Android users may be spared some headaches, with Google Play now warning them before installing buggy apps.
First spotted by Android Police, Mishaal Rahman tweeted screenshots of a Google Play dialog that warns users when an app they’re about to download has not been performing well on similar hardware.
The feature is a nice addition to the Play Store and should save users some irritation.
Samsung’s Galaxy S23 has become the definition of mobile bloatware, with a base install taking roughly 60GB.
Operating systems growing in size is an inevitable trade-off of new features, improved support, and the addition of new technologies. Unfortunately for S23 users, Samsung seems to be taking OS growth to all new heights.
Mishaal Rahman, Senior Technical Editor for Esper, asked his Twitter followers how much of their phone’s space their system installs were taking:
Some users reported the S23’s Android install taking almost 60GB:
Shockingly, one user even reported a 75GB install:
With the S23 topping out at 256MB, and the S23+ topping out at 512, it’s hard to imagine how or why Samsung can justify taking up 60-75GB of space just for the OS.
Microsoft is making a major change to its Surface Duo line, ditching the dual-screen design in favor of a foldable screen.
Microsoft first unveiled the Surface Duo line in late 2019, surprising users with both its operating system and its design. The phone ran Android rather than some tablet-centric version of Windows and featured a dual-screen design. The dual screens were Microsoft’s attempt to avoid some of the pitfalls of early foldable designs, such as creases and breakage.
Fast-forward three years, and Microsoft is ready to throw in the towel on dual-screen designs and embrace foldable screens, according to Windows Central. What’s more, the decision to make the switch appears to come after a dual-screen Surface Duo 3 design had already been approved.
There are likely multiple factors that led to the decision, not the least of which is the mixed reviews the Surface Duo 2 received. In addition, foldable screen tech has come a long way in the last three years and has largely resolved the limitations of early generations.
If the report is true and Microsoft embraces foldable designs, it could easily help the company make major inroads into the mobile phone market. For many users, having an Android phone designed from the ground up to run Microsoft’s suite of applications could be the holy grail of mobile phones.
Sunbird is a promising Android messaging app that plans to bring iMessage to Android phones, ending the green vs blue bubble debate.
Messaging is one of the biggest compatibility issue between Android and iOS. Apple’s devices use iMessage, which provides a wealth of features, such as group administration, read receipts, file sharing, encryption, and more. Unfortunately, when iOS users text Android users, Apple’s devices fall back to plain SMS text messages instead of the newer RCS messages that duplicate iMessage’s features.
Sunbird aims to address the issue with a new app that will allow Android users to send and receive iMessages as if they were on an iPhone. The solution is much simpler than competing options that require a Mac server to act as an intermediary.
In addition to bridging the green vs blue bubble divide, Sunbird plans to add full support for traditional SMS, as well as other popular messaging services and apps, such as Signal, Telegram, and WhatsApp. This will make Sunbird a one-stop-shop for all messaging on Android.
Google has long been a proponent of Apple adopting RCS as its fallback protocol, making the argument that it would have no impact on communication between Apple devices. It would only be used when an Apple user texts an Android users, and would offer the same safety features iMessage provides.
Despite the common sense sanity of Google’s argument, Apple CEO Tim Cook has indicated the company has no intention of supporting RCS, telling people who ask to ‘get an iPhone.’ Hopefully, Sunbird can solve the issue once and for all.
In the meantime, users who want to sign up can use this link:
https://sunbirdapp.com/?r=jestl
Disclaimer: This link will give the author referrals, bumping his position in the waitlist with a view to gain earlier access for review purposes.
Google’s decision to include Rust support in the Android Open Source Project (AOSP) is paying off with less vulnerabilities.
Rust is a relatively new programming language, one that places an emphasis on memory safety, security, and performance. Google made the decision to support Rust in Android in early 2021, a decision that is already paying off.
According to 9to5Google, Google says there has been a considerable drop in the number of memory safety vulnerabilities, going from 223 in 2019 to 85 in 2022. Such vulnerabilities now comprise just 35% of known vulnerabilities in Android, as opposed to 76% four years ago. As a result, Google says “2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.”
