×
Cellphones

Pine64 Announces Updated PinePhone Pro Linux Powered Cellphone (tomshardware.com) 30

Pine64 today announced its latest Linux-powered device, the PinePhone Pro, an update to the original PinePhone which sees a more powerful device running mainline Linux (Manjaro in this case) on a mobile device that works as a cellphone and a desktop computer. Tom's Hardware reports: This combination of hardware and software makes the still slightly futuristic idea of confluence between mobile and desktop devices seem a step closer. Carry it around with you, and it's a phone. Plug it into a monitor, and it's a desktop PC. The KDE Plasma Mobile front-end adapts to the circumstances. Inside, it's much like any other phone, with a Rockchip RK3399S six-core SoC operating at 1.5GHz, 4GB of dual-channel LPDDR4 RAM, and 128GB of internal eMMC flash storage. It features a 13MP main camera sensor and a 5MP front-facing camera. There's a Micro-SD slot for expanded storage, and a six-inch 1440 x 720 IPS touchscreen. The PinePhone Pro is not a typical cell phone, rather the concept of convergence, the ability to use your phone as a computer is intriguing. Plug your PinePhone Pro into an external display and use it as a low-power desktop computer is something that has been attempted by a number of companies, including Canonical's attempt with Ubuntu Edge.

PinePhone Pro offers something that is missing from the majority of phones, privacy. A series of hardware DIP-switches, hidden under a rear cover, cut off access to the cameras, microphone, Wi-Fi 5 and Bluetooth 4.1 chips, headphone jack, and LTE modem (including GPS) should you ever need to. The layout and Pogo Pins of the new phone are identical to the original PinePhone, so all existing accessories should work. Retailing at $399, the PinePhone Pro's makers are realistic about the challenges of putting desktop Linux on a mobile device, especially in an ecosystem dominated by iOS and Android.

Google

Google Modernizes US Mobile Search Results With Continuous Scrolling (techcrunch.com) 25

Google has announced that it's changing the way search works on mobile devices, initially in the U.S. From a report: Now, when you reach the bottom of a set of search results on your phone, you won't have to tap to go to the next page. Instead, the next set of results will automatically load so you can continuously scroll down to see more information. The change will roll out on the mobile web and will be supported on the Google mobile app for both iOS and Android in the U.S. for most English-language searches for the time being. Because it's a staggered release, you may initially encounter some results which scroll and others that do not.
Android

Apple Argues Against Allowing App Sideloading By Pointing Out Android's Malware Figures (therecord.media) 66

Apple said today that one of the reasons it does not allow app sideloading or the use of third-party app stores on iOS is because of privacy and security reasons, pointing to the fact that Android sees between 15 to 47 times more malware compared to its app ecosystem. The Record reports: Apple says that the reason its iOS devices are locked into the App Store as the only way to install applications is for security reasons, as this allows its security teams to scan applications for malicious content before they reach users. Apple cited statements from multiple sources (DHS, ENISA, Europol, Interpol, NIST, Kaspersky, Wandera, and Norton), all of which had previously warned users against installing apps from outside official app stores, a process known as app sideloading.

Apple's report then goes on to list multiple malware campaigns targeting Android devices where the threat actors asked users to sideload malicious apps hosted on internet sites or third-party app stores. [...] The list includes a host of threats, such as mundane adware, dangerous ransomware, funds-stealing banking trojans, commercial spyware, and even nation-state malware, which Apple said threat actors have spread by exploiting the loophole in Android's app installation process that allows anyone to install apps from anywhere on the internet. Today's 31-page report (PDF) is the second iteration of the same report, with a first version (PDF) being published back in June, shortly after EU authorities announced their investigation.

Google

Google Says Fortnite's In-app Purchase Swap Was a Breach of Contract, Sues Epic (arstechnica.com) 49

Epic Games keeps piling up lawsuits with app store owners. This time, Google is countersuing Epic for breach of contract. From a report: Epic signed contracts with both Google and Apple, pledging to use the default payment systems for in-app purchases. As part of its push for more open payment systems, though (and to dodge each platform's 30 percent fee), Epic boldly pushed out updates to the Android and iOS apps that switched the payment processing from the platforms' in-app purchases to Epic's in-house system. Google and Apple both allege this action was a breach of their app store contracts with Epic.

