The NFC Forum has revealed a roadmap for NFC technology that extends from now to 2028. The roadmap outlines five key initiatives for the direction of the technology over the next two to five years, including increasing the range of NFC connections, increasing wireless charging over NFC, enabling multiple-purpose taps, giving NFC-enabled smartphones Point-of-Sale functionality, and the ability to share how products should be recycled. Android Authority reports: Currently, NFC connections only work at a distance of 5mm. However, the NFC Forum wants to extend this distance by four to six times. Not only would this allow contactless payments to become truly contactless, but it would also make transactions faster and easier. Even a modest change is said to be enough to reduce the precision needed to align the antenna. Improving the range was far from the only matter the collective was looking into. The group shared that it wanted to increase wireless charging over NFC from 1W to 3W. Doing so would allow for wireless power and charging in smaller devices. It could even allow the creation of new applications previously left unexplored.

Another initiative is to enable multiple-purpose taps. This would reportedly make supporting several actions with a single tap possible. Additionally, the group mentioned giving NFC-enabled smartphones Point-of-Sale functionality and the ability to share how products should be recycled.

An anonymous reader quotes a report from Ars Technica: Police forces in the UK are seeing a "record number" of false calls to 999, the UK's emergency services number, and the culprit is apparently Android. As the BBC reports, Android 12 added an easy-access feature for emergency services: just press the power button five times, and your phone will dial emergency services for you. That's apparently pretty easy to do accidentally when a phone is sitting in your pocket, or if you have a wonky power button, resulting in a surge of totally silent accidental calls to emergency dispatch.

The National Police Chiefs Council tweeted earlier this month that "Nationally, all emergency services are currently experiencing record high 999 call volumes. There's a few reasons for this, but one we think is having a significant impact is an update to Android smartphones." The BBC report says one department "received 169 silent 999 calls between 00:00 and 19:00 BST on Sunday alone." In response to these most recent complaints, Google says it's working on a fix with Android OEMs.

The funny thing is, Android 12 -- and this easy emergency call feature -- came out a year and a half ago. Thanks to the unique (uniquely bad) way that Android is rolled out, the feature is only now hitting enough people to become a national problem. Google's Pixel devices get new Android updates immediately, but everyone else can take months or years to get new versions of Android because it's up to your device manufacturer to make new, bespoke Android builds for every device they have ever released. When this landed on Pixel devices in 2021, it was immediately flagged as a problem by some people, with one Reddit post calling it "dangerous." Since then, there has been a steady stream of posts warning people about it. Until a patch comes out, Google's current recommendation is to turn the feature off. While Google developed the feature, it's up to the manufacturers to decide how and when the emergency SOS feature works. Google said in a statement: "To help these manufacturers prevent unintentional emergency calls on their devices, Android is providing them with additional guidance and resources. We anticipate device manufacturers will roll out updates to their users that address this issue shortly. Users that continue to experience this issue should switch Emergency SOS off for the next couple of days."

A government panel in Japan drew up a set of regulations aimed at opening up the smartphone app stores of U.S. technology giants Apple and Google to competition. From a report: The two companies dominating the smartphone operating system market will be obliged to allow their users to download apps by using services other than their own app stores. The government hopes that the move will spur competition and lead to app price drops. The smartphone OS market is occupied almost entirely by Apple's iOS and Google's Android. The companies control how apps are installed and paid for on their iPhones and Android devices.

The government will create a list of what OS providers must not do in order to stop them favoring their own services and payment platforms. The regulations were drawn up at the government's headquarters for digital market competition, headed by Chief Cabinet Secretary Hirokazu Matsuno. The government aims to submit relevant legislation to the next year's ordinary session of parliament. Apple makes it impossible for iPhone users to download apps without using its App Store. Of Android users, 97% download apps through the Google Play store, although Google does not require them to do so.

