Google is cracking down on predatory loan apps by cutting off their access to "sensitive" data including debtors' contacts, photos and location, after growing criticism that unscrupulous lenders are tapping the contents of borrowers' smartphones for harassment and blackmail. From a report: The tech company said on Wednesday it would update policies for financial services apps listed on the Google Play store at the end of May, so that "apps aiming to provide or facilitate personal loans may not access user contacts or photos." Details provided to app developers for Google's Android mobile system also show that lending apps will, for the first time, be restricted from requesting access to users' precise location, phone numbers and videos. The new policy covers apps offering personal, payday and peer-to-peer loans, but not mortgages, car loans or credit cards. Studies have found hundreds of apps available through Google Play that have required prospective customers to grant them access to the most intimate information on their devices in order to proceed with an application. Consent is often obtained on the grounds that these details are needed to conduct a credit check or risk assessment.

Google wants to make it as easy to scrub an app account as it is to create one. The company has announced that Android apps on the Play Store will soon have to let you delete an account and its data both inside the app and on the web. Developers will also have to wipe data for an account when users ask to delete the account entirely. From a report: The move is meant to "better educate" users on the control they have over their data, and to foster trust in both apps and the Play Store at large. It also provides more flexibility. You can delete certain data (such as your uploaded content) without having to completely erase your account, Google says. The web requirement also ensures that you won't have to reinstall an app just to purge your info. The policy is taking effect in stages. Creators have until December 7th to answer questions about data deletion in their app's safety form. Store listings will start showing the changes in early 2024. Developers can file for an extension until May 31st of next year.

Bob Lee, the chief product officer at MobileCoin, was killed in a fatal stabbing in San Francisco. From a report: On Tuesday morning, at 2:35 a.m., the San Francisco Police Department responded to a report of a stabbing near the 300 block of Main Street in SoMa. He was taken to a hospital but succumbed to his injuries. Shortly after, NBC Bay Area reported that the victim of the stabbing was Bob Lee, 43. MobileCoin confirmed the information in a statement sent to Bloomberg and ABC7 News. Before joining MobileCoin, Bob Lee worked at Google for the first few years of Android, focusing on core library development. He then joined Square, the payment company that later became Block, to develop its Android app. He became the company's first CTO and also created Cash App. Bob Lee, also known as 'Crazy Bob,' was an investor in tech startups as well. According to his LinkedIn profile, he invested in SpaceX, Clubhouse, Tile, Figma, Faire, Orchid, Addressable, Nana, Ticket Fairy, Gowalla, Asha, SiPhox, Netswitch, Found and others.

For flights, Google already showed you whether the flight price you were looking at was high, low, or typical compared to historical prices. Now it's going a step further by putting a guarantee on those predictions. Android Police reports: Now, whenever Google thinks a flight is priced as low as it's going to go, it will put a "Price Guarantee" badge beside the price indicating it doesn't think that price will drop any further. If you decide to book a flight with a price guarantee through Google and the price does go down, the company will reimburse you for the difference in price via Google Pay similar to the promotion it ran in 2019. The price guarantee was announced in a blog post today alongside new features for researching hotels.

"Now when you search for a hotel on mobile, you'll be able to swipe through full-screen images of the hotel similar to how you might view a story on Instagram," reports Android Police. "From that photo page, you can also quickly tap into reviews to see if a property is as good as it looks and learn more about the area where a potential hotel is located. There's also a link to the hotel's website right on the page when you're ready to book."

Google is bringing Android's "Nearby Share" feature to the desktop with a new Windows app. Google says the new program will make sharing between Windows and Android easier, letting you send files over in just a few clicks and taps. From a report: Google's Nearby Share has been built into Android for a few years now and allows you to locally transfer files over Wi-Fi, with the initial device-pairing happening over Bluetooth. Nearby share has been kind of tough to use in real life, since most people share files over the Internet. And for personal use, most people only have one Android device, their phone, so there has been nothing to share files with. A ton of Android users have Windows PCs, though, so for many this will be the first time Nearby Share has an actual use. Using the app is easy. Just download it from the Android website and click a few "next" buttons in the installer. You need a 64-bit Windows PC (not ARM, ironically) with Bluetooth and Wi-Fi. From there you can easily share by dragging and dropping on Windows or by using the Android "share" button and hitting "Nearby Share." You have the option of signing in to the Windows app or not. If you don't you'll need to manually approve every transaction on both the phone and PC. If you sign in, you can set up auto-accept from yourself, anyone in your contacts, or the probably not advisable "everyone" option.

