DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Android

Open Ports Create Backdoors In Millions of Smartphones (bleepingcomputer.com) 117

An anonymous reader writes: "Mobile applications that open ports on Android smartphones are opening those devices to remote hacking, claims a team of researchers from the University of Michigan," reports Bleeping Computer. Researchers say they've identified 410 popular mobile apps that open ports on people's smartphones. They claim that an attacker could connect to these ports, which in turn grant access to various phone features, such as photos, contacts, the camera, and more. This access could be leveraged to steal photos, contacts, or execute commands on the target's phone. Researchers recorded various demos to prove their attacks. Of these 410 apps, there were many that had between 10 and 50 million downloads on the official Google Play Store and even an app that came pre-installed on an OEMs smartphones. "Research on the mobile open port problem started after researchers read a Trend Micro report from 2015 about a vulnerability in the Baidu SDK, which opened a port on user devices, providing an attacker with a way to access the phone of a user who installed an app that used the Baidu SDK," reports Bleeping Computer. "That particular vulnerability affected over 100 million smartphones, but Baidu moved quickly to release an update. The paper detailing the team's work is entitled Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications, and was presented Wednesday, April 26, at the 2nd IEEE European Symposium on Security and Privacy that took place this week in Paris, France."
Android

Anbox Can Run Android Apps Natively On Linux (In A Container) (anbox.io) 66

Slashdot user #1083, downwa, writes: Canonical engineer Simon Fels has publicly released an Alpha version of Anbox. Similar to the method employed for Android apps on ChromeOS, Anbox runs an entire Android system (7.1.1 at present) in an LXC container. Developed over the last year and a half, the software promises to seamlessly bring performant Android apps to the Linux desktop.

After installing Anbox (based on Android 7.1.1) and starting Anbox Application Manager, ten apps are available: Calculator, Calendar, Clock, Contacts, Email, Files, Gallery, Music, Settings, and WebView. Apps run in separate resizeable windows. Additional apps (ARM-native binaries are excluded) can be installed via adb. Installation currently is only supported on a few Linux distributions able to install snaps. Contributions are welcome on Github.

In a blog post Simon describes it as "a side project" that he's worked on for over a year and a half. "There were quite a few problems to solve on the way to a really working implementation but it is now in a state that it makes sense to share it with a wider audience."
Android

Samsung Will Fix the Galaxy S8 Red Tint Issue With a Software Update (xda-developers.com) 31

When the Galaxy S8 and S8+ first launched, several users reported a red tint to the displays. But then a few days passed and more reports emerged about the issue being widespread, especially in South Korea where many owners are facing this issue. According to XDA Developers, Samsung is aware of the issue and will be issuing a software update to fix it. From the report: Some thought this was just the nature of OLED technology. Because it's organic, it is expected to have some sort of variance from one device to another. We've seen this time and time again on Samsung devices, and others which are using AMOLED panels that were sourced from Samsung. This is generally not a widespread issue though and most of the time the difference is rather small. For whatever reason though, this doesn't seem to be the case with the Galaxy S8 and the Galaxy S8+. This new OTA update to fix the red tint issue is said to be coming next week at the end of April, and Samsung assures their customers that there isn't a problem with the phone itself.
Android

Benchmarks Show Galaxy S8 With Snapdragon 835 Is a Much Faster Android Handset (hothardware.com) 82

MojoKid writes: Samsung recently launched the Galaxy S8 series of Android smartphones to much fanfare but only recently did the handsets begin to arrive in market for testing and review. Though the high-polish styling of the Galaxy S8 and Galaxy S8+ may or may not appeal to you, few would argue with its claims of significant performance gains and improved battery life. As it turns out, in deep-dive testing and benchmarking, the Galaxy S8 series is significantly faster than any other Android handset on the market currently, especially when it comes to graphics and gaming workloads. The Qualcomm Snapdragon 835 processor on board the GS8 is currently a Samsung exclusive, though it's expected to arrive in other handsets later this year. The Adreno 540 graphics engine on board the new Snapdragon chip is roughly 25% faster than the previous generation 820/821 series, though the chip is only about 10 percent faster in standard CPU-intensive tasks. Regardless, these are appreciable gains, especially in light of the fact that the new Galaxy S8 also has much better battery life than the previous generation Galaxy S7 series. The Samsung Galaxy S8 (5.8-inch) and Galaxy S8+ (6.2-inch) are expected to arrive at retail this week and though pricing is carrier-dependent, list for roughly $720 and $850 respectively, off contract.
Facebook

