Connexion
Enlarge / I have hundreds of UUIDs and I must scream. (credit: Getty Images)
The modern "smart" TV asks a lot of us. In exchange for connecting you to a few streaming services you use, a TV will collect data, show ads, and serve as another vector for bad actors. In a few reported cases, though, a modern connected TV has been blamed for attacks not on privacy, eyeballs, or passwords but on an entirely different computer.
The TV in question is a Hisense TV, and the computer is a Windows PC, specifically one belonging to Priscilla Snow, a musician and audio designer in Montreal, Quebec. Her post about her Hisense experience reads like a mystery novel. Of course, because you already know the crime and the culprit, it's more like a Columbo episode. Either way, it's thrilling in a very specific I-can't-believe-that-fixed-it kind of way.
Snow's Windows PC had "a few hiccups over the past couple of years," Snow wrote on April 19. She couldn't open display settings, for one. A MIDI keyboard interface stopped working. Task manager would start to hang until force-closed. Video-capture cards had trouble connecting. As Snow notes, any veteran of a Windows computer that has had lots of stuff installed on it can mentally write off most of these things, or at least stash them away until the next reinstall.
Epic Games has filed a proposed injunction that would stop Google from restricting third-party app distribution outside Google Play Store on Android devices after proving that Google had an illegal monopoly in markets for Android app distribution.
Epic is suggesting that competition on the Android mobile platform would be opened up if the court orders Google to allow third-party app stores to be distributed for six years in the Google Play Store and blocks Google from entering any agreements with device makers that would stop them from pre-loading third-party app stores. This would benefit both mobile developers and users, Epic argued in a wide-sweeping proposal that would greatly limit Google's control over the Android app ecosystem.
US District Court Judge James Donato will ultimately decide the terms of the injunction. Google has until May 3 to respond to Epic's filing.
Enlarge (credit: Getty Images)
Crooks are working overtime to anonymize their illicit online activities using thousands of devices of unsuspecting users, as evidenced by two unrelated reports published Tuesday.
The first, from security firm Lumen, reports that roughly 40,000 home and office routers have been drafted into a criminal enterprise that anonymizes illicit Internet activities, with another 1,000 new devices being added each day. The malware responsible is a variant of TheMoon, a malicious code family dating back to at least 2014. In its earliest days, TheMoon almost exclusively infected Linksys E1000 series routers. Over the years it branched out to targeting the Asus WRTs, Vivotek Network Cameras, and multiple D-Link models.
In the years following its debut, TheMoon’s self-propagating behavior and growing ability to compromise a broad base of architectures enabled a growth curve that captured attention in security circles. More recently, the visibility of the Internet of Things botnet trailed off, leading many to assume it was inert. To the surprise of researchers in Lumen’s Black Lotus Lab, during a single 72-hour stretch earlier this month, TheMoon added 6,000 ASUS routers to its ranks, an indication that the botnet is as strong as it’s ever been.
Enlarge / The Android 15 logo. This is "Android V," if you can't tell from the logo. (credit: Google)
It's that time of year again. Android is going to start its ~8-month-long beta process with the release of a new major OS version. The Android 15 Developer Preview is out today for the Pixel 6, 7, and 8, Pixel Fold, and Pixel Tablet. This release should mark the end of major OS support for the Pixel 5 and 5a series.
So what's new? It's hard to know too much with only the simple text descriptions we're getting, but we have a few bullet points. "Partial screen sharing" will let users share or record individual app windows instead of the entire screen. Phones don't have much of a difference between an app window and a full screen, but it would be nice if this blocked incoming notifications from showing up on your screen share. It would also be nice for tablets.
Android is surfacing an API that supports the Linux kernel's fs-verity feature. This will let you store a read-only file on a read-write file system and cryptographically sign it to ensure it hasn't been maliciously tampered with. Google apparently wants app developers to use this, saying, "This leads to enhanced security, protecting against potential malware or unauthorized file modifications that could compromise your app's functionality or data."
If Google sticks to the usual cadence of device releases, the Google Pixel 9 will come out in around nine months. That's a long way away, but still not so far away that it can't be leaked: the ever-reliable Steve Hemmerstoffer, aka OnLeaks, has a set of Pixel 9 Pro renders up over at MySmartPrice. Usually, these renders are based on the CAD files that accessory designers need before they can begin making products, so while all the major components should be correct down to the millimeter, the materials, colors, and some small details may be speculative.
