An anonymous reader quotes a report from BleepingComputer: A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. The new malware, spotted by Group-IB, is part of a malware suite developed by the Chinese threat group known as 'GoldFactory,' which is responsible for other malware strains such as 'GoldDigger', 'GoldDiggerPlus,' and 'GoldKefu.' Group-IB says its analysts observed attacks primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam. However, the techniques employed could be effective globally, and there's a danger of them getting adopted by other malware strains. [...]

For iOS (iPhone) users, the threat actors initially directed targets to a TestFlight URL to install the malicious app, allowing them to bypass the normal security review process. When Apple remove the TestFlight app, the attackers switched to luring targets into downloading a malicious Mobile Device Management (MDM) profile that allows the threat actors to take control over devices. Once the trojan has been installed onto a mobile device in the form of a fake government app, it operates semi-autonomously, manipulating functions in the background, capturing the victim's face, intercepting incoming SMS, requesting ID documents, and proxying network traffic through the infected device using 'MicroSocks.'

Group-IB says the Android version of the trojan performs more malicious activities than in iOS due to Apple's higher security restrictions. Also, on Android, the trojan uses over 20 different bogus apps as cover. For example, GoldPickaxe can also run commands on Android to access SMS, navigate the filesystem, perform clicks on the screen, upload the 100 most recent photos from the victim's album, download and install additional packages, and serve fake notifications. The use of the victims' faces for bank fraud is an assumption by Group-IB, also corroborated by the Thai police, based on the fact that many financial institutes added biometric checks last year for transactions above a certain amount.

Republican Commissioner Brendan Carr is calling on the Federal Communications Commission to investigate Apple's response to Beeper Mini -- the app that briefly brought iMessage to Android. From a report: During the State of the Net Conference on Monday, Carr said the FCC should look into whether Apple's move "complies with the FCC's Part 14 rules" about accommodating users with disabilities.

Beeper Mini launched last year, allowing Android users to gain access to iMessage features, including blue message bubbles and the ability to send high-quality photos and videos. However, Apple quickly blocked Beeper Mini users and continued to shut down attempts to make the app work, leading its developers to eventually just give up. The FCC's Part 14 rules lay out requirements that "advanced communications service," such as iMessage, must follow to ensure they're accessible.

Remember "Servo," Mozilla's "next-generation browser engine," focused on performance and robustness?

"The developers of Servo are starting 2024 by going all in..." reports It's FOSS News, citing a social media post from FOSDEM. "[T]he Servo Project team were there showing off the work done so far." If you were not familiar, Servo is an experimental browser engine that leverages the power of Rust to provide a memory-safe and modular experience that is highly adaptable. After Mozilla created Servo back in 2012 as a research project, it saw its share of ups and downs over the years, with it making a comeback in 2023; thanks to a fresh approach by the developers on how Servo should move forward.

Even though there are plenty of open source Chrome alternatives, with this, there's a chance that we will get some really cool options based on Servo that just might give Blink and Gecko a run for the money! Just a few months back, in September 2023, after The Servo Project officially joined Linux Foundation Europe, the existing contributors from Igalia stepped up their game by taking over the project maintenance. To complement that, at Open Source Summit Europe last year, Manuel Rego from Igalia shared some really useful insights when he presented.

He showcased stuff like the WebGL support, cross-platform support including mobile support for Android and Linux, among other things. They have experimented with Servo for embedded applications use-cases (like running it on Raspberry Pi), and have plans to make advances on it. As far as I can see, it looks like, Servo is faster for Raspberry Pi compared to Chromium. You can explore more such demos on Servo's demo webpage.
2024's roadmap includes "Initial Android support, that will see Servo being made to build on modern Android versions," according to the article, "with the developers publishing nightly APKs on the official website some time in the future."

One fun fact? "Even though Mozilla dropped the experimental project, Firefox still utilizes some servo components in the browser"

Another FOSDOM update from social media: "Thunderbird is also embracing Rust."

An anonymous Slashdot reader shared this report from SiliconANGLE: The Rust Foundation, which supports the development of the popular open-source Rust programming language... shared that Google LLC had made a $1 million contribution specifically earmarked for a C++/Rust interoperability effort known as the "Interop Initiative." The initiative aims to foster seamless integration between Rust and the widely used C++ programming language, addressing one of the significant barriers to Rust's adoption in legacy systems entrenched in C++ code.

