Microsoft has started testing a new way to access your Android phone from directly within Windows 11's File Explorer. From a report: Windows Insiders are now able to test this new feature, which lets you wirelessly browse through folders and files on your Android phone. The integration in File Explorer means your Android device appears just like a regular USB device on the left-hand side, with the ability to copy or move files between a PC and Android phone, and rename or delete them. It's certainly a lot quicker than using the existing Phone Link app.

A little-known spyware maker based in Minnesota has been hacked, TechCrunch reports, revealing thousands of devices around the world under its stealthy remote surveillance. From the report: A person with knowledge of the breach provided TechCrunch with a cache of files taken from the company's servers containing detailed device activity logs from the phones, tablets, and computers that Spytech monitors, with some of the files dated as recently as early June.

TechCrunch verified the data as authentic in part by analyzing some of the exfiltrated device activity logs that pertain to the company's chief executive, who installed the spyware on one of his own devices. The data shows that Spytech's spyware -- Realtime-Spy and SpyAgent, among others -- has been used to compromise more than 10,000 devices since the earliest-dated leaked records from 2013, including Android devices, Chromebooks, Macs, and Windows PCs worldwide. Spytech is the latest spyware maker in recent years to have itself been compromised, and the fourth spyware maker known to have been hacked this year alone, according to TechCrunch's running tally.

Researchers have identified a zero-day exploit for the Telegram messaging app on Android devices that could have allowed attackers to send malicious payloads disguised as legitimate files. From a report: The exploit was built to abuse a vulnerability that Slovakia-based firm ESET dubbed EvilVideo. Telegram fixed the bug earlier this month in versions 10.14.5 and above after researchers reported it. Threat actors had about five weeks to exploit the zero-day before it was patched, but it's not clear if it was used in the wild, ESET said. ESET discovered the exploit on an underground forum in early June. It was sold for an unspecified price by a user with the username "Ancryno." In its post, the seller showed screenshots and a video of testing the exploit in a public Telegram channel.

In unpatched versions of Telegram for Android, attackers could use the exploit to send malicious payloads via Telegram channels, groups and chats, making them appear as multimedia files. The exploit takes advantage of Telegram's default setting to automatically download media files. The option can be disabled manually, but in that case, the payload could still be installed on the device if a user tapped the download button in the top left corner of the shared file. If the user tried to play the "video," Telegram displayed a message that it was unable to play it and suggested using an external player. The hackers disguised a malicious app as this external player.

Google has revised its Play Store policies, aiming to eliminate subpar and potentially harmful Android apps. The updated Spam and Minimum Functionality policy, set to take effect on August 31, 2024, targets apps that crash frequently, lack substantial content, or provide minimal utility to users, the company said.

This policy shift follows Google's ongoing efforts to enhance Play Store security, with the company having blocked over 2 million policy-violating apps and rejected around 200,000 submissions in 2023 alone.

The FBI was given access to unreleased technology to access the phone of the man identified as the shooter of former President Donald Trump, Bloomberg reported late Thursday, citing people familiar with the investigation. From the report: As the FBI struggled to gain access on Sunday morning to the phone, they appealed directly to Cellebrite, a digital intelligence company founded in Israel that supplies technology to several US federal agencies, according to the people, who requested anonymity to speak freely about the case.

FBI agents wanted to pull data from the device to help decipher his motives for the shooting at a rally in Bethel Park, Pennsylvania, where Trump suffered an injured ear and a spectator was killed. Authorities have identified the deceased shooter as Thomas Matthew Crooks. The local FBI bureau in Pittsburgh held a license for Cellebrite software, which lets law enforcement identify or bypass a phone's passcode. But it didn't work with Crooks' device, according to the people, who said the deceased shooter owned a newer Samsung model that runs Android's operating system. The agents called Cellebrite's federal team, which liaises with law enforcement and government agencies, according to the people. Within hours, Cellebrite transferred to the FBI in Quantico, Virginia, additional technical support and new software that was still being developed. The details about the unsuccessful initial attempt to access the phone, and the unreleased software, haven't been previously reported.

Longtime Slashdot reader SonicSpike shares an op-ed from Reason, written by Sen. Rand Paul: In America, we do not punish businesses for their success. We certainly do not punish businesses because their competitors are struggling to keep pace. Sadly, that is exactly what the Department of Justice (DOJ) is attempting to do in its recent lawsuit against Apple. In March, the DOJ, joined by 15 states and the District of Columbia, filed a lawsuit aimed at penalizing Apple for successfully competing in the market for smartphones. However, like much of the Biden administration's approach to antitrust enforcement, the DOJ's lawsuit is focused on punishing Apple for its success rather than addressing any real harm to consumers. Instead of fostering innovation and competition, this approach threatens to stifle the very progress that benefits Americans.