Rust has been gaining traction because of its memory safety features. The NSA recently advocated for the use of Rust and similar languages in an effort to cut down on software vulnerabilities. Similarly, the language has been added to the Linux kernel, making it only the second language supported, behind C.
Elon Musk is already eyeing his next business, threatening to make an iPhone and Android competitor if Twitter is removed from app stores.
Twitter is in the midst of a massive upheaval following Musk’s buyout of the company. The tech mogul has slashed the moderation team, leading to reports of increased hate speech on the platform. The situation has caused some to wonder what would happen of Twitter’s issues eventually lead to it being removed from the Apple App Store and Google Play Store.
Musk has weighed in with his plans:
It’s hard to imagine what a Musk-owned phone would be like. Despite his companies’ innovations, they are hardly consumer-friendly. For example, Tesla’s paid over-the-air updates are credited with being the inspiration for other automakers locking built-in vehicle features behind paywalls, something is easily the most consumer-unfriendly, greedy behavior in the industry.
With the cellphone industry having a well-established practice of offering free upgrades, and finally moving toward right to repair, it’s disconcerting to think of how much damage Musk could do with his own phone.
Signal has announced plans to remove SMS messaging from its Android app in a move that’s sure to disappoint users.
Signal is one of the most popular secure messaging apps, competing with iMessage and WhatsApp while offering better security and privacy than either. On Android, the app can also handle traditional SMS and MMS messaging for communicating with users who aren’t on Signal. While SMS and MMS messages don’t offer the same level of security, it’s still a convenient way to keep all messaging in a single app.
Unfortunately, Signal plans to remove SMS and MMS support, narrowing its focus to encrypted messaging. The company explained its decision in a blog post:
In order to enable a more streamlined Signal experience, we are starting to phase out SMS support from the Android app. You will have several months to transition away from SMS in Signal, to export your SMS messages to another app, and to let the people you talk to know that they might want to switch to Signal, or find another channel if not.
The company says users will need to export their SMS messages and select a new client to handle non-Signal messages. A future version of the app, one currently in beta, will provide the built-in export functionality:
If you do use Signal as your default SMS app on Android, you will need to select a new default SMS app on your phone. If you want to keep them, you’ll also need to export your SMS messages from Signal into that new app.
Signal says the reason for the change was primarily over security concerns and to free up resources to focus on core features:
The most important reason for us to remove SMS support from Android is that plaintext SMS messages are inherently insecure. They leak sensitive metadata and place your data in the hands of telecommunications companies. With privacy and security at the heart of what we do, letting a deeply insecure messaging protocol have a place in the Signal interface is inconsistent with our values and with what people expect when they open Signal.
We are focused on building secure, intuitive, reliable, and pleasant ways to connect with each other without surveillance, tracking, or targeting. Dropping support for SMS messaging also frees up our capacity to build new features (yes, like usernames) that will ensure Signal is fresh and relevant into the future. After much discussion, we determined that we can no longer continue to invest in accommodating SMS in the Android app while also dedicating the resources we need to make Signal the best messenger out there.
On the heels of news that Android bypasses VPNs and leaks data, developers have discovered that iOS 16 does even worse.
Developers at Mysk have discovered that iOS 16 contacts Apple’s servers outside of a VPN tunnel, even leaking DNS requests. A number of different services trigger the behavior, including Health, Maps, and Wallet.
The issue is similar to one Mullvad discovered with Android devices, where Google’s operating system routes some traffic outside a VPN connection. Android even does this when the Block connections without VPN option is enabled.
Both issues are extremely concerning. When a VPN is in use, ALL traffic should be routed through the VPN. The issue is even more concerning with iOS 16 since it is leaking DNS information. Apple has worked hard to cultivate a reputation for privacy and security, making this latest news especially embarrassing for the company.
While VPNs are not the security silver bullet some make them out to be, they are nonetheless an important element in the battle to remain private online. For the two major mobile operating systems to circumvent VPNs and contact their respective companies’ servers is an egregious security and privacy violation.