There are a lot of differences in these renders. First, the renders show a flat metal band around the sides, making it look a lot like an iPhone. Samsung also adopted this design for the Galaxy S24 and S24 Plus, so everyone seems to want to look just like their biggest rival. This allows the front and back of the phone to be completely flat slabs of glass, instead of the rounded glass back of the Pixel 8. The screen is also completely flat again.
The other major visible difference is the camera bar, which used to stretch from side to side across the back of the phone, but now is a floating bar that isn't connected to the sides. That makes the camera bar closer to the Pixel Fold design. The Pixel Fold camera bar was a rounded rectangle, but this is a full-on pill shape, which, in these renders, follows the shape of the camera glass cover. Besides the camera lenses, the bar has an LED flash and a second mystery sensor circle. On the Pixel 8, the circle under the LED is a temperature sensor. I feel like the temperature sensor has been either panned or forgotten about, so it wouldn't surprise me to see it cut, but the realities of the smartphone development cycle might make it too early for that.
Enlarge (credit: Getty Images)
In 1921, Czech playwright Karel Čapek and his brother Josef invented the word "robot" in a sci-fi play called R.U.R. (short for Rossum's Universal Robots). As Even Ackerman in IEEE Spectrum points out, Čapek wasn't happy about how the term's meaning evolved to denote mechanical entities, straying from his original concept of artificial human-like beings based on chemistry.
In a newly translated column called "The Author of the Robots Defends Himself," published in Lidové Noviny on June 9, 1935, Čapek expresses his frustration about how his original vision for robots was being subverted. His arguments still apply to both modern robotics and AI. In this column, he referred to himself in the third-person:
For his robots were not mechanisms. They were not made of sheet metal and cogwheels. They were not a celebration of mechanical engineering. If the author was thinking of any of the marvels of the human spirit during their creation, it was not of technology, but of science. With outright horror, he refuses any responsibility for the thought that machines could take the place of people, or that anything like life, love, or rebellion could ever awaken in their cogwheels. He would regard this somber vision as an unforgivable overvaluation of mechanics or as a severe insult to life.
This recently resurfaced article comes courtesy of a new English translation of Čapek's play, called R.U.R. and the Vision of Artificial Life, accompanied by 20 essays on robotics, philosophy, politics, and AI. The editor, Jitka Čejková, a professor at the Chemical Robotics Laboratory in Prague, aligns her research with Čapek's original vision. She explores "chemical robots"—microparticles resembling living cells—which she calls "liquid robots."
The OnePlus 12. [credit: OnePlus ]
OnePlus previously announced the OnePlus 12 flagship smartphone in December, but now it's getting a US release and pricing. The phone ships on February 6 in the US and Canada with an $800 price tag. OnePlus is also bringing the rather interesting OnePlus 12R to the US, a 6.8-inch device running last year's flagship Qualcomm chip, the Snapdragon 8 Gen 2, for $500.
$800 is a pretty good price for a flagship phone. Samsung's 6.8-inch flagship is the $1,300 Galaxy S24. The Pixel 8 Pro is $1,000, so OnePlus is undercutting the competition quite a bit. As we said, this device was already announced in December, but the highlights are an impressive 5400 mAh battery and super fast charging. The phone has 80 W proprietary wired charging in the US and 100 W internationally, while wireless charging is 50 W. OnePlus says 80 W is still fast enough to go from 1 percent to 100 percent in 30 minutes. OnePlus only promises an IP65 dust and water resistance rating, so it's not submergible, which is worse than most flagships. Other than that, it's a lot of normal flagship things: a 6.82-inch, 3168×1440 120 Hz OLED that—unlike Samsung and Google—is still curved, a Snapdragon 8 Gen 3, and too many cameras.
The 24GB of RAM/1TB of storage spec apparently isn't coming to the US—the $800 model is 12GB of RAM and 256GB of storage, and there's a single higher tier of 16GB of RAM and 512GB of storage for $900. The white color is also not arriving here. You get black for $800, with the $900 model arriving in black or green.