In its lawsuit, the DOJ makes the unsubstantiated claim that Apple has "willfully monopolized" the smartphone market through "exclusionary" and "anticompetitive" conduct. In particular, it accuses Apple of exercising unwarranted control over the creation, distribution, and functioning of apps within the iPhone operating system. What the complaint ignores, however, is that this control is not simply a lawful business practice by a privately held company; it is an indispensable part of Apple's business model. Far from being an "anticompetitive" practice that harms consumers, Apple's careful approach to app integration is a pro-competitive way in which it meets its users' demands.

Privacy, security, and seamless integration have been the core of Apple's operational strategy for years. Back in 2010, Steve Jobs explained that "when selling to people who want their devices to just work, we think integrated wins every time." That "open systems don't always work," and Apple was "committed to the integrated approach." What makes Apple products so unique is their ease of use and consistency over time. While no product will ever be perfect, Apple's goal is to deliver a seamless, integrated experience that users can rely on time after time without giving it a second thought. How does Apple do this? By carefully exercising the very control that the DOJ is trying to punish. As economist Alex Tabarrok explains in Marginal Revolution: "Apple's promise to iPhone users is that it will be a gatekeeper. Gatekeeping is what allows Apple to promise greater security, privacy, usability and reliability. Gatekeeping is Apple's brand promise. Gatekeeping is what the consumer's are buying." [...] "Digital markets do not need more government regulation; they need more companies willing to innovate and compete," concludes Sen. Paul. "The DOJ should not waste taxpayer-provided resources targeting a company that has earned its success through excellence in the marketplace. An Apple a day may keep the doctor away, but it seems that all of the pro-competitive justifications in the world cannot keep a politically motivated antitrust enforcer at bay."

An anonymous reader shares a report: It's been tried before, more than once, but if it comes as a stock feature, maybe people will actually start to use the feature. Google's Pixel 9 range of fondleslabs is coming soon, and the company has already announced an event, Made by Google, for August 13th at 1000 Pacific Time (that's 1700 UTC, and 1800 for Brits.) The new devices are very likely to run Android 15 -- whose first developer preview appeared in February. Android Police reports that one of the less obvious features of the beta may continue to final release and could become more apparent: the desktop mode that can be activated in Android 14 QPR3 Beta 2.1.

Having a desktop mode in Android isn't of itself a new thing. Samsung has offered its Dex feature since the Galaxy S8, and various vultures ventured Dex-wards in 2017 and again in 2018. The snag was that you needed a special dock to try it. Android 10 gained a hidden desktop mode in its developer features, but it wasn't easy to find. These days, though, the baseline is rather closer. Monitors with USB C connections are quite ordinary now, with ordinary prices to match, unlike, say, their prices five years ago. You can even get affordable portable ones.

In a new analysis, research firm Bernstein challenges the conventional wisdom surrounding Apple's iPhone sales fluctuations, arguing that perceived market share shifts between Apple and Android devices are largely illusory. The report, which Bernstein sent to its clients, contends that the majority of iPhone buyers are existing users upgrading their devices, rather than switchers from Android platforms.

Bernstein posits that year-to-year changes in iPhone unit sales are predominantly driven by Apple's upgrade rates within its established user base. This dynamic creates the appearance of significant market share gains or losses, particularly in China, where consumers are highly sensitive to new features. The analyst notes that upgrade cycles in China tend to be more pronounced than in other markets, leading to exaggerated perceptions of market share volatility. He suggests that the company's struggles in the region are more likely attributed to poor upgrade rates within its existing customer base rather than a mass exodus to competitors like Huawei.

Scharon Harding reports via Wired: In 2019, Nike got closer than ever to its dreams of popularizing self-tying sneakers by releasing the Adapt BB. Using Bluetooth, the sneakers paired to the Adapt app that let users do things like tighten or loosen the shoes' laces and control its LED lights. However, Nike has announced that it's "retiring" the app on August 6 (Warning: source may be paywalled; alternative source), when it will no longer be downloadable from Apple's App Store or the Google Play Store; nor will it be updated.

In an announcement recently spotted by The Verge, Nike's brief explanation for discontinuing the app is that Nike "is no longer creating new versions of Adapt shoes." The company started informing owners about the app's retirement about four months ago. Those who already bought the shoes can still use the app after August 6, but it's expected that iOS or Android updates will eventually make the app unusable. Also, those who get a new device won't be able to download Adapt after August 6.

