Google expands warning dialogs for sideloading app updates

0
[ad_1]

Google introduced a warning dialog with Android 14 last year, specifically targeting users downloading a Google app update from a source other than the Play Store. This cautionary measure, part of the “update ownership” API in Android 14, allowed app stores to claim ownership over an app and warn users about potential risks associated with sideloading updates from unofficial sources.

Initially observed on Pixel phones and some Google apps, recent reports indicate that these warning dialogs are extending their reach beyond Pixel devices and Google’s proprietary apps and services.

Users have reported encountering these warning dialogs on non-Pixel phones, such as the Samsung Galaxy S24 Ultra while attempting to sideload updates even for non-Google apps like AccuWeather.  Warnings have been noted even when updating apps via the Galaxy Store on Galaxy devices. This expansion of warning dialogs suggests that Google is broadening its efforts to enhance user awareness and security beyond its own branded hardware and software products.

Updating apps from random sources may change the app’s functionality, notes Google

While the Android ecosystem’s flexibility allows users to install apps or updates from various sources, it also exposes devices to potential risks, including the loss of certain features present in previous builds. The warning dialogs serve as a proactive measure, alerting users to the potential pitfalls of sideloading updates from unofficial sources.

Importantly, the dialog appears only once for each unique app source. If a user downloads an app or update from the Play Store and subsequently sideloads a newer version from a different service, the warning dialog won’t reappear for subsequent updates, regardless of the source.

This move by Google aims to strike a balance between the open nature of the Android ecosystem and user safety. The warning dialog provides users with crucial information about the potential risks associated with sideloading, enabling them to make informed decisions about their app installation practices. For seasoned users accustomed to sideloading, the dialog is unlikely to pose a significant inconvenience, given the option to proceed with the update. However, for those new to the practice, the warning dialog serves as a valuable precautionary measure. It lets the unaware users know the possible outcomes before they go ahead.

Warning on app update sideloading
Credit: Android Police

[ad_2]
Source link

Fossil is exiting the smartwatch business for good

0
[ad_1]

Fossil is done making smartwatches. A company that’s been around in the smartwatch industry for quite a few years after releasing its first Wear OS quite some time ago, has confirmed that it will no longer be making smartwatches.

This comes after months and months of users waiting to learn about what Fossil’s next set of devices may be. The wait has been even longer still for users of existing Fossil smartwatches hoping to hear something about an update to Wear OS 4. Speaking to The Verge, Fossil spokesperson Amanda Castelli confirms the decision to leave smartwatches behind is a strategic one. “As the smartwatch landscape has evolved significantly over the past few years, we have made the strategic decision to exit the smartwatch business,” Castelli said.

The Gen 6 line will be the company’s last smartwatch, but Castelli does confirm Fossil plans to keep its existing watches updated. At least for the “next few years.” It’s not explicitly mentioned though if this is limited to security and stability updates. The hope for existing users is that Wear OS 4 would be around the corner. But with Fossil existing the business, that doesn’t seem likely now. Fossil watches already have Wear OS 3.5, which was pushed out last year.

With Fossil done making smartwatches, it will focus on its “core strength and the core segments”

This announcement might surprise some, but there were suggestions that Fossil might take this route back in December of 2023. At the time, several users on Reddit had claimed to have spoken to Fossil retail employees about the Fossil Gen 7. Those employees said the company wasn’t going to be making the device. While other users said Fossil was just waiting for a new chipset.

It seems there was truth to those claims. Fossil says it will now redirect resources to support its “core strengths and core segments.” Which refers to essentially everything it made before smartwatches. Leather goods, traditional watches, and jewelry are Fossil’s bread and butter. So the company is going to go back to focusing on putting out new products in those categories.

It’ll be a shame that Fossil is done though. It was one of the only companies releasing new devices consistently across a range of brands including its own Fossil brand, Diesel, Michael Kors, and others. Without Fossil in the business, Wear OS users will have a lot fewer options. Unless another company steps in to fill the void.

Those looking for good alternatives might want to consider something like the Galaxy Watch 6. It’s probably the best Wear OS watch on the market and it already has Wear OS 4 out of the box. It’s even rumored to get the next major version update ahead of other devices.


[ad_2]
Source link

Ring will finally stop giving your recordings to police, Amazon says

0
[ad_1]

Amazon Ring, the part of Amazon that makes internet-connected home security cameras, is changing its video-sharing policy in a big way. The company announced this week that it will stop sharing user videos with law enforcement without user consent. Previously, police could ask Amazon for the videos through a tool called Request for Assistance. The feature was available in the Neighbors app, which was designed to allow neighbors and community members to work together to keep their communities safe. However, it quickly became a way for police to get Ring recordings.

