Google has taken a significant step toward a passwordless future with the start of an open beta for passkeys on Workspace accounts. From a report: Starting today, June 5th, over 9 million organizations can allow their users to sign in to a Google Workspace or Google Cloud account using a passkey instead of their usual passwords.

Passkeys are a new form of passwordless sign-in tech developed by the FIDO Alliance, whose members include industry giants like Google, Apple, and Microsoft. Passkeys allow users to log in to websites and apps using their device's own authentication, such as a laptop with Windows Hello, an Android phone with a fingerprint sensor, or an iPhone with Face ID, instead of traditional passwords and other sign-in systems like 2FA or SMS verification. Because passkeys are based on public key cryptographic protocols, there's no fixed "sequence" that can be stolen or leaked in phishing attacks.

"It's worth questioning the status quo of technology," argues the Washington Post's Tech Friend newsletter, "including apps as we know them."

Then they tout the benefits of the "non-app app... a hybrid of a website and a conventional app, with features of each" — the unappreciated Progressive Web App (which many still don't know can be installed on your phone's home screen): Web apps look and function pretty much like the conventional apps for your phone or computer, but they clog less space on your device and are less pushy about surveilling you. People who make web apps also say they are easier to create and update than conventional apps... But web apps have been around for years, and most people don't know they exist...

[Traditional apps] come with profound downsides, including Big Tech control, privacy compromises and high development costs. It would be healthy if there were palatable alternative paths to our current app system. Web apps might be part of the solution... At their core, web apps are "the web with an app-like cover," said Rob Kochman, senior product manager for Google's Chrome. Kochman and other web app fans say these apps are less demanding and less intrusive than a conventional app. The web app for Starbucks, for example, takes up just 429 kilobytes of storage on my phone — or less than 1 percent of the storage taken by the standard Starbucks Android app...

And by design, once a conventional app is on your phone, it can access your phone's guts and peek under the hood of your internet network. Web apps are stingier about access, Kochman and other experts told me. "If you're worried about installing some app, you'd probably prefer that as a web app," said a veteran tech executive who helped develop the original technology for web apps. He referred to a web app as "just a website that took all the right vitamins...."

It's difficult to figure out which companies make web apps or find them. There's not an app store for web apps, although there are some attempts like Store.App and Appscope. They're not ideal... Some technologists told me that Apple has held back web apps by limiting their capabilities for Apple devices. The company has said that's not true. And this year, Apple added iPhone feature options for web apps...

We should keep challenging what can feel like immutable parts of digital life, including apps. We have to keep asking: What if there's something better?
It's as easy as "press the three-dot icon, then select 'Add to home screen.'" But it'd be interesting to hear the perspective of Slashdot readers. So share your thoughts and experiences in the comments.

Are you using progressive web apps?

Linux Foundation Europe "has announced the RISC-V Software Ecosystem (RISE) Project to help facilitate more performant, commercial-ready software for the RISC-V processor architecture," reports Phoronix.

"Among the companies joining the RISE Project on their governing board are Andes, Google, Intel, Imagination Technologies, Mediatek, NVIDIA, Qualcomm, Red Hat, Rivos, Samsung, SiFive, T-Head, and Ventana."

It's top goal is "accelerate the development of open source software for RISC-V," according to the official RISE web site. The project's chair says it "brings together leaders with a shared sense of urgency to accelerate the RISC-V software ecosystem readiness in collaboration with RISC-V International." The CEO of RISC-V International, Calista Redmond, said "We are grateful to the thousands of engineers making upstream contributions and to the organizations coming together now to invest in tools and libraries in support of the RISC-V software ecosystem." RISE Project members will contribute financially and provide engineering talent to address specific software deliverables prioritized by the RISE Technical Steering Committee (TSC). RISE is dedicated to enabling a robust software ecosystem specifically for application processors that includes software development tools, virtualization support, language runtimes, Linux distribution integration, and system firmware, working upstream first with existing open source communities in accordance with open source best practices.

"The RISE Project is dedicated to enabling RISC-V in open source tools and libraries (e.g., LLVM, GCC, etc) to speed implementation and time-to-market," said Gabriele Columbro, General Manager of Linux Foundation Europe.
Google's director of engineering on Android said Google was "excited to partner with industry leaders to drive rapid maturity of the RISC-V software ecosystem in support of Android and more."

