Last week, Kevin Purdy of iFixit published a blog post telling the story of "how Samsung announced a 'revolutionary' upcycling program in 2017, delayed it for years, and eventually gutted it before shipping a pale imitation of the original idea," reports Ars Technica. "iFixit was actually involved in the initial 2017 announcement, and the repair outfit says that after endorsing the original idea with its brand and stamp of approval, Samsung never delivered on its promises." From the report: Despite the 2017 announcement of an upcycling program, the code didn't ship until April 2021, when Samsung finally launched a beta version of "Galaxy Upcycling at Home." This program lets users turn end-of-life Samsung phones into smart home sensors that could be paired with Samsung's SmartThings ecosystem. iFixit was initially given an inside look at the project back in 2017, liking it so much that it endorsed the project and lent its name to the marketing materials. To hear iFixit tell the story, bootloader unlocking was actually the original plan. Samsung was going to let users replace the shipping Android OS with whatever they wanted, like builds of LineageOS or some other custom OS. Samsung was also going to launch an open source marketplace where users could submit ideas and software for repurposing old Galaxy devices. iFixit called the original plan "novel" and "revolutionary."

"We were so excited," iFixit writes, "that when Samsung asked us to help launch the product in the fall of 2017, we jumped at the chance. You'll see iFixit's name and logo all over Samsung's original Galaxy Upcycling materials." iFixit went to Samsung HQ in South Korea to see prototypes of the project, and after testing working software, iFixit CEO Kyle Wiens actually helped announce the project on stage at Samsung's developer conference in 2017. Despite all the pomp and circumstance, iFixit says, "The actual software was never posted. The Samsung team eventually stopped returning our emails. Friends inside the company told us that leadership wasn't excited about a project that didn't have a clear product tie-in or revenue plan."

iFixit calls the version of the program that launched in April "nearly unrecognizable" to what it originally endorsed. What used to be an ambitious plan now barely makes any sense financially. iFixit rightfully points out that if you really want something as simple as a light sensor or sound monitor, at this point you're better off selling the phone and buying a purpose-built sensor. Samsung's on-rails functionality is so simple that it can be replicated by a $30 sensor, and you're sure to get more than that from a working device on the secondary market, especially due to another limitation of the program: it only extends back to the 3-year-old Galaxy S9.

Microsoft is updating its Xbox Cloud Gaming (xCloud) app for Android, and it includes dual-screen support for the Surface Duo. The Verge reports: The app update allows Surface Duo owners to use a virtual gamepad on one screen of their device and games on the other. It makes the Surface Duo look more like a Nintendo 3DS than a mobile phone, with touch controls for a variety of games. Microsoft has been steadily adding Xbox Touch Controls to more than 50 games in recent months, including titles like Sea of Thieves, Gears 5, and Minecraft Dungeons. The full list of touch-compatible games is available here, and you can of course just use a regular Bluetooth or Xbox controller to stream games to the Surface Duo.

The benefits of a dual-screen device for this type of mobile experience are obvious. You no longer have touch controls over the top of the game, and your thumbs don't get in the way of seeing important action on-screen. If dual-screen or foldable devices ever catch on, this is a far superior way to play Xbox games without a dedicated controller.

Almost half a decade after the first reports were published, mobile app developers are still exposing their users' personal information through abhorrently simple misconfigurations. From a report: In a report published last week, security firm Check Point said it found 23 Android applications that exposed the personal data of more than 100 million users through a variety of misconfigurations of third-party cloud services. This included developers who forgot to password-protect their backend databases and developers who left access tokens/keys inside their mobile application's source code for services such as cloud storage or push notifications. The Check Point team said it was able to use the information they found through a routine examination of 23 random applications and access the backend databases of 13 apps. In the exposed databases, researchers said they found information such as email addresses, passwords, private chats, location coordinates, user identifiers, screen recordings, social media credentials, and personal images.

Quoting the Google Developers blog: Developers around the world are constantly creating open source tools and tutorials but have a hard time getting them discovered. The content published often spanned many different sites - from GitHub to Medium. Therefore we decided to create a space where we can highlight the best projects related to Google technologies in one place - introducing the Developer Library.

