Android

Android O Is Officially Launching August 21 (techcrunch.com) 63

Android O is set to arrive on August 21, with a livestreamed unveiling event timed for 2:40 PM ET in NYC -- which is roughly when the maximum solar eclipse is set to occur for New York. TechCrunch reports: Android O will get a full reveal at that time, which seems like kind of a weird time to do it since a lot of people will be watching the NASA eclipse livestream that Google is also promoting, or staring at the sky (with the caveat, hopefully, that they have procured proper glasses for safe viewing). Google says that Android O will have some "super (sweet) new powers," most of which we know all about thanks to pre-release builds and the Android O teaser Google provided at its annual I/O developer event this past May. WE know, for instance, that the notification panel has been changed significantly, and there's new optimization software to improve battery life on all devices. While Android O's name has yet to be confirmed, the official consumer name is speculated to be "Oreo." Prolific leaker Evan Blass posted a picture of an Oreo to Twitter on Friday following the announcement of the reveal date and event.
Google

Google Explains Why It Banned the App For Gab, a Right-Wing Twitter Rival (arstechnica.com) 457

AmiMoJo shares a report from Ars Technica: When right-wing trolls and outright racists get kicked off of Twitter, they often move to Gab, a right-wing Twitter competitor. Gab was founded by Andrew Torba, who says it's devoted to unfettered free expression online. The site also hosts controversial right-wing figures like Milo Yiannopoulos, Andrew 'weev' Auernheimer and Andrew Anglin, editor of the neo-Nazi site Daily Stormer. On Thursday, Gab said that Google had banned its Android app from the Google Play Store for violating Google's ban on hate speech. The app's main competitor, Twitter, hosts accounts like the American Nazi Party, the Ku Klux Klan, and the virulently anti-gay Westboro Baptist Church, yet the Twitter app is still available on the Google Play store. Apple has long had more restrictive app store policies, and it originally rejected the Gab app for allowing pornographic content to be posted on the service -- despite the fact that hardcore pornography is readily available on Twitter. In an email to Ars, Google explained its decision to remove Gab from the Play Store: "In order to be on the Play Store, social networking apps need to demonstrate a sufficient level of moderation, including for content that encourages violence and advocates hate against groups of people. This is a long-standing rule and clearly stated in our developer policies. Developers always have the opportunity to appeal a suspension and may have their apps reinstated if they've addressed the policy violations and are compliant with our Developer Program Policies."
Android

The Verge's Essential Phone Review: An Arcane Artifact From an Unrealized Future (theverge.com) 50

An anonymous reader shares Dieter Bohn's review of the Essential Phone: Even though it was announced less than three months ago at the Code Conference, there's already enough mythology surrounding the Essential Phone to fill a book. It comes from a brand-new billion-dollar startup led by the person who helped create Android itself, Andy Rubin. That origin binds it up with the history of all smartphones in a way that doesn't usually apply to your run-of-the-mill device. The phone was also delayed a bit, a sign that this tiny company hasn't yet quite figured out how to punch above its weight class -- which it's certainly trying to do. Although it runs standard Android, it's meant to act as a vanguard for Essential's new ecosystem of smart home devices and services connected by the mysterious Ambient OS. Even if we trust that Rubin's futuristic vision for a connected home will come to pass, it's not going to happen overnight. Instead, all we really have right now is that future's harbinger, a well-designed Android phone that I've been testing for the past week. Available unlocked or at Sprint, the $699 Essential Phone is an ambitious device. It has a unique way to connect modular accessories, starting with a 360-degree camera. It has a bold take on how to make a big, edge-to-edge screen paired with top-flight materials such as ceramic and titanium. And it has a dual camera system that is meant to compete with other flagship devices without adding any thickness to the phone. That would be a lot for even a massive company like Samsung or Apple to try to do with a single phone. For a tiny company like Essential, the question is simply this: is it trying to do too much? In conclusion, Bohn writes: "The Essential Phone is doing so much right: elegant design, big screen, long battery life, and clean software. And on top of all that, it has ambitions to do even more with those modules. If you asked Android users what they wanted in the abstract, I suspect a great many of them would describe this exact device. But while the camera is pretty good, it doesn't live up to the high bar the rest of the phone market has set. Sometimes artifacts are better to behold than they are to use."
Security

Secret Chips in Replacement Parts Can Completely Hijack Your Phone's Security (arstechnica.com) 62

