Android

Samsung's Galaxy S9 Will Appear At CES In January, Says Report (venturebeat.com) 40

According to VentureBeat, Samsung is planning to show off its next-generation Galaxy S9 and S9+ smartphones at January's Consumer Electronics Show in Las Vegas. Some of the information about the devices will be shared at CES, but Samsung is still apparently holding an official launch event in March, as it did this past year for the Galaxy S8 and S8+. From the report: Codenamed Star 1 and Star 2 -- and going by model numbers SM-G960 and SM-G965 -- the S9 and S9+ will feature the same 5.8-inch and 6.2-inch curved-edge Super AMOLED "Infinity" displays, respectively, as their predecessors. While no specific processor was mentioned, it is said to employ 10-nanometer fabrication techniques, which is highly suggestive of the upcoming Snapdragon 845 from Qualcomm (and likely a similar Exynos model for some regions). Besides a bigger screen, the S9+ will reportedly offer more RAM (6GB versus 4GB) and a second rear camera, similar to the Note8. Both models pack 64GB of internal storage, supplemented by a microSD slot, and both leave the 3.5-millimeter headphone jack intact. Regardless of rear camera configuration, both phones orient the elements on the back of the device vertically -- with the fingerprint sensor on the bottom, in acknowledgement of one of the most frequent complaints about all three of Samsung's 2017 flagship handsets. Another change that's sure to be well-received is the addition of AKG stereo speakers. Finally, Samsung plans to introduce a backward-compatible DeX docking station that situates the phones flat and utilizes the screens as either a touchpad or a virtual keyboard.
Privacy

How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It) (vice.com) 45

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."
Privacy

Google Collects Android Users' Locations Even When Location Services Are Disabled (qz.com) 196

Google has been collecting Android phones' locations even when location services are turned off, and even when there is no carrier SIM card installed on the device, an investigation has found. Keith Collins, reporting for Quartz: Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers -- even when location services are disabled -- and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy. Quartz observed the data collection occur and contacted Google, which confirmed the practice. The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.
Software

Google Is Working On Fuchsia OS Support For Apple's Swift Programming Language (androidpolice.com) 54

An anonymous reader shares a report from Android Police: Google's in-development operating system, named "Fuchsia," first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time "Magenta" kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language. If you're not familiar with it, Swift is a programming language developed by Apple, which can be used to create iOS/macOS/tvOS/watchOS applications (it can also compile to Linux). Apple calls it "Objective-C without the C," and on the company's own platforms, it can be mixed with existing C/Objective-C/C++ code (similar to how apps on Android can use both Kotlin and Java in the same codebase). We already know that Fuchsia will support apps written in Dart, a C-like language developed by Google, but it looks like Swift could also be supported. On Swift's GitHub repository, a pull request was created by a Google employee that adds Fuchsia OS support to the compiler. At the time of writing, there are discussions about splitting it into several smaller pull requests to make reviewing the code changes easier.
Android

Even New Phones Are No Longer Guaranteed To Have the Latest Version of Android (theverge.com) 158

Vlad Savov, writing for The Verge: The OnePlus 5T and Razer Phone are two fundamentally different devices, which are nonetheless united by one unfortunate downside: both of them are going on sale this month without the latest version of Android on board. OnePlus will tell you that this issue is down to its extremely stringent testing process, while Razer offers a similar boilerplate about working as fast as possible to deliver Android Oreo. But we're now three months removed from Google's grand Oreo launch, timed to coincide with this summer's total eclipse, and all of these excuses are starting to ring hollow. Why do Android companies think they can ship new devices without the latest and best version of the operating system on board? The notorious fragmentation problem with Android has always been that not every device gets the latest update at the same time, and many devices get stuck on older software without ever seeing an update at all. What's changed now is that the "one version behind the newest and best" phenomenon is starting to infect brand new phones as well. The 5T and Razer Phone are just two examples; there's also Xiaomi, which just launched its Mi Mix 2 in Spain with 2016's Android Nougat as the operating system.
Security

Bluetooth Hack Affects 20 Million Amazon Echo, Google Home Devices (thehackernews.com) 40

