×
Iphone

Apple Commits To At Least Five Years of iPhone Security Updates (androidauthority.com) 41

When buying a new smartphone, it's important to consider the duration of software updates, as it impacts security and longevity. In a rare public commitment on Monday, thanks to the UK's new Product Security and Telecommunications Infrastructure (PSTI) regulations, Apple said it guarantees a minimum of five years of security updates for the iPhone 15 Pro Max. "In other words, the iPhone 15 is officially guaranteed to receive security updates until September 22, 2028," reports Android Authority. From the report: This, as VP of Engineering for Android Security & Privacy at Google Dave Kleidermacher points out, means that Apple is no longer offering the best security update policy in the industry. Both Samsung and Google guarantee seven years of not just security updates but also Android OS updates for their respective flagship devices, which is two years longer than what Apple guarantees.

To Apple's credit, though, it has long provided more than five years of security updates for its various iPhone devices. Some iPhones have received security updates six or more years after the initial release, which is far more support than the vast majority of Android devices receive. So, while Samsung and Google currently beat Apple in terms of how long they're guaranteeing software support, that doesn't mean iPhone users can't keep their phones for just as long, if not longer. They'll just need to hope Apple doesn't cut off support after the five-year minimum.

Media

Amazon Acquires MX Player (techcrunch.com) 16

An anonymous reader shared a report: Amazon has agreed to acquire key assets of Indian video streaming service MX Player from the local media powerhouse Times Internet, the latest step by the e-commerce giant to make its services and brand popular in smaller cities and towns in the key overseas market.

[...] Times Internet acquired MX Player in 2018 for $140 million. The app, which originated in South Korea, gained immense popularity in India due to its unique local video playback feature. This functionality allows the app to support a wide range of video file formats, making it highly compatible with affordable Android smartphones that are prevalent in developing markets.

Cellphones

Google Can Keep Your Phone If You Send It In For Repair With Non-OEM Parts [UPDATE: Changing Policy] (androidauthority.com) 148

UPDATE 6/4/2024: Google has changed its repair policy in response to the controversial clause that was brought to light. Google says it will not keep phones sent in for repair and that it's changing the wording of its ToS agreement to reflect this. Here's a statement from a Google spokesperson: "If a customer sends their Pixel to Google for repair, we would not keep it regardless of whether it has non-OEM parts or not. In certain situations, we won't be able to complete a repair if there are safety concerns. In that case, we will either send it back to the customer or work with them to determine next steps. Customers are also free to seek the repair options that work best for them. We are updating our Terms and Conditions to clarify this."

An anonymous reader quotes a report from Android Authority: Like many other phone makers, Google has a self-repair program for servicing your damaged or malfunctioning Pixel device. As its support site explains, there are options to get repair tools, manuals, and certified parts so you can fix up your Pixel like new. Owners can also choose to simply send their device in to have it repaired professionally. As replacement parts can be expensive, some DIYers choose to use parts from third-party suppliers. But if you go down this route, you may want to avoid sending your device to Google if there's a problem you don't have the skills to fix on your own.

As YouTuber Louis Rossmann discovered, Google's service and repair terms and conditions contain a concerning stipulation. The document states that Google will keep your device if a non-OEM part is found. Apparently, this rule has been in effect since July 19, 2023, as marked on the page.
Last week, iFixit said they are parting ways with Samsung because the company "does not seem interested in enabling repair at scale."

A separate report from 404 Media found that Samsung requires independent repair shops to give them the name, contact information, phone identifier, and customer complaint details of everyone who gets their phone repaired at these shops. "Stunningly, it also requires these nominally independent shops to 'immediately disassemble' any phones that customers have brought them that have been previously repaired with aftermarket or third-party parts and to 'immediately notify' Samsung that the customer has used third-party parts," reports 404 Media.
Android

Android's New Instant Hotspot Feature Won't Be Available on Samsung Devices (androidauthority.com) 64