Sony says it has started testing the ability to stream PS5 games from the cloud. The PlayStation maker says it's testing cloud streaming for PS5 games and is planning to add this as a feature to its PlayStation Plus Premium subscription. From a report: "We're currently testing cloud streaming for supported PS5 games -- this includes PS5 titles from the PlayStation Plus Game Catalog and Game Trials, as well as supported digital PS5 titles that players own," says Nick Maguire, VP of global services, global sales, and business operations at Sony Interactive Entertainment. "When this feature launches, cloud game streaming for supported PS5 titles will be available for use directly on your PS5 console." A cloud feature for PS5 games would mean you'll no longer have to download games to your console to stream them to other devices. Sony currently supports streaming PS5 games to PCs, Macs, and iOS and Android devices, but you have to use your PS5 as the host to download and stream titles to your other devices.

What Iran's military called "the first product of the quantum processing algorithm" of the Naval university appears to be a stock development board, available widely online for around $600. Motherboard reports: According to multiple state-linked news agencies in Iran, the computer will help Iran detect disturbances on the surface of water using algorithms. Iranian Rear Admiral Habibollah Sayyari showed off the board during the ceremony and spoke of Iran's recent breakthroughs in the world of quantum technology. The touted quantum device appears to be a development board manufactured by a company called Diligent. The brand "ZedBoard" appears clearly in pictures. According to the company's website, the ZedBoard has everything the beginning developer needs to get started working in Android, Linux, and Windows. It does not appear to come with any of the advanced qubits that make up a quantum computer, and suggested uses include "video processing, reconfigurable computing, motor control, software acceleration," among others.

"I'm sure this board can work perfectly for people with more advanced [Field Programmable Gate Arrays] experience, however, I am a beginner and I can say that this is also a good beginner-friendly board," said one review on Diligent's website. Those interested in the board can buy one on Amazon for $589. It's impossible to know if Iran has figured out how to use off-the-shelf dev boards to make quantum algorithms, but it's not likely.

Google has reversed the suspension of an Android TV app that was hit with a copyright complaint simply because it is able to load a pirate website that can also be loaded in any standard web browser. From a report: The Downloader app, which combines a web browser with a file manager, is back in the Google Play Store after an absence of nearly three weeks. As we previously reported, Google suspended the app based on a Digital Millennium Copyright Act (DMCA) complaint from several Israeli TV companies that said the app "allows users to view the infamous copyright infringing website known as SDAROT." But that same website could be viewed on any standard browser, including Google's own Chrome app.

"The app was removed on May 19th due to the DMCA takedown request," developer Elias Saba wrote in a blog post today. "Instead of recognizing the absurdity of the claim that a web browser is somehow liable for all the unauthorized use of copyrighted content on the Internet, Google took a backseat and denied my appeal to have the app reinstated." The free app has been downloaded over 5 million times on Google Play and is available on the Amazon app store for devices such as Fire TVs. In addition to the rejected appeal, Saba filed a DMCA counter notification with Google. That "started a 10-business-day countdown for the [TV companies'] law firm to file legal actions against me," Saba wrote today. "Due to the app being removed on a Friday and the Memorial Day holiday, 10 business days had elapsed with no word from the law firm on June 6th and I contacted Google to have the app reinstated."

Google's aiming to make it easier to use and secure passwords -- at least, for users of the Password Manager tool built into its Chrome browser. From a report: Today, the tech giant announced that Password Manager, which generates unique passwords and autofills them across platforms, will soon gain biometric authentication on PC. (Android and iOS have had biometric authentication for some time.) When enabled, it'll require an additional layer of security, like fingerprint recognition or facial recognition, before Chrome autofills passwords.

Exactly which types of biometrics are available in Password Manager on desktop will depend on the hardware attached to the PC, of course (e.g. a fingerprint reader), as well as whether the PC's operating system supports it. Beyond "soon," Google didn't say when to expect the feature to arrive.

