Read more of this story at Slashdot.

Android users are getting more tools to combat the seemingly endless stream of scam texts from bad actors looking to steal your data and your money. Circle to Search and Google Lens can now assess messages for scam red flags, and if possible fraud is detected, you'll get recommendations for what to do (or not do) next. Even if you think you know the telltale signs of a scam—a sense of urgency, a demand for money or personal information, a link to log in or pay—using these tools can confirm your suspicions, especially when you feel pressured to act.

Use Circle to Search to identify scams

To activate Circle to Search, long press the home button or navigation bar on your device and circle the text you want to scan. Alternatively, you can take a screenshot, open Lens in the Google app (also available on iOS), and tap the screenshot. The feature works for text messages as well as communication on messaging apps and social media sites. Google says the capability is available "when our systems have high confidence in the quality of the response."

This is just the latest in the Google's suite of security features meant to protect against fraud. Pixel users have real-time, AI-powered scam detection, which identifies and alerts you to suspicious conversational patterns in Google Messages and Phone by Google. In-call protections for Android prevent you from taking certain actions, such as sideloading new apps and changing accessibility permission, on your device while on the phone with anyone not saved in your contacts.

Earlier this month, Google also expanded its in-call scam detection feature, meant to combat bank impersonation schemes, to U.S. users. If you are on a call with a number that's not in your contacts and try to open a participating financial app, you'll get a notification reminding you not to share information and a one-click option to stop screen-sharing and end the call.

If you find yourself in an emergency or crisis situation, the more information you can give first responders, the better. Android users can now share a live stream of their surroundings with 911, allowing emergency services to assess and provide guidance in real time while you wait for help to arrive onsite.

Emergency services on Android

Your Android already shares some information with first responders via Emergency Location Services (unless you disable this feature). This built-in tool sends an accurate location as well as contextual information, such as language settings, when you call or text an emergency number. Now, that includes live video from your device's camera.

You don't need to do anything to set up Emergency Live Video. Once available in your area, responders can send a request during an emergency call or text to securely share your camera's live video. You'll see a prompt on your screen to start sharing with one tap.

According to Google, Emergency Live Video is encrypted by default. Users can choose whether to share their video from the prompt as well as stop the share at any time by clicking the onscreen Stop sharing button.

Live video sharing is rolling out now to U.S. users, as well as those in parts of Germany and Mexico, on Android phones running Android 8 and up. Google says they are partnering with public safety organizations to expand the feature to more users.

Other Android safety features

Emergency Live Video is the latest in Google's suite of safety features designed to make help more accessible—more quickly—in an emergency. Pixel users in Australia, North America, and several dozen countries across Europe now have access to Satellite SOS, which allows you to call emergency services even without a cellular or wifi connection. Car Crash Detection contacts emergency services and shares your location in the event of severe crash, while Fall Detection and Loss of Pulse Detection will call for help based on Pixel Watch sensor data.

Researchers have analyzed a new threat campaign actively targeting Android users. The malware, named DroidLock, takes over a device and then holds it for ransom. The campaign to date has primarily targeted Spanish-speaking users, but researchers warn it could spread.

DroidLock is delivered via phishing sites that trick users into installing a malicious app pretending to be, for example, a telecom provider or other familiar brand. The app is really a dropper that installs malware able to take complete control of the device by abusing Device Admin and Accessibility Services permissions.

Once the victim grants accessibility permission, the malware starts approving additional permissions on its own. This can include access to SMS, call logs, contacts, and audio, which gives attackers more leverage in a ransom demand.

DroidLock also leverages Accessibility Services to create overlays on other apps. The overlays can capture device unlock patterns (giving the attacker full access) and also show a fake Android update screen, instructing victims not to power off or restart their devices.

DroidLock uses Virtual Network Computing (VNC) for remote access and control. With this, attackers can control the device in real time, including starting camera, muting sound, manipulating notifications, and uninstalling apps, and use overlays to capture lock patterns and app credentials. They can also deny access to the device by changing the PIN.

