Google executive Hiroshi Lockheimer has called on Apple to adopt the Rich Communication Services (RCS) protocol that would enable improved and more secure messaging between iPhone and Android devices. From a report: RCS brings a number of modern features -- including support for audio messages, group chats, typing indicators and read receipts -- and end-to-end encryption to traditional text messaging. But it's unlikely Apple will play ball.

[...] Lockheimer, senior vice president for Android, has encouraged the company to change its mind. In response to a tweet about how group chats are incompatible between iPhone and Android devices, Lockheimer said, "group chats don't need to break this way. There exists a Really Clear Solution." "Here's an open invitation to the folks who can make this right: we are here to help." Lockheimer doesn't mention Apple specifically, but it's clear that the "folks" he is referring to are those in Cupertino, who have been against RCS.

Japan's Fair Trade Commission will investigate whether Apple and Google are leveraging their dominance in the smartphone operating system market to eliminate competition and severely limit options for consumers. From a report: The study will involve interviews and surveys with OS operators, app developers and smartphone users, commission Secretary-General Shuichi Sugahisa told reporters Wednesday. The initiative will explore market conditions not only for smartphones, but for smartwatches and other wearables. The antitrust watchdog will compile a report outlining OS market structure and the reason why competition has remained static. The commission will work with the central government's Digital Market Competition Council, which is moving forward with its own market probe. Practices found to be anticompetitive will be itemized in the report, along with possible violations of Japan's law against monopolies. In February, the government implemented the Act on Improving Transparency and Fairness of Digital Platforms. If officials decide that the law applies to the OS market, OS operators will be told to submit regular reports on transactions to the Ministry of Economy, Trade and Industry. In Japan, Apple's iOS commands a nearly 70% share among smartphone operating systems while Android's share stands at 30%. Any developer of apps -- whether they specialize in music, streaming videos, e-books or mobile games -- need to match the software with specifications of the operating systems if they want to appear on smartphones.

On Tuesday, Instagram announced that it will now combine IGTV's long-form video and Instagram Feed videos into a new format called simply "Instagram Video." TechCrunch reports: These videos, both longer and shorter, will be found on users' profiles in a new "Video" tab. Meanwhile, when people encounter videos on Instagram, they'll be able to tap anywhere on the video to enter into a fullscreen viewing mode. After watching, they can then choose to keep scrolling to discover more video content from creators or tap the back button to exit. None of these changes will impact what Instagram is doing with Reels, though. The company's short-form video platform and TikTok rival will continue to remain separate, we're told. They won't be mixed into this feed of videos, if users choose to scroll.

The IGTV app, however, isn't going away. Instagram tells us it will now be rebranded as "Instagram Video" and will host the "Instagram Video" formatted content, along with Instagram Live videos. But it will not host Reels videos. With today's update, users will still be able to upload their non-Reels videos in the same way as before -- by clicking on the plus sign (+) in the top-right corner of the Instagram home page and selecting "Post." Videos can be up to 60 minutes in length. Instagram is also adding new features like trimming, filters, and people and location tagging as part of the updated upload experience. [...] Instagram's goal with these changes will be a more streamlined video experience. Instagram says the changes are rolling out globally starting today across both iOS and Android.

Google is reminding us that it will enable two-factor authentication for 150 million more accounts by the end of this year. The Verge reports: In 2018, Google said that only 10 percent of its active accounts were using two-factor authentication. It has been pushing, prodding, and encouraging people to enable the setting ever since. Another prong of the effort will require more than 2 million YouTube creators to turn on two-factor authentication to protect their channels from takeover. Google says it has partnered with organizations to give away more than 10,000 hardware security keys every year. Its push for two-factor has made the technology readily available on your phone whether you use Android or iPhone.

A tool that also helps users keep their accounts secure is using a password manager, and Google now says that it checks over a billion passwords a day via its built-in manager for Chrome, Android, and the Google app. The password manager is also available on iOS, where Chrome can autofill logins for other apps. Google says that soon it will help you generate passwords for other apps, making things even more straightforward. Also coming soon is the ability to see all of your saved passwords directly from the Google app menu. Last but not least, Google is highlighting its Inactive Account Manager. This is a set of decisions to make about what happens to your account if you decide to stop using it or are no longer around and able to make those decisions.