In September, security researchers discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. We have now learned that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities. The Hacker News reports: Amazon Echo is affected by the following two vulnerabilities: a remote code execution vulnerability in the Linux kernel (CVE-2017-1000251); and an information disclosure flaw in the SDP server (CVE-2017-1000250). Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android. Whereas, Google Home devices are affected by one vulnerability: information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785). This Android flaw can also be exploited to cause a denial-of-service (DoS) condition. Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack. The security firm [Armis, who disclosed the issue] notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.
Android

OnePlus 5T Featuring 6-inch AMOLED Display, 3.5mm Headphone Jack Launched (wired.com) 54

Chinese smartphone maker OnePlus, which has been lauded by consumers for offering phones with top-of-the-line specs at a reasonably affordable price range, on Thursday at an event in New York announced its newest flagship smartphone. Called the OnePlus 5T, the handset sports a 6.01-inch AMOLED screen (screen resolution 1080 x 2160) manufactured by Samsung in a body that is roughly of the same size as the 5.5-inch display-clad predecessor OnePlus 5. The secret sauce is, much like Samsung, LG and Apple, OnePlus has moved to a near bezel-less design. The company is not getting rid of the fingerprint scanner though, which it has pushed to the back side. The front-facing camera, additionally, OnePlus says, can be used to unlock the device. Other features include a 3,300mAh battery with the company's proprietary Dash Charge fast-charging tech (no wireless charging support -- the company says at present wireless charging doesn't really add much value to the device), top-of-the-line Qualcomm Snapdragon 835 processor with Adreno 540, 6GB of RAM with 64GB of storage (there is another variant of the phone which offers 8GB of RAM with 128GB of space). As for camera, we are looking at a dual 16-megapixel and 20-megapixel setup in the back. One more thing: the phone has a headphone jack and it runs Android 7.1 out of the box. The OnePlus 5T will go on sale in Europe, India, and the United States starting November 21st, with the base model priced at Euro 499, INR 32,999, and $499, respectively. The high-end variant is priced at Euro 559, INR 37,999, and $559. Wired has more details.
Chrome

Slashdot Asks: Have You Switched To Firefox 57? 576

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.
Android

UC Browser Mobile App Disappears From Google Play Store (medianama.com) 34

UC Browser, a popular mobile web browser owned by China's Alibaba Group, has mysteriously disappeared from the Google Play Store. The app was pulled from the Google Play Store on November 12, according to data from app analytics firm App Annie. Several users began inquiring about the app's whereabouts earlier this week on Reddit. It was not immediately clear why UC Browser had been pulled from Android's marquee app store. According to Twitter user Mike Ross, who claims to be a developer at Alibaba Group, Google pulled UC Browser from its store due to "misleading" and "unhealthy" promotional tactics used by the company to increase the install count of its app. UC Browser is still available to download on Apple's App Store, Amazon's Android store, and through company's official website. UC Browser Mini, a light version of the company's browser is notably still listed on Google Play. Though UC Browser is not a household name in the Western markets, the Alibaba's app is incredibly popular in markets such as India. It has been among the top six most downloaded apps from Google Play in India for the last two years, venture capitalist Mary Meeker noted in her yearly internet report in May this year. As of July, UC Browser had been installed more than 100 million times worldwide from Google Play Store.
Mozilla

Firefox Quantum Arrives With Faster Browser Engine, Major Visual Overhaul (venturebeat.com) 323

An anonymous reader writes: Mozilla today launched Firefox 57, branded Firefox Quantum, for Windows, Mac, Linux, Android, and iOS. The new version, which Mozilla calls "by far the biggest update since Firefox 1.0 in 2004," brings massive performance improvements and a visual redesign. The Quantum name signals Firefox 57 is a huge release that incorporates the company's next-generation browser engine (Project Quantum). The goal is to make Firefox the fastest and smoothest browser for PCs and mobile devices -- the company has previously promised that users can expect "some big jumps in capability and performance" through the end of the year. Indeed, three of the four past releases (Firefox 53, Firefox 54, and Firefox 55) included Quantum improvements. But those were just the tip of the iceberg. Additionally, Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work, the company said.
Android

OnePlus Phones Come Preinstalled With a Factory App That Can Root Devices (bleepingcomputer.com) 73

Catalin Cimpanu, writing for BleepingComputer: Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers. The app was discovered by a mobile security researcher who goes online by the pseudonym of Elliot Alderson -- the name of the main character in the Mr. Robot TV series. Speaking to Bleeping Computer, the researcher said he started investigating OnePlus devices after a story he saw online last month detailing a hidden stream of telemetry data sent by OnePlus devices to the company's servers.
The Almighty Buck

