Pine64 today announced its latest Linux-powered device, the PinePhone Pro, an update to the original PinePhone which sees a more powerful device running mainline Linux (Manjaro in this case) on a mobile device that works as a cellphone and a desktop computer. Tom's Hardware reports: This combination of hardware and software makes the still slightly futuristic idea of confluence between mobile and desktop devices seem a step closer. Carry it around with you, and it's a phone. Plug it into a monitor, and it's a desktop PC. The KDE Plasma Mobile front-end adapts to the circumstances. Inside, it's much like any other phone, with a Rockchip RK3399S six-core SoC operating at 1.5GHz, 4GB of dual-channel LPDDR4 RAM, and 128GB of internal eMMC flash storage. It features a 13MP main camera sensor and a 5MP front-facing camera. There's a Micro-SD slot for expanded storage, and a six-inch 1440 x 720 IPS touchscreen. The PinePhone Pro is not a typical cell phone, rather the concept of convergence, the ability to use your phone as a computer is intriguing. Plug your PinePhone Pro into an external display and use it as a low-power desktop computer is something that has been attempted by a number of companies, including Canonical's attempt with Ubuntu Edge.

PinePhone Pro offers something that is missing from the majority of phones, privacy. A series of hardware DIP-switches, hidden under a rear cover, cut off access to the cameras, microphone, Wi-Fi 5 and Bluetooth 4.1 chips, headphone jack, and LTE modem (including GPS) should you ever need to. The layout and Pogo Pins of the new phone are identical to the original PinePhone, so all existing accessories should work. Retailing at $399, the PinePhone Pro's makers are realistic about the challenges of putting desktop Linux on a mobile device, especially in an ecosystem dominated by iOS and Android.

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table.

It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these. In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. [T]he FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking (NPRM) adopted (PDF) Thursday and released on Friday proposes requiring those gateway phone companies to implement STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols, which verify the accuracy of Caller ID by using digital certificates based on public-key cryptography. "This proposal would subject foreign-originated calls, once they enter the United States, to requirements similar to those of domestic-originated calls, by placing additional obligations on gateway providers in light of the large number of illegal robocalls that originate abroad and the risk such calls present to Americans," the NPRM said. Gateway providers would be required to "apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with US numbers," the FCC said (PDF).

STIR/SHAKEN is already widely deployed in the US on IP networks due to separate requirements that apply to large phone providers. Another newly implemented rule prohibits phone companies from accepting calls from providers that haven't met requirements to deploy STIR/SHAKEN or other robocall-mitigation methods. But the STIR/SHAKEN requirements don't apply to all carriers yet. "We don't want international calling to become a loophole for our policies," FCC Acting Chairwoman Jessica Rosenworcel said on Thursday at a commission meeting. "So today we are proposing that gateway providers in the United States -- the companies that bring in calls from overseas -- take action to stop this stuff from coming in from abroad. That means they need to use STIR/SHAKEN technology, register in our Robocall Mitigation Database, and comply with traceback requests to figure out where these junk calls are originating from overseas."

The FCC said those traceback requests "are used to help block illegal robocalls and inform FCC enforcement investigations." The NPRM also proposes a new call-blocking requirement. When the FCC notifies a gateway provider about an ongoing robocall campaign, the provider would have to conduct "a prompt investigation to determine whether the traffic identified in the Enforcement Bureau's notice is illegal" and "promptly block all traffic associated with the traffic pattern identified in that notice." The NPRM seeks public comment on these proposed rules. Deadlines for initial comments will be 30 days after the NPRM is published in the Federal Register and 60 days after publication for reply comments. The docket is located here.

New submitter thegreatnick writes: The next generation of Fairphone -- an attempt to make an ethical smartphone -- has been announced with the Fairphone 4. The base specs include a Qualcomm Snapdragon 750G SoC, 6GB of RAM, and 128GB of storage (upgradeable to 8GB and 256GB). On the front, you'll get a 6.3-inch, 2340x1080 LCD display with slimmer bezels (compared to the Fairphone 3 design) and a teardrop notch for the 25-megapixel front camera. The 3,905mAh battery is Qualcomm Quick Charge 4.1 compatible, so if you have a compatible USB-C charger (not included in the box to reduce waste) you can take the battery from 0-50% in 30 minutes. The phone ships with Android 11 and has a side-mounted fingerprint reader in the power button, a MicroSD slot, and the option for dual-SIM usage via one physical nanoSIM and an eSIM.

