HP has unveiled the first commercial hardware for Google Beam, the Android-maker's 3D video conferencing technology formerly known as Project Starline, with a price tag of $24,999. The HP Dimension features a 65-inch light field display paired with six high-speed cameras positioned around the screen to capture speakers from multiple angles, creating what the companies describe as a lifelike 3D representation without requiring headsets or glasses.

The system processes visual data through Google's proprietary volumetric video model, which merges camera streams into 3D reconstructions with millimeter-scale precision at 60 frames per second. Beyond the hardware cost, users must purchase a separate Google Beam license for cloud processing, though pricing for that service remains undisclosed.

An anonymous reader shares a blog post from Google: Today, we're bringing you Android 16, rolling out first to supported Pixel devices with more phone brands to come later this year. This is the earliest Android has launched a major release in the last few years, which ensures you get the latest updates as soon as possible on your devices. Android 16 lays the foundation for our new Material 3 Expressive design, with features that make Android more accessible and easy to use.

Meta's Facebook and Instagram apps "were siphoning people's data through a digital back door for months," writes a Washington Post tech columnist, citing researchers who found no privacy setting could've stopped what Meta and Yandex were doing, since those two companies "circumvented privacy and security protections that Google set up for Android devices.

"But their tactics underscored some privacy vulnerabilities in web browsers or apps. These steps can reduce your risks." Stop using the Chrome browser. Mozilla's Firefox, the Brave browser and DuckDuckGo's browser block many common methods of tracking you from site to site. Chrome, the most popular web browser, does not... For iPhone and Mac folks, Safari also has strong privacy protections. It's not perfect, though. No browser protections are foolproof. The researchers said Firefox on Android devices was partly susceptible to the data harvesting tactics they identified, in addition to Chrome. (DuckDuckGo and Brave largely did block the tactics, the researchers said....)

Delete Meta and Yandex apps on your phone, if you have them. The tactics described by the European researchers showed that Meta and Yandex are unworthy of your trust. (Yandex is not popular in the United States.) It might be wise to delete their apps, which give the companies more latitude to collect information that websites generally cannot easily obtain, including your approximate location, your phone's battery level and what other devices, like an Xbox, are connected to your home WiFi.

Know, too, that even if you don't have Meta apps on your phone, and even if you don't use Facebook or Instagram at all, Meta might still harvest information on your activity across the web.

Cybercriminals have been increasingly turning to "residential proxy" services over the past two to three years to disguise malicious web traffic as everyday online activity, according to research presented at the Sleuthcon cybercrime conference. The shift represents a response to law enforcement's growing success in targeting traditional "bulletproof" hosting services, which previously allowed criminals to maintain anonymous web infrastructure.

Residential proxies route traffic through decentralized networks running on consumer devices like old Android phones and low-end laptops, providing real IP addresses assigned to homes and offices. This approach makes malicious activity extremely difficult to detect because it appears to originate from trusted consumer locations rather than suspicious server farms. The technology creates particular challenges when attackers appear to come from the same residential IP ranges as employees of target organizations.

An anonymous reader quotes a report from BleepingComputer: The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. The BADBOX botnet is commonly found on Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices. "The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," warns the FBI.

These devices come preloaded with the BADBOX 2.0 malware botnet or become infected after installing firmware updates and through malicious Android applications that sneak onto Google Play and third-party app stores. "Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process," explains the FBI. "Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services4 known to be used for malicious activity."

Once infected, the devices connect to the attacker's command and control (C2) servers, where they receive commands to execute on the compromised devices, such as [routing malicious traffic through residential IPs to obscure cybercriminal activity, performing background ad fraud to generate revenue, and launching credential-stuffing attacks using stolen login data]. Over the years, the malware botnet continued expanding until 2024, when Germany's cybersecurity agency disrupted the botnet in the country by sinkholing the communication between infected devices and the attacker's infrastructure, effectively rendering the malware useless. However, that did not stop the threat actors, with researchers saying they found the malware installed on 192,000 devices a week later. Even more concerning, the malware was found on more mainstream brands, like Yandex TVs and Hisense smartphones. Unfortunately, despite the previous disruption, the botnet continued to grow, with HUMAN's Satori Threat Intelligence stating that over 1 million consumer devices had become infected by March 2025. This new larger botnet is now being called BADBOX 2.0 to indicate a new tracking of the malware campaign. "This scheme impacted more than 1 million consumer devices. Devices connected to the BADBOX 2.0 operation included lower-price-point, 'off brand,' uncertified tablets, connected TV (CTV) boxes, digital projectors, and more," explains HUMAN.

