×
Security

How a Security Researcher Took Over a Hotel's IoT Devices (zdnet.com) 36

"The moment you network IoT and hand over control to third parties, you may also give individuals the keys to a digital kingdom — and the ability to cause mischief, or worse," writes ZDNet.

For example, at a hotel where guests control the devices in their room with an iPod Touch... Speaking at Black Hat USA, Las Vegas, security consultant Kya Supa from LEXFO explained how a chain of security weaknesses were combined and exploited to gain control of rooms at a capsule hotel, a budget-friendly type of hotel offering extremely small — and, therefore, cozy — spaces to guests, who are stacked side-by-side... A neighbor, "Bob," kept waking Supa up by making loud phone calls in the early hours of the morning. While Bob had agreed to keep it down, he did not keep his promise — and the researcher set to work since he needed his sleep, especially during his vacation. The first thing Supa did was to explore his room, finding an emergency light installed for safety reasons; a Nasnos automaton center for use in controlling products in case the iPod Touch was lost; an electric motor used to manage the incline of the capsule's bed; and a Nasnos router, hidden in the wall.

If you connected to the router via a smartphone, it was then possible to control other devices on the network, and this was the setup the hotel chose to use... Supa found that two networks were connected — the hotel Wi-Fi and the router. To retrieve the router key, Supa targeted WEP, a protocol that has been known to be weak for years. Access points, each being one of the bedrooms, were found. Supa inspected the traffic and found weak credentials in place — "123" — and you can guess the rest...

By using an Android smartphone, the iPod Touch, and a laptop, the researcher created a Man-in-The-Middle (MiTM) architecture and inspected the network traffic. No encryption was found and he created a simple program to tamper with these connections, allowing the researcher to seize control of his bedroom through his laptop... Now that he could "control every bedroom," and Bob was still there, Supa then tampered with the lights of different bedrooms until he found the right one. He created a script that, every two hours, would change the bed into a sofa and turn the lights on and off. The script was launched at midnight. We can probably assume Bob did not enjoy his stay.

"I hope he will be more respectful in the future," Supa commented.

Businesses

Huawei Chairman Says the 'Aim Is To Survive' As Revenue Slides 29% (cnbc.com) 28

The chairman of Huawei said the Chinese technology company's "aim is to survive" as revenue fell almost 30% in the first half of the year. CNBC reports: The Shenzhen-headquartered company, which was put on the U.S. trade blacklist in 2019, announced Friday that it generated 320.4 billion yuan ($49.6 billion) in revenue in the first half of 2021. It's a significant fall from the 454 billion yuan that Huawei recorded in the first half of 2020. Huawei said its profit margin grew 0.6% to 9.8%, largely as a result of efficiency improvements, and added that the overall performance was in line with forecasts. Eric Xu, Huawei's rotating chairman, said in a statement that the company had set its strategic goals for the next five years. "Our aim is to survive, and to do so sustainably," he said.

Former U.S. President Donald Trump put Huawei on an export blacklist in 2019, a move that prevents American firms from doing business with it. For instance, Google was no longer allowed to license its Android mobile operating system to Huawei. The blacklist blocks U.S. companies from selling or transferring technology to Huawei unless they are granted a special license. It has hampered Huawei's ability to design its own chips and source other components. Xu said in April that Huawei has ramped up its research and development investment as part of its efforts to "keep the company afloat, to address supply continuity challenges caused by U.S. bans, and to pursue sustainability well into the future."

Google

Google Considered Buying 'Some or All' of Epic During Fortnite Clash, Court Documents Say (theverge.com) 16

Google considered buying Epic Games as the companies sparred over Epic's Fortnite Android app, according to newly unsealed court filings. From a report: Last night, Google lifted some of its redactions in Epic's antitrust complaint against Google, which Epic amended and refiled last month. The complaint still omits many details about Google's dealings with specific companies, but the new details reflect internal Google communications about competition on the Android platform. Epic claims Google was threatened by its plans to sidestep Google's official Play Store commission by distributing Fortnite through other channels, and in an unredacted segment, it quotes an internal Google document calling Epic's plans a "contagion" threatening Google.