Continuing Fairphone's progress in making a "fair" supply chain -- both ethically-clean raw materials and paying workers a fair wage -- it also describes the 4 as "e-waste neutral." This is a neat way of summing up the idea that the company will recycle one device for every Fairphone 4 it sells. In addition, Fairphone can boast that it now uses 70% "fair" materials inside the handset, including FairTrade Gold and Silver, aluminum from ASI-certified vendors, and a backplate made from 100% post-consumer recycled polycarbonate. In an upgrade to previous models, the Fairphone 4 has dual cameras, though it loses the headphone jack. The company says this was to achieve an IP54 waterproof rating (light splashes) -- a first for the Fairphone brand. It's also been announced that it will come with an industry-leading 5-year warranty and aims to get 6 years of software updates for the phone.

The Guardian tells the story of "a viral sensation in the global underworld," the high-security An0m phones, which launched with "a grassroots marketing campaign, identifying so-called influencers — 'well-known crime figures who wield significant power and influence over other criminal associates', according to a US indictment — within criminal subcultures." An0m could not be bought in a shop or on a website. You had to first know a guy. Then you had to be prepared to pay the astronomical cost: $1,700 for the handset, with a $1,250 annual subscription, an astonishing price for a phone that was unable to make phone calls or browse the internet.

Almost 10,000 users around the world had agreed to pay, not for the phone so much as for a specific application installed on it. Opening the phone's calculator allowed users to enter a sum that functioned as a kind of numeric open sesame to launch a secret messaging application. The people selling the phone claimed that An0m was the most secure messaging service in the world. Not only was every message encrypted so that it could not be read by a digital eavesdropper, it could be received only by another An0m phone user, forming a closed loop system entirely separate from the information speedways along which most text messages travel. Moreover, An0m could not be downloaded from any of the usual app stores. The only way to access it was to buy a phone with the software preinstalled...

[U]sers could set an option to wipe the phone's data if the device went offline for a specified amount of time. Users could also set especially sensitive messages to self-erase after opening, and could record and send voice memos in which the phone would automatically disguise the speaker's voice. An0m was marketed and sold not so much to the security conscious as the security paranoid...

An0m was not, however, a secure phone app at all. Every single message sent on the app since its launch in 2018 — 19.37m of them — had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices.

On 7 June 2021, more than 800 arrests were made around the world....
Law enforcement agencies ultimately saw An0m as a creative workaround for unbreakable encryption, according to the Guardian. "Why debate tech companies on privacy issues through costly legal battles if you can simply trick criminals into using your own monitored network?"

The Guradian's story was shared by jd (Slashdot user #1,658), who sees an ethical question. "As the article notes, what's to stop a tyrant doing the same against rivals or innocent protestors?"

"A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores," reports the Record: In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to prevent detection. ValdikSS, who set up a local 2G base station in order to intercept the phones' communications, said the devices also secretly notified a remote internet server when they were activated for the first time, even if the phones had no internet browser...

All the remote servers that received this activity were located in China, ValdikSS said, where all the devices were also manufactured before being re-sold on Russian online stores as low-budget alternatives to more popular push-button phone offerings, such as those from Nokia.
But who's responsible, the article ultimately asks. The third party supplying the firmware? The parties shipping the phones? The vendors selling the phone without detecting its malware? Or the government agencies lacking a mechanism for collecting reports of malware...

Long-time Slashdot reader Nkwe shares an article about AT&T's "Flying COW" drones — their Cell (tower) On Wings drone technology that's helped restore cellphone service after Hurricane Ida and other natural disasters.