And the VP of system software at NVIDIA said "NVIDIA's accelerated computing platform — which includes GPUs, DPUs, chiplets, interconnects and software — will support the RISC-V open standard to help drive breakthroughs in data centers, and a wide range of industries, such as automotive, healthcare and robotics."

Google Wallet on Android is finally getting ready for your digital driver's license and other US state IDs. Google says the feature is rolling out this month, and it will slowly start bringing states online this year. From a report: Of course, your state has to be one of the few that actually supports digital IDs. Google says Maryland residents can use the feature right now and that "in the coming months, residents of Arizona, Colorado and Georgia will join them." The road to digital driver's license support has been a long one, with the "Identity Credential API" landing in Android 11 back in 2020. Since then it has technically been possible for states to make their own ID app.

Now Google Wallet, Google's re-re-reboot of its payment app, is providing a first-party way to store an ID on your phone. Some parts of the Identity Credential API landed in Google Play Services (Google's version-agnostic brick of APIs), so Wallet supports digital IDs going back to Android 8.0, which covers about 90 percent of Android devices. Maryland has supported Digital IDs on iOS for a while, which gives us an idea of how this will work. An NFC transfer is enough to beam your credentials to someone, where you can just tap against a special NFC ID terminal and confirm the transfer with your fingerprint. Wallet has an NFC option, along with a "Show code" option that will show the traditional driver's license barcode.

An anonymous reader quotes a report from Ars Technica: After endless leaks, Motorola made its fourth-generation lineup of foldables official today. The flagship is the Moto Razr+, which will launch in the US on June 23 for $999. There's also a cheaper phone called only the "Moto Razr" with a smaller outside screen, slower SoC, and no clear US price or release date. Internationally, these phones are called the Moto Razr 40 Ultra and Moto Razr 40. The Ultra model's SoC is a Snapdragon 8+ Gen 1 -- that's not the best you can get from Qualcomm, which would be the 8 Gen 2 -- this is a year-old mid-cycle upgrade chip. The phone has 8GB of RAM, 256GB of storage, and a 3800 mAh battery with 30 W quick charging. The leaked display specs have been all over the place, but officially, the interior display is a 6.9-inch, 2640x1080 OLED that runs at a smoking 165 Hz. The exterior display is super big on the Ultra model and is a 3.6-inch, 144 Hz OLED at a nearly square 1066x1056. Motorola has the phone's dust and water ingress protection rated at IP52, which typically only protects from "direct sprays of water up to 15 degrees from the vertical" and is far from qualifying the Razr as a water-resistant phone.

The design has been better. The original foldable Moto Razr reboot from 2020 had beautiful throwback looks that screamed "Moto Razr." It looked just like the old-school flip phone from the early 2000s but modernized. This fourth foldable generation tones things down a lot and is more of a generic rectangle. You could easily confuse it for Samsung's Galaxy Z Flip. This fourth generation seems more mature, though. Motorola will now let you run any app you want on the ultra's giant front screen, complete with the option of a super tiny Android navigation bar tucked away in the bottom left corner, to the left of the two front cameras. You can peruse the app drawer, use Google Pay, or play media on the front display. You can even type on the keyboard: Google GBoard has a special full-screen mode that will show a single line of input text.

Those front cameras give this font display one of the strangest display shapes on the market. With two big dead spots in the bottom right corner, the workable display area is kind of an upside-down L shape. By default, apps will stay out of the non-rectangular part of the screen, but it's possible to enable a "full screen" mode for the front apps. This will force apps to use the lower part of the display, and you just have to hope that they will somehow deal with that. Android has APIs to identify dead areas of the display for apps to work around, but usually, that's for a top camera notch. Not many apps are built for this, but you're apparently welcome to try to make them work with the feature. [...] If you're interested in the Razr+, preorders start June 16.