In a significant departure from previous years, Google today rolled out Android 12 to AOSP but did not launch any devices, including Pixel phones. "Today we're pushing the source to the Android Open Source Project (AOSP) and officially releasing the latest version of Android," [said Dave Burke, VP of Engineering, in a blog post. "Keep an eye out for Android 12 coming to a device near you starting with Pixel in the next few weeks and Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices later this year." 9to5Google reports: Traditionally, the AOSP launch of the next version of Android coincides with day one availability for Google phones. That is not the case this year, with Google only revealing that Pixel phones can expect an update in the "next few weeks." Google says over 225,000 people tested Android 12 over the course of the developer previews and betas. [...] Google officially highlights four Android 12 tentpoles for developers as part of today's AOSP availability. This starts with a "new UI for Android" that incorporates Material You (referred to today as "Material Design 3"), redesigned widgets, Notification UI updates, and App launch splash screens.

In terms of "Performance," Google says it has "reduced the CPU time used by core system services by 22% and the use of big cores by 15%." We've also improved app startup times and optimized I/O for faster app loading, and for database queries we've improved CursorWindow by as much as 49x for large windows. "More responsive notifications" are achieved by restricting notification trampolines, with Google Photos launching 34% faster after this change. Other changes include Optimized foreground services, Performance classes for devices, and Faster machine learning. "Privacy" is led by the new Settings Dashboard, the ability to only grant apps Approximate location, and a new Nearby devices permission for setting up wearables and other smart home accessories without granting location access. There are also the microphone and camera indicators/toggles. Developers can take advantage of "Better user experience tools" like new APIs to better support rounded screen corners, rich content insertion, AVIF images, enhanced haptics, and new camera/sensor effects. There's also Compatible media transcoding, better debugging, and an Android 12 for Games push.

An anonymous reader quotes a report from Ars Technica: Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn't pleased with Telegram's months-long turnaround time -- and an offered $1,159 bounty award in exchange for his silence. In February 2021, Telegram introduced a set of such auto-deletion features in its 2.6 release: Set messages to auto-delete for everyone 24 hours or 7 days after sending; Control auto-delete settings in any of your chats, as well as in groups and channels where you are an admin; and To enable auto-delete, right-click on the chat in the chat list > Clear History > Enable Auto-Delete. But in a few days, mononymous researcher Dmitrii discovered a concerning flaw in how the Telegram Android app had implemented self-destruction.

Messages that should be auto-deleted from participants in private and private group chats were only 'deleted' visually [in the messaging window], but in reality, picture messages remained on the device [in] the cache," the researcher wrote in a roughly translated blog post published last week. Tracked as CVE-2021-41861, the flaw is rather simple. In the Telegram Android app versions 7.5.0 to 7.8.0, self-destructed images remain on the device in the /Storage/Emulated/0/Telegram/Telegram Image directory after approximately two to four uses of the self-destruct feature. But the UI appears to indicate to the user that the media was properly destroyed.

But for a simple bug like this, it wasn't easy to get Telegram's attention, Dmitrii explained. The researcher contacted Telegram in early March. And after a series of emails and text correspondence between the researcher and Telegram spanning months, the company reached out to Dmitrii in September, finally confirming the existence of the bug and collaborating with the researcher during beta testing. For his efforts, Dmitrii was offered a $1,159 bug bounty reward. Since then, the researcher claims he has been ghosted by Telegram, which has given no response and no reward. "I have not received the promised reward from Telegram in [$1,159] or any other," he wrote.

After years of Samsung filling up its stock apps with ads, the company is finally stopping that practice. As of today, Samsung Pay, Weather, and Health have officially stopped serving ads. 9to5Google reports: Users in the Samsung Community Forums found that ads had suddenly disappeared from the Samsung Pay app, and an investigation from the folks over at TizenHelp unearthed a comment from a Samsung employee that confirms some good news. As of today, October 1, Samsung has stopped serving ads to Samsung Pay and Samsung Health. Samsung has technically only confirmed this change in its home country, but we're seeing the changes in the United States as well. Notably, force stopping these apps seems to force the ads to be removed, just in case they're still live for you.

