Google garnered quite a bit of backlash when it previously suggested the Pixel 8 wouldn’t get Gemini Nano, thus disallowing its base smartphone from on-device AI features. However, it recently went back on that decision, saying that it would actually bring AI features to the Pixel 8 and Pixel 8a after all. Now, reports indicate that Gemini Nano may soon be rolling out to the Pixel 8. The AI features themselves don't seem to be available just yet, but the option to enable them is, so it's a good idea to lay that groundwork now before the features actually roll out.

While many updates to your device might automatically have new features enabled by default, the Pixel 8's Gemini Nano features need to be enabled. That’s because the features that Nano will offer weren’t technically activated on the device’s chip just yet. To get around this, Google has now added a toggle that will turn on Gemini, but you’ll have to access the Android AICore features on your phone to set it up.

How to activate Gemini on Pixel 8

To activate Gemini on Pixel 8, you’ll first need to enable developer settings. To do this, navigate to Settings > About Phone and find the build number in the list (it’s down near the bottom).

Tap the build number seven times. You should see a popup saying that developer mode has been enabled.

To activate Gemini on Pixel 8, navigate to Settings > System > Developer options > AICore Settings.

If you have the toggle available on your phone, it should appear as an option in the list that reads Enable on-device Gemini features.

Tap the toggle to turn it on, and boom, you’ve activated Gemini features.

So what does that do exactly? Unfortunately, right now, it doesn’t really do anything. Google hasn’t released any of the on-device Gemini features to the Pixel 8, so we’ll need to wait for Google to add them to the device in a future Android Feature Drop—speaking of, Google just dropped eight new features in May’s feature drop.

Until the Gemini features actually release, this toggle doesn’t appear to do anything. But, having it enabled will prepare your device for any future feature releases ahead of time.

This week, security research group Zscaler reported they had discovered over 90 malicious Android apps available on the Play Store. The apps had been installed more than 5.5 million times collectively, and many were part of the ongoing Anatsa malware campaign, which has targeted more than 650 apps tied to financial institutions.

As of February of 2024, Anatsa infected at least 150,000 devices via several decoy apps, many of which are marketed as productivity software. While we don't know the identities of most of the apps involved in this latest attack, we do know about two: PDF Reader & File Manager, as well as QR Reader & File Manager. At the time of Zscaler’s investigation, the two apps had garnered over 70,000 installs between them.

How these malicious apps infect your phone

Despite Google’s review process for apps applying to the Play Store, malware campaigns like Anatsa are sneaky, and can utilize a multi-stage payload loading mechanism to help them evade these reviews. In other words, the app masquerade as legitimate, and only start a stealthy infection once installed on the user's device.

You might think you're downloading a PDF reader, but once installed and opened, the "dropper" app will connect to a C2 server and retrieve the configurations and essential strings that it needs. It will then download a DEX file containing the malicious code and activate it on your device. From there, the Anatsa payload URL is downloaded through a configuration file, and that DEX file installs the malware payload, completing the process and infecting your phone.

Luckily, all identified apps have been removed from the Play Store, and their developers have been banned. However, that won't delete these apps from your smartphone if you downloaded them. If you have either of these two apps on your phone, uninstall them immediately. You should also change the passcodes of any banking apps that you might have used on your phone to avoid your accounts being accessed by the threat actors behind Anatsa.

How to avoid malware apps

While malicious developers can be tricky with their attacks, there are some tips you can follow to determine if an app on the Play Store is legitimate. The first is to really pay attention to the app's listing: Look at its name, the description, and its images: Does everything match with the service the developers are advertising? Is the copy well written, or is it riddled with mistakes? The less professional the page appears, the more likely it is to be a fake.

Only download apps from publishers you can trust. This is especially true if you’re downloading a popular app, as malware apps sometimes impersonate high-profile apps on phones and other devices. Double-check the developer behind the app to make sure they're who they purport to be.

You should also check the requirements and permissions that the app asks for. Anything that asks for accessibility should usually be avoided, as this is one of the main ways that malware groups bypass the security parameters placed on many newer devices. Other permissions to look out for include apps asking for access to your contact list and SMS. If a PDF reader wants your contacts, that's a big red flag.

Read through the reviews for the app, as well. Watch out for apps that don't have many ratings, or ones where all the reviews seem suspiciously positive.

The app's support email address can also be telling. Many malware apps will have a random Gmail account (or other free email account) tied to their support email. While not every app will have a professional email listed for support, you can usually tell if something might be sketchy based on the information that the group provides.

Unfortunately, there’s no surefire way to avoid malware apps unless you don’t install apps at all. But, if you’re mindful of the apps that you’re installing and pay attention to the permissions, developer, and other important information, you can usually pick up on whether or not an app is sketchy.

New features are the best part of any software update, but surprise new features are even better. Google just announced a new feature drop today, complete with eight new features to try on your Android device. Surprisingly, these features don't have too much to do with AI, Google's big focus right now. Seeing as its AI Overviews project is going quite poorly, it's almost refreshing to see a handful of traditionally useful features coming to Android.

You can now edit your sent messages

Google is finally rolling out the ability to edit your RCS messages after you've sent them. You have 15 minutes after sending a message to make any changes. To find the option, long-press on the message. Google didn't clarify whether there was a limit to the number of times you could change a message before that 15 minute timer expired, but the change puts the company in line with other messaging platforms like iMessage and WhatsApp.

New Emoji Kitchen combinations

Emoji Kitchen is a feature that lets you combine compatible emojis together to create something brand new. (For example, a winking emoji and a ghost emoji become a winking ghost.) Google is now releasing new combinations for the feature, but they haven't listed all possible combos just yet. In the press release, they highlight only one combination, headphones and disco ball, as a way to "get ready for festival season." Presumably, there are more to discover, however.

Switch between devices during a Google Meet call

Going forward, you'll be able to jump between your connected devices while on a Google Meet call. To do so, tap the Cast button and swap from, say, your web browser to your Android phone or tablet. This is a great feature for those of us who need to leave our desktops during a meeting, but want to keep up with the call. It's also great for the opposite: If someone calls you on your phone while you're out and about, but you're still chatting when you get back home, you can switch to your computer and wrap up the call from your desk.

Join your hotspot without the password

Google is rolling out "instant hotspot," which will let you connect your Android tablet or Chromebook to your phone's hotspot without needing to punch in the password each time. It's a small but welcome change that should make connecting to your hotspot feel a bit more like connecting to a known wifi network. (Even if you still have to choose to connect to your hotspot each time.)

Google Home Favorites widget

The Google Home Favorites widget is now available on the home screen for those who sign up for Public Preview. With it, you can control smart devices from your phone's home screen without needing to open the Google Home app first. I can see this being particularly convenient for quick actions, like turning smart lights on and off, or checking in on stats for devices like smart thermostats.

Google Home Favorites on Wear OS

In addition, Google is making a Google Home Favorites tile and complication (essentially a feature on the watch face) for your Wear OS smartwatch. So, same deal as above, just on your watch, if you'd prefer to adjust your smart home devices from your wrist.

PayPal is now on Google Wallet on Wear OS

In an update to Google Wallet, PayPal is now an option when paying for something with your Wear OS smartwatch, at least if you're in the U.S. or Germany.

Digital car keys

Google is taking this moment to roll out digital car keys on Android, starting with "select MINI models," and extending to select Mercedes-Benz and Polestar models at a later date. When you have a car that supports the feature, you'll be able to lock, unlock, or start your car with your phone, as well as share digital car keys with trusted contacts. Digital car keys, like those on iOS, are a slow-growing technology for a myriad of reasons, including cybersecurity and a lack of standardization. The more companies like Google embrace the tech, the likelier it is auto manufacturers will want to add the feature to their cars.

If you're looking for a new Android phone to try out these new features (as well as the rest Android has to offer), check out some of these recommendations from our sister site PCMag:

Samsung Galaxy S24 Ultra 256GB Unlocked Phone (Titanium Black)

$1,237.00 at Amazon

$1,299.99 Save $62.99

Shop Now

Shop Now

$1,237.00 at Amazon

$1,299.99 Save $62.99

Samsung Galaxy Z Fold 5

$1,799.99 at Samsung

Shop Now

Shop Now

$1,799.99 at Samsung

Google Pixel 8

$699.00 at Best Buy

Shop Now

Shop Now

$699.00 at Best Buy

Google Pixel 8 Pro

$874.99 at Amazon

$999.00 Save $124.01

Shop Now

Shop Now

$874.99 at Amazon

$999.00 Save $124.01

OnePlus 12

$799.99 at Best Buy

Shop Now

Shop Now

$799.99 at Best Buy

SEE 2 MORE

Read more of this story at Slashdot.

Android devices come with location services. Some apps need access to location services to function properly. However, there may be reasons why you don’t want your device to be located, often because you don’t want to be found and the device is always with you.

Depending on who you are trying to hide your location from, there are several levels of hiding your location.

Disclaimer: the exact instructions for your make and model of Android device may look a bit different.