Apple sued and got its ruling last month. Epic was ordered to pay $3.65 million in damages, covering Apple's lost revenue from Epic's three months of self-powered payments. Following that ruling, Google wants its missing money, too, and now it's countersuing Epic, hoping for a similar ruling. Google's suit reads, "Epic willfully breached the DDA [Developer Distribution Agreement] by submitting a version of Fortnite for publication on Google Play with a payment method other than Google Play Billing for purchases of in-app content. By doing this, Epic denied Google its service fee under the DDA for any purchases made through the app outside of Google Play Billing." Google continues: "The users that downloaded the non-compliant version of Fortnite before its removal from Google Play are still able to use Epic's hotfixed external payment mechanism to make in-app purchases -- allowing Epic to evade its contractually agreed service fee to Google for those purchases." Google argues that "Epic has alternatively been unjustly enriched at Google's expense" and is seeking restitution of its missing earnings and damages.

Android

Study Reveals Android Phones Constantly Snoop On Their Users (bleepingcomputer.com) 113

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table.

It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these.
In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."
Cloud

Is It Time to Stop Paying For a VPN? (bdnews24.com) 113

"I'm done with paying for a virtual private network," writes the New York Times' lead consumer technology writer. [Alternate URLs here and here.] The reality is that web security has improved so much in the last few years that VPN services, which charge monthly subscription fees that cost as much as Netflix, offer superfluous protection for most people concerned about privacy, some security researchers said.

Many of the most popular VPN services are now also less trustworthy than in the past because they have been bought by larger companies with shady track records. That's a deal-breaker when it comes to using a VPN service, which intercepts our internet traffic. If you can't trust a product that claims to protect your privacy, what good is it? "Trusting these people is really critical," Matthew Green, a computer scientist who studies encryption, said about VPN providers. "There's no good way to know what they're doing with your data, which they have huge amounts of control over...."

As a mainstream privacy tool, it's no longer an ideal solution. This sent me down a rabbit hole of seeking alternatives to paying for a VPN. I ended up using some web tools to create my own private network [on the cloud] for free, which wasn't easy... Not only is it free to use, but I no longer have to worry about trust because the operator of the technology is me.

"But I also learned that many casual users may not even need a VPN anymore," the article concludes. (Unless you're living in an authoritarian country and trying to reach information beyond its firewall.) One cybersecurity firm tells the Times that journalists with sensitive contacts or business executives carrying trade secrets might also still benefit from a VPN. But (according to the firm) the rest of us can just try two-factor authentication and keeping all of our software up-to-date. (And if you'd rather not use a public wifi network — use your phone as a mobile hot spot.)

The article also notes that 95% of the top 1,000 websites are now already encrypted with HTTPS, according to W3Techs.

It also points out that one VPN company accused of developing malware nonetheless spent close to a billion dollars to buy at least four other VPN services — and then also bought several VPN review sites, which then give top ratings to VPN services it owns...
Chrome

Chrome Attempts to Resurrect RSS With a New-Tab Feature That 'Follows' Your Favorite Sites (gizmodo.com) 16

It's kind of like an RSS feed — and kind of not. Google now lets you "follow" your favorite web sites with Android versions of Chrome, reports Gizmodo: The feature has a similar effect to following an account on Twitter or Instagram, except you get content updates through Chrome on the new tab page.

The ability is widely available to anyone on Android running the latest version of Chrome 94 that was pushed out to the Play Store at the end of September.

Google introduced the ability earlier this year through the experimental Canary version of Chrome on Android. A Google spokesperson said at the time that the company planned to return to surfacing content through RSS feeds so that it could populate the aforementioned Following section for its users. The ability shows up in the overflow menu on the stable version of Chrome for Android. But since it's still rolling out, you might need to enable it manually. In Chrome for Android, type in chrome://flags in the link bar to reveal the browser's hidden settings. Then, search for web feed and select the singular enabled option to turn it on....

Chrome's director of engineering Adrienne Porter Felt tweeted on Friday that iOS users should expect the feature sometime next year.

Privacy

iPhone Apps No Better For Privacy Than Android, Oxford Study Finds (tomsguide.com) 22

An anonymous reader quotes a report from Tom's Guide: A new survey has reached a startling conclusion: iPhone apps tend to violate your privacy just as often as Android apps do. "Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied," say the academic paper entitled "Are iPhones Really Better for Privacy?" and presented by researchers from the University of Oxford. "While it has been argued that the choice of smartphone architecture might protect user privacy, no clear winner between iOS and Android emerges from our analysis," the paper adds. "Data sharing for tracking purposes was common on both platforms." There's one big caveat regarding the new study: It was conducted before the introduction of iOS 14.5 in April 2021, which made opt-in to tracking and app privacy labels mandatory on iPhones.

