Google has filed a patent application for a new Google Maps feature that will help a group of people driving to the same location receive navigation and turn-by-turn directions to this one destination. With the unwieldy title of “providing navigation instructions to one device in view of another device,” the innovation here delivers “group navigation” to Google Maps users. The group navigation is designed for multiple people heading to the same location but leaving from different places.
Here’s how this might work. The first driver punches in the destination and invites the other drivers to join the group. All members of the group must be Google members according to the patent application. The bottom line is that everyone in the group will see personalized directions to the same location. Estimated Time of Arrival (ETA) will also be available for all members of the group so if you’re the first to arrive at the destination, you’ll be able to see when the rest of the party is expected to arrive.
Even better, Google Maps will be able to use traffic conditions obtained from the lead vehicle to alert the others about traffic jams, accidents, and when an alternative route is necessary to avoid a huge delay. The lead vehicle can also give the others information on where to park which will allow the other members of the group to know in advance of their arrival where they should park their cars.
Google considers a feature for Google Maps aimed at groups driving to the same destinations|Image credit-Ililta.EU
Eventually, Google Maps could recommend speed adjustments so that all members of a group will arrive at the destination at the same time. The patent application also suggests Google Maps could add a voice chat application which would allow the members of a group to communicate with each other during the journey. Considering that there are already ways that members of such a group can stay in constant touch while traveling to the same destination, it is possible that Google won’t see this as something urgent that needs to be developed.
While there is no guarantee that Google will add this feature to Google Maps, it would be a great addition to the app especially for families who meet up every year at a location for a driving vacation. Google, like many other tech companies, applies for a large number of patents each year while only a small percentage of them ever become real innovations.
One app getting a new look in iOS 18 is the Photos app. Three Apple executives sat down to discuss the redesigned app with The National. The trio consisted of Jon McCormack, vice president for camera and photos at Apple’s software engineering team, Della Huff, manager of camera and photos at Apple’s product marketing team, and Billy Sorrentino, senior director at Apple’s human interface design unit.
The redesigned Photos app will be found on iOS 18, iPadOS 18 and MacOS Sequoia and will be powered by Apple Intelligence. The latter is what the company is calling its first dive into the world of Artificial Intelligence (AI). Sorrentino, talking about the AI-based Photos app, said, “As our features, users, and libraries have grown, so has the density of the [Photos] app. So rather than hunt and peck throughout, we’ve created a simple streamlined single view photos experience based on deep intelligence.” Everything that Apple is doing to the Photos app is being done with one goal in mind and Sorrentino says, “Ultimately, we wanted to remove friction.”
A new security-based feature for the Photos app was discussed by McCormack who said, “We make it very clear that when an application goes and uses an API [application programming interface] for the first time, we’ll inform the user exactly what that app is asking for.” If an app requests full access to your library of photos, you’ll be able to “create a special little sub-catalogue” for that app. Developers will also be able to use a “whole robust set” of APIs that will help them improve their apps.
The Photos app in iOS 17.5.1|Image credit-PhoneArena
Apple has previously said that the Photos app will undergo its “biggest-ever redesign” with the iOS 18 update. The app, along with Safari and Mail, is one of the most-used apps on iOS. Features coming to the app include a new single-grid UI with the month and year listed underneath to make it easier to find a photo or video taken on a specific date. A new Collections feature will organize photos and videos by topic or theme. Consider it to be the upgraded version of the current Memories feature that stores images and videos by event, people, or theme.
Discussing the customizations, Apple’s Huff says, “Lots of deep intelligence combined with customization means that Photos can be more personal. Everyone has a different workflow and so automatic customization is really key here.” While this wasn’t mentioned by any of the three Apple executives, an AI feature for the Photos app called “Clean Up” is expected to allow iPhone users to circle unwanted distractions from an image and the distraction will disappear. It is similar to the Magic Eraser feature that Google originally brought to Pixel handsets. Google has since made it available on a limited basis to other Android handsets and iOS through the Google Photos app.
While the iOS 18 developer beta is currently available, the public beta should launch sometime this month. The stable, final version of iOS 18 is expected to be released in September.
Alarming new research exposes thousands of CSAM (child sexual abuse material) consumers through infostealer malware logs. Recorded Future identifies dark web users with credentials for CSAM.