Without the app, wearers are unable to change the color of the sneaker's LED lights. The lights will either maintain the last color scheme selected via the app or, per Nike, "if you didn't install the app, light will be the default color." While owners will still be able to use on-shoe buttons to turn the shoes on or off, check its battery, adjust the lace's tightness, and save fit settings, the ability to change lighting and control the shoes via mobile phone were big selling points of the $350 kicks.

Google plans to support its own long-term support (LTS) kernel releases for Android devices for four years, a move aimed at bolstering the security of the mobile operating system. This decision, reported by AndroidAuthority, comes in response to the Linux community's recent reduction of LTS support from six years to two years, a change that posed potential challenges for Android's security ecosystem.

The Android Common Kernel (ACK) branches, derived from upstream Linux LTS releases, form the basis of most Android devices' kernels. Google maintains these forks to incorporate Android-specific features and backport critical functionality. Regular updates to these kernels address vulnerabilities disclosed in monthly Android Security Bulletins. While the extended support period benefits Android users and manufacturers, it places significant demands on Linux kernel developers.

Microsoft told employees in China that from September they'll only be able to use iPhones for work, effectively cutting off Android-powered devices from the workplace. Bloomberg: The US company will soon require Chinese-based employees to use only Apple devices to verify their identities when logging in to work computers or phones, according to an internal memo reviewed by Bloomberg News. The measure, part of Microsoft's global Secure Future Initiative, will affect hundreds of workers across the Chinese mainland and is intended to ensure that all staff use the Microsoft Authenticator password manager and Identity Pass app.

The move highlights the fragmented nature of Android app stores in the country and the growing differences between Chinese and foreign mobile ecosystems. Unlike Apple's iOS store, Google Play isn't available in China, so local smartphone makers like Huawei and Xiaomi operate their own platforms. Microsoft has chosen to block access from those devices to its corporate resources because they lack Google's mobile services in the country, the message said.

Windows Recall was "delayed" over concerns that storing unencrypted recordings of users' activity was a security risk.

But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.

Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."

The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.
Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."

"Beyond that, Microsoft has nothing more to share," the spokesperson added.
Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.

My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...

It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.
The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."

Nearly half of Americans are using third-party antivirus software and the rest are either using the default protection in their operating system -- or none at all. From a report: In all, 46 percent of almost 1,000 US citizens surveyed by the reviews site Security.org said they used third-party antivirus on their computers, with 49 percent on their PCs, 18 percent using it on their tablets, and 17 percent on their phones. Of those who solely rely on their operating system's built-in security -- such as Microsoft's Windows Defender, Apple's XProtect, and Android's Google Play -- 12 percent are planning to switch to third-party software in the next six months.

Of those who do look outside the OS, 54 percent of people pay for the security software, 43 percent choose the stripped-down free version, and worryingly, three percent aren't sure whether they pay or not. Among paying users, the most popular brands were Norton, McAfee, and Malwarebytes, while free users preferred -- in order -- McAfee, Avast, and Malwarebytes. The overwhelming reason for purchasing, cited by 84 percent of respondents, was, of course, fear of malware. The next most common reasons were privacy, at 54 percent, and worries over online shopping, at 48 percent. Fear of losing cryptocurrency stashes from wallets was at eight percent, doubled since last year's survey.

An anonymous reader shares a report: ChromeOS Flex extends the lifespan of older hardware and contributes to reducing e-waste, making it an environmentally conscious choice. Unfortunately, recent developments hint at a potential end for ChromeOS Flex. As detailed in a June 12 blog post by Prajakta Gudadhe, senior director of engineering for ChromeOS, and Alexander Kuscher, senior director of product management for ChromeOS, Google's announcement about integrating ChromeOS with Android to enhance AI capabilities suggests that Flex might not be part of this future.

Google's plan, as detailed, suggests that ChromeOS Flex could be phased out, leaving its current users in a difficult position. The ChromiumOS community around ChromeOS Flex may attempt to adjust to these changes if Google open sources ChromeOS Flex, but this is not a guarantee. In the meantime, users may want to consider alternatives, such as various Linux distributions, to keep their older hardware functional.

An anonymous reader quotes a report from Ars Technica: Meta continues to hit walls with its heavily scrutinized plan to comply with the European Union's strict online competition law, the Digital Markets Act (DMA), by offering Facebook and Instagram subscriptions as an alternative for privacy-inclined users who want to opt out of ad targeting. Today, the European Commission (EC) announced preliminary findings that Meta's so-called "pay or consent" or "pay or OK" model -- which gives users a choice to either pay for access to its platforms or give consent to collect user data to target ads -- is not compliant with the DMA. According to the EC, Meta's advertising model violates the DMA in two ways. First, it "does not allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the 'personalized ads-based service." And second, it "does not allow users to exercise their right to freely consent to the combination of their personal data," the press release said.