The researchers analyzed the code, permissions and network traffic of 12,000 randomly selected free apps from each platform that had been updated or released in 2018 or later. Each app was run on a real device, either a first-generation iPhone SE running iOS 14.2 or a Google Nexus 5 running Android 7 Nougat. They found that nearly all (89%) of the Android apps contained at least one tracking library, which was almost always Google Play Services. The numbers weren't much lower on iOS, where 79% of apps had at least one tracking library, most likely Apple's own SKADNetwork, which tracks which ads a user clicks on. However, 62% of iOS apps also ran Google's AdMob ad tracking library, followed by 54% of iOS apps (and 58% of Android apps) running Google Firebase. Facebook trackers were in 28% of Android apps and 26% of iOS ones. In fact, most apps on either platforms -- 90% of Android apps and more than 60% of iOS -- shared data with tracking companies owned by Google. Almost all tracking companies observed were based in the U.S. About 9.5% of iOS apps and 5% of Android ones used Chinese-based trackers; 7.5% of iOS apps and 2% of Android ones used Indian trackers.
The team commended Apple for making it possible for iPhone users to block the temporary advertising IDs that flag your phone to advertisers, but the team also saw an ulterior motive on Apple's part. "Apple's crackdown on Ad ID use could be interpreted as an attempt to divert revenue from Google and other advertising providers, and motivate the use of alternative monetization models -- which are more lucrative for Apple," the Oxford research paper states. "Apple has arguably placed a larger emphasis on privacy, seeking to gain a competitive advantage by appealing to privacy-concerned consumers."
Iphone

Google Exec Calls on Apple To Adopt Better, More Secure Text Messaging (cultofmac.com) 66

Google executive Hiroshi Lockheimer has called on Apple to adopt the Rich Communication Services (RCS) protocol that would enable improved and more secure messaging between iPhone and Android devices. From a report: RCS brings a number of modern features -- including support for audio messages, group chats, typing indicators and read receipts -- and end-to-end encryption to traditional text messaging. But it's unlikely Apple will play ball.

[...] Lockheimer, senior vice president for Android, has encouraged the company to change its mind. In response to a tweet about how group chats are incompatible between iPhone and Android devices, Lockheimer said, "group chats don't need to break this way. There exists a Really Clear Solution." "Here's an open invitation to the folks who can make this right: we are here to help." Lockheimer doesn't mention Apple specifically, but it's clear that the "folks" he is referring to are those in Cupertino, who have been against RCS.

Japan

Apple and Google Under Antitrust Scrutiny in Japan for Mobile OS (nikkei.com) 9

Japan's Fair Trade Commission will investigate whether Apple and Google are leveraging their dominance in the smartphone operating system market to eliminate competition and severely limit options for consumers. From a report: The study will involve interviews and surveys with OS operators, app developers and smartphone users, commission Secretary-General Shuichi Sugahisa told reporters Wednesday. The initiative will explore market conditions not only for smartphones, but for smartwatches and other wearables. The antitrust watchdog will compile a report outlining OS market structure and the reason why competition has remained static. The commission will work with the central government's Digital Market Competition Council, which is moving forward with its own market probe. Practices found to be anticompetitive will be itemized in the report, along with possible violations of Japan's law against monopolies. In February, the government implemented the Act on Improving Transparency and Fairness of Digital Platforms. If officials decide that the law applies to the OS market, OS operators will be told to submit regular reports on transactions to the Ministry of Economy, Trade and Industry. In Japan, Apple's iOS commands a nearly 70% share among smartphone operating systems while Android's share stands at 30%. Any developer of apps -- whether they specialize in music, streaming videos, e-books or mobile games -- need to match the software with specifications of the operating systems if they want to appear on smartphones.
Media

Instagram Ditches the IGTV Brand, Combines Everything But Reels Into An 'Instagram Video' Format (techcrunch.com) 9

On Tuesday, Instagram announced that it will now combine IGTV's long-form video and Instagram Feed videos into a new format called simply "Instagram Video." TechCrunch reports: These videos, both longer and shorter, will be found on users' profiles in a new "Video" tab. Meanwhile, when people encounter videos on Instagram, they'll be able to tap anywhere on the video to enter into a fullscreen viewing mode. After watching, they can then choose to keep scrolling to discover more video content from creators or tap the back button to exit. None of these changes will impact what Instagram is doing with Reels, though. The company's short-form video platform and TikTok rival will continue to remain separate, we're told. They won't be mixed into this feed of videos, if users choose to scroll.

