Apple has announced changes to its U.S. App Store, allowing developers to link to alternative payment methods, "provided that the app also offer purchases through Apple's own In-App Purchase system," reports 9to5Mac. The change comes in light of the Supreme Court declining to hear Apple's appeal in its legal battle with Epic Games. From the report: The guideline says that developers can apply for an entitlement that allows them to include buttons or links directing users to out-of-app purchasing mechanisms: "Developers may apply for an entitlement to provide a link in their app to a website the developer owns or maintains responsibility for in order to purchase such items. Learn more about the entitlement. In accordance with the entitlement agreement, the link may inform users about where and how to purchase those in-app purchase items, and the fact that such items may be available for a comparatively lower price. The entitlement is limited to use only in the iOS or iPadOS App Store on the United States storefront. In all other storefronts, apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase."

According to Apple, the link to an alternative payment platform can only be displayed on "one app page the end user navigates to (not an interstitial, modal, or pop-up), in a single, dedicated location on such page, and may not persist beyond that page." Apple has provided templates that developers can use for communicating with customers about alternative in-app payment systems [...]. Apple has also confirmed that it will charge a commission on purchases made through alternative payment platforms. This commission will be 12% for developers who are a member of the App Store Small Business Program and 27% for other apps. The commission will apply to "purchases made within seven days after a user taps on an External Purchase Link and continues from the system disclosure sheet to an external website." Apple says developers will be required to provide accounting of qualifying out-of-app purchases and remit the appropriate commissions. [...] However, Apple also says that collecting this commission will be "exceedingly difficult and, in many cases, impossible." [...]

The other anti-steering change that Apple is required to make is to allow developers to communicate with customers outside of their apps about alternative purchasing options, such as via email. Apple made this change in 2021 as part of its settlement of a class-action lawsuit brought on by small developers.

For the first time ever, Apple beat out Samsung to ship the most smartphones in a year according to IDC's Worldwide Quarterly Mobile Phone Tracker. From a report: Although IDC cautions that its data is preliminary and subject to change, a second research agency, Canalys, also has Apple taking its top spot for all of 2023. IDC has Apple's total mobile shipments at 234.6 million, versus 226.6 million for Samsung. Xiaomi, Oppo, and Transsion round out the top five with 145.9, 103.1 and 94.9 million smartphones shipped, respectively.

IDC notes that the last time Samsung wasn't on top of the annual board was 13 years ago in 2010. Back then Apple didn't even feature in the top five. Instead it was Nokia in first place, Samsung in second, LG Electronics in third, ZTE in fourth, and Research in Motion (manufacturers of BlackBerry devices) in fifth.

The U.S. Supreme Court on Tuesday declined to hear a challenge by Apple to a lower court's decision requiring changes to certain rules in its lucrative App Store, as the justices shunned the lengthy legal battle between the iPhone maker and Epic Games, maker of the popular video game "Fortnite." Reuters: The justices also turned away Epic's appeal of the lower court's ruling that Apple's App Store policies limiting how software is distributed and paid for do not violate federal antitrust laws. The justices gave no reasons for their decision to deny the appeals. In a series of posts on X, Epic CEO Tim Sweeney wrote: The Supreme Court denied both sides' appeals of the Epic v. Apple antitrust case. The court battle to open iOS to competing stores and payments is lost in the United States. A sad outcome for all developers. Now the District Court's injunction against Apple's anti-steering rule is in effect, and developers can include in their apps "buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to IAP."

As of today, developers can begin exercising their court-established right to tell US customers about better prices on the web. These awful Apple-mandated confusion screens are over and done forever. The fight goes on. Regulators are taking action and policymakers around the world are passing new laws to end Apple's illegal and anticompetitive app store practices. The European Union's Digital Markets Act goes into effect March 7.