United Airlines is set to introduce the next-generation Astrove in-flight entertainment system, featuring Panasonic's 4K OLED TVs, with larger screens and thinner bezels than current models. The system also offers Bluetooth 5.0 connectivity, allowing passengers to use their own wireless headphones, and includes two 67W USB-C chargers for charging mobile devices. However, these new entertainment systems will only be available on United's new Airbus A321XLRs and Boeing 787s starting in 2025. Android Headlines reports: The new Astrova System does also have two 67W USB-C chargers available on the bottom-left edge. This means you can use it to charge your phone as well as your laptop or tablet at the same time. So that when you land, you have fully juiced devices. This is all being done to create a "premium home theater environment."

Minecraft: Bedrock Edition is now available for Chromebooks, Google announced on Wednesday, following the launch of an early access version in March. From a report: The official Chromebook release makes the game even more widely available -- and thanks to included crossplay functionality, you can play with your friends on other platforms. You can get the game now on the Play Store for ChromeOS. It costs $19.99 in a bundle that comes with the Android version, but if you already have the Android version, you can upgrade to the Chromebook version for $13. Google says Minecraft on Chromebooks will work with all Chromebooks released "in the last three years," and you can see minimum and recommended specs on a Minecraft support site.

An anonymous reader quotes a report from Ars Technica: On Tuesday, a Reddit user named "nhciao" posted a series of artistic QR codes created using the Stable Diffusion AI image-synthesis model that can still be read as functional QR codes by smartphone camera apps. The functional pieces reflect artistic styles in anime and Asian art. [...] In this case, despite the presence of intricate AI-generated designs and patterns in the images created by nhciao, we've found that smartphone camera apps on both iPhone and Android are still able to read these as functional QR codes. If you have trouble reading them, try backing your camera farther away from the images.

Stable Diffusion is an AI-powered image-synthesis model released last year that can generate images based on text descriptions. It can also transform existing images using a technique called "img2img." The creator did not detail the exact technique used to create the novel codes in English, but based on this blog post and the title of the Reddit post ("ControlNet for QR Code"), they apparently trained several custom Stable Diffusion ControlNet models (plus LoRA fine tunings) that have been conditioned to create different-styled results. Next, they fed existing QR codes into the Stable Diffusion AI image generator and used ControlNet to maintain the QR code's data positioning despite synthesizing an image around it, likely using a written prompt. Other techniques exist to make artistic-looking QR codes by manipulating the positions of dots within the codes to make meaningful patterns that can still be read. In this case, Stable Diffusion is not only controlling dot positions but also blending picture details to match the QR code.

This interesting use of Stable Diffusion is possible because of the innate error correction feature built into QR codes. This error correction capability allows a certain percentage of the QR code's data to be restored if it's damaged or obscured, permitting a level of modification without making the code unreadable. In typical QR codes, this error correction feature serves to recover information if part of the code is damaged or dirty. But in nhciao's case, it has been leveraged to blend creativity with utility. Stable Diffusion added unique artistic touches to the QR codes without compromising their functionality. [...] This discovery opens up new possibilities for both digital art and marketing. Ordinary black-and-white QR codes could be turned into unique pieces of art, enhancing their aesthetic appeal. The positive reaction to nhciao's experiment on social media may spark a new era in which QR codes are not just tools of convenience but also interesting and complex works of art.

Google has taken a significant step toward a passwordless future with the start of an open beta for passkeys on Workspace accounts. From a report: Starting today, June 5th, over 9 million organizations can allow their users to sign in to a Google Workspace or Google Cloud account using a passkey instead of their usual passwords.

Passkeys are a new form of passwordless sign-in tech developed by the FIDO Alliance, whose members include industry giants like Google, Apple, and Microsoft. Passkeys allow users to log in to websites and apps using their device's own authentication, such as a laptop with Windows Hello, an Android phone with a fingerprint sensor, or an iPhone with Face ID, instead of traditional passwords and other sign-in systems like 2FA or SMS verification. Because passkeys are based on public key cryptographic protocols, there's no fixed "sequence" that can be stolen or leaked in phishing attacks.