Dan Goodin, writing for ArsTechnica: People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device. The concern arises from research that shows how replacement screens -- one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0 -- can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness. There would be no sign of tampering unless someone with a background in hardware disassembled the repaired phone and inspected it. The research, in a paper presented this week (PDF) at the 2017 Usenix Workshop on Offensive Technologies, highlights an often overlooked disparity in smartphone security. The software drivers included in both the iOS and Android operating systems are closely guarded by the device manufacturers, and therefore exist within a "trust boundary."
Media

Video Is Coming To Reddit (variety.com) 73

An anonymous reader shares a report from Variety: Videos are coming to Reddit, thanks to a new feature that allows users to upload video clips directly to the service. Reddit rolled out the new video feature Tuesday after testing it with around 200 communities over the past couple of weeks. Reddit users are now able to upload videos of up to 15 minutes in length, with file sizes being limited to 1 gigabyte. Users will be able to upload videos via Reddit's website and its mobile apps for iOS and Android, with the latter offering basic trimming functionality as well. And, in keeping with the spirit of the site, Reddit is also offering a conversion tool to turn videos into animated Gifs. Videos are being displayed persistently, or pinned, meaning that users can scroll through the comments while the video keeps playing in the corner of their screen. And community moderators can opt not to allow videos in their Subreddits at all, with Le arguing that some discussion-heavy Subreddits may decide that the format just doesn't work for them.
Desktops (Apple)

In Defense of the Popular Framework Electron (dev.to) 132

Electron, a popular framework that allows developers to write code once and seamlessly deploy it across multiple platforms, has been a topic of conversation lately among developers and users alike. Many have criticised Electron-powered apps to be "too memory intensive." A developer, who admittedly uses a high-end computer, shares his perspective: I can speak for myself when I say Electron runs like a dream. On a typical day, I'll have about three Atom windows open, a multi-team Slack up and running, as well as actively using and debugging my own Electron-based app Standard Notes. [...] So, how does it feel to run this bloat train of death every day? Well, it feels like nothing. I don't notice it. My laptop doesn't get hot. I don't hear the fan. I experience no lags in any application. [...] But aside from how it makes end-users feel, there is an arguably more important perspective to be had: how it makes software companies feel. For context, the project I work in is an open-source cross-platform notes app that's available on most platforms, including web, Mac, Windows, Linux, iOS, and Android. All the desktop applications are based off the main web codebase, and are bundled using Electron, while the iOS and Android app use their own native codebases respectively, one in Swift and the other in Kotlin. And as a new company without a lot of resources, this setup has just barely allowed us to enter the marketplace. Three codebases is two too many codebases to maintain. Every time we make a change, we have to make it in three different places, violating the most sacred tenet of computer science of keeping it DRY. As a one-person team deploying on all these platforms, even the most minor change will take at minimum three development days, one for each codebase. This includes debugging, fixing, testing, bundling, deploying, and distributing every single codebase. This is by no means an easy task.
Google

Google Allo For Chrome Finally Arrives, But Only For Android Users (engadget.com) 88

Google Allo, the chat app that arrived on the iPhone and Android devices last year, now has a web counterpart. Head of product for Allo and video chat app Duo, Amit Fulay, tweeted: "Allow for web is here! Try it on Chrome today. Get the latest Allo build on Android before giving it a spin." Engadget reports: To give it a go, you'll need to open the Allo app on your device and use that to scan a QR code you can generate at this link. Once you've scanned the code, Allo pulls up your chat history and mirrors all the conversations you have on your phone. Most of Allo's key features, including smart replies, emoji, stickers and most importantly the Google Assistant are all intact here. In fact, this is the first time you can really get the full Google Assistant experience through the web; it's been limited to phones and Google Home thus far.
Software

App Developers Should Charge More If They Want People To Buy Subscriptions, Suggests Report (theverge.com) 50

A new report from Liftoff, a Silicon Valley-based mobile app marketing and retargeting firm, says that subscription-based apps may do better if developers charge a higher price for services, rather than setting prices too low to lure users in initially. The Verge reports: The Liftoff report, which analyzed data gathered between June 2016 and June 2017, categorized app subscriptions into low-cost monthly subs ($0.99 to $7), medium ($7 to $20), and high-cost subs ($20 to $50), while also factoring the cost of acquisition per customer. The company found that apps in the medium price range had the highest conversion rate -- 7.16 percent -- and the lowest cost to acquire a subscriber, at just over $106 dollars. This was five times higher than the rate of people who subscribed to apps when the apps were in the low-cost category. This may partly be because streaming media apps, like Netflix and Spotify, have already conditioned people to pay around $10 a month for services. But it also might be attributable to the sunk cost fallacy, Liftoff says: the "cognitive bias people have that makes them stay the course because they have already spent time or resources on it." The report also examines apps that fulfill "need states," like dating apps or cloud services. These have the potential to offer services that customers are willing to pay for, again and again. But, according to Liftoff, utility apps have a much higher install-to-subscriber rate compared to dating apps. Blame those who eventually find love?
Businesses