Arm unveiled its upcoming flagship CPUs for 2024, including the Arm Cortex X4, Cortex A720, and Cortex A520. These chips, built on the Armv9.2 architecture, promise higher performance and improved power efficiency. Arm also introduced a new 'QARMA3 algorithm' for memory security and showcased a potential 14-core mega-chip design for high-performance laptops. Ars Technica reports: Arm claims the big Cortex X3 chip will have 15 percent higher performance than this year's X3 chip, and "40 percent better power efficiency." The company also promises a 20 percent efficiency boost for the A700 series and a 22 percent efficiency boost for the A500. The new chips are all built on the new 'Armv9.2' architecture, which adds a "new QARMA3 algorithm" for Arm's Pointer Authentication memory security feature. Pointer authentication assigns a cryptographic signature to memory pointers and is meant to shut down memory corruption vulnerabilities like buffer overflows by making it harder for unauthenticated programs to create valid memory pointers. This feature has been around for a while, but Arm's new algorithm reduces the CPU overhead of all this extra memory work to just 1 percent of the chip's power, which hopefully will get more manufacturers to enable it.

Arm's SoC recommendations are usually a "1+3+4" design. That's one big X chip, three medium A700 chips, and four A500 chips. This year the company is floating a new layout, though, swapping out two small chips for two medium chips, which would put you at a "1+5+2" configuration. Arm's benchmarks -- which were run on Android 13 -- claim this will get you 27 percent more performance. That's assuming anything can cool and power that for a reasonable amount of time. Arm's blog post also mentions a 1+4+4 chip -- nine cores -- for a flagship smartphone. [...]

Every year with these Arm flagship chip announcements, the company also includes a wild design for a giant mega-chip that usually never gets built. Last year the company's blueprint monster was a design with eight Cortex X3 chips and four A715 cores, which the company claimed would rival an Intel Core i7. The biggest X3-based chip on the market is the Qualcomm Snapdragon 8cx Gen 3, which landed in a few Windows laptops. That was only a four X3/four A715 chip, though. This year's mega chip is a 14-core monster with 10 Cortex X4 chips and four A720 chips, which Arm says is meant for "high-performance laptops." Arm calls the design the company's "most powerful cluster ever built," but will it ever actually be built? Will it ever be more than words on a page?

Researchers from Cisco's Talos security team have uncovered detailed information about Predator, a sophisticated spyware sold to governments worldwide, which can secretly record voice calls, collect data from apps like Signal and WhatsApp, and hide or disable apps on mobile devices. Ars Technica reports: An analysis Talos published on Thursday provides the most detailed look yet at Predator, a piece of advanced spyware that can be used against Android and iOS mobile devices. Predator is developed by Cytrox, a company that Citizen Lab has said is part of an alliance called Intellexa, "a marketing label for a range of mercenary surveillance vendors that emerged in 2019." Other companies belonging to the consortium include Nexa Technologies (formerly Amesys), WiSpear/Passitora Ltd., and Senpai. Last year, researchers with Google's Threat Analysis Group, which tracks cyberattacks carried out or funded by nation-states, reported that Predator had bundled five separate zero-day exploits in a single package and sold it to various government-backed actors. These buyers went on to use the package in three distinct campaigns. The researchers said Predator worked closely with a component known as Alien, which "lives inside multiple privileged processes and receives commands from Predator." The commands included recording audio, adding digital certificates, and hiding apps. [...]

According to Talos, the backbone of the malware consists of Predator and Alien. Contrary to previous understandings, Alien is more than a mere loader of Predator. Rather, it actively implements the low-level capabilities that Predator needs to surveil its victims. "New analysis from Talos uncovered the inner workings of PREDATOR and the mechanisms it uses to communicate with the other spyware component deployed along with it known as 'ALIEN,'" Thursday's post stated. "Both components work together to bypass traditional security features on the Android operating system. Our findings reveal the extent of the interweaving of capabilities between PREDATOR and ALIEN, providing proof that ALIEN is much more than just a loader for PREDATOR as previously thought to be." In the sample Talos analyzed, Alien took hold of targeted devices by exploiting five vulnerabilities -- CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003, CVE-2021-1048 -- the first four of which affected Google Chrome, and the last Linux and Android. [...] The deep dive will likely help engineers build better defenses to detect the Predator spyware and prevent it from working as designed. Talos researchers were unable to obtain Predator versions developed for iOS devices.

Amazon.com will close its official app store in China in July, the latest retreat from the Chinese market by the US tech giant following last year's announcement that its Kindle e-book service would also shut. From a report: An Amazon representative said the Amazon Appstore, launched in 2011 as an alternative to Google for Android phone users to install apps and games, will be "discontinued." However, its official shopping site Amazon.cn will remain operational, as will other services such as Amazon Global Selling, Amazon Global Store and cloud unit Amazon Web Services (AWS). The app store service will shut down on July 17, according to Chinese media The Paper, citing a Tuesday email from Amazon Appstore sent to users, which did not elaborate on the reasons for quitting the market. The Amazon Appstore could not be downloaded from its official Chinese site as of Tuesday.