"It's worth questioning the status quo of technology," argues the Washington Post's Tech Friend newsletter, "including apps as we know them."

Then they tout the benefits of the "non-app app... a hybrid of a website and a conventional app, with features of each" — the unappreciated Progressive Web App (which many still don't know can be installed on your phone's home screen): Web apps look and function pretty much like the conventional apps for your phone or computer, but they clog less space on your device and are less pushy about surveilling you. People who make web apps also say they are easier to create and update than conventional apps... But web apps have been around for years, and most people don't know they exist...

[Traditional apps] come with profound downsides, including Big Tech control, privacy compromises and high development costs. It would be healthy if there were palatable alternative paths to our current app system. Web apps might be part of the solution... At their core, web apps are "the web with an app-like cover," said Rob Kochman, senior product manager for Google's Chrome. Kochman and other web app fans say these apps are less demanding and less intrusive than a conventional app. The web app for Starbucks, for example, takes up just 429 kilobytes of storage on my phone — or less than 1 percent of the storage taken by the standard Starbucks Android app...

And by design, once a conventional app is on your phone, it can access your phone's guts and peek under the hood of your internet network. Web apps are stingier about access, Kochman and other experts told me. "If you're worried about installing some app, you'd probably prefer that as a web app," said a veteran tech executive who helped develop the original technology for web apps. He referred to a web app as "just a website that took all the right vitamins...."

It's difficult to figure out which companies make web apps or find them. There's not an app store for web apps, although there are some attempts like Store.App and Appscope. They're not ideal... Some technologists told me that Apple has held back web apps by limiting their capabilities for Apple devices. The company has said that's not true. And this year, Apple added iPhone feature options for web apps...

We should keep challenging what can feel like immutable parts of digital life, including apps. We have to keep asking: What if there's something better?
It's as easy as "press the three-dot icon, then select 'Add to home screen.'" But it'd be interesting to hear the perspective of Slashdot readers. So share your thoughts and experiences in the comments.

Are you using progressive web apps?

Linux Foundation Europe "has announced the RISC-V Software Ecosystem (RISE) Project to help facilitate more performant, commercial-ready software for the RISC-V processor architecture," reports Phoronix.

"Among the companies joining the RISE Project on their governing board are Andes, Google, Intel, Imagination Technologies, Mediatek, NVIDIA, Qualcomm, Red Hat, Rivos, Samsung, SiFive, T-Head, and Ventana."

It's top goal is "accelerate the development of open source software for RISC-V," according to the official RISE web site. The project's chair says it "brings together leaders with a shared sense of urgency to accelerate the RISC-V software ecosystem readiness in collaboration with RISC-V International." The CEO of RISC-V International, Calista Redmond, said "We are grateful to the thousands of engineers making upstream contributions and to the organizations coming together now to invest in tools and libraries in support of the RISC-V software ecosystem." RISE Project members will contribute financially and provide engineering talent to address specific software deliverables prioritized by the RISE Technical Steering Committee (TSC). RISE is dedicated to enabling a robust software ecosystem specifically for application processors that includes software development tools, virtualization support, language runtimes, Linux distribution integration, and system firmware, working upstream first with existing open source communities in accordance with open source best practices.

"The RISE Project is dedicated to enabling RISC-V in open source tools and libraries (e.g., LLVM, GCC, etc) to speed implementation and time-to-market," said Gabriele Columbro, General Manager of Linux Foundation Europe.
Google's director of engineering on Android said Google was "excited to partner with industry leaders to drive rapid maturity of the RISC-V software ecosystem in support of Android and more."

And the VP of system software at NVIDIA said "NVIDIA's accelerated computing platform — which includes GPUs, DPUs, chiplets, interconnects and software — will support the RISC-V open standard to help drive breakthroughs in data centers, and a wide range of industries, such as automotive, healthcare and robotics."