Snap Sold Fewer Than 42K Spectacles, Down 35% In Q2 (androidheadlines.com) 50

The hype surrounding Snap's Spectacles appears to be dwindling. Their sales have decreased by 35 percent in the second quarter of the year, with the company's latest consolidated financial report revealing that its "Other" revenue amounted to $5.4 million over the three-month period ending June 30. Android Headlines reports: With Spectacles being the company's only miscellaneous endeavor at this point in time and sporting a $130 price tag that has yet to see any discounts, it seems that the Venice, Los Angeles-based social media giant managed to only sell approximately 41,500 units of its first wearable in Q2 2017. During the first quarter of the year that also disappointed investors, Snap's "Other" business category recorded a revenue of $8.3 million, suggesting that the firm managed to sell around 64,000 units. The overall commercial performance of Spectacles may still improve during the current quarter as Snap just recently made the smart sunglasses available on Amazon, in addition to partnering with a number of physical retailers. Likewise, the Snapbot vending machines selling Spectacles only started appearing in Europe in June and are still popping up in a number of major cities on the Old Continent, which is another factor that could help improve the sales figures of Snap's camera-equipped pair of sunglasses. Regardless, the current state of affairs is unlikely to please investors, especially in light of the fact that Snap recently proclaimed itself to be "a camera company," noting how Snapchat is just one aspect of its product vision that's meant to incorporate a wide variety of photography-oriented hardware.
The Military

US Army Walks Back Decision To Ban DJI Drones Ever So Slightly (suasnews.com) 27

garymortimer shares a report from sUAS News: News has reached me that another DJI memo was passed around on Friday the 11th of August. An exception to policy with recommendations from the asymmetric warfare group that will permit the use of DJI kit once some conditions have been met. The Android Tactical Assault Kit will become the ground control station (GCS) of choice when a DJI plugin has passed OPSEC (Operational Security) scrutiny. In a separate report from Reuters, DJI said it is "tightening data security in the hopes that the U.S. Army will lift its ban on DJI drones because of 'cyber vulnerabilities.'" The company is "speeding deployment of a system that allows users to disconnect from the internet during flights, making it impossible for flight logs, photos or videos to reach DJI's computer servers," reports Reuters. While the security measure has been in the works for several months, it's being rolled out sooner than planned because of the Army's decision to discontinue the use of DJI drones.
Businesses

Andy Rubin's Essential Is Now Valued at Over a Billion Dollars Without Shipping a Single Phone (theverge.com) 75

An anonymous reader shares a report: Essential, the new phone startup from Android founder Andy Rubin, is now a unicorn, according to reports from over the weekend. If you're not up to date on the parlance of Silicon Valley, a unicorn is a company that's valued at over $1 billion dollars, which is no small feat in today's market. This title is even more impressive, given that Essential has yet to ship a single device to consumers. According to a report, Foxconn's FIH Mobile filing for a $3 million investment in Essential for around 0.25 percent of the fledgling phone company revealed Essential's new unicorn status with a valuation of around $1.2 billion.
Security

Spyware Apps Found on Google Play Store (bleepingcomputer.com) 37

Researchers at the security firm Lookout have identified a family of malicious Android apps, referred to as SonicSpy. From a report: Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store. In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself. At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.
Iphone

Apple Refuses To Enable iPhone Emergency Settings that Could Save Countless Lives (thenextweb.com) 279

An anonymous reader shares a report: Despite being relatively easy, Apple keeps ignoring requests to enable a feature called Advanced Mobile Location (AML) in iOS. Enabling AML would give emergency services extremely accurate locations of emergency calls made from iPhones, dramatically decreasing response time. As we have covered before, Google's successful implementation of AML for Android is already saving lives. But where Android users have become safer, iPhone owners have been left behind. The European Emergency Number Association (EENA), the organization behind implementing AML for emergency services, released a statement today that pleads Apple to consider the safety of its customers and participate in the program: "As AML is being deployed in more and more countries, iPhone users are put at a disadvantage compared to Android users in the scenario that matters most: An emergency. EENA calls on Apple to integrate Advanced Mobile Location in their smartphones for the safety of their customers." Why is AML so important? Majority of emergency calls today are made from cellphones, which has made location pinging increasingly more important for emergency services. There are many emergency apps and features in development, but AML's strength is that it doesn't require anything from the user -- no downloads and no forethought: The process is completely automated. With AML, smartphones running supporting operating systems will recognize when emergency calls are being made and turn on GNSS (global navigation satellite system) and Wi-Fi. The phone then automatically sends an SMS to emergency services, detailing the location of the caller. AML is up to 4,000 times more accurate than the current systems -- pinpointing phones down from an entire city to a room in an apartment. "In the past months, EENA has been travelling around Europe to raise awareness of AML in as many countries as possible. All these meetings brought up a recurring question that EENA had to reply to: 'So, what about Apple?'" reads EENA's statement.
Android