New submitter thegreatnick writes: The next generation of Fairphone -- an attempt to make an ethical smartphone -- has been announced with the Fairphone 4. The base specs include a Qualcomm Snapdragon 750G SoC, 6GB of RAM, and 128GB of storage (upgradeable to 8GB and 256GB). On the front, you'll get a 6.3-inch, 2340x1080 LCD display with slimmer bezels (compared to the Fairphone 3 design) and a teardrop notch for the 25-megapixel front camera. The 3,905mAh battery is Qualcomm Quick Charge 4.1 compatible, so if you have a compatible USB-C charger (not included in the box to reduce waste) you can take the battery from 0-50% in 30 minutes. The phone ships with Android 11 and has a side-mounted fingerprint reader in the power button, a MicroSD slot, and the option for dual-SIM usage via one physical nanoSIM and an eSIM.

Continuing Fairphone's progress in making a "fair" supply chain -- both ethically-clean raw materials and paying workers a fair wage -- it also describes the 4 as "e-waste neutral." This is a neat way of summing up the idea that the company will recycle one device for every Fairphone 4 it sells. In addition, Fairphone can boast that it now uses 70% "fair" materials inside the handset, including FairTrade Gold and Silver, aluminum from ASI-certified vendors, and a backplate made from 100% post-consumer recycled polycarbonate. In an upgrade to previous models, the Fairphone 4 has dual cameras, though it loses the headphone jack. The company says this was to achieve an IP54 waterproof rating (light splashes) -- a first for the Fairphone brand. It's also been announced that it will come with an industry-leading 5-year warranty and aims to get 6 years of software updates for the phone.

Google called on European Union judges to cut or cancel a "staggering" 4.3 billion euro ($5 billion) antitrust fine because the search giant never intended to harm rivals. From a report: The company "could not have known its conduct was an abuse" when it struck contracts with Android mobile phone makers that required them to take its search and web-browser apps, Google lawyer Genevra Forwood told the EU's General Court in Luxembourg. The search-giant's power over mobile phones is the focus of a week-long court hearing. Google's lawyers are arguing that the European Commission blundered by demanding changes to allegedly anti-competitive contracts with suppliers of phones running its Android operating system -- the engine room for the vast majority of mobile devices in the region. At the very least the court should "dial down" the fine, an EU record, because it was wrongly based on advertising revenue from Google's home page that isn't directly linked to Android phones at the heart of the EU's decision, Forwood said. The European Commission's lawyer, Anthony Dawes, scoffed at Google's plea, saying the fine was a mere 4.5% of the company's revenue in 2017, well below a 10% cap.

Google Maps is getting a few new features to help people better understand our burning planet. Ars Technica reports: The first is a new "fire" layer in the main map view, which will let you view the exact boundaries of a wildfire just as easily as you can look up the current traffic patterns. Google has done fire information before as part of the "crisis response" website, but with climate change making "Fire Season" a yearly occurrence in dry areas like Australia and the Western U.S., wildfires will now be a top-level Maps feature.

Google says the new fire level will bring "all of Google's wildfire information together" in an easy interface. In the US, it will also pull in data from the National Interagency Fire Center (NIFC), and the company says it wants to expand fire detail with other government agencies, starting with Australia in "the coming months." Wildfire boundaries should be updated on an hourly basis, and Google says you'll be able to tap on a fire to see information from local governments, like "emergency websites, phone numbers for help and information, and evacuation details. When available, you can also see important details about the fire, such as its containment, how many acres have burned, and when all this information was last reported." The fire layout is rolling out to Android this week, with iOS and desktop coming in October.