Facebook Adds a Login Shortcut To Other Android Apps (engadget.com) 38

An anonymous reader shares a report: Today at F8, Facebook announced it's giving the developers of third-party Android apps the ability to recognize if you've already linked a service with the social network. Soon when you download or reinstall something like Pinterest, you won't have to wonder what your password is if you've already installed Facebook. The supported app will prompt you to log in via the social network. The social network is also giving third-party developers the opportunity to use Facebook as an account recovery solution for when you forget your password.
Google

Google Earth Gets a New Home On the Web (arstechnica.com) 46

To celebrate the Earth Day, Google says it is rolling out what was a two-year in the making major update to Google Earth. From a report: V9 is designed to run in a Web browser (just Chrome for now), but there's now a standalone home for Google Earth. The Android app has been updated, too (iOS is coming soon). Version 9 puts a big focus on guided tours via the "Voyager" section, which serves as a jumping off point for YouTube videos, 360-degree content, Street View, and Google Earth landmarks. The tours are led by scientists and documentarians, with some content produced by well-known groups like the BBC's Planet Earth team. For kids, there's a Sesame Street muppet section.
Android

Google Agrees To Open Android To Other Search Engines In Russia (bgr.com) 64

Google has reached a $7.8 million antitrust settlement with Russian watchdog group FAS. According to BGR, the company will loosen restrictions on Android's built-in search engines to allow for Russian competitors to take a share of the pie. From the report: Android's heavy reliance on Google services is to be expected, but in 2015 the Russian antitrust group -- officially the Federal Antimonopoly Service -- ruled that Google was breaking the law by forcing users to lean on Google for search. The ruling was the result of a complaint filed by Yandex, a Russian competitor to Google that runs the largest search engine in the country as well as web mail, news, maps, and other services. Google's settlement of the issue comes with the condition that Android will no longer lock down the search engine to Google, and must allow users the ability to change it if they want from within the Chrome web browser. Google will also loosen its exclusivity of the default apps on Android devices sold in Russia, potentially allowing for Yandex and other regional competitors to muscle in and replace the built-in apps with their own versions, depending on user preference.
Android

Samsung Blocks Ability To Remap Galaxy S8's Bixby Button (zdnet.com) 119

A Samsung representative confirmed today via Twitter that the company has blocked the ability for users to remap the Bixby hardware button on the Galaxy S8. For soon-to-be Galaxy S8 owners, the news will come as a disappointment, especially since the Bixby voice assistant in English has been delayed and will not be fully functional when units starting shipping later this week. ZDNet reports: XDA Developers first reported a Galaxy S8 firmware update blocked the ability to remap the button to perform a variety of tasks. Before, the button could even be remapped to launch Google Assistant. It's not clear if Samsung will ever support remapping the button. A representative for Samsung tweeted: "Can't say it will never happen, but we won't officially support."
Android

Google Photos Can Now Stabilize All Your Shaky Phone Camera Videos (theverge.com) 54

In early August, Google announced a feature for the Google Photos mobile app that would automatically stabilize videos in your camera roll. That feature is now rolling out via Photos v2.13 on Android. The Verge reports: A lot of flagship smartphones offer optical image stabilization when shooting video, a hardware feature that helps keep footage smooth. Others, like Google's Pixel, use software to try and stabilize jerky movements. Putting stabilization inside the Google Photos app could enhance results further if you're already working with hardware OIS, or improve recordings significantly if your phone lacks any means of steadying things out of the box. The stabilized video is cropped in a bit, as you might expect, and the original clip remains in your Photos library; there's no overwriting. Here's a side-by-side demo someone else made of the app's latest trick.
Facebook

Instagram's Snapchat Clone Is Now More Popular Than Snapchat -- and It's Only 8 Months Old (cnbc.com) 50