As of this week, Amazon says the Request for Assistance tool is being sunset. Although the company reinforces that law enforcement agencies can still monitor the Neighbors app, they cannot request and receive video. Instead, police can only use the app “to share helpful safety tips, updates, and community events.” Amazon notes that law enforcement agency posts will remain publicly accessible for users in the Neighbors app.

The policy shift is a huge win for privacy advocates. It’s easy to see how Ring camera footage could aid police in solving crime. Ring makes some of the most popular doorbells and home security cameras on the market. It’s sometimes difficult to get through a neighborhood without spotting a Ring camera. However, Ring’s policy of handing over recordings to police highlighted everything feared about internet-connected cameras. Users didn’t have the final say over who got to see their Ring recordings.

How police can still get your Ring recordings

Ring 3 Plus AH HR CM1

There are some ways that Ring can still give your recordings to police, however. This includes something called a “special emergency request,” which can be used if someone is in a life-or-death situation. A spokesperson for Ring told CNET that examples are situations such as “serious physical injury, kidnapping, and attempted murder.” The spokesperson also said that these examples are very rare.

In July 2022, Amazon confirmed that it had successfully granted special emergency requests 11 times over a seven-month period. This is according to a letter Amazon sent to U.S. Senator Ed Markey (D-MA), as reported by The Verge. There is no finite protocol for sharing videos. Amazon uses an internal “good-faith determination” instead.

Separately, Amazon will still comply with court orders for video requests, like search warrants and subpoenas. It is legally required to do so. However, it’s important to note that search warrants and subpoenas, for the most part, are specific. Police can’t ask Amazon for all your Ring camera footage. Law enforcement can request specific time periods of footage, provided a judge approves it.

So, what does this mean for you? If you have a Ring camera, you now have more protection against nonconsensual police requests for video. However, there are still ways Amazon can give your video to law enforcement. If anything, it’s another reminder that you should think long and hard about whether you want to install internet-connected cameras.


[ad_2]
Source link

Hackers Crack Tesla Twice, Rake in $1.3 Million at Pwn2Own Automotive

0
[ad_1]

Pwn2Own Automotive 2024 took place in Tokyo, Japan, from January 24 to 26.

Pwn2Own Automotive 2024, a three-day contest organized by Trend Micro’s Zero Day Initiative, saw competitors earn $1,323,750 for hacking Tesla twice and discovering 49 zero-day bugs in EV systems.

Synacktiv Team won the contest, earning $450,000 in cash for hacking a Tesla car twice, gaining root permissions, and demonstrating a sandbox escape in the Tesla infotainment system. They also demonstrated two-bug chains against Ubiquiti Connect and JuiceBox 40 Smart EV Stations. Second on the list was fuzzware.io for received $177,500. In third place were Midnight Blue/PHP Hooligans with $80,000 in rewards.

Participants earned over $700,000 on the first day, including $60,000 for EV charger hacks and $40,000 for infotainment system and Tesla modem hacks. The second day saw the Automotive Grade Linux exploit earning the biggest reward of $35,000, while EV charger exploits earned teams $30,000. On the third day, researchers received $60,000 for an Emporia EV charger exploit and $30,000 each for other exploits, resulting in payouts ranging from $20,000 to $26,000.

Here, are the prominent happenings and results from all three days of the contest.

On the first day, researchers discovered vulnerabilities in Tesla’s modem, Sony’s infotainment systems, and Alpine’s car audio players, collectively earning $722,500 in awards for identifying three bug collisions and 24 zero-day exploits.

The NCC Group EDG team won $70,000 for exploiting zero-day bugs to hack Pioneer DMH-WT7600NEX and Phoenix Contact CHARX SEC-3100 EV chargers. Sina Kheirkhah, Tobias Scharnowski, and Felix Buchmann attacked ChargePoint Home Flex and Sony XAV-AX5500, earning $60,000 and $40,000, respectively.

Synacktiv Team successfully exploited Tesla Modem and JuiceBox 40 Smart EV charging stations, while the PCAutomotive Team exploited Alpine Halo9 iLX-F509.

On Day 2, Team Tortuga successfully exploited a known bug in a 2-bug chain against the ChargePoint Home Flex, earning $5,000 and 3 Master of Pwn Points. The Midnight Blue / PHP Hooligans team also used a known bug in a 3-bug chain to exploit the Phoenix Contact CHARX SEC-3100, earning $30,000 and 6 Master of Pwn Points.