Google also announced it's going to expand the Tree Canopy tool it launched in 2020. This Google Maps tool combines Google's plethora of aerial imagery with computer vision AI to generate a map that shows tree cover in cities. Today's announced expansion will increase the Tree Canopy imagery from 15 cities to 100 cities worldwide. Google wants city planners to use the Tree Canopy tool to combat the phenomena of urban heat islands, where miles of asphalt and a dearth of shade from trees can cause cities to be significantly hotter than the surrounding areas. Google says heat islands "disproportionately impact lower-income communities and contribute to a number of public health concerns -- from poor air quality to dehydration. With Tree Canopy data, local governments have free access to insights about where to plant trees to increase shade, reduce heat and mitigate these adverse effects."

Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis. The Record reports: Discovered by mobile security firm Zimperium, the new GriftHorse malware has been distributed via benign-looking apps uploaded on the official Google Play Store and on third-party Android app stores. If users install any of these malicious apps, GriftHorse starts peppering users with popups and notifications that offer various prizes and special offers. Users who tap on these notifications are redirected to an online page where they are asked to confirm their phone number in order to access the offer. But, in reality, users are subscribing themselves to premium SMS services that charge over $35 per month, money that are later redirected into the GriftHorse operators' pockets.

Zimperium researchers Aazim Yaswant & Nipun Gupta, who have been tracking the GriftHorse malware for months, described it as "one of the most widespread campaigns the zLabs threat research team has witnessed in 2021." Based on what they've seen until now, the researchers estimated that the GriftHorse gang is currently making between $1.5 million to $4 million per month from their scheme.

An anonymous reader quotes a report from Krebs On Security: The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner's phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page -- or to any other malicious website. The AirTag's "Lost Mode" lets users alert Apple when an AirTag is missing. Setting it to Lost Mode generates a unique URL at https://found.apple.com/ and allows the user to enter a personal message and contact phone number. Anyone who finds the AirTag and scans it with an Apple or Android phone will immediately see that unique Apple URL with the owner's message.

When scanned, an AirTag in Lost Mode will present a short message asking the finder to call the owner at at their specified phone number. This information pops up without asking the finder to log in or provide any personal information. But your average Good Samaritan might not know this. That's important because Apple's Lost Mode doesn't currently stop users from injecting arbitrary computer code into its phone number field -- such as code that causes the Good Samaritan's device to visit a phony Apple iCloud login page. The vulnerability was discovered and reported to Apple by Bobby Rauch, a security consultant and penetration tester based in Boston. Rauch told KrebsOnSecurity the AirTag weakness makes the devices cheap and possibly very effective physical trojan horses.

Thomas Claburn writes via The Register: Microsoft Exchange clients like Outlook have been supplying unprotected user credentials if you ask in a particular way since at least 2016. Though aware of this, Microsoft's advice continues to be that customers should communicate only with servers they trust. On August 10, 2016, Marco van Beek, managing director at UK-based IT consultancy Supporting Role, emailed the Microsoft Security Response Center to disclose an Autodiscover exploit that worked with multiple email clients, including Microsoft Outlook. "Basically, I have discovered that it is extremely easy to get access to Exchange (and therefore Active Directory) user passwords in plain text," he wrote. "It doesn't necessarily require any breach of corporate security, and at its most secure, is only as secure as file level access to the corporate website." His proof-of-concept exploit code, which affected Outlook (both Mac and PC), default email apps for Android and iOS, Apple Mail for Mac OS X, and others, consisted of 11 lines of PHP, though he insisted the exploit probably could have been reduced to three lines.

Microsoft acknowledged on August 11, 2016, that it had reproduced the issue in van Beek's report. Then on August 30, 2016, the Windows titan responded to van Beek by saying the report doesn't describe a genuine vulnerability: "Our security engineers and product team have reviewed this report and determined that it is not a security issue to be serviced as part of our monthly Patch Tuesday process. 'Never accept an SSL certificate without a matching host name' is already recommended for clients in the doc cited by your report: [link]. Before you send a request to a candidate, make sure it is trustworthy. Remember that you're sending the user's credentials, so it's important to make sure that you're only sharing them with a server you can trust. At a minimum, you should verify: That the endpoint is an HTTPS endpoint. Client applications should not authenticate or send data to a non-SSL endpoint. That the SSL certificate presented by the server is valid and from a trusted authority."