"The infected devices are Android Open Source Project devices, not Android TV OS devices or Play Protect certified Android devices. All of these devices are manufactured in mainland China and shipped globally; indeed, HUMAN observed BADBOX 2.0-associated traffic from 222 countries and territories worldwide."

"It appears as though Meta (aka: Facebook's parent company) and Yandex have found a way to sidestep the Android Sandbox," writes Slashdot reader TheWho79. Researchers disclose the novel tracking method in a report: We found that native Android apps -- including Facebook, Instagram, and several Yandex apps including Maps and Browser -- silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programmatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users' web activity.

While there are subtle differences in the way Meta and Yandex bridge web and mobile contexts and identifiers, both of them essentially misuse the unvetted access to localhost sockets. The Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs. This technique circumvents privacy protections like Incognito Mode, cookie deletion, and Android's permission model, with Meta Pixel and Yandex Metrica scripts silently communicating with apps across over 6 million websites combined.

Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse.

Apple's end-to-end iCloud encryption product ("Advanced Data Protection") was famously removed in the U.K. after a government order demanded backdoors for accessing user data.

So now a Google software engineer wants to build an open source version of Advanced Data Protection for everyone. "We need to take action now to protect users..." they write (as long-time Slashdot reader WaywardGeek). "The whole world would be able to use it for free, protecting backups, passwords, message history, and more, if we can get existing applications to talk to the new data protection service." "I helped build Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018, and Google is way ahead of Apple in this area. I know exactly how to build it and can have it done in spare time in a few weeks, at least server-side... This would be a distributed trust based system, so I need folks willing to run the protection service. I'll run mine on a Raspberry PI...

The scheme splits a secret among N protection servers, and when it is time to recover the secret, which is basically an encryption key, they must be able to get key shares from T of the original N servers. This uses a distributed oblivious pseudo random function algorithm, which is very simple.

In plain English, it provides nation-state resistance to secret back doors, and eliminates secret mass surveillance, at least when it comes to data backed up to the cloud... The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys. There are cases where rational folks would agree to hand over that data, and I hope we can end the encryption wars and develop sane policies that protect user data while offering a compromise where lives can be saved.
"I've got the algorithms and server-side covered," according to their original submission. "However, I need help." Specifically...

• Running protection servers. "This is a T-of-N scheme, where users will need say 9 of 15 nodes to be available to recover their backups."
• Android client app. "And preferably tight integration with the platform as an alternate backup service."
• An iOS client app. (With the same tight integration with the platform as an alternate backup service.)
• Authentication. "Users should register and login before they can use any of their limited guesses to their phone-unlock secret."

"Are you up for this challenge? Are you ready to plunge into this with me?"


In the comments he says anyone interested can ask to join the "OpenADP" project on GitHub — which is promising "Open source Advanced Data Protection for everyone."

Google has begun automatically generating AI-powered email summaries for Gmail Workspace users, eliminating the need to manually trigger the feature that has been available since last year. The company's Gemini AI will now independently determine when longer email threads or messages with multiple replies would benefit from summarization, displaying these summaries above the email content itself. The automatic summaries currently appear only on mobile devices for English-language emails and may take up to two weeks to roll out to individual accounts, with Google providing no timeline for desktop expansion or availability to non-Workspace Gmail users.

An anonymous reader quotes a report from 9to5Google: Google Photos was announced at I/O 2015 and the company is now celebrating the app's 10th birthday with a redesign of the photo editor. Google is redesigning the Photos editor so that it "provides helpful suggestions and puts all our powerful editing tools in one place." It starts with a new fullscreen viewer that places the date, time, and location at the top of your screen. Meanwhile, it's now Share, Edit, Add to (instead of Lens), and Trash at the bottom.

Once editing, Google Photos has moved controls for aspect ratio, flip, and rotate to be above the image. In the top-left corner, we have Auto Frame, which debuted in Magic Editor on the Pixel 9, to fill-in backgrounds and is now coming to more devices. Underneath, we get options for Enhance, Dynamic, and "AI Enhance" in the Auto tab. That's followed by Lighting, Color, and Composition, as well as a search shortcut: "You can use AI-powered suggestions that combine multiple effects for quick edits in a variety of tailored options, or you can tap specific parts of an image to get suggested tools for editing that area."