The platform showcases blog posts and open source tools with easy-to-use navigation. Content is categorized by product areas; Machine Learning, Flutter, Firebase, Angular, Cloud, Android, with more to come.

What makes the Developer Library unique is that each piece featured on the site is reviewed, in detail, by a team of Google experts for accuracy and relevancy, so you know when you view the content on the site it has the stamp of approval from Google.
The "Dev Library" web site describes itself as "a showcase of what developers like you have built with Google technologies."

Do gamers need a dedicated browser? Opera sure thinks so. Two years after launching Opera GX, a browser aimed at gamers, on desktop, the company has started to beta test Opera GX on iOS and Android. From a report: So what sets it apart from regular browsers? For starters, Opera GX features a control panel that lets you set limits on CPU, RAM and network bandwidth. Mobile users can also utilize the fast action button to quickly access functions like search and to open and close tabs. Exporting elements from the world of gaming, the button also uses vibrations and haptic feedback. You can also sync the mobile browser with the desktop version by scanning a QR code. Doing this will allow you to transfer across files of up to 10MB, links, YouTube videos, photos and various ephemera. The company says it expects Opera GX for iOS and Android to leave beta in a few weeks.

Linux on Chromebooks is finally coming out of beta with the release of Chrome OS 91, Google said at its developer I/O conference. From a report: The company had offered Linux apps on Chrome OS alongside Android apps, hoping to reach an audience of developers with IDEs and so on. However, the Linux Development Environment, as Google had dubbed it, had been in beta ever since while first launched. The company had added new features at a steady cadence, enabling things like GPU acceleration, better support for USB drives, and so on so people could be more productive while using Linux apps. Alongside Linux, Google also announced that it would be bringing Android 11 to Chromebooks. Technically, the update has already started with Chrome OS 90 for select Chromebooks, and it'll come with a host of new features including increased optimization of Android apps and a new dark theme. Google's increased support of Android is no coincidence. The company says that the operating system sees 3x increased usage of Android apps, and the new Android 11 update will see Android move to a virtual machine rather than the current container based method, making it easier to update in the future.

Craig Federighi is currently testifying during the Apple vs. Epic lawsuit. While facing questioning from Apple's lawyers, Federighi made some interesting comments about security, particularly noting that the Mac currently has a level of malware that Apple "does not find acceptable." 9to5Mac reports: One of Federighi's goals is to paint the iPhone ecosystem, including the App Store and lack of side-loading support, as a secure and trusted environment for users. To do this, it appears that part of Federighi's strategy is to throw the Mac under the bus. Judge Yvonne Gonzalez Rogers, who is presiding over the Epic vs. Apple case, asked Federighi about why the Mac can have multiple app stores, but not the iPhone. "It is regularly exploited on the Mac," Federighi explained. "iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today." "Today, we have a level of malware on the Mac that we don't find acceptable," Federighi added.

The Apple executive also pointed to Android as another example of a platform with multiple app stores that suffers from security problems. "It's well understood in the security community that Android has a malware problem," he explained. "iOS has succeeded so far in staying ahead of the malware problem." Federighi added that Apple is essentially playing "an endless game of whack-a-mole" with malware on the Mac and has to block "many instances" of infections that can affect "hundreds of thousands of people" every week. Since last May, Federighi testified there have been 130 types of Mac malware, and one of them infected 300,000 systems. When asked whether side-loading would affect security on iOS, Federighi said things would change "dramatically. No human policy review could be enforced because if software could be signed by people and downloaded directly, you could put an unsafe app up and no one would check that policy," he said.

Chrome, at least in its experimental Canary version on Android (and only for users in the U.S.), is getting an interesting update in the coming weeks that brings back RSS, the once-popular format for getting updates from all the sites you love in Google Reader and similar services. From a report: In Chrome, users will soon see a 'Follow' feature for sites that support RSS and the browser's New Tab page will get what is essentially a (very) basic RSS reader -- I guess you could almost call it a "Google Reader." Now we're not talking about a full-blown RSS reader here. The New Tab page will show you updates from the sites you follow in chronological order, but it doesn't look like you can easily switch between feeds, for example. It's a start, though.

