The Pixel 8A is officially here. The 8A gets Google's latest processor, adds a bunch of new AI features, and still starts at $499 in the US. But the very best news is that the 8A adopts the Pixel 8 and 8 Pro's seven years of software support, which is just unheard of in a midrange phone. From a report: The 8A retains the same general shape and size as its predecessor. But its 6.1-inch screen gets a couple of significant updates: the top refresh rate is now 120Hz, up from 90Hz, and the panel gets up to 40 percent brighter, up to 2,000 nits in peak brightness mode. They're important upgrades, especially since the 8A's main competition in the US, the OnePlus 12R, comes with an excellent display.

It comes with the same generative AI photo and video features that made a splash on the Pixel 8 and 8 Pro, including Best Take, Magic Editor, and Audio Magic Eraser. Circle to Search is also available, and the 8A will be able to run Google's mobile-optimized on-device AI model, Gemini Nano. As on the Pixel 8, it'll be a developer option delivered via feature drop. Other specs are either unchanged or slightly boosted compared to the last generation. There's still 8GB of RAM and 128GB of storage, though there's now a 256GB option. Camera hardware is unchanged from the 7A, including a stabilized 64-megapixel main sensor. There's an IP67 rating, consistent with the 7A, and battery capacity is a little higher at 4,492mAh compared to 4,385mAh. Wireless charging is available via Qi 1.3 at up to 7.5W -- no Qi2 here.

The Register provides a retrospective look at how Microsoft "absorbed the handset division of Nokia" ten years ago, only to kill the unit two years later and write it off as a tax loss. What went wrong? "It was a fatal combination of bad management, a market evolving in ways hidebound people didn't predict, and some really (with a few superb exceptions) terrible products," reports The Register. From the report: Like Nokia, Windows Mobile's popularity peaked in 2007, then started to drop away. The iPhone was the tech item of choice for fashionistas, Blackberry was seen as essential for serious business, and Android -- with Google as its new owner -- was gaining traction. Microsoft by that time had a new CEO in Steve Ballmer, who completely and famously failed to see the shifting sands in the mobile market. He dismissed the iPhone as a threat to what he thought was Windows Mobile's unassailable market position, and was roundly mocked for it. So the scene was set for a mobile standards war, and Steve Ballmer staked his professional pride on winning it. Microsoft recruited Nokia to help out. [...]

Under [Executive VP of Microsoft Stephen Elop's] leadership, a closer working relationship with Microsoft was a given -- but in 2013 Redmond announced it was going the whole hog and buying Nokia's handset business outright for $7.2 billion. The deal was done in April 2014, a decade ago from today. Microsoft also got a ten-year license on Nokia's patents and the option to renew in perpetuity. It also got Elop back, as executive vice president of the Microsoft Devices Group. That meant stepping down as CEO of Nokia, for which he trousered an 18.8 million bonus package -- a payoff the Finnish prime minister at the time called "outrageous." Nokia retained its networking business in Finland. It purchased Siemens' half of the Nokia Siemens Networks joint venture and renamed in Nokia Networks. The Nokia board rolled the dice again on hiring another non-Suomi manager, Rajeev Suri, and this time hit a double D20 in D&D terms.

When Ballmer stepped down from the helm at Microsoft in 2014 -- shortly before the Nokia deal completion -- he left a hot mess to deal with. His plan had been to develop the mobile operating system in conjunction with Windows 10, and Windows Mobile 10 was supposed to be a part of a unified code environment. While Windows 10 on the desktop wasn't a bad operating system, Windows Mobile 10 really was. The promised synergy just didn't happen -- it was power-hungry, clunky, and about as popular as a rattlesnake in a pinata. It was this mess that Satya Nadella faced when he took over the reins. Nadella was never very keen on the phone platform and spent more time in press conferences talking about cricket or the cloud than Microsoft's mobile ambitions. It was clear to all that this really wasn't working. Elop was laid off by Redmond a year later.

