Source: www.infosecurity-magazine.com – Author: 1 A new banking Trojan targeting Android devices has been detected by Cyble Research and Intelligence Labs (CRIL), the research branch of threat intelligence provider Cycble. In a report published on May 16, CRIL described sophisticated malware incorporating a range of malicious features, including overlay attacks, keylogging and obfuscation capabilities. The […]

La entrada New Android Banking Trojan Mimics Google Play Update App – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Google has officially moved Android 15 into its second beta, bringing with it a slew of new things for developers and early Android 15 users to check out. Now that the beta has been available for over a month, more devices are starting to gain access to the first version, giving users beyond the Pixel family a chance to check out the latest changes to the operating system.

Android 15, of course, is the next version of Google's mobile OS, and it continues to offer new AI features for Android users to take advantage of. Android 15 beta 2 is only available on select Pixel devices at the start, with the list of supported devices including:

• Pixel 6

• Pixel 6 Pro

• Pixel 6a

• Pixel 7

• Pixel 7 Pro

• Pixel 7a

• Pixel Tablet

• Pixel Fold

• Pixel 8

• Pixel 8 Pro

Google Pixel 8 Pro

$889.99 at Amazon

$999.00 Save $109.01

Get Deal

Get Deal

$889.99 at Amazon

$999.00 Save $109.01

Beyond Pixel devices, there are other third-party Android phones that support the Android 15 beta. However, keep in mind that the version of the beta available is also dependent on what the manufacturer of these devices has readied for them. Most of these devices are for international users, and cannot be used in the United States:

• HONOR Magic 6 Pro: BVL-N49 8.0.0.148(C431E4R2P2), 8.0.0.152(C636E2R2P2) or higher

• HONOR Magic V2: VER-N49 8.0.0.105(C431E2R2P2), 8.0.0.105(C636E2R2P2) or higher

• vivo X100

• iQOO 12

• Lenovo Tab Extreme

• Nothing Phone (2a)

• OnePlus 12

• OnePlus Open

• Oppo Find N3

• Realme 12 Pro+ 5G

• Sharp AQUOS sense8

• TECNO Camon 30 Pro

• Xiaomi 14

• Xiaomi 13T Pro

• Xiaomi Pad 6S Pro 12.4

Android 15 has been available in the Android Developer Preview since February, but Google recently opened the virtual floodgates to get early adopters involved, too. New features debuted in Android 15 beta 1 include an edge-to-edge display mode for apps by default, which should make it easier for developers to create apps to show content behind the system bars.

Google is also upgrading the NFC experience on Android 15 to provide a more seamless and reliable experience for tap to pay. A big change, too, makes it easier to archive and unarchive apps, which should help with cleaning up your Android device, though it will still require some input from developers. You can get a look at all the Android 15 features we know about so far, but most of them seem to be aligned with making the operating system more efficient for users.

New Android 15 beta 2 features

With the release of beta 2, Google rolled out some new features to Android 15: Following changes to foreground services, battery life should be more efficient when running apps. Google has also increased support for page sizes to 16KB, which should allow for lower app launch times, faster camera launch, and reduced power draw during launch. The company is also modernizing how the Android system accesses the GPU to provide a more efficient pipeline for those functionalities that rely on your smartphone's GPU.

There are also some great new privacy features this year, including private space, which allows users to create a separate space to house certain apps. Private space requires additional authentication to access, which makes it a secure way to store those apps that contain sensitive information, such as your banking apps. Larger screen multitasking also makes its first debut in the second beta for Android 15: You can now save your favorite split-screen app setups and access them at any time. Transitions from full-screen to picture-in-picture mode should also be smoother.

Widgets are also getting a bit of a facelift in Android 15 beta 2, with Google adding support for richer widget previews, as well as generated previews: That way, you can actually see what the widget looks like before adding it to your home screen. Speaking of previews, predictive back, the feature that shows you a preview of which app or service you're swiping back to, is also fully rolling out with this beta.

In addition, there are new data types for Health Connect, which offer a more centralized way for users to control access to their fitness and health data. Google is also extending the "choose how you're addressed" system setting, which it originally debuted to French users. This will allow users to decide if they want to be addressed as masculine, feminine, or neutral.

Other behind-the-scenes changes include some fixes to help avoid clipped text in some languages, as well as a new Japanese Hentaigana font, a CJK variable font, and options to enable richer vibrations for notifications. The latter gives Android users a way to distinguish between different notifications based on the vibrations their phone users.

Beta releases are expected to continue throughout the rest of May and June, and Google says it hopes to reach platform stability by the end of June. The target would be a fall release for Android 15, which is also when we expect to see the latest Pixel devices hit the market, based on past releases. Of course, Google is still keeping the full list of new Android features close to the chest, and we don't expect to learn about everything the tech giant has in store until it reveals its next lineup of smartphones later this year. But if you're interested in testing out the latest version of Android, you can download Android 15 beta 1 and beta 2 right now, on applicable devices.

Just remember, beta software is unfinished and in-testing, which means you could encounter bugs and glitches. Don't install the Android beta on your main smartphone unless you're okay assuming those risks.

Android 15 is in the works over at Google HQ, and there are plenty of changes to look forward to. But in my view, the best part of future Android updates aren't some flashy new features: Instead, I'm most excited for these new security features that should make everybody's Android phones safer.

Private space

"Private space" is a new security feature in Android 15 that lets you hide apps containing sensitive information from view of the home screen or app drawer. This is an awesome change: Whether you're handing your unlocked phone to a friend, or someone cracks your PIN and goes snooping through your apps, any programs you designate to the private space will be hidden from view.

This is a great idea for financial apps, like banking and money-transfer apps, but also for apps containing private information. Perhaps you want to keep certain messaging apps out of sight, or a particular files app from your public screen.

Even better, notifications from apps you place in your private space are hidden as well. That way, no one will see when someone has sent you a message if that messaging app is in private space, nor will they see any alerts from your bank.

By default, private space lives at the bottom of the app drawer, but you can choose to hide it from view entirely as well. Either way, you can set a new PIN for private space that's separate from your phone's passcode. That way, even if someone breaks into your Android, they won't know the PIN for private space, and all the apps therein will be protected.

Theft Detection Lock

I have to say, Google really upped the ante with Theft Detection Lock: This feature can detect when someone takes your Android out of your hand, and either runs, bikes, or drives away with it. Google actually worked to figure out each "common motion associated with theft" in order to build that sense in Android.

Once your Android does detect a theft, it locks itself right up. For the most part, thieves need your Android unlocked in order to access the phone and its data. Unless they were sly enough to spot your PIN before taking the phone, a locked phone is essentially useless.

If a thief does manage to take your phone without detection, Android has some other tools this year: If the thief disconnects the phone from the internet, theft protection may kick in and lock the phone. If they fail to enter your PIN too many times when trying to access sensitive settings, the phone will also lock.

This one isn't an Android 15 exclusive, either: As long as you're running Android 10 or newer, you can access it.

Authentication lock, à la Apple

Google is adding one of Apple's best security features to Android this year: authentication lock. This security measure ensures that even if a thief is able to force a factory reset on your stolen Android, they won't be able to proceed with set up without providing the credentials for the Google Account connected to the device. (Now that Android has authentication lock, by the way, there may be a rise in a common scam on stolen phones and devices. Don't fall for it.)

Extra security steps, à la Apple

Google is also adding another great Apple security feature to Android: When you disable Find My Device or extend the time before your screen automatically locks, Android will require your phone's passcode or biometric authentication before proceeding. In addition, "enhanced authentication" requires biometric authentication when you try to change "critical settings" on your Google Account or device. That includes when changing your PIN, disabling theft protections, or trying to access your passkeys from a new location.

It's similar to Apple's Stolen Device Protection, which requires a Face ID or Touch ID scan when accessing certain sensitive settings.

Remote Lock in Find My Device

Let's say your phone is stolen, and you can't remember your Google Account password in order to lock the phone via Find My Device. Google's new Remote Lock feature lets you lock your phone by providing your phone number and authenticating yourself on another trusted device. From here, you can remotely reset your phone if you want to ensure no one can access its data. This feature will be available on Android 10 and newer later this year.

Read more of this story at Slashdot.

Source: securityboulevard.com – Author: Wajahat Raja In the digital realm, security is paramount, especially when it comes to the applications we use daily. Recently, concerns have surfaced regarding vulnerabilities in popular Android applications available on the Google Play Store. Revelations by the Microsoft Threat Intelligence team have unearthed a WPS Office exploit dubbed the Dirty […]

La entrada Xiaomi and WPS Vulnerabilities: File Overwrite Risks Alert – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.

The post Android 15 Brings Improved Fraud and Malware Protections appeared first on SecurityWeek.

In the digital realm, security is paramount, especially when it comes to the applications we use daily. Recently, concerns have surfaced regarding vulnerabilities in popular Android applications available on the Google Play Store. Revelations by the Microsoft Threat Intelligence team have unearthed a WPS Office exploit dubbed the Dirty Stream attack, casting a spotlight on […]

The post Xiaomi and WPS Vulnerabilities: File Overwrite Risks Alert appeared first on TuxCare.

The post Xiaomi and WPS Vulnerabilities: File Overwrite Risks Alert appeared first on Security Boulevard.

