Android

Even New Phones Are No Longer Guaranteed To Have the Latest Version of Android (theverge.com) 154

Vlad Savov, writing for The Verge: The OnePlus 5T and Razer Phone are two fundamentally different devices, which are nonetheless united by one unfortunate downside: both of them are going on sale this month without the latest version of Android on board. OnePlus will tell you that this issue is down to its extremely stringent testing process, while Razer offers a similar boilerplate about working as fast as possible to deliver Android Oreo. But we're now three months removed from Google's grand Oreo launch, timed to coincide with this summer's total eclipse, and all of these excuses are starting to ring hollow. Why do Android companies think they can ship new devices without the latest and best version of the operating system on board? The notorious fragmentation problem with Android has always been that not every device gets the latest update at the same time, and many devices get stuck on older software without ever seeing an update at all. What's changed now is that the "one version behind the newest and best" phenomenon is starting to infect brand new phones as well. The 5T and Razer Phone are just two examples; there's also Xiaomi, which just launched its Mi Mix 2 in Spain with 2016's Android Nougat as the operating system.
Security

Bluetooth Hack Affects 20 Million Amazon Echo, Google Home Devices (thehackernews.com) 40

In September, security researchers discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. We have now learned that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities. The Hacker News reports: Amazon Echo is affected by the following two vulnerabilities: a remote code execution vulnerability in the Linux kernel (CVE-2017-1000251); and an information disclosure flaw in the SDP server (CVE-2017-1000250). Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android. Whereas, Google Home devices are affected by one vulnerability: information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785). This Android flaw can also be exploited to cause a denial-of-service (DoS) condition. Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack. The security firm [Armis, who disclosed the issue] notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.
Android

OnePlus 5T Featuring 6-inch AMOLED Display, 3.5mm Headphone Jack Launched (wired.com) 54

Chinese smartphone maker OnePlus, which has been lauded by consumers for offering phones with top-of-the-line specs at a reasonably affordable price range, on Thursday at an event in New York announced its newest flagship smartphone. Called the OnePlus 5T, the handset sports a 6.01-inch AMOLED screen (screen resolution 1080 x 2160) manufactured by Samsung in a body that is roughly of the same size as the 5.5-inch display-clad predecessor OnePlus 5. The secret sauce is, much like Samsung, LG and Apple, OnePlus has moved to a near bezel-less design. The company is not getting rid of the fingerprint scanner though, which it has pushed to the back side. The front-facing camera, additionally, OnePlus says, can be used to unlock the device. Other features include a 3,300mAh battery with the company's proprietary Dash Charge fast-charging tech (no wireless charging support -- the company says at present wireless charging doesn't really add much value to the device), top-of-the-line Qualcomm Snapdragon 835 processor with Adreno 540, 6GB of RAM with 64GB of storage (there is another variant of the phone which offers 8GB of RAM with 128GB of space). As for camera, we are looking at a dual 16-megapixel and 20-megapixel setup in the back. One more thing: the phone has a headphone jack and it runs Android 7.1 out of the box. The OnePlus 5T will go on sale in Europe, India, and the United States starting November 21st, with the base model priced at Euro 499, INR 32,999, and $499, respectively. The high-end variant is priced at Euro 559, INR 37,999, and $559. Wired has more details.
Chrome

Slashdot Asks: Have You Switched To Firefox 57? 566

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.
Android

UC Browser Mobile App Disappears From Google Play Store (medianama.com) 34

UC Browser, a popular mobile web browser owned by China's Alibaba Group, has mysteriously disappeared from the Google Play Store. The app was pulled from the Google Play Store on November 12, according to data from app analytics firm App Annie. Several users began inquiring about the app's whereabouts earlier this week on Reddit. It was not immediately clear why UC Browser had been pulled from Android's marquee app store. According to Twitter user Mike Ross, who claims to be a developer at Alibaba Group, Google pulled UC Browser from its store due to "misleading" and "unhealthy" promotional tactics used by the company to increase the install count of its app. UC Browser is still available to download on Apple's App Store, Amazon's Android store, and through company's official website. UC Browser Mini, a light version of the company's browser is notably still listed on Google Play. Though UC Browser is not a household name in the Western markets, the Alibaba's app is incredibly popular in markets such as India. It has been among the top six most downloaded apps from Google Play in India for the last two years, venture capitalist Mary Meeker noted in her yearly internet report in May this year. As of July, UC Browser had been installed more than 100 million times worldwide from Google Play Store.
Mozilla

Firefox Quantum Arrives With Faster Browser Engine, Major Visual Overhaul (venturebeat.com) 323