Facebook's top Snapchat clone Instagram Stories has hit 200 million daily active users, surpassing the last count of 161 million that Snapchat announced alongside its IPO. Instagram Stories launched in August, hit 100 million dailies in October, and 150 million in January, so it's hardly slowing as it grows. Meanwhile, Instagram is getting faster at copying even Snapchat's most technologically advanced features with a series of global iOS and Android updates. A report adds: Along with this announcement, Facebook is introducing new 'sticker' tools for Instagram, to make it a more appealing alternative to Snapchat, and more engaging for its users. Now Instagram's users can turn their selfies into stickers, which they'll be able to easily share, or pin within a video. The app is also launching new Geostickers for Chicago, London, Madrid and Tokyo to apply over photos. The stickers have been designed by artists from the respective cities, enabling users to tap to learn more about the art.
Android

Samsung Is Delaying the 'Voice' Part of Its New Bixby Voice Assistant (washingtonpost.com) 38

An anonymous reader quotes a report from Washington Post: A much-touted feature of Samsung's next smartphones isn't going to work as advertised when the Galaxy S8 and Galaxy S8+ launch April 21. Samsung said it's delaying the launch of voice-command capabilities for its Bixby voice assistant in English, according to a report in the Wall Street Journal. Although some of its features will still work, the report said, Bixby -- Samsung's answer to Apple's Siri -- won't be able to respond to any user voice commands, perhaps until as late as May. The Korean-language version of Bixby will have all of its features at launch, the Journal report said. The reason this is a big deal is because Samsung has touted Bixby as a big new feature for the Galaxy S8. Not only is it baked into the software, but it features a dedicated Bixby button on the lefthand side of the phone. The new assistant is designed to "perform almost every task that the app normally supports using touch," according to PhoneDog. "It'll be able to understand the current context and the state of the app that you're in without interrupting the work that you're doing," and will be able to "understand commands with incomplete commands, meaning you don't have to remember the exact phrase that you have to say to perform a task with an assistant."
Advertising

Google Ruins the Assistant's Shopping List, Turns It Into a Big Google Express Ad (arstechnica.com) 99

An anonymous reader quotes a report from Ars Technica: The Google Assistant, Google's voice assistant that powers the Google app on Android phones, tablets, and Google Home, has just gotten a major downgrade. In a move reminiscent of all the forced and user-hostile Google+ integrations, Google has gutted the Google Assistant's shopping list functionality in order to turn it into a big advertisement for Google's shopping site, Google Express. The shopping list has been a major feature of the Google Assistant. You can say "Add milk to my shopping list," and the Google Assistant would dutifully store this information somewhere. The shopping list used to live in Google Keep. Keep is Google's primary note-taking app, making it a natural home for the shopping list with lots of useful tools and management options. Now the shopping list lives in Google Express. Express is an online shopping site, and it has no business becoming a dedicated place to store a shopping list that probably has nothing to do with Google's online marketplace. Since Google Express is an online shopping site (and, again, has no business having a note-taking app grafted onto it), the move from Keep to Google Express means the Assistant's shopping list functionality loses the following features: Being able to reorder items with drag and drop; Reminders; Adding images to the shopping list; Adding voice recordings to the shopping list; Real time collaboration with other users (Express has sharing, but you can't see other people as they type -- you have to refresh.); Android Wear integration; Desktop keyboard shortcuts; Checkbox management: deleting all checked items, unchecking all items, hiding checkboxes. Alternatively, the move from Keep to Google Express means the Assistant shopping list gains the following features: Google Express advertising next to every list item; Google Express advertising at the bottom of the page.
DRM

The Kodi Development Team Wants To Be Legitimate and Bring DRM To the Platform. (torrentfreak.com) 156

New submitter pecosdave writes: The XBMC/ Kodi development team has taken a lot of heat over the years, mostly due to third-party developers introducing piracy plugins to the platform. In many cases, cheap Android computers are often sold with these plugins pre-installed with the Kodi or XBMC name attached to them -- something that caused Amazon to ban sales of such devices. The Kodi team is not happy about this, and has taken the fight to the sellers. The Kodi team is now trying to work with rights holders to introduce DRM and legitimate plugins to the platform. Is this the first step towards creating a true one-stop do it yourself Linux entertainment system?
Ubuntu

