Ars Technica reports that a recently reported remote access vulnerability in Android is no longer just theoretical, but is being actively exploited. After more than 100,000 downloads of a scanning app from Check Point to evaluate users' risk from the attack, says Ars, In a blog post published today, Check Point researchers share a summary of that data—a majority (about 58 percent) of the Android devices scanned were vulnerable to the bug, with 15.84 percent actually having a vulnerable version of the remote access plug-in installed. The brand with the highest percentage of devices already carrying the vulnerable plug-in was LG—over 72 percent of LG devices scanned in the anonymized pool had a vulnerable version of the plug-in.

USA Today reports on the widespread use of stingray technology by police to track down even petty criminals and witnesses, as well as their equally widespread reluctance to disclose that use. The article focuses mostly on the city of Baltimore; by cross-checking court records against a surveillance log from the city’s Advanced Technical Team, the USA Today reporters were able to determine at least several hundred cases in which phony ("simulated") cell phone towers were used to snoop traffic. In court, though, and even in the information that the police department provides to the city's prosecutors, the use of these devices is rarely disclosed, thanks to a non-disclosure agreement with the FBI and probably a general reluctance to make public how much the department is using them, especially without bothering to obtain search warrants. From the article: In at least one case, police and prosecutors appear to have gone further to hide the use of a stingray. After Kerron Andrews was charged with attempted murder last year, Baltimore's State's Attorney's Office said it had no information about whether a phone tracker had been used in the case, according to court filings. In May, prosecutors reversed course and said the police had used one to locate him. "It seems clear that misrepresentations and omissions pertaining to the government's use of stingrays are intentional," Andrews' attorney, Assistant Public Defender Deborah Levi, charged in a court filing.

Judge Kendra Ausby ruled last week that the police should not have used a stingray to track Andrews without a search warrant, and she said prosecutors could not use any of the evidence found at the time of his arrest.

According to The Verge, anyone who buys a new Android phone may benefit from an interesting change in their phone's default apps: namely, fewer pieces of included bloatware. However, the affected apps might not be the ones that a user concerned with bloatware might care most about (like carrier-specific apps), but are rather some of the standard Google-provided ones (Google+, Google Play Games, Google Play Books and Google Newsstand). These apps will still be available at the Google Play Store, just not required for a handset maker to get Google's blessing. (Also at ZDNet.)

jan_jes writes: Researchers have used anonymous mobile phone records for more than 15 million people to track the spread of rubella disease in Kenya and were able to quantitatively show that mobile phone data can predict seasonal disease patterns. The researchers compared the cellphone analysis with a highly detailed dataset on rubella incidence in Kenya. They matched; the cellphone movement patterns lined up with the rubella incidence figures. In both of their analyses, rubella spiked three times a year. This showed the researchers that cellphone movement can be a predictor of infectious-disease spread.

An anonymous reader writes: Following the recent news that Verizon has ended smartphone subsidies, now Sprint has announced it is ending two-year contracts as well. This leaves AT&T as the last of the major carriers to offer such a plan. Most consumers will now have to get used to paying full price for their phones, though Sprint is also running a phone-leasing plan that lets people pay an additional $22/month for an 16GB iPhone, with yearly upgrades.

Ever screamed at your phone, or wanted to, when it can't handle the basic job of linking you to another person by voice? antdude writes to say that The Atlantic has posted a long article titled "Don't Hate the Phone Call, Hate the Phone" about how our telephone habits have changed, but so have the infrastructure and design of the handset. A snippet: When you combine the seemingly haphazard reliability of a voice call with the sense of urgency or gravity that would recommend a phone call instead of a Slack DM or an email, the risk of failure amplifies the anxiety of unfamiliarity. Telephone calls now exude untrustworthiness from their very infrastructure. Going deeper than dropped connections, telephony suffered from audio-signal processing compromises long before cellular service came along, but the differences between mobile and landline phone usage amplifies those challenges, as well.

An anonymous reader writes: When Canonical's phone-centric adaptation of Ubuntu first made it onto devices last year, it received a mostly "wait-and-see" reception. For anyone outside Europe, they didn't have much choice, since it was unavailable elsewhere. Now, BQ has opened sales of the Ubuntu phones worldwide. That said, the devices still have technological restrictions. "Both of these devices support GSM bands 850, 900, 1,800 and 1,900, as well as UMTS 900 and 2,100 — so you're not going to get any joy if you're on a CDMA network like Verizon."