"Today, people have many ways to keep up with their favorite websites, including subscribing to mailing lists, notifications and RSS. It's a lot for any one person to manage, so we're exploring how to simplify the experience of getting the latest and greatest from your favorite sites directly in Chrome, building on the open RSS web standard," Janice Wong, Product Manager, Google Chrome, writes in today's update. "Our vision is to help people build a direct connection with their favorite publishers and creators on the web." A Google spokesperson told me that the way the company has implemented this is to have Google crawl RSS feeds "more frequently to ensure Chrome will be able to deliver the latest and greatest content to users in the Following section on the New Tab page."

A top Apple executive tasked with defending the App Store in a monopoly lawsuit by Epic Games found himself having to answer Tuesday for a spate of other alleged antitrust fouls by the world's most valuable company. From a report: During Phil Schiller's cross-examination in a trial in Oakland, California, Apple's former global marketing chief was confronted about several instances in which the company has locked in users and made it difficult for them to switch away from its devices. Katherine Forrest, a lawyer for Epic, pointed out that Schiller emailed his colleagues a 2016 news article titled "iMessage is the glue that keeps me stuck to the iPhone," which explained that Apple's messaging platform is a reason people don't switch to Android devices.

She also quizzed Schiller on the idea that users can't easily move music and video purchased on Apple services to Google's Android. She went further, indicating that Apple's iCloud Keychain service for storing passwords on Apple devices can't synchronize with Android devices. Her point: Apple doesn't just lock in developers with its App Store rules, it also locks in consumers, limiting their ability to switch to competitors. In response, Schiller said many users subscribe to video and music streaming services and can input their passwords into a new device manually. He also suggested that users could use third-party password managers.

The same technology that powers Google Duplex to call businesses and make appointments for you is being used to help you automatically change your password to a website that's been compromised in a security breach. TechCrunch reports: This new feature will start to roll out slowly to Chrome users on Android in the U.S. soon (with other countries following later), assuming they use Chrome's password-syncing feature. It's worth noting that this won't work for every site just yet. As a Google spokesperson told us, "the feature will initially work on a small number of apps and websites, including Twitter, but will expand to additional sites in the future."

Today, Google and Samsung announced that they are merging Wear OS and Tizen in an effort to better compete against Apple's watchOS. "The resulting platform is currently being referred to simply as 'Wear,' though that might not be the final name," notes The Verge. From the report: Benefits of the joint effort include significant improvements to battery life, 30 percent faster loading times for apps, and smoother animations. It also simplifies life for developers and will create one central smartwatch OS for the Android platform. Google is also promising a greater selection of apps and watch faces than ever before. "All device makers will be able to add a customized user experience on top of the platform, and developers will be able to use the Android tools they already know and love to build for one platform and ecosystem," Google's Bjorn Kilburn wrote in a blog post.

Wired has more details on what's to come, including the tidbit that Samsung will stick with its popular rotating bezel on future devices -- but it's finished making Tizen-only smartwatches. There will also be a version of Google Maps that works standalone (meaning without your phone nearby) and a YouTube Music app that supports offline downloads. Oh, and Spotify will support offline downloads on Wear smartwatches, as well. Samsung confirmed that its next Galaxy Watch will run on this unified platform. And future "premium" Fitbit devices will also run the software.

At Google I/O 2021 today, Google confirmed that Android 12 is getting a huge new design. Ars Technica reports: Google calls the new design "Material You," and just like in the leaks, it's a UI that changes colors like a chameleon. For now, this design will only show up in Google Pixels, but Google says it will roll out across the ecosystem to the web, Chrome OS, smart displays, cars, watches, tablets, and every other Google form factor. The new interface is powered by a "color extraction" API that can pull the colors out of your wallpaper and apply them to the UI. This sounds exactly like the Palette API that was introduced in Android 5.0 (along with the original introduction of Material Design), but it's apparently a second swing at the color extraction idea, and Google is heavily using it in the UI now. The demo interfaces featured customized highlight colors, clock faces, widget backgrounds, and more, all matching the color of your wallpaper. Besides new colors, there are also tons of layout changes to the quick settings and notification panel. The first public beta of Android is now available. Google Pixel smartphones as far back as the Pixel 3 are eligible, as well as several devices from device-maker partners, including ASUS and OnePlus.