Famed VPN company Mullvad has found that Android circumvents VPNs and leaks data, raising privacy implications.
Mullvad is one of the leading VPN providers and consistently wins praise for being one of the most secure and private options on the market. Unlike many companies in the space, Mullvad has traceable ownership, anonymous payments, and has been audited by a third party.
In one of its latest security audits, Mullvad discovered an issue with Android. According to the company’s blog, the mobile operating system bypasses VPNs and leaks data, even when the option to Block connections without VPN is enabled:
We researched the reported leak, and concluded that Android sends connectivity checks outside the VPN tunnel. It does this every time the device connects to a WiFi network, even when the Block connections without VPN setting is enabled.
We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal on the network, the connection will be unusable until the user has logged in to it. So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models. As there seems to be no way to stop Android from leaking this traffic, we have reported it on the Android issue tracker.
Mullvad’s report outlines the potential privacy implications:
The connection check traffic can be observed and analyzed by the party controlling the connectivity check server and any entity observing the network traffic. Even if the content of the message does not reveal anything more than “some Android device connected”, the metadata (which includes the source IP) can be used to derive further information, especially if combined with data such as WiFi access point locations. However, as such an de-anonymization attempt would require a quite sophisticated actor, most of our users are probably unlikely consider it a significant risk.
There are third-party versions of Android that are designed to be more privacy and security-oriented. CalyxOS and GrapheneOS are two such examples, taking the open-source version of Android before Google loads it up with their software and releasing it.
GrapheneOS is already immune to this particular issue, and the CalyxOS devs are working on the issue.
Android apps continue to be a privacy nightmare, with 1 in 2 apps on the Google Play Store sharing user data with third parties.
Google has been under increasing pressure to improve Android apps’ privacy, primarily in response to Apple’s App Track Transparency. Google introduced its own “Data safety” feature in October 2021, requiring developers to use it as of late July 2022. Data safety lets people know how developers use the data they collect.
Now that developers are required to disclose their data practices, Incogni looked at 1,000 apps on the Play Store to see how data was being used. The findings were disturbing, with 55.2% sharing user data with third parties. Some of the big-name apps were the biggest perpetrators, despite claiming to collect the least amount of data.
See also: App Permissions Info Is Coming Back to the Google Play Store
Incogni also found a major disparity between free and paid apps, with free apps sharing seven times as much data as their paid counterparts. The same was true for popular apps, which shared 6.15 times more data than less popular ones.
To absolutely no one’s surprise, social media apps collected the most data or 19.18 data points. Shopping apps were the worst for data sharing, coming in at 5.72 data points.
Perhaps most concerning is the fact that 13.4% of apps share user location data, easily one of the most sensitive data points, with third parties.
Incogni also pointed out a major flaw in Google’s system, namely that it runs on the “honor system.” In other words, developers are trusted to be honest and transparent about what their apps are and are not collecting and sharing.
Incogni highlighted some of the biggest dangers related to their findings:
Many apps share and even sell your data to third parties such as marketing agencies, data brokers, and other businesses. Worse yet is that more than half of these apps might not be encrypting your data in transit, making the data highly susceptible to attackers if communications are intercepted.
Even transferring anonymous data – which is not considered “sharing” – can be ultimately harmful as it can be easily re-identified.
The risks involved in the proliferation of your personal information can be quite serious. Data sharing exposes users to dangers such as data breaches, identity theft, stalking, and online harassment. Many internet users can also find themselves victims of digital redlining, a phenomenon that is similar to profiling and discrimination in the real world.
Microsoft is killing off its SwiftKey predictive keyboard for iOS, with plans to remove it from the App Store as of October 5.
SwiftKey is a predictive keyboard that gained popularity on Android and iOS before being bought by Microsoft. In recent years Apple’s own iOS keyboard has included many of the features SwiftKey became famous for, such as predictive text and swipe gestures.