"This response casually forgets to consider that a hacked web server still retains a perfectly valid certificate -- it just happens to use that trusted tunnel to serve up problems," said van Beek. "Also, I have only found one Exchange client so far which actually checks the hostname against the certificate, which is Microsoft's own test tool." Van Beek said he thought it was incredible that Microsoft confirmed the behavior he reported within hours but does not consider it to be a problem. He suggested three mitigations: changing the order of operations so that DNS gets checked first; never accepting an SSL certificate without a matching host name; and reviewing why and when clients respond to authentication requests. When asked if the company plans to take any steps to address credential exposure and whether it believes its guidance adequately addresses the problem, a Microsoft spokesperson said: "We are continuing to investigate the specific scenario shared by the researcher."

Google is so successful that it's the most searched for term on Microsoft's Bing search engine, the company's lawyer told a European Union court on Tuesday. From a report: "We have submitted evidence showing that the most common search query on Bing is by far Google," Alfonso Lamadrid, a lawyer for the Alphabet unit, said at the EU's General Court in Luxembourg. The tech giant has asked EU judges to overturn a record $5 billion fine and strike down a 2018 antitrust order that said Google unfairly pushed its search app on mobile phones running its Android software.

Alphabet unit Google on Monday blasted EU antitrust regulators for ignoring rival Apple as it launched a bid to get Europe's second-highest court to annul a record 4.34-billion euro ($5.1 billion) fine related to its Android operating system. From a report: Far from holding back rivals and harming users, Android has been a massive success story of competition at work, representatives of Google told a panel of five judges at the General Court at the start of a five-day hearing. The European Commission fined Google in 2018, saying that it had used Android since 2011 to thwart rivals and cement its dominance in general internet search. Regardless of how the court rules, Google, Apple, Amazon and Facebook will have to change their business models in the coming years to ensure a level playing field for rivals following tough new rules proposed by European Union antitrust chief Margrethe Vestager.

"The Commission shut its eyes to the real competitive dynamic in this industry, that between Apple and Android," Google's lawyer Meredith Pickford told the court. "By defining markets too narrowly and downplaying the potent constraint imposed by the highly powerful Apple, the Commission has mistakenly found Google to be dominant in mobile operating systems and app stores, when it was in fact a vigorous market disrupter," he said. Pickford said Android "is an exceptional success story of the power of competition in action."

Google used its "huge financial muscle" to illegally hurt competitors, the Competition Commission of India found after an antitrust investigation. But now Reuters says Google is suing the commission — for leaking the results of that investigation to the press: "We cooperated fully and maintained confidentiality throughout the investigative process, and we hope and expect the same level of confidentiality from the institutions we engage with," Google's statement added...

India's antitrust authority ordered a probe in 2019, saying Google appeared to have leveraged its dominance to reduce device makers' ability to opt for alternate versions of its mobile operating system and force them to pre-install Google apps. Its 750-page report subsequently found the mandatory pre-installation of apps "amounts to imposition of unfair condition on the device manufacturers" in violation of India's competition law. The report, which has been seen by Reuters but which is not public, also found the company leveraged the position of its Play Store app store to protect its dominance.

Google Photos' Locked Folder feature, which lets you hide sensitive photos and videos from your main library and secure them in a passcode- or biometric-protected folder, is coming to all devices running Android 6 and above. The Verge reports: The feature was released exclusively on newer Pixel phones in June. Google hasn't provided an exact date for when the feature is releasing more widely, noting only that it's "rolling out soon." When it announced the feature onstage at Google I/O in May, Google gave the wholesome example of the feature being used by parents hiding photos of a newly purchased puppy from their children. But I think it's fair to say that most people are going to have very different photos stored in their Locked Folder. I don't know about you, but in all the times I've had to wrench my phone out of someone's hand to stop them scrolling through my photos, it's never been because of a puppy picture.