"The device is a cell site situated on a drone engineered to beam wireless LTE coverage across an area of up to 40 square miles." The weather-resistant drone can withstand extreme conditions, and its thermal imaging can help search and rescue teams find people in buildings, tree cover, and thick smoke... The drone has the potential to hover over 300 feet and is connected by a tether attached to the ground.

When someone texts, calls, or uses data, the signal is sent to the drone and transferred through the tether to a router. The router pushes information through a satellite, into the cloud, and finally into the AT&T network. The tether also provides constant power to the Flying COW via a fiber, giving the drone unlimited flight time.

Its flying capabilities allow it to soar 500% higher than a terrestrial Cell-on-Wheels mast, expanding how far the signal reaches, though more drones can be added to widen the coverage area. The drone is small and versatile, making it easy to set up, deploy, and move during rapidly changing conditions, like firefighters chasing a wildfire.

"T-Mobile CEO Mike Sievert published an open apology to customers Friday after hackers stole more than 50 million users' personal data, including their Social Security numbers and driver's license information," reports NBC News: "The last two weeks have been humbling for all of us at T-Mobile," he wrote. "To say we are disappointed and frustrated that this happened is an understatement."

The incident is the fourth known breach at T-Mobile since 2018, and by far the largest. The full count of how many customers had their data stolen is unclear, but the company said last week it had identified more than 53 million affected customers, most of them on subscription plans. It also included an unspecified number of "prospective" users who are not T-Mobile customers...

It is unclear why T-Mobile was storing customers' driver's license information and Social Security numbers without encrypting them in a way that would make it difficult or impossible for hackers to see them even if they stole them. Jackie Singh, a cybersecurity consultant, said it was irresponsible on the part of T-Mobile, especially for hard-to-change sensitive personal data like Social Security numbers.

"It is frankly bizarre to learn that in this day and age, a major telco continues to store critical customer data in plain text," she said. "Offering two years of credit monitoring services doesn't change the fact that harm was done to their customer base."
NBC says they spoke to the person identified as the perpetrator by the Wall Street Journal, who told them last week that he'd planned to sell the information on more than 100 million users for a hefty profit.

Meanwhile, T-Mobile's CEO now says they're alerting affected users and have set up a hub for victim services. Beneath the words "NOTICE OF DATA BREACH," it adds the tagline "Keeping you safe from cybersecurity threats. What you need to know and how we're protecting you."

Passengers escaped an Alaska Airlines jet via emergency slides on Monday night after a malfunctioning smartphone filled the cabin with smoke. The Register reports: The pilot ordered the evacuation of flight 751 from New Orleans to Seattle after someone's cellphone started to spit out sparks and smoke just after landing. As the aircraft was still waiting on the tarmac at Seattle-Tacoma International Airport for a gate, the slides were deployed and all 129 passengers and six crew made it out. The errant mobile was also stuffed in a bag to curb its compact conflagration. Two people, we're told, were taken to hospital.

"The crew acted swiftly using fire extinguishers and a battery containment bag to stop the phone from smoking," a spokesperson for Alaska Airlines told The Register. "Crew members deployed the evacuation slides due to hazy conditions inside the cabin. Two guests were treated at a local area hospital." Airport officials, meanwhile, said "only minor scrapes and bruises were reported." It's unknown which device malfunctioned on this flight, but it makes us think back to the Galaxy Note 7 fiasco of 2016 that prompted Samsung to formally recall the smartphone after nearly 100 reports of them catching fire and spewing noxious black smoke. The Note 7 was also banned from aircraft in the United States under an emergency order.

If you plan on unlocking the bootloader to root your Galaxy Z Flip 3 or Galaxy Z Fold 3 -- Samsung's two newest foldabes announced earlier this month, you should know that the Korean OEM will disable the cameras. Technically, this has only been confirmed for the Galaxy Z Fold 3, but the Galaxy Z Flip 3 likely has similar restrictions. XDA Developers reports: According to XDA Senior Members [...], the final confirmation screen during the bootloader unlock process on the Galaxy Z Fold 3 mentions that the operation will cause the camera to be disabled. Upon booting up with an unlocked bootloader, the stock camera app indeed fails to operate, and all camera-related functions cease to function, meaning that you can't use facial recognition either. Anything that uses any of the cameras will time out after a while and give errors or just remain dark, including third-party camera apps.