Here's Epic's description of the situation: "Google has gone so far as to share its monopoly profits with business partners to secure their agreement to fence out competition, has developed a series of internal projects to address the 'contagion' it perceived from efforts by Epic and others to offer consumers and developers competitive alternatives, and has even contemplated buying some or all of Epic to squelch this threat."

Education

Colleges Across the US and Canada Are Adopting Virtual Student IDs (theverge.com) 49

Apple Wallet is expanding access to its contactless student IDs, a feature it first debuted in 2018. A number of U.S. universities are adopting the new format for the first time. Apple Wallet student IDs will also arrive in Canada later this fall. The Verge reports: The University of New Brunswick and Sheridan College will be the first two Canadian schools to use Apple Wallet IDs. The new US roster includes Auburn, Northern Arizona University, University of Maine, and New Mexico State University, in addition to "many more colleges across the country." The University of Alabama, one of the program's early adopters, will also be the first school to issue exclusively mobile student IDs (to students with eligible devices) this fall. (Those with Android phones can use the digital cards through Google Pay.) Apple claims that "tens of thousands of college students" will have access to the feature during this upcoming school year.

In theory, the virtual student ID should offer all the functionality of a regular student ID -- holders can access restricted areas of campus or pay for amenities like food and laundry by placing their iPhone or Apple Watch near a physical reader. Transaction history isn't shared with Apple or stored on Apple's servers.

Medicine

NYC Will Require Vaccines For Entry To Restaurants and Gyms; Requirement Can Be Met With An App (theverge.com) 492

Mayor Bill de Blasio announced today that New York City will become the first major U.S. city to require proof of vaccination to enter all restaurants, fitness centers and indoor entertainment venues. "If you're unvaccinated, unfortunately, you will not be able to participate in many things," de Blasio said. "If you want to participate in our society fully, you've got to get vaccinated." As The Verge reports, "New Yorkers can meet those requirements by carrying their vaccination card or scanning and storing it in one of two authorized mobile apps." From the report: The spread of the highly contagious Delta variant is being cited as a reason to increase restrictions without returning to a full lockdown or other measures. The program is scheduled to launch on August 13th, with enforcement slated to start on September 13th. It doesn't introduce any new documentation; the name is a reference to it serving as a "key" to the city's recovery.

Workers and patrons can confirm their vaccination status (at least one dose administered) in one of three ways: Vaccination card; NYC COVID Safe exposure notification app (iOS, Android); or NYS Excelsior Pass app.

Android

Google Will Kill Off Very Old Versions of Android Next Month (arstechnica.com) 47

An anonymous reader quotes a report from Ars Technica: Google has started emailing users of very old Android devices to tell them it's time to say goodbye. Starting September 27, devices running Android 2.3.7 and lower will no longer be able to log in to Google services, effectively killing a big portion of the on-rails Android experience. As Google puts it in an official community post, "If you sign in to your device after September 27, you may get username or password errors when you try to use Google products and services like Gmail, YouTube, and Maps." Android is one of the most cloud-based operating systems ever. Especially in older versions, many included apps and services were tied to your Google login, and if that stops working, a large chunk of your phone is bricked. While Android can update many core components without shipping a full system update today, Android 2.3.7 Gingerbread, released around 10 years ago, was not so modular.

The individual Google apps started to be updatable through the Android Market/Play Store, but signing in to Google was still a system-level service and is frozen in time. Any Google services wanting to allow sign-ins from those versions would have to conform to 2011-era security standards, which means turning off two-factor authentication and enabling a special "allow less-secure access" setting in your Google account. Really, these old Android versions have to die eventually because they're just too insecure. Google shows active user base breakdowns for Android versions in Android Studio, and Gingerbread has such a low device count that it doesn't even make the list. It's less than 0.2 percent of active devices, behind 14 other versions of Android. Users of these old devices could still sideload a third-party app store and find replacements for all the Google apps, but if you're a technical user and can't get a new device, there's a good chance you could load a whole new operating system with an aftermarket Android ROM. After September 27, the oldest version of Android you'll be able to sign in to is Android 3.0 Honeycomb, which is only for tablets.