Cars with screens aren’t going away anytime soon. Even as scientists bemoan their distractions, companies are embracing them for their adaptability. Case in point: Google is adding even more apps to cars with Android Auto (which runs off a phone) or Google built-in (which is powered by the car itself). Plus, devs are going to have a much easier time bringing their own games and streaming apps to cars in the future.

The news follows Google’s I/O keynote yesterday, and is one of the company’s bigger drops outside of the realms of AI or mobile phones. The best part? Google doesn’t have to do much to make it work, and neither do developers.

Essentially, Google will now bring existing Android apps to cars “without the need for new development or a new release to be created,” Google product managers Vivek Radhakrishnan and Seung Nam said in a press release. This means the Android Auto and Google built-in ecosystems are potentially about to get much larger, all while relying on work that already exists. 

Any app that already works with a large screen could soon naturally also work in the car, with a new tiered system that differentiates Android apps between those built specifically for auto, those with special features on auto, and those made for tablet or phone that just happen to also work on auto. Developers looking to get in on that final tier, “Car ready mobile apps,” can request a review to participate soon, but Google will also start automatically distributing existing Android apps it considers car ready “in the coming months.”

Those concerned about safety can breathe a sigh of relief for now. While Google says it will be starting with categories like gaming apps, video apps, and web browsers, these will only work while the car is parked. There are plans to “expand to other app categories in the future,” so we have yet to see whether any car ready mobile apps will actually be available while driving.

In the meantime, Google is proactively adding a few apps to auto as well, though only to cars with Google built-in. These include Max and Peacock, as well as a version of Angry Birds. Customers with compatible Rivian cars will also soon be able to cast video content to their vehicle, a first for the famously mirroring-prone brand. Other brands are set to follow suit, though again, only those with Google built-in. Again, all of these apps will need your car to be parked for them to work.

None of these quite match Elon Musk’s promise to turn Teslas into full gaming rigs, but for those of us who miss the days of physical buttons and dials, maybe that’s not such a bad thing.

Google released Android 15 beta 2 today, and with it, they unveiled some more of the new features coming to Android later this year when the final release lands. Android 15 comes with something called a private space, an area with an extra layer of authentication where you can keep applications and data hidden away, such as banking applications or health data. It’s effectively a separate user profile, and shows up as a separate area in the application drawer when unlocked. When locked, it disappears entirely from sight, share sheets, and so on.

Another awesome new feature is Theft Detection Lock, which uses Google “AI” to detect when a phone is snatched out of your hands by someone running, biking, or driving away, and instantly locks it. Theft like this is quite common in certain areas, and this seems like an excellent use of “AI” (i.e., accelerometer data) to discourage thieves from trying this.

There’s also a bunch of smaller stuff, like custom vibration patterns per notification, giving applications partial access to only your most recent photos and videos, system-wide preferences for which gender you’d like to be addressed as in gendered languages (French gets this feature first), and a whole lot more.

Developers also get a lot to play with here, from safer intents to something like ANGLE:

Vulkan is Android’s preferred interface to the GPU. Therefore, Android 15 includes ANGLE as an optional layer for running OpenGL ES on top of Vulkan. Moving to ANGLE will standardize the Android OpenGL implementation for improved compatibility, and, in some cases, improved performance. You can test out your OpenGL ES app stability and performance with ANGLE by enabling the developer option in Settings -> System -> Developer Options -> Experimental: Enable ANGLE on Android 15.

↫ Android developer blog

You can install Android 15 beta 2 on a number f Pixel devices and devices from other OEMs starting today. I installed it on my Pixel 8 Pro, and after a few hours I haven’t really noticed anything breaking, but that’s really not enough time to make any meaningful observations.

Google also detailed Wear OS 5.

Later this year, battery life optimizations are coming to watches with Wear OS 5. For example, running an outdoor marathon will consume up to 20% less power when compared to watches with Wear OS 4. And your fitness apps will be able to help improve your performance with the option to support more data types like ground contact time, stride length and vertical oscillation.

↫ Android developer blog

Wear OS 5 will also improve the Watch Face Format with more complications, which is very welcome, because the selection of complications is currently rather meager. Wear OS 5 will also ship later this year.

Read more of this story at Slashdot.

During yesterday's big Google I/O keynote, Google talked about a handful of new AI features coming to Android, including a new change to Circle to Search, as well as AI-powered scam protections. One day later, Google has a trove of new Android 15 announcements, starting with the reveal that Android 15 beta 2 is now available.

Android 15 beta 2 is available on quite a few smartphones

Android betas traditionally start on Pixel, but with beta 2, many smartphone users can try out Android 15 early. The beta is now available on Pixel, iQOO, Lenovo, Nothing, OnePlus, OPPO, Sharp, Realme, Techno, Vivo, Xiaomi, and Honor. If you have a compatible smartphone, give the beta a shot if you want to try out these new features. (Just know beta software isn't finished, so there's the risk for bugs and lost data.)

Private space

Google calls "private space" a "digital safe within your phone," and for good reason. The feature lives at the bottom of your app drawer, and requires a second layer of authentication to access. From here, you can add whatever apps you want, so they don't appear on your home screen or in your app drawer. Think health, banking, or even certain messaging apps: Private space hides the app's icon, its data, and even its notifications. If you want, private space can be invisible altogether, although it's not clear where it'd live in this case.

Selected photos access

When you give an app partial access to your media, that means it can see only a select number of photos and videos from your library. Google is making it possible with Android 15 beta 2 to access only recently selected media. That way, apps that frequently ask for photos and videos can grab these items quickly, without you constantly having to adjust the permissions yourself.

One-time passwords are now hidden from notifications

This is a great security feature in Android 15: Malware tends to rely on OTP notifications to steal these codes and break into your accounts. Going forward, the codes will be hidden from most notifications, so you'll need to tap through to see what your OTP is. Google also says it's expanding the restricted settings that require user approval when installing apps from the web.

Screen sharing is more secure

When you share your screen in Android 15, the OS will automatically hide both notifications and OTPs. It will also hide the screen when you enter your password and credit card information, and soon, more phones will have the Pixel's ability to share a specific app's screen, rather than your entire screen at once. Plus, Google is adding a more obvious screen sharing icon that makes it easy to disable the share at any time.

Cellular security upgrades

Google will now warn you if your cellular network is unencrypted, which could let bad actors listen in on calls and read your SMS texts. Plus, Google will warn at-risk users, like journalists, if a false cellular base or surveillance tool is hijacking their location.

Updated multitasking on large screens

Google has been working on an optimized Android experience for tablets in recent years. With Android 15 beta 2, you can now pin the taskbar on-screen, so you can quickly access apps and split-screen app combinations.

Choose how you're addressed

Android will soon let you choose the gender you'd like to be addressed as, in gendered languages. Google tested this feature first in French, but it will soon be available in other gendered languages. You can choose from non-personalized, feminine, masculine, or neutral.

Saving items to Google Wallet from a photo

Android 15 is making adding passes to Google Wallet even easier: Google says you will soon be able to snap a picture of any pass—say, a ticket, gym membership, library card, etc. From here, Android can turn it into a digital pass that you can save to Google Wallet. It joins the ability to save digital items containing barcodes and QR codes.

AR content in Google Maps

Google is rolling out augmented reality content in Google Maps with Android 15: They're kicking things off with AR experiences for Singapore and Paris, and will presumably add more cities as they go. Google wants you to use AR content to learn more about a particular location, which has merit: If you can point your phone's camera at a building in the city you're visit and learn more about it, that's pretty neat (but might spark a bit of an existential crisis for tour guides).

Google built-in is expanding

Google says Google built-in is coming to more cars, such as the Acura ZDX and Ford Explorer. Built-in adds apps from your phone to your car's built-in display, and Google says developers are making more apps compatible with the service.

Plus, Google Cast is coming to cars with Android Automotive OS, beginning with Rivian in "coming months." You can beam videos from your device to the car's display, which sounds great for passengers and treacherous for the driver.

Google TV now has Gemini

Google TV now uses Gemini to suggest content for you to watch. This includes AI-generated descriptions based on your watch history and "actor preferences." Cool. A better use for this tech is in missing or untranslated descriptions: Any time the system runs into this situation, which may have left you stuck in the past, the AI fills in the gaps.

RCS is coming to Japan

Apple isn't the only one getting RCS support this year: Google says Japan is also getting the protocol. Details are light at this time, but soon, Android users in Japan will be able to take advantage of RCS's end-to-end encryption, high-res photo and videos, and functioning group chats. (That last one shouldn't be a "feature," but, well, here we are.)

Find My Device is expanding

Google's Find My Device service is a worthy competitor to Apple's Find My, harnessing the greater Android community to help locate your missing items. Later this month, Google says you'll be able to find things using trackers from Chipolo and Pebblebee. Later this year, companies like eufy, Jio, and Motorola will also join the Find My Device ecosystem.

Theft detection lock (coming later this year)

Here's one positive use for AI: Theft Detection Lock, arriving at some point later this year, will sense if your phone has been stolen by looking out for "theft motion." How exactly this works isn't obvious, but Google says if your phone detects that your phone has been snatched, and a thief tries to run, bike, or drive away, Android will lock itself down.

Real-time protection from fraud apps (coming later this year)

Fraud is a real problem on Android. While Google has protections in place to screen apps before they land on the Play Store, plenty of malicious apps still slip through the cracks. Google announced today that, later this year, Google Play Protect will use on-device AI to identify apps that may be fraudulent or engaging in phishing. Play Protect will report any suspicious behavior back to Google, and the company will either warn you or take down the app entirely.