The IGTV app, however, isn't going away. Instagram tells us it will now be rebranded as "Instagram Video" and will host the "Instagram Video" formatted content, along with Instagram Live videos. But it will not host Reels videos. With today's update, users will still be able to upload their non-Reels videos in the same way as before -- by clicking on the plus sign (+) in the top-right corner of the Instagram home page and selecting "Post." Videos can be up to 60 minutes in length. Instagram is also adding new features like trimming, filters, and people and location tagging as part of the updated upload experience. [...] Instagram's goal with these changes will be a more streamlined video experience. Instagram says the changes are rolling out globally starting today across both iOS and Android.

Google

Google Is About To Turn On Two-Factor Authentication By Default For Millions of Users (theverge.com) 108

Google is reminding us that it will enable two-factor authentication for 150 million more accounts by the end of this year. The Verge reports: In 2018, Google said that only 10 percent of its active accounts were using two-factor authentication. It has been pushing, prodding, and encouraging people to enable the setting ever since. Another prong of the effort will require more than 2 million YouTube creators to turn on two-factor authentication to protect their channels from takeover. Google says it has partnered with organizations to give away more than 10,000 hardware security keys every year. Its push for two-factor has made the technology readily available on your phone whether you use Android or iPhone.

A tool that also helps users keep their accounts secure is using a password manager, and Google now says that it checks over a billion passwords a day via its built-in manager for Chrome, Android, and the Google app. The password manager is also available on iOS, where Chrome can autofill logins for other apps. Google says that soon it will help you generate passwords for other apps, making things even more straightforward. Also coming soon is the ability to see all of your saved passwords directly from the Google app menu. Last but not least, Google is highlighting its Inactive Account Manager. This is a set of decisions to make about what happens to your account if you decide to stop using it or are no longer around and able to make those decisions.

Android

Google Releases Android 12 To AOSP, But No Pixel Launch Today (9to5google.com) 14

In a significant departure from previous years, Google today rolled out Android 12 to AOSP but did not launch any devices, including Pixel phones. "Today we're pushing the source to the Android Open Source Project (AOSP) and officially releasing the latest version of Android," [said Dave Burke, VP of Engineering, in a blog post. "Keep an eye out for Android 12 coming to a device near you starting with Pixel in the next few weeks and Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices later this year." 9to5Google reports: Traditionally, the AOSP launch of the next version of Android coincides with day one availability for Google phones. That is not the case this year, with Google only revealing that Pixel phones can expect an update in the "next few weeks." Google says over 225,000 people tested Android 12 over the course of the developer previews and betas. [...] Google officially highlights four Android 12 tentpoles for developers as part of today's AOSP availability. This starts with a "new UI for Android" that incorporates Material You (referred to today as "Material Design 3"), redesigned widgets, Notification UI updates, and App launch splash screens.

In terms of "Performance," Google says it has "reduced the CPU time used by core system services by 22% and the use of big cores by 15%." We've also improved app startup times and optimized I/O for faster app loading, and for database queries we've improved CursorWindow by as much as 49x for large windows. "More responsive notifications" are achieved by restricting notification trampolines, with Google Photos launching 34% faster after this change. Other changes include Optimized foreground services, Performance classes for devices, and Faster machine learning. "Privacy" is led by the new Settings Dashboard, the ability to only grant apps Approximate location, and a new Nearby devices permission for setting up wearables and other smart home accessories without granting location access. There are also the microphone and camera indicators/toggles. Developers can take advantage of "Better user experience tools" like new APIs to better support rounded screen corners, rich content insertion, AVIF images, enhanced haptics, and new camera/sensor effects. There's also Compatible media transcoding, better debugging, and an Android 12 for Games push.

Bug

Researcher Refuses Telegram's Bounty Award, Discloses Auto-Delete Bug (arstechnica.com) 6

An anonymous reader quotes a report from Ars Technica: Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn't pleased with Telegram's months-long turnaround time -- and an offered $1,159 bounty award in exchange for his silence. In February 2021, Telegram introduced a set of such auto-deletion features in its 2.6 release: Set messages to auto-delete for everyone 24 hours or 7 days after sending; Control auto-delete settings in any of your chats, as well as in groups and channels where you are an admin; and To enable auto-delete, right-click on the chat in the chat list > Clear History > Enable Auto-Delete. But in a few days, mononymous researcher Dmitrii discovered a concerning flaw in how the Telegram Android app had implemented self-destruction.