Privacy

Pegasus Spyware Found On Journalists' Phones, French Intelligence Confirms (theguardian.com) 50

French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country's international television station France 24. Pegasus is the hacking software -- or spyware -- that is developed, marketed and licensed to governments around the world by NSO Group. The malware has the capability to infect billions of phones running either iOS or Android operating systems. It enables operators of the spyware to extract messages, photos and emails, record calls and secretly activate microphones. The Guardian reports: It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project -- a consortium of 17 media outlets, including the Guardian. Forbidden Stories, a Paris-based nonprofit media organization, and Amnesty International initially had access to a leaked list of 50,000 numbers that, it is believed, have been identified as those of people of interest by clients of Israeli firm NSO Group since 2016, and shared access with their media partners.

France's national agency for information systems security (Anssi) identified digital traces of NSO Group's hacking spyware on the television journalist's phone and relayed its findings to the Paris public prosecutor's office, which is overseeing the investigation into possible hacking. Anssi also found Pegasus on telephones belonging to Lenaig Bredoux, an investigative journalist at the French investigative website Mediapart, and the site's director, Edwy Plenel. Forbidden Stories believes at least 180 journalists worldwide may have been selected as people of interest in advance of possible surveillance by government clients of NSO.

Le Monde reported that the France 24 journalist, based in Paris, had been selected for "eventually putting under surveillance." Police experts discovered the spyware had been used to target the journalist's phone three times: in May 2019, September 2020 and January 2021, the paper said. Bredoux told the Guardian that investigators had found traces of Pegasus spyware on both her and Plenel's mobile phones. She said the confirmation of long-held suspicions that they had been targeted contradicted the repeated denials of those who were believed to be behind the attempt to spy on them.

Privacy

Google Play Gets Mandatory App Privacy Labels In April 2022 (arstechnica.com) 13

An anonymous reader quotes a report from Ars Technica: In iOS 14, Apple added a "privacy" section to the app store, requiring app developers to list the data they collect and how they use it. Google -- which was one of the biggest targets of Apple's privacy nutrition labels and delayed app updates for months to avoid complying with the policy -- is now aping the feature for Google Play. Google posted a demo of what the Google Play "Data privacy & security" section will look like, and it contains everything you'd expect if you've looked at the App Store lately. There's information on what data apps collect, whether or not the apps share the data with third parties, and how the data is stored. Developers can also explain what the data is used for and if data collection is required to use the app. The section also lists whether or not the collected data is encrypted, if the user can delete the data, and if the app follows Google's "Families" policy (meaning all the usual COPPA stuff).

Google Play's privacy section will be mandatory for all developers in April 2022, and starting in October, Google says developers can start populating information in the Google Play Console "for review." Google also says that in April, all apps will need to supply a privacy policy, even if they don't collect any data. Apps that don't have an "approved" privacy section by April may have their app updates rejected or their app removed. Google says, "Developers are responsible for providing accurate and complete information in their safety section." All of this information is basically just running on the honor system, and on iOS, developers have already been caught faking their privacy labels.

Android

New Android Malware Uses VNC To Spy and Steal Passwords From Victims (thehackernews.com) 15

A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. The Hacker News reports: Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was distributed via the official Google Play Store and masqueraded as an app named "Protection Guard," attracting over 5,000 installations. Banking and crypto-wallet apps from entities located in Italy, Australia, and Spain were the primary targets. "For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," researchers from ThreatFabric said in a write-up shared with The Hacker News. "The actors chose to steer away from the common HTML overlay development we usually see in other Android banking Trojans: this approach usually requires a larger time and effort investment from the actors to create multiple overlays capable of tricking the user. Instead, they chose to simply record what is shown on the screen, effectively obtaining the same end result."