Mishaal Rahman, reporting for AndroidAuthority: Google just unveiled its latest Android Feature Drop earlier today, and it's one of the most exciting feature drops I can remember. The two features I'm most excited about are part of Play Services's new Cross-Device Services module, which brings some Apple Continuity-style magic to your Android devices. For example, the new Instant Hotspot feature lets you connect your Android tablet or Chromebook to your phone's hotspot with a single tap. Instant Hotspot works with phones running Android 11 or newer, with one notable exception: Samsung devices. According to Google, Instant Hotspot will not be available on any Samsung devices. [...] It's not clear exactly why Instant Hotspot isn't available on Samsung devices. The feature is part of Google Play Services, which is available on all Google-certified Android devices, including those from Samsung. It's likely that Samsung opted out of this particular feature, perhaps to encourage users to buy devices within their ecosystem.
Apple

Apple Signals That It's Working on TV+ App for Android Phones (bloomberg.com) 54

Apple is seeking a senior engineer to help build a television and sports app for Android, a sign the company is finally bringing its TV+ service to the rival smartphone platform. From a report: In a job listing published in recent days, Apple said it's looking for someone to lead the development of "fun new features" and "help build an application used by millions to watch and discover TV and sports." The move suggests that the company is looking to gain market share in video streaming -- and is setting aside its rivalry with Android in order to chase additional users. It's rare for Apple to develop software for Google's Android, which competes with its iOS platform. The TV+ service, launched in 2019, is Apple's answer to Netflix or Disney+, and the company has spent heavily on feeding it with original content.
Chrome

Chromebooks Will Get Gemini and New Google AI Features (wired.com) 9

Google is introducing the Gemini AI chatbot to Chromebook Plus models, enhancing features like text rewriting, image editing, and hands-free control. Here are a few of the top new features coming to ChromeOS, as summarized by Wired: The first notable feature is Help Me Write, which works in any text box. Select text in any text box and right-click -- you'll see a box next to the standard right-click context menu. You can ask Google's AI to rewrite the selected text, rephrase it in a specific way, or change the tone. I tried to use it on a few sentences in this story but did not like any of the suggestions it gave me, so your mileage may vary. Or maybe I'm a better writer than Google's AI. Who knows?

Google's bringing the same generative AI wallpaper system you'll find in Android to ChromeOS. You can access this feature in ChromeOS's wallpaper settings and generate images based on specific parameters. Weirdly, you can create these when you're in a video-calling app too. You'll see a menu option next to the system tray whenever the microphone and video camera are being accessed -- tap on it and click "Create with AI" and you can generate an image for your video call's background. I'm not sure why I'd want a background of a "surreal bicycle made of flowers in pink and purple," but there you go. AI!

Here's something a little more useful: Magic Editor in Google Photos. Yep, the same feature that debuted in Google's Pixel 8 smartphones is now available on Chromebook Plus laptops. In the Google Photos app, you can press Edit on a photo and you'll see the option for Magic Editor. (You'll need to download more editing tools to get started.) This feature lets you erase unwanted objects in your photos, move a subject to another area of the frame, and fill in the backgrounds of photos. I successfully erased a paint can in the background of a photo of my dog, and it worked pretty quickly.

Then there's Gemini. It's available as a stand-alone app, and you can ask it to do pretty much anything. Write a cover letter, break down complex topics, ask for travel tips for a specific country. Just, you know, double-check the results and make sure there aren't any hallucinations. If you want to tap into Google's Gemini Advanced model, the company says it is offering 12 months free for new Chromebook Plus owners through the end of the year, so you have some time to redeem that offer. This is technically an upgrade from Google One, and it nets you Gemini for Workspace, 2 terabytes of storage, and a few other perks.
New features coming to all Chromebooks include easy setup with Android phones via QR code for sharing Wi-Fi credentials, integration of Google Tasks into the system tray, a Game Dashboard for mapping controls and recording gameplay as GIFs, and a built-in screen recorder tool. Upcoming enhancements also include Hands-Free Control using face gestures, the Help Me Read feature with Gemini for summarizing websites and PDFs, and an Overview screen to manage open browser windows, tabs, and apps.