Rust has the ability to prevent common memory errors that plague C++ programs and offers a path toward more secure and reliable software systems. However, transitioning from C++ to Rust presents notable challenges, particularly for organizations with extensive C++ codebases. The Interop Initiative seeks to mitigate these challenges by facilitating smoother transitions and enabling organizations to leverage Rust's advantages without completely overhauling their existing systems.

As part of the initiative, the Rust Foundation will collaborate closely with the Rust Project Leadership Council, stakeholders and member organizations to develop a comprehensive scope of work. The collaborative effort will focus on enhancing build system integration, exploring artificial intelligence-assisted code conversion techniques and expanding upon existing interoperability frameworks. By addressing these strategic areas, the initiative aims to accelerate the adoption of Rust across the software industry and hence contribute to advancing memory safety and reducing the prevalence of software vulnerabilities.
A post on Google's security blog says they're excited to collaborate "to ensure that any additions made are suitable and address the challenges of Rust adoption that projects using C++ face. Improving memory safety across the software industry is one of the key technology challenges of our time, and we invite others across the community and industry to join us in working together to secure the open source ecosystem for everyone."

The blog post also includes this quote from Google's VP of engineering, Android security and privacy. "Based on historical vulnerability density statistics, Rust has proactively prevented hundreds of vulnerabilities from impacting the Android ecosystem. This investment aims to expand the adoption of Rust across various components of the platform."

The Register adds: Lars Bergstrom, director of Android platform tools and libraries and chair of the Rust Foundation Board, announced the grant and said that the funding will "improve the ability of Rust code to interoperate with existing legacy C++ codebases.... Integrating Rust today is possible where there is a fallback C API, but for high-performance and high-fidelity interoperability, improving the ability to work directly with C++ code is the single biggest initiative that will further the ability to adopt Rust...."

According to Bergstrom, Google's most significant increase in the use of Rust has occurred in Android, where interoperability started receiving attention in 2021, although Rust is also being deployed elsewhere.... Bergstrom said that as of mid-2023, Google had more than 1,000 developers who had committed Rust code, adding that the ad giant recently released the training material it uses. "We also have a team working on building out interoperability," he added. "We hope that this team's work on addressing challenges specific to Google's codebases will complement the industry-wide investments from this new grant we've provided to the Rust Foundation."

Google's grant matches a $1 million grant last November from Microsoft, which also committed $10 million in internal investment to make Rust a "first-class language in our engineering systems." The Google-bucks are expected to fund further interoperability efforts, along the lines of KDAB's bidirectional Rust and C++ bindings with Qt.

India's Space Research Organisation (ISRO) will send a humanoid robot astronaut into this space this year, then send it back alongside actual humans in 2025 on its long-delayed Gaganyaan orbital mission. From a report: According to the space agency, the robot-crewed Vyommitra Mission is scheduled for the third quarter of this year. The robot -- whose name translates to "Space Friend" in Sanskrit -- can monitor module parameters, issue alerts and execute life support operations. Vyommitra is also an excellent multitasker that can operate six panels while responding to queries and mimicking human functions. The humanoid speaks two languages: Hindi and English.

It's also been designated as female -- to the extent possible for a legless robot -- and sports coiffed hair, feminine facial features, and hands that look like they are wearing white gloves. It resembles a wax figurine or mannequin and The Register fancies it mostly manages to stay out of the Uncanny Valley -- the term applied to robots and digital depictions of humans that try to appear human but instead come off as creepy and/or unsettling.

Sarah Perez reports via TechCrunch: Fresh on the heels of its $40 million fundraise, streaming media company Plex is today announcing its expansion into a new business: a movie rentals storefront. The addition, which will initially be offered to U.S. customers, will give the streamer another means of generating revenue beyond its subscription products and ad-supported streaming -- a diversification that will prove critical as the ad market continues to be unpredictable.

At launch, the marketplace will offer movies from top studios, including WB, Paramount, MGM, Lionsgate and A24, which means Plex users will be able to rent titles like "Barbie," "Wonka," "Aquaman and the Lost Kingdom," "Mission: Impossible -- Dead Reckoning," "The Color Purple," "Expend4bles," "PAW Patrol: The Mighty Movie," "Hunger Games: The Ballad of Songbirds and Snakes," "Mean Girls" and others. Plex says there will be just over 1,000 titles available to rent starting at $3.99, but the number of titles will grow over time. Titles will also move in and out of windows, so the number of rentals will fluctuate over time, as well. [...]