New submitter DaDaDaaaaa writes: The New York Times features a joint op-ed piece by prosecutors from Manhattan, Paris, London and Spain, in which they decry the default use by Apple and Google of full disk encryption in their latest smartphone OSes (iOS 8 and Android Lollipop, respectively). They talk about the murder scene of a father of six, where an iPhone 6 and a Samsung Galaxy S6 Edge were found.

"An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user's passcode. The homicide remains unsolved. The killer remains at large."

They make a case for lawmakers to force Apple and Google to include backdoors into their smartphone operating systems. One has to wonder about the legitimate uses of full disk encryption, which can protect good people from harm, and them from having their privacy needlessly intruded upon.

An anonymous reader writes: Biometric authentication is becoming commonplace — fingerprint scanners have been used on laptops for years, and now they're becoming commonplace on phones, as well. As more devices require your fingerprint to unlock, it becomes more important for each of them to guard that data. It's significant, then, that researchers from FireEye were able to easily grab fingerprint data off several recent phones. The most egregious offender is the HTC One Max, which stores the fingerprint comparison image as a simple .BMP file in a folder that's open to access. "Any unprivileged processes or apps can steal user's fingerprints by reading this file." According to the research they presented at Black Hat (PDF), it would also be simple for hackers who have remotely compromised the device to upload their own fingerprints to grant themselves physical access.

jfruh writes: Over the past two decades, China's relatively high skill, low cost workforce made the country a powerhouse of tech and electronics manufacturing. But in a sign that things might be changing, several large Chinese companies, including Foxconn and Huawei, are investing billions to start manufacturing in India. Xiaomi is expected to announce its first India-made phone today, as well. The article says that Foxconn's planned factory in Maharashtra "would create employment for at least 50,000 people, state chief minister Devendra Fadnavis said after the signing of the agreement at which Foxconn CEO Terry Gou was present."

An anonymous reader writes: Like many people reading this site, I have several older phones around as well as my newest, fanciest one; I have a minimal service plan on one of these (my next-to-most-recent), and no service plan (only WI-Fi, as available) on the others. Most of them have some reason or other that I like them, so even without service I've kept them around to act as micro-tablets. Some have a better in-built camera than my current phone, despite being older; some are nice on occasion for being small and pocketable; I like to use one as a GPS in the car without dedicating my phone to that purpose; I can let my young relatives use an older one as a camera, etc. Besides, some people have only one phone at all, and can't reasonably afford a new one -- and that probably means a phone that's not cutting edge. So: in light of the several recent Android vulnerabilities that have come to light, and no reason to think they're the last of these, what's a smart way to use older Android phones? Is CyanoGen Mod any less vulnerable? Should I be worried that old personally identifying information from online transactions is still hanging around somewhere in the phone's recesses? I don't want to toss still-useful hardware, but I know I won't be getting any OS upgrades to 3-year-old phones. How do you use older phones that are not going to get OTA updates to address every security issue?

An anonymous reader writes: When Google started Project Fi, one of their big goals was to make cell phone calling simple and predictable. By combining Wi-Fi calling with cellular networks and flat $10/GB pricing, they're trying to put together a service that "just works." But as Dieter Bohn writes, things can get a lot more complicated when you try to integrate it with other Google services, like Voice. He says, "Precisely what happens when you port your number from Voice to Fi (which are kind of the same thing — but not really!) is clear as mud. ... You won't lose your Google Voice number, and it will still do most of the stuff it did before, but you may have to wend your way back to the 2011-era Google Voice site to manage it. Your texts no longer forward via SMS but they're available in the Hangouts App. You can't call people from Google Voice on the web but you can from Hangouts. Oh, and on Android there's a Hangouts dialer app you can use, sometimes, just because."