It appears Microsoft is now ending support for the iOS version of SwiftKey, according to ZDNet, removing it from the App Store as of October 5. Chris Wolfe, Director Product Management at SwiftKey, gave the following statement to the outlet:
“As of October 5, support for SwiftKey iOS will end and it will be delisted from the Apple App Store. Microsoft will continue support for SwiftKey Android as well as the underlying technology that powers the Windows touch keyboard. For those customers who have SwiftKey installed on iOS, it will continue to work until it is manually uninstalled or a user gets a new device. Please visit Support.SwiftKey.com for more information.”
Microsoft refused to provide any comment as to the reason for the change of plans, but ZDNet’s Mary Jo Foley theorizes the decision may be in response to Apple’s walled garden policies. In the name of privacy Apple restricts access to core elements of iOS, making it difficult for a product like SwiftKey to integrate as fully as the built-in keyboard.
Microsoft may have simply decided it could no longer deliver the product and experience that it can on Android.
The Google Plays Store has a problem, with more Android apps abandoned in the last six months than those updated.
New research by Pixalate paints a grim picture for the Play Store, with a whopping 32% of Android apps abandoned by their developers, while only 30% were updated in Q2 2022. While Apple’s App Store also has a problem with abandoned apps, it’s not nearly as big a problem.
In fact, the App store had 200,000 fewer abandoned apps compared to Q1 2022, while the Play Store had 150,000 more over Q1. What’s more, while the App Store has 500,000 abandoned apps, the Play Store has more than double that number, coming in at 1.1 million.
The same trend holds true for “Super-Abandoned” apps, the term Pixalate uses for apps that have received no updates for at least five years. The App Store has 141,000 such apps, but the Plays store has more than 166,000.
Beyond potential disappointment for users whose favorite app is abandoned, there are also serious security and privacy considerations. Pixalate found that 23% of abandoned apps have no known privacy policy. Abandoned apps can also pose risks because they use older and outdated libraries and don’t have the latest security patches.
The research is a mixed bag for Android, its users, and developers. On the one hand, mainstream Android apps are more likely to be maintained long-term. On the other hand, users may be less likely to give new independent apps a chance for fear the developer(s) may eventually abandon them.
The European Union has upheld a record fine against Google for abusing its dominance in the smartphone market.
The EU initiated a case against Google in 2015, accusing the company of using its dominance in the smartphone market to force other companies to use its other products. The court fined Google a record 4.34 billion euros, leading to Google appealing the decision.
According to NBC News, The European Union’s General Court has upheld the fine, although it did drop it slightly to 4.125 billion euros ($4.12 billion).
At the same time, the court said it “largely confirms the European Commission’s decision that Google imposed unlawful restrictions on manufacturers of Android mobile devices and mobile network operators to consolidate the dominant position of its search engine.”
The issue stems from Google’s requirement that any company using the Android operating system on their smartphones must also bundle the Chrome web browser and use Google’s search engine as the default. The EU court found those requirements monopolistic, given Android’s 80% market share in Europe.
For its part, Google expressed its disappointment in the decision, giving the following statement to NBC:
“We are disappointed that the Court did not annul the decision in full. Android has created more choice for everyone, not less, and supports thousands of successful businesses in Europe and around the world.”
Android’s minimum requirements are going up, with the latest Android 13 requiring 2GB of RAM and 16GB of storage.
Android’s system requirements have been slowing growing over the last several years, from 512MB of RAM in 2017 to 1GB in 2020. Android 13 is the first to go beyond a 1GB requirement, setting 2GB as the minimum.
While Google has not officially commented on any change to storage requirements, Android Enterprise Expert and Google Product Expert Jason Bayton confirmed the increased storage requirement.
Apple seems largely unconcerned with the blue vs green bubble debate, with Cook saying the solution is to buy an iPhone.
When texting a non-iPhone user, Apple’s iOS falls back to the older, more limited SMS texting protocol instead of using the newer RCS and indicates the switch by displaying the texts in green bubbles instead of the standard blue. RCS offers many of the same advantages as Apple’s iMessage, such as group administration, read receipts, file transfer, encryption, and more. Google and others have called on Apple to adopt RCS for iPhone to Android communication, but Apple CEO Tim Cook just threw cold water on that idea.