Once users rent a movie, they have 30 days to watch. After starting the rental, you'll have 48 hours to finish viewing it, similar to other marketplaces. The movie will also appear in the "Continue Watching" section on Plex's home screen if you don't finish watching it upon your first go. The company plans to add more studio partners to its movie rentals store over time, it says. [...] The new movie marketplace will launch across platforms, Plex notes, including its apps on Amazon Fire TV, Apple TV, Android TV/Google TV, Roku, smart TVs (LG, Hisense, Samsung, Sony, VIZIO), game consoles and Apple and Android smartphones and tablets.

Google has renamed its AI assistant to "Gemini" and unveiled a paid subscription tier offering. The $19.99/month "Gemini Advanced" includes a more powerful AI model and cloud storage integration, targeting users seeking advanced content creation and complex query resolution. Google is also leveraging its Android user base by making Gemini the default digital assistant, aiming to replicate the success of its billion-user products.

New submitter Dustin Destree shares a report: Android users in Singapore will be blocked from installing apps from unverified sources, a process called sideloading, as part of a new trial by Google to crack down on malware scams. The security tool will work in the background to detect apps that demand suspicious permissions, like those that grant the ability to spy on screen content or read SMS messages, which scammers have been known to abuse to intercept one-time passwords. Singapore is the first country to begin the gradual roll-out of the security feature over the next few weeks, done in collaboration with the Cyber Security Agency of Singapore, according to a statement on Feb 7 by Google, which develops the Android software.

According to a job listing spotted by AFTVNews, Amazon makes it clear that the company plans to ditch Android for its own "VegaOS" operating system. "The new platform is said to rely on React Native and would require new apps to be built," reports 9to5Google. From the report: As spotted by AFTVNews, a job listing from Amazon was looking for a "Fire TV Experience Software Development Engineer." The job listing's description makes it abundantly clear that a key part of the role is focused on the transition from Android to the rumored "VegaOS," because it quite literally says that's what is happening, with Amazon saying that Fire TV is transitioning from "FOS/Android" (Fire OS/Android) to "native/Rust" and even explicitly mentioning React Native. The listing, which has since been removed, provides extremely strong evidence of Amazon's plans, which is probably why it was so quickly removed.

Fossil Group has decided to call it quits on smartwatches. The company announced Friday that it would leave the smartwatch business and redirect resources to its less-smart goods instead. From a report: The company has been one of the most prolific makers of Wear OS smartwatches over the years, and its absence will leave a large gap in the market. "As the smartwatch landscape has evolved significantly over the past few years, we have made the strategic decision to exit the smartwatch business," Fossil spokesperson Amanda Castelli tells The Verge. "Fossil Group is redirecting resources to support our core strength and the core segments of our business that continue to provide strong growth opportunities for us: designing and distributing exciting traditional watches, jewelry, and leather goods under our own as well as licensed brand names." This means that the Gen 6, which first launched in 2021, will be the last Fossil smartwatch. Castelli says the company will continue to keep existing Wear OS watches updated "for the next few years."

AT&T, Google and Vodafone are investing a total of $206.5 million in AST SpaceMobile, a satellite manufacturer that plans to be the first space-based network to connect standard mobile phones at broadband speeds. Fierce Wireless reports: AST SpaceMobile claims it invented the space-based direct-to-device market, with a patented design facilitating broadband connectivity directly to standard, unmodified cellular devices. In a press release, AST SpaceMobile said the investment from the likes of AT&T, Google and Vodafone underscores confidence in the company's technology and leadership position in the emerging space-based cellular D2D market. There's the potential to offer connectivity to 5.5 billion cellular devices when they're out of coverage.

Bolstering the case for AST SpaceMobile, Vodafone and AT&T placed purchase orders -- for an undisclosed amount -- for network equipment to support their planned commercial services. In addition, Google and AST SpaceMobile agreed to collaborate on product development, testing and implementation plans for SpaceMobile network connectivity on Android and related devices. AST SpaceMobile boasts agreements and understandings with more than 40 mobile network operators globally. However, it's far from alone in the D2D space. Apple/Globalstar, T-Mobile/SpaceX, Bullitt and Lynk Global are among the others.