General Motors plans to phase out widely-used Apple CarPlay and Android Auto technologies that allow drivers to bypass a vehicle's infotainment systems, shifting instead to built-in infotainment systems developed with Google for future electric vehicles. Reuters reports: GM's decision to stop offering those systems in future electric vehicles, starting with the 2024 Chevrolet Blazer, could help the automaker capture more data on how consumers drive and charge EVs. GM is designing the on-board navigation and infotainment systems for future EVs in partnership with Alphabet's Google. GM has been working with Google since 2019 to develop the software foundations for infotainment systems that will be more tightly integrated with other vehicle systems such as GM's Super Cruise driver assistant. The automaker is accelerating a strategy for its EVs to be platforms for digital subscription services.

GM would benefit from focusing engineers and investment on one approach to more tightly connecting in-vehicle infotainment and navigation with features such as assisted driving, Edward Kummer, GM's chief digital officer, and Mike Hichme, executive director of digital cockpit experience, said in an interview. "We have a lot of new driver assistance features coming that are more tightly coupled with navigation," Hichme told Reuters. "We don't want to design these features in a way that are dependent on person having a cellphone."

Buyers of GM EVs with the new systems will get access to Google Maps and Google Assistant, a voice command system, at no extra cost for eight years, GM said. GM said the future infotainment systems will offer applications such as Spotify's music service, Audible and other services that many drivers now access via smartphones. "We do believe there are subscription revenue opportunities for us," Kummer said. GM Chief Executive Mary Barra is aiming for $20 billion to $25 billion in annual revenue from subscriptions by 2030.

An anonymous reader writes: Android manufacturers occasionally try to push this idea of a "gaming smartphone" -- usually, these companies try to extend the "PC gamer" design motif to smartphones, with RGB LEDs and aggressive marketing. Since Android games are mostly casual pay-to-win tap fests, though, we often have to ask, does anyone want a gaming smartphone? If you're Lenovo, the answer is apparently "no," as Android Authority reports Lenovo is killing the "Legion" gaming phone business.

An anonymous reader quotes a report from TechCrunch: As U.S. lawmakers move forward with their plans for a TikTok ban or forced sale, the app's Chinese parent company ByteDance is driving another of its social platforms into the Top Charts of the U.S. App Store. ByteDance-owned app Lemon8, an Instagram rival that describes itself as a "lifestyle community," jumped into the U.S. App Store's Top Charts on Monday, becoming the No. 10 Overall app, across both apps and games. Today, it's ranked No. 9 on the App Store's Top Apps chart, excluding games. This is a dramatic move for the little-known app and one that points to paid user acquisition efforts powering this surge. Prior to yesterday, the Lemon8 app had never before ranked in the Top 200 Overall Charts in the U.S., according to app store intelligence provided to TechCrunch by data.ai.

The firm confirms that such a fast move from being an unranked app to being No. 9 among the top free apps in the U.S. -- ahead of YouTube, WhatsApp, Gmail and Facebook -- implies a "significant" and "recent" user acquisition push on the app publisher's part. Unfortunately, because the app is so new to the App Store's Top Charts, third-party app analytics firms don't yet have precise data on Lemon8's U.S. installs, or how those installs have recently changed over the past few days. [...] According to app intelligence provider Apptopia's data, Lemon8 debuted on both iOS and Android in March 2020 and has since gained 16 million global downloads, with Japan as its top market, accounting for 38% of its total installs. While the firm also doesn't have a figure for its U.S. installs, it was able to estimate the app currently has 4.25 million monthly active users. TechCrunch believes ByteDance may be leveraging TikTok to drive app installs of Lemon8. "Over on TikTok, we noticed a number of creators recently began posting about Lemon8, with many new videos appearing in just the past 24 hours," reports TechCrunch. "Concerningly, many of their reviews are extremely positive but are not marked as sponsored content. [...] In fact, some creators even said they're getting the app in case TikTok gets banned."