The editor allows you to circle or "tap specific parts of an image to get suggested tools for editing that area." This includes the subject, background, or some other aspect. You then see the Blur background, Add portrait light, Sharpen, Move and Reimagine appear in the example below. We also see the redesigned sliders throughout this updated interface. This Google Photos editor redesign "will begin rolling out globally to Android devices next month, with iOS following later this year." We already know the app is set for a Material 3 Expressive redesign. Meanwhile, Google Photos is starting to roll out the ability to share albums with a QR code. This method makes for easy viewing and adding with people nearby. Google even suggests printing it out when in (physical) group settings. Google shared a few tips, tricks and tools for the new editor in a blog post.

A Qualcomm-commissioned study found that Apple's inaugural C1 modem, debuting in the iPhone 16e, significantly underperformed compared to Qualcomm-powered Android devices in challenging network conditions. The research by Cellular Insights tested devices on T-Mobile's 5G network in New York City, where Android phones achieved download speeds up to 35% faster and upload speeds up to 91% quicker than the iPhone 16e.

The performance gap widened when networks were congested or devices operated farther from cell towers -- precisely the scenarios where next-generation modems should excel, according to the report. The iPhone 16e became "noticeably hot to touch and exhibited aggressive screen dimming within just two-minute test intervals" during testing. This study arrives as Apple attempts to reduce its dependence on Qualcomm, which has historically provided modems for the entire iPhone lineup and represents roughly 20% of Qualcomm's revenue.

At I/O 2025, Google revealed new details about Android XR glasses, which will integrate with your phone to deliver context-aware support via Gemini AI. 9to5Google reports: Following the December announcement, Google today shared how all Android XR glasses will have a camera, microphones, and speakers, while an "in-lens display" that "privately provides helpful information right when you need it" is described as being "optional." The glasses will "work in tandem with your phone, giving you access to your apps without ever having to reach in your pocket." Gemini can "see and hear what you do" to "understand your context, remember what's important to you and provide information right when you need it." We see it accessing Google Calendar, Maps, Messages, Photos, Tasks, and Translate.

Google is "working with brands and partners to bring this technology to life," specifically Warby Parker and Gentle Monster. "Stylish glasses" are the goal for Android XR since they "can only truly be helpful if you want to wear them all day." Meanwhile, Google is officially "advancing" the Samsung partnership from headsets to Android XR glasses. They are making a software and reference hardware platform "that will enable the ecosystem to make great glasses." Notably, "developers will be able to start building for this platform later this year." On the privacy front, Google is now "gathering feedback on our prototypes with trusted testers." Further reading: Google's Brin: 'I Made a Lot of Mistakes With Google Glass'

Microsoft is introducing a new "Cross Device Resume" feature for Windows 11, enabling app developers to let users seamlessly continue activity between devices in a manner closely mirroring Apple's Handoff for Macs and iPhones. Unveiled at Build 2025 during a session titled "Create Seamless Cross-Device Experiences with Windows for your app," the feature was demonstrated -- before the session was quietly edited to remove this segment -- by showing Spotify playing a song on an Android phone, then surfacing the Spotify app in the Windows taskbar with a phone icon; clicking this launches Spotify on the PC at precisely the same point in the app as on the phone, preserving playback position for uninterrupted use.

Google co-founder Sergey Brin candidly addressed the failure of Google Glass during an unscheduled appearance at Tuesday's Google I/O conference, where the company announced a new smart glasses partnership with Warby Parker. "I definitely feel like I made a lot of mistakes with Google Glass, I'll be honest," Brin said.

He noted several key issues that doomed the $1,500 device launched in 2013, including a conspicuous front-facing camera that sparked privacy concerns. "Now it looks like normal glasses without that thing in front," Brin said of the new design. He also blamed the "technology gap" that existed a decade ago and his own inexperience with supply chains that prevented pricing the original Glass competitively.