PCAutomotive couldn’t exploit the JuiceBox 40 Smart EV Charging Station whereas Katsuhiko Sato successfully attacked the Sony XAV-AX5500, earning $10,000 and 2 Master of Pwn Points.

Computest Sector 7 successfully targeted the JuiceBox 40 Smart EV Charging Station for a known bug, earning $15,000 and 3 Master of Pwn Points. Sina Kheirkhah failed to exploit the Autel MaxiCharger AC Wallbox Commercial, while Synacktiv and NCC Group EDG successfully exploited the Tesla Infotainment System and Alpine Halo9 iLX-F509, using a 2-bug chain, earning $100,000 and $20,000, respectively.

Synacktiv earned $35,000 and 5 Master of Pwn Points using a 3-bug chain, while Le Tran Hai Tung earned $20,000 and 4 Master of Pwn Points using a 2-bug chain. Sina Kheirkhah and Alex Olson failed to get their exploits working, while fuzzware.io earned $30,000 and 6 Master of Pwn Points using a stack-based buffer overflow. RET2 Systems also earned $30,000 and 6 Master of Pwn Points using a stack-based buffer overflow.

Day 3 saw Computest Sector 7 exploiting the ChargePoint Home Flex and earning $30,000 and 6 Master of Pwn Points using a 2-bug chain. Synacktiv successfully exploited the Sony XAV-AX5500, earning $20,000 and 4 Master of Pwn Points. Katsuhiko Sato failed to exploit the Pioneer DMH-WT7600NEX.

Sina Kheirkhah attacked the Ubiquiti Connect EV, earning $30,000 and 6 Master of Pwn Points. fuzzware.io exploited the Phoenix Contact CHARX SEC-3100, earning $22,500 and 4.5 Master of Pwn Points.

Nettitude’s Connor Ford exploited the JuiceBox 40 Smart EV Charging Station, using a stack-based buffer overflow, earning $30,000 and 6 Master of Pwn Points. Team Cluck exploited the Phoenix Contact CHARX SEC-3100, earning $26,250 and 5.25 Master of Pwn Points.

Vendors have 90 days to release security patches before Trend Micro publicly discloses it.

  1. 6 of the Best Crypto Bug Bounty Programs
  2. Bug bounty: Hack Tesla Model 3 to win your own Model 3
  3. Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu Pwned

 


[ad_2]
Source link

Google Assistant on Android Auto gets sleek redesign for voice replies

0
[ad_1]

Google is rolling out a fresh redesign for Google Assistant on Android Auto, offering users an updated and slick experience. The redesign includes changes to the “listening” UI, with a tag prompting users with “Hi, how can I help you?” when not immediately spoken to. Once a user starts speaking, the Assistant transcribes the speech along the bottom bar, replacing app icons.

Notably, the voice replies are also undergoing a revamp, appearing in any space not occupied by maps in Android Auto. This new design is part of the Android Auto version 11.2 update, currently available in beta and expected to roll out to all users in the coming weeks.

This latest redesign marks another iteration in the evolving look of Google Assistant on Android Auto. The platform has witnessed various designs over the years, and the latest design, in place since August 2023, is now being replaced by a more refined and user-friendly interface. The “listening” UI at the bottom bar provides a visual indication of Assistant’s activity, with the transcription appearing as users speak. This visual enhancement aims to streamline the user experience and make the voice interaction more intuitive.

Google has also changed the way voice replies work on Android Auto

Previously, voice replies were integrated into the unused space on the screen, often competing with map displays. With the new design, voice replies to find a dedicated space not utilized by maps. It ensures a cleaner and more organized layout. The redesign includes a “Speak now” prompt for transcribing messages, accompanied by “Cancel” and “Send” buttons. Contact details and app icons are also displayed for added context, creating a more user-friendly and visually appealing interface.

These changes align with Google’s ongoing efforts to enhance the Android Auto experience. The redesign is part of Android Auto version 11.2, which is currently available in beta. It is expected to roll out to all users in the coming weeks. The update prepares the platform for upcoming features, such as AI message summaries and more contextual auto-replies, which were previewed in a recent video.

android auto new google assistant ui 1 696x418
Credit: 9TO5Google

[ad_2]
Source link

Google’s former CEO is building Kamikaze drones for Ukraine

0
[ad_1]

The current CEO of Google is Mr. Sundar Pichai however, but the company used to be led by a man named Eric Schmidt. After leaving the company in 2018, he decided to embark on other ventures. According to a new report, Eric Schmidt has been working on his own company to build AI-powered Kamikaze drones for Ukraine.