An anonymous reader writes: Mozilla today launched Firefox 57, branded Firefox Quantum, for Windows, Mac, Linux, Android, and iOS. The new version, which Mozilla calls "by far the biggest update since Firefox 1.0 in 2004," brings massive performance improvements and a visual redesign. The Quantum name signals Firefox 57 is a huge release that incorporates the company's next-generation browser engine (Project Quantum). The goal is to make Firefox the fastest and smoothest browser for PCs and mobile devices -- the company has previously promised that users can expect "some big jumps in capability and performance" through the end of the year. Indeed, three of the four past releases (Firefox 53, Firefox 54, and Firefox 55) included Quantum improvements. But those were just the tip of the iceberg. Additionally, Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work, the company said.
Android

OnePlus Phones Come Preinstalled With a Factory App That Can Root Devices (bleepingcomputer.com) 73

Catalin Cimpanu, writing for BleepingComputer: Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers. The app was discovered by a mobile security researcher who goes online by the pseudonym of Elliot Alderson -- the name of the main character in the Mr. Robot TV series. Speaking to Bleeping Computer, the researcher said he started investigating OnePlus devices after a story he saw online last month detailing a hidden stream of telemetry data sent by OnePlus devices to the company's servers.
The Almighty Buck

Uber Drivers In Lagos Are Using a Fake GPS App To Inflate Rider Fares (qz.com) 86

According to Quartz, some Uber drivers in Lagos have been using a fake GPS itinerary app called Lockito to illicitly bump up fares for local drivers. The app was initially created for developers to "test geofencing-based apps," but has been used by Uber drivers to inflate the cost of their trips. From the report: In some cases, inflated trips can cost riders more than double the rate they should be paying. "It's more like a parasite," says Mohammed, a driver for both Uber and Taxify in Lagos. "It sets the false GPS movement while allowing the phone also to keep track of its actual movement. The Uber app can't tell the difference between both so it just calculates both." When a driver uses Lockito for an Uber trip he or she can have the fake GPS running (and calculating a fake fare) from the pickup point to the drop off location, before the passenger has even got into the car. When the real trip starts, the real GPS starts running and calculating the actual fare. But at the end of the journey the fares from both trips (real and fake) are tallied up as one fare which the unsuspecting rider pays. Some drivers use Lockito to inflate fares by adding 1000 naira to 2000 naira extra (roughly $3 to $6) but some drivers are believed to inflate fares to exorbitant levels.
Android

Google To Kill a Bunch of Useful Android Apps That Rely On Accessibility Services (androidpolice.com) 105

Slashdot reader Lauren Weinstein writes from a blog: My inbox has been filling today with questions regarding Google's new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with "disabilities" (a term not defined by Google in the warning). Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided. "While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.)," reports Android Police. "LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API." It's likely Google is cracking down on apps that use Accessibility Services due to the security risks they pose. "Once granted the right permissions, the API can be used to read data from other apps," reports Android Police.
Cellphones

New Samsung Video Demos Linux on Galaxy Smartphones (liliputing.com) 100

Slashdot reader boudie2 tipped us off to some Linux news. Liliputing reports: Samsung's DeX dock lets you connect one of the company's recent phones to an external display, mouse, and keyboard to use your phone like a desktop PC... assuming you're comfortable with a desktop PC that runs Android. But soon you may also be able to use your Android phone as a Linux PC [and] the company has released a brief video that provides more details. One of those details? At least one of the Linux environments in question seems to be Ubuntu 16.04... While that's the only option shown, the fact that it does seem to be an option suggests you may be able to run different Linux environments as well.

Once Ubuntu is loaded, the video shows a user opening Eclipse, an integrated development environment that's used to create Java (and Android apps). In other words, you can develop apps for Android phones with ARM-based processors on an Android phone with an ARM-based processor.

Samsung promised in October that its Linux on Galaxy app will ultimately let users "run their preferred Linux distribution on their smartphones utilizing the same Linux kernel that powers the Android OS."
Android

CopperheadOS Fights Unlicensed Installations On Nexus Phones (xda-developers.com) 97

An anonymous reader writes: Earlier this week security-hardened Android build CopperheadOS temporarily blocked Nexus updates on its servers after finding out that other companies have been flashing the ROM onto Nexus phones and selling them commercially in violation of the CopperheadOS licensing terms. The incident highlights an inherent problem in getting open source to be used by the masses: the difficulty of organizations being able to build and monetize a successful, long-term open source business model...
"We've enabled over-the-air updates again," CopperheadOS tweeted Saturday, "to avoid impacting our remaining customers on Nexus devices and other legitimate users. However, downloads on the site will no longer be available and we'll be making changes to the update client for Nexus devices."