Alphabet's Google LLC intentionally destroyed employee "chat" evidence in antitrust litigation in California and must pay sanctions and face a possible penalty at trial, a U.S. judge ruled on Tuesday. Reuters reports: U.S. District Judge James Donato in San Francisco said in his order (PDF) that Google "fell strikingly short" in its duties to preserve records. The ruling is part of a multidistrict litigation that includes a consumer class action with as many as 21 million residents; 38 states and the District of Columbia; and companies including Epic Games Inc and Match Group LLC. The consumers and other plaintiffs are challenging Google's alleged monopoly for distributing Android mobile applications, allegations that Google has denied. Plaintiffs have claimed aggregate damages of $4.7 billion.

The judge asked the plaintiffs' lawyers by April 21 to provide an amount in legal fees they are seeking as a sanction. Separately, the plaintiffs will have a chance to urge Donato to tell jurors that Google destroyed information that was unfavorable to it. He said he wants to see "the state of play" at a later stage in the case. "Google has tried to downplay the problem and displayed a dismissive attitude ill tuned to the gravity of its conduct," the judge said.

Windows Central reports: According to my sources who are familiar with Microsoft's plans, the company is once again hard at work on a new project internally that's designed to modernize the Windows platform with many of the same innovations it was working on for Windows Core OS, but with a focus on native compatibility for legacy Win32 applications on devices where it makes sense. The project is codenamed CorePC and is designed to be a modular and customizable variant of Windows for Microsoft to leverage different form factors with. Not all Windows PCs need the full breadth of legacy Win32 app support, and CorePC will allow Microsoft to configure "editions" of Windows with varying levels of feature and app compatibility.

The big change with CorePC versus the current shipping version of Windows is that CorePC is state separated, just like Windows Core OS. State separation enables faster updates and a more secure platform via read-only partitions that are inaccessible to the user and third-party apps, just like on iPadOS or Android. [...] CorePC splits up the OS into multiple partitions, which is key to enabling faster OS updates. State separation also enables faster and more reliable system reset functionality, which is important for Chromebook compete devices in the education sector.

[...] My sources tell me CorePC will allow Microsoft to finally deliver a version of Windows that truly competes with Chromebooks in OS footprint, performance, and capabilities. [...] Microsoft is also working on a version of CorePC that meet the current feature set and capabilities of Windows desktop, but with state separation enabled for those faster OS updates and improved security benefits. The company is working on a compatibility layer codenamed Neon for legacy apps that require a shared state OS to function, too. Lastly, I hear that Microsoft is experimenting with a version of CorePC that's "silicon-optimized," designed to reduce legacy overhead, focus on AI capabilities, and vertically optimize hardware and software experiences in a way similar to that of Apple Silicon. Unsurprisingly, AI experiences are a key focus for Windows going into 2024.

Security researchers at Moscow-based Kaspersky Lab have identified and outlined potential malware in versions of PDD Holdings' Chinese shopping app Pinduoduo, days after Google suspended it from its Android app store. From a report: In one of the first public accountings of the malicious code, Kaspersky laid out how the app could elevate its own privileges to undermine user privacy and data security. It tested versions of the app distributed through a local app store in China, where Huawei Technologies, Tencent Holdings and Xiaomi run some of the biggest app markets. Kaspersky's findings, shared with Bloomberg News, were among the clearest explanations from an independent security team for what triggered Google's action and malware warning last week. The cybersecurity firm, which has played a role in uncovering some of the biggest cyberattacks in history, said it found evidence that earlier versions of Pinduoduo exploited system software vulnerabilities to install backdoors and gain unauthorized access to user data and notifications. Those conclusions agreed in large part with those of researchers that had posted their discoveries online in past weeks, though Bloomberg News hasn't verified the authenticity of the earlier reports.

"With an 8-core Rockchip RK3588S SoC, the Orange Pi 5 is leaps and bounds faster than the aging Raspberry Pi 4," writes Phoronix: With up to 32GB of RAM, the Orange Pi 5 is also capable of serving for a more diverse user-base and even has enough potential for assembling a budget Arm Linux developer desktop. I've been testing out the Orange Pi 5 the past few weeks and it's quite fast and nice for its low price point.

The Orange Pi 5 single board computer was announced last year and went up for pre-ordering at the end of 2022.... When it comes to the software support, among the officially available options for the Orange Pi 5 are Orange Pi OS, Ubuntu, Debian, Android, and Armbian. Other ARM Linux distributions will surely see varying levels of support while even the readily available ISO selection offered by Orange Pi is off to a great start....