Google says this feature is coming to Pixel, Oppo, Honor, Lenovo, OnePlus, Nothing, Transsion, and Sharp later this year.

Wear OS 5 changes

Google says Wear OS is about to get more energy efficient: Running an outdoor marathon will take up 20% less power than it does with Wear OS 4. Plus, your fitness apps will have data points like ground contact time, stride length, and vertical oscillation, which is a measure of how you move vertically which each stride of your run. (Full disclosure: I had to look that up.)

Google I/O, the company’s developer conference, started today, but for the first time since I can remember, Android and Chrome OS have been relegated to day two of the conference. The first day was all about “AI”, most of which I’m not even remotely interested in, except of course where it related to Google’s operating system offerings.

And the company did have a few things to say about “AI” on Android, and the general gist is that yeah, they’re going to be stuffing it into every corner of the operating system. Google’s “AI” tool Gemini will be integrated deeply into Android, and you’ll be able to call up an overlay wherever you are in the operating system, and do things like summarise a PDF that’s on screen, summarise a YouTube video, generate images on the fly and drop them into emails and conversations, and so on.

A more interesting and helpful “AI” addition is using it to improve TalkBack, so that people with impaired vision can let the device describe images on the screen for them. Google claims TalkBack users come across about 90 images without description every day (!), so this is a massive improvement for people with impaired vision, and a genuinely helpful and worthwhile “AI” feature.

Creepier is that Google’s “AI” will also be able to listen along with your phone calls, and warn you if an ongoing conversation is a scamming attempt. If the person on the other end of the line claiming to be your bank asks you to move a bunch of money around to keep it safe, Gemini will pop up and warn you it’s a scam, since banks don’t ask you such things. Clever, sure, but also absolutely terrifying and definitely not something I’ll be turning on.

Google claims all of these features take place on-device, so privacy should be respected, but I’m always a bit unsure about such things staying that way in the future. Regardless, “AI” is coming to Android in a big way, but I’m just here wondering how much of it I’ll be able to turn off.

Google I/O has come and gone—at least the main keynote address. Unlike past years, there weren't too many groundbreaking features announced; rather, the event was mostly focused on Google's general plans for Gemini and AI going forward.

Those plans include Android as well. Google announced it would be sharing all the details about Android 15 on Wednesday, but during I/O's inaugural event today, the company did note some general AI changes coming to Android devices.

Circle to Search for homework

Circle to Search isn't a brand new feature; Google rolled it out earlier this year, as a way for users to start a search for elements on-screen by circling them.

During today's announcement, however, Google did show off a new feature for Circle to Search: homework help. The tool now recognizes long problems, and can walk students through how to solve them. Say you have a complex math problem in front of you: Circle it, and Gemini will break down the process for you. Sure, the answer is included, but so is the reasoning, so it can be a tool for learning how to solve future problems rather than simply a way to cheat on your homework.

Gemini is now "context aware"

Google was very excited to announce that Gemini is now "context aware" on Android. What they mean by that is Gemini will recognize what you're currently doing on your phone or tablet when you call up the assistant, and take that into account when returning a result for your query.

In an on-stage example, a demonstrator was in a conversation with a friend who asked if they wanted to play pickleball. The demonstrator jokingly asked if pickleball was playing tennis with a pickle, then pulled up Gemini inside the chat to create a meme of a pickle playing tennis. The friend then sent over a video on how to play pickleball: The demonstrator asked Gemini a question about the game, and, since the AI understood the demonstrator was watching a video, it searched the video for the answer rather than the web at large.

AI for scam prevention

This was my favorite feature of the entire event. Google showed off how Gemini can analyze your phone calls as they're happening, and warn you of a potential scam. It's not subtle, either: The demo involved a call from someone impersonating a bank, claiming the demonstrator had suspicious charges on their account. When the demonstrator asked what the charges were and the caller said they couldn't say over the phone, the phone instantly started buzzing, and an alert appeared warning of the potential scam.

I would love if companies like Google took this idea and ran with it. Scams are so prevalent in digital life already, and they are only getting worse with the rise of generative AI. If companies can use AI technology to fight back against AI scams too, all the better.

Android 15 news is coming tomorrow

Again, this is simply a short list of Gemini features coming to Android in general—not the entire list of changes coming with Android 15. More Android feature news is coming tomorrow, per Google, so keep your eyes open for that.

Read more of this story at Slashdot.

Now that Android – since version 13 – ships with the Android Virtualisation Framework, Google can start doing interesting things with it. It turns out the first interesting thing Google wants do with it is run Chrome OS inside of it.

Even though AVF was initially designed around running small workloads in a highly stripped-down build of Android loaded in an isolated virtual machine, there’s technically no reason it can’t be used to run other operating systems. As a matter of fact, this was demonstrated already when developer Danny Lin got Windows 11 running on an Android phone back in 2022. Google itself never officially provided support for running anything other than its custom build of Android called “microdroid” in AVF, but that’s no longer the case. The company has started to offer official support for running Chromium OS, the open-source version of Chrome OS, on Android phones through AVF, and it has even been privately demoing this to other companies.

At a privately held event, Google recently demonstrated a special build of Chromium OS — code-named “ferrochrome” — running in a virtual machine on a Pixel 8. However, Chromium OS wasn’t shown running on the phone’s screen itself. Rather, it was projected to an external display, which is possible because Google recently enabled display output on its Pixel 8 series. Time will tell if Google is thinking of positioning Chrome OS as a platform for its desktop mode ambitions and Samsung DeX rival.

↫ Mishaal Rahman at Android Authority

It seems that Google is in the phase of exploring if there are any OEMs interested in allowing users to plug their Android phone into an external display and input devices and run Chrome OS on it. This sounds like an interesting approach to the longstanding dream of convergence – one device for all your computing needs – but at the same time, it feels quite convoluted to have your Android device emulate an entire Chrome OS installation.

What a damning condemnation of Android as a platform that despite years of trying, Google just can’t seem to make Android and its applications work in a desktop form factor. I’ve tried to shoehorn Android into a desktop workflow, and it’s quite hard, despite third parties having made some interesting tools to help you along. It really seems Android just does not want to be anywhere else but on a mobile touch display.

Last month, Google officially rolled out its Find My Device network for Android—not to be confused with Apple's Find My network, of course. But the similar names are appropriate in this case, since Google's service works just about the same as Apple's—and Tile's, for that matter. Google's service helps you find devices you've left behind or misplaced by leveraging the greater network of Android devices. Sound familiar?

How does Android's Find My Device work?

Find My Device allows you to find the approximate location for any connected, compatible device by relying on a network of over one billion Android devices around the world. (At the onset, however, Find My Device only works in the United States and Canada.)

When you leave behind a connected device, those devices can passively connect to any nearby Android phone through Bluetooth. That connection updates the device's location in the Find My Device network, giving you a good idea of where that device is—at least, where it was the last time an Android user came within Bluetooth distance of it (roughly 30 feet). If you have a Pixel 8 or Pixel 8 Pro, this works even when your device is offline. If your phone loses all its battery, you can still locate it using Find My Device.

But it's not just other people's devices that can help you find your missing items: You can also use your personal devices to find others. If you're close enough to the missing device, you'll see a Find nearby option appear, which walks you directly to your device's location using an on-screen radius. Your Nest devices can also act as beacons for your missing devices: If they're close enough to one of your Google smart home devices, that will help you locate those missing items as well.

For now, Find My Device only works with Android phones and tablets, but Google will expand the network to support compatible Bluetooth devices starting in May. That includes Bluetooth trackers from Pebblebee and Chipolo, and Google says companies like Motorola, Jio, and Eufy will be making compatible tags later this year. Google will also let you share items with other people, so you can share a TV remote with your friend who is house sitting, or your keys with someone borrowing your car.

How about the security of Find My Device?

You may have seen reports that Find My Device is a security risk. Sure, the idea that all of these Android devices are sharing location data with each other sounds like a field day for stalkers and other bad actors. But, the truth is, both Find My Device on Android and Find My on iOS are perfectly safe to use.

Google says all location data, including aggregated device location reporting, is end-to-end encrypted, so no one should be able to see your items' locations but you—not even Google. That goes for the people whose devices are sharing their location with your items: Their data is end-to-end encrypted, so you can't see that it was their device that shared the location, and they can't see they shared it to your device. The company even asserts that if one of your devices can help find your missing item, it will disregard all aggregated location data in favor of using your device as a tracker.

Google also says it doesn't start saving location info until it senses multiple devices around yours, and limits the number of refreshes to minimize the risk of malicious real-time tracking. In other words, the feature works great for stationary objects, such as keys left behind in a coffee shop, but it won't offer live updates if you left those keys in the back of a taxi. In addition, if you're near your home and have your address tied to your Google account, your device won't contribute to the crowdsourced location data used to locate other devices.

Finally, Find My Device works with the established anti-stalker protocols both Android and iOS are a part of. If your device detects a strange tracker, it will alert you and offer instructions on how to find and disable the tracker. In fact, Apple and Google recently rolled out a new standard for detecting trackers: Whether you use an iPhone or an Android, your Find My service will help you locate a strange tracker should it be following you.