Enlarge / Jelly Bean is back! (credit: Andrew Cunningham)
It sure looks like Android 15 is going to have lock screen widgets. The Android 14 QPR2 beta landed the other day, and Mishaal Rahman over at Android Authority found a hidden unfinished feature that brings back lock screen widgets. We've expected this to happen since Apple's big lock screen widget release with iOS 16.
Rahman found a new "communal" space feature that resembles lock screen widgets. After enabling the feature and swiping in from the right of the lock screen, a pencil icon will pop up. Tapping the icon opens up a widget list, allowing you to move some widgets to the lock screen. Right now, in this unfinished state, the default lock screen clock and notification panel UI don't know how to get out of the way yet, so you get a pile of widgets with the usual lock screen UI on top. It's a mess.
Any time one smartphone operating system does something, the other tends to copy it, and iOS added lock screen widgets in 2022. Two years later is plenty of time for Google to adjust and copy the feature. The thing is, Android added lock screen widgets in 2012 with Android 4.2. Google removed the feature two years later in Android 5.0, so really, this is Android copying iOS copying Android. Some of this code is apparently making a comeback, as all the widgets available to the lock screen were ones that still had the 10-year-old "keyguard" flag set for Android 4.2.
The Oppo Find X7 Ultra features some faux leather and a really big camera bump. [credit: Oppo ]
Oppo's newest flagship is the Find X7 Ultra. This phone's claim to fame is having two periscope camera lenses on the back. Like most Oppo phones, this will land in China first, probably Europe later, and won't come to the US.
The X7 Ultra is all about photography, with four 50 MP sensors on the back. Periscope camera No. 1 is a 50 MP 3x telephoto that uses a 1/1.56-inch Sony IMX890 sensor. Oppo says "this sensor is roughly three times larger than the equivalent cameras in key competitor systems, and is the biggest telephoto sensor in any smartphone." Periscope No. 2 is a 6x telephoto with a 50 MP, 1/2.51-inch Sony IMX858 sensor—so more zoom, but less image quality. The main camera is Sony's top-of-the-line LYT-900 1-inch sensor, and the wide-angle is a 50 MP Sony LYT-600 sensor.
Packing all these large cameras onto the back results in a big camera bump. Despite the phone being a normal-sized 6.8-inch device, the camera takes up about a third of the back, and it almost looks like you'll be touching it when you're naturally holding the phone.
Enlarge / Qualcomm's XR reference device. (credit: Qualcomm)
The Apple Vision Pro is coming out sometime in early 2024, and since it is a VR/AR headset that runs iOS apps, Team Android would like to have a competitor available. Samsung, Google, and Qualcomm vaguely announced a mixed-reality partnership a year ago, which would have Qualcomm building chips, Google building software, and Samsung shipping products. Step 1 of this partnership has been announced: The Qualcomm Snapdragon XR2+ SoC, which will power many of these headsets from Samsung and others.
Perhaps more interesting than the individual specs of Qualcomm's chip is all the partner talk surrounding the launch. Samsung says it's "thrilled to collaborate with Qualcomm Technologies and Google in revolutionizing the mobile industry once more" and promises a "best-in-class XR experience for Galaxy users." Google is promising an "immersive and spatial XR" experience based on Android. Qualcomm is making a reference headset design based on the chip and says at least five companies have hardware in development, including Samsung, Google, HTC, Immersed, and Play for Dream.
A few specs for the XR2+ Gen 2 (credit: Qualcomm)
The XR2+ Gen 2 is an upgrade over the XR2 Gen 2 (non-plus) that came out in 2023 and shipped in the Meta Quest 3. The most significant difference is a bump in resolution, with the plus model supporting "4.3K" resolution per eye at 90 fps. The old chip only did 3K by 3K. The resolution of these headsets is critical, not just because games will look nicer, but if you're trying to display a virtual desktop and read text, you're pushing the resolution limits of current headsets.
Enlarge / The Galaxy S24 render from OnLeaks. This sure does look familiar. (credit: OnLeaks×SmartPrix)
Samsung is gearing up to launch its next big flagship smartphone, the Galaxy S24. The show has officially been announced for January 17, with Samsung's reservation website promising "Zoom with Galaxy AI is coming." Of course, 2023 was the year of generative AI, and Samsung's interest in the technology is a safe bet.