There are over 3 billion active Android devices in the wild now. Sameer Samat, VP of product management at Google, announced the news at Google I/O 2021 today. From a report: Google added over 500 million active Android devices since its last developer's conference in 2019 and 1 billion devices since 2017. (That was when it hit the 2 billion mark.) The number is taken from the Google Play Store, which doesn't take into account devices based on Android but that use alternative stores, including Amazon Fire devices and the myriad of Chinese Android-based devices that avoid using Google's apps altogether. That means the number of active Android devices is likely much higher than what Samat announced on the live stream.

Google announced a new feature for its Chrome browser today that alerts you when one of your passwords has been compromised and then helps you automatically change your password with the help of... wait for it ... Google's Duplex technology. From a report: This new feature will start to roll out slowly to Chrome users on Android in the U.S. soon (with other countries following later), assuming they use Chrome's password-syncing feature. It's worth noting that this won't work for every site just yet. As a Google spokesperson told us, "the feature will initially work on a small number of apps and websites, including Twitter, but will expand to additional sites in the future."

Now you may remember Duplex as the somewhat controversial service that can call businesses for you to make hairdresser appointments or check opening times. Google introduced Duplex at its 2018 I/O developer conference and launched it to a wider audience in 2019. Since then, the team has chipped away at bringing Duplex to more tasks and brought it the web, too. Now it's coming to Chrome to change your compromised passwords for you.

Parler, a social media app popular with U.S. conservatives, returned to Apple's App Store on Monday, after the iPhone maker dropped it following the deadly Jan. 6 riot at the U.S. Capitol. From a report: Parler also named George Farmer, the company's chief operating officer since March, as its new chief executive and said interim CEO Mark Meckler would be leaving. Apple said last month it would readmit Parler into its iOS App Store, after Parler proposed updates to its app and content moderation policies. read more "The entire Parler team has worked hard to address Apple's concerns without compromising our core mission," said Meckler in an emailed statement.

"Anything allowed on the Parler network but not in the iOS app will remain accessible through our web-based and Android versions. This is a win-win for Parler, its users, and free speech." The Washington Post said Parler's Chief Policy Officer Amy Peikoff likened the iOS version of the app to a "Parler Lite or Parler PG." Parler is still pushing Apple to allow users to see hate speech behind a warning label, the newspaper reported. Several tech companies cut ties with Parler after the Capitol riot, accusing the app backed by prominent Republican Party donor Rebekah Mercer of failing to police violent content on its service.

Microsoft is launching the personal version of Microsoft Teams today. After previewing the service nearly a year ago, Microsoft Teams is now available for free personal use amongst friends and families. From a report: The service itself is almost identical to the Microsoft Teams that businesses use, and it will allow people to chat, video call, and share calendars, locations, and files easily. Microsoft is also continuing to offer everyone free 24-hour video calls that it introduced in the preview version in November. You'll be able to meet up with up to 300 people in video calls that can last for 24 hours. Microsoft will eventually enforce limits of 60 minutes for group calls of up to 100 people after the pandemic, but keep 24 hours for 1:1 calls. While the preview initially launched on iOS and Android, Microsoft Teams for personal use now works across the web, mobile, and desktop apps. Microsoft is also allowing Teams personal users to enable its Together mode -- a feature that uses AI to segment your face and shoulders and place you together with other people in a virtual space. Skype got this same feature back in December.

A tech columnist for Inc. noticed that on June 8th Amazon will finally power up its massive "Sidewalk" mesh network (which uses Bluetooth and 900MHz radio signals to communicate between devices). And millions and millions of Amazon customers are all already "opted in" by default: The idea behind it is actually really smart — make it possible for smart home devices to serve as a sort of bridge between your WiFi connection and one another. That way, if your Ring doorbell, for example, isn't located close to your WiFi router, but it happens to be near an Echo Dot, it can use Sidewalk to stay connected.

The same is true if your internet connection is down. Your smart devices can connect to other smart devices, even if they aren't in your home. The big news on this front is that Tile is joining the Sidewalk network on June 14. That means that if you lose a Tile tracker, it can connect to any of the millions of Echo or Ring devices in your neighborhood and send its location back to you.