How to use Find My Device

To get started, you'll need an Android device running at least Android 9 and the Find My Device app from the Play Store. Alternatively, you can log into the Find My Device site on desktop.

If you're looking for your own device, you can hit Continue, but if you're helping a friend, choose Sign in as guest and have your friend plug in their credentials. From here, choose the device you want to find: You may need to confirm your device's PIN or provide your Google password instead. Once confirmed, this action will send a notification to that device.

Now, you should see your device on the map. You can choose to get directions to your device, or, if you're close enough to the device, you can use the Find nearby feature.

You have a few other options as well: You can choose to play a sound from your device, which will make it ring at max volume for five minutes (be careful with this one). You can also lock your device with your PIN or password using Secure device to make sure no one can access it: If you use this feature, you can leave a message for anyone who finds your device to help get in contact with you.

Finally, if you can't find it, you can delete the device from your account.

How to turn off Find My Device

If you ever want to disable Find My Device for your Android devices, it's easy to do. To start, pick up the device you want to disable the feature for, then open Settings > Security & privacy > Find My Device. From here, disable Use Find My Device, and your Android device will stop using the feature.

It's that time of year again: Google is gearing up for I/O, the company's annual software event. Like Apple's WWDC, Google I/O is actually a developer's conference, rather than a traditional product announcement. But while app developers can tune into specialized events of their own, the rest of us are really here for the consumer-facing software news. For Google I/O, that means a lot of AI.

Google I/O and AI

Google has been pushing its AI services for some time now. Once called Bard, Gemini is just about everywhere Google is: There's now a paid version of the service, just like ChatGPT Plus, and the tech now powers many of Google's AI features on Android, Workspace, Maps, and more.

AI is the current trend in tech, and it doesn't seem to be stopping anytime soon. Expect Google to continue the conversation as it explores its vision for AI in its product lineup, especially as it pertains to search. (Search continues to be the company's bread and butter, of course.)

Of course, being I/O, Google will likely use the event as an opportunity to showcase Android 15, which is currently in beta. Perhaps the company will expand upon features we already know about, such as granular control over the number of notifications an app can send, a high-quality webcam mode, and partial screen sharing, among others. It's also possible we'll see some new features not yet tested in the beta, as well as other new features across Google's product lineup.

While it's possible the company will announce hardware, the focus is really on software. That said, the company will no doubt make note of its recent Pixel 8a launch.

How to watch Google I/O 2024

Even if you aren't among the journalists and developers invited to I/O in person, you can tune in wherever you happen to be. Google will be live-streaming the event from its official website as well as from the company's YouTube channel. The main event kicks off Tuesday, May 14 at 10 a.m. PT (1 p.m. ET).

Tweet may have been deleted

Google’s Pixel A-series of budget smartphones is almost always a sure bet, offering minimal cuts to hardware while still packing the Pixel line’s trademark software perks, all at a pretty sizable discount. As the first A-series phone to release since the Pixel 8 and 8 Pro upped the focus on AI, the Pixel 8a has a lot to live up to. But while its feature set succeeds just about as well as any a series phone before it, the 8a takes a slight hit to the most important A-series feature—value.

Google Pixel 8a 5G 128GB Unlocked Phone (Obsidian)

$499.00 at Best Buy

Get Deal

Get Deal

$499.00 at Best Buy

The Pixel 8a is almost identical to the Pixel 8

Credit: Michelle Ehrhardt

The Pixel A-series always feels a bit like magic. At first glance, this is a regular Pixel 8. It has the same Tensor G3 processor, the same AI features, the same Titan M2 security chip, a very similar 120Hz “Actua” display, and for the first time, even an option to upgrade to 256GB of storage.

That said, Google had to cut some corners to slash the Pixel 8's usual $699 price tag down to $499. The biggest hit is potentially to the cameras, which are unchanged from the Pixel 7a, but there’s also decreased durability, a smaller screen with thicker bezels, a slightly smaller battery, and significantly slower charging.

None of these are deal breakers for the typical user. The camera issues are subjective (more on that later). The IP67 (as opposed to IP68) rating just means you can’t drop it in water quite as deep as the Pixel 8 for quite as long, but both should hold up evenly in a rainstorm. The screen space is just .1-inch smaller (down from 6.2-inches), which means all types of content will still hold up without making you squint. The battery is actually improved over the Pixel 7a, so its 4,492 mAh is well within range of the base Pixel 8’s 4,575 mAh. And while the 18W charging speed is much slower than the base Pixel 8’s 27W, it’s still on par with the iPhone 15’s, keeping it in line with the competition.

These issues can add up when taken as a whole, but they’re about the smallest tweaks Google could have made, and the 8a certainly doesn’t feel cheap when in the hand.

Google Pixel 8 5G 256GB Unlocked Phone (Obsidian)

The Pixel 8a is almost identical to the standard Pixel 8

$754.00 at Amazon

Get Deal

Get Deal

$754.00 at Amazon

AI on the Pixel 8a

Google is able to make its budget phones so similar to its base models because, unlike the iPhone, the vast majority of the Pixel line’s selling points come from software. When Apple debuted the iPhone 15, it made a big deal of better cameras, a thin and light titanium frame (on some models), the move to USB-C, and a new shortcut button. When Google debuted the Pixel 8 and Pixel 8 Pro, its focus was on AI.

That hasn’t changed on the Pixel 8a. Because it has the same chip as the Pixel 8 and even the Pixel 8 Pro, it has access to most of the same tricks as its older siblings.

Longstanding Pixel features like Magic Editor and Live Transcribe are both here, as are new features including Best Take, Magic Editor, and Audio Magic Eraser. Even Gemini is here, letting you replace Google Assistant with an LLM-powered AI. And all this works just as well as on any other Pixel 8 phone. Which is to say, usefulness is mixed.

Live Transcribe is probably my favorite Pixel feature, although because my job requires plenty of interviews, I’m maybe a bit biased. It’s hidden away under Settings > Accessibility > Live Transcribe, and can jot down a conversation as it happens. The accuracy isn’t perfect and it can’t differentiate between speakers, but it’s good enough for reference. It also represents significant savings, since similar services charge a subscription fee or place serious limits on how much you can transcribe. If you find yourself frequently translating speech to text, a Pixel phone is maybe worth buying for Live Transcribe alone.

If not, there’s still Live Caption, which applies the same tech to videos, games, calls, and other media. Live Translate adds in a layer of Google Translate, and was about on point for my basic English-to-Spanish questions. As a bonus, Live Translate also works on text messages.

Another solid feature is Audio Magic Eraser, which can almost completely eliminate background noise from your videos. Just click on “Audio” while editing the video, and you’ll be impressed by the results. In a test video, I had it pointing right at my desk fan, and couldn’t hear it at all (certainly not the case in the unedited video).

There’s also Circle to Search, which isn’t unique to Pixel but makes it easier to search Google by image. It’s more of a magic trick than anything else, as it essentially functions as a shortcut for Google’s pre-existing tap-to-search function. Still, it correctly identified the Hamilton Beach Breakfast Sandwich Maker in the image below.

Credit: Michelle Ehrhardt

Call Assistant is handy, too, acting as a sort of virtual secretary. There’s a ton of features here, from cleaned-up audio during calls to call screening that can even ask simple questions for you. Call Assistant can also wait on hold for you with toll-free numbers. This is one of the features that Google seems to update every few months—it’s a fan favorite, and the Pixel 8a gets full access to it.

Unfortunately, that’s about everything nice I have to say about Pixel AI. The other headlining features on the 8a involve generative text and imagery, and really come across more as toys than anything else.

This is most prevalent in Magic Eraser and Magic Editor, two features that Google loves to spotlight but still aren't quite there. These work by intelligently cutting subjects out of frame, or even moving them around. Selections are nice and precise—it was easy to select just my cat or just a car while editing. But the results are, as on past Pixel phones, prone to smudges and blurs.

Credit: Michelle Ehrhardt

Best Take fares a little better, but its use cases are highly situational. Essentially, Best Take allows groups of people to take several shots of themselves in quick succession, then mix and match them to make a “best” version of their group photo. Sometimes, the cut-and-pasting works out. Sometimes, heads are the wrong size or mouths end up with beards in them. In any case, good luck getting a group of people to gather around your Pixel to troubleshoot a selfie for more than a few minutes.

Video Boost and Night Sight Video are genuinely useful, but so weirdly restrictive that it’s worth mentioning. Both of these features are exclusive to the Pixel 8 Pro and use cloud processing to amp up details and lighting in videos. Because of that cloud processing, there’s no technical basis for Google making these features exclusive to its most expensive phone—they really should be on the 8 and 8a.

Finally, there’s Gemini, which feels like installing a virus on your phone. While Gemini Nano is promised to come via a future update, the 8a currently runs Gemini via the cloud—a much worse proposition. Do this at your own risk, as turning Gemini on replaces the Google Assistant, which is far more handy in many respects. 

When enabled, holding the power button or saying “Hey Google” will open up a question box for Google Gemini, but there’s not much point to using this shortcut over the Gemini web app. You’ll need internet access for Gemini anyway, and there’s no extra tools provided by the shortcut that the web app doesn’t have yet.

Credit: Michelle Ehrhardt

Meanwhile, you’ll lose access to Google Assistant, which can do handy things like enable Interpreter Mode (the easiest way to launch Live Translate) or run smart home routines. Yes, enabling Google’s fancy new AI actually makes your phone less useful.