Uber Drivers In Lagos Are Using a Fake GPS App To Inflate Rider Fares (qz.com) 86

According to Quartz, some Uber drivers in Lagos have been using a fake GPS itinerary app called Lockito to illicitly bump up fares for local drivers. The app was initially created for developers to "test geofencing-based apps," but has been used by Uber drivers to inflate the cost of their trips. From the report: In some cases, inflated trips can cost riders more than double the rate they should be paying. "It's more like a parasite," says Mohammed, a driver for both Uber and Taxify in Lagos. "It sets the false GPS movement while allowing the phone also to keep track of its actual movement. The Uber app can't tell the difference between both so it just calculates both." When a driver uses Lockito for an Uber trip he or she can have the fake GPS running (and calculating a fake fare) from the pickup point to the drop off location, before the passenger has even got into the car. When the real trip starts, the real GPS starts running and calculating the actual fare. But at the end of the journey the fares from both trips (real and fake) are tallied up as one fare which the unsuspecting rider pays. Some drivers use Lockito to inflate fares by adding 1000 naira to 2000 naira extra (roughly $3 to $6) but some drivers are believed to inflate fares to exorbitant levels.
Android

Google To Kill a Bunch of Useful Android Apps That Rely On Accessibility Services (androidpolice.com) 105

Slashdot reader Lauren Weinstein writes from a blog: My inbox has been filling today with questions regarding Google's new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with "disabilities" (a term not defined by Google in the warning). Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided. "While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.)," reports Android Police. "LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API." It's likely Google is cracking down on apps that use Accessibility Services due to the security risks they pose. "Once granted the right permissions, the API can be used to read data from other apps," reports Android Police.
Cellphones

New Samsung Video Demos Linux on Galaxy Smartphones (liliputing.com) 100

Slashdot reader boudie2 tipped us off to some Linux news. Liliputing reports: Samsung's DeX dock lets you connect one of the company's recent phones to an external display, mouse, and keyboard to use your phone like a desktop PC... assuming you're comfortable with a desktop PC that runs Android. But soon you may also be able to use your Android phone as a Linux PC [and] the company has released a brief video that provides more details. One of those details? At least one of the Linux environments in question seems to be Ubuntu 16.04... While that's the only option shown, the fact that it does seem to be an option suggests you may be able to run different Linux environments as well.

Once Ubuntu is loaded, the video shows a user opening Eclipse, an integrated development environment that's used to create Java (and Android apps). In other words, you can develop apps for Android phones with ARM-based processors on an Android phone with an ARM-based processor.

Samsung promised in October that its Linux on Galaxy app will ultimately let users "run their preferred Linux distribution on their smartphones utilizing the same Linux kernel that powers the Android OS."
Android

CopperheadOS Fights Unlicensed Installations On Nexus Phones (xda-developers.com) 97

An anonymous reader writes: Earlier this week security-hardened Android build CopperheadOS temporarily blocked Nexus updates on its servers after finding out that other companies have been flashing the ROM onto Nexus phones and selling them commercially in violation of the CopperheadOS licensing terms. The incident highlights an inherent problem in getting open source to be used by the masses: the difficulty of organizations being able to build and monetize a successful, long-term open source business model...
"We've enabled over-the-air updates again," CopperheadOS tweeted Saturday, "to avoid impacting our remaining customers on Nexus devices and other legitimate users. However, downloads on the site will no longer be available and we'll be making changes to the update client for Nexus devices."

In an earlier series of tweets, they explained it's an ongoing issue. "It's not okay to disrespect our non-commercial licensing terms for those official builds by flashing and selling it on hundreds of phones... This is why we've been unable to sell access to Pixel images. There are people that are going to buy those and flash + sell devices in direct competition with us in violation of the licensing terms. Needing to deal with so many people acting in bad faith makes this difficult.

"It's not permitted for our official Nexus builds and yet that's what's happening. We do all of the development, testing, release engineering and we provide the infrastructure, and then competitors sell far more devices than us in violation of our licensing terms. Ridiculous."
Music

Ask Slashdot: Can You Convert Old iPods Into A Home Music-Streaming Solution? 118

Slashdot reader zhennian wants to stream music throughout his entire house, "and was hoping that with three old iPods I might be able to put together a centrally managed house-wide audio system." Ideally it would be possible to control what's playing from a central web interface using an app on an IOS or Android device. With the iPods already plugged into docking stations and on the home wifi network, I assume it should be possible.