It is not clear why Samsung chose the way on which Sony walked in the past, but the actual problem lies in the fact that many will probably overlook the warning and unlock the bootloader without knowing about this new restriction. Re-locking the bootloader does make the camera work again, which indicates that it's more of a software-level obstacle. With root access, it could be possible to detect and modify the responsible parameters sent by the bootloader to the OS to bypass this restriction. However, according to ianmacd, Magisk in its default state isn't enough to circumvent the barrier.

"According to addiction expert Dr Anna Lembke, our smartphones are making us dopamine junkies," reports the Guardian, "with each swipe, like and tweet feeding our habit..." As the chief of Stanford University's dual diagnosis addiction clinic (which caters to people with more than one disorder), Lembke has spent the past 25-plus years treating patients addicted to everything from heroin, gambling and sex to video games, Botox and ice baths... Her new book, Dopamine Nation, emphasises that we are now all addicts to a degree. She calls the smartphone the "modern-day hypodermic needle": we turn to it for quick hits, seeking attention, validation and distraction with each swipe, like and tweet. Since the turn of the millennium, behavioural (as opposed to substance) addictions have soared. Every spare second is an opportunity to be stimulated... "We're seeing a huge explosion in the numbers of people struggling with minor addictions," says Lembke.

That has consequences. Although we have endless founts of fun at our fingertips, "the data shows we're less and less happy," she says. Global depression rates have been climbing significantly in the past 30 years and, according to a World Happiness Report, people in high-income countries have become more unhappy over the past decade or so. We've forgotten how to be alone with our thoughts. We're forever "interrupting ourselves", as Lembke puts it, for a quick digital hit, meaning we rarely concentrate on taxing tasks for long or get into a creative flow. For many, the pandemic has exacerbated dependence on social media and other digital vices, as well as alcohol and drugs.

Addiction is a spectrum disorder: it's not as simple as being an addict or not being an addict. It's deemed worthy of clinical care when it "significantly interferes" with someone's life and ability to function, but when it comes to minor digital attachments, the effect is pernicious. "It gets into philosophical questions: how is the time I'm spending on my phone in subtle ways affecting my ability to be a good parent, spouse or friend?" says Lembke. "I do believe there is a cost — one that I don't think we fully recognise because it's hard to [see it] when you're in it...."

"It's very different from how life used to be, when we had to tolerate a lot more distress," says Lembke. "We're losing our capacity to delay gratification, solve problems and deal with frustration and pain in its many different forms."
The solution, according to the article, is dopamine fasts — "the longer, the better...to reset our brain's pathways and gain perspective on how our dependency affects us," eventually attaining the lost art of moderation.

In a 2015 video, PCMag's lead mobile analyst Sascha Segan showed off "One of the coolest phones at this year's CES."

He's now written an article titled "How I Got Suckered by an (Alleged) $10M Phone Scam. The biggest mobile-phone mystery of the 2010s is finally coming to an ignominious end, as yesterday the U.S. attorney for Utah charged Chad Sayers, founder of entirely notional mobile phone firm Saygus, with conducting a $10 million fraud scheme. Saygus "had" a series of "phones" from 2009-2016 that existed as prototypes that the company took on trade shows and to press tours. There was never any real evidence of production runs. The U.S. Attorney now claims Sayers and associated took $10 million in investor money and lived on it without ever really planning to release a product. (I learned this via David Ruddock....)

The phone kept just...not happening. Sayers' genius was that he produced just enough prototypes to show off and kept them in a constant state of pre-sale... "DEFENDANT failed to disclose that device certification with Verizon expired in 2013 and was never renewed," the Department of Justice notes. A new version of the phone then popped up again in 2015, this one supposedly covered in Kevlar with 320GB of storage. Sayers flogged that prototype until early 2016, at which point he said it was coming "next month."