Granted, the Orange Pi developer community isn't as large as that of the Raspberry Pi community or the current range of accessories and documentation, but for those more concerned about features and performance, the Orange Pi 5 is extremely interesting.
The article includes Orange Pi 5 specs:

• A 26-pin header
• HDMI 2.1, Gigabit LAN, M.2 PCIe 2.0, and USB3 connectivity
• A Mali G510 MP4 graphics processor, "which has open-source driver hope via the Panfrost driver stack."
• Four different versions with 4GB, 8GB, 16GB, or 32GB of RAM using LPDDR4 or LPDDR4X. "The Orange Pi 4GB retails for ~$88, the Orange Pi 5 8GB version retails for $108, and the Orange Pi 5 16GB version retails for $138, while as of writing the 32GB version wasn't in stock."

In 169 performance benchmarks (compared to Raspberry Pi 4 boards), "this single board computer came out to delivering 2.85x the performance of the Raspberry Pi 400 overall." And through all this the average SoC temperature was 71 degrees with a peak of 85 degrees — without any extra heatsink or cooling.

The Free Software Foundation held their annual LibrePlanet conference last week — and announced that Eli Zaretskii, co-maintainer of GNU Emacs, won their "Advancement of Free Software" award. "He has been a contributor to Emacs for more than thirty years," notes the FSF announcement, "and as co-maintainer, coordinates the work of more than two hundred active contributors. During Zaretskii's tenure as co-maintainer, the Emacs development community has implemented several important new features, including native compilation of the editor's Emacs Lisp backbone into machine code."

Zaretskii was honored with a recorded message from the original author/principal maintainer of GNU Emacs back in 1985, Richard Stallman: "For many years, I was the principal maintainer of GNU Emacs, but then others came along to do the work, and I haven't been heavily involved in Emacs development for many, many years. Nowadays, our principal maintainer of Emacs is extremely diligent and conscientious and has brought about a renaissance in new features and new packages added to Emacs, and the result is very impressive. So I'm happy to give the Free Software Award to Eli Zaretskii, principal maintainer of GNU Emacs. Thank you for your work."

In his recorded acceptance of the award, Zaretskii said, "The truth is my contribution to free software in general and to Emacs development in particular is quite modest, certainly compared to those who won this award before me.... And even my modest achievement as the Emacs developer and lately the co-maintainer would have been impossible without all the other contributors and the Emacs community as a whole. No significant free software project can be developed, maintained, and led forward without participation and support of its members. And Emacs is no exception."
Their award for Outstanding New Free Software Contributor went to Tad (SkewedZeppelin), the chief developer of DivestOS, a fork of Android which removes many proprietary binaries "and which puts freedom, security, and device longevity as its main concerns," according to the FSF's announcement. "Tad has also contributed to the Replicant distribution of Android, a project fiscally sponsored by the FSF."

And their award for Project of Social Benefit went to GNU Jami, a free software videoconferencing tool "that is fully decentralized and encrypted, allowing thousands around the world to communicate in both freedom and security. In contrast to proprietary conferencing programs like Zoom, which are nonfree software, Jami is an official GNU package licensed under the GNU GPLv3+."

An anonymous reader quotes a report from Ars Technica, written by Jonathan M. Gitlin: A perennial question that has accompanied the spread of Android Automotive has been the question of support. A car has a much longer expected service life than a smartphone, especially an Android smartphone, and with infotainment systems so integral to a car's operations now, how long can we reasonably expect those infotainment systems to be supported? I got the chance to put this question to Dirk Hilgenberg, CEO of CARIAD, Volkswagen Group's software division: Given the much longer service life of a car compared to a smartphone, how does VW plan to keep those cars patched and safe 10 or 15 years from now?

"We actually have a contract with the brands, which took a while to negotiate, but lifetime support was utterly important," Hilgenberg told me. The follow-up was obvious: How long is "lifetime"? "Fifteen years after service, and an extra option for brands who would like to have it even longer; you know, we have to guarantee updatability on all legal aspects," he said. "So that's why we are, as you can imagine, very cautious with branches of releases because every branch we need to maintain over this long time. So when you have end of operation and EOP [end of production] and it's 15 years longer, we still have to maintain that; plus, some brands actually said 'because my vehicle is a unicorn, it's something that people want even more, they only occasionally drive it but they want to be safe,'" Hilgenberg told me.