A new study by Recorded Future’s Insikt Group has identified thousands of individuals who have accessed child sexual abuse material (CSAM) on the dark web, tracked down by analyzing logs from infostealers, a type of malware that steals user information from infected devices.
Infostealer steals sensitive data like login credentials, OS details, autofill data, screenshots, credit card numbers, cryptocurrency wallets, and browsing history through phishing, spam campaigns, fake update websites, SEO poisoning, and malvertising. It creates an infostealer log to store this data and transmits it back to the threat actor’s servers.
The research involved creating a list of high-fidelity CSAM domains, queuing Recorded Future Identity Intelligence proprietary data to identify users with login credentials, and grouping them based on each source.
Collaboration with non-profit organizations like the World Childhood Foundation and Anti-Human Trafficking Intelligence Initiative (ATII) helped determine popular sources where CSAM is hosted and consumed.
Insikt Group analysts used infostealer logs from February 2021 to February 2024 to identify CSAM consumers by cross-referencing stolen credentials with known domains. They identified 3,324 unique credentials used to access known CSAM websites, providing valuable data for law enforcement, including usernames, IP addresses, and system information
Using open-source intelligence (OSINT) and digital artefacts, including cryptocurrency wallet addresses, transaction histories, non-CSAM web accounts, physical addresses, phone numbers, email addresses from browser autofill data, and associations with online services like social media and job application portals they gathered more information about these users.
This is similar to a development by Microsoft. In January 2020, the technology giant announced Project Artemis, aimed at detecting CSAM consumers through online chat using a new tool.
However, in September 2020, a server belonging to the Microsoft Bing search engine exposed a treasure trove of data online, which contained user search queries and location data, including those searching for CSAM and murder. Despite having location data of users involved in criminal searches, the company did not report it to the relevant authorities.
As for Insikt Group, the researchers specifically studied three users from “141 repeat offenders identified over 362 log references,” including a Cleveland, Ohio resident, d****, convicted of child exploitation and accounts on 4 CSAM sites, an Illinois children’s hospital volunteer, docto, with a history of retail theft and accounts on 9 CSAM sites, and a Venezuelan student Bertty, maintaining accounts on 5 CSAM sites and likely involved in the purchase and distribution of CSAM content.
“We were able to rank CSAM hosting websites by the number of compromised credentials in the last three years. The top ten sources1 identified below were kidfl*4m, alice*4, gk*fgh, 243*n, c*ub, *ian, my*eens, 3d*oys, *yboys, and boyvi*,” Recorded Future’s report (PDF) read.
According to researchers, the following three countries had the highest counts of users with credentials to known CSAM communities:
India
Brazil
United States
Data extracted from infostealer logs by researchers reveals the location details of CSAM sources and users. (Screenshot credit: Recorded Future Identity Intelligence)
Recorded Future’s study shows infostealer logs’ potential in identifying CSAM consumers and new trends. Law enforcement agencies can use this information to track down and prosecute those who are involved in the production and distribution of CSAM.
Hackread.com has redacted the top 10 CSAM forums to prevent users from searching for or visiting them.↩︎
There is no denying that Epic Games has been trying to get Apple to approve an Epic Games Store for the iPhone dating back to the 2021 Epic via Apple court battle. That legal battle took place after Apple kicked Epic and its popular Fortnite game out of the App Store for trying to get around Apple’s in-app processing platform that took a commission every time an in-app purchase was rung up.
Thanks to the EC’s Digital Markets Act (DMA), Apple must allow third-party app storefronts to find a home inside iOS in the EU. As recently as yesterday, Epic complained that Apple had twice rejected its submission to add the Epic Games Store to the iPhone in the 27 EU member countries. Epic stated that Apple’s decision was “arbitrary, obstructive, and in violation” of the DMA. However, Apple has pulled a 180-degree reversal and has reportedly approved the addition of the Epic Game Store to iOS.
Earlier reports noted that Apple believed that Epic was for the most part compliant with the EU guidelines except for the placement of certain buttons that could be confusing to consumers. Developers are prohibited from adding buttons to apps that could lead users to believe that certain elements in the app were made by Apple. Epic said that it has used the same button layout in other platforms and followed “standard conventions” for iOS buttons.