An anonymous reader quotes a report from Ars Technica: Amid a plethora of game trailers, Sony dedicated a single minute of its more-than-an-hour-long PlayStation Showcase livestream on Wednesday to reveal two new hardware products. The most buzzworthy of these is surely Project Q -- that's the internal name, as the final name is still pending. Whatever it is called in the future, Project Q confirms a long-standing rumor: It's a new PlayStation handheld.

The device will be focused on streaming; Sony says it will allow users to stream any non-VR game from a local PlayStation 5 console using Remote Play over Wi-Fi. In fact, it won't be able to play games on its own; it's all about the streaming functionality. As for Project Q's specs, it has an 8-inch HD screen and "all the buttons and features of the DualSense wireless controller." Release dates and pricing for these haven't been announced [...]. Ars notes that Sony has been offering Remote Play for a while on other devices. "You can sync a DualSense controller with your macOS, Windows, iOS, or Android device and stream your games over Wi-Fi or the Internet, though the latter is laden with latency challenges."

In addition to Project Q, Sony also announced plans to launch Bluetooth earbuds that can simultaneously connect to a PlayStation console, mobile device, and PCs, similar to AirPods.

An anonymous reader quotes a report from Ars Technica: An app that had more than 50,000 downloads from Google Play surreptitiously recorded nearby audio every 15 minutes and sent it to the app developer, a researcher from security firm ESET said. The app, titled iRecorder Screen Recorder, started life on Google Play in September 2021 as a benign app that allowed users to record the screens of their Android devices, ESET researcher Lukas Stefanko said in a post published on Tuesday. Eleven months later, the legitimate app was updated to add entirely new functionality. It included the ability to remotely turn on the device mic and record sound, connect to an attacker-controlled server, and upload the audio and other sensitive files that were stored on the device.

The secret espionage functions were implemented using code from AhMyth, an open source RAT (remote access Trojan) that has been incorporated into several other Android apps in recent years. Once the RAT was added to iRecorder, all users of the previously benign app received updates that allowed their phones to record nearby audio and send it to a developer-designated server through an encrypted channel. As time went on, code taken from AhMyth was heavily modified, an indication that the developer became more adept with the open source RAT. ESET named the newly modified RAT in iRecorder AhRat.

Stefanko installed the app repeatedly on devices in his lab, and each time, the result was the same: The app received an instruction to record one minute of audio and send it to the attacker's command-and-control server, also known colloquially in security circles as a C&C or C2. Going forward, the app would receive the same instruction every 15 minutes indefinitely. [...] Stefanko said it's possible that iRecord is part of an active espionage campaign, but so far, he has been unable to determine if that's the case. "Unfortunately, we don't have any evidence that the app was pushed to a particular group of people, and from the app description and further research (possible app distribution vector), it isn't clear if a specific group of people was targeted or not," he wrote. "It seems very unusual, but we don't have evidence to say otherwise."

schwit1 shares a report from TechXplore: Chinese researchers say they successfully bypassed fingerprint authentication safeguards on smartphones by staging a brute force attack. Researchers at Zhejiang University and Tencent Labs capitalized on vulnerabilities of modern smartphone fingerprint scanners to stage their break-in operation, which they named BrutePrint. Their findings are published on the arXiv preprint server.

A flaw in the Match-After-Lock feature, which is supposed to bar authentication activity once a device is in lockout mode, was overridden to allow a researcher to continue submitting an unlimited number of fingerprint samples. Inadequate protection of biometric data stored on the Serial Peripheral Interface of fingerprint sensors enables attackers to steal fingerprint images. Samples also can be easily obtained from academic datasets or from biometric data leaks.

And a feature designed to limit the number of unsuccessful fingerprint matching attempts -- Cancel-After-Match-Fail (CAMF) -- has a flaw that allowed researchers to inject a checksum error disabling CAMF protection. In addition, BrutePrint altered illicitly obtained fingerprint images to appear as though they were scanned by the targeted device. This step improved the chances that images would be deemed valid by fingerprint scanners. To launch a successful break-in, an attacker requires physical access to a targeted phone for several hours, a printed circuit board easily obtainable for $15, and access to fingerprint images.