(The unicorn reference should make sense in the context of VW Group owning Bugatti, Lamborghini, and Porsche, whose cars are often collected and can be on the road for many decades.) In those cases, CARIAD would provide continued support, Hilgenberg said. "Especially as cybersecurity, all the legal things are concerned, you see that already. Now we do upgrades and releases, whether it's in China, whether it's in the US, whether it's in Europe, we take very cautious steps. Security and safety has, in the Volkswagen group, you know, the utmost importance, and we see it actually as an opportunity to differentiate," he said. In an update to the article, Ars said CARIAD got in touch with them to add some clarifications. "As part of its development services to Volkswagen's automotive brands, CARIAD provides operational services, updates, upgrades and new releases as well as bug fixes and patches relating to its hardware- and software-products. We usually support our hard- and software releases for extended periods of time. In some cases this can be up to 15 years after the end of production ('EOP') for hardware and 10 years after EOP for software releases. Moreover, there are legally mandatory periods we comply with, e.g. cybersecurity as well as safety updates and patches are provided for as long as a function is available. In addition, there may be individual agreements with brands for longer support periods to specifically satisfy their customers' needs," wrote a CARIAD spokesperson.

Ars notes: "there's no guarantee that OEMs can make the business model work for this long-term support."

An anonymous reader quotes a report from KrebsOnSecurity: Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones. In November 2022, researchers at Google's Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device. Google said it believes the exploit chain for Samsung devices belonged to a "commercial surveillance vendor," without elaborating further. The highly technical writeup also did not name the malicious app in question.

On Feb. 28, 2023, researchers at the Chinese security firm DarkNavy published a blog post purporting to show evidence that a major Chinese ecommerce company's app was using this same three-exploit chain to read user data stored by other apps on the affected device, and to make its app nearly impossible to remove. DarkNavy likewise did not name the app they said was responsible for the attacks. In fact, the researchers took care to redact the name of the app from multiple code screenshots published in their writeup. DarkNavy did not respond to requests for clarification. "At present, a large number of end users have complained on multiple social platforms," reads a translated version of the DarkNavy blog post. "The app has problems such as inexplicable installation, privacy leakage, and inability to uninstall."

On March 3, 2023, a denizen of the now-defunct cybercrime community BreachForums posted a thread which noted that a unique component of the malicious app code highlighted by DarkNavy also was found in the ecommerce application whose name was apparently redacted from the DarkNavy analysis: Pinduoduo. A Mar. 3, 2023 post on BreachForums, comparing the redacted code from the DarkNavy analysis with the same function in the Pinduoduo app available for download at the time. On March 4, 2023, e-commerce expert Liu Huafang posted on the Chinese social media network Weibo that Pinduoduo's app was using security vulnerabilities to gain market share by stealing user data from its competitors. That Weibo post has since been deleted. On March 7, the newly created Github account Davinci1010 published a technical analysis claiming that until recently Pinduoduo's source code included a "backdoor," a hacking term used to describe code that allows an adversary to remotely and secretly connect to a compromised system at will. That analysis includes links to archived versions of Pinduoduo's app released before March 5 (version 6.50 and lower), which is when Davinci1010 says a new version of the app removed the malicious code. Pinduoduo boasts approximately 900 million monthly active users in China. In August of last year, the Guardian published an article covering the company's plans to expand to the U.S. and take on Amazon.

Remember when Pebble founder Eric Migicovsky released an impassioned plea for someone, anyone, to make a small Android phone that would compete with the iPhone Mini? He's taking matters into his own hands. From a report: Now that Apple has stopped making new small phones, Migicovsky's Small Android Phone petition has evolved into a "community-based project" -- where that community includes a team working to design and produce the phone that Migicovsky wants. The petition got 38,700 signatures, and "almost all of that came from literally one article from The Verge," one team member revealed in a design call. The Small Android Phone team -- it's not a company, yet -- has been doing a lot of planning right under our noses. In a small Discord, they've quietly revealed their efforts to source a display, choose a chip, and design the body of the phone. They've even discussed how they might pay for it all. Diehard small phone enthusiasts are invited to give feedback at every step of the process as the team attempts to bend the phone market to their will.