It was clear that Windows Mobile wasn't going to work. Android and iOS were drinking Microsoft's milkshake, and Redmond realized the game was up. Microsoft started shedding mobile jobs -- both in Finland and Redmond. While mobile was still publicly touted as the way forward for Microsoft with Ballmer gone, the impetus wasn't there and support for the mobile OS shriveled. In 2015 Microsoft declared it was writing off $7.6 billion on the Phone Hardware division as "goodwill and asset impairment charges" -- $400 million more than it had originally paid for the Finnish firm. Nokia bought European networking giant Alcatel-Lucent in a $16.7 billion deal in 2015. Around the same time, Suri announced a move into tablets, since it had a non-compete agreement with Microsoft on mobiles. Meanwhile a bunch of former Nokia execs who'd fled Elop and Microsoft had started a mobile biz of their own: HMD. It was Finnish, but outsourced production to Foxconn in China, and was planning to make cheapish Android devices. In 2016 Microsoft sold its mobile hardware arm to HMD for an undisclosed -- but probably not large -- sum. Nadella clearly wanted out of the whole business and the Finnish startup concentrated on selling good-enough Android smartphones to Nokia's traditional cheap markets.

Researchers have discovered a new attack that can force VPN applications to route traffic outside the encrypted tunnel, thereby exposing the user's traffic to potential snooping or manipulation. This vulnerability, named TunnelVision, is found in almost all VPNs on non-Linux and non-Android systems. It's believe that the vulnerability "may have been possible since 2002 and may already have been discovered and used in the wild since then," reports Ars Technica. From the report: The effect of TunnelVision is "the victim's traffic is now decloaked and being routed through the attacker directly," a video demonstration explained. "The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet." The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. [...]

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It's also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server. The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that's diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app.

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there's a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn't in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device. You can learn more about the research here.

Abner Li reports via 9to5Google: Since the launch of Health Connect in 2022, Google has been winding down the Google Fit developer APIs. Earlier this week, the company fully detailed how the "Google Fit APIs have been deprecated and will be supported until June 30, 2025." Fitness and exercise apps that previously used Google Fit have until the June 2025 deadline to switch to Health Connect, with Google broadly referring to it as the "Android Health platform."

Google's migration guide for developers lists what they're supposed to switch to on Android phones and Wear OS. However, there is no replacement for the Goals API that lets Google Fit users set "how many steps and heart points they want to aim for each day." Google says it will "share more details about what's next for Android Health" at I/O later this month.

As of this API shutdown announcement, Google has said nothing about the Google Fit apps on Android, Wear OS, and iOS. They still work to track activity and house your full archive. [...] At this point, it's clear that Google Fit is not the future. On the Pixel Watch, Fitbit is the default, while Samsung and other Wear OS manufacturers have their own health tracking solutions. If Google were to announce a deprecation of the Fit app, having it coincide with the June 2025 developer deadline makes sense.

The Rabbit R1 is one of the first standalone AI companion devices to hit the market, offering the ability to translate languages, identify objects in your environment, and order DoorDash, among other things. It's been in the news last week for its all around poor reviews that cite poor battery life, painfully slow responses, and missing features (sound familiar?). Now, it's been confirmed that the Rabbit R1 is powered by an Android app that can run on existing Android phones. Android Authority reports: What ended up souring a lot of people's opinions on the product was the revelation -- in an Android Authority original report -- that the R1 is basically an Android app in a box. Many consumers who believed that the product would be better suited as a mobile app felt validated after our report, but there was one stickler in it that we needed to address: how we got the R1 launcher up and running on an Android phone. See, in our preliminary report, we mentioned that the Rabbit R1's launcher app is intended to be preinstalled in the firmware and be granted several privileged, system-level permissions. While that statement is still true, we should've clarified that the R1 launcher doesn't actually need those permissions. In fact, none of the system-level permissions that the R1 launcher requests are at all necessary for the app to perform its core functionality.

To prove this, we got the Rabbit R1 launcher up and running again on a stock, unrooted Android device (a Xiaomi 13T Pro), thanks to help from a team of reverse engineers including ChromMob, EmilyLShepherd, marceld505, thel3l, and uwukko. We were able to go through the entire setup process as if our device was an actual Rabbit R1. Afterwards, we were able to talk to ChatGPT, use the Vision function to identify objects, play music from Spotify, and even record voice notes. As demonstrated in our hands-on video at the top of this article, all of the existing core functionality that the Rabbit R1 offers would work as an Android or even iOS app. The only functions that wouldn't work are unrelated to the product's core functionality and are things your phone can already do, such as powering off or rebooting the device, toggling Bluetooth, connecting to a cellular or Wi-Fi network, or setting a screen lock.