Google Wallet on Android is finally getting ready for your digital driver's license and other US state IDs. Google says the feature is rolling out this month, and it will slowly start bringing states online this year. From a report: Of course, your state has to be one of the few that actually supports digital IDs. Google says Maryland residents can use the feature right now and that "in the coming months, residents of Arizona, Colorado and Georgia will join them." The road to digital driver's license support has been a long one, with the "Identity Credential API" landing in Android 11 back in 2020. Since then it has technically been possible for states to make their own ID app.

Now Google Wallet, Google's re-re-reboot of its payment app, is providing a first-party way to store an ID on your phone. Some parts of the Identity Credential API landed in Google Play Services (Google's version-agnostic brick of APIs), so Wallet supports digital IDs going back to Android 8.0, which covers about 90 percent of Android devices. Maryland has supported Digital IDs on iOS for a while, which gives us an idea of how this will work. An NFC transfer is enough to beam your credentials to someone, where you can just tap against a special NFC ID terminal and confirm the transfer with your fingerprint. Wallet has an NFC option, along with a "Show code" option that will show the traditional driver's license barcode.

An anonymous reader quotes a report from Ars Technica: After endless leaks, Motorola made its fourth-generation lineup of foldables official today. The flagship is the Moto Razr+, which will launch in the US on June 23 for $999. There's also a cheaper phone called only the "Moto Razr" with a smaller outside screen, slower SoC, and no clear US price or release date. Internationally, these phones are called the Moto Razr 40 Ultra and Moto Razr 40. The Ultra model's SoC is a Snapdragon 8+ Gen 1 -- that's not the best you can get from Qualcomm, which would be the 8 Gen 2 -- this is a year-old mid-cycle upgrade chip. The phone has 8GB of RAM, 256GB of storage, and a 3800 mAh battery with 30 W quick charging. The leaked display specs have been all over the place, but officially, the interior display is a 6.9-inch, 2640x1080 OLED that runs at a smoking 165 Hz. The exterior display is super big on the Ultra model and is a 3.6-inch, 144 Hz OLED at a nearly square 1066x1056. Motorola has the phone's dust and water ingress protection rated at IP52, which typically only protects from "direct sprays of water up to 15 degrees from the vertical" and is far from qualifying the Razr as a water-resistant phone.

The design has been better. The original foldable Moto Razr reboot from 2020 had beautiful throwback looks that screamed "Moto Razr." It looked just like the old-school flip phone from the early 2000s but modernized. This fourth foldable generation tones things down a lot and is more of a generic rectangle. You could easily confuse it for Samsung's Galaxy Z Flip. This fourth generation seems more mature, though. Motorola will now let you run any app you want on the ultra's giant front screen, complete with the option of a super tiny Android navigation bar tucked away in the bottom left corner, to the left of the two front cameras. You can peruse the app drawer, use Google Pay, or play media on the front display. You can even type on the keyboard: Google GBoard has a special full-screen mode that will show a single line of input text.

Those front cameras give this font display one of the strangest display shapes on the market. With two big dead spots in the bottom right corner, the workable display area is kind of an upside-down L shape. By default, apps will stay out of the non-rectangular part of the screen, but it's possible to enable a "full screen" mode for the front apps. This will force apps to use the lower part of the display, and you just have to hope that they will somehow deal with that. Android has APIs to identify dead areas of the display for apps to work around, but usually, that's for a top camera notch. Not many apps are built for this, but you're apparently welcome to try to make them work with the feature. [...] If you're interested in the Razr+, preorders start June 16.