Turn off location for particular apps

There are apps active on most Android devices that could give away the location of the device. To check which apps have access to your device’s location:

• Swipe down from the top of the screen.
• Find the Location icon
• Touch and hold Location.
• Tap App location permissions.
• Under Allowed all the time, Allowed only while in use, and Not allowed, find the apps that can use your device’s location.
• To change the app’s permissions, tap it. Then, choose the location access for the app.
• If you see any apps that you don’t recognize, be sure to turn the permission off.

Turn off location entirely

Alternatively, you can turn Location off entirely:

• Swipe down from the top of the screen.
• Find the location icon
• If it’s highlighted, tap it to turn it off.
• You’ll see a warning that some apps may not function properly. Confirm by tapping Close.

Turn off Find My Device

Find My Device is a service which makes your device’s most recent location available to the first account activated on the device. Find My Device is included with most Android phones, and it’s automatically turned on once you add a Google account to your device.

How to turn off Find My Device:

• Open Settings.
• Tap (Biometrics &) Security.
• Tap Find My Device, then tap the switch to turn it off.

Turning off Find My Device may backfire if you ever truly need to find your device because you lost it. But if someone may have the login credentials for the Google account associated with the phone, you may want to turn it off.

The last resort is to turn your phone off.

Even in airplane mode, GPS on your phone is still working. As long as a phone isn’t turned off, it’s possible to track the location because the device sends signals to nearby cell towers. Even when it’s turned off, the service provider or internet provider can show the last location once it’s switched back on.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

With the release of the Google Pixel 8 lineup last fall, the Pixel 7 lineup understandably lost some of its luster. But these are still great phones and very appealing at the right price—and I would argue that Woot has found it.

Until June 1 (or while supplies last), you can get a new, unlocked Google Pixel 7 Pro for more than 50% off its original $899 price, with the 128GB model starting at $399.99. And if you'd rather save some more money over having a fancier camera, the 128GB Google Pixel 7 is $354.99 (originally $599.99) after a 41% discount. (Note that Woot only ships to the 48 contiguous U.S. states in the U.S. If you have Amazon Prime, you get free shipping; otherwise, it’ll be $6.)

Google Pixel 7 Pro (Unlocked)

5G Android Phone - Unlocked Smartphone with Telephoto/Wide Angle Lens, and 24-Hour Battery

$399.99 at Woot

$899.99 Save $500.00

Get Deal

Get Deal

$399.99 at Woot

$899.99 Save $500.00

During Black Friday, the 256GB Pixel 7 Pro reached $699 on Best Buy and Amazon and later dropped to $599 around Christmas. Now you can get the 256GB version for $439.99, the lowest price I've seen (even cheaper than Amazon). The same goes for the 128GB and 512GB versions. I think 128GB will be enough space for most people, but doubling the storage for $40 is not a bad deal. When the Google Pixel 7 Pro came out in October of 2022, our friends at PCMag named it the best Android phone on the market and gave it an "excellent" rating.

Google Pixel 7

5G Android Phone - Unlocked Smartphone with Wide Angle Lens and 24-Hour Battery - 128GB

$354.99 at Woot

$599.99 Save $245.00

Get Deal

Get Deal

$354.99 at Woot

$599.99 Save $245.00

When Google released both of these phones, the Pixel 7 had a strong leg to stand on, with a $300 difference that justified its place. Right now, the difference between both of these phones is $45. The Pixel Pro has a better telephoto camera, better Super Res Zoom, and a larger display with a slightly better refresh rate, as pointed out by Senior Tech Editor Jake Peterson in the head-to-head breakdown of these phones. But if you don't care about those things, spend that $45 on a very nice phone case.

In general, Pixel phones are impressive devices and my personal favorite smartphones. My Pixel 6a is still going strong, though at this price, I'd consider upgrading, were it giving me any problems at all. Alas, I'll have to restrain myself for a while longer: As Google continues to offer even older Pixels security fixes as well as quarterly feature updates (including the "circle to search" capability), my 6a will be well supported for years to come—and the Pixel 7 Pro should last you even longer.

The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the target’s device.

What goes around comes around, you might say. As you may have read many times before on our blog, some spyware companies have a surprisingly low standard of security .

In 2021, we reported that “employee and child-monitoring” software vendor pcTattletale hadn’t been very careful about securing the screenshots it sneakily took from its victims’ phones. A security researcher found an issue while using a trial version of pcTattleTale, noticing that the company uploaded the screenshots to an unsecured online database (meaning anyone could view the screenshots as they weren’t protected by any form of authentication—such as a user name and password).

Last week another security researcher, Eric Daigle, found the company appears to have learned nothing from its previous security issue. Daigle found that pcTattletale’s Application Programming Interface (API) allows any attacker to access the most recent screen capture recorded from any device on which the spyware is installed. Despite repeated warnings from Daigle and others, no improvements were made.

Then, yet another researcher found yet another bug in pcTattletale which allowed them to gain full access to the backend infrastructure. This allowed them to deface the website and steal the AWS credentials which turned out to be the same for all devices. Amazon has now locked pcTattletale’s entire AWS infrastructure.

After a quick sweep, stalkerware researcher, Maia Crimew stated:

“pcTattletale currently holds over 17 terabytes of victim device screenshots (upwards of 300 million of them from over 10 thousand devices), with some of them dating back to 2018.”

According to 2023 research from Malwarebytes, 62 percent of people in the United States and Canada admitted to monitoring their romantic partners online in one form or another, from looking through a spouse’s or significant other’s text messages, to tracking their location, to rifling through their search history, to even installing monitoring software onto their devices.

Given the low security of the apps available to home users, this is extremely concerning. Installing monitoring software is not just a huge invasion of privacy, there is a big chance that it will backfire.

Removing stalkerware

Malwarebytes, as one of the founding members of the Coalition Against Stalkerware, makes it a priority to detect and remove stalkerware-type apps from your device. It is good to keep in mind however that by removing the stalkerware-type app you will alert the person spying on you that you know the app is there.

Because the apps install under a different name and hide themselves from the user, it can be hard to find and remove them. That is where Malwarebytes can help you.

1. Open your Malwarebytes dashboard
2. Tap Scan now
3. It may take a few minutes to scan your device.

 If malware is detected you can act on it in the following ways:

• Uninstall. The threat will be deleted from your device.
• Ignore Always. The file detection will be added to the Allow List, and excluded from future scans. Legitimate files are sometimes detected as malware. We recommend reviewing scan results and adding files to Ignore Always that you know are safe and want to keep.
• Ignore Once: A file has been detected as a threat, but you are not sure whether to add it to your Allow List or delete. This option will ignore the detection this time only. It will be detected as malware on your next scan.

On Windows machines Malwarebytes detects pcTattleTale as PUP.Optional.PCTattletale.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Today is Memorial Day, and sales on laptops, TVs, headphones, and smartphones are in full swing. Phone companies will generally have better deals (especially for brand new customers), but if you're looking for an unlocked phone without any strings attached, these are your best bet.

256GB AI Smartphone, Unlocked Android, 200MP, 100x Zoom Cameras, Long Battery Life, S Pen, 2024.

Samsung Galaxy S24 Ultra 256GB

$1,237.00 at Amazon

$1,299.99 Save $62.99

Get Deal

Get Deal

$1,237.00 at Amazon

$1,299.99 Save $62.99

256GB AI Smartphone, Unlocked Android, 50MP Camera, Fastest Processor, Long Battery Life, US Version

Samsung Galaxy S24+

$799.99 at Amazon

$999.99 Save $200.00

Get Deal

Get Deal

$799.99 at Amazon

$999.99 Save $200.00

2023, Unlocked, Made for US 8/256GB, 50MP Camera

Motorola Edge

$349.99 at Best Buy

$599.99 Save $250.00

Get Deal

Get Deal

$349.99 at Best Buy

$599.99 Save $250.00

2023, Unlocked, Made for US 6/256GB, 50 MPCamera, Cosmic Black, 162.83x73.77x9.29

Motorola Moto G Stylus 5G

$249.99 at Amazon

$399.99 Save $150.00

Get Deal

Get Deal

$249.99 at Amazon

$399.99 Save $150.00

5G Android Phone - Unlocked Smartphone with Telephoto , Wide Angle Lens, and 24-Hour Battery - 128GB

Google Pixel 7 Pro

$399.99 at Woot

$899.00 Save $499.01

Get Deal

Get Deal

$399.99 at Woot

$899.00 Save $499.01

SEE 2 MORE

The Samsung Galaxy Ultra and Plus

If you're looking to upgrade to one of the latest Android phones, the Galaxy Ultra and Galaxy Plus are both seeing good deals through multiple retailers. The Galaxy Ultra is a flagship phone with impressive AI features. The best place to get the Galaxy S24 phones is Amazon, where they are currently going for $1,039.99 (originally $1,299.99) for the 256GB Galaxy S24 Ultra and $799.99 (originally $999.99) for the 256GB Galaxy S24+.

If you're looking to trade in any tech products, Best Buy and Samsung are also offering deals on both Galaxy S24 smartphones.