During our research, Android Authority was also able to obtain a copy of the Rabbit R1's firmware. Our analysis reveals that Rabbit did not make significant modifications to the BSP (Board Support Package) provided by MediaTek. The R1, in fact, still ships with all the standard apps included in AOSP, as well as the many apps provided by MediaTek. This is despite the fact that none of these apps are needed nor ever shown to the user, obviously. Rabbit only made a few changes to the AOSP build that MediaTek provided them, such as adding the aforementioned R1 launcher app, adding a fork of the open-source "AnySoftKeyboard" app with a custom theme, adding an OTA updater app, and adding a custom boot animation. [...] Yes, it's true that all the R1 launcher does is act as a local client to the cloud services offered by Rabbit, which is what truly handles the core functionality. It's also true that there's nothing wrong or unusual with companies using AOSP for their own hardware. But the fact of the matter is that Rabbit does little to justify its use of custom hardware except by making the R1 have an eye-catching design.

An anonymous reader shared this report from Mint: Elon Musk-owned social media platform X (formerly Twitter) has launched a new Grok AI-powered feature called 'Stories', which allows users to read summaries of a trending post on the social media platform. The feature is currently only available to X Premium subscribers on the iOS and web versions, and hasn't found its way to the Android application just yet... instead of reading the whole post, they'll have Grok AI summarise it to get the gist of those big news stories. However, since Grok, like other AI chatbots on the market, is prone to hallucination (making things up), X provides a warning at the end of these stories that says: "Grok can make mistakes, verify its outputs."
"Access to xAI's chatbot Grok is meant to be a selling point to push users to buy premium subscriptions," reports TechCrunch: A snarky and "rebellious" AI, Grok's differentiator from other AI chatbots like ChatGPT is its exclusive and real-time access to X data. A post published to X on Friday by tech journalist Alex Kantrowitz lays out Elon Musk's further plan for AI-powered news on X, based on an email conversation with the X owner. Kantrowitz says that conversations on X will make up the core of Grok's summaries. Grok won't look at the article text, in other words, even if that's what people are discussing on the platform.
The article notes that some AI companies have been striking expensive licensing deals with news publishers. But in X's case, "it's able to get at the news by way of the conversation around it — and without having to partner to access the news content itself."

This year's Free Comic Book Day coincided with Star Wars Day. So there's two new free Star Wars titles being handed out today in comic shops around the world.

They're among several geek-friendly titles among the 48 free comics that fans will get to choose from during this once-a-year event, including:

- Street Fighter vs Final Fight
- Jonny Quest
- Teenage Mutant Ninja Turtles
- Conan the Barbarian
- Flash Gordon

And, of course, four from Marvel Comics.

More details from IGN: DC is about to kick off Absolute Power, a major crossover event that involves Amanda Waller teaming with Batman's rogue android Failsafe and the Brainiac Queen to drain the world's heroes of their power. This prologue issue serves as a primer for the event...

Alongside their Conan issue, Titan is also releasing a new Doctor Who comic that has the distinction of being the first story to feature Ncuti Gatwa's Fifteenth Doctor...

Robert Kirkman's Skybound has been busy establishing a new shared Energon Universe, one which comprises Kirkman and Lorenzo De Felici's Void Rivals as well as the Transformers and G.I. Joe franchises... This issue features new stories for all three series and is designed to be an easy gateway into this rapidly growing comic book line.
There's a Stranger Things story, an Archie Horror comic, and the story of how Popeye lost his eye.

The event is designed to help the industry by attracting comic book readers to independent comic book stores -- and in 2017 NPR offered this advice for visiting comics fans. "While you're there, buy something... The comics shops still have to pay for the 'free' FCBD books they stock, and they're counting on the increased foot traffic to lift sales."

"It all started with the fans," says 72-year-old actor Mark Hamill, in a montage of fans and actors in a newly-released video commemorating this year's Star Wars day.