In an earlier series of tweets, they explained it's an ongoing issue. "It's not okay to disrespect our non-commercial licensing terms for those official builds by flashing and selling it on hundreds of phones... This is why we've been unable to sell access to Pixel images. There are people that are going to buy those and flash + sell devices in direct competition with us in violation of the licensing terms. Needing to deal with so many people acting in bad faith makes this difficult.

"It's not permitted for our official Nexus builds and yet that's what's happening. We do all of the development, testing, release engineering and we provide the infrastructure, and then competitors sell far more devices than us in violation of our licensing terms. Ridiculous."
Music

Ask Slashdot: Can You Convert Old iPods Into A Home Music-Streaming Solution? 118

Slashdot reader zhennian wants to stream music throughout his entire house, "and was hoping that with three old iPods I might be able to put together a centrally managed house-wide audio system." Ideally it would be possible to control what's playing from a central web interface using an app on an IOS or Android device. With the iPods already plugged into docking stations and on the home wifi network, I assume it should be possible.

A search of the Apple app store didn't bring up much and forking out $AUS400 for a Sonos One or equivalent seems wasted when I've already purchased iPod docks. Can anyone recommend an App that will still be compatible with old (ie. 2007) iPods and might do this?

Or is there a better cheap alternative? Leave your best answers in the comments. Can you convert old iPods into a home music-streaming solution?
Bug

Sex Toy Company Admits To Recording Users' Remote Sex Sessions, Calls It a 'Minor Bug' (theverge.com) 81

According to Reddit user jolioshmolio, Hong Kong-based sex toy company Lovense's remote control vibrator app (Lovense Remote) recorded a use session without their knowledge. "An audio file lasting six minutes was stored in the app's local folder," reports The Verge. "The user says he or she gave the app access to the mic and camera but only to use with the in-app chat function and to send voice clips on command -- not constant recording when in use." The app's behavior appears to be widespread as several others confirmed it too. From the report: A user claiming to represent Lovense responded and called this recording a "minor bug" that only affects Android users. Lovense also says no information or data was sent to the company's servers, and that this audio file exists only temporarily. An update issued today should fix the bug. This isn't Lovense's first security flub. Earlier this year, a butt plug made by the company -- the Hush -- was also found to be hackable. In the butt plug's case, the vulnerability had to do with Bluetooth, as opposed to the company spying on users.
Microsoft

Microsoft To Integrate 3rd-party Security Info Into Its Windows Defender Advanced Threat Protection Service (zdnet.com) 26

Microsoft is partnering with other security vendors to integrate their macOS, Linux, iOS, and Android security wares with its Windows Defender Advanced Threat Protection (ATP) service From a report: Microsoft has announced the first three such partners: Bitdefender, Lookoutm and Ziften. These companies will feed any threats detected into the single Windows Defender ATP console. With Defender ATP, every device has its own timeline with event history dating back up to six months. According to Microsoft, no additional infrastructure is needed to onboard events from macOS, Linux, iOS and/or Android devices. Integration with Bitdefender's GravityZone Cloud -- which allows users to get macOS and Linux threat intelligence on malware and suspicious files -- is in public preview as of today. A trial version is available now. Integration with Lookout's Mobile Endpoint Security for iOS and Android and Ziften's Zenith systems and security operations platform for macOS and Linux will be in public preview "soon," Microsoft's blog post says.
Windows

Windows 10's Version of AirDrop Lets You Quickly Share Files Between PCs (theverge.com) 108

Microsoft is testing its "Near Share" feature of Windows 10 in the latest Insider build (17035) today, which will let Windows 10 PCs share documents or photos to PCs nearby via Bluetooth. The Verge reports: A new Near Share option will be available in the notification center, and the feature can be accessed through the main share function in Windows 10. Files will be shared wirelessly, and recipients will receive a notification when someone is trying to send a file. Microsoft's addition comes just a day after Google unveiled its own AirDrop-like app for Android.
Chrome

Chrome Update Kills Annoying Redirects and Trick-To-Click Popups (androidcentral.com) 41