Motorola smartphones starting at $249.99

The Motorola Moto G Stylus 5G and Motorola Edge are decent budget phones by today's standards, and at their current prices, they're great deals for Android users looking to save money without giving up too much of the "smart" aspects of a smartphone.

The Motorola Moto G Stylus 5G is $249.99 (originally $399.99) for the 256GB version, a great option for those looking for good battery life and like to work with a stylus. You can read more about it in PCMag's review.

If you don't care about a stylus and would prefer a slightly better-performing software at the cost of a shorter battery life, consider the Motorola Edge for $349.99 (originally $599.99) after a 42% discount from Amazon. You can read more about it in PCMag's review.

The best Memorial Day smartphone deal is the Google Pixel 7 Pro

The Google Pixel 7 Pro came out in the fall of 2022 and was considered the best Android phone for its time, according to PCMag's review. In general, Pixel phones are impressive devices and my personal favorite smartphones. (I still use my Pixel 6a without any issues.) Woot is offering the Pixel 7 Pro for an impressive $399.99 (originally $899.99), undercutting Amazon's own Pixel 7 Pro deal, which would otherwise also be a great deal. This is the cheapest I've seen the Pixel 7 Pro and I would personally upgrade if my 6a were exhibiting any signs of giving up. If you're looking for a high-end Android phone for an affordable price, you should take the Pixel 7 Pro, which will be covered by Google's ongoing security updates and Pixel feature updates for years to come.

Top camera, chip, seven years of updates and advanced Google AI tools beats the competition

Google’s latest mid-range A-series Pixel handset steps it up a notch, bringing almost every feature from its high-end phones down to a more affordable price, including the latest AI and camera tricks.

The Pixel 8a starts at £499 (€549/$499/A$849). That may be £50 more than last year’s 7a, but the new model improves just about everything, and undercuts the Pixel 8 by £200.

Screen: 6.1in 120Hz FHD+ OLED (430ppi)

Processor: Google Tensor G3

RAM: 8GB

Storage: 128 or 256GB

Operating system: Android 14

Camera: 64MP + 13MP ultrawide, 13MP selfie

Connectivity: 5G, Sim and eSim, wifi 6E, NFC, Bluetooth 5.3 and GNSS

Water resistance: IP67 (1m for 30 minutes)

Dimensions: 152.1 x 72.7 x 8.9mm

Weight: 188g

Last week, Google dropped the second beta for Android 15, giving us our first public look at new features like App Pairs and Private Space. But the tech giant also snuck in another update for Pixel phones, bringing back a useful volume feature that has been missing since 2021.

The feature in question allows you to fully control the volume of Google Home speaker groups consisting of Google products while casting. So, if you have Google speakers connected to your Pixel via Google Home, the volume menu will allow you to adjust each speaker's output without needing to be in the app you're casting content from. Google actually removed this functionality back in 2021 in response to a lawsuit from Sonos.

Google Pixel 8a

$499.00 at Google Store

Shop Now

Shop Now

$499.00 at Google Store

Fast forward a couple of years, and a judge in California overturned the verdict favoring Sonos. At that time, Google immediately re-enabled the option to add Nest speakers, Chromecast devices, and Nest displays to multiple speaker groups in Google Home. It was a bit of a homecoming for users with multiple speakers within the Google ecosystem. However, one feature was still missing: the ability to control those speaker groups even when not in a specific media app.

As Android Authority explains, before Android 15 Beta 2, casting to a speaker group with Nest or Google Home devices on your Pixel device required you to remain in the app that you were casting from. So, if you were sending music from Spotify to one or more Google speakers, you'd need to remain in that app, without opening any others, to be able to control the volume of your speakers from the volume rocker on the side of the phone. If you opened any other app, you'd have to re-open the app that you were casting from to control the speaker group. A bit inconvenient, no?

Other phones have been able to take advantage of full speaker group volume control before the new beta, as the feature has been baked into the Android AOSP (the base level of Android that manufacturers build their own versions off of) for years. Finally, Google's flagship phone is back on track.

Read more of this story at Slashdot.

Some of our loyal readers may remember my little mishap when I was able to track my wife by accident after inadvertently adding myself to her phone as a user.

For exactly that reason we want to warn against sharing devices and at least show you how to remove other people’s accounts from your device.

The steps may be slightly different depending on your Android version, device type, and vendor, but most users should be able to follow these steps.

For the primary user:

• Open Settings
• Tap System > Multiple users.

If you can’t find this setting, try searching your Settings app for users.

• Tap the name of the user you want to remove.
• Tap Delete user > Delete. If successful, the user will be removed from the list.
• If you want to stay the only user, you can turn the Multiple users feature off.

If you’re not the primary user (you can’t delete the primary user):

• Under Multiple Users tap More (three stacked dots).
• Tap Delete [username] from this device. Important: You can’t undo this.
• The device will switch to the owner’s profile.

Note: Android devices allow two types of additional users:

• Secondary user: This is any user added to the device other than the system user. Secondary users can be removed (either by themselves or by an admin user) and cannot impact other users on a device. These users can run in the background and continue to have network connectivity.
• Guest user: Temporary secondary user. Guest users have an explicit option to quickly delete the guest user when its usefulness is over. There can be only one guest user at a time.

Another privacy issue can be caused by having additional accounts on the device. Accounts are contained within a user but are not linked to a particular user. The tracking issue I discussed was caused by adding one of my Google accounts to my wife’s phone.

To remove unwanted accounts:

• Under Settings, tap on Accounts and Backups
• Then tap on Manage Accounts
• Select the account you want to remove and you will see the option to do that.

If you’re having trouble finding any of these settings on your specific Android device, reach out through the comments and when we can, we’ll add as many specific instructions as possible to the post.

Google has been working hard to add more accessibility features to your Android phone. The company recently revealed some of these as part of a feature update announced on Global Accessibility Awareness Day. The new features include AI powered image captions to help people with low vision, an easier way to find objects, and detailed accessibility data for places listed on Google Maps (on Android, iOS, and desktop). Here are the best new accessibility features coming to Google products.

An easier way to find objects

For people with low vision, Google's Lookout for Android tool is a boon for independence. It allows you to use your phone's camera to find out more about things around you. Google is now rolling out Lookout's Find mode in beta, which lets you locate objects in your immediate space. Google says that you will be able to select from seven categories of items (including bathrooms, seating, and tables) and use the camera to spot them. This feature will tell you which direction the object or place is in, and how far it is from you. Lookout can also now immediately provide AI-generated captions for photos taken directly in the app.

Type by just looking at your phone

Look to Speak is getting a new feature that takes text out of the equation. This Android tool has been around since 2020 and allows users to simply look at prewritten customized phrases to have their phone speak them aloud. Google says it makes communication easier for people with cognitive challenges and literacy related issues, and can even help surmount language barriers.

Now, instead of having to look at phrases, users can set emoji and photos to read out preselected phrases instead. For instance, looking at the hand waving emoji can make your phone say, "Hello."

Easier access to accessibility information in Google Maps

Google has made it easier to find accessibility-related information in Google Maps, regardless of platform. The company says this information is now available for over 50 million locations. To find it easily, there is an accessibility icon in the app that gives you details about how accessibility friendly the location is. While this icon was previously available on Google Maps for Android and iPhone, it's now also available on desktop.

Improved walking instruction for people with low vision

In the Google Maps app for iOS and Android, the Lens feature is getting better at giving you walking instructions. Intended for people who have low vision or are blind, the app's walking instructions now read out the names and categories of places near you, and tell you how far away each place is as well. Google says its voice guidance feature will let you know if you're going in the right direction, redirect you if you're not, and even tell you if you're at a busy intersection.

Better support for information about hearing devices

Locations that support Auracast, a technology that casts audio to hearing devices, can now display that information on their business profile in Google Maps. If you have an Auracast-enabled Bluetooth hearing aid, this information will benefit your visits to popular venues such as auditoriums, gyms, and theaters.

Enhanced Sound Notifications alerts

The Sound Notifications feature alerts you when a smoke alarm goes off, a doorbell rings, or when there are other sounds around you. It works by sending push notifications, firing your phone's flash, or vibrating the phone. Google says Sound Notifications now has a better setup process, lets you browse sound events to see which sounds were heard around you, and lets you save custom sounds for appliances in your house.

When it comes to the best Android tablets, Samsung's Galaxy Tab series has some of the best in class for many categories. The S9, S8, and S6 Lite series have great options for budget, midrange, and high-end tablets. But if there is one Android tablet that is best value for your money and considered "budget," it's the Samsung Galaxy Tab A9+ tablet. Right now, the Galaxy Tab A9+ starts at $159.99 (originally $219.99) after a $60 discount from Samsung's summer sale leading up to Memorial Day, bringing it down to its lowest price yet per price checking tools.