After removing the feature with Android 5.0 in 2015, Google appears to be bringing back lock screen widgets in the next version of Android. "There haven't been any indications since then that Google would ever bring this feature back," notes Android Authority. "But after Apple introduced widgets to the iPhone lock screen in iOS 16, many speculated that it was only a matter of time." From the report: As for how they might do that, there seem to be two different approaches that are being developed. The first one involves the creation of a new "communal" space -- an area on the lock screen that might be accessed by swiping inward from the right. Although the communal space is still unfinished, I was able to activate it in the new Android 14 QPR2 Beta 3 update. Once I activated the communal space, a large gray bar appeared on the right side of the lock screen on my Pixel device. After swiping inward, a pencil icon appeared on the top left of the screen. Tapping this icon opened a widget selector that allowed me to add widgets from Google Calendar, Google Clock, and the Google App, but I wasn't able to add widgets from most of my other apps. This is because the widget category needs to be set to KEYGUARD in order for it to appear in this selector. KEYGUARD is a category Google introduced in Android 4.2 Jelly Bean that very few apps utilize today since the lock screen hasn't supported showing widgets in nearly a decade. After adding the widgets for Google Clock and Google Finance, I returned to the communal space by swiping inward from the right on the lock screen. The widgets were indeed shown in this space without me needing to unlock the device. However, the lock screen UI was shown on top of the widgets, making things difficult to see. Clearly, this feature is still a work in progress in the current beta. [...]

While it's possible this communal space won't be coming to all devices, there's another way that Google could bring widgets back to the lock screen for Android phones: leveraging At a Glance. If you aren't familiar, Pixel phones have a widget on the home screen and lock screen called At a Glance. The interesting thing about At a Glance is that it isn't actually a widget but rather a "custom element behaving like a widget," according to developer Kieron Quinn. Under the hood, At a Glance is built on top of Smartspace, the API that is responsible for creating the various cards you can swipe through. Although Smartspace supports creating a variety of card types, it currently can't handle RemoteViews, the API on which Android app widgets are built. That could change soon, though, as Google is working on including RemoteViews into the Smartspace API.

It's unclear whether this will allow raw widgets from all apps to be included in At a Glance, since it's also possible that Google is only implementing this so it has more freedom in building new cards. Either way, this new addition to the Smartspace API would supercharge the At a Glance widget in Android 15, and we're excited to see what Google has in store for us.

According to Bloomberg, Apple's AirDrop feature has been cracked by a Chinese state-backed institution to identify senders who share "undesirable content". MacRumors reports: AirDrop is Apple's ad-hoc service that lets users discover nearby Macs and iOS devices and securely transfer files between them over Wi-Fi and Bluetooth. Users can send and receive photos, videos, documents, contacts, passwords and anything else that can be transferred from a Share Sheet. Apple advertises the protocol as secure because the wireless connection uses Transport Layer Security (TLS) encryption, but the Beijing Municipal Bureau of Justice (BMBJ) says it has devised a way to bypass the protocol's encryption and reveal identifying information.

According to the BMBJ's website, iPhone device logs were analyzed to create a "rainbow table" which allowed investigators to convert hidden hash values into the original text and correlate the phone numbers and email accounts of AirDrop content senders. The "technological breakthrough" has successfully helped the public security authorities identify a number of criminal suspects, who use the AirDrop function to spread illegal content, the BMBJ added. "It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences," the bureau added.

It is not known if the security flaw in the AirDrop protocol has been exploited by a government agency before now, but it is not the first time a flaw has been discovered. In April 2021, German researchers found that the mutual authentication mechanism that confirms both the receiver and sender are on each other's address book could be used to expose private information. According to the researchers, Apple was informed of the flaw in May of 2019, but did not fix it.

Amazon introduced a new feature that mimics Apple's AirPlay while working across different platforms, setting the stage for iPhone and Android users to wirelessly stream video to its TV hardware. From a report: The feature, called Matter Casting, is part of a push by Amazon to create interoperable services -- an alternative to the propriety technology developed by Apple and Google. It will make it easier for iOS and Android phones to send video to Amazon devices, such as its Fire TV boxes and sticks, as well as the Echo Show 15 smart display. [...] The feature will work with a range of other video services, including Plex, Pluto TV, Sling TV, Starz and ZDF, Amazon said.