The company is called White Stork, and it shares its name with the Ukrainian national bird. We’re not quite sure how old the company is, but it’s very much a startup. Also, it’s under a spree of shell companies, one of which is named Volya Robotics OÜ. Not much is known about these companies, but we know that they have one clear objective.

Eric Schmidt is developing his own company to build AI-powered Kamikaze drones

Right now, Russia and you Ukraine are gripped in a war and have been for over a year. The United States is in support of Ukraine, and Eric Schmidt has been working on ways to aid in this regard. Since leaving Google, he has since led the National Security Commission on Artificial Intelligence. So, building a company that supplies explosive-equipped Kamikaze drones seems to be a logical next Step.

This sounds like something out of an action sci-fi film, but it’s the truth. The company is developing drones armed with explosives to help Ukraine fight off Russian forces. According to the Wall Street Journal, a drone carrying a small amount of explosives would cost around $400. That seems like a reasonable price for such a device, seeing as many mid-range smartphones cost at least $100 more than that. So the impact on the Department of Defense’s budget seems to be minuscule.

Also, it appears that Ukraine is in the market for drones from its allies. So, it seems rather auspicious for White Stork. Obviously, Eric Schmidt and everyone working at white Stork hope to sell a ton of drones. Hopefully, the need to buy explosive-carrying Kamikaze drones won’t linger for too much longer.


[ad_2]
Source link

Apple to see little change to its bottom line from EU overhaul

0
[ad_1]
Apple yesterday announced major changes it is making to iOS, Safari, and the App Store as iPhone users will be able to install apps from third-party app storefronts, select a default third-party contactless payment platform to replace Apple Pay, use an alternative payment platform to pay for in-app transactions in the App Store, and more. Before you get too excited, these changes are only happening in the 27 member countries that make up the European Union (EU).
Some analysts are concerned that by reducing the so-called “Apple Tax” in the EU for developers using Apple’s in-app payment platform from 15%-30% to 10%-17%, Apple’s Services unit will see a speed bump in its growth rate. Additionally, Apple receives no cut of the in-app transactions processed by a third-party platform, something that developers are allowed to do in the EU when the changes kick off in March with the release of iOS 17.4. The developer beta of the build was just released this week.
But there is at least one major investment house that sees little change to Apple’s financials after these wholesale changes take effect in the EU. AppleInsider was able to read the latest investment note on Apple sent to clients of J.P. Morgan. The latter believes that a 50-cent fee Apple is imposing in the EU on all apps downloaded after reaching one million installs will make up for the lower Apple Tax in the EU. Besides, the investment house points out that the EU is responsible for only 6% of App Store revenue.

The Services segment is Apple’s second-largest business unit after the iPhone and generated revenue of $85.2 billion in fiscal 2023. As far as most investors are concerned, that makes all of the changes Apple announced yesterday important as far as the company’s stock price is concerned.

We could see lawmakers in the U.S. seek to emulate the EU’s Digital Markets Act (DMA) with some form of legislation that would force Apple to make similar changes to iOS, Safari, and the App Store in the U.S.


[ad_2]
Source link

Apple may allow third-party payment apps to use its NFC system

0
[ad_1]

In a move complying with the Digital Markets Act (DMA) in the European Union, Apple is making significant changes in iOS 17.4, expanding options for app distribution and payment processing. The changes will take effect in 27 EU countries starting from March 2024, notes Apple. One of the notable changes made in response to the DMA is the opening up of the iPhone’s near-field communication (NFC) system, previously exclusive to Apple Pay, for other banking and wallet apps.

This marks a pivotal shift in Apple’s approach, allowing developers in the European Economic Area to utilize an iPhone’s NFC system in their apps for contactless payments. The announcement follows increased scrutiny from EU regulators, who have been investigating Apple’s alleged anticompetitive behavior related to restricting third-party access to the iPhone’s NFC technology since the launch of Apple Pay in 2015.

Apple notes some of the inconveniences users may face with third-party payment processing

“For apps that use alternative payment processing, Apple will not be able to issue refunds, and will have less ability to support customers encountering issues, scams, or fraud,” notes Apple. The company also updated its business terms available for third-party apps in the European Union, which their developers will have to follow to use alternative payment processing.