The show will launch the Galaxy S24, which has already leaked quite a bit, with the big news being a new titanium body. The iPhone made titanium the hot new thing recently with the launch of the iPhone 15, and Samsung has taken notice. The best leak so far has been from Windows Report, which scored official press images of the phones. (The report is no longer online due to a DMCA takedown, which is a good sign of its legitimacy.)
The Windows Report photos showed the smaller Galaxy S24 and S24 Plus are getting flat metal sides, reminiscent of the classic iPhone 4/iPhone 15 design. Samsung's usual design of rounded corners and individual camera lenses complete the phone design, and while they look nice, they also look a lot like an iPhone. Older leaks claimed these two cheaper phones were getting titanium bodies, but well-known Samsung leaker Ice Universe says only the bigger model will be titanium, and these cheaper models will be aluminum.
Enlarge / The dream of everybody having blue bubbles, and epic photos of perfectly digestible meals, as proffered by Beeper. (credit: Beeper)
A friend of mine had been using Beeper's iMessage-for-Android app, Beeper Mini to keep up on group chats where she was the only Android user. It worked great until last Friday, when it didn't work at all.
What stung her wasn't the return to being the Android interloper in the chats again. It wasn't the resulting lower-quality images, loss of encryption, and strange "Emphasized your message" reaction texts. It was losing messages during the outage and never being entirely certain they had been sent or received. There was a gathering on Saturday, and she had to double-check with a couple people about the details after showing up inadvertently early at the wrong spot.
That kind of grievance is why, after Apple on Wednesday appeared to have blocked what Beeper described as "~5% of Beeper Mini users" from accessing iMessages, both co-founder Eric Migicovksy and the app told users they understood if people wanted out. The app had already suspended its plans to charge customers $1.99 per month, following the first major outage. But this was something more about "how ridiculously annoying this uncertainty is for our users," Migicovsky posted.
Enlarge / The 2023 Cadillac Lyriq had an extremely good CarPlay implementation. But that's gone from GM EVs for MY2024 onward. (credit: Jonathan Gitlin)
Few things have improved the state of in-car infotainment more than the advent of the phone casting interfaces from Apple and Google. Apple CarPlay and Android Auto let you run navigation or audio apps on your phone and interact with them via the car's native infotainment screen, avoiding the need to handle your phone while driving.
That's why General Motors' decision to ditch CarPlay and Android Auto from new EVs from model year 2024 onward has been greeted with such dismay.
GM has rolled out a new infotainment platform across its new electric vehicles called Ultifi. Built on the Android Automotive OS—not to be confused with the Android Auto phone casting system—a build we used in a model year 2023 Cadillac Lyriq featured the most complete implementation of CarPlay we've yet experienced, making GM's decision to ditch the systems even more frustrating.
Enlarge / Close up of hand holding smartphone and screen applications with unlocking mobile phones. Concept of technological safety. (credit: Getty Images)
By now, you’ve probably heard about a vulnerability named AutoSpill, which can leak credentials from any of the seven leading password managers for Android. The threat it poses is real, but it’s also more limited and easier to contain than much of the coverage to date has recognized.
This FAQ dives into the many nuances that make AutoSpill hard for most people (yours truly included) to understand. This post wouldn't have been possible without invaluable assistance from Alesandro Ortiz, a researcher who discovered a similar Android vulnerability in 2020.
Q: What is AutoSpill?
The OnePlus 12. [credit: OnePlus ]
The OnePlus is doing its usual early flagship launch in China. The OnePlus 12 is official there but won't be released in the US until 2024. We can still fire up Google Translate and go over it, though.
This will be one of the first devices on the market with the Snapdragon 8 Gen 3, Qualcomm's new SoC for 2024. This uses an Arm Cortex X4 CPU and a novel 1:5:2 core arrangement, all built on a 4 nm process. That's one big X4 core, five "medium" A720 cores, and two A530 cores for background processing. The base model has 12GB of RAM and 256GB of storage, while higher tiers will let you go up to 24GB of RAM and 1TB of storage. The phone is only IP65 rated for dust and water resistance; in other words, it can't be submerged in water like most other flagships.