Google has launched the NotebookLM app for Android and iOS, offering a native mobile experience with offline support, audio overviews, and integration into the system share sheet for adding sources like PDFs and YouTube videos. 9to5Google reports: This native experience starts on a homepage of your notebooks with filters at the top for Recent, Shared, Title, and Downloaded. The app features a light and dark mode based on your device's system theme with no manual toggle. Each colorful card features the notebook name, emoji, number of sources, and date, as well as a play button for Audio Overviews. There's background playback and offline support for the podcast-style experience (the fullscreen player has a nice glow), while you can "Join" the AI hosts (in beta) to ask follow-up questions.

You get a "Create new" button at the bottom of the list to add PDFs, websites, YouTube videos, and text. Notably, the NotebookLM app will appear in the Android and iOS share sheet to quickly add sources. When you open a notebook, there's a bottom bar for the list of Sources, Chat Q&A, and Studio. It's similar to the current mobile website, with the native client letting users ditch the Progressive Web App. Out of the gate, there are phone and (straightforward) tablet interfaces. You can download the app for iOS and Android using their respective links.

During this year's annual Pwn2Own contest, two researchers from Palo Alto Networks demonstrated an out-of-bounds write vulnerability in Mozilla Firefox, reports Cyber Security News, "earning $50,000 and 5 Master of Pwn points." And the next day another participant used an integer overflow to exploit Mozilla Firefox (renderer only).

But Mozilla's security blog reminds users that a sandbox escape would be required to break out from a tab to gain wider system access "due to Firefox's robust security architecture" — and that "neither participating group was able to escape our sandbox..." We have verbal confirmation that this is attributed to the recent architectural improvements to our Firefox sandbox which have neutered a wide range of such attacks. This continues to build confidence in Firefox's strong security posture.
Even though neither attack could escape their sandbox, "Out of abundance of caution, we just released new Firefox versions... all within the same day of the second exploit announcement." (Last year Mozilla responded to an exploitable security bug within 21 hours, they point out, even winning an award as the fastest to patch.)

The new updated versions are Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1 and Firefox for Android. "Despite the limited impact of these attacks, all users and administrators are advised to update Firefox as soon as possible...." To review and fix the reported exploits a diverse team of people from all across the world and in various roles (engineering, QA, release management, security and many more) rushed to work. We tested and released a new version of Firefox for all of our supported platforms, operating systems, and configurations with rapid speed....

Our work does not end here. We continue to use opportunities like this to improve our incident response. We will also continue to study the reports to identify new hardening features and security improvements to keep all of our Firefox users across the globe protected.

An anonymous reader shared this report from Ars Technica: Nextcloud, a host-your-own cloud platform that wants to help you "regain control over your data," has had to tell its Android-using customers for months now that they cannot upload files from their phone to their own servers. Months of emails and explanations to Google's Play Store representatives have yielded no changes, Nextcloud .

That blog post — and media coverage of it — seem to have moved the needle. In an update to the post, Nextcloud wrote that as of May 15, Google has offered to restore full file access permissions. "We are preparing a test release first (expected tonight) and a final update with all functionality restored. If no issues occur, the update will hopefully be out early next week," the Nextcloud team wrote....

[Nextcloud] told The Register that it had more than 800,000 Android users. The company's blog post goes further than pinpointing technical and support hurdles. "It is a clear example of Big Tech gatekeeping smaller software vendors, making the products of their competitors worse or unable to provide the same services as the giants themselves sell," Nextcloud's post states. "Big Tech is scared that small players like Nextcloud will disrupt them, like they once disrupted other companies. So they try to shut the door." Nextcloud is one of the leaders of an antitrust-minded movement against Microsoft's various integrated apps and services, having filed a complaint against the firm in 2021.

Longtime Slashdot reader mprindle writes: Nextcloud has been in an ongoing battle with Google over the tech giant revoking the All Files permission from the Nextcloud Android App, which prevents users from managing their files on their server. After a blog post and several tech sites reported on the issue, "Google reached out to us [Nexcloud] and offered to restore the permission, which will give users back the functionality that was lost." Nextcloud is working on an app update and hopes to have it pushed out within a week.

Google is enhancing Android's Factory Reset Protection (FRP) to make stolen phones virtually unusable by detecting setup wizard bypasses and requiring a second factory reset until ownership is verified. Android Authority reports: You can factory reset an Android phone in several ways. However, triggering a reset through the Android recovery menu or Google's Find My Device service activates Factory Reset Protection (FRP). During setup after such a reset, the wizard requires you to verify ownership by either signing into the previously associated Google account or entering the device's former lock screen PIN, password, or pattern. Failing this verification step blocks setup completion, rendering the device unusable. [...]