JoeyRox writes: Verizon has discontinued service plans that include subsidies for upgrading a smartphone. The new plans require customers to pay full price for their smartphones, either up front with a single one-time purchase, or by monthly payments. Unlike their previous subsidized plans, Verizon's new plans don't require a long-term commitment. Under the new plan, Verizon will charge flat fees for connected devices: $20 for smartphones and $10 for tablets. Subscribers will be able to pick from four data monthly packages to go with their devices: 1GB for $30, 3GB for $45, 6GB for $60, and 12GB for $80. The changes go into effect on August 13th. Existing subscribers will get to keep their current plans

AmiMoJo writes: A proposal (PDF) submitted by a Google engineer to the Unicode Consortium asks that food allergies get their own emojis and be added to the standard. The proposal suggests the addition of peanuts, soybeans, buckwheat, sesame seeds, kiwi fruit, celery, lupin beans, mustard, tree nuts, eggs, milk products and gluten. According to TNW: "This proposal will take a little longer to become reality — it's still in very early stages and needs to be reviewed by the Unicode Consortium before it can move forward, but it'll be a great way for those with allergies to quickly express them."

New submitter Manish Singh writes: Why is Samsung, the South Korean technology conglomerate which has the tentpole position in Android, becoming increasinglu focused on its homegrown operating system Tizen? At its annual developer summit this week, the company announced new SDKs for smartwatches, smart TVs, and smartphones, and also shared its future roadmap.

redletterdave writes: A new patent filed last April but published by the U.S. Patent and Trademark Office earlier this month suggests Samsung might be working on a smartphone that can bend in half like a flip phone. The biggest problem, according to the patent, is all the strain that accumulates by continually folding the display, or keeping the display folded for a long period of time, which can result in deformations and imperfections, Samsung notes. But Samsung's patent also describes how the phone could keep track of how long it's been in the folded and unfolded states, so as to alert the user of any strain that needs to be relieved. This could help extend the lifetime of the phone and its display.

itwbennett writes: Just days after publication of a flaw in Android's Stagefright, which could allow attackers to compromise devices with a simple MMS message, researchers have found another Android media processing flaw. The latest vulnerability is located in Android's mediaserver component, more specifically in how the service handles files that use the Matroska video container (MKV), Trend Micro researchers said. "When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system). The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data."

MojoKid writes: The OnePlus 2 was officially unveiled [Monday] evening and it has been announced that the smartphone will start at an competitively low $329, unlocked and contract free. The entry level price nets you a 5.5" 1080p display, a cooler-running 1.8GHz Qualcomm Snapdragon 810 v2.1 SoC paired with 3GB of RAM, 16GB of internal storage, a 13MP rear camera (with OIS, laser focusing and two-tone flash), 5MP selfie camera, and dual nano SIM slots. If you don't mind handing over an extra $60, you'll receive 4GB of RAM to back the processor and 64GB of internal storage. Besides beefing up the internal specs, OnePlus has also paid some attention to the exterior of the device, giving it a nice aluminum frame and a textured backplate. There are a number of optional materials that you can choose from including wood and Kevlar. Reader dkatana links to InformationWeek's coverage, which puts a bit more emphasis on what the phone doesn't come with: NFC. Apparently, people just don't use it as much as anticipated.

sfcrazy writes: Today, during the Akademy event, the KDE Community announced Plasma Mobile project. It's a Free (as in Freedom and beer), user-friendly, privacy-enabling and customizable platform for mobile devices. Plasma Mobile claims to be developed in an open process, and considering the community behind it, I don't doubt it. A great line: "Plasma Mobile is designed as an ‘inclusive’ platform and will support all kinds of apps. In addition to native apps written in Qt, it also supports GTK apps, Android apps, Ubuntu apps, and many others." And if you have a Nexus 5, you can download and play with a prototype now.

itwbennett writes: Even as mobile users become more security and privacy conscious, researchers and other mobile data collectors still to collect user data in order to build products and services. The question: How to get users to give up that data? Researchers at the New Jersey Institute of Technology tested two incentives: gamification and micropayments. The test involved building a campus Wi-Fi coverage map using user data collected from student participants who either played a first-person shooter game or who were paid to complete certain tasks (e.g., taking photos). The game turned out to be a quick and efficient way to build the Wi-Fi coverage map. But data from the micropayments group was found to be "sometimes unreliable, and individuals were trying to trick the system into thinking they had accomplished tasks."