The battery is getting a big boost beyond the usual 5000 mAh capacity phones have been stuck at for years and is now up to 5400 mAh. The Chinese version has 100 W wired quick charging (this will probably be downgraded to 80 W in the US) and sees the return of 50 W wireless charging. Both will need proprietary OnePlus chargers. The display is a 6.82-inch, 3168×1440 120 Hz OLED that can hit 4,500 nit peak brightness. Unlike some other flagships that are dumping curved displays, this one is still curved.
Enlarge / The enhanced edition trilogy includes Grand Theft Auto 3, Grand Theft Auto Vice City, and Grand Theft Auto San Andreas. (credit: Rockstar Games)
Netflix subscribers will be able to play the three original 3D Grand Theft Auto games on iOS and Android starting in December, according to a blog post from the streamer.
The titles included are 2001's Grand Theft Auto III, 2002's Grand Theft Auto: Vice City, and 2004's Grand Theft Auto: San Andreas.
All three released initially on the PS2 and Xbox. The first 3D entry in the series, Grand Theft Auto III, was a crossover cultural sensation when it debuted, and it is credited as one of the main originators of the open-world genre, which remains one of the most popular genres in triple-A games to this day.
Enlarge / The Downloader app that was suspended from Google Play. (credit: Elias Saba)
App developer Elias Saba has had some bad luck with Digital Millennium Copyright Act (DMCA) takedowns. His Android TV app Downloader, which combines a web browser with a file manager, was suspended by Google Play in May after several Israeli TV companies complained that the app could be used to load a pirate website.
Google reversed that suspension after three weeks. But Downloader has been suspended by Google Play again, and this time the reason is even harder to understand. Based on a vague DMCA notice, it appears that Downloader was suspended simply because it can load the Warner Bros. website.
Downloader is similar to standard web browsers in that it lets users access both legal and illegally shared content. The app can be used for general web surfing and can download files from a website when a user inputs the desired URL. According to Saba, the app itself contains no infringing content, nor does it direct users to infringing content.
Enlarge / Resident Evil Village runs just well enough on the iPhone 15 Pro Max. (credit: Samuel Axon)
Look, if you're going to play AAA and core games, you probably want to play on a gaming PC or a console. Let's just get that right out of the way.
That said, Apple was trying to sell the potential of triple-A gaming on the iPhone 15 Pro this fall, and it's not impossible to imagine.
A small selection of titles, including Resident Evil 4, Death Stranding, and Assassin's Creed Mirage, are planned for the device. There's some question as to whether battery life and thermal realities will make this practical, but the buzz has been enough that people have been asking me about it—including some friends, significant others, and parents to gamers who are doing some holiday shopping and want to make sure they get the right phone for their person.
Enlarge / The Nothing Phone 2 all lit up. (credit: Ron Amadeo)
Can an Android OEM really just hack its way into Apple's iMessage? That is the hard-to-believe plan from upstart phone manufacturer "Nothing," which says the new "Nothing Chats" will allow users to use "iMessage on Android" complete with a blue bubble sent to all their iPhone friends.
Nothing Chat will be powered by Sunbird, an app developer that has claimed to be able to send iMessage chats for about a year now, with no public launch. According to a Washington Post article with quotes from the CEOs of Nothing and Sunbird, Nothing will "start" rolling out "an early version" of Nothing Chats with iMessage compatibility on Friday. The only catch, supposedly, is that you'll need a Nothing Phone 2.
Is this for real or a publicity stunt? Apple is on record saying that iMessage on Android would only serve to weaken Apple, and it doesn't want to do that. Surely, any Android OEM offering "iMessage" support would immediately have the project shut down by Apple.
Enlarge (credit: Getty Images / What Hi-Fi Magazine)
Amazon has been working on an in-house replacement for its Android-based Fire OS, codenamed "Vega" and built for easier app development, according to reporting from Janko Roettgers at Lowpass.
Based on job listings, multiple sources, forum posts, and unguarded LinkedIn boasts, Roettgers writes that Amazon has been working on Vega since at least 2019, is mostly done with the core development, and is now focused on an SDK and developer outreach. Vega would replace the Fire OS that is installed on Fire TV sticks and televisions, Kindle Fire tablets, and other Amazon devices. Vega, based on "a flavor of Linux," uses the popular JavaScript-based React Native as an application framework. This could simplify development for Fire devices alongside other React-ready platforms, including smartphones, desktops, and other smart TVs.