According to The Verge, Cook was asked how Steve Jobs would have felt about RCS at Vox Media’s Code 2022 event.
“I don’t hear our users asking that we put a lot of energy in on that at this point,” Cook responded.
When the person who asked the question, Vox Media’s LiQuan Hunt, pointed out the problems sharing videos with his mom, who uses an Android phone, Cook had a curt response:
“Buy your mom an iPhone,” he said.
Hunt’s complaint highlights the heart of the issue: Apple is intentionally using an inferior protocol to communicate with Android devices, one that degrades video quality, limits file transfer, and provides no security or encryption.
Google has called on Apple to fix texting by adopting RCS, pointing out that it will not impact communication between Apple devices. It will only improve communication between Apple and non-Apple devices. Many in the industry, including we at WPN, have made the case that Apple only refuses to support RCS as a way to discourage people from buying Android phones in favor of its iPhones.
Perhaps Cook should look at Steve Jobs’ efforts to work with Microsoft as an indication of how he would think of RCS. Rather than focus on old turf wars between the two companies, Jobs was more concerned about what was in the best interest of his customers.
In the meantime, thank you, Tim Cook, for saying out loud what everyone already suspected.
A Google-backed startup plans to bring its lockscreen platform to the US within a couple of months, turning lockscreens into another way to serve ads.
Glance is a subsidiary of InMobi Group, the Indian ad giant. The company introduced a way to display news feeds, ads, games, and more on Android lockscreens. As a result, users are bombarded with content before they unlock their phones. The company claims its software is preinstalled on some 400 million smartphones, with its previous focus being the Indian, Asian, and EU markets.
According to TechCrunch, the company is now in talks with US carriers to bring its platform to US phones within the next two months.
It’s hard to fathom users actually wanting to be bombarded with ads on their lockscreens, especially when they’re already paying for both the wireless service and the phone they’re using.
As we have stated many times at WPN, it’s one thing — and entirely expected — for a company to rely on ads when it is providing a user with a free service. It’s a completely different story when companies that are already making billions of dollars in sales and services want to degrade the user experience by placing ads atop those paid products and services.
Perhaps the most unsurprising factor in this whole story is Google’s involvement. The company already has a near stranglehold on the online advertising market. It should surprise absolutely no one that the company is backing Glance.
Here’s to hoping US carriers provide a way to opt-out of Glance’s “service.”
YouTube TV has finally brought Picture-in-Picture (PiP) support to iOS 15 devices, making it one of the last major streaming apps to do so.
PiP is a feature that allows a user to minimize a video into a smaller, floating window. The iPhone or iPad can then be used for other tasks, while still playing the video in question. While YouTube TV has supported PiP on Android since 2017, the feature has not been available on iOS…at least until now.
YouTube TV announced the new feature in a tweet.
iPhone & iPad users
We’re happy to share that picture-in-picture is now rolling out to your iOS 15+ devices. Simply select a video to watch and swipe [up] from the bottom of the screen to return to the device’s homepage. The video can scale down and move across your screen.
— YouTube TV (@YouTubeTV), March 30, 2022
The company thanked users for their patience during the (long…really long) delay releasing the feature.
We really appreciate your patience while we worked on enabling this key feature for your iOS 15+ devices. We hope you enjoy this easy way to stream.
— YouTube TV (@YouTubeTV), March 30, 2022
The new feature works on both iPhones and iPads running iOS 15+.
Google is deploying an Air Raid Alerts system for Android users in Ukraine, in an effort to help them stay safe.
Android is the most widely used mobile operating system (OS) on the market, especially outside of the US. With so many Ukrainians living under fear of aerial bombing, Google is looking to help individuals receive warning in time to take shelter.
Tragically, millions of people in Ukraine now rely on air strike alerts to try to get to safety. At the request, and with the help, of the government of Ukraine, we’ve started rolling out a rapid Air Raid Alerts system for Android phones in Ukraine. This work is supplemental to the country’s existing air raid alert systems, and based on alerts already being delivered by the Ukrainian government.