An anonymous reader quotes a report from Ars Technica: Back in 2018, Pixel phones gained a built-in screenshot editor called "Markup" with the release of Android 9.0 Pie. The tool pops up whenever you take a screenshot, and tapping the app's pen icon gives you access to tools like crop and a few colored drawing pens. That's very handy assuming Google's Markup tool actually does what it says, but a new vulnerability points out the edits made by this tool weren't actually destructive! It's possible to uncrop or unredact Pixel screenshots taken during the past four years.

The bug was discovered by Simon Aarons and is dubbed "Acropalypse," or more formally CVE-2023-21036. There's a proof-of-concept app that can unredact Pixel screenshots at acropalypse.app, and it works! There's also a good technical write-up here by Aarons' collaborator, David Buchanan. The basic gist of the problem is that Google's screenshot editor overwrites the original screenshot file with your new edited screenshot, but it does not truncate or recompress that file in any way. If your edited screenshot has a smaller file size than the original -- that's very easy to do with the crop tool -- you end up with a PNG with a bunch of hidden junk data at the end of it. That junk data is made up of the end bits of your original screenshot, and it's actually possible to recover that data. While the bug was fixed in the March 2023 security update for Pixel devices, it doesn't solve the problem, notes Ars. "There's still the matter of the last four years of Pixel screenshots that are out there and possibly full of hidden data that people didn't realize they were sharing."

Microsoft is preparing to launch a new app store for games on iPhones and Android smartphones as soon as next year if its $75bn acquisition of Activision Blizzard is cleared by regulators, according to the head of its Xbox business. From a report: New rules requiring Apple and Google to open up their mobile platforms to app stores owned and operated by other companies are expected to come into force from March 2024 under the EU's Digital Markets Act. "We want to be in a position to offer Xbox and content from both us and our third-party partners across any screen where somebody would want to play," said Phil Spencer, chief executive of Microsoft Gaming, in an interview ahead of this week's annual Game Developers Conference in San Francisco. "Today, we can't do that on mobile devices but we want to build towards a world that we think will be coming where those devices are opened up."

Microsoft is fighting with regulators in the US, Europe and UK, which have all raised concerns about the potential impact on competition from the owner of the Xbox console buying the developer of Call of Duty, one of the world's most popular games franchises. PlayStation maker Sony has been a vocal opponent of the deal. However, Spencer argues the deal can boost competition in what he called the "largest platform people play on" -- smartphones -- where Apple and Google currently operate what some antitrust authorities have called a "duopoly" over distribution of games and other apps. [...] While acknowledging it was hard to predict exactly when Microsoft will be able to launch its own store, Spencer said it would be "pretty trivial" for Microsoft to adapt its Xbox and Game Pass apps to sell games and subscriptions on mobile devices. Microsoft's current lack of mobile games was an "obvious hole in our capability" that it needed Activision Blizzard to fill, he added.

Meta on Friday launched its subscription service in the U.S., which would allow Facebook and Instagram users pay for verification in the same vein as Elon Musk-owned Twitter. From a report: The Meta Verified service will give users a blue badge after they verify their accounts using a government ID and will cost $11.99 per month on the web or $14.99 a month on Apple's iOS system and Google-owned Android, Meta said in a statement. The service, which Meta said it was testing in February, follows in the footsteps of Snapchat as well as messaging app Telegram and marks the latest effort by a social media company to diversify its revenue away from advertising.

Google's security research unit is sounding the alarm on a set of vulnerabilities it found in certain Samsung chips included in dozens of Android models, wearables and vehicles, fearing the flaws could be soon discovered and exploited. From a report: Google's Project Zero head Tim Willis said the in-house security researchers found and reported 18 zero-day vulnerabilities in Exynos modems produced by Samsung over the past few months, including four top-severity flaws that could compromise affected devices "silently and remotely" over the cellular network.

"Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number," Willis said. By gaining the ability to remotely run code at a device's baseband level -- essentially the Exynos modems that convert cell signals to digital data -- an attacker would be able to gain near-unfettered access to the data flowing in and out of an affected device, including cellular calls, text messages, and cell data, without alerting the victim. The list of affected devices includes (but is not limited to): Samsung mobile devices, including the S22, M and A series handsets; Vivo mobile devices, including those in the S16, S15, S6, X70, X60 and X30 series; Google Pixel 6 and Pixel 7 series; and connected vehicles that use the Exynos Auto T5123 chipset.