Messages that should be auto-deleted from participants in private and private group chats were only 'deleted' visually [in the messaging window], but in reality, picture messages remained on the device [in] the cache," the researcher wrote in a roughly translated blog post published last week. Tracked as CVE-2021-41861, the flaw is rather simple. In the Telegram Android app versions 7.5.0 to 7.8.0, self-destructed images remain on the device in the /Storage/Emulated/0/Telegram/Telegram Image directory after approximately two to four uses of the self-destruct feature. But the UI appears to indicate to the user that the media was properly destroyed.

But for a simple bug like this, it wasn't easy to get Telegram's attention, Dmitrii explained. The researcher contacted Telegram in early March. And after a series of emails and text correspondence between the researcher and Telegram spanning months, the company reached out to Dmitrii in September, finally confirming the existence of the bug and collaborating with the researcher during beta testing. For his efforts, Dmitrii was offered a $1,159 bug bounty reward. Since then, the researcher claims he has been ghosted by Telegram, which has given no response and no reward. "I have not received the promised reward from Telegram in [$1,159] or any other," he wrote.

Android

Samsung Removes Ads From Its One UI Android Apps (9to5google.com) 16

After years of Samsung filling up its stock apps with ads, the company is finally stopping that practice. As of today, Samsung Pay, Weather, and Health have officially stopped serving ads. 9to5Google reports: Users in the Samsung Community Forums found that ads had suddenly disappeared from the Samsung Pay app, and an investigation from the folks over at TizenHelp unearthed a comment from a Samsung employee that confirms some good news. As of today, October 1, Samsung has stopped serving ads to Samsung Pay and Samsung Health. Samsung has technically only confirmed this change in its home country, but we're seeing the changes in the United States as well. Notably, force stopping these apps seems to force the ads to be removed, just in case they're still live for you.
Cellphones

Fairphone's Latest Sustainable Smartphone Comes With a Five-Year Warranty (theverge.com) 65

New submitter thegreatnick writes: The next generation of Fairphone -- an attempt to make an ethical smartphone -- has been announced with the Fairphone 4. The base specs include a Qualcomm Snapdragon 750G SoC, 6GB of RAM, and 128GB of storage (upgradeable to 8GB and 256GB). On the front, you'll get a 6.3-inch, 2340x1080 LCD display with slimmer bezels (compared to the Fairphone 3 design) and a teardrop notch for the 25-megapixel front camera. The 3,905mAh battery is Qualcomm Quick Charge 4.1 compatible, so if you have a compatible USB-C charger (not included in the box to reduce waste) you can take the battery from 0-50% in 30 minutes. The phone ships with Android 11 and has a side-mounted fingerprint reader in the power button, a MicroSD slot, and the option for dual-SIM usage via one physical nanoSIM and an eSIM.

Continuing Fairphone's progress in making a "fair" supply chain -- both ethically-clean raw materials and paying workers a fair wage -- it also describes the 4 as "e-waste neutral." This is a neat way of summing up the idea that the company will recycle one device for every Fairphone 4 it sells. In addition, Fairphone can boast that it now uses 70% "fair" materials inside the handset, including FairTrade Gold and Silver, aluminum from ASI-certified vendors, and a backplate made from 100% post-consumer recycled polycarbonate. In an upgrade to previous models, the Fairphone 4 has dual cameras, though it loses the headphone jack. The company says this was to achieve an IP54 waterproof rating (light splashes) -- a first for the Fairphone brand. It's also been announced that it will come with an industry-leading 5-year warranty and aims to get 6 years of software updates for the phone.