Fire OS is a fork of Android based on the Android Open Source Project (AOSP), but it's far from the same thing. The Fire Max 11, a 2023 device, is running Fire OS 8, which is based on Android 11, released in 2020. As Roettgers points out, Fire TVs sold in 2023 are based on Android 9, from 2018. While an Android base provides a relatively familiar entry for developers that already have Android apps, rebuilding the AOSP project—meant to support a wealth of different devices and carrying years of technical debt—seemingly became frustrating enough for Amazon to push toward an in-house solution.
Enlarge (credit: Aurich Lawson)
It's the start of November, and that means a new Android security patch. Google claims this one is fixing a high-profile Android 14 storage bug that was locking some people out of their devices. The November Security Bulletin contains the usual pile of security fixes, while consumer-oriented Pixel patch notes list a few user-facing changes. The important line is "Fix for issue occasionally causing devices with multiple users enabled to show out of space or be in a reboot loop." A footnote points out that this is for the "Pixel 6, Pixel 6a, 6 Pro, 7, 7 Pro, 7a, Tablet, Fold, Pixel 8, Pixel 8 Pro."
We're on about day 33 of the Android 14 storage bug. For devices with multiple users set up, there is some kind of storage issue that is locking users out of their device. Some are completely unusable, with the phone bootlooping constantly and never reaching the home screen. Others are able to boot up the device but don't have access to lock storage, which causes a huge amount of issues. Some users likened the bug to "ransomware," a type of malware that encrypts your local storage and then demands money for your data. One fix is to completely erase your device with a factory reset, but a lot of users don't want to do that.
The earliest reports of this started just days after the October 4 launch date. Google usually rolls updates out slowly so it can pull them if issues like this pop up to minimize damage. That didn't happen here, though. Google failed to respond quickly to initial reports and just let the bug roll out to everyone. Some people even report being freshly hit with the bug just four days ago because Google 1) let the update roll out without stopping it and 2) can't patch its software quickly enough. The biggest issue tracker thread on this bug is up to 1,000-plus likes and 850 comments of people locked out of their devices, and it took two separate rounds of news coverage for Google to acknowledge the bug after about 20 days.
Enlarge / Behold, a collection of apps we love. (credit: Oscar Wong / Getty Images)
Todoist basically runs my life—but that's OK, because it's a very well-designed app. There are a ton of to-do apps on the iPhone, but I went with this one because it's very flexible.
For example, yeah, you can see a top-to-bottom to-do list like with many others, but you can view that same data as a Trello-like Kanban board, too.
I've also found that Todoist is better at understanding natural language settings for projects, times, and so on than a lot of other to-do apps, so, for example, I can type "Edit next article at 2 pm on Tuesday #ArsTechnica" to add a to-do within the Ars Technica project with a due time of 2 pm on the following Tuesday. A lot of to-do apps support that, but I feel Todoist does it best.
Enlarge / The square one is the S23 Ultra; the other two are the S23 and S23 Plus. (credit: Samsung)
Samsung is getting Android 14 out the door in record time. SamMobile spotted that the operating system update is rolling out now to European users with the Galaxy S23, S23 Plus, and S23 Ultra. If past timelines are any indication, US users should get the update in the next week or so once Samsung huddles up with your cellular carrier.
Android 14 came out for Pixel phones on October 4, so Samsung is releasing the OS in under a month. That is easily a new record for the company and a huge improvement over the usual multi-month wait. Like previous years, Samsung started a beta program for the new Android release about a month before Google's official release. Is this increased speed the result of Google's constant work to make Android easier to upgrade or just a side effect of Android 14 also being one of the smaller releases in recent years?
In Samsung land, Android 14 is called "One UI 6" and also comes with a range of Samsung UI changes. Apparently, the quick settings have been redesigned, and there are a lot of changes to the camera and photo editing experience. For now, the first release is for users of Samsung's latest flagship, but eventually, the update will hit devices from the last three years. For S23 users on Android 13, expect about a 3GB download.
Enlarge (credit: Google)
So Android 14 has this pretty horrible storage bug for upgrading users. If you have multiple user accounts on your device, upgrading to Android 14 can actually lock you out of the device's local storage, which creates an incredible number of problems that are all pretty similar to getting hit with device-encrypting "ransomware" malware. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds of reports for 10 days without an acknowledgement or fix promised by Google.