Nonetheless, Apple emphasized its commitment to user safety, outlining safeguards to mitigate potential threats. The safeguards, including Notarization for iOS apps and authorization for marketplace developers, aim to address and reduce these risks.

The European Commission’s investigation into Apple’s NFC practices began gaining momentum in May 2023

The commission raised concerns about Apple’s alleged anti-competitive practices, contending that locking the NFC chip solely to Apple Pay hindered competition in the mobile payment market. For Apple, opening the NFC system to third-party payment apps is allowing direct competition to Apple Pay inside its own ecosystem. This is something that the company didn’t want. However, it’s just going to have to deal with it.


[ad_2]
Source link

Google powers Samsung’s Galaxy AI… but not in China

0
[ad_1]

At this point, Googling and Samsung are a dynamic duo in the tech World. Their close partnership heavily influences the direction of mobile technology. So, it’s no surprise that Google’s AI models power Samsung Galaxy AI features, but that’s not the case in China. In China, a chatbot named Ernie actually powers Galaxy AI.

If you don’t know what Galaxy AI is, it is a set of powerful generative AI tools that debuted on the new Samsung Galaxy S24 phones. These are the latest devices from Samsung, and they bring some powerful AI features. These features include text generation and speech translation. Here’s a rundown of the features that Samsung announced.

Galaxy AI uses Ernie in China

Google and Samsung are very similar in that they’re struggling to make an impact in the Chinese market. Google’s phones aren’t super popular in China. More importantly, Google Play services are not widely used in the country. As for Samsung, stiff competition from major Chinese Brands like Huawei, Xiaomi, Oppo, etc. means that the South Korean giant just can’t seem to sell many phones in the country.

Well, as a way to help its waning influence in China, Samsung similarly partnered with the Chinese brand Baidu to implement its chatbot. Named Ernie, this chatbot is currently powering the Galaxy AI features. Ernie may not be as notable in the Western markets, but it seems to be a popular chatbot in China.

While these features are being powered by a different chatbot overseas, there don’t seem to be any differences in the functionality. Chinese users are still getting the full array of features like chat translation, Interpret, real-time voice translation, Circle to search (however, in China, there is a different version of this feature not powered by Google), Samsung Note Assistant, and many more.

Pre-orders for these phones have closed, but the Galaxy S24 series actually broke the pre-order record previously held by the Galaxy S23 phones. This shows that, despite the lack of notable hardware improvements, the Galaxy S24 series is very popular amongst users. The base Galaxy S24 starts at $799, and general sales begin on January 31st. So, if you can’t wait to put in your order, there’s not much more time to wait.


[ad_2]
Source link

Google Bard could help you with your text messages

0
[ad_1]

Artificial intelligence could help you with just about everything in life, so why not have it help you write your text messages? This is something that Google can be planning on doing. Thanks to a new leak, it appears that Google is working on implementing Bard into Google Messages. As you can imagine, this will make texting other people much easier.

At this point, the genie is out of the bottle; AI technology is here to stay. It has a ton of influence over the tech world and our lives (both positive and negative). Google has its “Help me write” feature present in products like Google Docs and Gmail. The company is working on bringing Help me write all throughout Chrome. The way this works is that you’ll be able to have AI generate content for you in any text field using the Chrome browser. This will bring the power of AI into many more corners of the average user’s life.

Google could eventually implement Bard into Google messages

At this point, this is still a leak and a rumor, so you’ll want to take this news with a grain of salt. Be that as it May, it looks to be pretty complete. Tipster AssembleDebug posted a few leaked screenshots of Google Messages with this feature. It’s complete enough to show up in the app, but it’s not 100% functional just yet.

In one screenshot, we see a message introducing the user to Bard. This message explains what it’s all about. It looks like Bard will have its own dedicated conversation much like Snapchat My AI. So, it seems like you’ll be able to interact with Bard in that conversation just like you would on the browser. You’ll send text-based queries through messages, and it will generate responses for you. In the second screenshot, we even see that Bard shows up as a contact.

The last screenshot shows the obligatory “read our terms of service” message explaining a bunch of information about Bard, and giving users the option to accept or decline it.

Google has been announcing a handful of new features for its apps lately. For example, Google Chat is finally getting voice messages. Also, Google Bard is on its way to the Google app. With this latest report, it seems that Google is gearing up for a sizable unveiling of new features. We’re not sure if this is going to be part of a new feature drop, or if Google is going to arbitrarily launch these additions. In any case, it’s nice to see the company releasing a ton of new and useful features to its products


[ad_2]
Source link