Apple kicked Fortnite and Epic out of iOS for trying to bypass Apple’s in-app payment platform
Apple told AppleInsider on Friday that it has approved Epic’s application for its Marketplace app in the EU and merely requested that Epic fix the button in the next submission it makes for the app. Apple isn’t known for giving in when facing a situation like this but it needs to be very careful here because the EC has already reached a preliminary view that as far as Apple is concerned, its App Store rules violate the Digital Markets Act (DMA). As a result, Apple could be fined up to $38 billion or 10% of its fiscal 2023 global revenue.
Epic still needs to finish work on the back end of its app although previously it did say that it was only a couple of months away from having its app added to iOS. Apple’s about-face should only make things easier for Epic to reach its goal.
Researchers shared insights about a new attack strategy that exposes users’ activities to snoopers. Identified as a “Snailload attack,” the technique works by exploiting the network latency following a bottleneck on internet connections.
Snailload Attack Exploits Network Latency
A team of researchers from the Graz University of Technology has devised a new side-channel attack that exposes users’ online activities. Naming it the Snailload attack, the researchers demonstrated how an adversary could exploit network latency to spy on users.
Interfering internet connections usually require the attacker to launch MiTM attacks or sniff WiFi packets by physically being present within the network’s proximity. However, while serving the same purpose, Snailload is different in that it neither requires code execution nor physical access to the target network.
As explained, a bottleneck in internet connections exists, particularly between the users’ devices and the ISPs, which affects network latency. (The subsequent connection from the ISP to the corresponding server, e.g., a website, is usually faster.) The Snailload side-channel attack exploits this bottleneck, allowing the attacker to access data packets from the bottleneck without malware execution of WiFi sniffing.
In this attack, the victim unknowingly downloads a file (an image, a video, etc.) from the attacker’s server, as the attack masks the file or video download. As the attacker sends the respective file gradually, it allows an attacker to exploit the bottleneck and measure the network latency to know the video being watched. Since the file is sent to the victim at a very slow speed (snail’s pace), and it leaves traces, the researchers have named it the “Snailload”.
The researchers have shared the technical details about the entire attack strategy in their research paper. They have also shared a demo on a dedicated website alongside releasing the example server on GitHub.
Limitations And Countermeasures
As demonstrated, Snailload is a precise remote side-channel attack which doesn’t require the attacker to rely on the victim machine’s hardware or execute codes. Its passive traffic analysis style makes Snailload applicable against every network-connected machine.
However, the attack has some limitations despite all its effectiveness for packet tracing. The most notable limitation is that it typically works on TCP connections where measuring network latency becomes feasible.
As for countermeasures, Snailload is affected by noise, which can server as a mitigation. But adding noise may also be inconvenient for the user. Besides, Snailload requires the target network to have a high bandwidth at the backbone infrastructure than the user’s connection to effectively create the bottleneck.
A Technically Skilled individual who finds a bug faces an ethical decision: report the bug or profit from it.
This is nowhere more relevant than in crypto.
In this article, with the help of Ilan Abitbol from Resonance Security, I look at the recent debacle between Kraken and CertiK and use it to discuss some of the problems concerning bug bounties that have arisen over time in the computer industry in general and in the cryptocurrency industry in particular.
The bug
Back on 9 June 2024, a CertiK security researcher reported to the crypto-exchange Kraken that they had found a bug. A significant bug — the equivalent of a re-entrancy exploit in a smart contract, but in the exchange’s web interface instead.
Re-entrancy bugs are exploits where you can withdraw cash or crypto, and then interrupt the system before the value of the withdrawal is subtracted from your balance. Or the reverse — start a deposit, wait for your balance to be increased in the system, and terminate the deposit before it completes.
You can think of it like getting $400 out of an ATM and then turning it off before it reports back to the head office that that amount should reduce your account balance.
Turn the ATM back on, and you can repeat the process until all the cash is drained from the ATM without your account balance decreasing.
It’s why competent smart contract programmers use a “checks-effect-interactions” pattern in their code:
check the client has a sufficiently high balance to cover the withdrawal amount (the check),
reduce the balance by the withdrawal amount (the effect),
then, and only then, send the client the withdrawal amount (the interaction).
Or for the ATM — don’t pay out the cash until you’ve received confirmation from head office that the balance has been reduced.