You can check if your Chromebook is compatible with the Chromebook Plus OS update here.
Nintendo

Ubuntu 24.04 Now Runs on the Nintendo Switch (Unofficially) (omgubuntu.co.uk) 6

"The fact it's possible at all is a credit to the ingenuity of the open-source community," writes the blog OMG Ubuntu: Switchroot is an open-source project that allows Android and Linux-based distros like Ubuntu to run on the Nintendo Switch — absolutely not something Nintendo approves of much less supports, endorses, or encourages, etc! I covered the loophole that made this possible back in 2018. Back then the NVIDIA Tegra X1-powered Nintendo Switch was still new and Linux support for much of the console's internal hardware in a formative state (a polite way to say 'not everything worked'). But as the popularity of Nintendo's handheld console ballooned (to understate it) so the 'alternative OS' Switch scene grew, and before long Linux support for Switch hardware was in full bloom...

A number of Linux for Switchroot (L4S) distributions have since been released, designated as Linux for Tegra (L4T) builds. As these can boot from a microSD card it's even possible to dualboot the Switch OS with Linux, which is neat! Recently, a fresh set of L4T Ubuntu images were released based on the newest Ubuntu 24.04 LTS release. These builds work on all Switch versions, from the OG (exploit-friendly) unit through to newer, patched models (where a modchip is required)...

I'm told all of the Nintendo Switch internal hardware now works under Linux, including Wi-Fi, Bluetooth, sleep mode, accelerated graphics, the official dock... Everything, basically. And despite being a 7 year old ARM device the performance is said to remain decent.

"Upstream snafus have delayed the release of builds with GNOME Shell..."
Portables

A Startup's Faster-Than-E-Ink Android Tablet Challenges Apple's IPad (om.co) 97

It's "one of the most talked about devices in Silicon Valley," according to tech writer/investor Om Malik.

The company's web site calls it "the computer, de-invented," promising a tablet with "the world's first full-speed paper-like display." But Its founder has structured the company as a Public Benefit Corporation, with its web site describing the eyestrain-relieving tablet as "designed for deep focus and wellbeing. We refuse to accept a future where our devices are exhausting, addictive, and distracting."

Malik writes that Daylight Computer founder Anjan Katta suffers from ADHD, and "wanted something that allowed him few distractions and allowed him to work with intent." What the company has created is a beautiful tablet — about the size of a normal iPad Air. It is just a "little less than white," white, with a gorgeous screen. It is very simple, elegant, and lovely. It has an e-ink screen, and the matte monochrome paper-like display is optimized for reading, writing, and note-taking. It refreshes at 60 frames per second, a pretty big deal for e-ink displays. This different screen technology developed by the company is called LivePaper and it feels as snappy as anything you have experienced on an iPad. This is what puts it a notch above other e-ink tablets. This is precisely why the new Daylight tablet is much less stressful on the eye and easy to use even in direct sunlight. It has 8 GB memory, about 128 GB in-built storage, an 8-core chip, microphones, speakers, and a powerful battery.

There is no camera — thank God!

An ad from the company suggests the tablet "might change the way you think about screens," promising their device is "less distraction. Less addiction. Less eyestrain. Less blue light... Technology that feels a little bit more human, a bit less demanding."

The blog of product designer Arun Venkatesan calls it one of those devices that "signals an exciting new era where we can harness the power of technology without sacrificing our ability to live intentional, balanced lives."

Tom's Guide notes the tablet "is designed to run normal Android apps, and comes pre-installed with apps like Audible, Kindle, Google Docs and more" — and this may be the only the beginning: Based on various podcast interviews we could find of Katta, the DC1 isn't the end goal of the company. Katta wants to see the Live Paper display in all kinds of devices like monitors, laptops and watches.

Is the Daylight DC1 a technology flash in the pan or will we see a wave of Live Paper devices in the future? It'll be interesting to see how this devices truly works once its in people's hands.

Security

Spyware Found on US Hotel Check-in Computers (techcrunch.com) 24

A consumer-grade spyware app has been found running on the check-in systems of at least three Wyndham hotels across the United States, TechCrunch reported Wednesday. From the report: The app, called pcTattletale, stealthily and continually captured screenshots of the hotel booking systems, which contained guest details and customer information. Thanks to a security flaw in the spyware, these screenshots are available to anyone on the internet, not just the spyware's intended users.