Arm unveiled its upcoming flagship CPUs for 2024, including the Arm Cortex X4, Cortex A720, and Cortex A520. These chips, built on the Armv9.2 architecture, promise higher performance and improved power efficiency. Arm also introduced a new 'QARMA3 algorithm' for memory security and showcased a potential 14-core mega-chip design for high-performance laptops. Ars Technica reports: Arm claims the big Cortex X3 chip will have 15 percent higher performance than this year's X3 chip, and "40 percent better power efficiency." The company also promises a 20 percent efficiency boost for the A700 series and a 22 percent efficiency boost for the A500. The new chips are all built on the new 'Armv9.2' architecture, which adds a "new QARMA3 algorithm" for Arm's Pointer Authentication memory security feature. Pointer authentication assigns a cryptographic signature to memory pointers and is meant to shut down memory corruption vulnerabilities like buffer overflows by making it harder for unauthenticated programs to create valid memory pointers. This feature has been around for a while, but Arm's new algorithm reduces the CPU overhead of all this extra memory work to just 1 percent of the chip's power, which hopefully will get more manufacturers to enable it.

Arm's SoC recommendations are usually a "1+3+4" design. That's one big X chip, three medium A700 chips, and four A500 chips. This year the company is floating a new layout, though, swapping out two small chips for two medium chips, which would put you at a "1+5+2" configuration. Arm's benchmarks -- which were run on Android 13 -- claim this will get you 27 percent more performance. That's assuming anything can cool and power that for a reasonable amount of time. Arm's blog post also mentions a 1+4+4 chip -- nine cores -- for a flagship smartphone. [...]

Every year with these Arm flagship chip announcements, the company also includes a wild design for a giant mega-chip that usually never gets built. Last year the company's blueprint monster was a design with eight Cortex X3 chips and four A715 cores, which the company claimed would rival an Intel Core i7. The biggest X3-based chip on the market is the Qualcomm Snapdragon 8cx Gen 3, which landed in a few Windows laptops. That was only a four X3/four A715 chip, though. This year's mega chip is a 14-core monster with 10 Cortex X4 chips and four A720 chips, which Arm says is meant for "high-performance laptops." Arm calls the design the company's "most powerful cluster ever built," but will it ever actually be built? Will it ever be more than words on a page?

Researchers from Cisco's Talos security team have uncovered detailed information about Predator, a sophisticated spyware sold to governments worldwide, which can secretly record voice calls, collect data from apps like Signal and WhatsApp, and hide or disable apps on mobile devices. Ars Technica reports: An analysis Talos published on Thursday provides the most detailed look yet at Predator, a piece of advanced spyware that can be used against Android and iOS mobile devices. Predator is developed by Cytrox, a company that Citizen Lab has said is part of an alliance called Intellexa, "a marketing label for a range of mercenary surveillance vendors that emerged in 2019." Other companies belonging to the consortium include Nexa Technologies (formerly Amesys), WiSpear/Passitora Ltd., and Senpai. Last year, researchers with Google's Threat Analysis Group, which tracks cyberattacks carried out or funded by nation-states, reported that Predator had bundled five separate zero-day exploits in a single package and sold it to various government-backed actors. These buyers went on to use the package in three distinct campaigns. The researchers said Predator worked closely with a component known as Alien, which "lives inside multiple privileged processes and receives commands from Predator." The commands included recording audio, adding digital certificates, and hiding apps. [...]

According to Talos, the backbone of the malware consists of Predator and Alien. Contrary to previous understandings, Alien is more than a mere loader of Predator. Rather, it actively implements the low-level capabilities that Predator needs to surveil its victims. "New analysis from Talos uncovered the inner workings of PREDATOR and the mechanisms it uses to communicate with the other spyware component deployed along with it known as 'ALIEN,'" Thursday's post stated. "Both components work together to bypass traditional security features on the Android operating system. Our findings reveal the extent of the interweaving of capabilities between PREDATOR and ALIEN, providing proof that ALIEN is much more than just a loader for PREDATOR as previously thought to be." In the sample Talos analyzed, Alien took hold of targeted devices by exploiting five vulnerabilities -- CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003, CVE-2021-1048 -- the first four of which affected Google Chrome, and the last Linux and Android. [...] The deep dive will likely help engineers build better defenses to detect the Predator spyware and prevent it from working as designed. Talos researchers were unable to obtain Predator versions developed for iOS devices.