Samsung Galaxy Tab A9+

64GB Android Tablet, Big Screen, Quad Speakers, Upgraded Chipset, Multi Window Display, Slim, Light

$159.99 at Samsung

$219.99 Save $60.00

Get Deal

Get Deal

$159.99 at Samsung

$219.99 Save $60.00

The Samsung Galaxy Tab A9+ is considered one of the best-value Android tablets by PCMag, who gave it an "excellent" review. They named it their Editor's Choice for the best affordable Android tablet for its low price, large 11-inch screen, expandable storage, good performance, and ability to handle productivity tasks smoothly with Samsung's software aids. This Samsung tablet came out in 2023 and starts with 4 GB of RAM, 64 GB of storage, a Qualcomm Snapdragon 695 processor, and an 11-inch LCD screen with 1920 x 1200 resolution. You can get the 128 GB storage version for $209.99 (originally $269.99). Both versions have a 5MP front-facing camera and an 8MP on the back.

Most people will probably want more than the 64 GB of storage that the base model offers. If you already have storage at home, keep in mind that the tablet has a microSD slot for expandable storage. The battery will last for around seven hours of use, which isn't impressive, but for a budget tablet, it's expected.

Of all the new Android 15 features that Google has told us about so far, one of the most significant—and potentially most useful—is called Private Space. As you might have figured out from the name, it gives you a separate section on your Android phone for storing your most sensitive apps and files.

While there are already features like this available on Android, from the Safe Folder in the Files by Google app to Samsung's Secure Folder tool, Private Space is aiming to be the most comprehensive—and will be built right into the mobile OS. If you've installed the Android 15 beta, you can give it a try right now.

Here's how Private Space works on a Pixel 8, and the ways you'll be able to use it when Android 15 rolls out fully later this year. Do bear in mind, though, that Google may tweak the feature between now and then, so it may not look exactly like this when it does start appearing in the stable version of Android.

Setting up Private Space

Your private space is available at the bottom of the app drawer. Credit: Lifehacker

Private Space can be enabled from Settings, via the Security and privacy page. Tapping on Private space reveals an information screen explaining how it all works, and then there's a Set up button to get started. It's worth reading through the details provided by Google to make sure you fully understand what the feature involves.

You can use Private Space with or without a Google account—and it doesn't necessarily have to be the same Google account you're using with your Android device. If you use a second Google account, it means photos, browsing data, and other files can be synced to this account rather than your main one.

If you go without a Google account altogether, this limits what you can do in the private space. You will be able to capture and save photos and videos, but you'll need to back them up manually. You can still use Google Chrome, but you won't get any of the syncing features you get when you're signed in.

If you want to use any apps other than those that appear in Private Space by default—so that's Camera, Chrome, Contacts, Files, Photos and Play Store—then you'll need to sign into a Google account. This is the same if you use Android in general without a Google account: You can't then install any third-party apps.

Tapping on Set up takes you through a couple of configuration screens that take just a minute to work through: You can choose a Google account to use with the private space, if you want to, and you can set up a new screen lock for the space (such as a new passcode), or use the protections that are already in place for your phone.

Using Private Space on your phone

The private space can lock itself automatically. Credit: Lifehacker

To get to your private space, you need to load up the app drawer with a swipe up from the home screen. The locked space is down at the bottom, and you can open it up (and close it again) by tapping on the padlock symbol. Use the Install apps link to add new apps to the private space, and the gear icon to open up its settings.

Using Private Space is a bit like using a separate Android device—a separate smartphone on your current smartphone (though of course if you use the same Google account in both places, a lot of your files and settings are going to sync across). It's also similar to the profiles feature on Android, but without the hassle of having to switch between profiles.

Open up the private space settings via the gear icon, and you're able to change the screen lock used for the space, and set the automatic lock options: Your private space can lock itself every time the device is locked, or after five minutes of inactivity, or every time the device is restarted.

You can also enable Hide private space when it's locked, so other people can't easily see it if they somehow get at your phone. When the private space is hidden, you need to head up to the search bar at the top of the app drawer, then look for "private space." Tap the link that appears, and you're then able to open it as normal.

The settings screen also has a Delete private space option on it. This wipes everything in the space and puts your phone back to normal. The process can't be reversed—any files that haven't been backed up somewhere else will be gone forever.

Google has officially moved Android 15 into its second beta, bringing with it a slew of new things for developers and early Android 15 users to check out. Now that the beta has been available for over a month, more devices are starting to gain access to the first version, giving users beyond the Pixel family a chance to check out the latest changes to the operating system.

Android 15, of course, is the next version of Google's mobile OS, and it continues to offer new AI features for Android users to take advantage of. Android 15 beta 2 is only available on select Pixel devices at the start, with the list of supported devices including:

• Pixel 6

• Pixel 6 Pro

• Pixel 6a

• Pixel 7

• Pixel 7 Pro

• Pixel 7a

• Pixel Tablet

• Pixel Fold

• Pixel 8

• Pixel 8 Pro

Google Pixel 8 Pro

$899.99 at Amazon

$999.00 Save $99.01

Get Deal

Get Deal

$899.99 at Amazon

$999.00 Save $99.01

Beyond Pixel devices, there are other third-party Android phones that support the Android 15 beta. However, keep in mind that the version of the beta available is also dependent on what the manufacturer of these devices has readied for them. Most of these devices are for international users, and cannot be used in the United States:

• HONOR Magic 6 Pro: BVL-N49 8.0.0.148(C431E4R2P2), 8.0.0.152(C636E2R2P2) or higher

• HONOR Magic V2: VER-N49 8.0.0.105(C431E2R2P2), 8.0.0.105(C636E2R2P2) or higher

• vivo X100

• iQOO 12

• Lenovo Tab Extreme

• Nothing Phone (2a)

• OnePlus 12

• OnePlus Open

• Oppo Find N3

• Realme 12 Pro+ 5G

• Sharp AQUOS sense8

• TECNO Camon 30 Pro

• Xiaomi 14

• Xiaomi 13T Pro

• Xiaomi Pad 6S Pro 12.4

Android 15 has been available in the Android Developer Preview since February, but Google recently opened the virtual floodgates to get early adopters involved, too. New features debuted in Android 15 beta 1 include an edge-to-edge display mode for apps by default, which should make it easier for developers to create apps to show content behind the system bars.

Google is also upgrading the NFC experience on Android 15 to provide a more seamless and reliable experience for tap to pay. A big change, too, makes it easier to archive and unarchive apps, which should help with cleaning up your Android device, though it will still require some input from developers. You can get a look at all the Android 15 features we know about so far, but most of them seem to be aligned with making the operating system more efficient for users.

New Android 15 beta 2 features

With the release of beta 2, Google rolled out some new features to Android 15: Following changes to foreground services, battery life should be more efficient when running apps. Google has also increased support for page sizes to 16KB, which should allow for lower app launch times, faster camera launch, and reduced power draw during launch. The company is also modernizing how the Android system accesses the GPU to provide a more efficient pipeline for those functionalities that rely on your smartphone's GPU.

There are also some great new privacy features this year, including private space, which allows users to create a separate space to house certain apps. Private space requires additional authentication to access, which makes it a secure way to store those apps that contain sensitive information, such as your banking apps. Larger screen multitasking also makes its first debut in the second beta for Android 15: You can now save your favorite split-screen app setups and access them at any time. Transitions from full-screen to picture-in-picture mode should also be smoother.

Widgets are also getting a bit of a facelift in Android 15 beta 2, with Google adding support for richer widget previews, as well as generated previews: That way, you can actually see what the widget looks like before adding it to your home screen. Speaking of previews, predictive back, the feature that shows you a preview of which app or service you're swiping back to, is also fully rolling out with this beta.

In addition, there are new data types for Health Connect, which offer a more centralized way for users to control access to their fitness and health data. Google is also extending the "choose how you're addressed" system setting, which it originally debuted to French users. This will allow users to decide if they want to be addressed as masculine, feminine, or neutral.

Other behind-the-scenes changes include some fixes to help avoid clipped text in some languages, as well as a new Japanese Hentaigana font, a CJK variable font, and options to enable richer vibrations for notifications. The latter gives Android users a way to distinguish between different notifications based on the vibrations their phone users.

Beta releases are expected to continue throughout the rest of May and June, and Google says it hopes to reach platform stability by the end of June. The target would be a fall release for Android 15, which is also when we expect to see the latest Pixel devices hit the market, based on past releases. Of course, Google is still keeping the full list of new Android features close to the chest, and we don't expect to learn about everything the tech giant has in store until it reveals its next lineup of smartphones later this year. But if you're interested in testing out the latest version of Android, you can download Android 15 beta 1 and beta 2 right now, on applicable devices.

Just remember, beta software is unfinished and in-testing, which means you could encounter bugs and glitches. Don't install the Android beta on your main smartphone unless you're okay assuming those risks.

Android 15 is in the works over at Google HQ, and there are plenty of changes to look forward to. But in my view, the best part of future Android updates aren't some flashy new features: Instead, I'm most excited for these new security features that should make everybody's Android phones safer.

Private space

"Private space" is a new security feature in Android 15 that lets you hide apps containing sensitive information from view of the home screen or app drawer. This is an awesome change: Whether you're handing your unlocked phone to a friend, or someone cracks your PIN and goes snooping through your apps, any programs you designate to the private space will be hidden from view.