Shortly after the premium email service Hey announced a standalone Hey Calendar app, co-founder David Heinemeier Hansson said it was rejected by Apple for violating App Store rules.

"Apple just called to let us know they're rejecting the HEY Calendar app from the App Store (in current form)," wrote DHH on X. "Same bullying tactics as last time: Push delicate rejections to a call with a first-name-only person who'll softly inform you it's your wallet or your kneecaps. Since it's clear we're never going to pay them the extortionate 30% ransom, they're back to the bullshit about 'the app doesn't do anything when you download it.' Despite the fact that after last time, they specifically carved out HEY in App Store Review Guidelines 3.1.3 (f)!" The Verge's Amrita Khalid reports: New users can't sign up for Hey Calendar directly on the app -- Basecamp, which makes Hey, makes users first sign up through a browser. Apple's App Store rules require most paid services to offer users the ability to pay and sign up through the app, ensuring the company gets up to a 30 percent cut. The controversial rule has a ton of gray areas and carve-outs (i.e. reader apps like Spotify and Kindle get an exception) and is the subject of antitrust fights in multiple countries. But as Hansson detailed on X and in a subsequent blog post, he found Apple's rejection insulting for another reason. Close to four years ago, the company rejected Hey's original iOS app for its email service for the exact same reason.

The outcome of the 2020 fight actually worked out in Hey's favor. After days of back and forth between Apple's App Store Review Board and Basecamp, the Hey team agreed to a rather creative solution suggested by Apple exec Phil Schiller. Hey would offer a free option for the iOS app, allowing new users to sign up directly. But the company had a slight twist -- users who signed up via the iOS app got a free, temporary randomized email address that worked for 14 days -- after which they had to pay to upgrade. Currently, Hey email users can only pay for an account through the browser. Following the saga with Hey, Apple made a carve-out to its App Store rules that stated that free companion apps to certain types of paid web services were not required to have an in-app payment mechanism. But, as Hansson mentions on X, a calendar app wasn't mentioned in the list of services that Apple now makes an exception for, which includes VOIP, cloud storage, web hosting -- and of course -- email. Hansson plans to fight Apple's decision without elaborating on exactly how he intends to do so.

TechCrunch reports: Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi's government. Officials publicly doubted Apple's findings and announced a probe into device security.

India has never confirmed nor denied using the Pegasus tool, but nonprofit advocacy group Amnesty International reported Thursday that it found NSO Group's invasive spyware on the iPhones of prominent journalists in India, lending more credibility to Apple's early warnings. "Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation," said Donncha Ã" Cearbhaill, head of Amnesty International's Security Lab, in the blog post.
Cloud security company Lookout has also published "an in-depth technical look" at Pegasus, calling its use "a targeted espionage attack being actively leveraged against an undetermined number of mobile users around the world." It uses sophisticated function hooking to subvert OS- and application-layer security in voice/audio calls and apps including Gmail, Facebook, WhatsApp, Facetime, Viber, WeChat, Telegram, Apple's built-in messaging and email apps, and others. It steals the victim's contact list and GPS location, as well as personal, Wi-Fi, and router passwords stored on the device...

According to news reports, NSO Group sells weaponized software that targets mobile phones to governments and has been operating since 2010, according to its LinkedIn page. The Pegasus spyware has existed for a significant amount of time, and is advertised and sold for use on high-value targets for multiple purposes, including high-level espionage on iOS, Android, and Blackberry.
Thanks to Slashdodt reader Mirnotoriety for sharing the news.