Sundar Pichai, CEO of Google and Alphabet, writing at Financial Times: While some have tried to reduce this moment to just a competitive AI race, we see it as so much more than that. At Google, we've been bringing AI into our products and services for over a decade and making them available to our users. We care deeply about this. Yet, what matters even more is the race to build AI responsibly and make sure that as a society we get it right. We're approaching this in three ways. First, by boldly pursuing innovations to make AI more helpful to everyone. We're continuing to use AI to significantly improve our products -- from Google Search and Gmail to Android and Maps. These advances mean that drivers across Europe can now find more fuel-efficient routes; tens of thousands of Ukrainian refugees are helped to communicate in their new homes; flood forecasting tools are able to predict floods further in advance. Google DeepMind's work on AlphaFold, in collaboration with the European Molecular Biology Laboratory, resulted in a groundbreaking understanding of over 200mn catalogued proteins known to science, opening up new healthcare possibilities.

Our focus is also on enabling others outside of our company to innovate with AI, whether through our cloud offerings and APIs, or with new initiatives like the Google for Startups Growth program, which supports European entrepreneurs using AI to benefit people's health and wellbeing. We're launching a social innovation fund on AI to help social enterprises solve some of Europe's most pressing challenges. Second, we are making sure we develop and deploy the technology responsibly, reflecting our deep commitment to earning the trust of our users. That's why we published AI principles in 2018, rooted in a belief that AI should be developed to benefit society while avoiding harmful applications. We have many examples of putting those principles into practice, such as building in guardrails to limit misuse of our Universal Translator. This experimental AI video dubbing service helps experts translate a speaker's voice and match their lip movements. It holds enormous potential for increasing learning comprehension but we know the risks it could pose in the hands of bad actors and so have made it accessible to authorised partners only. As AI evolves, so does our approach: this month we announced we'll provide ways to identify when we've used it to generate content in our services.

A class-action lawsuit has been filed against DoorDash, alleging that the company uses deceptive and fraudulent practices to charge higher delivery fees to iPhone users compared to Android users. Ars Technica reports: The lawsuit (PDF), filed May 5 in the District of Maryland, came in hot. Plaintiff Ross Hecox, in addition to his two children and a presumptive class of similarly situated customers, briefly defines DoorDash as an online marketplace with 32 million users and billions of dollars in annual revenue. "Yet, DoorDash generates its revenues not only through heavy-handed tactics that take advantage of struggling merchants and a significant immigrant driver workforce, but also through deceptive, misleading, and fraudulent practices that illegally deprive consumers of millions, if not billions, of dollars annually," the suit adds. "This lawsuit details DoorDash's illegal pricing scheme and seeks to hold DoorDash accountable for its massive fraud on consumers, including one of the most vulnerable segments of society, minor children."

Specifically, the suit claims that DoorDash misleads and defrauds customers by

- Making its "Delivery Fee" seem related to distance or demand, even though none of it goes to the delivery person.
- Offering an "Express" option that implies faster delivery, but then changing the wording to "Priority" in billing so it is not held to delivery times.
- Charging an "Expanded Range Delivery" fee that seems based on distance but is really based on a restaurant's subscription level and demand.
- Adding an undisclosed 99 cent "marketing fee," paid by the customer rather than the restaurant, to promote menu items that customers add to their carts.
- Obscuring minimum order amounts attached to its "zero-fee" DashPass memberships and coupon offers.
- Generally manipulating DashPass subscriptions to appear like substantial savings, when the company is "engineering" fees to seem reduced.

One of the more interesting and provocative claims is that DoorDash's fees, based in part on "other factors," continually charge iPhone users of its app more than Android users placing the same orders. The plaintiffs and their law firm conducted a few tests of DoorDash's system, using different accounts to order the same food, from the same restaurant, at almost the same exact time, delivered to the same address, with the same account type, delivery speed, and tip. [...] The plaintiffs are asking for $1 billion in damages for those who "fell prey to DoorDash's illegal pricing" over the past four years. The suit also includes allegations that DoorDash improperly allows children to enter into contract with the company without proper vetting. "The claims put forward in the amended complaint are baseless and simply without merit," said a DoorDash spokesperson in a statement. "We ensure fees are disclosed throughout the customer experience, including on each restaurant storepage and before checkout. Building this trust is essential, and it's why the majority of delivery orders on our platform are placed by return customers. We will continue to strive to make our platform work even better for customers, and will vigorously fight these allegations."