T-Mobile To Launch Its Own Branded Budget Smartphone (cnet.com) 16

In a throwback to a time when carriers differentiated themselves by branding and selling exclusive phones, T-Mobile announced Wednesday that it's launching its very own budget Android smartphone called the Revvl. CNET reports: The Revvl, which runs on Android Nougat, offers pretty basic specs: a 5.5 inch HD display, 2GB of RAM, 32GB of storage, a 13-megapixel rear-facing camera a 5-megapixel front-facing camera. But it also throws in a fingerprint sensor and will cost T-Mobile customers just $5 a month with no down payment through the company's Jump! upgrade program. It goes on sale Thursday. In a blog post, T-Mobile COO Mike Sievert said the company is catering to those who want the latest smartphone technology but can't afford to pay for high-end devices.
Operating Systems

Android 8.0's 'Streaming OS Updates' Will Work Even If Your Phone Is Full (arstechnica.com) 40

Regardless of whether or not your phone is full of pictures, or videos, or apps, you will still be able to download and install an OS update with Android 8.0. According to the latest source.android.com documentation, Google has cooked up a scheme to make sure that an "insufficient space" error will never stop an update again. Ars Technica reports: Where the heck can Google store the update if your phone is full, though? If you remember in Android 7.0, Google introduced a new feature called "Seamless Updates." This setup introduced a dual system partition scheme -- a "System A" and "System B" partition. The idea is that, when it comes time to install an update, you can normally use your phone on the online "System A" partition while an update is being applied to the offline "System B" partition in the background. Rather than the many minutes of downtime that would normally occur from an update, all that was needed to apply the update was a quick reboot. At that point, the device would just switch from partition A to the newly updated partition B. When you get that "out of space" error message during an update, you're only "out of space" on the user storage partition, which is just being used as a temporary download spot before the update is applied to the system partition. Starting with Android 8.0, the A/B system partition setup is being upgraded with a "streaming updates" feature. Update data will arrive from the Internet directly to the offline system partition, written block by block, in a ready-to-boot state. Instead of needing ~1GB of free space, Google will be bypassing user storage almost entirely, needing only ~100KB worth of free space for some metadata. Ars Technica goes on to note that the feature will be backported to Google Play Services, and will be enabled on "Android 7.0 and later" devices with a dual system partition setup.
Youtube

YouTube Adds Mobile Chat, Because Google Doesn't Have Enough Messaging Apps (venturebeat.com) 25

Krystalo writes: YouTube today rolled out the ability to share videos with contacts directly in its mobile app for Android and iOS. Users can chat about shared videos using text, react with emoji, like messages with a heart, reply with other videos, and invite more friends to the conversation (up to a maximum of 30 people per group message). YouTube first started testing letting groups of users share and talk about videos in May 2016. The company then pushed the feature to Canada in January 2017 as a test, since Canadians share more videos online than any other nation. After some tweaks, the Google-owned company is now pushing it out to all its Android and iOS users. "We've been improving the feature since our experiments began last year," a YouTube spokesperson told VentureBeat. "For example, we've made changes to the chat visual; and we've made the video stick to the top of the chat when scrolling down, to allow replying and chatting while watching a video; and we'll continue making improvements." With the new update, YouTube has become yet another Google messaging app, on top of Android Messages, Allo, Duo, Hangouts Chat, and Hangouts Meet.
Debian

OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support (debian.org) 76

An anonymous reader writes: Debian Linux "sid" is deprecating TLS 1.0 Encryption. A new version of OpenSSL has been uploaded to Debian Linux unstable. This version disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version. This will likely break certain things that for whatever reason still don't support TLS 1.2. I strongly suggest that if it's not supported that you add support for it, or get the other side to add support for it. OpenSSL made a release 5 years ago that supported TLS 1.2. The current support of the server side seems to be around 90%. I hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don't need to enable them again. This move caused some concern among Debian users and sysadmins. If you are running Debian Unstable on server tons of stuff is going to broken cryptographically. Not to mention legacy hardware and firmware that still uses TLS 1.0. On the client side (i.e. your users), you need to use the latest version of a browser such as Chrome/Chromium and Firefox. The Older version of Android (e.g. Android v5.x and earlier) do not support TLS 1.2. You need to use minimum iOS 5 for TLS 1.2 support. Same goes with SMTP/mail servers, desktop email clients, FTP clients and more. All of them using old outdated crypto.