That's definitely a nice benefit, but it's also where things get a little murky from a privacy standpoint. That's because other people's devices, like your neighbor's, can also connect to your network. Amazon is pretty clear that Sidewalk uses three layers of encryption so that no data is shared between say, someone's Tile tracker and your network. The signal from the Tile is encrypted all the way back to the Tile app on your iPhone or Android smartphone... [But] whether or not you want your device connecting to other devices, or want your neighbors connecting to your WiFi, Amazon went ahead and made Sidewalk opt-out.
Opt out (for all your devices) using Alexa app's More tab (at the bottom): Settings > Account Settings > Amazon Sidewalk > Enabled.

The beauty and misery of private RSS feeds. An anonymous reader shares a report: There's only supposed to be one way to hear exclusive podcast content from sports host Scott Wetzel: by paying $5 a month to subscribe to his Patreon. But the show's also been available on a smaller podcasting app for free. In fact, leaked podcast feeds from dozens of subscription-only shows, including Wetzel's and The Last Podcast On The Left, are available to stream through Castbox, a smaller app for both iOS and Android, just by searching for them.

Two people in the podcast space tell me they've reached out to Castbox multiple times, only for the company to remove a show and then have it pop up again, an infuriating cycle for someone trying to charge for their content. "It's a little bit like playing whack-a-mole with them," says one source, who asked to remain anonymous because of their ongoing work in the space. Podcast subscriptions have existed for years, but they've gained wider attention this past month. Apple, which makes the dominant podcasting app, introduced in-app subscriptions with a button that lets people directly subscribe to a show from the app. Spotify announced its own subscription product, too, but with caveats -- the main one being there's no actual in-app button.

An anonymous reader quotes a report from The Register: A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef. On Tuesday, Vanhoef, a postdoctoral researcher in computer security at New York University Abu Dhabi, released a paper titled, "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" [PDF]. Scheduled to be presented later this year at the Usenix Security conference, the paper describes a set of wireless networking vulnerabilities, including three Wi-Fi design flaws and nine implementation flaws. Vanhoef, who in 2017 along with co-author Frank Piessens identified key reinstallation attacks (KRACKs) on the WPA2 protocol (used to secure Wi-Fi communication), has dubbed his latest research project FragAttacks, which stands for fragmentation and aggregation attacks.

The dozen vulnerabilities affect all Wi-Fi security protocols since the wireless networking technology debuted in 1997, from WEP up through WPA3. [...] In total, 75 devices -- network card and operating system combinations (Windows, Linux, Android, macOS, and iOS) -- were tested and all were affected by one or more of the attacks. NetBSD and OpenBSD were not affected because they don't support the reception of A-MSDUs (aggregate MAC service data units). [...]

Patches for many affected devices and software have already been deployed, thanks to a nine-month-long coordinated responsible disclosure overseen by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet (ICASI). Linux patches have been applied and the kernel mailing list note mentions that Intel has addressed the flaws in a recent firmware update without mentioning it. Microsoft released its patches on March 9, 2021 when disclosure was delayed tho Redmond had already committed to publication. Vanhoef advises checking with the vendor(s) of Wi-Fi devices about whether the FragAttacks have been addressed. "[F]or some devices the impact is minor, while for others it's disastrous," he said.

Following Twitter's lead, Facebook is trying out a new feature designed to encourage users to read a link before sharing it. TechCrunch reports: The test will reach 6% of Facebook's Android users globally in a gradual rollout that aims to encourage "informed sharing" of news stories on the platform. Users can still easily click through to share a given story, but the idea is that by adding friction to the experience, people might rethink their original impulses to share the kind of inflammatory content that currently dominates on the platform.

The strategy demonstrates Facebook's preference for a passive strategy of nudging people away from misinformation and toward its own verified resources on hot-button issues like COVID-19 and the 2020 election. While the jury is still out on how much of an impact this kind of gentle behavioral shaping can make on the misinformation epidemic, both Twitter and Facebook have also explored prompts that discourage users from posting abusive comments.