If you find yourself stuck with Gemini, go to Settings > Digital Assistants From Google and select Google Assistant to turn it off.

It’s clear that Google still has a ways to go when implementing generative AI on its phones, but that could change come Google I/O on May 14.

Google Pixel 8 Pro 5G 256GB Unlocked Phone (Obsidian)

The Pixel 8a shares its processor with the standard Pixel 8 and even the Pixel 8 Pro

$1,101.29 at Amazon

Get Deal

Get Deal

$1,101.29 at Amazon

The Pixel 8a is a solid performer

Despite the Pixel marketing relying so much on “feature drops,” its Tensor G3 chip means the 8a is a solid performer for more traditional tasks, too.

In the synthetic benchmark Geekbench 6, which simulates common tasks like editing photos, compressing files, or manipulating spreadsheets, the Pixel 8a scored a respectable 1,652 on single-core tasks and 4,233 on multi-core tasks. By comparison, the Pixel 8 Pro scored 1,766/4,537 (likely due to its extra four extra GB of RAM), and the iPhone 15 Pro scored 2,938/7,250. Unfortunately, I didn’t have a base iPhone 15 to compare against, although public scores put it around 2,557/6,381.

That might sound bad, but the iPhone 15 is $300 more than the Pixel 8a, and synthetic scores are never quite a complete picture.

In a more hands-on gaming test, the Pixel 8a could run Genshin Impact on maximum settings at around 45–50 frames-per-second (fps) depending on how much action was happening on screen. The caveat was this triggered the game’s “overclocked” setting, which warns of excessive heat and battery drain. Sure enough, about a half hour into my session, the phone was a bit too warm to comfortably handle.

Credit: Michelle Ehrhardt

The highest performance I could get without overclocking was on the medium settings with a 30 fps cap. Here, the game ran at a smooth 30 throughout, which is functional.

Unfortunately for Google, the Pixel 8 Pro also had the same limitations. You’re probably better off going for another brand if you’re looking for the best gaming phone.

The Pixel 8a screen is smooth

What’s weird is that no Pixel 8 model gives you the option to play Genshin Impact above 60 fps, despite all being able to hit a 120Hz refresh rate.

Granted, the feature is hidden—go to Settings > Display > Smooth Display to turn it on (the phone will remind you that this will impact battery life). But even with it turned on, performance was apparently low enough that the game didn’t recognize it, which wasn’t an issue on my iPhone 15 Pro.

That’s a shame, because the screen holds up well in all other respects. The 8a carries over Google’s “Actua” technology, which essentially means an OLED with a high peak brightness. It’s not as bright as the “Super Actua” display on the 8 Pro, but its 2,000 nits of peak brightness are on par with the iPhone 15 (although the 8a does offer 200 fewer max nits on HDR content).

I was comfortable using the phone outdoors at less than 60% brightness most of the time, and below 50% brightness indoors. That’s a boon for battery life.

Pixel 8a Battery Life

Speaking of battery life, the Pixel 8a is long lived in both daily use and intensive tasks like gaming. During anecdotal use browsing the internet, taking photos, and messaging with friends, I rarely saw it dip below 70%. In more serious tasks, I walked away stunned by what it could do.

Leaving the phone (mostly) idling in Genshin Impact on the recommended Medium/30 fps settings, I got seven and a half hours of play before it finally died. While I wasn't continually controlling my character, I was situated in an area that constantly shone with multiple different kinds of particle effects.

Battery life extended to a whopping 17 hours and 24 minutes when streaming a 24-hour Fortnite gameplay video at 480p.

Both tests were conducted at 50% brightness with adaptive brightness off, and neither test showed any abnormalities during occasional check-ins.

Like with the Pixel 8, Google promises "up to 72-hour battery life with Extreme Battery Saver," but even with moderate regular use, you'll likely only need to charge the 8a overnight, so you can leave your pocket charger at home.

Testing the Pixel 8a Camera

The Pixel 8a’s camera is a strange beast, in that it’s not definitively worse or better than the regular Pixel 8 camera setup.

That’s because it uses the same sensors as the Pixel 7a, which are actually better than the Pixel 8's on paper.

The Pixel 8a boasts a 64MP wide camera and 13MP ultrawide camera on the rear, plus a 13MP pinhole selfie camera on the front, while the regular Pixel 8 has a 50/12MP rear camera setup and a 10.5MP front camera.

However, the standard Pixel 8 has larger pixels, wider apertures, and better light sensing, which can result in deeper colors.

I unfortunately didn’t have a standard Pixel 8 in hand for this review, although our sister site PCMag referred to the Pixel 8’s cameras as “terrific,” while only calling the 7a’s camera’s “above-average.”

With my limited experience shooting with the Pixel 8a at night, during the day, up close, and far away, it’s an opinion I would mirror. These are good cameras, but this certainly isn’t a camera phone.

Credit: Michelle Ehrhardt

Credit: Michelle Ehrhardt

Credit: Michelle Ehrhardt

Video is capable of shooting at a maximum of 4K/60 fps, which is more than enough for the average person, and even includes “Speech Enhancement,” which works sort of like a live Audio Magic Eraser. The catch is that Speech Enhancement only works on 30 fps videos. But because Audio Magic Eraser works on any videos you capture, it’s not a major loss.

Should you buy the Pixel 8a?

In most respects, the Pixel 8a is essentially identical to the Pixel 8. And that’s where its biggest problem pops up.

There’s no doubt about it: When buying at sticker price, the Pixel 8a is the most value you can get in an Android phone right now, and probably the best choice for most people. But at $500, it’s also just close enough to the regular Pixel 8’s price to be a bit of an awkward middle child.

That’s because the Pixel 8 has seen frequent sales as of late. In December, the 256GB Pixel 8 hit $531 at Best Buy. In March, it fell down to $499 through Best Buy, Amazon, and Google, and even $469 on Woot.

If you’re buying at the standard $699 starting price, the Pixel 8 probably isn’t worth it anymore, but deals like those are only likely to become more common as it ages. And while the differences between the Pixel 8 and the 8a are minor, it does offer an overall more polished experience, one worth spending $30 to $50 more on.

If you need the best mid-range Android phone right now? The Google Pixel 8a is a great choice, especially if you snag a bundle deal. But if you can wait a bit? Keep an eye out for its older, sleeker sibling.

Source: thehackernews.com – Author: . Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users’ credentials from compromised devices. “This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices,” the SonicWall Capture Labs threat research […]

La entrada Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Following the discovery of a number of high-profile Android exploits, Google has released a new Android 14 security update. The latest version of the operating system is now available on supported Pixel devices and should come to other devices in the near future as their manufacturers roll it out. Those with supported phones should download the update as soon as possible. In addition to stamping out exploits, the update also fixes ongoing issues with the camera and Bluetooth LE.

The details of the covered exploits are somewhat technical, but they include several high level vulnerabilities—even some with a "critical" rating—that focus on giving bad actors local escalation of privilege (which gives them control of your device’s most basic framework).

Giving anyone this kind of access is risky, as it could allow them to install new malware and track what you do with your phone. It’s how many malware apps, like the new Brokewell malware, are able to take over your phone and log keystrokes, login info, and other important personal data.

Google's site lists off at least ten different high level security issues that the May Android 14 update addresses. Some of these issues are tied to Android 14’s framework, while others are tied to the system processes controlling phones themselves. Some updates also affect other operating systems, including Android 12, Android 12L, and Android 13.

There are four different builds of the OS update available for Pixel users depending on carrier, including Global, KDDI (Japan), T-Mobile, C Spire, US Cellular, Cellcom, and Verizon. The update began rolling out on Tuesday, and it may appear at different times for you depending on where your device and network fall in the rollout timeline.

How to install the latest security update on your Pixel

While it is possible to flash the update manually through instructions on Google's site, most users will be best off installing over-the-air. If you have a Pixel 7 and up, you can install the update under Settings > System > Advanced > System Update. If you have a Pixel 5 or Pixel 6, you can also install the update using the same steps, although only for the Global build.

There's no doubt Apple has the market cornered on tablets, especially in the U.S. But even if "iPad" is synonymous with these devices in your mind, it's worth remembering there are other excellent alternatives on the market. If you already have a few Google smart home products, like a Nest Mini, something like the Pixel Tablet might make a lot of sense.

If you've been thinking about taking leap from iPad to Pixel Tablet (or even if you haven't), Google has a pretty enticing offer on the table. The company recently started offering the Pixel Tablet without the Charging Speaker Dock. While the dock turns the tablet into a smart home display, opting for the tablet alone saves you $100. And while $399 is a better price than $499, that's not the intriguing deal I'm talking about. Google is also offering a trade-in program for your old Samsung or Apple tablet, and depending on the model you're giving up, trading in your tablet gets you a Pixel Tablet for free: You just pay the tax.

What trade-ins can net you a new Pixel tablet for free

You don't even need to have a newer iPad to take advantage of this deal. Google will accept an iPad as old as the iPad 6, which launched in 2018. If it's in good shape, your credit will be $399, which happens to be the price of a base-model Pixel Tablet. Even if the iPad is beat up, if it turns on, you'll still get $200 for it. Seeing as a renewed iPad 6 goes for $164 on Amazon right now, that's a great deal. What's interesting is $399 appears to be the maximum Google will offer you for any iPad: Whether you have a good condition iPad 6 or the latest 12.9-inch iPad Pro, you get $399 for it.