"Would you pay $15 a month so Android doesn't track you and send all of that data back to Google?" asks Stuff South Africa: A new Swiss-based privacy company thinks $15 is a fair fee for that peace of mind. "A person's data is the original digital currency," argues Apostrophy, which has created its own operating system, called Apostrophy OS.

It's based on Android — don't panic — but the version that has already been stripped of Google's intrusiveness by another privacy project called GrapheneOS, which used to be known as CopperheadOS. Launched in 2014, it which was briefly known as the Android Hardening project, before being rebranded as GrapheneOS in 2019. Apostrophy OS is "focused on empowering our users, not leveraging them," it says and is "purposely Swiss-based, so we can be champions of data sovereignty".

What it does, they say, is separate the apps from the underlying architecture of the operating system and therefore prevent apps from accessing miscellaneous personal data, especially the all-important location data so beloved of surveillance capitalism... Apostrophy OS has its own app store, but also cleverly allows users to access the Google Play Store. If you think that is defeating the point, Apostrophy argues that those apps can't get to the vitals of your digital life. Apostrophy OS has "partitioned segments prioritising application integrity and personal data privacy".
The service is free for one year with the purchase of the new MC02 phone from Swiss manufacturer Punkt, according to PC Magazine. "The phone costs $749 and is available for preorder now. It will ship at the end of January." Additional features include a built-in VPN called Digital Nomad based on the open-source Wireguard framework to secure your activity against outside snooping, which includes "exit addresses" in the US, Germany, and Japan with the base subscription.

China's Huawei will not support Android apps on the latest iteration of its in-house Harmony operating system, domestic financial media Caixin reported, as the company looks to bolster its own software ecosystem. From a report: The company plans to roll out a developer version of its HarmonyOS Next platform in the second quarter of this year followed by a full commercial version in the fourth quarter, it said in a company statement highlighting the launch event for the platform in its home city of Shenzhen on Thursday.

Huawei first unveiled its proprietary Harmony system in 2019 and prepared to launch it on some smartphones a year later after U.S. restrictions cut its access to Google's technical support for its Android mobile OS. However, earlier versions of Harmony allowed apps built for Android to be used on the system, which will no longer be possible, according to Caixin.

Microsoft is getting ready to place Teams meeting reminders on the Start menu in Windows 11. From a report: The software giant has started testing a new build of Windows 11 with Dev Channel testers that includes a Teams meeting reminder in the recommended section of the Start menu. Microsoft is also testing an improved way to instantly access new photos and screenshots from Android devices. [...] The Teams meeting reminders will be displayed alongside the regular recently used and recommended file list on the Start menu, and they won't be displayed for non-business users of Windows 11.

In a blog post today, Google announced that WebGPU is "now enabled by default in Chrome 121 on devices running Android 12 and greater powered by Qualcomm and ARM GPUs," with support for more Android devices rolling out gradually. Previously, the API was only available on Windows PCs that support Direct3D 12, macOS, and ChromeOS devices that support Vulkan.

Google says WebGPU "offers significant benefits such as greatly reduced JavaScript workload for the same graphics and more than three times improvements in machine learning model inferences." With lower-level access to a device's GPU, developers are able to enable richer and more complex visual content in web applications. This will be especially apparent with games, as you can see in this demo.

Next up: WebGPU for Chrome on Linux.

"The ambient light sensors present in most mobile devices can be accessed by software without any special permissions, unlike permissions required for accessing the microphone or the cameras," writes longtime Slashdot reader BishopBerkeley. "When properly interrogated, the data from the light sensor can reveal much about the user." IEEE Spectrum reports: While that may not seem to provide much detailed information, researchers have already shown these sensors can detect light intensity changes that can be used to infer what kind of TV programs someone is watching, what websites they are browsing or even keypad entries on a touchscreen. Now, [Yang Liu, a PhD student at MIT] and colleagues have shown in a paper in Science Advances that by cross-referencing data from the ambient light sensor on a tablet with specially tailored videos displayed on the tablet's screen, it's possible to generate images of a user's hands as they interact with the tablet. While the images are low-resolution and currently take impractically long to capture, he says this kind of approach could allow a determined attacker to infer how someone is using the touchscreen on their device. [...]