Or, as Tom's Guide writes, "It's such a nice feeling to be a part of a huge community since fans are the ones who created this special day (by using "may the force be with you" as a pun for the date we all look forward to every year)." Lucasfilm and its owner Disney approved of this occasion, and now, we hold both official and unofficial celebrations to honor the beloved franchise... There are plenty of Star Wars Day deals to shop, movies, and TV shows that you can be a part of this year... [The new animated series] Star Wars: Tales of the Empire will explore the dark side of the galaxy by focusing on two warriors navigating the Galactic Empire... Stream Tales of the Empire on Disney Plus starting May 4.
But there's more. Friday the official Star Wars site wrote that this Star Wars Day "is a big one for gamers." This weekend will see the release of a free Zynga game by Nintendo called Star Wars: Hunters on iOS, Android, and Nintendo Switch, while the game Brawlhalla will add Darth Maul as a playable character for the next three weeks. There's also an upgrade to "vehicular soccer" game Rocket League which enables the unlocking of Star Wars-themed items like Anakin's Podracer Decal and the Darth Maul Decal.

There's also discounts on games like EA's Star Wars Triple Bundle, Star Wars Battlefront II, and LEGO Star Wars: The Skywalker Saga, as well as discounts on games with Star Wars-themed content like Minecraft and The Sims 4. And the franchise has even "returned to Fortnite, "bringing a new collection of Star Wars content to the popular game, including LEGO® Fortnite, Battle Royale, Rocket Racing, and Fortnite Festival." There's more discounts on Star Wars-themed merchandise at Amazon and Macy's, as well as on books from Abrams Book and Chronicle books. In fact, there's special offers from a whole alphabet's worth of major brands including American Tourister luggage, Box Lunch, Corkcircle, Dark Horse... and even Hallmark, Target, and Walmart.

But ultimately the day is a celebration of the movies that fans have loved for 47 years, writes Tom's Guide: Lucasfilm announced that on May 4th you can experience the entire Skywalker saga in movie theaters. This includes all nine episodic films in chronological order.
The site also points out that two new Star Wars series will be premiering later this year. Star Wars: Skeleton Crew is an eight-episode seriues "focuses on four children who go on an adventure while making their way home across a dangerous galaxy. Accompanying them is a force user (who will be played by Jude Law)." And Star Wars: The Acolyte (set in a new time period, the Jedi glory days before the Skywalker saga) begins streaming on Disney Plus June 4. (Fans will get a preview of The Acolyte at 25th-anniversary screenings of Star Wars: The Phantom Menace happening now.)

And the site even makes one last geeky suggestion for those who don't feel like going out this year: The official Star Wars website has released some unique and fun recipes you can make when May 4th rolls around. This includes a Chandrilan Squigs recipe inspired by Mon Mothma and even a Bad Batch of cookies you can decorate to your liking.

Google has asked a U.S. judge not to impose sweeping changes to the Alphabet unit's app store Play that were proposed by "Fortnite" maker Epic Games in the companies' closely-watched antitrust fight. From a report: Google made its filing late on Thursday in San Francisco federal court, where Epic last year persuaded a jury that the tech giant unlawfully stifled competition with its controls over apps downloads on Android devices and payments to developers for in-app transactions. Epic's proposal "would make it nearly impossible for Google to compete," Google's filing said.

The gaming company in March asked U.S. District Judge James Donato in San Francisco to force Google to make it easier for users to download apps from other sources and to allow developers more flexibility in offering and charging for purchases. The Cary, North Carolina-based company also said it should be allowed to bring its Epic Games Store to Android "without delays and barriers." Google agreed in December to pay $700 million to resolve the states' case and, among other reforms, will allow more alternative billing options for in-app purchases.

Several users on Reddit have noticed that Spotify has started hiding song lyrics behind a paywall. "This means you won't be able to sing along unless you know the lyrics already, or are willing to look them up in another app," reports Android Police. From the report: Still, you lose the convenience of real-time sync with the track and automatic scrolling. Like skips per hour, it appears Spotify will implement a limit system and accessing lyrics will count against the user's limit, which should ideally reset after a stipulated time.

Spotify usually requests lyrics from songwriters, publishers, and independent artists. However, in most other cases, the company has a working relationship with MusixMatch to provide lyrics, and perhaps Spotify isn't willing to absorb the costs of this partnership. That would explain why lyrics are now paywalled, but as a free-tier user, such changes are chipping away at the service's appeal.

Microsoft is fully rolling out passkey support for all consumer accounts today. From a report: After enabling them in Windows 11 last year, Microsoft account owners can also now generate passkeys across Windows, Android, and iOS. This makes it effortless to sign in to a Microsoft account without having to type a password in every time.