Factory Reset Protection (FRP) is a valuable feature that discourages theft by rendering stolen Android phones useless to potential buyers if wiped improperly. However, FRP isn't foolproof; thieves have discovered numerous methods over the years to circumvent it. These bypasses typically involve skipping the setup wizard, allowing someone to use the phone without entering the previous owner's Google account details or screen lock.

During The Android Show: I/O Edition, Google announced plans to "further harden Factory Reset protections, which will restrict all functionalities on devices that are reset without the owner's authorization." While the company didn't elaborate much, a screenshot it shared suggests that Android will likely detect if someone bypasses the setup wizard and then force another factory reset, preventing unauthorized use until the user proves ownership. [...] Google stated this FRP improvement is coming "later this year." Since the stable Android 16 release is coming soon, this timeline suggests the feature won't be part of the initial launch. It might arrive later in one of Android 16's Quarterly Platform Releases (QPRs), but that remains to be seen.

UPDATE: In an update to their blog post, "Nextcloud wrote that as of May 15, Google has offered to restore full file access permissions," reports Ars Technica.

Slashdot originally wrote that Nextcloud had accused Google of sabotaging its Android Files app by revoking the "All files access" permission, which the company said crippled functionality for its 824,000 users and forces reliance on limited alternatives like SAF and MediaStore. The Register reported: Nextcloud's Android Files app is a file synchronization tool that, according to the company, has long had permission to read and write all file types. "Nextcloud has had this feature since its inception in 2016," it said, "and we never heard about any security concerns from Google about it." That changed in 2024, when someone or something at Google's Play Store decided to revoke the permission, effectively crippling the application. Nextcloud was instructed to use "a more privacy-aware replacement." According to Nextcloud, "SAF cannot be used, as it is for sharing/exposing our files to other apps ... MediaStore API cannot be used as it does not allow access to other files, but only media files."

Attempts to raise the issue with Google resulted in little more than copy-and-pasted sections of the developer guide. "Despite multiple appeals from our side and sharing additional background, Google is not considering reinstating upload for all files," Nextcloud said. The issue seems to stem from the Play Store. While a fully functional version is available on F-Droid, the Play Store edition is subject to Google's imposed limitations. Regarding the All files access permission, Google's developer documentation states: "If you target Android 11 and declare All files access, it can affect your ability to publish and update your app on Google Play."

Nextcloud is clearly aggrieved by the change, as are its users. "This might look like a small technical detail but it is clearly part of a pattern of actions to fight the competition," it said. "What we are experiencing is a piece of the script from the big tech playbook." [...] Are there nefarious actors at play here, an automated process that auto-rejects apps with elevated access requirements, or is it just simple incompetence? "Either way," Nextcloud said, "it results in companies like ours just giving up, reducing functionality just to avoid getting kicked out of their app store."

"The issue is that small companies -- like ours -- have pretty much no recourse," it added. Nextcloud went on to criticize oversight processes as slow-moving, with fines that sound hefty but amount to little more than a slap on the wrist. "Big Tech is scared that small players like Nextcloud will disrupt them, like they once disrupted other companies. So they try to shut the door."

An anonymous reader shares a report: During the Android Show leading up to Google I/O, Google on Tuesday offered a brief update on the adoption of the RCS (Rich Communication Services) protocol, an upgrade to SMS that offers high-resolution photos and videos, typing indicators, read receipts, improved group chat, and more. The company shared that the messaging standard now supports over a billion messages per day in the U.S.

This metric is based on an average of the last 28 days, Google noted. The stat is notable because Google fought for years to get Apple to adopt support for RCS on iOS, allowing for better communication between Android and Apple devices. Previously, iPhone users who received texts from friends on Android had to deal with blurry videos and images, and couldn't as easily manage group chats when their green-bubbled friends joined. Unlike with iMessage, group chats with Android users couldn't be renamed, nor could people be added or removed, and you couldn't exit when you wanted. Emoji reactions also didn't work properly, leading to annoying texts to let you know how an Android user reacted, instead of just displaying their emoji reaction directly.