"The acquisition time in minutes is too cumbersome to launch simple and general privacy attacks on a mass scale," says Lukasz Olejnik, an independent security researcher and consultant who has previously highlighted the security risks posed by ambient light sensors. "However, I would not rule out the significance of targeted collections for tailored operations against chosen targets." But he also points out that, following his earlier research, the World Wide Web Consortium issued a new standard that limited access to the light sensor API, which has already been adopted by browser vendors.

Liu notes, however, that there are still no blanket restrictions for Android apps. In addition, the researchers discovered that some devices directly log data from the light sensor in a system file that is easily accessible, bypassing the need to go through an API. The team also found that lowering the resolution of the images could bring the acquisition times within practical limits while still maintaining enough detail for basic recognition tasks. Nonetheless, Liu agrees that the approach is too complicated for widespread attacks. And one saving grace is that it is unlikely to ever work on a smartphone as the displays are simply too small. But Liu says their results demonstrate how seemingly harmless combinations of components in mobile devices can lead to surprising security risks.

It's hard to think of a more self-explanatory feature than Circle to Search: it does exactly what it sounds like it does. You circle something on your phone screen, tap a button, and voila! A page full of Google search results telling you about the thing you circled. The Verge: The new feature is launching on five phones to start -- the three members of Samsung's brand-new Galaxy S24 series, as well as Google's Pixel 8 and 8 Pro -- before it comes to other "select, premium" Android phones. Well, maybe it does need a little explaining. If the feature sounds familiar, you might be thinking of Google Lens, which is similar. But instead of opening up the Google app, you can use Circle to Search anywhere on your device. Just long-press the home button if you're using three-button navigation -- or the navigation handle if you're using gesture nav -- and it will appear on top of whatever app or screen you're currently using. You can circle, highlight, or tap a subject, including text as well as images.

An anonymous reader quotes a report from TechCrunch: The Apple-versus-Beeper saga is not over yet it seems, even though the iMessage-on-Android Beeper Mini was removed from the Play Store last week. Now, Apple customers who used Beeper's apps are reporting that they've been banned from using iMessage on their Macs -- a move Apple may have taken to disable Beeper's apps from working properly, but ultimately penalizes its own customers for daring to try a non-Apple solution for accessing iMessage. The latest follows a contentious game of cat-and-mouse between Apple and Beeper, which Apple ultimately won. [...]

According to users' recounting of their tech support experiences with Apple, the support reps are telling them their computer has been flagged for spam, or for sending too many messages — even though that's not the case, some argued. This has led many Beeper users to believe this is how Apple is flagging them for removal from the iMessage network. One Beeper customer advised others facing this problem to ask Apple if their Mac was in a "throttled status" or if their Apple ID was blocked for spam to get to the root of the issue. Admitting up front that third-party software was to blame would sometimes result in the support rep being able to lift the ban, some noted.

The news of the Mac bans was earlier reported by Apple news site AppleInsider and Times of India, and is being debated on Y Combinator forum site Hacker News. On the latter, some express their belief that the retaliation against Apple's own users is justified as they had violated Apple's terms, while others said that iMessage interoperability should be managed through regulation, not rogue apps. Far fewer argued that Apple is exerting its power in an anticompetitive fashion here.

Google Maps is about to get better at showing directions inside tunnels. A new feature spotted by SmartDroid allows the Android version of the app to use Bluetooth beacons to track your location in areas where GPS signals typically can't reach. The Verge: These beacons transmit Bluetooth signals that give location data to your phone, according to the Google-owned Waze, which already supports the feature. The app then uses this information along with the device's mobile connectivity to "provide real-time traffic data as it would with a typical GPS connection."

For the first time ever, Apple beat out Samsung to ship the most smartphones in a year according to IDC's Worldwide Quarterly Mobile Phone Tracker. From a report: Although IDC cautions that its data is preliminary and subject to change, a second research agency, Canalys, also has Apple taking its top spot for all of 2023. IDC has Apple's total mobile shipments at 234.6 million, versus 226.6 million for Samsung. Xiaomi, Oppo, and Transsion round out the top five with 145.9, 103.1 and 94.9 million smartphones shipped, respectively.

IDC notes that the last time Samsung wasn't on top of the annual board was 13 years ago in 2010. Back then Apple didn't even feature in the top five. Instead it was Nokia in first place, Samsung in second, LG Electronics in third, ZTE in fourth, and Research in Motion (manufacturers of BlackBerry devices) in fifth.