Canonical Founder Criticizes Free Software Developers Who 'Hate On Whatever's Mainstream' (google.com) 374

Canonical Founder Mark Shuttleworth said Saturday that "I came to be disgusted with the hate" on Canonical's display server Mir, saying it "changed my opinion of the free software community." After announcing his company was abandoning Unity for GNOME, Shuttleworth posted a gracious thank-you note to the Unity community Friday on Google Plus. But on Saturday, he added a sharper comment: "I used to think that it was a privilege to serve people who also loved the idea of service, but now I think many members of the free software community are just deeply anti-social types who love to hate on whatever is mainstream. When Windows was mainstream they hated on it. Rationally, Windows does many things well and deserves respect for those. And when Canonical went mainstream, it became the focus of irrational hatred too. The very same muppets would write about how terrible it was that IOS/Android had no competition and then how terrible it was that Canonical was investing in (free software!) compositing and convergence. Fuck that shit."
The comment begins by saying "The whole Mir hate-fest boggled my mind - it's free software that does something invisible really well. It became a political topic as irrational as climate change or gun control, where being on one side or the other was a sign of tribal allegiance. We have a problem in the community when people choose to hate free software instead of loving that someone cares enough to take their life's work and make it freely available."
Google

Google Announces Android Cross-Licensing Program 'PAX' -- But Why? (consortiuminfo.org) 33

"Linux and open-source software have had to contend with intellectual property legal challenges for years," writes ZDNet. "Now, Google has started a new effort to bring peace to potential Android IP sore points: PAX... a royalty-free, community-patent cross-license." PAX is starting with nine members: Google, Samsung Electronics, LG Electronics, HTC, Foxconn Technology Group, Coolpad, BQ, HMD Global, and Allview. These companies own more than 230,000 global patents. PAX's purpose is to create a "community-driven [patent] clearinghouse, developed together with our Android partners, [that] ensures that innovation and consumer choice -- not patent threats -- will continue to be key drivers of our Android ecosystem. PAX is free to join and open to anyone."
Slashdot reader Andy Updegroved writes: The question is why? The announcement and the related website are extremely brief, and although everyone is invited to get a copy of the cross license, Google reserves the right to decide first whether your motives are pure and you can keep a secret. And so far, the only members of the "PAX Community" listed are existing Google business partners. Is Google aware of some new patent tempest brewing just over the horizon, about to burst into public view? And will any other company names and logos be added to the PAX Community Web page? We'll just have to stay tuned to find out.
Andy Updegrove tells ZDNet it does involve "formal cross-licenses between participants, and therefore enforceable rights, but not an infrastructure to do more (at least insofar as one can tell from the initial announcement)."
Android

Android Devices Can Be Fatally Hacked By Malicious Wi-Fi Networks (arstechnica.com) 154

An anonymous reader quotes a report from Ars Technica: A broad array of Android phones is vulnerable to attacks that use booby-trapped Wi-Fi signals to achieve full device takeover, a researcher has demonstrated. The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. Apple patched the vulnerability with Monday's release of iOS 10.3.1. "An attacker within range may be able to execute arbitrary code on the Wi-Fi chip," Apple's accompanying advisory warned. In a highly detailed blog post published Tuesday, the Google Project Zero researcher who discovered the flaw said it allowed the execution of malicious code on a fully updated 6P "by Wi-Fi proximity alone, requiring no user interaction." Google is in the process of releasing an update in its April security bulletin. The fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible. Company representatives didn't respond to an e-mail seeking comment for this post. The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values. The values, in turn, cause the firmware running on Broadcom's wireless system-on-chip to overflow its stack. By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks, Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode. Beniamini's code does nothing more than write a benign value to a specific memory address. Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point.
The Almighty Buck

Amazon Will Refund Millions of Unauthorized In-App Purchases Made By Kids (techcrunch.com) 49