The researchers warn that:

“Once installed, DroidLock can wipe devices, change PINs, intercept OTPs (One-Time Passwords), and remotely control the user interface”

Unlike regular ransomware, DroidLock doesn’t encrypt files. But by blocking access and threatening to destroy everything unless a ransom is paid, it reaches the same outcome.

Urgent
Last chance
Time remaining {starts at 24 hours}
After this all files wil be deleted forever!
Your files will be permanently destroyed!
Contact us immediately at this email or lose everything forever: {email address}
Include your device ID {ID}
Payment required within 24 hours
No police, no recovery tools, no tricks
Every second counts!

How to stay safe

If this campaign turns out to be successful in Spain, we’ll undoubtedly see it emerge in other countries as well. So here are a few pointers to stay safe:

• Only install apps from official app stores and avoid installing apps promoted in links in SMS, email, or messaging apps.
• Before installing apps, verify the developer name, number of downloads, and user reviews rather than trusting a single promotional link.
• Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware.
• Scrutinize permissions. Does an app really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for accessibility, SMS, or camera access.
• Keep Android, Google Play services, and all important apps up to date to get the latest security fixes.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The Samsung Galaxy Watch 7 just hit its lowest price yet at $129.99 (according to price trackers), down from its usual $249.99. If you already use a Samsung phone, this might be a good time to take a closer look.

SAMSUNG Galaxy Watch 7, 40mm

$339.99 at Amazon

Get Deal

Get Deal

$339.99 at Amazon

This 40mm Bluetooth model keeps things simple but refined, with an aluminum body and a 1.3-inch OLED display that’s crisp and easy to read. It weighs only 1 ounce, and while not super slim, it doesn’t feel bulky on the wrist. It’s built to handle real-world use with an IP68 rating, 5ATM waterproofing, and MIL-STD-810H certification. That means it can survive dust, splashes, and some rough handling. Just don’t expect it to hold up during extreme activities, since Samsung reserves those upgrades for the Galaxy Watch Ultra.

Performance-wise, the Watch 7 gets a noticeable bump over the previous model. It runs Wear OS 5 with Samsung’s One UI 6 layered on top, which adds new tools like customizable widgets, photo editing, and built-in translation. The dual-frequency GPS tracks location more accurately than before, although this PCMag review notes that the watch can still be slightly off when logging runs or sleep. The screen is responsive, and gesture controls work well. The biggest limitation is battery life: With average use, you’ll get about 22 to 27 hours before needing a recharge. If you want all-day notifications and overnight sleep tracking, charging it daily will become part of the routine.

Where the Galaxy Watch 7 stands out is in its health and fitness tracking. You get the basics like heart rate, blood oxygen, ECG, and automatic workout detection. But it also adds body composition analysis, FDA-approved sleep apnea detection, and a new AI Energy Score that summarizes your fitness and sleep data into a single number. Some of the smarter features, like snore detection, only work if you have a Samsung phone nearby, which limits the experience for non-Samsung users. Still, at this new lower price, the Watch 7 offers strong value for Android users who want solid fitness tools in a durable, polished design. And if you're considering the new Galaxy Watch 8, it’s worth checking out this side-by-side comparison by PCMag to see how much of an upgrade it really is.

Android remains one of the most customizable mobile operating systems out there, despite Google's recent efforts to rein it in. You don't necessarily have to root your Android device to get it to do something off script, either. The fix you need might be hidden behind a system menu or Developer Options. You can personalize Android to address common frustrations with speed, battery life, privacy, and the interface as a whole. I've compiled ten helpful Android hacks that require no third-party apps, no ADB commands, and no rooting. All you need is the patience to dig through the operating system and tap as required.

Please note that many of these hacks require you to enable Developer Options, Android's hidden menu of settings. To do so, head to the Settings menu, scroll to About phone, then tap Build number. Tap it seven times to unlock developer mode. (You'll see a countdown pop-up if you did it correctly.)