Vultur [...] takes advantage of accessibility permissions to capture keystrokes and leverages VNC's screen recording feature to stealthily log all activities on the phone, thus obviating the need to register a new device and making it difficult for banks to detect fraud. What's more, the malware employs ngrok, a cross-platform utility used to expose local servers behind NATs and firewalls to the public internet over secure tunnels, to provide remote access to the VNC server running locally on the phone. Additionally, it also establishes connections with a command-and-control (C2) server to receive commands over Firebase Cloud Messaging (FCM), the results of which, including extracted data and screen captures, are then transmitted back to the server.

ThreatFabric's investigation also connected Vultur with another well-known piece of malicious software named Brunhilda, a dropper that utilizes the Play Store to distribute different kinds of malware in what's called a "dropper-as-a-service" (DaaS) operation, citing overlaps in the source code and C2 infrastructure used to facilitate attacks. These ties, the Amsterdam-based cybersecurity services company said, indicate Brunhilda to be a privately operating threat actor that has its own dropper and proprietary RAT Vultur.

Android

Google Bans 'Sugar Daddy' Apps From Play Store (androidpolice.com) 119

Google's updated its inappropriate content policy to ban "compensated sexual relationships" -- i.e., sugar daddy or sugar dating apps. Ryne Hager writes via Android Police: If somehow you aren't familiar with the term, a "sugar daddy" is more than a caramel candy on a stick. In the more common vernacular, a sugar daddy is a person -- usually an older man, but you could have a "sugar mommy" or maybe a gender-neutral "sugar parent?" -- that spends or gives money in what is typically a transactional relationship, often for sexual favors.

I don't judge, different people enjoy different things, and if all parties are consenting with full knowledge, I don't see how an arrangement like that really harms anyone. But, it seems Google does care, though the company is clear it's not objecting to the nature of the relationship, merely the fact that they're often sexual relationships with a perceived compensation basis, and the company has a blanket ban on sexual content -- at least partly ignoring the primary impulse for many customers behind more generalized dating apps like Tinder and Hinge, as well as many of the messages that even mainstream dating app users swap.

Android

New Android Malware Records Smartphones via VNC To Steal Passwords (therecord.media) 15

Security researchers have discovered a novel piece of Android malware that uses the VNC technology to record and broadcast a victim's smartphone activity, allowing threat actors to collect keyboard presses and app passwords. From a report: First spotted in March 2021 by Dutch security firm ThreatFabric, this new piece of malware, named Vultur, is a departure from other Android malware strains that usually rely on fake login screens floating on top of legitimate apps to collect a victim's credentials. Instead, Vultur opens a VNC server on the infected phone, and broadcasts screen captures to an attacker command and control server, where the Vultur operator extracts passwords for desired apps.
Cloud

Google Cloud Offers a Model For Fixing Google's Product-Killing Reputation (arstechnica.com) 49

An anonymous reader quotes a report from Ars Technica: Google's reputation for aggressively killing products and services is hurting the company's brand. Any new product launch from Google is no longer a reason for optimism; instead, the company is met with questions about when the product will be shut down. It's a problem entirely of Google's own making, and it's yet another barrier that discourages customers from investing (either time, money, or data) in the latest Google thing. The wide public skepticism of Google Stadia is a great example of the problem. A Google division with similar issues is Google Cloud Platform, which asks companies and developers to build a product or service powered by Google's cloud infrastructure. Like the rest of Google, Cloud Platform has a reputation for instability, thanks to quickly deprecating APIs, which require any project hosted on Google's platform to be continuously updated to keep up with the latest changes. Google Cloud wants to address this issue, though, with a new "Enterprise API" designation.

Enterprise APIs basically get a roadmap that promises stability for certain APIs. Google says, "The burden is on us: Our working principle is that no feature may be removed (or changed in a way that is not backwards compatible) for as long as customers are actively using it. If a deprecation or breaking change is inevitable, then the burden is on us to make the migration as effortless as possible." If Google needs to change an API, customers will now get a minimum of one year's notice, along with tools, documentation, and other materials. Google goes on to say, "To make sure we follow these tenets, any change we introduce to an API is reviewed by a centralized board of product and engineering leads and follows a rigorous product lifecycle evaluation."