An anonymous reader quotes a report from The Register: Bruce Perens, one of the founders of the Open Source movement, is ready for what comes next: the Post-Open Source movement. "I've written papers about it, and I've tried to put together a prototype license," Perens explains in an interview with The Register. "Obviously, I need help from a lawyer. And then the next step is to go for grant money." Perens says there are several pressing problems that the open source community needs to address. "First of all, our licenses aren't working anymore," he said. "We've had enough time that businesses have found all of the loopholes and thus we need to do something new. The GPL is not acting the way the GPL should have done when one-third of all paid-for Linux systems are sold with a GPL circumvention. That's RHEL." RHEL stands for Red Hat Enterprise Linux, which in June, under IBM's ownership, stopped making its source code available as required under the GPL. Perens recently returned from a trip to China, where he was the keynote speaker at the Bench 2023 conference. In anticipation of his conversation with El Reg, he wrote up some thoughts on his visit and on the state of the open source software community. One of the matters that came to mind was Red Hat.

"They aren't really Red Hat any longer, they're IBM," Perens writes in the note he shared with The Register. "And of course they stopped distributing CentOS, and for a long time they've done something that I feel violates the GPL, and my defamation case was about another company doing the exact same thing: They tell you that if you are a RHEL customer, you can't disclose the GPL source for security patches that RHEL makes, because they won't allow you to be a customer any longer. IBM employees assert that they are still feeding patches to the upstream open source project, but of course they aren't required to do so. This has gone on for a long time, and only the fact that Red Hat made a public distribution of CentOS (essentially an unbranded version of RHEL) made it tolerable. Now IBM isn't doing that any longer. So I feel that IBM has gotten everything it wants from the open source developer community now, and we've received something of a middle finger from them. Obviously CentOS was important to companies as well, and they are running for the wings in adopting Rocky Linux. I could wish they went to a Debian derivative, but OK. But we have a number of straws on the Open Source camel's back. Will one break it?"

Another straw burdening the Open Source camel, Perens writes, "is that Open Source has completely failed to serve the common person. For the most part, if they use us at all they do so through a proprietary software company's systems, like Apple iOS or Google Android, both of which use Open Source for infrastructure but the apps are mostly proprietary. The common person doesn't know about Open Source, they don't know about the freedoms we promote which are increasingly in their interest. Indeed, Open Source is used today to surveil and even oppress them." Free Software, Perens explains, is now 50 years old and the first announcement of Open Source occurred 30 years ago. "Isn't it time for us to take a look at what we've been doing, and see if we can do better? Well, yes, but we need to preserve Open Source at the same time. Open Source will continue to exist and provide the same rules and paradigm, and the thing that comes after Open Source should be called something else and should never try to pass itself off as Open Source. So far, I call it Post-Open." Post-Open, as he describes it, is a bit more involved than Open Source. It would define the corporate relationship with developers to ensure companies paid a fair amount for the benefits they receive. It would remain free for individuals and non-profit, and would entail just one license. He imagines a simple yearly compliance process that gets companies all the rights they need to use Post-Open software. And they'd fund developers who would be encouraged to write software that's usable by the common person, as opposed to technical experts.

Pointing to popular applications from Apple, Google, and Microsoft, Perens says: "A lot of the software is oriented toward the customer being the product -- they're certainly surveilled a great deal, and in some cases are actually abused. So it's a good time for open source to actually do stuff for normal people." The reason that doesn't often happen today, says Perens, is that open source developers tend to write code for themselves and those who are similarly adept with technology. The way to avoid that, he argues, is to pay developers, so they have support to take the time to make user-friendly applications. Companies, he suggests, would foot the bill, which could be apportioned to contributing developers using the sort of software that instruments GitHub and shows who contributes what to which products. Merico, he says, is a company that provides such software. Perens acknowledges that a lot of stumbling blocks need to be overcome, like finding an acceptable entity to handle the measurements and distribution of funds. What's more, the financial arrangements have to appeal to enough developers. "And all of this has to be transparent and adjustable enough that it doesn't fork 100 different ways," he muses. "So, you know, that's one of my big questions. Can this really happen?" Perens believes that the General Public License (GPL) is insufficient for today's needs and advocates for enforceable contract terms. He also criticizes non-Open Source licenses, particularly the Commons Clause, for misrepresenting and abusing the open-source brand.

As for AI, Perens views it as inherently plagiaristic and raises ethical concerns about compensating original content creators. He also weighs in on U.S.-China relations, calling for a more civil and cooperative approach to sharing technology.