From what I can tell from the tweets and articles concerning the recent CertiK/Kraken situation, a security researcher found a way to start the deposit of funds into Kraken, withdraw the funds from their account, and then cancel the deposit before it completed — very much like the ATM example I’ve given.
The law
If you are hired under contract as part of a “Red Team” testing exercise, which is where security experts try to hack into a corporate system with the blessing of company management, then the legal situation you are in is clear.
You can’t be prosecuted under the various laws against computer misuse that every jurisdiction has passed, because access has been explicitly granted. You are authorized to do what you are doing.
If, on the other hand, you are an unknown person hacking into someone else’s computer and causing damage, deleting data, or extracting data and digital assets, then you are clearly in the wrong. What you are doing is criminal, and if you get caught the penalties can be severe. In some cases, we’re talking about years or decades of jail time.
“Being a white hat hacker is more of a mindset than a status.“
A problem arises in the gray areas, as there is no formal definition of what constitutes being a “white hat” hacker. What if, in the process of legitimately using a public interface to a computer system, you find a bug that allows you to access more than you are supposed to? Under standard prevention of computer misuse legislation even “poking” at the bug means you are breaking the law.
For example, in April 2024, a group of four University of Malta students found a security flaw in an application for students called FreeHour that allowed them to access student records as though they were system admins.
They reported the bug (a configuration problem in the underlying database), followed the usual white hat hacker rule of providing a three-month deadline to FreeHour for fixing the bug before disclosing it to the public, and asked if they could have a bug bounty for their discovery.
FreeHour claims they reported this to the authorities just to comply with GDPR legislation.
The police responded by arresting the students, strip-searching them at the station, and confiscating their computer equipment under Maltese law, which makes it illegal to access a computer application without proper authorization.
The students have stated they were acting in good faith, and I think they probably were. After all, they didn’t make any demands, or try to hold FreeHour to ransom.
The company says they were following regulatory requirements. I couldn’t find a response from the Maltese police, but if pressed I’m sure they would claim they were merely upholding the law.
The upshot is that those four students will probably never report a bug to a company or government again.
Back to CertiK and Kraken — the auditing company certainly was not given permission by the cryptoexchange to withdraw nearly 3 million dollars in cryptocurrency as part of a “white hat” hacking exercise.
While we were working on this article that’s why Ilan said to me: “Being a white hat hacker is more of a mindset than a status.”
Bug bounties
Clearly, network computers are going to have vulnerabilities. From a utilitarian perspective, what we want to do is incentivize people to act as responsible citizens and report these vulnerabilities, rather than ignore them or worse, criminally exploit them.
The industry solution is the bug bounty: a legitimate way for independent computer experts to profit from their discoveries.
Companies provide a list of requirements and rules for white hat hackers, and if you follow those to the letter, then the company says it won’t prosecute you and may even give you a cash reward for your effort, on some scale proportional to the risk you have uncovered.
There are several problems with bug bounties:
What if you accidentally break one of the (usually many) rules set out for the bounty program?
Is the reward you get really going to be commensurate with the damage you have saved the company by reporting it? Will you even get one?
As no explicit contract exists between the white hat hacker and the company, what about the fact that the authorities can still decide to prosecute and jail you, even though you did abide by all the bug bounty rules?
Kraken has a bug bounty policy. One of the things that policy says is that to be considered a white hat hacker your bug bounty submission “can never contain threats or any attempts at extortion”. By holding the funds they extracted hostage, it can be argued that CertiK engaged in precisely that.
The rewards
In the cryptocurrency space, there are some extra problems. Holding a company to ransom by encrypting their data, or selling an exfiltrated database on the black market involves a lot of effort and risk. You need to find a buyer, and as your buyer is a criminal, you could end up not getting paid or even blackmailed into performing more hacking with no payment.
If you find a flaw in a smart contract or an exchange website, on the other hand, you can cash in without having to connect to the Russian mafia on LinkedIn. There are token mixers, and there are exchanges that are lax on their know-your-customer protocols, and so with a bit of research you can cash out anonymously.
If you find a way to drain an entire cryptocurrency exchange of its digital assets, that may be very tempting to some people. Especially since, for example, the Kraken bug bounty has a maximum payout of 1.5 million dollars, and the most ever actually paid appears to be 60 thousand dollars[5].