A stalkerware company that's designed to let customers spy on their spouses's, children's, or employees' devices is exposing victims' data, allowing anyone on the internet to see screenshots of phones simply by visiting a specific URL. From a report: The news highlights the continuing lax security practices that many stalkerware companies use; not only do these companies sometimes market their tools specifically for illegal surveillance, but the targets are re-victimized by these breaches. In recent years the Federal Trade Commission (FTC) has acted against stalkerware companies for exposing victim data. The stalkerware company, called pcTattleTale, offers the malware for Windows computers and Android phones. "Discover their secret online lives right from your phone or computer," a Facebook post from pcTattleTale reads. "pcTattletale is a popular keylogger and montoring [sic] app that you can use to see what you [sic] kids, spouse, or employees are doing online." Security researcher Jo Coscia showed Motherboard that pcTattleTale uploads victim data to an AWS server that requires no authentication to view specific images.

At Microsoft's Surface event today, the company announced its Surface Duo 2 dual-screen Android smartphone, featuring a trio of new cameras, a faster processor, larger displays, and support for 5G. The company also unveiled a successor to the Surface Book line of laptops, the Surface Laptop Studio, as well as the Surface Pro 8. From a report: The first-generation of the Duo made a splash thanks to its unique design. While the original Duo had no exterior screen at all, the Duo 2 now has a sliver of screen called the Glance Bar that peeks out from where its displays come together and provides you with the time and notifications when the Duo is closed. Microsoft has seemingly addressed a number of the original Duo's shortcomings with its Duo 2. One of the biggest issues with the first-generation version was its lack of any truly capable camera. [...] This time around, Microsoft has outfitted the Surface Duo 2 with a trio of external cameras. Like Apple's iPhone and Samsung's Galaxy line of smartphones, the Duo 2 gets a wide-angle camera, an ultra-wide angle camera, and a telephoto camera. There's also a dedicated night photography mode, 2x optical zoom with the telephoto lens, and the ability to record 4K video at 60 frames per second.

As for the occasionally sluggish performance, the Duo 2 should have that sorted out. This time around, Microsoft has dropped Qualcomm's latest Snapdragon 888 processor into the Duo 2, which means the phone should run as smoothly and quickly as any of the leading smartphones on the market. What's more, the Duo 2 gets 8GB of RAM and 128GB, 256GB, or 512GB of storage. On top of that, the Surface Duo 2 gets 5G connectivity, something that was conspicuously absent from the first-generation Duo.

The Duo 2 also gets two larger displays this time around. Rather than two 5.1-inch panels, the Duo 2 gets two 5.3-inch screens that open up to an 8.3-inch display that you can use to move your apps across or as a single canvas for more expansive apps. [...] The gist of the Surface Duo 2 is that two screens are better than one. To that end, Microsoft has combined two panels with a hinge to make an Android-powered device that lets you not only use both displays at the same time, but also seamlessly move apps and content between them. That capability will cost you a pricey $1,499 when the Duo 2 hits store shelves. It's available for pre-order today.

Phoronix reports: Google's Android had been notorious for all of its downstream patches carried by the mobile operating system as well as various vendor/device kernel trees while in recent years more of that code has been upstreamed. Google has also been shifting to the Android Generic Kernel Image (GKI) as the basis for all their product kernels to further reduce the fragmentation. Looking ahead, Google is now talking of an "upstream first" approach for pushing new kernel features into mainline Linux before deploying them on Android. Google's Todd Kjos talked today during Linux Plumbers Conference (LPC2021) around their Generic Kernel Image initiative. With Android 12 and their Linux 5.10 based GKI image they have further cut down the fragmentation to the extent that it's "nearly eliminated."

With the Android 12 GKI, most of the vendor/OEM kernel features have now either been upstreamed into the Linux kernel, isolated to vendor modules/hooks, or merged into the Android Common Kernel. They are making good progress on the GKI front and also ensuring vendors adapt to the new approach to cut down on the kernel mess. But perhaps most exciting is their outlook for 2023 to 2024 for further reducing technical debt. They are going to pursue an "upstream first development model for new features" in making sure new code first lands into the mainline Linux kernel rather than aiming straight for lodging within the Android source tree.