You can read the full, wide-ranging interview here.

Alphabet will pay $700 million and alter its Google Play policies to settle claims that the app store unlawfully dominates the Android mobile applications market, resolving antitrust complaints brought by attorneys general of about three dozen states and consumers. From a report: The deal disclosed in a court filing late Monday calls for tweaks to Google Play policies designed to reduce barriers to competition in the markets for app distribution and payment processing. The lawsuits that were grouped together in federal court in California had threatened billions of dollars in revenue generated by the sale and distribution of apps through Google Play. Google will also make a series of changes to its business practices as part of the settlement. In a blog post, the Android-maker said: Streamlining sideloading while prioritizing security: Unlike on iOS, Android users have the option to sideload apps, meaning they can download directly from a developer's website without going through an app store like Google Play. While we maintain it is critical to our safety efforts to inform users that sideloading on mobile could come with unique risks, as part of our settlement we will be further simplifying the sideloading process and updating the language that informs users about these potential risks of downloading apps directly from the web for the first time.
Expanding user choice billing to more people: App and game developers will be able to implement an alternative billing option alongside Google Play's billing system for their U.S. users who can then choose which option to use when making in-app purchases. We have been piloting user choice billing in the U.S. for over a year and will now expand this option further.
Expanding open communication on pricing: We have always given developers more ways to interact with their customers than iOS and other operating systems. For example, Google Play allows developers to communicate freely with their customers outside the app about subscription offers or lower-cost options available on a rival app store or the developer's website. This openness has spurred competition and benefited consumers and developers. As part of user choice billing, which we're expanding with today's settlement announcement, developers are also able to show different pricing options within the app when a user makes a digital purchase.

Forbes recently published this article by author/speaker Nina Xiang, who reports that Huawei is pushing forward with "an amibitious plan to dethrone Android." Hundreds of technical experts from many of China's biggest state-owned and private companies, including the Industrial and Commercial Bank of China (ICBC), China Telecom, Meituan, and Baidu, all gathered in Beijing last month. The purpose behind the meeting was for their staff to receive training so they could be certified as developers on Huawei's Harmony Operation System (OS).

While most observers were looking the other way, Huawei has been quietly building an independent Chinese operating system that isn't subject to U.S. sanctions. In the four years after the telecom giant was banned from using Google apps, the Shenzhen-based company has been making significant strides toward achieving its long-term goal: To dethrone Android and make its HarmonyOS the default operating system in China.

Looking at the data for smartphone sales in China shows that HarmonyOS had the third-largest share with 10% in the second quarter of 2023, thanks to a strong resurgence in sales of Huawei smartphones. Although it's still well below Android's dominant 72%, it's not far from iOS's 17%... Huawei already says more than 700 million devices (including phones, smart devices, computers, and others) were equipped with HarmonyOS as of August this year, with over 2.2 million developers actively building within the ecosystem...

A key moment will come next year, when Huawei says HarmonyOS will no longer be compatible with Android apps.

Earlier this week Google Maps stopped storing user location histories in the cloud. But why did Google make this move? Bloomberg reports that it was "so that the company no longer has access to users' individual location histories, cutting off its ability to respond to law enforcement warrants that ask for data on everyone who was in the vicinity of a crime." The company said Thursday that for users who have it enabled, location data will soon be saved directly on users' devices, blocking Google from being able to see it, and, by extension, blocking law enforcement from being able to demand that information from Google. "Your location information is personal," said Marlo McGriff, director of product for Google Maps, in the blog post. "We're committed to keeping it safe, private and in your control."

The change comes three months after a Bloomberg Businessweek investigation that found police across the US were increasingly using warrants to obtain location and search data from Google, even for nonviolent cases, and even for people who had nothing to do with the crime. "It's well past time," said Jennifer Lynch, the general counsel at the Electronic Frontier Foundation, a San Francisco-based nonprofit that defends digital civil liberties. "We've been calling on Google to make these changes for years, and I think it's fantastic for Google users, because it means that they can take advantage of features like location history without having to fear that the police will get access to all of that data."