This is a great idea for financial apps, like banking and money-transfer apps, but also for apps containing private information. Perhaps you want to keep certain messaging apps out of sight, or a particular files app from your public screen.

Even better, notifications from apps you place in your private space are hidden as well. That way, no one will see when someone has sent you a message if that messaging app is in private space, nor will they see any alerts from your bank.

By default, private space lives at the bottom of the app drawer, but you can choose to hide it from view entirely as well. Either way, you can set a new PIN for private space that's separate from your phone's passcode. That way, even if someone breaks into your Android, they won't know the PIN for private space, and all the apps therein will be protected.

Theft Detection Lock

I have to say, Google really upped the ante with Theft Detection Lock: This feature can detect when someone takes your Android out of your hand, and either runs, bikes, or drives away with it. Google actually worked to figure out each "common motion associated with theft" in order to build that sense in Android.

Once your Android does detect a theft, it locks itself right up. For the most part, thieves need your Android unlocked in order to access the phone and its data. Unless they were sly enough to spot your PIN before taking the phone, a locked phone is essentially useless.

If a thief does manage to take your phone without detection, Android has some other tools this year: If the thief disconnects the phone from the internet, theft protection may kick in and lock the phone. If they fail to enter your PIN too many times when trying to access sensitive settings, the phone will also lock.

This one isn't an Android 15 exclusive, either: As long as you're running Android 10 or newer, you can access it.

Authentication lock, à la Apple

Google is adding one of Apple's best security features to Android this year: authentication lock. This security measure ensures that even if a thief is able to force a factory reset on your stolen Android, they won't be able to proceed with set up without providing the credentials for the Google Account connected to the device. (Now that Android has authentication lock, by the way, there may be a rise in a common scam on stolen phones and devices. Don't fall for it.)

Extra security steps, à la Apple

Google is also adding another great Apple security feature to Android: When you disable Find My Device or extend the time before your screen automatically locks, Android will require your phone's passcode or biometric authentication before proceeding. In addition, "enhanced authentication" requires biometric authentication when you try to change "critical settings" on your Google Account or device. That includes when changing your PIN, disabling theft protections, or trying to access your passkeys from a new location.

It's similar to Apple's Stolen Device Protection, which requires a Face ID or Touch ID scan when accessing certain sensitive settings.

Remote Lock in Find My Device

Let's say your phone is stolen, and you can't remember your Google Account password in order to lock the phone via Find My Device. Google's new Remote Lock feature lets you lock your phone by providing your phone number and authenticating yourself on another trusted device. From here, you can remotely reset your phone if you want to ensure no one can access its data. This feature will be available on Android 10 and newer later this year.

Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.

The post Android 15 Brings Improved Fraud and Malware Protections appeared first on SecurityWeek.

In the digital realm, security is paramount, especially when it comes to the applications we use daily. Recently, concerns have surfaced regarding vulnerabilities in popular Android applications available on the Google Play Store. Revelations by the Microsoft Threat Intelligence team have unearthed a WPS Office exploit dubbed the Dirty Stream attack, casting a spotlight on […]

The post Xiaomi and WPS Vulnerabilities: File Overwrite Risks Alert appeared first on TuxCare.

The post Xiaomi and WPS Vulnerabilities: File Overwrite Risks Alert appeared first on Security Boulevard.

Cars with screens aren’t going away anytime soon. Even as scientists bemoan their distractions, companies are embracing them for their adaptability. Case in point: Google is adding even more apps to cars with Android Auto (which runs off a phone) or Google built-in (which is powered by the car itself). Plus, devs are going to have a much easier time bringing their own games and streaming apps to cars in the future.

The news follows Google’s I/O keynote yesterday, and is one of the company’s bigger drops outside of the realms of AI or mobile phones. The best part? Google doesn’t have to do much to make it work, and neither do developers.

Essentially, Google will now bring existing Android apps to cars “without the need for new development or a new release to be created,” Google product managers Vivek Radhakrishnan and Seung Nam said in a press release. This means the Android Auto and Google built-in ecosystems are potentially about to get much larger, all while relying on work that already exists. 

Any app that already works with a large screen could soon naturally also work in the car, with a new tiered system that differentiates Android apps between those built specifically for auto, those with special features on auto, and those made for tablet or phone that just happen to also work on auto. Developers looking to get in on that final tier, “Car ready mobile apps,” can request a review to participate soon, but Google will also start automatically distributing existing Android apps it considers car ready “in the coming months.”

Those concerned about safety can breathe a sigh of relief for now. While Google says it will be starting with categories like gaming apps, video apps, and web browsers, these will only work while the car is parked. There are plans to “expand to other app categories in the future,” so we have yet to see whether any car ready mobile apps will actually be available while driving.

In the meantime, Google is proactively adding a few apps to auto as well, though only to cars with Google built-in. These include Max and Peacock, as well as a version of Angry Birds. Customers with compatible Rivian cars will also soon be able to cast video content to their vehicle, a first for the famously mirroring-prone brand. Other brands are set to follow suit, though again, only those with Google built-in. Again, all of these apps will need your car to be parked for them to work.

None of these quite match Elon Musk’s promise to turn Teslas into full gaming rigs, but for those of us who miss the days of physical buttons and dials, maybe that’s not such a bad thing.

Google released Android 15 beta 2 today, and with it, they unveiled some more of the new features coming to Android later this year when the final release lands. Android 15 comes with something called a private space, an area with an extra layer of authentication where you can keep applications and data hidden away, such as banking applications or health data. It’s effectively a separate user profile, and shows up as a separate area in the application drawer when unlocked. When locked, it disappears entirely from sight, share sheets, and so on.

Another awesome new feature is Theft Detection Lock, which uses Google “AI” to detect when a phone is snatched out of your hands by someone running, biking, or driving away, and instantly locks it. Theft like this is quite common in certain areas, and this seems like an excellent use of “AI” (i.e., accelerometer data) to discourage thieves from trying this.

There’s also a bunch of smaller stuff, like custom vibration patterns per notification, giving applications partial access to only your most recent photos and videos, system-wide preferences for which gender you’d like to be addressed as in gendered languages (French gets this feature first), and a whole lot more.

Developers also get a lot to play with here, from safer intents to something like ANGLE:

Vulkan is Android’s preferred interface to the GPU. Therefore, Android 15 includes ANGLE as an optional layer for running OpenGL ES on top of Vulkan. Moving to ANGLE will standardize the Android OpenGL implementation for improved compatibility, and, in some cases, improved performance. You can test out your OpenGL ES app stability and performance with ANGLE by enabling the developer option in Settings -> System -> Developer Options -> Experimental: Enable ANGLE on Android 15.

↫ Android developer blog

You can install Android 15 beta 2 on a number f Pixel devices and devices from other OEMs starting today. I installed it on my Pixel 8 Pro, and after a few hours I haven’t really noticed anything breaking, but that’s really not enough time to make any meaningful observations.

Google also detailed Wear OS 5.

Later this year, battery life optimizations are coming to watches with Wear OS 5. For example, running an outdoor marathon will consume up to 20% less power when compared to watches with Wear OS 4. And your fitness apps will be able to help improve your performance with the option to support more data types like ground contact time, stride length and vertical oscillation.

↫ Android developer blog

Wear OS 5 will also improve the Watch Face Format with more complications, which is very welcome, because the selection of complications is currently rather meager. Wear OS 5 will also ship later this year.

During yesterday's big Google I/O keynote, Google talked about a handful of new AI features coming to Android, including a new change to Circle to Search, as well as AI-powered scam protections. One day later, Google has a trove of new Android 15 announcements, starting with the reveal that Android 15 beta 2 is now available.

Android 15 beta 2 is available on quite a few smartphones

Android betas traditionally start on Pixel, but with beta 2, many smartphone users can try out Android 15 early. The beta is now available on Pixel, iQOO, Lenovo, Nothing, OnePlus, OPPO, Sharp, Realme, Techno, Vivo, Xiaomi, and Honor. If you have a compatible smartphone, give the beta a shot if you want to try out these new features. (Just know beta software isn't finished, so there's the risk for bugs and lost data.)

Private space

Google calls "private space" a "digital safe within your phone," and for good reason. The feature lives at the bottom of your app drawer, and requires a second layer of authentication to access. From here, you can add whatever apps you want, so they don't appear on your home screen or in your app drawer. Think health, banking, or even certain messaging apps: Private space hides the app's icon, its data, and even its notifications. If you want, private space can be invisible altogether, although it's not clear where it'd live in this case.

Selected photos access

When you give an app partial access to your media, that means it can see only a select number of photos and videos from your library. Google is making it possible with Android 15 beta 2 to access only recently selected media. That way, apps that frequently ask for photos and videos can grab these items quickly, without you constantly having to adjust the permissions yourself.