The ad-hoc ten percent bounty
A disturbing development has been the emergence of ransom-based bug bounties. The hacker steals a large sum, and then negotiates to return a significant portion of it (typically 90%) in return for the promise of no further repercussions.
This has become a very tempting response to make from the perspective of DeFi protocol companies. If all your liquidity is missing, it’s game over. If most of it is returned, it is almost business as usual. A one year or two year loss of profits is better than having to close up shop.
Unfortunately, this sets a terrible precedent. If a company or protocol has a maximum bounty of 1.5 million dollars, and stealing 150 million dollars and returning 90% results in a bounty ten times higher than the supposed top reward, this is going to push a significant number of white-hat hackers into that gray area.
Conclusions
Ironically, bug bounties and the cryptocurrency space have managed to somehow evolve a situation where the risks of following the bug bounty system are higher and the rewards gained are lower than turning to the dark side.
I would argue that companies should:
set up a well-drafted and generous bug bounty scheme, and
stick to it rigidly.
In practice, I don’t think think this will happen.
But one thing is for sure — bug bounties are in need of a serious rethink in this crypto-age we find ourselves.
Android users can earn Google Play Points by purchasing paid apps, movies, books, or in-app items, and by trying featured free games and apps. Back in May, Google announced that it would be offering new perks and rewards for those trading in their Play Points. This includes exclusive early access to new games, and VIP experiences “at the hottest events in gaming and entertainment.”
Starting today, Google has teamed up with Niantic and 100 Thieves to give Play Points members at home or in New York City the chance to score exclusive perks and rewards for Pokemon Go. These rewards kicked off on Friday as Pokemon Go Fest started throughout New York City. From now until the end of Pokémon GO Fest 2024: Global on July 14, you can:
Redeem your points for exclusive Partner Research: Use your points for exclusive Partner Research that includes an encounter with the Fire Child Pokémon, Charcadet, and the chance to earn XP, Stardust, and an Incubator. Available for members in the United States, United Kingdom, Germany, Japan, Brazil and South Korea.
Watch 100 Thieves livestreams: Tune in as Valkyrae, Fuslie, and more take viewers through Pokémon GO Fest 2024: New York City. Diamond, Platinum, and Gold members: Be on the lookout for surprise merch drops during the streams.
Redeem your points for Pokémon GO Fest Merchandise: Use your points for hats, tote bags and pins from the official Pokémon GO Fest collection, while supplies last.
Claim a points boost: From July 5-7, claim a points boost to get 5X points on anything you buy in Pokémon GO.
To redeem your points for Partner Research or Pokémon GO Fest merchandise and claim your points booster, visit the Use tab and Earn tab of Play Points home. If you have a ticket to Pokemon Go Fest in New York City, visit the Google Play Space on Randall’s Island to collect a reward. If you’re a Gold+ member, you get a Wildcard which Google calls your “VIP pass to exclusive merchandise from the Pokémon x 100 Thieves collection, meet-and-greets with 100 Thieves Creators, and more.”
Save $5 on tickets for Pokemon Go Fest|Image credit-Google
Gold+ members in New York City can go to Chelsea to visit the Google Store on Saturday (July 6th) and Sunday (July 7th) from 11 am-2 pm both days to grab apparel from the Pokémon x 100 Thieves collection. Make sure to get there early because it is first come, first served while supplies last. Speaking of Pokemon Go Fest, you can save $5 and pay just $9.99 for tickets. Redeem the discount using Play Pass. Each ticket includes access to two different events: the Park Experience in Randall’s Island Park and the City Experience taking place across all five boroughs.
Cambridge is one of the top companies on the audio scene, but it primarily focuses on larger devices. However, the British brand has recently made its foray into wearable audio devices. Cambridge just launched the Melomania P100, the company’s first-ever over-the-ear headphones.
We recently reviewed the incredible Cambridge Melomania M100. This is a pair of TWS earbuds that cost only $219. These are truly audiophile-grade earbuds that have an amazing sound. There’s so much to love about these earbuds, so feel free to check out our Melomania M100 review. These might be your next favorite earbuds.
Cambridge unveils the new Melomania P100
It’s always interesting when a company takes its first steps into a new form factor. We always look forward to what it plans to bring to the market. There’s a lot of competition in the headphone market with companies like Sony and Apple leading the pack. So, Cambridge has a lot on its plate.