Google said it would roll out the changes gradually through the next year on its own Android and Apple Inc.'s iOS mobile operating systems, and that users will receive a notification when the update comes to their account. The company won't be able to respond to new geofence warrants once the update is complete, including for people who choose to save encrypted backups of their location data to the cloud.
The EFF general counsel also pointed out to Bloomberg that "nobody else has been storing and collecting data in the same way as Google." (Apple, for example, is technically unable to provide the same data to police.)

Google Maps will soon give you the option to store your location data on your device instead of in the cloud. Android Police reports: In the coming year, Google is planning to switch things up by defaulting to saving your Timeline directly on your device instead of the cloud. You'll also have the option to wipe out bits or the whole information dossier whenever you want and disable location history completely. When you're jumping ship to a new device and want to keep your data close, you always have the option to back it up in the cloud. Google assures you that it'll lock it up with encryption.

Another significant update is the shorter default amount of time before your location history is auto-deleted. Soon, when you turn on location history, the default auto-delete time shrinks to three months. In the past, it used to hang around for 18 months by default. If you're the sentimental type, you can extend the Timeline's lifespan or turn off the auto-delete option. Google Maps has another nifty trick up its sleeve: soon, you can erase all traces of your trips with just a few taps. Say you've got a favorite hangout spot and you want to keep it to yourself. You can wipe the slate clean right from the app, whether it's searches, directions, visits, or shares. This handy feature is making its debut on Maps for Android and iOS in the next few weeks.

Finally, you will soon be able to click on the blue dot on the map to view your Location History and Timeline at a glance. It allows you to tweak what you share and store on Maps, all without having to dive into the settings. Currently, the blue dot only gives you some neat shortcuts for parking saves and location sharing.

According to the Wall Street Journal, Apple is including new Stolen Device Protection in iOS 17.3 that requires authentication through Face ID or Touch ID to perform certain actions. The Verge reports: The new feature appears to come in response to the concerns raised in previous reports by The Wall Street Journal describing how thieves watch their victims type in their iPhone passcodes and then steal their devices. This gives thieves access to a trove of personal and financial information stored on the device, allowing them to lock victims out of their iCloud accounts and spend thousands of dollars using saved payment information.

If you opt in to the feature, you would have to verify your identity with face or fingerprint biometrics when doing things like viewing your saved passwords in iCloud Keychain, applying for a new Apple Card, factory resetting your device, using saved payment methods in Safari, and turning off Lost Mode. This way, thieves wouldn't be able to steal your information even if they have your phone and the passcode.

For even more sensitive actions, like changing your Apple ID password, changing your iPhone passcode, or turning off Find My, the new Stolen Device Protection feature adds an additional hurdle if the device is somewhere other than locations you often frequent, like at home or in the office. It requires you to not only verify your identity with Face ID or Touch ID but also wait one hour and then repeat the authentication process again.

With iOS 17.2 rolling out today, Apple is giving users the ability to record spatial videos on their iPhone 15 Pro and iPhone 15 Pro Max. "The new feature lets users film in three dimensions and experience their favorite memories and special moments on Apple Vision Pro, the upcoming mixed-reality headset," reports TechCrunch. From the report: In order to create a three-dimensional video, Apple explains that the iPhone uses both the main and ultrawide cameras when recording. This is then saved as a single file within a new album in the Photos app titled "Spatial." The videos will also sync across devices with iCloud. Spatial videos are captured in 1080p resolution at 30 frames per second. Spatial video recording can be enabled in Settings by toggling on "Spatial Video for Apple Vision Pro" in the Camera section under Formats. Apple suggests holding the iPhone in landscape orientation for optimal results. Spatial videos can be viewed on all iPhones and other devices; however, they'll appear as regular, 2D videos.