Apparently one more round of news reports was enough to get the gears moving at Google. Over the weekend the Issue tracker bug has been kicked up from a mid-level "P2" priority to "P0," the highest priority on the issue tracker. The bug has been assigned to someone now, and Googlers have jumped into the thread to make official statements that Google is looking into the matter. Here's the big post from Google on the bug tracker:
We are aware of an issue occurring on some Pixel devices (Pixel 6 and later models) that have both received the Android 14 update and have multiple users (other than the primary user) set up. Multiple users include users, guests, restricted profiles, and child users. However, it does not include having more than one Google account within the primary user or work profiles.
Depending on the device, this issue can result in the primary user being unable to access media storage. Alternatively, the issue can reboot the device with a “Factory data reset” message. If this message is accepted, data that is not backed up can be lost, and if it is declined, the device repeatedly reboots with the “Pixel is starting” message.
We’re continuing to work on fixes for impacted devices, and have already pushed out a Google Play system update that will help prevent this issue from being triggered on additional devices. To check if a Google Play system update is available for your device, follow the instructions in this Help Center article.
If you’re experiencing this issue: If your impacted device is unable to access media storage, we anticipate a system update will repair the issue and restore access to media files without requiring a factory reset. If your device is stuck in a "Pixel is starting" boot loop due to this issue, we are investigating methods that may be able to recover some data. We’ll provide more information as soon as it is available.
For users who are not experiencing this issue, or have already factory reset their device, we recommend avoiding creating or logging into a secondary user on the device until the OTA update is available.
We're sorry for the inconvenience this has caused, and we appreciate your patience.
The highlights here are that Google says the bug affects devices with multiple Android users, not multiple Google accounts or (something we thought originally) users with work profiles. Setting up multiple users means going to the system settings, then "Multiple users," then "Allow multiple users," and you can add a user other than the default one. If you do this, you'll have a user switcher at the bottom of the quick settings. Multiple users all have separate data, separate apps, and separate Google accounts. Child users are probably the most popular reason to use this feature since you can lock kids out of things, like purchasing apps.
(credit: Aurich Lawson)
Android 14 has a nasty storage bug that seems to be affecting users of the "multiple profiles" feature. The bug is about as bad as you can get, with users having "unusable" devices due to getting locked out of device storage. A few users are likening the experience to getting hit with "ransomware."
Earlier reports had this bug limited to the Pixel 6, but Google seemed to ignore those reports, and now with a wider rollout, this does not seem device-specific. Everything upgrading to Android 14 this early seems to be affected: Pixel 6, 6a, 7, 7a, Pixel Fold, and Pixel Tablet.
The Google issue tracker for this is now up to over 350 replies and has had no response from Google. The bug is languishing at only the medium "P2" priority (P0 is the highest) and remains "unassigned," meaning, assuming the tracker is up to date, no one is looking into it.
The guts of the Pixel 8 Pro, once the cooling pad has been removed. Check out that sweet Google logo! [credit: iFixit ]
The Pixel 8 Pro has been out for a few days now, and iFixit got hold of one for a teardown on its YouTube channel.
Opening it up doesn't seem much different from last year. Step one is getting past all the phone glue, which involves heating up the screen, pulling the screen away from the body with a suction cup, and cutting the glue around the edge with a soft pick. iFixit says the adhesive was "easier to get into [than that in the iPhone] 15 Pro Max." Unlike the iPhone 15 design, though, the Pixel 8 Pro only opens from one side, so you'll most likely have to remove every single part in the phone to swap out the back.
The guts of the phone look just like the Pixel 7 Pro, but Google has started to pick up on a few of Apple's tendencies to make the phone's insides look nice. This year the battery is cleanly branded "Google," whereas last year it was just covered in manufacturer information and warnings. Of course, you'll only see this after you peel off the graphite cooling pad, which, for the second year in a row, has seen a big increase in area; it now covers about 60 percent of the battery. The Pixel phone runs a "Tensor" SoC made in partnership with Samsung, so more cooling will definitely help.
The OnePlus Open is super light and has a giant camera bump. [credit: OnePlus ]
OnePlus' first foldable is the "OnePlus Open," a new device that launches October 26 in the US for $1,699. This is a tablet-style foldable with a 7.82-inch, 120 Hz, 2440×2268 OLED display on the inside and a 6.31-inch, 120 Hz, 2484×1116 OLED on the front.