Google will also accept your Samsung tablets, but it won't offer as much. You'll get up to $350 depending on the model, or as little as $100. (I guess iPads really do hold their value.)

Whether you think it's worth giving up even a six-year-old iPad will depend on how you feel about getting a 128GB Pixel Tablet without the dock. If you want to upgrade to 256GB of storage, can pay only the $99 difference after your trade-in (again, plus tax). If you upgrade to the 128GB tablet with the dock, same thing. If you go all out and upgrade the dock tablet with 256GB of storage, you'll pay $199, rather than the MSRP of $599.

The only catch is you need to pay for the Pixel Tablet in full at the time of purchase. Google will send you a mail-in kit for your old tablet, and following an inspection, will rebate you the agreed-upon trade-in value. At the end, you can net a new Pixel Tablet for only the tax, as long as you're fine with parting with your old iPad.

Pixel Tablet

Nearly free with eligible iPad trade-in.

$399.00 at Google

Get Deal

Get Deal

$399.00 at Google

Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component.

The post Android Update Patches Critical Vulnerability appeared first on SecurityWeek.

The Google Pixel 8a is officially available for preorder, and Amazon is offering a $100 Amazon gift card if you buy the new phone from them. The budget phone from Google's latest 8 Series is a great value considering that it starts at $499 and comes with many of the features and specs from the Pixel 8. Basically, if you waited around for the 8a to come out, your patience is being rewarded.

The $100 Amazon gift card deal runs until May 20 at 2:59 am ET or while supplies last. If you return the phone, you'll be charged $100 from Amazon (but you get to keep the gift card).

Google Pixel 8a with $100 Amazon Gift Card

Google Pixel 8a - 128 GB with $100 Amazon Gift Card

$499.00 at Amazon

Pre-order Here

Pre-order Here

$499.00 at Amazon

Google has been releasing the "a" series in their new lineups for some years now, and personally, they're my favorite smartphones. The "a" series Pixels are the budget version of the series and usually come out about six months on average after the release of the new lineup, and as Lifehacker's Associate Tech Editor Michelle Ehrhardt explained, the Pixel 8a is almost pound-for-pound replacement for the 8. It has the same Tensor G3 processor as the Pixel 8/8 Pro, a slightly smaller 6.1-inch 120Hz “Actual” display, and a slightly better camera system in terms of pixels, but it may have weaker sensors. The 8a is also getting Google Gemini Nano support like the other Pixels. Like the other Pixel 8s, you'll get 7 years of guaranteed software support as well as the same new drop features.

Considering the Pixel 8a is $200 less than the Pixel 8, it makes for not only a great cheaper Pixel option, but also one of the best Android budget phones you can get right now. The $100 Amazon gift card just makes it a better deal.

Samsung has already confirmed that its older flagship devices will soon be getting the latest Galaxy OS update, One UI 6.1. But while that update will bring many of Galaxy AI’s features to these older Galaxy devices, reports from South Korean users who have already installed the update are showing that a few of those devices will only get a small taste of Galaxy AI.

Devices released in 2022 will get all the same AI features as the Galaxy S23 FE, which includes everything except for Instant Slo-mo. But some devices released in 2021, like the Galaxy S21 series and the Galaxy Z Flip 3, will get far fewer features, with only two Galaxy AI functions set to appear on these devices.

Galaxy S21, S21+, and S21 Ultra users will be able to make use of Circle to Search and Magic Rewrite, but they'll miss out on the rest of the features that Galaxy AI brings to the table, including Live Translate, Instant Slo-mo, and more. Samsung hasn’t said whether these limitations are due to hardware, which Google originally claimed when it said Gemini wouldn’t come to the base Pixel 8. (It later found its way to that phone without issue).

How to install One UI 6.1 on your Galaxy device

Samsung hasn’t clarified how quickly the update is rolling out to S21 and Z Flip 3 devices, but if you don’t already see it, you should in the next few days. To download the update on applicable devices, navigate to Settings > Software Update and click the Download and Install button. This will download any available updates and apply them to your device.

It's worth mentioning that the Galaxy S21 FE is not included in this specific rollout for the update. It’s unclear exactly when the update will be available for that device and some others outside of South Korea, but a post from leaker @theonecid says that users with the S21 FE, the A53, and A54 should receive it within the month, at least in Canada. It is likely that a U.S. release will happen at the same time or soon after.

The Galaxy S23 was recently added to Samsung's Certified Re-Newed program, where it can be bought for up to $280 off. To stay up to date on all of Samsung's AI features, check out the most recent Galaxy phones below:

• Galaxy S24

• Galaxy S24 Ultra

• Galaxy Z Flip 5

• Galaxy Z Fold 5

Vultur Android Malware Campaign Trademarks

Things to Do If You Suspect Being Victim

Microsoft has uncovered a new type of attack called Dirty Stream that impacted Android apps with billions of installations. 

The post Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps appeared first on SecurityWeek.

The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal.

The post Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server appeared first on SecurityWeek.

Although Google has shown significant progress in recent weeks in improving RISC-V support in Android, it seems that we’re still quite a bit away from seeing RISC-V hardware running certified builds of Android. Earlier today, a Senior Staff Software Engineer at Google who, according to their LinkedIn, leads the Android Systems Team and works on Android’s Linux kernel fork, submitted a series of patches to AOSP that “remove ACK’s support for riscv64.” The description of these patches states that “support for risc64 GKI kernels is discontinued.”

↫ Mishaal Rahman

Google provided Android Authority with a statement, claiming that Android will continue to support RISC-V. What these patches do, however, is remove support for the architecture from the Generic Kernel Image, which is the only type of kernel Google certifies for Android, which means that it is now no longer possible to ship a certified Android device that uses RISC-V. Any OEM shipping a RISC-V Android device will have to create and maintain its own kernel fork with the required patches. This doesn’t seem to align with Google’s statement.

So, unless Google intends to add RISC-V support back into GKI, there won’t be any officially certified Android devices running on RISC-V. Definitely an odd chain of events here.

In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.

The post Google Says it Blocked 2.28 Million Apps from Google Play Store appeared first on SecurityWeek.

A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.

The post Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices appeared first on SecurityWeek.

Today we’re taking the next step toward our vision for a more open computing platform for the metaverse. We’re opening up the operating system powering our Meta Quest devices to third-party hardware makers, giving more choice to consumers and a larger ecosystem for developers to build for. We’re working with leading global technology companies to bring this new ecosystem to life and making it even easier for developers to build apps and reach their audiences on the platform.

[…]

Meta Horizon OS is the result of a decade of work by Meta to build a next-generation computing platform. To pioneer standalone headsets, we developed technologies like inside-out tracking, and for more natural interaction systems and social presence, we developed eye, face, hand, and body tracking. For mixed reality, we built a full stack of technologies for blending the digital and physical worlds, including high-resolution Passthrough, Scene Understanding, and Spatial Anchors. This long-term investment that began on the mobile-first foundations of the Android Open Source Project has produced a full mixed reality operating system used by millions of people.

↫ Facebook’s blog

In summary, Facebook wants the operating system of their Quest series of virtual reality devices – an Android Open Source Project fork optimised for this use – to become the default platform for virtual reality devices from all kinds of OEMs. Today, they’re announcing that both Asus and Lenovo will be releasing devices running this Meta Horizon OS, with the former focusing on high-end VR gaming, and the latter on more general use cases of work, entertainment, and so on. Facebook will also be working together with Microsoft to create a Quest “inspired by Xbox”.

The Meta Quest Store, the on-device marketplace for applications and games, will be renamed to the Meta Horizon Store, and the App Lab, where developers can more easily get their applications and games on devices and in the hands of consumers as long as they meet basic technical and content guidelines, will be integrated into the Meta Horizon Store for easier access than before. In addition, in a mildly spicy move, Facebook is openly inviting Google to bring the Google Play Store to the VR Android fork, “where it can operate with the same economic model it does on other platforms”.

The odds of me buying anything from Facebook are slim, so I really hope this new move won’t corner the market for VR headsets right out of the gate; I don’t want another Android/iOS duopoly. I’m not particularly interested in VR quite yet – but give it a few more years, and I certainly won’t pass up on a capable device that allows me to play Beat Saber and other exercise-focused applications and games.

I just don’t want it to be a Facebook device or operating system.

New TVs that launch with Android TV 14 or later on Linux kernel 5.15 or higher will be required to meet Google’s Generic Kernel Image (GKI) requirements in order to pass certification!

This means that GKI is now enforced on all major Android form factors with AArch64 chipsets: handhelds, watches, automotive, & televisions.

↫ Mishaal Rahman

What this means is that all the major Android form factors will be running kernels that adhere to the GKI requirements, which means SoC and board support is not part of the core kernel, but instead achieved through loadable modules. This should, in theory, make it easier to provide long-term support.

After two months of developer previews, Google has finally released Android 15 Beta 1. While the beta usually offers more user-facing changes, Google is still pretty light on details with this build, giving us only a few more details on what we can expect. Instead, the company is pointing to Google I/O for more details, which will take place on May 14 this year, basically confirming that this is when we will get the second beta with more features.

↫ Manuel Vonau

There’s very little of interest in this beta, so unless you’re really into Android development, I’d wait out installing any betas until after Google I/O.