Despite being one of the world's largest Internet companies and basically defining what modern cloud infrastructure looks like, Google isn't doing very well in the cloud infrastructure market. Analyst firm Canalys puts Google in a distant third, with 7 percent market share, behind Microsoft Azure (19 percent) and market leader Amazon Web Services (32 percent). Rumor has it (according to a report from The Information) that Google Cloud Platform is facing a 2023 deadline to beat AWS and Microsoft, or it will risk losing funding. Ex-Googler Steve Yegge laid out the problems with Google Cloud Platform last year in a post titled "Dear Google Cloud: Your Deprecation Policy is Killing You." Google's announcement seems to hit most of what that post highlights, like a lack of documentation and support, an endless treadmill of API upgrades, and Google Cloud's general disregard for backward compatibility. Yegge argues that successful platforms like Windows, Java, and Android (a group Yegge says is isolated from the larger Google culture) owe much of their success to their commitment to platform stability. AWS is the market leader partly because it's considered a lot more stable than Google Cloud Platform.

Security

Google Launches New Bug Hunters Vulnerability Rewards Platform (bleepingcomputer.com) 4

Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. From a report: Since launching its first VRP more than ten years ago, the company has rewarded 2,022 security researchers from 84 different countries worldwide for reporting over 11,000 bugs. [...] "To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, bughunters.google.com," Google said.

"This new site brings all of our VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues." The new VRP platform should provide researchers with per-country leaderboards, healthier competition via gamification, awards/badges for specific bugs, and more opportunities for interaction. Google also launched a new Bug Hunter University, which would allow bug hunters to brush up on their skills or start a hunting learning streak.

Privacy

Is Your Phone Infected With Pegasus? (fossbytes.com) 75

Fossbytes has an article detailing how you can check to see if your mobile device is infected with the "Pegasus" spyware. What's Pegasus you ask? It's phone-penetrating spy software developed by NSO Group and sold to governments to target journalists and activists around the world. The CEO of NSO Group says law-abiding citizens have "nothing to be afraid of," but that doesn't help us sleep any better. Here's how to check if your device has been compromised (heads up: it's a bit of a technical and lengthy process): First off, you'll need to create an encrypted backup and transfer it to either a Mac or PC. You can also do this on Linux instead, but you'll have to install libimobiledevice beforehand for that. Once the phone backup is transferred, you need to download Python 3.6 (or newer) on your system -- if you don't have it already. Here's how you can install the same for Windows, macOS, and Linux. After that, go through Amnesty's manual to install MVT correctly on your system. Installing MVT will give you new utilities (mvt-ios and mvt-android) that you can use in the Python command line. Now, let's go through the steps for detecting Pegasus on an iPhone backup using MVT.

First of all, you have to decrypt your data backup. To do that, you'll need to enter the following instruction format while replacing the placeholder text (marked with a forward slash) with your custom path: "mvt-ios decrypt-backup -p password -d /decrypted /backup". Note: Replace "/decrypted" with the directory where you want to store the decrypted backup and "/backup" with the directory where your encrypted backup is located.

Now, we will run a scan on the decrypted backup, referencing it with the latest IOCs (possible signs of Pegasus spyware), and store the result in an output folder. To do this, first, download the newest IOCs from here (use the folder with the latest timestamp). Then, enter the instruction format as given below with your custom directory path: "mvt-ios check-backup -o /output -i /pegasus.stix2 /backup". Note: Replace "/output" with the directory where you want to store the scan result, "/backup" with the path where your decrypted backup is stored, and "/pegasus.stix2" with the path where you downloaded the latest IOCs.