Now, Meta will have a chance to review the EC's evidence and defend its policy, with today's findings kicking off a process that will take months. The EC's investigation is expected to conclude next March. Thierry Breton, the commissioner for the internal market, said in the press release that the preliminary findings represent "another important step" to ensure Meta's full compliance with the DMA. "The DMA is there to give back to the users the power to decide how their data is used and ensure innovative companies can compete on equal footing with tech giants on data access," Breton said. A Meta spokesperson told Ars that Meta plans to fight the findings -- which could trigger fines up to 10 percent of the company's worldwide turnover, as well as fines up to 20 percent for repeat infringement if Meta loses. The EC agreed that more talks were needed, writing in the press release, "the Commission continues its constructive engagement with Meta to identify a satisfactory path towards effective compliance." Meta continues to claim that its "subscription for no ads" model was "endorsed" by the highest court in Europe, the Court of Justice of the European Union (CJEU), last year.

"Subscription for no ads follows the direction of the highest court in Europe and complies with the DMA," Meta's spokesperson said. "We look forward to further constructive dialogue with the European Commission to bring this investigation to a close."

Meta rolled out its ad-free subscription service option last November. "Depending on where you purchase it will cost $10.5/month on the web or $13.75/month on iOS and Android," said the company in a blog post. "Regardless of where you purchase, the subscription will apply to all linked Facebook and Instagram accounts in a user's Accounts Center. As is the case for many online subscriptions, the iOS and Android pricing take into account the fees that Apple and Google charge through respective purchasing policies."

An anonymous reader quotes a report from TechCrunch: Butterflies is a social network where humans and AIs interact with each other through posts, comments and DMs. After five months in beta, the app is launching Tuesday to the public on iOS and Android. Anyone can create an AI persona, called a Butterfly, in minutes on the app. After that, the Butterfly automatically creates posts on the social network that other AIs and humans can then interact with. Each Butterfly has backstories, opinions and emotions.

Butterflies was founded by Vu Tran, a former engineering manager at Snap. Vu came up with the idea for Butterflies after seeing a lack of interesting AI products for consumers outside of generative AI chatbots. Although companies like Meta and Snap have introduced AI chatbots in their apps, they don't offer much functionality beyond text exchanges. Tran notes that he started Butterflies to bring more creativity to humans' relationships with AI. "With a lot of the generative AI stuff that's taking flight, what you're doing is talking to an AI through a text box, and there's really no substance around it," Vu told TechCrunch. "We thought, OK, what if we put the text box at the end and then try to build up more form and substance around the characters and AIs themselves?" Butterflies' concept goes beyond Character.AI, a popular a16z-backed chatbot startup that lets users chat with customizable AI companions. Butterflies wants to let users create AI personas that then take on their own lives and coexist with other. [...]

The app is free-to-use at launch, but Butterflies may experiment with a subscription model in the future, Vu says. Over time, Butterflies plans to offer opportunities for brands to leverage and interact with AIs. The app is mainly being used for entertainment purposes, but in the future, the startup sees Butterflies being used for things like discovery in a way that's similar to Instagram. Butterflies closed a $4.8 million seed round led by Coatue in November 2023. The funding round included participation from SV Angel and strategic angels, many of whom are former Snap product and engineering leaders. Vu says that Butterflies is one of the most wholesome ways to use and interact with AI. He notes that while the startup isn't claiming that it can help cure loneliness, he says it could help people connect with others, both AI and human.

"Growing up, I spent a lot of my time in online communities and talking to people in gaming forums," Vu said. "Looking back, I realized those people could just have been AIs, but I still built some meaningful connections. I think that there are people afraid of that and say, 'AI isn't real, go meet some real friends.' But I think it's a really privileged thing to say 'go out there and make some friends.' People might have social anxiety or find it hard to be in social situations."

Steven Vaughan-Nichols reports via ZDNet: While Linux and open-source software (OSS) are no longer constantly under intellectual property (IP) attacks, the Open Invention Network (OIN) patent consortium still stands guard over its patents. Now, OIN, the largest patent non-aggression community, has expanded its protection once again by updating its Linux System definition. Covering more than just Linux, the Linux System definition also protects adjacent open-source technologies. In the past, protection was expanded to Android, Kubernetes, and OpenStack. The OIN accomplishes this by providing a shared defensive patent pool of over 3 million patents from over 3,900 community members. OIN members include Amazon, Google, Microsoft, and essentially all Linux-based companies.