Yesterday, I posted an item about the updated Find My Device network Google launched for Android, but I forgot to link to an additional blog post by Google about the various security and privacy precautions they’ve taken. One aspect in particular stands out as something new that Apple’s Find My network doesn’t do (yet):

This is a first-of-its-kind safety protection that makes unwanted tracking to a private location, like your home, more difficult. By default, the Find My Device network requires multiple nearby Android devices to detect a tag before reporting its location to the tag’s owner. Our research found that the Find My Device network is most valuable in public settings like cafes and airports, where there are likely many devices nearby. By implementing aggregation before showing a tag’s location to its owner, the network can take advantage of its biggest strength – over a billion Android devices that can participate. This helps tag owners find their lost devices in these busier locations while prioritizing safety from unwanted tracking near private locations. In less busy areas, last known location and Nest finding are reliable ways to locate items.

↫ Dave Kleidermacher

In addition, when you’re at home, your devices won’t contribute any information either. There’s a whole bunch of other things in there, too, so head on over if you’re curious.

Today, the all-new Find My Device is rolling out to Android devices around the world, starting in the U.S. and Canada. With a new, crowdsourced network of over a billion Android devices, Find My Device can help you find your misplaced Android devices and everyday items quickly and securely. Here are five ways you can try it out.

↫ Erik Kay on the Google blog

This old Android feature has basically been updated to be the same thing as Apple’s Find My, but with more than just one vendor making the tracking tags. Of course, this means it also comes with the same problems, from its use by stalkers to controlling partners, and everything in between. This is a very problematic technology, one which I think is almost impossible to make safe.

Still, I have a Samsung tracker that I don’t use anymore – because I bought a Pixel 8 Pro, and don’t want to install any Samsung applications – and I do plan on getting a new tracker that’s compatible with this new Find My Device network. With two small kids, it’s easy to lose track of something like my car keys, and instead of stressing about where they are when we need to leave on time, I can just ping them using our Google Home devices instead.

Sometimes, these silly smart technologies really do take just that little bit of stress out of your life – you just have to be really picky and honest with yourself about what you really need.

In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips.

You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for updates.

If your Android phone is at patch level 2024-04-05 or later then the issues discussed below have been fixed. The updates have been made available for Android 12, 12L and 13. Android partners are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors.

For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The Qualcomm CVE is listed as CVE-2023-28582. It has a CVSS score of 9.8 out of 20 and is described as a memory corruption in Data Modem while verifying hello-verify message during the Datagram Transport Layer Security (DTLS) handshake.

The cause of the memory corruption lies in a buffer copy without checking the size of the input. Practically, this means that a remote attacker can cause a buffer overflow during the verification of a DTLS handshake, allowing them to execute code on the affected device.

Another vulnerability highlighted by Google is CVE-2024-23704, an elevation of privilege (EoP) vulnerability in the System component that affects Android 13 and Android 14.

This vulnerability could lead to local escalation of privilege with no additional execution privileges needed. Local privilege escalation happens when one user acquires the system rights of another user. This could allow an attacker to access information they shouldn’t have access to, or perform actions at a higher level of permissions.

Pixel users

Google warns Pixel users that there are indications that two high severity vulnerabilities may be under limited, targeted exploitation. These vulnerabilities are:

• CVE-2024-29745: An information disclosure vulnerability in the bootloader component. Bootloaders are one of the first programs to load and ensure that all relevant operating system data is loaded into the main memory when a device is started.
• CVE-2024-29748: An elevation of privilege (EoP) vulnerability in the Pixel firmware. Firmware is device-specific software that provides basic machine instructions that allow the hardware to function and communicate with other software running on the device.

On Pixel devices, a security patch level of 2024-04-05 resolves all these security vulnerabilities.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. 

Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven advice. 

In our recent report, “Everyone’s afraid of the internet, and no-one’s sure what to do about it,” we found that only half of the people surveyed feel confident they know how to stay safe online and even fewer are taking the right measures. 

So, though the fears are big, they are followed by very little action. We want to make things easy for our customers so they know what they should be doing, and how. 

Computer security can be difficult and time consuming, especially if you consider all the different devices and operating systems. We want to help our customers, whatever they use. 

Getting it right means knowing what software needs to be updated, whether your system settings are configured securely, and running active protection that can uncover hidden threats. 

Getting it wrong means leaving gaps in your defences that malware, criminal hackers, and other online threats can sneak through. 

Trusted Advisor takes away the guesswork by delivering a holistic assessment of your security and privacy in a way that’s easy to understand, making issues simple to correct. It combines the proven capabilities of Malwarebytes with the knowledge of the brightest industry experts to give you an expert assessment that puts you one step ahead of the cybercrooks. 

Protection score

At the heart of Trusted Advisor is a single, easy-to-understand protection score. If you’re rocking a 100% rating then you know you’re crushing it. 

If your score dips below 100%, we’ll explain why, and offer you a checklist of items to improve your security and boost your score. 

Trusted Advisor’s recommendations are practical and jargon-free, so they’re easy to action.

Trusted Advisor monitors various categories of information around security and privacy to assess your overall Protection Score (exact check points will depend on OS and license type):

• Real-time protection monitors your device continuously, stopping and removing threats like malware as they appear. It’s vital for keeping you safe from the most destructive threats and the most common methods of infection, so Trusted Advisor will alert you if you aren’t fully protected. 
• Software updates fix the coding flaws that cybercriminals exploit to steal data or put malware on your system. Staying up to date is one of the most important things you can do for your security, so Trusted Advisor has your back here too. 
• General settings covers settings within Malwarebytes, Operating Systems, or your network preferences. Trusted Advisor checks for settings that may not be configured correctly. For example, on iOS it ensures you have defined a passcode for your device and activated web and call protection. 
• Device scans are routine scans that seek out hidden threats on your system. Trusted Advisor will tell you if you get behind and need to run a scan manually. 
• Online privacy helps you take a proactive stance on your privacy by hiding your IP address and blocking third-party ad trackers, making you’re harder to track on the web. Trusted Advisor monitors this so you only part with the personal information you intend to. 
• Device health guards against slowdowns and other performance problems. Trusted Advisor helps you get the most out of your system so that you aren’t left guessing whether it was malware grinding your device to a halt. 

Even with an excellent score, you can’t guarantee absolute safety, though it places you in the closest proximity to it. By following our recommendations, you’ll be in the best security situation you can be.

Try it today

If you’re an existing Malwarebytes customer you will get Trusted Advisor automatically, but if you’re in a hurry, you can go to Settings > About > Check for updates and get it right now. If you aren’t, you can get Trusted Advisor by downloading the latest version of Malwarebytes.

Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users’ devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB.

Cybercriminals and state actors like to send their traffic through other people’s devices, known as proxies. This allows them to use somebody else’s resources to get their work done, it masks the origin of their attacks so they are less likely to get blocked, and it makes it easy for them to keep operating if one of their proxies is blocked.

An entire underground market of proxy networks exists to service this desire, offering cybercriminals flexible, scalable platfroms from which to launch activities like advertising fraud, password spraying, and credential stuffing attacks.

The researchers at HUMAN found 28 apps on Google Play that turned unsuspecting Android devices into proxies for criminals. 17 of the apps were free VPNs. All of them have now been removed from Google Play.

The operation was dubbed PROXYLIB after a code library shared by all the apps that was responsible for enrolling devices into the ciminal network.

HUMAN also found hundreds of apps in third-party repositories that appeared to use the LumiApps toolkit, a Software Development Kit (SDK) which can be used to load PROXYLIB. They also tied PROXYLIB to another platform that specializes in selling access to proxy nodes, called Asocks.

Protection and removal

Android users are now automatically protected from the PROXYLIB attack by Google Play Protect, which is on by default on Android devices with Google Play Services.

The affected apps can be uninstalled using a mobile device’s uninstall functionality. However, apps like these may be made available under different names in future, which is where apps like Malwarebytes for Android can help.

Recommendations to stay clear of PROXYLIB are:

• Do not install apps from third-party websites.
• Do not install free VPNs.
• Use Malwarebytes for Android.

Victims of novel attacks like PROXYLIB might notice slow traffic, because their bandwidth is in use for other purposes. And at some point their IP address may be blocked by websites and other services.

The researchers included a list of applications they uncovered as part of PROXYLIB. If you installed any of the apps on the list before they were removed from Google Play you will need to uninstall them.

We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

For the most popular operating system in the world—which is Android and it isn’t even a contest—there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals.

These are “Android banking trojans,” and, according to our 2024 ThreatDown State of Malware report, Malwarebytes detected an astonishing 88,500 of them last year alone.

While the 2024 ThreatDown State of Malware report focuses heavily on the corporate security landscape today, make no mistake: Android banking trojans pose a serious threat to everyday users. They are well-disguised, hard to detect in regular use, and are a favorite hacking tool for cybercriminals who want to automate the theft of online funds for themselves.

What are Android banking trojans?

The idea behind Android banking trojans—and all cyber trojans—is simple: Much like the fabled “Trojan Horse” which, the story goes, carried a violent surprise for the city of Troy, Android banking trojans can be found on the internet disguised as benign, legitimate mobile apps that, once installed on a device, reveal more sinister intentions.  