This is the most recent example of consumer-grade spyware exposing sensitive information because of a security flaw in the spyware itself. It's also the second known time that pcTattletale has exposed screenshots of the devices that the app is installed on. Several other spyware apps in recent years had security bugs or misconfigurations that exposed the private and personal data of unwitting device owners, in some cases prompting action by government regulators. pcTattletale allows whomever controls it to remotely view the target's Android or Windows device and its data, from anywhere in the world. pcTattletale's website says the app "runs invisibly in the background on their workstations and can not be detected."

Android

Google Brings Back Group Speaker Controls After Sonos Lawsuit Win (arstechnica.com) 16

Android Authority's Mishaal Rahman reports that the group speaker volume controls feature is back in Android 15 Beta 2. "Google intentionally disabled this functionality on Pixel phones back in late 2021 due to a legal dispute with Sonos," reports Rahman. "In late 2023, Google announced it would bring back several features they had to remove, following a judge's overturning of a jury verdict that was in favor of Sonos." From the report: When you create a speaker group consisting of one or more Assistant-enabled devices in the Google Home app, you're able to cast audio to that group from your phone using a Cast-enabled app. For example, let's say I make a speaker group named "Nest Hubs" that consists of my bedroom Nest Hub and my living room Nest Hub. If I open the YouTube Music app, start playing a song, and then tap the cast icon, I can select "Nest Hubs" to start playback on both my Nest Hubs simultaneously.

If I keep the YouTube Music app open, I can control the volume of my speaker group by pressing the volume keys on my phone. This functionality is available no matter what device I use. However, if I open another app while YouTube Music is casting, whether I'm able to still control the volume of my speaker group using my phone's volume keys depends on what phone I'm using and what software version it's running. If I'm using a Pixel phone that's running a software version before Android 15 Beta 2, then I'm unable to control the volume of my speaker group unless I re-open the YouTube Music app. If I'm using a phone from any other manufacturer, then I won't have any issues controlling the volume of my speaker group.

The reason for this weird discrepancy is that Google intentionally blocked Pixel devices from being able to control the volume of Google Home speaker groups while casting. Google did this out of an abundance of caution while they were fighting a legal dispute. [...] With the release of last week's Android 15 Beta 2, we can confirm that Google finally restored this functionality.

Open Source

Why a 'Frozen' Distribution Linux Kernel Isn't the Safest Choice for Security (zdnet.com) 104

Jeremy Allison — Sam (Slashdot reader #8,157) is a Distinguished Engineer at Rocky Linux creator CIQ. This week he published a blog post responding to promises of Linux distros "carefully selecting only the most polished and pristine open source patches from the raw upstream open source Linux kernel in order to create the secure distribution kernel you depend on in your business."

But do carefully curated software patches (applied to a known "frozen" Linux kernel) really bring greater security? "After a lot of hard work and data analysis by my CIQ kernel engineering colleagues Ronnie Sahlberg and Jonathan Maple, we finally have an answer to this question. It's no." The data shows that "frozen" vendor Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream "stable" Linux kernel created by Greg Kroah-Hartman. How can this be? If you want the full details the link to the white paper is here. But the results of the analysis couldn't be clearer.

- A "frozen" vendor kernel is an insecure kernel. A vendor kernel released later in the release schedule is doubly so.

- The number of known bugs in a "frozen" vendor kernel grows over time. The growth in the number of bugs even accelerates over time.

- There are too many open bugs in these kernels for it to be feasible to analyze or even classify them....

[T]hinking that you're making a more secure choice by using a "frozen" vendor kernel isn't a luxury we can still afford to believe. As Greg Kroah-Hartman explicitly said in his talk "Demystifying the Linux Kernel Security Process": "If you are not using the latest stable / longterm kernel, your system is insecure."