One-time passwords are now hidden from notifications

This is a great security feature in Android 15: Malware tends to rely on OTP notifications to steal these codes and break into your accounts. Going forward, the codes will be hidden from most notifications, so you'll need to tap through to see what your OTP is. Google also says it's expanding the restricted settings that require user approval when installing apps from the web.

Screen sharing is more secure

When you share your screen in Android 15, the OS will automatically hide both notifications and OTPs. It will also hide the screen when you enter your password and credit card information, and soon, more phones will have the Pixel's ability to share a specific app's screen, rather than your entire screen at once. Plus, Google is adding a more obvious screen sharing icon that makes it easy to disable the share at any time.

Cellular security upgrades

Google will now warn you if your cellular network is unencrypted, which could let bad actors listen in on calls and read your SMS texts. Plus, Google will warn at-risk users, like journalists, if a false cellular base or surveillance tool is hijacking their location.

Updated multitasking on large screens

Google has been working on an optimized Android experience for tablets in recent years. With Android 15 beta 2, you can now pin the taskbar on-screen, so you can quickly access apps and split-screen app combinations.

Choose how you're addressed

Android will soon let you choose the gender you'd like to be addressed as, in gendered languages. Google tested this feature first in French, but it will soon be available in other gendered languages. You can choose from non-personalized, feminine, masculine, or neutral.

Saving items to Google Wallet from a photo

Android 15 is making adding passes to Google Wallet even easier: Google says you will soon be able to snap a picture of any pass—say, a ticket, gym membership, library card, etc. From here, Android can turn it into a digital pass that you can save to Google Wallet. It joins the ability to save digital items containing barcodes and QR codes.

AR content in Google Maps

Google is rolling out augmented reality content in Google Maps with Android 15: They're kicking things off with AR experiences for Singapore and Paris, and will presumably add more cities as they go. Google wants you to use AR content to learn more about a particular location, which has merit: If you can point your phone's camera at a building in the city you're visit and learn more about it, that's pretty neat (but might spark a bit of an existential crisis for tour guides).

Google built-in is expanding

Google says Google built-in is coming to more cars, such as the Acura ZDX and Ford Explorer. Built-in adds apps from your phone to your car's built-in display, and Google says developers are making more apps compatible with the service.

Plus, Google Cast is coming to cars with Android Automotive OS, beginning with Rivian in "coming months." You can beam videos from your device to the car's display, which sounds great for passengers and treacherous for the driver.

Google TV now has Gemini

Google TV now uses Gemini to suggest content for you to watch. This includes AI-generated descriptions based on your watch history and "actor preferences." Cool. A better use for this tech is in missing or untranslated descriptions: Any time the system runs into this situation, which may have left you stuck in the past, the AI fills in the gaps.

RCS is coming to Japan

Apple isn't the only one getting RCS support this year: Google says Japan is also getting the protocol. Details are light at this time, but soon, Android users in Japan will be able to take advantage of RCS's end-to-end encryption, high-res photo and videos, and functioning group chats. (That last one shouldn't be a "feature," but, well, here we are.)

Find My Device is expanding

Google's Find My Device service is a worthy competitor to Apple's Find My, harnessing the greater Android community to help locate your missing items. Later this month, Google says you'll be able to find things using trackers from Chipolo and Pebblebee. Later this year, companies like eufy, Jio, and Motorola will also join the Find My Device ecosystem.

Theft detection lock (coming later this year)

Here's one positive use for AI: Theft Detection Lock, arriving at some point later this year, will sense if your phone has been stolen by looking out for "theft motion." How exactly this works isn't obvious, but Google says if your phone detects that your phone has been snatched, and a thief tries to run, bike, or drive away, Android will lock itself down.

Real-time protection from fraud apps (coming later this year)

Fraud is a real problem on Android. While Google has protections in place to screen apps before they land on the Play Store, plenty of malicious apps still slip through the cracks. Google announced today that, later this year, Google Play Protect will use on-device AI to identify apps that may be fraudulent or engaging in phishing. Play Protect will report any suspicious behavior back to Google, and the company will either warn you or take down the app entirely.

Google says this feature is coming to Pixel, Oppo, Honor, Lenovo, OnePlus, Nothing, Transsion, and Sharp later this year.

Wear OS 5 changes

Google says Wear OS is about to get more energy efficient: Running an outdoor marathon will take up 20% less power than it does with Wear OS 4. Plus, your fitness apps will have data points like ground contact time, stride length, and vertical oscillation, which is a measure of how you move vertically which each stride of your run. (Full disclosure: I had to look that up.)

Google I/O, the company’s developer conference, started today, but for the first time since I can remember, Android and Chrome OS have been relegated to day two of the conference. The first day was all about “AI”, most of which I’m not even remotely interested in, except of course where it related to Google’s operating system offerings.

And the company did have a few things to say about “AI” on Android, and the general gist is that yeah, they’re going to be stuffing it into every corner of the operating system. Google’s “AI” tool Gemini will be integrated deeply into Android, and you’ll be able to call up an overlay wherever you are in the operating system, and do things like summarise a PDF that’s on screen, summarise a YouTube video, generate images on the fly and drop them into emails and conversations, and so on.

A more interesting and helpful “AI” addition is using it to improve TalkBack, so that people with impaired vision can let the device describe images on the screen for them. Google claims TalkBack users come across about 90 images without description every day (!), so this is a massive improvement for people with impaired vision, and a genuinely helpful and worthwhile “AI” feature.

Creepier is that Google’s “AI” will also be able to listen along with your phone calls, and warn you if an ongoing conversation is a scamming attempt. If the person on the other end of the line claiming to be your bank asks you to move a bunch of money around to keep it safe, Gemini will pop up and warn you it’s a scam, since banks don’t ask you such things. Clever, sure, but also absolutely terrifying and definitely not something I’ll be turning on.

Google claims all of these features take place on-device, so privacy should be respected, but I’m always a bit unsure about such things staying that way in the future. Regardless, “AI” is coming to Android in a big way, but I’m just here wondering how much of it I’ll be able to turn off.

Now that Android – since version 13 – ships with the Android Virtualisation Framework, Google can start doing interesting things with it. It turns out the first interesting thing Google wants do with it is run Chrome OS inside of it.

Even though AVF was initially designed around running small workloads in a highly stripped-down build of Android loaded in an isolated virtual machine, there’s technically no reason it can’t be used to run other operating systems. As a matter of fact, this was demonstrated already when developer Danny Lin got Windows 11 running on an Android phone back in 2022. Google itself never officially provided support for running anything other than its custom build of Android called “microdroid” in AVF, but that’s no longer the case. The company has started to offer official support for running Chromium OS, the open-source version of Chrome OS, on Android phones through AVF, and it has even been privately demoing this to other companies.

At a privately held event, Google recently demonstrated a special build of Chromium OS — code-named “ferrochrome” — running in a virtual machine on a Pixel 8. However, Chromium OS wasn’t shown running on the phone’s screen itself. Rather, it was projected to an external display, which is possible because Google recently enabled display output on its Pixel 8 series. Time will tell if Google is thinking of positioning Chrome OS as a platform for its desktop mode ambitions and Samsung DeX rival.

↫ Mishaal Rahman at Android Authority

It seems that Google is in the phase of exploring if there are any OEMs interested in allowing users to plug their Android phone into an external display and input devices and run Chrome OS on it. This sounds like an interesting approach to the longstanding dream of convergence – one device for all your computing needs – but at the same time, it feels quite convoluted to have your Android device emulate an entire Chrome OS installation.

What a damning condemnation of Android as a platform that despite years of trying, Google just can’t seem to make Android and its applications work in a desktop form factor. I’ve tried to shoehorn Android into a desktop workflow, and it’s quite hard, despite third parties having made some interesting tools to help you along. It really seems Android just does not want to be anywhere else but on a mobile touch display.

Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component.

The post Android Update Patches Critical Vulnerability appeared first on SecurityWeek.

Vultur Android Malware Campaign Trademarks

Things to Do If You Suspect Being Victim

Microsoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations. 

The post Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps appeared first on SecurityWeek.

The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal.

The post Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server appeared first on SecurityWeek.

Although Google has shown significant progress in recent weeks in improving RISC-V support in Android, it seems that we’re still quite a bit away from seeing RISC-V hardware running certified builds of Android. Earlier today, a Senior Staff Software Engineer at Google who, according to their LinkedIn, leads the Android Systems Team and works on Android’s Linux kernel fork, submitted a series of patches to AOSP that “remove ACK’s support for riscv64.” The description of these patches states that “support for risc64 GKI kernels is discontinued.”

↫ Mishaal Rahman

Google provided Android Authority with a statement, claiming that Android will continue to support RISC-V. What these patches do, however, is remove support for the architecture from the Generic Kernel Image, which is the only type of kernel Google certifies for Android, which means that it is now no longer possible to ship a certified Android device that uses RISC-V. Any OEM shipping a RISC-V Android device will have to create and maintain its own kernel fork with the required patches. This doesn’t seem to align with Google’s statement.

So, unless Google intends to add RISC-V support back into GKI, there won’t be any officially certified Android devices running on RISC-V. Definitely an odd chain of events here.