The Department of Justice says: "Between April 7, 2015 and January 10, 2017, DEFENDANT made at least 26 public statements on Twitter that its phone would be shipping 'this month,' 'this week,' or was otherwise launching, when in fact, it has never launched...."

Sayers kept going on press tours and buying expensive trade-show booths with prototypes of phones that would never hit the market, drumming up enough gullible mainstream press coverage (myself included) to presumably attract a continual stream of investors with his claim of being the next big thing.

"What seemed like a small update has, for some, turned into a huge headache," reports ZDNet: Over on Apple's support forum, there are several threads from users complaining that iOS 14.7.1 broke their iPhones, causing a "no service" problem where users are unable to connect to cell service. Ther">e are similar threads on Apple's developer forums as well.

While there doesn't seem to be a pattern to which phones are affected, I've seen reports of everything from the iPhone 6 to iPhone 12 affected, and the cause is clear — upgrading to iOS 14.7.1.
"Users are saying that restarting the phone, removing the SIM, and even resetting network settings didn't help," according to 9to5Mac (in an article shared by long-time Slashdot reader antdude).

Forbes reports the bug appears to happen when you lose your cellular connection and switch to WiFi calling, "so those living in areas with good reception may never see it. Of course, this scenario also helps to mask the scale of iPhones which might be affected." If you haven't upgraded to iOS 14.7.1 yet, this potentially crippling flaw could (understandably) put you off upgrading. The problem is that the release also contains a critical fix for a new zero-day security flaw...

An anonymous reader quotes a report from 9to5Google: Google's ambitions in the car led to Android Auto being redesigned a couple of years ago, mostly to positive feedback. However, the version of Android Auto on phone screens was meant to shut down at the time and has been on life support ever since. Now, that version has stopped working for some users. The aptly named "Android Auto for Phone Screens" was launched in 2019 as Google was forced to delay Google Assistant Driving Mode. That feature, which finally started rolling out in 2020, continued into earlier this year, and has expanded since, was supposed to replace the experience on phone screens. At the time, Google called this app a "stopgap" for users who needed an in-car experience but lacked a vehicle compatible with Android Auto.

In speaking with Google, we are able to confirm that Android Auto for Phone Screens is, indeed, shutting down with the release of Android 12. The experience will not be available for users on Android 12, but still on older versions of the OS. Google says that Assistant Driving Mode will be "the built-in mobile driving experience" on Android 12. Google's full statement follows: "Google Assistant driving mode is our next evolution of the mobile driving experience. For the people who use Android Auto in supported vehicles, that experience isn't going away. For those who use the on phone experience (Android Auto mobile app), they will be transitioned to Google Assistant driving mode. Starting with Android 12, Google Assistant driving mode will be the built-in mobile driving experience. We have no further details to share at this time."

Google's next midrange smartphone is the Pixel 5a, featuring a slightly bigger display than last year's Pixel 4a, a considerably larger battery and IP67 water and dust resistance. It's priced at $449, which is $100 more than the Pixel 4a, and is expected to be the last Google phone to include a charger in the box (sorry Pixel 6 fans). Ars Technica reports: Part of the reason for the price increase is that the Pixel 5a is a bigger phone, with a 6.34-inch display and 73.7 mm width compared to the Pixel 4a's 5.8-inch display and 69.4 mm width. Another big change is the addition of IP67 dust and water resistance, which means the phone should survive submersion in 3 feet of water (1 meter) for 30 minutes. As with the Pixel 5, the Pixel 5a's body is metal coated in plastic instead of the pure plastic body of the Pixel 4a. We didn't see the appeal of this construction in the Pixel 5, but the new phone is presumably stronger now.