CIQ describes its report as "a count of all the known bugs from an upstream kernel that were introduced, but never fixed in RHEL 8." For the most recent RHEL 8 kernels, at the time of writing, these counts are: RHEL 8.6 : 5034 RHEL 8.7 : 4767 RHEL 8.8 : 4594

In RHEL 8.8 we have a total of 4594 known bugs with fixes that exist upstream, but for which known fixes have not been back-ported to RHEL 8.8. The situation is worse for RHEL 8.6 and RHEL 8.7 as they cut off back-porting earlier than RHEL 8.8 but of course that did not prevent new bugs from being discovered and fixed upstream....

This whitepaper is not meant as a criticism of the engineers working at any Linux vendors who are dedicated to producing high quality work in their products on behalf of their customers. This problem is extremely difficult to solve. We know this is an open secret amongst many in the industry and would like to put concrete numbers describing the problem to encourage discussion. Our hope is for Linux vendors and the community as a whole to rally behind the kernel.org stable kernels as the best long term supported solution. As engineers, we would prefer this to allow us to spend more time fixing customer specific bugs and submitting feature improvements upstream, rather than the endless grind of backporting upstream changes into vendor kernels, a practice which can introduce more bugs than it fixes.

ZDNet calls it "an open secret in the Linux community." It's not enough to use a long-term support release. You must use the most up-to-date release to be as secure as possible. Unfortunately, almost no one does that. Nevertheless, as Google Linux kernel engineer Kees Cook explained, "So what is a vendor to do? The answer is simple: if painful: Continuously update to the latest kernel release, either major or stable." Why? As Kroah-Hartman explained, "Any bug has the potential of being a security issue at the kernel level...."

Although [CIQ's] programmers examined RHEL 8.8 specifically, this is a general problem. They would have found the same results if they had examined SUSE, Ubuntu, or Debian Linux. Rolling-release Linux distros such as Arch, Gentoo, and OpenSUSE Tumbleweed constantly release the latest updates, but they're not used in businesses.

Jeremy Allison's post points out that "the Linux kernel used by Android devices is based on the upstream kernel and also has a stable internal kernel ABI, so this isn't an insurmountable problem..."
Android

Smartphones Can Now Last 7 Years (nytimes.com) 142

Google and Samsung used to update smartphone software for only three years. That has changed. From a report: Every smartphone has an expiration date. That day arrives when the software updates stop coming and you start missing out on new apps and security protections. With most phones, this used to happen after about only three years. But things are finally starting to change. The new number is seven. I first noticed this shift when I reviewed Google's $700 Pixel 8 smartphone in October. Google told me that it had committed to provide software updates for the phone for seven years, up from three years for its previous Pixels, because it was the right thing to do.

I was skeptical that this would become a trend. But this year, Samsung, the most profitable Android phone maker, set a similar software timeline for its $800 Galaxy S24 smartphone. Then Google said it would do the same for its $500 Pixel 8A, the budget version of the Pixel 8, which arrived in stores this week. Both companies said they had expanded their software support to make their phones last longer. This is a change from how companies used to talk about phones. Not long ago, tech giants unveiled new devices that encouraged people to upgrade every two years. But in the last few years, smartphone sales have slowed down worldwide as their improvements have become more marginal. Nowadays, people want their phones to endure.

Samsung and Google, the two most influential Android device makers, are playing catch-up with Apple, which has traditionally provided software updates for iPhones for roughly seven years. These moves will make phones last much longer and give people more flexibility to decide when it's time to upgrade. Google said in a statement that it had expanded its software commitment for the Pixel 8A because it wanted customers to feel confident in Pixel phones. And Samsung said it would deliver seven years of software updates, which increase security and reliability, for all its Galaxy flagship phones from now on.

Google

Google Opens Up Its Smart Home To Everyone (theverge.com) 27

Google is opening up API access to its Google Home smart home platform, allowing app developers to access over 600 million connected devices and tap into the Google Home automation engine. In addition, Google announced that it'll be turning Google TVs into Google Home hubs and Matter controllers. The Verge reports: The Home APIs can access any Matter device or Works with Google Home device, and allows developers to build their own experiences using Google Home devices and automations into their apps on both iOS and Android. This is a significant move for Google in opening up its smart home platform, following shutting down its Works with Nest program back in 2019. [...] The Home APIs are already available to Google's early access partners, and Google is opening up a waitlist for any developer to sign up today. "We are opening up access on a rolling basis so they can begin building and testing within their apps," Anish Kattukaran, head of product at Google Home and Nest, told The Verge. "The first apps using the home APIs will be able to publish to the Play and App stores in the fall."