This latest update extends OIN's existing patent risk mitigation efforts to cloud-native computing and enterprise software. In the cloud computing realm, OIN has added patent coverage for projects such as Istio, Falco, Argo, Grafana, and Spire. For enterprise computing, packages such as Apache Atlas and Apache Solr -- used for data management and search at scale, respectively -- are now protected. The update also enhances patent protection for the Internet of Things (IoT), networking, and automotive technologies. OpenThread and packages such as agl-compositor and kukusa.val have been added to the Linux System definition. In the embedded systems space, OIN has supplemented its coverage of technologies like OpenEmbedded by adding the OpenAMP and Matter, the home IoT standard. OIN has included open hardware development tools such as Edalize, cocotb, Amaranth, and Migen, building upon its existing coverage of hardware design tools like Verilator and FuseSoc.

Keith Bergelt, OIN's CEO, emphasized the importance of this update, stating, "Linux and other open-source software projects continue to accelerate the pace of innovation across a growing number of industries. By design, periodic expansion of OIN's Linux System definition enables OIN to keep pace with OSS's growth." [...] Looking ahead, Bergelt said, "We made this conscious decision not to include AI. It's so dynamic. We wait until we see what AI programs have significant usage and adoption levels." This is how the OIN has always worked. The consortium takes its time to ensure it extends its protection to projects that will be around for the long haul. The OIN practices patent non-aggression in core Linux and adjacent open-source technologies by cross-licensing their Linux System patents to one another on a royalty-free basis. When OIN signees are attacked because of their patents, the OIN can spring into action.

Richard Speed reports via The Register: Privacy campaigner noyb has filed a GDPR complaint regarding Google's Privacy Sandbox, alleging that turning on a "Privacy Feature" in the Chrome browser resulted in unwanted tracking by the US megacorp. The Privacy Sandbox API was introduced in 2023 as part of Google's grand plan to eliminate third-party tracking cookies. Rather than relying on those cookies, website developers can call the API to display ads matched to a user's interests. In the announcement, Google's VP of the Privacy Sandbox initiative called it "a significant step on the path towards a fundamentally more private web."

However, according to noyb, the problem is that although Privacy Sandbox is advertised as an improvement over third-party tracking, that tracking doesn't go away. Instead, it is done within the browser by Google itself. To comply with the rules, Google needs informed consent from users, which is where issues start. Noyb wrote today: "Google's internal browser tracking was introduced to users via a pop-up that said 'turn on ad privacy feature' after opening the Chrome browser. In the European Union, users are given the choice to either 'Turn it on' or to say 'No thanks,' so to refuse consent." Users would be forgiven for thinking that 'turn on ad privacy feature' would protect them from tracking. However, what it actually does is turn on first-party tracking.

Max Schrems, honorary chairman of noyb, claimed: "Google has simply lied to its users. People thought they were agreeing to a privacy feature, but were tricked into accepting Google's first-party ad tracking. "Consent has to be informed, transparent, and fair to be legal. Google has done the exact opposite." Noyb noted that Google had argued "choosing to click on 'Turn it on' would indeed be considered consent to tracking under Article 6(1)(a) of the GDPR."

After announcing a shut down date in February, Google's "GPay" app has officially stopped working for users in the U.S. "Starting on June 4, GPay -- as was the name of the app on Android homescreens -- automatically signed US users out," reports 9to5Google. "Attempting to login again explains how: 'The Google Pay US app is no longer available. You can still tap to pay using the Google Wallet app.'" From the report: Additionally, Google no longer offers peer-to-peer payments in the US. You can use the Google Pay website to view and transfer your balance -- money you've received or rewards -- to a bank account after June. The focus is now on Google Wallet and digitizing everything in your physical wallet. There's no equivalent finance tracking functionality. Meanwhile, "Google Pay" still exists as the name for what you're actually using when making a physical or online purchase with your phone.

Apple has announced that its Messages app will support RCS in iOS 18. From a report: The new standard will replace SMS as the default communication protocol between Android and iOS devices. The move comes after years of taunting, cajoling, and finally, some regulatory scrutiny from the EU. Right now, when people on iOS and Android message each other, the service falls back to SMS -- photos and videos are sent at a lower quality, messages are shortened, and importantly, conversations are not end-to-end encrypted like they are in iMessage. Messages from Android phones show up as green bubbles in iMessage chats and chaos ensues.