Size and weight are a big concern for foldables since they are a lot to carry around and fit into a pocket. OnePlus is tackling that with a very impressive 239 g weigh-in—that's less than an iPhone 14 Pro Max, which sets a high point for slab phones at 240 g. On the heavier end of foldables, we have the Pixel Fold, which has a smaller screen (7.6 inches) yet weighs 283 g. The OnePlus Open is 11.7 mm thick when folded up, another impressively compact number for foldables compared to the Pixel Fold (12.1 mm) and Galaxy Fold 4 (15.8 mm).
The battery hasn't been sacrificed to hit these compact numbers, either. At 4805 mAh, it's on par with the Pixel Fold and more than the Galaxy Fold 4 (4400 mAh). Of course, because this is a OnePlus device, it will charge faster than most other foldables, with proprietary 67 W "SuperVOOC" charging. Foldables can burn down their battery pretty quickly, but that's less of a concern when the battery charges from 1 to 100 percent in 42 minutes.
Enlarge / Google's new malware scanner for sideloaded apps. (credit: Google)
The Google Play Store might not be perfect for stopping Android malware, but its collection of scanning, app reviews, and developer requirements makes it a lot safer than the wider, unfiltered Internet. The world outside Google's walled garden has no rules at all and offers a countless number of questionable apps available for sideloading. To help combat the surge of sideloaded malware, Google Play can now pop up a malware scanner at install time if it decides the app you're trying to sideload is interesting.
Google Play's malware system, called "Google Play Protect," has always been able to check sideloaded apps for malware, but it used faster techniques like a definition file, and this happened quietly in the background. This new technique will delay your app installation with a full-screen "scanning" interface while Google runs a deep scan of the app code. Google's blog post says this is "real-time scanning at the code-level to combat novel malicious apps" and that Google Play Protect can "recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats."
The scan will involve sending bits and pieces of the app to Google for analysis. Google says:
Enlarge (credit: gremlin via Getty Images)
When you buy a TV streaming box, there are certain things you wouldn’t expect it to do. It shouldn’t secretly be laced with malware or start communicating with servers in China when it’s powered up. It definitely should not be acting as a node in an organized crime scheme making millions of dollars through fraud. However, that’s been the reality for thousands of unknowing people who own cheap Android TV devices.
In January, security researcher Daniel Milisic discovered that a cheap Android TV streaming box called the T95 was infected with malware right out of the box, with multiple other researchers confirming the findings. But it was just the tip of the iceberg. This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
Google's generative AI wallpaper maker. I get why the spaceship image is foggy and grainy, but why does the prompt of a house with flowers look like a washed out image from a horror movie? [credit: Google ]
Android 14 is out today, along with a new Pixel phone. The OS is shipping to supported Pixel devices now, which means the Pixel 4a (5G) and every variant of the Pixel 5, 6, and 7, plus the Fold and Tablet.
The big feature this year is a somewhat customizable home screen. You can pick from several different lock screen clock styles and customize the two bottom app shortcuts. This feels like a response to iOS 16's lock screen widgets (a feature Android used to have back in the 4.2 days) but not nearly as customizable. It's honestly hard to highlight a second Android 14 feature because this is one of the smallest Android releases ever.
The first feature Google mentions in its blog post is a new wallpaper picker. On the Pixel 8, Android now has a built-in text-to-image AI wallpaper maker, presumably a feature that lets the Android team adhere to Google's "mandatory AI" company mandate. There's also a new monochrome theme if you're tired of all those "Material You" colors.
Enlarge (credit: Getty Images)
Arm warned on Monday of active ongoing attacks targeting a vulnerability in device drivers for its Mali line of GPUs, which run on a host of devices, including Google Pixels and other Android handsets, Chromebooks, and hardware running Linux.
“A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory,” Arm officials wrote in an advisory. “This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r43p0. There is evidence that this vulnerability may be under limited, targeted exploitation. Users are recommended to upgrade if they are impacted by this issue.”
The advisory continued: “A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.”
Lateo.net - Flux RSS en pagaille (pour en ajouter : @ moi) 