The access is not just limited to smart home developers. In the blog post, Matt Van Der Staay, engineering director at Google Home, said the Home APIs could be used to connect smart home devices to fitness or delivery apps. "You can build a complex app to manage any aspect of a smart home, or simply integrate with a smart device to solve pain points -- like turning on the lights automatically before the food delivery driver arrives." The APIs allow access to most devices connected to Google Home and to the Google Home structure, letting apps control and manage devices such as Matter light bulbs or the Nest Learning Thermostat. They also leverage Google Home's automation signals, such as motion from sensors, an appliance's mode changing, or Google's Home and Away mode, which uses various signals to determine if a home is occupied. [...]

What's also interesting here is that developers will be able to use the APIs to access and control any device that works with the new smart home standard Matter and even let people set up Matter devices directly in their app. This should make it easier for them to implement Matter into their apps, as it will add devices to the Google Home fabric, so they won't have to develop their own. In addition, Google announced that it's vastly expanding its Matter infrastructure by turning Google TVs into Google Home hubs and Matter controllers. Any app using the APIs would need a Google hub in a customer's home in order to control Matter devices locally. Later this year, Chromecast with Google TV, select panel TVs with Google TV running Android 14 or higher, and some LG TVs will be upgraded to become Google Home hubs.

Additionally, Kattukaran said Google will upgrade all of its existing home hubs -- which include Nest Hub (second-gen), Nest Hub Max, and Google Wifi -- with a new ability called Home runtime. "With this update, all hubs for Google Home will be able to directly route commands from any app built with Home APIs (such as the Google Home app) to a customer's Matter device locally, when the phone is on the same Wi-Fi network as the hub," said Kattukaran. This means you should see "significant latency improvements using local control via a hub for Google Home," he added.

Android

Android 15 Gets 'Private Space,' Theft Detection, and AV1 Support (arstechnica.com) 37

An anonymous reader quotes a report from Ars Technica: Google's I/O conference is still happening, and while the big keynote was yesterday, major Android beta releases have apparently been downgraded to Day 2 of the show. Google really seems to want to be primarily an AI company now. Android already had some AI news yesterday, but now that the code-red requirements have been met, we have actual OS news. One of the big features in this release is "Private Space," which Google says is a place where users can "keep sensitive apps away from prying eyes, under an additional layer of authentication."

First, there's a new hidden-by-default portion of the app drawer that can hold these sensitive apps, and revealing that part of the app drawer requires a second round of lock-screen authentication, which can be different from the main phone lock screen. Just like "Work" apps, the apps in this section run on a separate profile. To the system, they are run by a separate "user" with separate data, which your non-private apps won't be able to see. Interestingly, Google says, "When private space is locked by the user, the profile is paused, i.e., the apps are no longer active," so apps in a locked Private Space won't be able to show notifications unless you go through the second lock screen.

Another new Android 15 feature is "Theft Detection Lock," though it's not in today's beta and will be out "later this year." The feature uses accelerometers and "Google AI" to "sense if someone snatches your phone from your hand and tries to run, bike, or drive away with it." Any of those theft-like shock motions will make the phone auto-lock. Of course, Android's other great theft prevention feature is "being an Android phone." Android 12L added a desktop-like taskbar to the tablet UI, showing recent and favorite apps at the bottom of the screen, but it was only available on the home screen and recent apps. Third-party OEMs immediately realized that this bar should be on all the time and tweaked Android to allow it. In Android 15, an always-on taskbar will be a normal option, allowing for better multitasking on tablets and (presumably) open foldable phones. You can also save split-screen-view shortcuts to the taskbar now.