Today we’re taking the next step toward our vision for a more open computing platform for the metaverse. We’re opening up the operating system powering our Meta Quest devices to third-party hardware makers, giving more choice to consumers and a larger ecosystem for developers to build for. We’re working with leading global technology companies to bring this new ecosystem to life and making it even easier for developers to build apps and reach their audiences on the platform.

[…]

Meta Horizon OS is the result of a decade of work by Meta to build a next-generation computing platform. To pioneer standalone headsets, we developed technologies like inside-out tracking, and for more natural interaction systems and social presence, we developed eye, face, hand, and body tracking. For mixed reality, we built a full stack of technologies for blending the digital and physical worlds, including high-resolution Passthrough, Scene Understanding, and Spatial Anchors. This long-term investment that began on the mobile-first foundations of the Android Open Source Project has produced a full mixed reality operating system used by millions of people.

↫ Facebook’s blog

In summary, Facebook wants the operating system of their Quest series of virtual reality devices – an Android Open Source Project fork optimised for this use – to become the default platform for virtual reality devices from all kinds of OEMs. Today, they’re announcing that both Asus and Lenovo will be releasing devices running this Meta Horizon OS, with the former focusing on high-end VR gaming, and the latter on more general use cases of work, entertainment, and so on. Facebook will also be working together with Microsoft to create a Quest “inspired by Xbox”.

The Meta Quest Store, the on-device marketplace for applications and games, will be renamed to the Meta Horizon Store, and the App Lab, where developers can more easily get their applications and games on devices and in the hands of consumers as long as they meet basic technical and content guidelines, will be integrated into the Meta Horizon Store for easier access than before. In addition, in a mildly spicy move, Facebook is openly inviting Google to bring the Google Play Store to the VR Android fork, “where it can operate with the same economic model it does on other platforms”.

The odds of me buying anything from Facebook are slim, so I really hope this new move won’t corner the market for VR headsets right out of the gate; I don’t want another Android/iOS duopoly. I’m not particularly interested in VR quite yet – but give it a few more years, and I certainly won’t pass up on a capable device that allows me to play Beat Saber and other exercise-focused applications and games.

I just don’t want it to be a Facebook device or operating system.

New TVs that launch with Android TV 14 or later on Linux kernel 5.15 or higher will be required to meet Google’s Generic Kernel Image (GKI) requirements in order to pass certification!

This means that GKI is now enforced on all major Android form factors with AArch64 chipsets: handhelds, watches, automotive, & televisions.

↫ Mishaal Rahman

What this means is that all the major Android form factors will be running kernels that adhere to the GKI requirements, which means SoC and board support is not part of the core kernel, but instead achieved through loadable modules. This should, in theory, make it easier to provide long-term support.

After two months of developer previews, Google has finally released Android 15 Beta 1. While the beta usually offers more user-facing changes, Google is still pretty light on details with this build, giving us only a few more details on what we can expect. Instead, the company is pointing to Google I/O for more details, which will take place on May 14 this year, basically confirming that this is when we will get the second beta with more features.

↫ Manuel Vonau

There’s very little of interest in this beta, so unless you’re really into Android development, I’d wait out installing any betas until after Google I/O.

Yesterday, I posted an item about the updated Find My Device network Google launched for Android, but I forgot to link to an additional blog post by Google about the various security and privacy precautions they’ve taken. One aspect in particular stands out as something new that Apple’s Find My network doesn’t do (yet):

This is a first-of-its-kind safety protection that makes unwanted tracking to a private location, like your home, more difficult. By default, the Find My Device network requires multiple nearby Android devices to detect a tag before reporting its location to the tag’s owner. Our research found that the Find My Device network is most valuable in public settings like cafes and airports, where there are likely many devices nearby. By implementing aggregation before showing a tag’s location to its owner, the network can take advantage of its biggest strength – over a billion Android devices that can participate. This helps tag owners find their lost devices in these busier locations while prioritizing safety from unwanted tracking near private locations. In less busy areas, last known location and Nest finding are reliable ways to locate items.

↫ Dave Kleidermacher

In addition, when you’re at home, your devices won’t contribute any information either. There’s a whole bunch of other things in there, too, so head on over if you’re curious.

Today, the all-new Find My Device is rolling out to Android devices around the world, starting in the U.S. and Canada. With a new, crowdsourced network of over a billion Android devices, Find My Device can help you find your misplaced Android devices and everyday items quickly and securely. Here are five ways you can try it out.

↫ Erik Kay on the Google blog

This old Android feature has basically been updated to be the same thing as Apple’s Find My, but with more than just one vendor making the tracking tags. Of course, this means it also comes with the same problems, from its use by stalkers to controlling partners, and everything in between. This is a very problematic technology, one which I think is almost impossible to make safe.

Still, I have a Samsung tracker that I don’t use anymore – because I bought a Pixel 8 Pro, and don’t want to install any Samsung applications – and I do plan on getting a new tracker that’s compatible with this new Find My Device network. With two small kids, it’s easy to lose track of something like my car keys, and instead of stressing about where they are when we need to leave on time, I can just ping them using our Google Home devices instead.

Sometimes, these silly smart technologies really do take just that little bit of stress out of your life – you just have to be really picky and honest with yourself about what you really need.

In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips.

You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for updates.

If your Android phone is at patch level 2024-04-05 or later then the issues discussed below have been fixed. The updates have been made available for Android 12, 12L and 13. Android partners are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors.

For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The Qualcomm CVE is listed as CVE-2023-28582. It has a CVSS score of 9.8 out of 20 and is described as a memory corruption in Data Modem while verifying hello-verify message during the Datagram Transport Layer Security (DTLS) handshake.

The cause of the memory corruption lies in a buffer copy without checking the size of the input. Practically, this means that a remote attacker can cause a buffer overflow during the verification of a DTLS handshake, allowing them to execute code on the affected device.

Another vulnerability highlighted by Google is CVE-2024-23704, an elevation of privilege (EoP) vulnerability in the System component that affects Android 13 and Android 14.

This vulnerability could lead to local escalation of privilege with no additional execution privileges needed. Local privilege escalation happens when one user acquires the system rights of another user. This could allow an attacker to access information they shouldn’t have access to, or perform actions at a higher level of permissions.

Pixel users

Google warns Pixel users that there are indications that two high severity vulnerabilities may be under limited, targeted exploitation. These vulnerabilities are:

• CVE-2024-29745: An information disclosure vulnerability in the bootloader component. Bootloaders are one of the first programs to load and ensure that all relevant operating system data is loaded into the main memory when a device is started.
• CVE-2024-29748: An elevation of privilege (EoP) vulnerability in the Pixel firmware. Firmware is device-specific software that provides basic machine instructions that allow the hardware to function and communicate with other software running on the device.

On Pixel devices, a security patch level of 2024-04-05 resolves all these security vulnerabilities.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. 

Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven advice. 

In our recent report, “Everyone’s afraid of the internet, and no-one’s sure what to do about it,” we found that only half of the people surveyed feel confident they know how to stay safe online and even fewer are taking the right measures. 

So, though the fears are big, they are followed by very little action. We want to make things easy for our customers so they know what they should be doing, and how. 

Computer security can be difficult and time consuming, especially if you consider all the different devices and operating systems. We want to help our customers, whatever they use. 

Getting it right means knowing what software needs to be updated, whether your system settings are configured securely, and running active protection that can uncover hidden threats. 

Getting it wrong means leaving gaps in your defences that malware, criminal hackers, and other online threats can sneak through. 

Trusted Advisor takes away the guesswork by delivering a holistic assessment of your security and privacy in a way that’s easy to understand, making issues simple to correct. It combines the proven capabilities of Malwarebytes with the knowledge of the brightest industry experts to give you an expert assessment that puts you one step ahead of the cybercrooks. 

Protection score

At the heart of Trusted Advisor is a single, easy-to-understand protection score. If you’re rocking a 100% rating then you know you’re crushing it. 

If your score dips below 100%, we’ll explain why, and offer you a checklist of items to improve your security and boost your score. 

Trusted Advisor’s recommendations are practical and jargon-free, so they’re easy to action.

Trusted Advisor monitors various categories of information around security and privacy to assess your overall Protection Score (exact check points will depend on OS and license type):

• Real-time protection monitors your device continuously, stopping and removing threats like malware as they appear. It’s vital for keeping you safe from the most destructive threats and the most common methods of infection, so Trusted Advisor will alert you if you aren’t fully protected. 
• Software updates fix the coding flaws that cybercriminals exploit to steal data or put malware on your system. Staying up to date is one of the most important things you can do for your security, so Trusted Advisor has your back here too. 
• General settings covers settings within Malwarebytes, Operating Systems, or your network preferences. Trusted Advisor checks for settings that may not be configured correctly. For example, on iOS it ensures you have defined a passcode for your device and activated web and call protection. 
• Device scans are routine scans that seek out hidden threats on your system. Trusted Advisor will tell you if you get behind and need to run a scan manually. 
• Online privacy helps you take a proactive stance on your privacy by hiding your IP address and blocking third-party ad trackers, making you’re harder to track on the web. Trusted Advisor monitors this so you only part with the personal information you intend to. 
• Device health guards against slowdowns and other performance problems. Trusted Advisor helps you get the most out of your system so that you aren’t left guessing whether it was malware grinding your device to a halt. 