The newly announced Melomania P100 come with a set of high-quality 40mm drivers to deliver the sound. The company says that these are premium three-layer composite drivers with a set of neodymium magnets.
These headphones also come with Class AB amplification, so you know that you’ll have a punchy and powerful sound. This is the same kind of amplification used with the company’s CX Series hi-fi amplifiers.
Lossless audio
These are Bluetooth headphones, which means that you won’t be getting audio quality as good as a pair of wired headphones. This is because the audio codec needs to compress the audio signal to be sent over the limited Bluetooth bandwidth.
However, the Melomania P100 will use Qualcomm’s high-quality aptX Lossless codec. This codec can send a highly detailed audio signal from the device to the headphones. It can send a signal at 16-bit/44.1kHz. This is CD-quality audio, and there’s no lossy compression. This means that those 40mm drivers will be pushing a highly detailed sound into your ears.
With sound so amazing, you’re going to want to listen to these headphones for extended periods of time. As such, you want to make sure that they have great battery life. The Melomania P100 comes with some stellar battery life.
Cambridge states that you can expect up to 60 hours of battery life on a single charge. That’s with the ANC turned on. With it off, you’re looking at up to 100 hours! Obviously, your mileage will vary, and you might not see numbers quite so high in your usage. In any case, you’re still going to have great battery life.
As for charging, you will get a full two hours of listening time on a short five-minute charge. That gets boosted to four hours with ANC turned off. So, you can plug them in while you hop in the shower and have more than a day’s worth of battery life.
Customizable audio
Just like with the M100, the Melomania P100 use the Melomania app. Among other things, this app allows you to customize your audio experience. If you’re a person who likes to tinker with your sound, you can use the included EQ.
This is a 7-band EQ that allows you to adjust the audio with epic precision. Once you’ve adjusted the EQ to your liking, you can save it as an EQ preset. Speaking of presets, there are six other EQ presets that you can choose from right out of the box.
Game mode
Also in the app, there’s a Game Mode. This mode will lower the latency of the audio. Basically, there’s less time between the moment something happens on your screen and the moment you hear it. It’s perfect for when you’re playing games. Cambridge says that this lowers the latency to just 80ms.
Price
You’ll be able to get all of this for a very reasonable price. While most other headphones of this caliber would cost between $300 and $500, you can pick up the Cambridge Melomania P100 for $279 (€279 in Europe. £229 in the UK). You can put in your order at the Official Cambridge website or at Amazon.
Like oil and water, there are things that just don’t mix. AI and privacy are two of them. There are several AI tools and features that just scream privacy nightmare. Well, that was true for a popular application that just hit the market. The ChatGPTmacOS app stored conversations in plain text.
If this sounds familiar, Microsoft was just put through the wood chipper over something similar. Its impressive and rather creepy Recall feature was found storing information on users’ computers in an easy-to-read text document. This means that, if someone gains access to that user’s computer, then they could extract that document and basically get a debriefing of EVERYTHING they’ve been doing. Microsoft walked the feature back and has since put it on indefinite hiatus.
The ChatGPT macOS app was storing conversations in plain text
Consumer-facing AI is slowly moving away from data centers and onto devices. You can’t argue with the convenience of having powerful AI on your phone or computer without needing to connect to the internet. This is why there’s been such a big push for on-device AI.
However, the companies pushing these technologies aren’t being upfront and honest about what they have to do to keep the data on-device. Microsoft’s move was reckless, and it seems that OpenAI didn’t learn from its benefactor’s mistake. Pedro José Pereira Vieito made a post on Threads showing the ChatGPT macOS app storing conversations in plain text on the computer.
Pereira designed an app that could access these conversations and surface them. Jay Peters from The Verge was able to demonstrate this and confirm that it’s true. After The Verge contacted OpenAI, the company was able to make some changes and block it.
So, problem solved… right?
Okay, OpenAI fixed the problem and saved the day. Great, but the thing is that the fundamental problem hasn’t been fixed. Both Microsoft and OpenAI have been caught being completely reckless with their users’ data, and we don’t find out about it until 3rd-party entities look into their systems and report them. So, these companies were completely happy with letting these security issues exist on our devices.