An Android 13 developer feature, predictive back, will finally be turned on by default. When performing the back gesture, this feature shows what screen will show up behind the current screen you're swiping away. This gives a smoother transition and a bit of a preview, allowing you to cancel the back gesture if you don't like where it's going. [...] Because this is a developer release, there are tons of under-the-hood changes. Google is a big fan of its own next-generation AV1 video codec, and AV1 support has arrived on various devices thanks to hardware decoding being embedded in many flagship SoCs. If you can't do hardware AV1 decoding, though, Android 15 has a solution for you: software AV1 decoding.

Google

Google Will Use Gemini To Detect Scams During Calls (techcrunch.com) 57

At Google I/O on Tuesday, Google previewed a feature that will alert users to potential scams during a phone call. TechCrunch reports: The feature, which will be built into a future version of Android, uses Gemini Nano, the smallest version of Google's generative AI offering, which can be run entirely on-device. The system effectively listens for "conversation patterns commonly associated with scams" in real time. Google gives the example of someone pretending to be a "bank representative." Common scammer tactics like password requests and gift cards will also trigger the system. These are all pretty well understood to be ways of extracting your money from you, but plenty of people in the world are still vulnerable to these sorts of scams. Once set off, it will pop up a notification that the user may be falling prey to unsavory characters.

No specific release date has been set for the feature. Like many of these things, Google is previewing how much Gemini Nano will be able to do down the road sometime. We do know, however, that the feature will be opt-in.

Android

Google is Experimenting With Running Chrome OS on Android (androidauthority.com) 23

An anonymous reader shares a report: At a privately held event, Google recently demonstrated a special build of Chromium OS -- code-named "ferrochrome" -- running in a virtual machine on a Pixel 8. However, Chromium OS wasn't shown running on the phone's screen itself. Rather, it was projected to an external display, which is possible because Google recently enabled display output on its Pixel 8 series. Time will tell if Google is thinking of positioning Chrome OS as a platform for its desktop mode ambitions and Samsung DeX rival.
Google

Apple and Google Introduce Alerts for Unwanted Bluetooth Tracking 39

Apple and Google have launched a new industry standard called "Detecting Unwanted Location Trackers" to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple's AirTags being used for malicious purposes.

Several Bluetooth tag companies have committed to making their future products compatible with the new standard. Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking.
Google

Google's Pixel 8A is a Midrange Phone That Might Actually Go the Distance (theverge.com) 35

The Pixel 8A is officially here. The 8A gets Google's latest processor, adds a bunch of new AI features, and still starts at $499 in the US. But the very best news is that the 8A adopts the Pixel 8 and 8 Pro's seven years of software support, which is just unheard of in a midrange phone. From a report: The 8A retains the same general shape and size as its predecessor. But its 6.1-inch screen gets a couple of significant updates: the top refresh rate is now 120Hz, up from 90Hz, and the panel gets up to 40 percent brighter, up to 2,000 nits in peak brightness mode. They're important upgrades, especially since the 8A's main competition in the US, the OnePlus 12R, comes with an excellent display.

It comes with the same generative AI photo and video features that made a splash on the Pixel 8 and 8 Pro, including Best Take, Magic Editor, and Audio Magic Eraser. Circle to Search is also available, and the 8A will be able to run Google's mobile-optimized on-device AI model, Gemini Nano. As on the Pixel 8, it'll be a developer option delivered via feature drop. Other specs are either unchanged or slightly boosted compared to the last generation. There's still 8GB of RAM and 128GB of storage, though there's now a 256GB option. Camera hardware is unchanged from the 7A, including a stabilized 64-megapixel main sensor. There's an IP67 rating, consistent with the 7A, and battery capacity is a little higher at 4,492mAh compared to 4,385mAh. Wireless charging is available via Qi 1.3 at up to 7.5W -- no Qi2 here.