The new feature allows users to record videos that Apple's senior vice president of worldwide marketing, Greg Joswiak, describes as "magical" and "setting a new bar for what's possible." While that's marketing speak, it's a differentiator for Apple's high-end iPhone, and will deepen users' connections with Apple's latest product, the AR/VR headset, launching next year. As part of today's release, Apple also launched its Journal app, which is designed to allow iOS users to record key moments in their lives.

Google Play Movies & TV will be replaced with Google TV on January 17, 2024. 9to5Google reports: Since the 2020 launch of the Google TV platform, that branding has replaced Play Movies & TV in areas such as mobile apps, but that's also led to the choice to do away with Play Movies & TV branding basically everywhere else. In October, that decision also made its way to Android TV, and the app has not been working ever since. Despite some confusion over the past few days, the app currently just redirects to Android TV's "Shop" tab, which has been widely available for months.

In a new post, Google explains that it will do away with the last parts of Google Play Movies & TV in January 2024: "With these changes, Google Play Movies & TV will no longer be available on Android TV devices or the Google Play website.* However, you'll still be able to access all of your previously purchased titles (including active rentals) on Android TV devices, Google TV devices, the Google TV mobile app (Android and iOS), and YouTube."

On January 17, Play Movies & TV will officially cease for good on Android TV. For anyone who does still have the app working -- again, most users cannot use the app already -- the "Shop" tab will become the only option. Similarly, Google says that Play Movies & TV will cease on other remaining platforms that same date. Any cable boxes with the app integrated will also lose it, and in turn pushed to the YouTube app for continued access to purchased content. Web access via play.google.com/movies will also go away, with youtube.com/movies becoming the alternative.

The Browser Company's Chromium-based Arc browser, which aims to rethink the whole browser UI with a sidebar for tabs and lots of personalization options, is finally coming to Windows. In a post on X, the Browser Company says it's sent out the first Windows beta invites. It's currently only available for iOS and Mac users. Slashdot reader dokjest shares the email they received: Hey there,

Hursh here, CTO at the Browser Co, with some exciting news! A little while ago, you signed up for a brand new browser, Arc -- one that The Verge called "The Chrome replacement I've been waiting for" and Shopify's CEO named as "the best browser." Well, starting today, we're onboarding our very first beta testers to Arc on Windows. And you're next!

Over the coming weeks, our team will be onboarding hundreds of beta testers to Arc. And come January, we'll be welcoming 1,000s of you from the waitlist every week. If you don't mind a few bugs and some rough edges, sign up as a beta tester and we'll prioritize your invite to Arc! For us, this period leading up to our Windows release is about crafting the very best version of Arc that we can. And that means learning from you -- what you love, what's missing, what doesn't feel quite right. It still feels surreal to say, but it really does all begin today. Follow along for some fun on isarconwindowsyet.com -- And we'll see you very soon!

- Hursh and The Browser Co Crew

P.S. If you have a friend on Windows with one too many tabs, who could use a better browser -- forward this on to them, too! If you want to get on the beta waitlist, you can sign up here.

Apple today released iOS 17.2 and iPadOS 17.2, the second major updates to the iOS 17 and iPadOS 17 operating systems that came out in September. From a report: The iOS 17.2 update includes the new Journal app, which is designed to allow iOS users to record key moments in their lives. The Journal app includes journaling suggestions, scheduled notifications, and options for adding photos, locations, and more.

Slow load times? Choppy videos? The real problem is latency, writes the Verge — but the good news is "there's a plan to almost eliminate latency, and big companies like Apple, Google, Comcast, Charter, Nvidia, Valve, Nokia, Ericsson, T-Mobile parent company Deutsche Telekom, and more have shown an interest." It's a new internet standard called L4S that was finalized and published in January, and it could put a serious dent in the amount of time we spend waiting around for webpages or streams to load and cut down on glitches in video calls. It could also help change the way we think about internet speed and help developers create applications that just aren't possible with the current realities of the internet... L4S stands for Low Latency, Low Loss, Scalable Throughput, and its goal is to make sure your packets spend as little time needlessly waiting in line as possible by reducing the need for queuing. To do this, it works on making the latency feedback loop shorter; when congestion starts happening, L4S means your devices find out about it almost immediately and can start doing something to fix the problem. Usually, that means backing off slightly on how much data they're sending... [L4S] makes it easier to maintain a good amount of data throughput without adding latency that increases the amount of time it takes for data to be transferred...