The Google Phone app is rolling out "Audio Emoji" to some users as part of an incoming update in the beta channel, version 128. As 9to5Google reports, they are "essentially stock sound effects attached to one of six different emoji." The list includes: clapping (applause), laughing, party, crying (trombone), poop, and sting (ba dum tss). From the report: When you, as the caller, select one of these "Audio Emoji," the Google Phone app will play a fun animation while a sound effect plays for a couple of seconds. The sound effect is heard on both ends of the phone call. There does seem to be a limit on how often you can use these sound effects, as there's a bit of a "cooldown" in between that prevents you from playing sounds back to back. That's probably for the best in the case of some of these.

Windows 11's market share dropped in April 2024, falling below 26% after reaching an all-time high of 28.16% in February. According to Statcounter, Windows 11 lost 0.97 points, while Windows 10 gained 0.96 points, crossing the 70% mark for the first time since September 2023. Neowin adds: Some argue that Windows 11 still offers little to no benefits for upgrading, especially in light of Microsoft killing some of the system's unique features, such as Windows Subsystem for Android. Add to that the ever-increasing number of ads, some of which are quite shameless, and you get an operating system that has a hard time winning hearts and minds, and retaining its customers.

Mishaal Rahman reports via Android Authority: Earlier today, a Senior Staff Software Engineer at Google who, according to their LinkedIn, leads the Android Systems Team and works on Android's Linux kernel fork, submitted a series of patches to AOSP that "remove ACK's support for riscv64." The description of these patches states that "support for risc64 GKI kernels is discontinued."

ACK stands for Android Common Kernel and refers to the downstream branches of the official kernel.org Linux kernels that Google maintains. The ACK is basically Linux plus some "patches of interest to the Android community that haven't been merged into mainline or Long Term Supported (LTS) kernels." There are multiple ACK branches, including android-mainline, which is the primary development branch that is forked into "GKI" kernel branches that correspond to a particular combination of supported Linux kernel and Android OS version. GKI stands for Generic Kernel Image and refers to a kernel that's built from one of these branches. Every certified Android device ships with a kernel based on one of these GKI branches, as Google currently does not certify Android devices that ship with a mainline Linux kernel build.

Since these patches remove RISC-V kernel support, RISC-V kernel build support, and RISC-V emulator support, any companies looking to compile a RISC-V build of Android right now would need to create and maintain their own fork of Linux with the requisite ACK and RISC-V patches. Given that Google currently only certifies Android builds that ship with a GKI kernel built from an ACK branch, that means we likely won't see certified builds of Android on RISC-V hardware anytime soon. Our initial interpretation of these patches was that Google was preparing to kill off RISC-V support in Android since that was the most obvious conclusion. However, a spokesperson for Google told us this: "Android will continue to support RISC-V. Due to the rapid rate of iteration, we are not ready to provide a single supported image for all vendors. This particular series of patches removes RISC-V support from the Android Generic Kernel Image (GKI)." Based on Google's statement, Rahman suggests that "there's still a ton of work that needs to be done before Android is ready for RISC-V."

"Even once it's ready, Google will need to redo the work to add RISC-V support in the kernel anyway. At the very least, Google's decision likely means that we might need to wait even longer than expected to see commercial Android devices running on a RISC-V chip."

The latest figures from IDC shows that Samsung's share in China's foldable smartphone market was 5.9% in Q1 2024. At one point, Samsung was pulling in a quarterly foldable market share of nearly 30% in China. From a report: It essentially came in dead last, as Samsung finds itself comprehensively beaten by the handful of companies that make foldable phones. This is also a significant decline over the previous year when Samsung's share was at 11%.

"South Korea is considering prohibiting the use of iPhones and smart wearable devices inside military buildings," reports the Defense Post, "due to increasing security concerns."

But the blog Apple Insider argues the move "has less to do with security and more to do with a poorly crafted mobile device management suite coupled with nationalism..." A report on Tuesday morning claims that the ban is on all devices capable of voice recording and do not allow third-party apps to lock this down — with iPhone specifically named... According to sources familiar with the matter cited by Tuesday's report, the iPhone is explicitly banned. Android-based devices, like Samsung's, are exempt from the ban...

The issue appears to be that the South Korean National Defense Mobile Security mobile device management app doesn't seem to be able to block the use of the microphone. This particular MDM was rolled out in 2013, with use enforced across all military members in 2021.