"Google Chrome will now check for typos in your URLs and display suggested websites based on what it thinks you meant," reports the Verge.

From Google's announcement: When you type a website into the Chrome address bar, it will now detect URL typos and suggest websites based on the corrections. This increases accessibility for people with dyslexia, language learners, and anyone who makes typos by making it easier to get to previously visited websites despite spelling errors. This feature is now available on Chrome desktop and will roll out to mobile in the coming months.
It was one of several new and recently launched features Google touted as part of Thursday's Global Accessibility Awareness Day.

Google also announced its Lookout app (which provides audio cues for low-vision users) can now provide descriptions of images on web pages "powered by an advanced visual language model developed by Google DeepMind." And Chrome on Android recently updated its TalkBack screen reader so tab switching now also offers a tab grid with additional features like tab groups, bulk tab actions and reordering.

"Multiple lines of Android devices came with preinstalled malware," reports Ars Technica, "that couldn't be removed without users taking heroic measures."

Their article cites two reports released Thursday — one from Trend Micro and one from TechCrunch: Trend Micro researchers following up on a presentation delivered at the Black Hat security conference in Singapore reported that as many as 8.9 million phones comprising as many as 50 different brands were infected with malware... ["It's highly likely that more devices have been preinfected," the report clarified, "but have not exchanged communication with the Command & Control server, have not been used or activated by the threat actor, or have yet to be distributed to the targeted country or market... The threat actor has spread this malware over the last five years. "]

"Guerrilla" opens a backdoor that causes infected devices to regularly communicate with a remote command-and-control server to check if there are any new malicious updates for them to install. These malicious updates collect data about the users that the threat actor, which Trend Micro calls the Lemon Group, can sell to advertisers. Guerrilla then surreptitiously installs aggressive ad platforms that can deplete battery reserves and degrade the user experience... Guerrilla is a massive platform with nearly a dozen plugins that can hijack users' WhatsApp sessions to send unwanted messages, establish a reverse proxy from an infected phone to use the network resources of the affected mobile device, and inject ads into legitimate apps...

TechCrunch detailed several lines of Android-based TV boxes sold through Amazon that are laced with malware. The TV boxes, reported to be T95 models with an h616, report to a command-and-control server that, just like the Guerrilla servers, can install any application the malware creators want. The default malware preinstalled on the boxes is known as a clickbot. It generates advertising revenue by surreptitiously tapping on ads in the background...

Android devices that come with malware straight out of the factory box are, unfortunately, nothing new. Ars has reported on such incidents at least five times in recent years (here, here, here, here, and here). All the affected models were in the budget tier.

People in the market for an Android phone should steer toward known brands like Samsung, Asus, or OnePlus, which generally have much more reliable quality assurance controls on their inventory. To date, there have never been reports of higher-end Android devices coming with malware preinstalled. There are similarly no such reports for iPhones.

SFGate reports: A proposed class-action lawsuit levels broad allegations that DoorDash, the San Francisco-headquartered food delivery giant, is engaging in fraudulent behavior — in part by charging iPhone users more than Android havers.

The complaint, a hefty 134-page airing of grievances about the fees and upsells faced while ordering on the app, filed by Maryland resident Ross Hecox and his children, contends that DoorDash conducts "price discrimination" by allegedly charging iPhone users an "expanded range fee" more often than their Android counterparts.

According to the suit, posted by Gizmodo, the fee — a markup to any deliveries outside of the user's immediate radius set by DoorDash — is arbitrarily applied without actually taking into account users' locations. At least seven tests with separate iPhone and Android devices were conducted by the plaintiffs to prove this point in the suit.

In one set of tests, an Android phone and an iPhone were used to place the same order — a breakfast sandwich with avocado and egg whites and a chocolate chip bagel from a nearby Panera Bread — to the same address simultaneously. In the first order, according to the suit, the iPhone was at the delivery location and the Android was 15 miles away; the iPhone user received the expanded range fee. In the second, the phones' locations were reversed, with the iPhone being used 15 miles away from the delivery site; the iPhone user, the suit alleges, was still charged the fee. In a third test involving Panera, the phones were both at the delivery location — the iPhone not only allegedly received the expanded range fee but was charged an additional dollar in delivery fees. Other tests allege that delivery fees on iPhone orders are "greatly" inflated.
DoorDash called the complaints "baseless and simply without merit," in a statement to Gizmodo.