If you really want to get into it (and you know a lot about networking), you can read the specification paper on the Internet Engineering Task Force's website... The L4S standard adds an indicator to packets, which says whether they experienced congestion on their journey from one device to another. If they sail right on through, there's no problem, and nothing happens. But if they have to wait in a queue for more than a specified amount of time, they get marked as having experienced congestion. That way, the devices can start making adjustments immediately to keep the congestion from getting worse and to potentially eliminate it altogether... In terms of reducing latency on the internet, L4S or something like it is "a pretty necessary thing," according to Greg White, a technologist at research and development firm CableLabs who helped work on the standard. "This buffering delay typically has been hundreds of milliseconds to even thousands of milliseconds in some cases. Some of the earlier fixes to buffer bloat brought that down into the tens of milliseconds, but L4S brings that down to single-digit milliseconds...."

Here's the bad news: for the most part, L4S isn't in use in the wild yet. However, there are some big names involved with developing it... When we spoke to Greg White from CableLabs, he said there were already around 20 cable modems that support it today and that several ISPs like Comcast, Charter, and Virgin Media have participated in events meant to test how prerelease hardware and software work with L4S. Companies like Nokia, Vodafone, and Google have also attended, so there definitely seems to be some interest. Apple put an even bigger spotlight on L4S at WWDC 2023 after including beta support for it in iOS 16 and macOS Ventura... At around the same time as WWDC, Comcast announced the industry's first L4S field trials in collaboration with Apple, Nvidia, and Valve. That way, content providers can mark their traffic (like Nvidia's GeForce Now game streaming), and customers in the trial markets with compatible hardware like the Xfinity 10G Gateway XB7 / XB8, Arris S33, or Netgear CM1000v2 gateway can experience it right now...

The other factor helping L4S is that it's broadly compatible with the congestion control systems in use today...

An anonymous reader quotes a report from TechCrunch: A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed "AutoSpill," can expose users' saved credentials from mobile password managers by circumventing Android's secure autofill mechanism, according to university researchers at the IIIT Hyderabad, who discovered the vulnerability and presented their research at Black Hat Europe this week. The researchers, Ankit Gangwal, Shubham Singh and Abhijeet Srivastava, found that when an Android app loads a login page in WebView, password managers can get "disoriented" about where they should target the user's login information and instead expose their credentials to the underlying app's native fields, they said. This is because WebView, the preinstalled engine from Google, lets developers display web content in-app without launching a web browser, and an autofill request is generated.

"Let's say you are trying to log into your favorite music app on your mobile device, and you use the option of 'login via Google or Facebook.' The music app will open a Google or Facebook login page inside itself via the WebView," Gangwal explained to TechCrunch prior to their Black Hat presentation on Wednesday. "When the password manager is invoked to autofill the credentials, ideally, it should autofill only into the Google or Facebook page that has been loaded. But we found that the autofill operation could accidentally expose the credentials to the base app." Gangwal notes that the ramifications of this vulnerability, particularly in a scenario where the base app is malicious, are significant. He added: "Even without phishing, any malicious app that asks you to log in via another site, like Google or Facebook, can automatically access sensitive information."

The researchers tested the AutoSpill vulnerability using some of the most popular password managers, including 1Password, LastPass, Keeper and Enpass, on new and up-to-date Android devices. They found that most apps were vulnerable to credential leakage, even with JavaScript injection disabled. When JavaScript injection was enabled, all the password managers were susceptible to their AutoSpill vulnerability. Gangwal says he alerted Google and the affected password managers to the flaw. Gangwal tells TechCrunch that the researchers are now exploring the possibility of an attacker potentially extracting credentials from the app to WebView. The team is also investigating whether the vulnerability can be replicated on iOS.