After the scan completion, MVT will generate JSON files in the specified output folder. If there is a JSON file with the suffix "_detected," then that means your iPhone data is most likely Pegasus-infected. However, the IOCs are regularly updated by Amnesty's team as they develop a better understanding of how Pegasus operates. So, you might want to keep running scans as the IOCs are updated to make sure there are no false positives.

Android

Google's Wear OS 3 Update Plans Will Leave Most Existing Devices Behind (arstechnica.com) 15

In a post titled "What Wear OS 3 means for you," Google provides a few more details about its upcoming Wear OS update plans, which will be the first major Wear OS update since Wear OS 2 in 2018. Unfortunately, as Ars Technica points out, the list of devices receiving the new update are limited to some of Mobvoi's TicWatch devices and Fossil Group's new generation of devices launching later this year. Older Wear OS devices featuring the Wear 3100 SoC, which makes up almost all the current Wear OS devices, will not support the new update. From the report: We still have next to no information about Wear OS 3, but there are a few tidbits in the upgrade announcement indicating that things will be very different. One line in the announcement lays out the requirement for a mandatory factory reset for any Wear 4100 devices upgrading from Wear OS 2 to version 3. Wear OS 3 is apparently so different that user data can't be ported over, and all local data will need to be wiped. We've certainly heard Google and Samsung talk about how Wear OS 3 will combine the "best of Wear OS and Tizen," indicating that even the base OS might be rebuilt.

Google also vaguely tells 4100 upgraders that "in some limited cases, the user experience will also be impacted." Is this a reference to the 4100 performance or the app selection and features compared to Wear OS 2? It's hard to say. Because Wear OS 3 will be so different, Google says it won't force the upgrade on 4100 users: "We expect that for these reasons, some of you will prefer to keep your current Wear OS experience. Therefore, we will offer the system upgrade on an opt-in basis for eligible devices. We will provide more details in advance of the update so you can make an informed decision. We expect our partners to be able to roll out the system update starting in mid to second half of 2022."

The Samsung Watch with Wear OS 3 is expected to ship sometime in August 2021, so the partner time of "2H 2022" -- potentially a year after Samsung's release -- is surprisingly late. Android has typically been very good at letting partners get early access to code, so (at least the ones that care) can be ready for launch, but this suggests Samsung is getting a huge head start. Google's message that upcoming Fossil watches, launching later this year, will be "eligible for upgrade" to Wear OS 3 also suggests that we might see Wear OS 2 devices launch from other companies after Samsung launches Wear OS 3 next month.

Privacy

Pegasus Spyware Seller: Blame Our Customers Not Us For Hacking (bbc.com) 104

The maker of powerful spy software allegedly used to hack the phones of innocent people says blaming the company is like "criticising a car manufacturer when a drunk driver crashes." From a report: NSO Group is facing international criticism, after reporters obtained a list of alleged potential targets for spyware, including activists, politicians and journalists. Investigations have begun as the list, of 50,000 phone numbers, contained a small number of hacked phones. Pegasus infects iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras. NSO Group has said the software is intended for use against criminals and terrorists and made available to only military, law enforcement and intelligence agencies from countries with good human-rights records. But a consortium of news organisations, led by French media outlet Forbidden Stories, has published dozens of stories based around the list, including allegations French President Emmanuel Macron's number was on it and may have been targeted.
Social Networks

Clubhouse Is Now Out of Beta and Open To Everyone (techcrunch.com) 31

Clubhouse announced Wednesday that it would end its waitlist and invite system, opening up to everyone. TechCrunch reports: Clubhouse is also introducing a real logo that will look familiar -- it's basically a slightly altered version of the waving emoji the company already used. Clubhouse will still hold onto its app portraits, introducing a new featured icon from the Atlanta music scene to ring in the changes. "The invite system has been an important part of our early history," Clubhouse founders Paul Davison and Rohan Seth wrote in a blog announcement. They note that adding users in waves and integrating new users into the app's community through Town Halls and orientation sessions helped Clubhouse grow at a healthy rate without breaking, "but we've always wanted Clubhouse to be open."