Google is releasing updates to Chrome 64 and Chrome 65 to put a halt to page redirects and trick-to-click popups. The update is coming to both the desktop and Android apps. Android Central reports: With Chrome 64, every redirect from a third-party iframe will show an info bar instead of sending you off to some other page. This way we can decide if we want to navigate away or stay on the page we're looking at. If we're interacting with an iframe, like clicking an embedded YouTube video to open it on YouTube in a new tab, the request goes through as normal -- this only applies to things you didn't click and didn't expect to send you off. We can get more than we asked for when we are interacting with a web page, too. Google has two things planned that should help. With Chrome 65, websites that try to circumvent Chrome's pop-up blocker by opening a new tab for a thing you clicked while navigating the original tab to some other page will be blocked with the same style of info bar. This gives us the choice of taking a look versus being forced. Some abusive experiences are harder to autodetect, but Google plans to use the same type of data as its Safe Browsing feature to kill off deceptive page elements.
Software

A Huge Redesign Is Coming To Snapchat (theverge.com) 42

One of the more interesting tidbits from today's earnings letter to Snap investors is the development of a new user-interface for Snapchat. Snap CEO Evan Spiegel said: "One thing we have heard over the years is that Snapchat is difficult to understand or hard to use, and our team has been working on responding to this feedback." He confirms that a redesigned, easier-to-use Snapchat is coming. The Verge reports: And it sounds like whatever's on the way is far bigger than just some minor user experience tweaks. Spiegel says that "there is a strong likelihood that the redesign of our application will be disruptive to our business in the short term, and we don't yet know how the behavior of our community will change when they begin to use our updated application." Rethinking the way Snapchat works could certainly open the app to a huge audience of new users. Spiegel is right in calling out the usability complaints; Snap had to include a manual for using Snapchat in its IPO filing, which is a good indicator that it's not the most intuitive software in the world. But as Spiegel warms, drastic changes could also alienate some users and undercut Snap's cool factor. If you've taken the time to learn every corner of the app and master its tricks, you get it. Now, all of that is likely going to change. The earnings letter didn't give a release date for the new, improved Snapchat. The company's third quarter earnings report also revealed $39.9 million in losses stemming from unsold Spectacles. The camera-equipped glasses accounted for about 9% of Snap's losses in the quarter.
Stats

No, the Linux Desktop Hasn't Jumped in Popularity (zdnet.com) 187

An anonymous reader quotes ZDNet: Stories have been circulating that the Linux desktop had jumped in popularity and was used more than macOS. Alas, it's not so... These reports have been based on NetMarketShare's desktop operating system analysis, which showed Linux leaping from 2.5 percent in July, to almost 5 percent in September. But unfortunately for Linux fans, it's not true... It seems to be merely a mistake. Vince Vizzaccaro, NetMarketShare's executive marketing share of marketing told me, "The Linux share being reported is not correct. We are aware of the issue and are currently looking into it"...

For the most accurate, albeit US-centric operating system and browser numbers, I prefer to use data from the federal government's Digital Analytics Program (DAP). Unlike the others, DAP's numbers come from billions of visits over the past 90 days to over 400 US executive branch government domains... DAP gets its raw data from a Google Analytics account. DAP has open-sourced the code, which displays the data on the web and its data-collection code... In the US Analytics site, which summarizes DAP's data, you will find desktop Linux, as usual, hanging out in "other" at 1.5 percent. Windows, as always, is on top with 45.9 percent, followed by Apple iOS, at 25.5 percent, Android at 18.6 percent, and macOS at 8.5 percent.

The article does, however, acknowledge that Linux's real market share is probably a little higher simply because "no one, not even DAP, seems to do a good job of pulling out the Linux-based Chrome OS data."
Software

Fake WhatsApp App Downloaded 1 Million Times (fortune.com) 51

An anonymous reader quotes Fortune: Reddit users yesterday spotted an extremely convincing spoofed copy of the popular WhatsApp messenger on Google Play. The fake was downloaded by more than 1 million users, who instead of a messaging tool wound up with a bundle of ads... The fake WhatsApp was nearly indistinguishable from the real thing thanks to an invisible space placed at the end of the developer's name.

One of the security hounds discussing the case on Reddit pointed out that this was not an isolated incident, even for WhatsApp. A search for "WhatsApp" on Google Play currently shows no fewer than seven spoof apps using slight variations on the developer name "WhatsApp Inc.", including versions with extra spaces, asterisks, or commas. All of them have four-star review averages, presumably thanks to industrial-scale subversion of Play's review system.

Google

Some Google Pixel 2 XL Units Shipped Without an Operating System (androidpolice.com) 34

Corbin Davenport, writing for AndroidPolice: Some Pixel 2 XL units are being shipped without Android properly installed. Obviously, the phone can't boot without the OS. It may be possible to flash a factory image, since fastboot is supposed to allow signed images to be flashed with the bootloader still locked, but the affected phones could have other problems that prevent this from working. The company confirmed the veracity of the story, but did not share more details. It said, however, that the issue had been resolved.

Slashdot Top Deals