A search of the Apple app store didn't bring up much and forking out $AUS400 for a Sonos One or equivalent seems wasted when I've already purchased iPod docks. Can anyone recommend an App that will still be compatible with old (ie. 2007) iPods and might do this?

Or is there a better cheap alternative? Leave your best answers in the comments. Can you convert old iPods into a home music-streaming solution?
Bug

Sex Toy Company Admits To Recording Users' Remote Sex Sessions, Calls It a 'Minor Bug' (theverge.com) 81

According to Reddit user jolioshmolio, Hong Kong-based sex toy company Lovense's remote control vibrator app (Lovense Remote) recorded a use session without their knowledge. "An audio file lasting six minutes was stored in the app's local folder," reports The Verge. "The user says he or she gave the app access to the mic and camera but only to use with the in-app chat function and to send voice clips on command -- not constant recording when in use." The app's behavior appears to be widespread as several others confirmed it too. From the report: A user claiming to represent Lovense responded and called this recording a "minor bug" that only affects Android users. Lovense also says no information or data was sent to the company's servers, and that this audio file exists only temporarily. An update issued today should fix the bug. This isn't Lovense's first security flub. Earlier this year, a butt plug made by the company -- the Hush -- was also found to be hackable. In the butt plug's case, the vulnerability had to do with Bluetooth, as opposed to the company spying on users.
Microsoft

Microsoft To Integrate 3rd-party Security Info Into Its Windows Defender Advanced Threat Protection Service (zdnet.com) 26

Microsoft is partnering with other security vendors to integrate their macOS, Linux, iOS, and Android security wares with its Windows Defender Advanced Threat Protection (ATP) service From a report: Microsoft has announced the first three such partners: Bitdefender, Lookoutm and Ziften. These companies will feed any threats detected into the single Windows Defender ATP console. With Defender ATP, every device has its own timeline with event history dating back up to six months. According to Microsoft, no additional infrastructure is needed to onboard events from macOS, Linux, iOS and/or Android devices. Integration with Bitdefender's GravityZone Cloud -- which allows users to get macOS and Linux threat intelligence on malware and suspicious files -- is in public preview as of today. A trial version is available now. Integration with Lookout's Mobile Endpoint Security for iOS and Android and Ziften's Zenith systems and security operations platform for macOS and Linux will be in public preview "soon," Microsoft's blog post says.
Windows

Windows 10's Version of AirDrop Lets You Quickly Share Files Between PCs (theverge.com) 108

Microsoft is testing its "Near Share" feature of Windows 10 in the latest Insider build (17035) today, which will let Windows 10 PCs share documents or photos to PCs nearby via Bluetooth. The Verge reports: A new Near Share option will be available in the notification center, and the feature can be accessed through the main share function in Windows 10. Files will be shared wirelessly, and recipients will receive a notification when someone is trying to send a file. Microsoft's addition comes just a day after Google unveiled its own AirDrop-like app for Android.
Chrome

Chrome Update Kills Annoying Redirects and Trick-To-Click Popups (androidcentral.com) 41

Google is releasing updates to Chrome 64 and Chrome 65 to put a halt to page redirects and trick-to-click popups. The update is coming to both the desktop and Android apps. Android Central reports: With Chrome 64, every redirect from a third-party iframe will show an info bar instead of sending you off to some other page. This way we can decide if we want to navigate away or stay on the page we're looking at. If we're interacting with an iframe, like clicking an embedded YouTube video to open it on YouTube in a new tab, the request goes through as normal -- this only applies to things you didn't click and didn't expect to send you off. We can get more than we asked for when we are interacting with a web page, too. Google has two things planned that should help. With Chrome 65, websites that try to circumvent Chrome's pop-up blocker by opening a new tab for a thing you clicked while navigating the original tab to some other page will be blocked with the same style of info bar. This gives us the choice of taking a look versus being forced. Some abusive experiences are harder to autodetect, but Google plans to use the same type of data as its Safe Browsing feature to kill off deceptive page elements.

Slashdot Top Deals