilla has built the infrastructure necessary to support an open extension ecosystem on Firefox for Android. We anticipate considerable user demand for more extensions on Firefox for Android, so why not start optimizing your desktop extension for mobile-use right away?

Read more of this story at Slashdot.

OpenAI has released ChatGPT for Android, months after launching the free iOS app for iPhones and iPads. You can download it in the Google Play Store. The Verge reports: According to a company tweet, it's available first in the US, India, Bangladesh, and Brazil, with other countries set to follow later, mimicking the staged rollout we saw for the iOS version. On July 27th, OpenAI announced additional availability, saying the Android ChatGPT app is now available in Argentina, Canada, France, Germany, Indonesia, Ireland, Japan, Mexico, Nigeria, the Philippines, the UK, and South Korea.

Read more of this story at Slashdot.

Google is changing the Play Store ranking algorithms to increase the visibility of apps that better support large screens. Google detailed the changes in a blog post: "Apps and games that adhere to our large screen app quality guidelines will now be ranked higher in search and Apps and Games Home. This helps users find apps that resize well, aren't letterboxed, and support both portrait and landscape orientations. Editors' Choice and other curated collections and articles will also consider these criteria going forward, creating new featuring opportunities for optimized apps." Ars Technica reports: The large-screen app guidelines have various tiers, but they recommend keyboard, mouse, and stylus support, a two-pane tablet layout, drag-and-drop support, and foldable display awareness. The post also reiterates some improvements that Google has already rolled out, like showing tablet screenshots to tablet users and downranking apps that crash a lot. The big news is that the search results will switch to a two-pane layout on big screens. The search result list will live on the left-hand side, and tapping on each result will load a details page on the right. Previously, the results page was a stretched-out phone interface, with results on the left and nothing on the right. It would be nice if the top charts got this two-pane design, too, but that hasn't changed yet. Google says these changes are "just the beginning of our journey in creating a tailored Play Store experience for large screens." So hopefully, Google's developers will follow Google's developer guidelines soon.

Read more of this story at Slashdot.

Which is better: iPhone or Android? Instagram head Adam Mosseri weighed in on the topic earlier this week, reigniting a debate that has waged on since the dawn of smartphones. From a report: "Android's now better than iOS," Mosseri posted in response to tech YouTuber Marques Brownlee, aka MKBHD, who had asked for people's best tech "hot takes." Mosseri didn't get into why he felt Android to be superior, but his use of the words "now better" implies that he may have previously felt Apple's iOS had the edge.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: No one in the Android ecosystem can hold a candle to Apple's software support timeline for the iPhone, but there is one company that comes the closest: Fairphone. Following in the footsteps of the Fairphone 2, the Fairphone 3 is also getting an Android-industry-best seven years of OS support. Fairphone continues to run circles around giant tech companies that have a lot more resources than it does, and it's doing this even in the face of component vendors like Qualcomm dropping support for the phone's core components. The company announced today that the Fairphone 3, which was released in 2019, has had its support extended to 2026, making for seven years of updates. The company also just released Android 13 for the Fairphone 3. Google's own 2019 phone, the Pixel 4, shut down support in October 2022. Fairphone strives to make sustainable smartphones, designing its products to be repairable and also offering replacement parts for sale online. Part of that sustainability mission is an absolutely herculean effort to keep the Android updates flowing, even when Qualcomm drops critical software support for the SoC. Fairphone says the Snapdragon 632 SoC in the Fairphone 3 was only supported up to Android 11, so continuing to support the Fairphone 3 meant doing the upgrades all by itself.

Read more of this story at Slashdot.