An anonymous reader quotes a report from ZDNet: Bluesky Social, the popular new beta social network, is taking a big open-source step forward. On May 15th, 2023, it open-sourced the codebase for its Bluesky Social app on GitHub. This fits well with its plans. From the start, its owner, BlueSky Public Benefit LLC, a public benefit corporation, was building an "open and decentralized" social network.

Unlike Twitter, which is still tripping over its own open source feet, Bluesky client code is for anyone who wants to work on improving the code or use it as the basis for their own social network. Twitter's recommendation code, on the other hand, is essentially unusable. The Bluesky code, licensed under the MIT License, can be used now. Indeed, while it's been out for only about 24 hours, it's already been forked 88 times and has earned over 1,300 GitHub Stars.

While it's specifically the Bluesky Social app's codebase, it's also a resource for AT Protocol programmers. This protocol supports a decentralized social network. Its features include connecting with anyone on a server that supports AT Protocol; controlling how users see the world via an open algorithm market; and enabling users to change hosts without losing their content, followers, or identity. The code itself is written in React Native. This is an open-source, user-interface JavaScript software framework. It's used primarily to build applications that run on both iOS and Android devices.

An official ChatGPT app is now available for iOS, with an Android version coming "soon." It can be downloaded from the App Store here. The Verge reports: The app is free to use, syncs chat history with the web, and features voice input, supported by OpenAI's open-source speech recognition model Whisper. The app works on both iPhones and iPads and can be downloaded from the App Store. OpenAI says it's rolling out the app in the US first and will expand to other countries "in the coming weeks."

OpenAI didn't previously hint that a mobile app was coming, but it makes sense given the incredible popularity of ChatGPT. The AI chatbot launched last November but rocketed in use. Some outside estimates suggest the app attracted 100 million users by January this year, though OpenAI has never confirmed these figures.

Google mistakenly released a test version of its Personal Safety app that includes a new feature called "Dashcam" on select Android devices. As the name suggests, it allows users to record video and audio while driving in the event of an accident or unexpected situation, with automatic recording triggered when connecting to a specific Bluetooth device and videos automatically deleted after three days unless saved. 9to5Google reports: Once available, the feature can be launched through a new "Dashcam" shortcut in the "Be prepared" section of the home page. Here, you can begin recording manually or view your recent videos. While Dashcam is recording, your phone is still fully usable, including for navigating with Google Maps. Alternatively, you can save power by locking your screen, and the recording will continue. More importantly, Google has built this feature to work without you needing to think much about it. When setting up, you can choose to have recordings begin automatically when you connect to a particular Bluetooth device (e.g., your car stereo or infotainment system) and end when you disconnect.

To conserve storage space, your recordings are automatically deleted after three days unless you save them. Additionally, the app says that the videos themselves are compressed, averaging "30 MB per minute," with a maximum recording length of 24 hours. Overall, this feature seems to be impressively well thought out and looks essentially ready to launch. Using a smartphone as a dashcam also makes quite a bit of sense, as your phone probably has a better camera than some cheaper dashcams would offer. It's unclear if this feature will be available on other phones with Google's Personal Safety or exclusive to Pixel phones.

One cellphone owner reports their Pixel 6 Pro "has recently been overheating and excessively draining its battery," reports Endgadget.

"They suspect the culprit is the Google app and an update that began rolling out on May 12th..." And they're not the only ones, judging by comments left in the Reddit and Google support forums. "It just started yesterday. Massive battery usage from Google app and to a lesser degree Android System Intelligence...." one Reddit user wrote. Beyond the battery not lasting the phone is getting really warm so I know it's harming the battery and potentially the CPU."

Those who have tried contacting Google report the company's support staff haven't been very helpful. Some users say rolling back to an older version of the Google app hasn't fixed the problem for them. "Actually ended up with an even older version from May 10, still draining the battery," writes one Redditor. The reader who contacted us suspects the problem may be server-side. "Google app keeps wrecking the battery regardless of version, and I've rolled all the way back to May 1st," they write. "I don't know how to see if the app is trying to call home or on a loop with something like that, but the symptoms remain the same."

Google did not immediately respond to Engadget's comment request.