As usual, we're getting a no-frills design that takes care of the basics. On the front, there's a slim-bezel OLED display and a hole-punch camera in the top right, while there are two cameras (main and wide-angle) and a capacitive fingerprint reader on the back. Specs include a Snapdragon 765G (that's a 7 nm chip with two Cortex A76 cores and six Cortex A55 cores), 6GB of RAM, 128GB of storage, and the biggest battery of any Pixel: 4680 mAh. The main camera is 12.2 MP and looks like the same Sony IMX363 sensor that Google has used for the past four years. There's a 16 MP wide-angle and an 8 MP front camera. Oh yeah, the headphone jack is sticking around for at least one more year. If there's a disappointment with the Pixel 5a, it's the 60 Hz display, which is looking pretty slow in a world where 90 Hz and 120 Hz are often the norm. Another important note is that the Pixel 5a will get three years of major updates and three years of security updates. It's currently available for preorder now and starts shipping on August 26.

An anonymous reader shares an excerpt from Wired, written by Lauren Goode: Samsung's newest foldables are even more impressive than the folding models that came before them. (The company first started shipping foldable phones in 2019, after years of development.) And yet, folding phones are still the 3D TVs of the smartphone world: birthed with the intention of swiveling your head toward a product at a time when the market for that product has softened. They're technically complicated. They're expensive. And their usability depends a whole lot on the way content is displayed on them, which means manufacturers could nail all the tech specs and still must wait on software makers (or entertainment companies) to create stuff to fill these space-age screens. All this does not bode well for the future of foldable phones, though some analysts are more optimistic.

Back in the early 2010's, global TV shipments started slipping, as developed markets became saturated with flat-screen TVs. And as prices for LCD TVs sank, so did profits. So TV manufacturers like Sony, LG, and Samsung began hyping the next expensive upgrade: 3D televisions. We tech journalists marched around the annual CES in 3D glasses, hoping to catch a glimpse of a 3D TV that would change our minds about this gimmicky technology. We grew mildly nauseous. We waited for more content. Five years later, 3D TV was dead. At the end of the last decade, WIRED's Brian Barrett summed up the great 3D TV pitch as "what happens when smart people run out of ideas, the last gasp before aspiration gives way to commoditization."

I know: TVs and mobile phones are different beasts. Mobile phones have fundamentally altered the way we live. Billions of handsets have been sold. But about four years ago, global smartphone sales slowed. By 2019, consumers were holding on to their phones for a few extra months before splurging on an upgrade. As smartphones became more secure and reliable, running on desktop-grade chip systems and featuring cameras good enough to decimate the digital camera market, each new iteration of a phone seemed, well, iterative. Enter foldable displays, which are either a desperate gimmick or a genuine leap forward, depending on whom you ask. Or, like 3D TVs, maybe they're both.

Foldables were also supposed to be the ultimate on-the-go device, for road warriors and jet-setters and productivity gurus who want to "stay in the flow" at all times. As I've written before, it's not exactly the best time to beta test this concept, while some of our movements are limited. The context for foldables has changed in the short time since they became commercially available. Of course, that context could always change again. Foldables may be the next frontier in phones, or in tablets, or laptops, or all of the above. They could become commonplace, assumed, as boring as a solid inflexible brick. Maybe we'll manage our decentralized bank accounts on a creaky screen as we shoot into sub-orbital space. Or maybe we'll stare into the screens, two parts fused into one, and hope that the future is something more than this. The biggest argument for foldables not being 3D TVs, as mentioned by research manager for IDC, Jitesh Ubrani, is the potential utility of foldables.

"Most people in the industry, and even many consumers, believe that ultimately there is just going to be one device you use, you know?" Ubrani says. "And this device will have the ability to function as a phone, as a PC, as a tablet. So where foldables can really drive the technology is by replacing three devices with one."

Slashdot reader nickwinlund77 quotes Wired: Location data sharing from wireless carriers has been a major privacy issue in recent years... Carriers remain perennially hungry to know as much about you as they can. Now, researchers are proposing a simple plan to limit how much bulk location data they can get from cell towers.

Much of the third-party location data industry is fueled by apps that gain permission to access your GPS information, but the location data that carriers can collect from cell towers has often provided an alternative pipeline. For years it's seemed like little could be done about this leakage, because cutting off access to this data would likely require the sort of systemic upgrades that carriers are loath to make.