The report talks about user complaints about the software, and inconsistent limitations depending on make, model, and operating system. A military official speaking to the publication says that deficiencies on Android would be addressed in a software update. Discussions are apparently underway to extend the total ban downwards to the entire military. The Army is said to have tried the ban as well...

Seven in 10 South Korean military members are Samsung users. So, the ban appears to be mostly symbolic.
Thanks to Slashdot reader Kitkoan for sharing the news.

It's another speech-recognizing, AI-powered handheld device "about half the size of a phone," writes CNET. (Though the $199 device comes with a keyboard and a tiny 2.8-inch screen.) "The Rabbit R1 can identify items in its environment. Point it at a plant, and it can tell you what kind it is. Aim it at your lunch, and it can tell you what's in it.

"it also feels a bit like a novelty so far...." It can call an Uber, order dinner from Doordash, translate conversations, record voice memos, play songs from Spotify and more. Your phone can already do all of those things, but [CEO and founder Jesse] Lyu is promoting the Rabbit R1 as a faster and more natural way to do so... So far, the Rabbit R1 feels fun, fresh and interesting, but also frustrating at times. It intrigues me, but it also hasn't convinced me yet that there's room for another gadget in my life.... Many of the things it can do today feel smartphone-esque, like asking for the weather or playing songs on Spotify...

Visual search is the most interesting feature so far... It's pretty accurate for the most part so far. When I pointed it at my salad during lunch, it was able to tell me most of the ingredients. That's not what I asked. After all, who orders a dish without knowing what's in it? I asked the Rabbit R1 to tell me how many calories were in my lunch. While it couldn't provide the answer I wanted, I was impressed with its response... Overall, Rabbit R1's visual analysis worked pretty well for identifying things like plants and characters from pop culture. When describing my colleague's sneakers, the Rabbit R1 got the brand wrong...

So far, I've used the Rabbit R1 to take voice memos, translate speech from Spanish to English, and answer basic questions about things like weather forecasts. These features work as expected for the most part.
The article points out that Ray-Ban Meta Smart Glasses "also have multimodal AI, meaning the eyewear can 'see' what you see and tell you about it," and "you can already do something like this on your phone through Google's Gemini assistant on Android phones (or the Gemini section of the Google app for the iPhone).

"It's also very reminiscent of Google Lens, which has been around for years..."

Some Android-powered TVs can expose the contents of users' email inboxes if an attacker has physical access to the TV. Google initially told the office of Senator Ron Wyden that the issue, which is a quirk of how software is installed on these TVs, was expected behavior, but after being contacted by 404 Media, Google now says it is addressing the issue. From the report: The attack is an edge case but one that still highlights how the use of Google accounts, even on products that aren't necessarily designed for browsing user data, can expose information in unusual ways, including TVs in businesses or ones that have been resold or given away.

"My office is mid-way through a review of the privacy practices of streaming TV technology providers. As part of that inquiry, my staff discovered an alarming video in which a YouTuber demonstrated how with 15 minutes of unsupervised access to an Android TV set top box, a criminal could get access to private emails of the Gmail user who set up the TV," Senator Ron Wyden told 404 Media in a statement.

An anonymous reader shares a report: Consumer Intelligence Research Partners is out with a report on how iPhone activations compare to Android in the US. The latest data shows a notable drop over the last year bringing Apple's US smartphone market share of new activations back in time six years. CIRP shared its new iPhone report on its Substack this morning. The firm notes that while it believes Apple's installed smartphone base is higher than the recent share of US smartphone activations, the latter has taken a dive.

As shown below, the metric peaked at 40% for Q1 and Q2 in 2023 with Apple seeing a decline to 33% of new smartphone activations in the US as of Q1 2024, says CIRP. That means 2 out of 3 new smartphone activations in the US are Android devices. Per CIRP's data, Apple hasn't seen numbers that low since 2017.

An anonymous reader quotes a report from MIT Technology Review: Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto.

These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps -- built by major internet companies like Baidu, Tencent, and iFlytek -- basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.

In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties. Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping. [...] After the researchers got in contact with companies that developed these keyboard apps, the majority of the loopholes were fixed. But a few companies have been unresponsive, and the vulnerability still exists in some apps and phones, including QQ Pinyin and Baidu, as well as in any keyboard app that hasn't been updated to the latest version.