All we can say is that we’re lucky that the people finding these vulnerabilities are good samaritans and not hackers. Again, Pereira designed an app that was able to extract that data. What’s stopping someone from developing an app that could extract that data and surreptitiously send it right to them? This sort of thing happens.
The main issue is that major corporations continue to launch products with blatant security issues and don’t act until they are discovered. Aren’t these the companies that brag about top-of-the-line security in keynotes? We trust them implicitly because it’s Microsoft or because it’s Google or because it’s Apple. These are multi-trillion-dollar companies, so they, ostensibly, know a thing or two about keeping our data safe. However, they continue to prove that they don’t.
Average users shouldn’t be finding these security flaws; they shouldn’t be finding logs of conversations stored in plain text. Until major corporations stop being so reckless with our data with these flashy and fancy AI tools, the problem will never truly be fixed.
This time around we’re comparing two camera-centric smartphones, two outstanding camera smartphones. We’ll be comparing the HONOR Magic6 Pro vs Vivo X100 Ultra. Both of these phones launched this year, and even though they are fueled by the same SoC, these two phones are very different. Those differences start with their design and stretch to various other areas.
As per usual, we will first list the specifications of both of these devices. Following that, we will compare them across a number of categories. We’ll compare their designs, displays, performance, battery life, cameras, and audio performance. Before we begin, do note that only the HONOR Magic6 Pro is available in a global variant. With that being said, there’s a lot to talk about here, so let’s get down to it.
The HONOR Magic6 Pro is made out of aluminum and either glass or vegan leather. It comes in both of those backplate options. The Vivo X100 Ultra, on the other hand, utilizes aluminum for its frame, and glass on its back. Glass models of these two phones weigh exactly the same, 229 grams. The vegan leather model of the Magic6 Pro is a bit lighter at 225 grams. The Vivo X100 Ultra is slightly taller, and while they’re essentially the same in terms of width, the difference is 0.2mm. The same goes for thickness, as the difference is 0.3mm.
Both smartphones feature curved displays on the front, with very thin bezels around them. The Magic6 Pro has a pill-shaped cutout on the front, which is centered at the top. The Vivo X100 Ultra includes a centered display camera hole at the top. Both smartphones include physical buttons on the right-hand side. Their backplates are curved towards the sides, proportionally to their front panels.
You will notice that both devices have camera islands on the back, which are centered in the upper portion. They’re essentially both round, but the HONOR Magic6 Pro also has some design elements around that circle which cover up the fact it’s round. The camera oreo on the Vivo X100 Ultra is larger, noticeably. Both of them do protrude on the back, and both host three cameras.
It is also worth saying that both of these smartphones are IP68 certified. In other words, they’re both water and dust resistant. Glass models are equally slippery, but the vegan leather Magic6 Pro does add quite a bit of grip to the mix.
HONOR Magic6 Pro vs Vivo X100 Ultra: Display
The HONOR Magic6 Pro features a 6.8-inch 2800 x 1280 LTPO OLED display. That panel is curved, and it has a refresh rate of up to 120Hz. It can project up to 1 billion colors, and Dolby Vision is supported. HDR is supported here too, while the display’s brightness i 5,000 nits, in theory. The display aspect ratio is 19.5:9, while the screen-to-body ratio is at around 91%. NanoCrystal Shield protects this display.
The Vivo X100 Ultra, on the flip side, has a 6.78-inch QHD+ (3200 x 1440) LTPO AMOLED display. That panel is also curved, and its refresh rate also goes up to 120Hz. This display can project up to 1 billion colors, and it supports Dolby Vision and HDR content. The peak brightness here is at 3,000 nits. The display aspect ratio is 20:9, while the screen-to-body ratio is at around 89%.
You really can’t go wrong regardless of which of these two displays you end up choosing. They’re both big, bright, and vivid. They’re also more than sharp enough and have great viewing angles and touch response. Both panels also offer high-frequency PWM dimming to protect your eyes. Yes, both of them will get bright enough when you need them to. The display protection could be better on the Magic6 Pro, as we don’t know what Vivo used.