According to new data SensorTower provided to TechCrunch, Clubhouse hit its high point in February at 9.6 million global downloads, up from 2.4 million the month prior. After that, things settled down a bit before perking back up in May when TikTok went live on Android through the Google Play Store. Since May, new Android users have accounted for the lion's share of the app's downloads. In June, Clubhouse was installed 7.7 million times across both iOS and Android -- an impressive number that's definitely in conflict with the perception that the app might not have staying power.

Clubhouse's success is a double-edged sword. The app's meteoric rise came as a surprise to the team, as meteoric rises often do. The social app is still a wild success by normal metrics in a landscape completely dominated by a handful of large, entrenched platforms, but it can be tricky to maintain healthy momentum after such high highs. Opening up the app to everybody should certainly help.

Iphone

LG Might Sell iPhones In Its Stores After Quitting Android Devices (androidauthority.com) 20

LG will reportedly start selling iPhones and iPads in its South Korean stores this August -- mere months after the company quit making Android devices. Android Authority reports: According to MacRumors, the Herald Economic Daily claims LG has struck a deal with Apple to sell the iPhone and iPad in 400 stores across South Korea starting in August. LG may have to overcome some hurdles to make this happen. The company reportedly signed a "win-win" agreement with the country's National Mobile Communication Distribution Association that bars it from selling a direct competitor's phones in its stores. That deal was made in 2018, however, or well before LG signaled that it would quit making phones and tablets. LG is supposedly planning to renegotiate the agreement once it officially sells the iPhone and iPad in its shops. The deal unsurprisingly wouldn't include Macs, as systems like the MacBook Air compete directly with the Gram series and other LG computers where the iPhone and iPad are relatively safe.
Privacy

DuckDuckGo Launches New Email Protection Service To Remove Trackers (theverge.com) 45

DuckDuckGo is launching a new email privacy service meant to stop ad companies from spying on your inbox. From a report: The company's new Email Protection feature gives users a free "@duck.com" email address, which will forward emails to your regular inbox after analyzing their contents for trackers and stripping any away. DuckDuckGo is also extending this feature with unique, disposable forwarding addresses, which can be generated easily in DuckDuckGo's mobile browser or through desktop browser extensions.

The personal DuckDuckGo email is meant to be given out to friends and contacts you know, while the disposable addresses are better served when signing up for free trials, newsletters, or anywhere you suspect might sell your email address. If the email address is compromised, you can easily deactivate it. These tools are similar to anti-tracking features implemented by Apple in iOS 14 and iOS 15, but DuckDuckGo's approach integrates into iOS, Android, and all major web browsers. DuckDuckGo will also make it easier to spin up disposable email addresses on the fly, for newsletters or anywhere you might share your email.

Cellphones

iOS and Android Activations Now Split Evenly In the US, Research Shows (macrumors.com) 113

Activations of iOS and Android devices are now evenly split in the United States, with little sign of movement toward either platform dominating over the past two years, according to data sourced by Consumer Research Intelligence Partners (CIRP). MacRumors reports: CIRP estimates that iOS and Android each had 50 percent of new smartphone activations in the year ending this quarter. iOS's share of new smartphone activations climbed from 2017 to 2020, but has now remained at its peak level for a second consecutive year. CIRP Partner and Co-Founder Josh Lowitz said that the finding is significant because for several years, Android smartphones "had a significant edge, with over 60 percent of customers opting for an Android phone in most quarters. In the past couple of years, though, iOS has closed the gap, and now splits the market with Android."

Both Android and iOS users have had a high level of loyalty historically. Android loyalty has varied very slightly, in a narrow range of 90 to 93 percent in the past four years. iOS loyalty, on the other hand, has gradually increased over the past four years, from a low of 86 percent in early 2018 to 93 percent in the most recent quarter ending in June 2021. Loyalty and tendency to switch platforms may explain some of the change in the share of new smartphone activations, where iOS has gained loyalty in a market with a limited amount of switching.

Slashdot Top Deals