Amazon.com will close its official app store in China in July, the latest retreat from the Chinese market by the US tech giant following last year's announcement that its Kindle e-book service would also shut. From a report: An Amazon representative said the Amazon Appstore, launched in 2011 as an alternative to Google for Android phone users to install apps and games, will be "discontinued." However, its official shopping site Amazon.cn will remain operational, as will other services such as Amazon Global Selling, Amazon Global Store and cloud unit Amazon Web Services (AWS). The app store service will shut down on July 17, according to Chinese media The Paper, citing a Tuesday email from Amazon Appstore sent to users, which did not elaborate on the reasons for quitting the market. The Amazon Appstore could not be downloaded from its official Chinese site as of Tuesday.

An anonymous reader quotes a report from Ars Technica: Amid a plethora of game trailers, Sony dedicated a single minute of its more-than-an-hour-long PlayStation Showcase livestream on Wednesday to reveal two new hardware products. The most buzzworthy of these is surely Project Q -- that's the internal name, as the final name is still pending. Whatever it is called in the future, Project Q confirms a long-standing rumor: It's a new PlayStation handheld.

The device will be focused on streaming; Sony says it will allow users to stream any non-VR game from a local PlayStation 5 console using Remote Play over Wi-Fi. In fact, it won't be able to play games on its own; it's all about the streaming functionality. As for Project Q's specs, it has an 8-inch HD screen and "all the buttons and features of the DualSense wireless controller." Release dates and pricing for these haven't been announced [...]. Ars notes that Sony has been offering Remote Play for a while on other devices. "You can sync a DualSense controller with your macOS, Windows, iOS, or Android device and stream your games over Wi-Fi or the Internet, though the latter is laden with latency challenges."

In addition to Project Q, Sony also announced plans to launch Bluetooth earbuds that can simultaneously connect to a PlayStation console, mobile device, and PCs, similar to AirPods.

An anonymous reader quotes a report from Ars Technica: An app that had more than 50,000 downloads from Google Play surreptitiously recorded nearby audio every 15 minutes and sent it to the app developer, a researcher from security firm ESET said. The app, titled iRecorder Screen Recorder, started life on Google Play in September 2021 as a benign app that allowed users to record the screens of their Android devices, ESET researcher Lukas Stefanko said in a post published on Tuesday. Eleven months later, the legitimate app was updated to add entirely new functionality. It included the ability to remotely turn on the device mic and record sound, connect to an attacker-controlled server, and upload the audio and other sensitive files that were stored on the device.

The secret espionage functions were implemented using code from AhMyth, an open source RAT (remote access Trojan) that has been incorporated into several other Android apps in recent years. Once the RAT was added to iRecorder, all users of the previously benign app received updates that allowed their phones to record nearby audio and send it to a developer-designated server through an encrypted channel. As time went on, code taken from AhMyth was heavily modified, an indication that the developer became more adept with the open source RAT. ESET named the newly modified RAT in iRecorder AhRat.

Stefanko installed the app repeatedly on devices in his lab, and each time, the result was the same: The app received an instruction to record one minute of audio and send it to the attacker's command-and-control server, also known colloquially in security circles as a C&C or C2. Going forward, the app would receive the same instruction every 15 minutes indefinitely. [...] Stefanko said it's possible that iRecord is part of an active espionage campaign, but so far, he has been unable to determine if that's the case. "Unfortunately, we don't have any evidence that the app was pushed to a particular group of people, and from the app description and further research (possible app distribution vector), it isn't clear if a specific group of people was targeted or not," he wrote. "It seems very unusual, but we don't have evidence to say otherwise."