Microsoft

Ten Years Ago Microsoft Bought Nokia's Phone Unit, Then Killed It As a Tax Write-Off (theregister.com) 82

The Register provides a retrospective look at how Microsoft "absorbed the handset division of Nokia" ten years ago, only to kill the unit two years later and write it off as a tax loss. What went wrong? "It was a fatal combination of bad management, a market evolving in ways hidebound people didn't predict, and some really (with a few superb exceptions) terrible products," reports The Register. From the report: Like Nokia, Windows Mobile's popularity peaked in 2007, then started to drop away. The iPhone was the tech item of choice for fashionistas, Blackberry was seen as essential for serious business, and Android -- with Google as its new owner -- was gaining traction. Microsoft by that time had a new CEO in Steve Ballmer, who completely and famously failed to see the shifting sands in the mobile market. He dismissed the iPhone as a threat to what he thought was Windows Mobile's unassailable market position, and was roundly mocked for it. So the scene was set for a mobile standards war, and Steve Ballmer staked his professional pride on winning it. Microsoft recruited Nokia to help out. [...]

Under [Executive VP of Microsoft Stephen Elop's] leadership, a closer working relationship with Microsoft was a given -- but in 2013 Redmond announced it was going the whole hog and buying Nokia's handset business outright for $7.2 billion. The deal was done in April 2014, a decade ago from today. Microsoft also got a ten-year license on Nokia's patents and the option to renew in perpetuity. It also got Elop back, as executive vice president of the Microsoft Devices Group. That meant stepping down as CEO of Nokia, for which he trousered an 18.8 million bonus package -- a payoff the Finnish prime minister at the time called "outrageous." Nokia retained its networking business in Finland. It purchased Siemens' half of the Nokia Siemens Networks joint venture and renamed in Nokia Networks. The Nokia board rolled the dice again on hiring another non-Suomi manager, Rajeev Suri, and this time hit a double D20 in D&D terms.

When Ballmer stepped down from the helm at Microsoft in 2014 -- shortly before the Nokia deal completion -- he left a hot mess to deal with. His plan had been to develop the mobile operating system in conjunction with Windows 10, and Windows Mobile 10 was supposed to be a part of a unified code environment. While Windows 10 on the desktop wasn't a bad operating system, Windows Mobile 10 really was. The promised synergy just didn't happen -- it was power-hungry, clunky, and about as popular as a rattlesnake in a pinata. It was this mess that Satya Nadella faced when he took over the reins. Nadella was never very keen on the phone platform and spent more time in press conferences talking about cricket or the cloud than Microsoft's mobile ambitions. It was clear to all that this really wasn't working. Elop was laid off by Redmond a year later.

It was clear that Windows Mobile wasn't going to work. Android and iOS were drinking Microsoft's milkshake, and Redmond realized the game was up. Microsoft started shedding mobile jobs -- both in Finland and Redmond. While mobile was still publicly touted as the way forward for Microsoft with Ballmer gone, the impetus wasn't there and support for the mobile OS shriveled. In 2015 Microsoft declared it was writing off $7.6 billion on the Phone Hardware division as "goodwill and asset impairment charges" -- $400 million more than it had originally paid for the Finnish firm. Nokia bought European networking giant Alcatel-Lucent in a $16.7 billion deal in 2015. Around the same time, Suri announced a move into tablets, since it had a non-compete agreement with Microsoft on mobiles. Meanwhile a bunch of former Nokia execs who'd fled Elop and Microsoft had started a mobile biz of their own: HMD. It was Finnish, but outsourced production to Foxconn in China, and was planning to make cheapish Android devices. In 2016 Microsoft sold its mobile hardware arm to HMD for an undisclosed -- but probably not large -- sum. Nadella clearly wanted out of the whole business and the Finnish startup concentrated on selling good-enough Android smartphones to Nokia's traditional cheap markets.

The Internet

Novel Attack Against Virtually All VPN Apps Neuters Their Entire Purpose (arstechnica.com) 114

Researchers have discovered a new attack that can force VPN applications to route traffic outside the encrypted tunnel, thereby exposing the user's traffic to potential snooping or manipulation. This vulnerability, named TunnelVision, is found in almost all VPNs on non-Linux and non-Android systems. It's believe that the vulnerability "may have been possible since 2002 and may already have been discovered and used in the wild since then," reports Ars Technica. From the report: The effect of TunnelVision is "the victim's traffic is now decloaked and being routed through the attacker directly," a video demonstration explained. "The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet." The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. [...]

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It's also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server. The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that's diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app.

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn't in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device.
You can learn more about the research here.

Slashdot Top Deals