EU

Google Urges EU Judges To Cut or Cancel a 'Staggering' $5 Billion Fine (bloomberg.com) 45

Google called on European Union judges to cut or cancel a "staggering" 4.3 billion euro ($5 billion) antitrust fine because the search giant never intended to harm rivals. From a report: The company "could not have known its conduct was an abuse" when it struck contracts with Android mobile phone makers that required them to take its search and web-browser apps, Google lawyer Genevra Forwood told the EU's General Court in Luxembourg. The search-giant's power over mobile phones is the focus of a week-long court hearing. Google's lawyers are arguing that the European Commission blundered by demanding changes to allegedly anti-competitive contracts with suppliers of phones running its Android operating system -- the engine room for the vast majority of mobile devices in the region. At the very least the court should "dial down" the fine, an EU record, because it was wrongly based on advertising revenue from Google's home page that isn't directly linked to Android phones at the heart of the EU's decision, Forwood said. The European Commission's lawyer, Anthony Dawes, scoffed at Google's plea, saying the fine was a mere 4.5% of the company's revenue in 2017, well below a 10% cap.
Google

Google Maps Tracks Global Warming With New 'Fire' Layer, Tree Canopy Tool (arstechnica.com) 55

Google Maps is getting a few new features to help people better understand our burning planet. Ars Technica reports: The first is a new "fire" layer in the main map view, which will let you view the exact boundaries of a wildfire just as easily as you can look up the current traffic patterns. Google has done fire information before as part of the "crisis response" website, but with climate change making "Fire Season" a yearly occurrence in dry areas like Australia and the Western U.S., wildfires will now be a top-level Maps feature.

Google says the new fire level will bring "all of Google's wildfire information together" in an easy interface. In the US, it will also pull in data from the National Interagency Fire Center (NIFC), and the company says it wants to expand fire detail with other government agencies, starting with Australia in "the coming months." Wildfire boundaries should be updated on an hourly basis, and Google says you'll be able to tap on a fire to see information from local governments, like "emergency websites, phone numbers for help and information, and evacuation details. When available, you can also see important details about the fire, such as its containment, how many acres have burned, and when all this information was last reported." The fire layout is rolling out to Android this week, with iOS and desktop coming in October.

Google also announced it's going to expand the Tree Canopy tool it launched in 2020. This Google Maps tool combines Google's plethora of aerial imagery with computer vision AI to generate a map that shows tree cover in cities. Today's announced expansion will increase the Tree Canopy imagery from 15 cities to 100 cities worldwide. Google wants city planners to use the Tree Canopy tool to combat the phenomena of urban heat islands, where miles of asphalt and a dearth of shade from trees can cause cities to be significantly hotter than the surrounding areas. Google says heat islands "disproportionately impact lower-income communities and contribute to a number of public health concerns -- from poor air quality to dehydration. With Tree Canopy data, local governments have free access to insights about where to plant trees to increase shade, reduce heat and mitigate these adverse effects."

Android

New GriftHorse Malware Infects More Than 10 Million Android Phones (therecord.media) 30

Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis. The Record reports: Discovered by mobile security firm Zimperium, the new GriftHorse malware has been distributed via benign-looking apps uploaded on the official Google Play Store and on third-party Android app stores. If users install any of these malicious apps, GriftHorse starts peppering users with popups and notifications that offer various prizes and special offers. Users who tap on these notifications are redirected to an online page where they are asked to confirm their phone number in order to access the offer. But, in reality, users are subscribing themselves to premium SMS services that charge over $35 per month, money that are later redirected into the GriftHorse operators' pockets.

Zimperium researchers Aazim Yaswant & Nipun Gupta, who have been tracking the GriftHorse malware for months, described it as "one of the most widespread campaigns the zLabs threat research team has witnessed in 2021." Based on what they've seen until now, the researchers estimated that the GriftHorse gang is currently making between $1.5 million to $4 million per month from their scheme.

Security

Apple AirTag Bug Enables 'Good Samaritan' Attack (krebsonsecurity.com) 29

An anonymous reader quotes a report from Krebs On Security: The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner's phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page -- or to any other malicious website. The AirTag's "Lost Mode" lets users alert Apple when an AirTag is missing. Setting it to Lost Mode generates a unique URL at https://found.apple.com/ and allows the user to enter a personal message and contact phone number. Anyone who finds the AirTag and scans it with an Apple or Android phone will immediately see that unique Apple URL with the owner's message.

When scanned, an AirTag in Lost Mode will present a short message asking the finder to call the owner at at their specified phone number. This information pops up without asking the finder to log in or provide any personal information. But your average Good Samaritan might not know this. That's important because Apple's Lost Mode doesn't currently stop users from injecting arbitrary computer code into its phone number field -- such as code that causes the Good Samaritan's device to visit a phony Apple iCloud login page. The vulnerability was discovered and reported to Apple by Bobby Rauch, a security consultant and penetration tester based in Boston. Rauch told KrebsOnSecurity the AirTag weakness makes the devices cheap and possibly very effective physical trojan horses.

Slashdot Top Deals