This move will also affect for Android 4.3 users or stock MS-Windows 7/IE users (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto.

Cellphones

Ask Slashdot: Are My Drone Apps Phoning Home? 132

Slashdot reader bitwraith noticed something suspicious after flying "a few cheap, ready-to-fly quadcopters" with their smartphone apps, including drones from Odyssey and Eachine. I often turn off my phone's Wi-Fi support before plugging it in to charge at night, only to discover it has mysteriously turned on in the morning. After checking the Wi-Fi Control History on my S7, it appears as though the various cookie-cutter apps for these drones wake up to phone home in the night after they are opened, while the phone is charging. I tried contacting the publisher of the Odyssey VR app, with no reply.

I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?

The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?

Are the drone apps phoning home?
Biotech

How Apple Is Putting Voices In Users' Heads -- Literally (wired.com) 91

schwit1 shared WIRED's report on "a life-changing technology." Steven Levy spoke with Mathias Bahnmueller as he tested a new Apple sound processor that beams digital audio directly into hearing aids. Bahnmueller suffers from hearing loss so severe that a year ago he underwent surgery to install a cochlear implant -- an electronic device in the inner ear that replaces the usual hearing mechanism. Around a million patients have undergone this increasingly mainstream form of treatment, and that's just a fraction of those who could benefit from it. (Of the 360 million people worldwide with hearing loss, about 10 percent would qualify for the surgery.) "For those who reach a point where hearing aids no longer help, this is the only solution," says Allison Biever, an audiologist in Englewood, CO who works with implant patients. "It's like restoring a signal in a radio station."

Cochlear implants bypass the usual hearing process by embedding a device in the inner ear and connecting it via electrodes to the nerve that sends audio signals to the brain... The system Bahnmueller was using came from a collaboration between Apple and Cochlear, a company that has been involved with implant technology since the treatment's early days. The firms announced last week that the first product based on this approach, Cochlear's Nucleus 7 sound processor, won FDA approval in June -- the first time that the agency has approved such a link between cochlear implants and phones or tablets. Those using the system can not only get phone calls directly routed inside their skulls, but also stream music, podcasts, audio books, movie soundtracks, and even Siri -- all straight to the implant... Apple will offer the technology free to qualified manufacturers.

Google's accessibility team for Android has no public timeline for any similar hearing aid support, though according to the article it's "on the roadmap."
Android

BLU Claims Innocence, Gets Phones Reinstated On Amazon (slashgear.com) 43

Earlier this week, Amazon suspended budget phone maker BLU from selling its phones on the site, citing a "potential security issue." A few days have passed and BLU has made its defense. SlashGear reports: AdUps, the Chinese company that provides affordable firmware update software to countless budget Android phones, is not spyware and not even Kryptowire, the security firm that broke the news last year, called it that, insists BLU. To be fair, Kryptowire really didn't. In its 2016 report, it simply described AdUps' OTA software as "FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE." Curiously, that is more or less how the FTC defines spyware (PDF). In its 2017 follow-up, it did drop the second part of that phrase and simply reported on "mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties." While BLU, and a few other OEMs, was caught unaware by the first report, it's insisting on its innocence in this second instance. Its defense stems from the argument that it is doing nothing that violates its Privacy Policy and, therefore, doesn't constitute any wrongdoing. Yes, that privacy policy that barely anyone reads, which can't legally be blamed on manufacturers anyway.

In other words, when you agreed to use BLU's devices, you basically agreed that such PII could possibly be transmitted to a third party outside the US. In this particular case, that does apply to the situation with AdUps. Interestingly, the policy's copyright dates back to 2016, when the AdUps issue first came up. The Internet Archives doesn't seem to have any version of that page before April this year. And so we come to BLU's second arguments: everybody's doing it. The data that AdUps collects is the same or even just a fraction of what other OEMs are collecting. Google is hardly the bastion of privacy and other OEMs are also collecting such data and sending it to servers in China, as is the case with Huawei and ZTE. Finally, BLU says that Kryptowire's new report really only identifies the Cubot X16S, from a Chinese OEM, as the only smartphone really spying on its users.
UPDATE: BLU has confirmed that its devices "are now back up for sale on Amazon."

Slashdot Top Deals