By masquerading as everyday mobile apps for things like QR code readers, fitness trackers, and productivity or photography tools, Android banking trojans intercept a person’s online interest in one app, and instead deliver a malicious tool that cybercriminals can abuse later on.

But modern devices aren’t so faulty that an errant mobile app download can lead to full device control or the complete revelation of all your private details, like your email, social media, and banking logins. Instead, what makes Android banking trojans so tricky is that, once installed, they present legitimate-looking permissions screens that ask users to grant the new app all sorts of access to their device, under the guise of improving functionality.

Take the SharkBot banking trojan, which Malwarebytes detects and stops. Last year, Malwarebytes found this Android banking trojan hiding itself as a file recovery tool called “RecoverFiles.” Once installed on a device, “RecoverFiles” asked for access to “photos, videos, music, and audio on this device,” along with extra permissions to access files, map and talk to other apps, and even send payments via Google Play.

These are just the sorts of permissions that any piece of malware needs to dig into your personally identifiable information and your separate apps to steal your usernames, passwords, and other important information that should be kept private and secure.

Still, the tricks behind “RecoverFiles” aren’t yet over.

Not only is the app a clever wrapper for an Android banking trojan, it could also be considered a hidden wrapper. Once installed on a device, the “RecoverFiles” app icon itself does not show up on a device’s home screen. This stealth maneuver is similar to the features of stalkerware-type apps, which can be used to non-consensually spy on another person’s physical and digital activity.

But in the world of Android banking trojan development, cybercrminals have devised far more devious schemes than simple camouflage.

Slipping under the radar

The problem with the Ancient Greeks’ Trojan Horse strategy is that it could only work once—if you don’t sack Troy the first time, you better believe Troy is going to implement some strict security controls on all future big horse gifts.

The makers of Android banking trojans have to overcome similar (and far more advanced) security measures from Google. As the Google Play store has become the go-to marketplace for Android apps, cybercriminals try to place their malicious apps on Google Play to catch the highest number of victims. But Google Play’s security measures frequently detect malware and prevent it from being listed.

So, what’s a cybercriminal to do?

In these instances, cybercriminals make an application that is seemingly benign, but, once installed on a device, executes a line of code that actually downloads malware from somewhere else on the internet. This is how cybercriminals recently snuck their malware onto Google Play and potentially infected more than 100,000 users with the Anatsa banking trojan.

What was most concerning in this attack was that the malicious apps that made it onto the Google Play store reportedly worked for their intended purposes—the PDF reader read PDFs, the file manager managed files. But hidden within the apps’ coding, users were actually downloading a set of instructions that directed their devices to install malware.

These malicious packages are sometimes called “malware droppers” as the apps “drop” malware onto a device at a later time.  

What does it all mean for me?

There’s a lot of technical machinery at work inside any Android banking trojan that is put in place to accomplish a rather simple end goal, which is stealing your money.

All the camouflage, subterfuge, and hidden code execution is part of a longer attack chain in which Android banking trojans steal your passwords and personally identifiable information, and then use that information to take your money.

As we wrote in the 2024 ThreatDown State of Malware report:

“Once it has accessibility permissions, the malware initializes its Automated TransferSystem (ATS) framework, a complex set of scripts and commands designed to perform automated banking transactions without user intervention. The ATS framework uses the harvested credentials to initiate unauthorized money transfers to accounts held by the attacker. This mimics real user behavior to bypass fraud detection systems.”

Staying safe from Android banking trojans

Protecting yourself from Android banking trojans is not as simple as, say, spotting grammatical mistakes in a phishing email or refusing to click any links sent in text messages from unknown numbers. But just because Android banking trojans are harder to detect by eye does not mean that they’re impossible to stop.

Malwarebytes Premium provides real-time protection to detect and stop Android banking trojans that are accidentally installed on your devices. It doesn’t matter if the banking trojan is simply a malicious app in a convenient package, or if the banking trojan is downloaded through a “malware dropper”—Malwarebytes Premium provides 24/7 cybersecurity coverage and stops dangerous attacks before they can be carried out.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Well, the GoldPickaxe Trojan does not literally steal your face, but it does steal an image of your face in order to be able to identify as you.

Researchers have found a family of Trojans, attributed to a financially motivated Chinese group, which come in versions for iOS and Android.

Cybercriminals try to trick victims into scanning their faces along with identification documents. The victims are approached through phishing and smishing messages claiming to be from local governments or other trusted sources. They ask the target to install a fake government service app.

At this stage there is a crossroads where Android and iOS infections are different. While Android users go straight to the malicious app, due to measures taken by Apple the criminals ask the iOS users to install a disguised Mobile Device Management (MDM) profile. MDM allows a controller to remotely configure devices by sending profiles and commands to the device. As such MDM offers a wide range of features such as remote wipe, device tracking, and application management, which the cybercriminals take advantage of to install malicious applications and obtain the information they need.

The criminals then request that the victim take a photo of an official ID and scan their face with the app. Additionally, the criminals request the target’s phone number in order to get more details about them, particularly their bank accounts.

Once the criminals have a scan of the face they can use artificial intelligence (AI) to perform face-swaps. Face swapping is a technique that allows you to replace faces in images with others.

With the face swap and the photo of the ID the criminals can identify themselves as the victim to the victim’s bank and withdraw funds from their account. Many financial organizations use facial recognition for transaction verification and login authentication. Although the researchers found no evidence that bank fraud was the goal of the cybercriminals, their story was confirmed by warnings from the Thai police.

Although this group is mainly active in Asia, more precisely in Thailand, it makes sense to expect such a successful method to be copied.

Malwarebytes and ThreatDown solutions detect the GoldPickaxe Trojan as Android/Trojan.Agent.prn1.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

In 2022, we published an article about how photographs of children taken by a stalkerware-type app were found exposed on the internet because of poor cybersecurity practices by the app vendor.

The stalkerware-type app involved, TheTruthSpy, has shown once again that the way in which it handles captured data shows no respect to its customers. And even less for the victims it’s monitoring.

TheTruthSpy markets itself as a tool that can be placed in the hands of employers who want to keep tabs on employees in the workplace, or in the hands of parents who want to look after their kids. But it can just as easily be placed in the hands of stalkers, abusive partners, or someone who just wants to get a leg up in their divorce proceedings.

Stalkerware-type applications like TheTruthSpy typically get installed secretly, by a person with access to the victim’s phone. For that reason, by design, the apps stay hidden from the device owner, while giving the attacker complete access.

Boasting “more than 15 spying features,” it can track a target’s location; reveal their browser history; record their calls; read their SMS messages; spy on their WhatsApp, Facebook, SnapChat and Viber messages; log what they type; and record what they say.

That alone is bad enough, but the app seems to have a persistent problem with security. In 2022, tech publication TechCrunch discovered that TheTruthSpy and other spyware apps share a common Insecure Direct Object Reference (IDOR) vulnerability, CVE-2022-0732. The publications described the bug as “extremely easy to exploit, and grants unfettered remote access to all of the data collected from a victim’s Android device.”

The bug was never fixed, and yesterday, stalkerware researcher maia arson crimew, revealed that it was stumbled upon again by two different hacking groups.

When members of the two hacking groups looked into TruthSpy last december while searching for stalkerware to hack, they independently stumbled upon the same IDOR vulnerability

The good news is that both groups, SiegedSec and ByteMeCrew, said in a Telegram post that they are not publicly releasing the breached data, given its highly sensitive nature. They provided enough data to enable TechCrunch to verify that it is authentic though, by matching IMEI numbers (numbers that uniquely identify phones) and advertising IDs against a list of previous known-to-be compromised devices.

Which means that by installing TheTruthSpy—and a whole fleet of clone apps including Copy9, MxSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, FoneTracker and GuestSpy—you are not just spying on someone, you are also potentially exposing their data for anyone to find.

The data reportedly shows that TheTruthSpy continues to actively spy on large clusters of victims across Europe, India, Indonesia, the United States, the United Kingdom and elsewhere.

Sadly, this is no surprise. According to 2023 research from Malwarebytes, 62 percent of people in the United States and Canada admitted to monitoring their romantic partners online in one form or another, from looking through a spouse’s or significant other’s text messages, to tracking their location, to rifling through their search history, to even installing monitoring software onto their devices.

Removing stalkerware

If you want to know if your phone is or was infected with TheTruthSpy, you can use the lookup tool provided by TechCrunch, which has been updated to include information about the most recent leak.

Malwarebytes, as one of the founding members of the Coalition Against Stalkerware, makes it a priority to detect and remove stalkerware-type apps from your device. It is good to keep in mind however that by removing the stalkerware-type app you will alert the person spying on you that you know the app is there.

Because the apps install under a different name and hide themselves from the user, it can be hard to find and remove them. That is where Malwarebytes for Android can help you.

1. Open Malwarebytes for Android.
2. Open the app’s dashboard
3. Tap Scan now
4. It may take a few minutes to scan your device.

 If malware is detected you can act on it in the following ways:

• Uninstall. The threat will be deleted from your device.
• Ignore Always. The file detection will be added to the Allow List, and excluded from future scans. Legitimate files are sometimes detected as malware. We recommend reviewing scan results and adding files to Ignore Always that you know are safe and want to keep.
• Ignore Once: A file has been detected as a threat, but you are not sure whether to add it to your Allow List or delete. This option will ignore the detection this time only. It will be detected as malware on your next scan.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.