HONOR Magic6 Pro vs Vivo X100 Ultra: Performance
Qualcomm’s Snapdragon 8 Gen 3 SoC fuels both of these smartphones. That is Qualcomm’s most powerful processor at the moment. The Magic6 Pro comes with up to 16GB of LPDDR5X RAM, but its global variant includes 12GB of RAM. That is paired with UFS 4.0 flash storage. The Vivo X100 Ultra comes in a Chinese variant only, it’s not available in global markets. It is available with up to 16GB of LPDDR5X RAM, and UFS 4.0 flash storage.
Both smartphones are well-equipped in this regard. Do they offer great performance too? Well, yes, in basically every way. Regular, everyday tasks are no problem for either phone. Both of them stay extremely fluid at all times. You can easily open app, multitask, watch videos, take photos, process images, process videos, browse, email, and so on, without either phone taking a dent in its performance capabilities. Heavy multitasking is not a problem either. You will really have a problem slowing down either of these two phones.
The same can be said for gaming too, actually. Both smartphones are not only powerful enough but well-optimized for gaming. Both do include some gaming software too, even though they’re not gaming phones. The most demanding titles out there, such as Genshin Impact, run perfectly fine on both phones. Yes, they both get quite warm after a while, but that doesn’t impact the performance in any way.
HONOR Magic6 Pro vs Vivo X100 Ultra: Battery
The HONOR Magic6 Pro includes a 5,600mAh battery, while the Vivo X100 Ultra has a 5,500mAh unit. Both companies used silicon carbon batteries, which is great, as it allowed them to offer higher battery capacities than most of the competition. And yes, both smartphones do deliver when it comes to battery life. In fact, their battery life is very comparable when it comes to actual usage.
These are some of the best battery life smartphones this year, out of all the flagship smartphones that were launched. We were able to cross the 8-hour screen-on-time mark on both devices, on days when we were not gaming, and were connected to Wi-Fi most of the time. We did not baby either phone in regards to performance. Even if you end up pushing them a bit harder, getting over 7 hours of screen-on-time is doable. Of course, your mileage may vary, as there are a lot of factors included here.
When it comes to charging, both smartphones support 80W wired charging. Both of them also include chargers in the box, by the way. 66W wireless charging is supported on the HONOR Magic6 Pro, while the Vivo X100 Ultra supports 30W wireless charging. HONOR’s flagship does offer 5W reverse wireless and reverse wired support, while the Vivo X100 Ultra is limited to reverse wired charging only. HONOR’s handset is technically more versatile in terms of charging, and it does support faster wireless charging.
HONOR Magic6 Pro vs Vivo X100 Ultra: Cameras
Both of these phones include three cameras on their backs. The HONOR Magic6 Pro has a 50-megapixel main camera (variable aperture), a 50-megapixel ultrawide unit (122-degree FoV), and a 180-megapixel periscope telephoto camera (2.5x optical zoom, macro). The Vivo X100 Ultra has a 50-megapixel main camera (1-inch type sensor), a 50-megapixel ultrawide camera (116-degree FoV), and a 200-megapixel periscope telephoto camera (3.7x optical zoom, macro).
Now, the end results from these two cameras are generally different, but there are some similarities too. They both tend to prefer warmer color tones… in general. That is a bit more obvious on the HONOR Magic6 Pro, though. Both smartphones do a fantastic job during the day. The images end up looking sharp, detailed, vivid, and well-balanced altogether. HDR performance is also great from both. Their periscope telephoto cameras do a great job across the board and are even great for macro photography. It’s a toss-up between the two. Ultrawide cameras on both smartphones are the least impressive ones, but they still do a very good job. The one on the Magic6 Pro does offer a wider FoV, though.
When the light goes away, both smartphones manage to retain plenty of details. They both tend to light up the scene quite a bit and do a great job when it comes to balancing out the images. Both devices also do a great job with light flares, though the Vivo X100 Ultra is a bit better when it comes to that. You really can’t miss when it comes to which phone to pick for its camera prowess. They’re both outstanding.
Audio
Both of these phones have a stereo speaker setup. The speakers on the HONOR Magic6 Pro are a bit louder, but both sets of speakers do deliver quality sound, that’s for sure. The loudness difference is also not that big.
Neither of the two devices comes equipped with an audio jack, however. You can use their Type-C ports to connect your wired headphones, however. The Magic6 Pro supports Bluetooth 5.3 connectivity, while the Vivo X100 Ultra includes Bluetooth 5.4 support.