Even with an excellent score, you can’t guarantee absolute safety, though it places you in the closest proximity to it. By following our recommendations, you’ll be in the best security situation you can be.

Try it today

If you’re an existing Malwarebytes customer you will get Trusted Advisor automatically, but if you’re in a hurry, you can go to Settings > About > Check for updates and get it right now. If you aren’t, you can get Trusted Advisor by downloading the latest version of Malwarebytes.

Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users’ devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB.

Cybercriminals and state actors like to send their traffic through other people’s devices, known as proxies. This allows them to use somebody else’s resources to get their work done, it masks the origin of their attacks so they are less likely to get blocked, and it makes it easy for them to keep operating if one of their proxies is blocked.

An entire underground market of proxy networks exists to service this desire, offering cybercriminals flexible, scalable platfroms from which to launch activities like advertising fraud, password spraying, and credential stuffing attacks.

The researchers at HUMAN found 28 apps on Google Play that turned unsuspecting Android devices into proxies for criminals. 17 of the apps were free VPNs. All of them have now been removed from Google Play.

The operation was dubbed PROXYLIB after a code library shared by all the apps that was responsible for enrolling devices into the ciminal network.

HUMAN also found hundreds of apps in third-party repositories that appeared to use the LumiApps toolkit, a Software Development Kit (SDK) which can be used to load PROXYLIB. They also tied PROXYLIB to another platform that specializes in selling access to proxy nodes, called Asocks.

Protection and removal

Android users are now automatically protected from the PROXYLIB attack by Google Play Protect, which is on by default on Android devices with Google Play Services.

The affected apps can be uninstalled using a mobile device’s uninstall functionality. However, apps like these may be made available under different names in future, which is where apps like Malwarebytes for Android can help.

Recommendations to stay clear of PROXYLIB are:

• Do not install apps from third-party websites.
• Do not install free VPNs.
• Use Malwarebytes for Android.

Victims of novel attacks like PROXYLIB might notice slow traffic, because their bandwidth is in use for other purposes. And at some point their IP address may be blocked by websites and other services.

The researchers included a list of applications they uncovered as part of PROXYLIB. If you installed any of the apps on the list before they were removed from Google Play you will need to uninstall them.

We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

For the most popular operating system in the world—which is Android and it isn’t even a contest—there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals.

These are “Android banking trojans,” and, according to our 2024 ThreatDown State of Malware report, Malwarebytes detected an astonishing 88,500 of them last year alone.

While the 2024 ThreatDown State of Malware report focuses heavily on the corporate security landscape today, make no mistake: Android banking trojans pose a serious threat to everyday users. They are well-disguised, hard to detect in regular use, and are a favorite hacking tool for cybercriminals who want to automate the theft of online funds for themselves.

What are Android banking trojans?

The idea behind Android banking trojans—and all cyber trojans—is simple: Much like the fabled “Trojan Horse” which, the story goes, carried a violent surprise for the city of Troy, Android banking trojans can be found on the internet disguised as benign, legitimate mobile apps that, once installed on a device, reveal more sinister intentions.  

By masquerading as everyday mobile apps for things like QR code readers, fitness trackers, and productivity or photography tools, Android banking trojans intercept a person’s online interest in one app, and instead deliver a malicious tool that cybercriminals can abuse later on.

But modern devices aren’t so faulty that an errant mobile app download can lead to full device control or the complete revelation of all your private details, like your email, social media, and banking logins. Instead, what makes Android banking trojans so tricky is that, once installed, they present legitimate-looking permissions screens that ask users to grant the new app all sorts of access to their device, under the guise of improving functionality.

Take the SharkBot banking trojan, which Malwarebytes detects and stops. Last year, Malwarebytes found this Android banking trojan hiding itself as a file recovery tool called “RecoverFiles.” Once installed on a device, “RecoverFiles” asked for access to “photos, videos, music, and audio on this device,” along with extra permissions to access files, map and talk to other apps, and even send payments via Google Play.

These are just the sorts of permissions that any piece of malware needs to dig into your personally identifiable information and your separate apps to steal your usernames, passwords, and other important information that should be kept private and secure.

Still, the tricks behind “RecoverFiles” aren’t yet over.

Not only is the app a clever wrapper for an Android banking trojan, it could also be considered a hidden wrapper. Once installed on a device, the “RecoverFiles” app icon itself does not show up on a device’s home screen. This stealth maneuver is similar to the features of stalkerware-type apps, which can be used to non-consensually spy on another person’s physical and digital activity.

But in the world of Android banking trojan development, cybercrminals have devised far more devious schemes than simple camouflage.

Slipping under the radar

The problem with the Ancient Greeks’ Trojan Horse strategy is that it could only work once—if you don’t sack Troy the first time, you better believe Troy is going to implement some strict security controls on all future big horse gifts.

The makers of Android banking trojans have to overcome similar (and far more advanced) security measures from Google. As the Google Play store has become the go-to marketplace for Android apps, cybercriminals try to place their malicious apps on Google Play to catch the highest number of victims. But Google Play’s security measures frequently detect malware and prevent it from being listed.

So, what’s a cybercriminal to do?

In these instances, cybercriminals make an application that is seemingly benign, but, once installed on a device, executes a line of code that actually downloads malware from somewhere else on the internet. This is how cybercriminals recently snuck their malware onto Google Play and potentially infected more than 100,000 users with the Anatsa banking trojan.

What was most concerning in this attack was that the malicious apps that made it onto the Google Play store reportedly worked for their intended purposes—the PDF reader read PDFs, the file manager managed files. But hidden within the apps’ coding, users were actually downloading a set of instructions that directed their devices to install malware.

These malicious packages are sometimes called “malware droppers” as the apps “drop” malware onto a device at a later time.  

What does it all mean for me?

There’s a lot of technical machinery at work inside any Android banking trojan that is put in place to accomplish a rather simple end goal, which is stealing your money.

All the camouflage, subterfuge, and hidden code execution is part of a longer attack chain in which Android banking trojans steal your passwords and personally identifiable information, and then use that information to take your money.

As we wrote in the 2024 ThreatDown State of Malware report:

“Once it has accessibility permissions, the malware initializes its Automated TransferSystem (ATS) framework, a complex set of scripts and commands designed to perform automated banking transactions without user intervention. The ATS framework uses the harvested credentials to initiate unauthorized money transfers to accounts held by the attacker. This mimics real user behavior to bypass fraud detection systems.”

Staying safe from Android banking trojans

Protecting yourself from Android banking trojans is not as simple as, say, spotting grammatical mistakes in a phishing email or refusing to click any links sent in text messages from unknown numbers. But just because Android banking trojans are harder to detect by eye does not mean that they’re impossible to stop.

Malwarebytes Premium provides real-time protection to detect and stop Android banking trojans that are accidentally installed on your devices. It doesn’t matter if the banking trojan is simply a malicious app in a convenient package, or if the banking trojan is downloaded through a “malware dropper”—Malwarebytes Premium provides 24/7 cybersecurity coverage and stops dangerous attacks before they can be carried out.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Well, the GoldPickaxe Trojan does not literally steal your face, but it does steal an image of your face in order to be able to identify as you.

Researchers have found a family of Trojans, attributed to a financially motivated Chinese group, which come in versions for iOS and Android.

Cybercriminals try to trick victims into scanning their faces along with identification documents. The victims are approached through phishing and smishing messages claiming to be from local governments or other trusted sources. They ask the target to install a fake government service app.

At this stage there is a crossroads where Android and iOS infections are different. While Android users go straight to the malicious app, due to measures taken by Apple the criminals ask the iOS users to install a disguised Mobile Device Management (MDM) profile. MDM allows a controller to remotely configure devices by sending profiles and commands to the device. As such MDM offers a wide range of features such as remote wipe, device tracking, and application management, which the cybercriminals take advantage of to install malicious applications and obtain the information they need.

The criminals then request that the victim take a photo of an official ID and scan their face with the app. Additionally, the criminals request the target’s phone number in order to get more details about them, particularly their bank accounts.

Once the criminals have a scan of the face they can use artificial intelligence (AI) to perform face-swaps. Face swapping is a technique that allows you to replace faces in images with others.

With the face swap and the photo of the ID the criminals can identify themselves as the victim to the victim’s bank and withdraw funds from their account. Many financial organizations use facial recognition for transaction verification and login authentication. Although the researchers found no evidence that bank fraud was the goal of the cybercriminals, their story was confirmed by warnings from the Thai police.

Although this group is mainly active in Asia, more precisely in Thailand, it makes sense to expect such a successful method to be copied.

Malwarebytes and ThreatDown solutions detect the GoldPickaxe Trojan as Android/Trojan.Agent.prn1.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.