With tech companies often in the news for negative reasons, it’s nice to see the good tech companies can do, using their products and services to help save lives.
A new, severe vulnerability is putting Linux computers and many Android phones at risk.
According to Ars Technica the new vulnerability has been dubbed “Dirty Pipe.” The issue allows anyone with an account “to add an SSH key to the root user’s account.” Once done, the user would be able to remotely access to the machine with full root access.
The vulnerability can also be used for other exploits, such as overwriting read-only files, creating a root shell, setting up a backdoor, and more.
In addition to impacting computers with Linux installed, the vulnerability also impacts some versions of Android, since the mobile OS runs a modified version of the Linux kernel. While some might be inclined to believe newer versions of Android would be immune, the exact opposite is the case.
Newer devices, like the Pixel 6 and Samsung S22 run newer versions of the Android kernel, which are vulnerable to the exploit. In contrast, older devices like the Pixel 4 are running older versions of the kernel, which are not vulnerable.
All Linux and Android users should be on the lookout for a security update.
Some users are not happy with Google’s decision to stop supporting the Pixel 3, and there appears to be no technical reason for the decision.
Google has been working to build support for its line of smartphones, with the recently released Pixel 6 and 6 Pro sporting the company’s Tensor chip. One of the benefits Google touted about the Tensor was the five years of security updates and support the company would provide, something very uncommon in the Android world.
Earlier versions of the Pixel, however, still run Qualcomm’s Snapdragon line of processors, and Google only ever committed to three years of updates for those devices. With Android 12, the 2018 flagship Pixel 3 and 3 XL reached the end of their life, and did not receive the update.
According to Ryne Hager, over at Android Police, there’s no technical reason why Google needed to abandon the Pixel 3, and it appears the company simply decided it had met its minimum obligation and didn’t want to extend it.
“With these options for updates available, there’s only one conclusion to draw: Google just doesn’t want to keep updating the Pixel 3,” writes Hager. “That three-year promise has been satisfied, and it’s not making more money from Pixel 3 customers. Why go above and beyond?”
Google went all-out with the Pixel 6 in an effort to grab more market share. Perhaps the company would also do well to listen to the feedback it’s receiving about the Pixel 3, and compare its policies to Apple’s. Apple recently released iOS 15, including support for devices as old as the iPhone 6S from 2015.
If Google really wants to be a serious hardware player, it needs to appreciate that customers remember when companies go above and beyond, as Apple has done in its support for older models, instead of doing the bare minimum to make a buck and move on.
Google is taking a page from Apple, laying the groundwork for privacy sandboxing in its Android operating system (OS).
Sandboxing refers to a practice where apps cannot access the data from other apps. Instead, they’re sequestered into their own “silos.” This can have significant stability benefits, as apps cannot interfere with each other. There are also privacy and security benefits, as apps cannot access data from other apps.
While Apple already has sandboxing in both macOS and iOS, Google is just now preparing to add the feature to Android.
“Today, we’re announcing a multi-year initiative to build the Privacy Sandbox on Android, with the goal of introducing new, more private advertising solutions,” writes Anthony Chavez, VP, Product Management, Android Security & Privacy. “Specifically, these solutions will limit sharing of user data with third parties and operate without cross-app identifiers, including advertising ID. We’re also exploring technologies that reduce the potential for covert data collection, including safer ways for apps to integrate with advertising SDKs.”
Google clearly wants to take a different approach than Apple, given their entire platform runs on advertising. As a result, the company wants to try to strike a balance between privacy and ad-based free services.
“We realize that other platforms have taken a different approach to ads privacy, bluntly restricting existing technologies used by developers and advertisers,” Chavez continues. “We believe that — without first providing a privacy-preserving alternative path — such approaches can be ineffective and lead to worse outcomes for user privacy and developer businesses.
“Our goal with the Privacy Sandbox on Android is to develop effective and privacy enhancing advertising solutions, where users know their information is protected, and developers and businesses have the tools to succeed on mobile. While we design, build and test these new solutions, we plan to support existing ads platform features for at least two years, and we intend to provide substantial notice ahead of any future changes.”