Amazon will refund millions of dollars worth of unauthorized in-app purchased made by kids, having dropped its appeal of last year's ruling by a federal judge who sided with the Federal Trade Commission in the agency's lawsuit against Amazon. "The FTC's original complaint said that Amazon should be liable for millions of dollars it charged customers, because of the way its Appstore software was designed -- that is, it allowed kids to spend unlimited amounts of money in games and other apps without requiring parental consent," reports TechCrunch. From the report: The issue had to do with the way the Amazon Appstore's in-app purchasing system worked. The Amazon Appstore is the store that comes preloaded on Amazon mobile devices, like Kindle Fire tablets, for example, though there is a way to load it onto other Android devices, too. In Amazon's Appstore, which launched back in 2011, the company didn't originally require passwords on in-app purchases. This allowed kids to buy coins and other items to their hearts' content. One particularly awful example involved a game called "Ice Age Village" that offered an in-app purchase of $99.99. Amazon introduced password-protected in-app purchases in March 2012, but then only on those where the purchase exceeded $20. In early 2013, it updated the system again to require passwords, but also allowed a 15-minute window afterwards where no password was required. The FTC said Amazon didn't obtain "informed consent" until July 2014. To make matters worse, parents complaining weren't told how to get a refund and Amazon had even suggested at times that refunds weren't possible, the FTC's complaint had said. More than $70 million in in-app charges made between November 2011 and May 2016 may be eligible for refunds, the FTC notes. It's not likely that all affected customers will take the time to make their requests, however.
The Almighty Buck

Amazon Launches Amazon Cash, a Way To Shop Its Site Without a Bank Card (techcrunch.com) 35

An anonymous reader quotes a report from TechCrunch: Amazon this morning announced the launch of Amazon Cash, a new service that allows consumers to add cash to their Amazon.com balance by showing a barcode at a participating retailer, then having the cash applied immediately to their online Amazon account. The service will support adding any amount between $15 and $500 in a single transaction, Amazon says. Amazon Cash will be available at brick-and-mortar retailers across the U.S., including CVS Pharmacy, Speedway, Sheetz, Kum & Go, D&W Fresh Market, Family Fare Supermarkets, and VG's Grocery. Other stores will be added in the future. The advantage to Amazon Cash is that, as soon as you checkout at the register, the funds are available in the customer's Amazon account. There are also no fees -- something that can't be said of all the prepaid cards on the market. However, Amazon isn't selling "Amazon Cash"-branded Gift Cards at stores -- instead, customers visit Amazon.com/cash from web or mobile, or search for "amazon cash" in the Amazon mobile app to access their Amazon Cash barcode. They can also navigate to "Manage Gift Card" balance to find the Amazon Cash barcode, as it's effectively connected Amazon's gift card functionality. That same barcode can be reused any time the customer wants to add more cash to their Amazon account. It can also be added to your Wallet app on iOS or as a homescreen shortcut on Android.
Movies

Netflix Now Lets You Download Videos Onto Your PC (pcworld.com) 60

Netflix now offers offline streaming via its Windows 10 PC application, meaning you'll have even more options wherever you're stuck without Internet access. From a report: Netflix added the offline viewing options as part of the most recent update to the Netflix app on Windows 10. Because the Windows Store doesn't show you what version of the Netflix app you're using, just make sure you check for updates using the large blue button in the upper-right corner of the Windows Store app to receive the latest version. You won't need the Creators Update to take advantage of the new feature, either. When you open the app, Netflix will show you a large splash screen that advertises the new "download and go" capability. Unfortunately, if you click the Find me something to download button, the Netflix app doesn't currently display a list of downloadable titles; you'll have to hunt them down yourself. Netflix introduced the same capability on iOS and Android late last year. It's a bold move by Netflix to bring this feature to desktop. There is always the risk of someone finding out a way to break the DRM and easily distribute the files.
Android

Android Overtakes Windows as the Internet's Most Used Operating System (betanews.com) 138

As expected last month, Android has surpassed Windows to become the world's most used operating system, according to the web analytics firm StatCounter. From a report: Usage figures published by StatCounter show that Android accounted for 37.93 percent of the worldwide OS Internet usage share in March. Windows is not far behind at 37.91 percent, but Android taking the lead is being described as a "milestone in technology history." The fact that Android is now topping the charts can be attributed to the fact that mobile devices are now used to connect to the Internet far more frequently than desktop computers and laptop. Coupled with declining PC sales, Windows is starting to lose out overall, although it still accounts for 84 percent of the worldwide desktop operating system market.

Slashdot Top Deals