At the Usenix security conference on Thursday, though, network security researchers Paul Schmitt of Princeton University and Barath Raghavan of the University of Southern California are presenting a scheme called Pretty Good Phone Privacy that can mask wireless users' locations from carriers with a simple software upgrade that any carrier can adopt—no tectonic infrastructure shifts required... The researchers propose installing portals on every device — using an app or operating system function — that run regular checks with a billing server to confirm that a user is in good standing. The system would hand out digital tokens that don't identify the specific device but simply indicate whether the attached wireless account is paid up.

Slashdot reader lightbox32 shared this report from Motherboard: T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn't mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers.

The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.
Mashable points out that "it's entirely possible that the seller is misrepresenting the scope of the breach and/or the contents of the information they claim to be selling.

"T-Mobile likely isn't going to say anything until there's a clearer sense of the risks its customers are actually facing."

"Developers are once again publicly highlighting instances in which Apple has failed to keep scam apps off of the app store," reports Ars Technica: The apps in question charge users unusual fees and siphon revenue from legitimate or higher-quality apps. While Apple has previously come under fire for failing to block apps like these from being published, developers complained this week that Apple was actually actively promoting some of these apps...

Apple continues to play whack-a-mole with these apps, but various developers have both publicly and privately complained that the company takes too long. One developer we exchanged emails with claimed that, when they discovered a scam app that stole assets from their own legitimate app and which was clearly designed to siphon users from the real app, Apple took 10 days to remove the app, while Google only took "1-2 days" on the Android side. The app was allowed back on Apple's App Store once the stolen assets were removed. During the long waiting period, the developer of the legitimate app lost a significant amount of users and revenue, while the developer of the illegitimate app profited.

As Apple fights legal battles to prevent third-party app stores from making their way to iOS on the basis that those alternative app stores may be less secure than Apple's own, claims from developers that scam apps are slipping through may undermine Apple's defense.

Fossbytes has an article detailing how you can check to see if your mobile device is infected with the "Pegasus" spyware. What's Pegasus you ask? It's phone-penetrating spy software developed by NSO Group and sold to governments to target journalists and activists around the world. The CEO of NSO Group says law-abiding citizens have "nothing to be afraid of," but that doesn't help us sleep any better. Here's how to check if your device has been compromised (heads up: it's a bit of a technical and lengthy process): First off, you'll need to create an encrypted backup and transfer it to either a Mac or PC. You can also do this on Linux instead, but you'll have to install libimobiledevice beforehand for that. Once the phone backup is transferred, you need to download Python 3.6 (or newer) on your system -- if you don't have it already. Here's how you can install the same for Windows, macOS, and Linux. After that, go through Amnesty's manual to install MVT correctly on your system. Installing MVT will give you new utilities (mvt-ios and mvt-android) that you can use in the Python command line. Now, let's go through the steps for detecting Pegasus on an iPhone backup using MVT.

First of all, you have to decrypt your data backup. To do that, you'll need to enter the following instruction format while replacing the placeholder text (marked with a forward slash) with your custom path: "mvt-ios decrypt-backup -p password -d /decrypted /backup". Note: Replace "/decrypted" with the directory where you want to store the decrypted backup and "/backup" with the directory where your encrypted backup is located.

Now, we will run a scan on the decrypted backup, referencing it with the latest IOCs (possible signs of Pegasus spyware), and store the result in an output folder. To do this, first, download the newest IOCs from here (use the folder with the latest timestamp). Then, enter the instruction format as given below with your custom directory path: "mvt-ios check-backup -o /output -i /pegasus.stix2 /backup". Note: Replace "/output" with the directory where you want to store the scan result, "/backup" with the path where your decrypted backup is stored, and "/pegasus.stix2" with the path where you downloaded the latest IOCs.

After the scan completion, MVT will generate JSON files in the specified output folder. If there is a JSON file with the suffix "_detected," then that means your iPhone data is most likely Pegasus-infected. However, the IOCs are regularly updated by Amnesty's team as they develop a better understanding of how Pegasus operates. So, you might want to keep running scans as the IOCs are updated to make sure there are no false positives.