Eliminate battery hogging apps

Have you ever looked at your battery usage stats and wondered what to do about a specific app that's draining your battery? Android needs apps to run in the background, sync with the cloud, and check for updates by default. As it does this, it wakes the device and consumes battery in the background.

Android introduced a battery optimization feature in version 6.0 that's supposed to help with apps that drain too much battery. While it's helped shut down unused apps, it can be either too aggressive or not aggressive enough at identifying bad apps. And while you can force-close an app to kill it when you notice it's causing issues, it will likely start up again the next time you reboot your device.

Credit: Florence Ion/Lifehacker

You can manually set an app's background privileges to the most restrictive setting without deleting or disabling it. In Settings, under Apps, scroll down and tap to view all your apps in a list. Then, tap App battery usage. Here, you will find details about the last time the app was accessed. Tap on the app to adjust its background usage. You can choose to have it optimized by the Android system or unrestricted—something you might use on a wearable to ensure it works properly, for instance. If you want it restricted completely, use the master switch to toggle off background usage. On Samsung devices, this same option is called "sleeping apps" or "deep sleeping apps."

Credit: Florence Ion/Lifehacker

Optionally, you can turn to Developer Options to get more robust control over background processes. Head back to Developer Options, then scroll or search for Background process limit, and from here, you can decide how many background apps fire off at a time.

Block ads and trackers without VPN

Even with an ad blocker, background apps can still track your phone use, where you shop, and which ads to show you. You could easily circumvent this by installing a VPN app to route traffic, but that relies on a third party app, and slows down performance. You are better off configuring your phone's Private DNS settings to filter web traffic through a service of your choosing.

Private DNS seals the request your device makes to look up a website's IP address, so your carrier can't see the website you're visiting. Since that browser data stays hidden, third parties don't have the data they need to track your habits and, subsequently, target you with ads.

Credit: Florence Ion/Lifehacker

Navigate back to the Settings panel and select Network & Internet > Private DNS. Change the setting to Private DNS provider hostname. You will need to find the URL of a filtering service to link here. Options include Ad Guard, Control D, and Mullvad, which is what I use to block ads in Chrome.

Once you save, this will redirect all DNS requests from every app and browser on your Android device through this specific block list. It should help cut down on ads and tracking servers watching you without cutting down on performance or battery life. This is also a great hack if you're a parent and your kid has access to an Android device. Use Private DNS to route them away from unsafe sites and adult content.

Unearth long-lost notifications

Sometimes, we accidentally dismiss a notification on Android. If you're always snoozing and missing out on important pings, you can turn on notification history.

Credit: Florence Ion/Lifehacker

In Settings, under Notifications, tap to turn on Notification history. Now, when you swipe to dismiss your alerts, you can peek in here to see what you forgot or accidentally swiped away. This feature is also helpful for tracking any apps that might be quietly running in the background.

Maximize (or minimize) screen real estate

I don't know what it is about these latest versions of Android, but the text feels either too small or too big when adjusted with the built-in display size settings. You could go into the Accessibility settings to make the text smaller or larger, though it doesn't affect the rest of the interface much. Or you could deploy Android's display density (DPI) scaling hack.

Credit: Florence Ion / Lifehacker

This is where the developer options come in handy again. You can use the Smallest Width setting to control the DPI precisely, which scales every interface element up and down. Change the value to a higher number if you want fonts and images to shrink down within the resolution—if it starts in the 400s, for instance, try 500 and work backwards until you like what you see. To make fonts and graphics even larger, start around 300.

Adjust what happens when you plug your device in

When you plug an Android phone into a PC, it defaults to charging the device rather than turning on file transfer. You can change the option from the notification shade, though it adds a few extra steps to something that should be straightforward. Fortunately, you can tweak the USB default behavior to prioritize file transfers when the device is plugged in via USB-C.

Credit: Florence Ion/Lifehacker

In the Developer Options, look for Default USB configuration. Change the setting to File Transfer/Android Auto. Test it by plugging a USB-C cable into a PC to ensure it defaults to file transfer mode.

Get the best audio quality

When you stream music or podcasts through headphones or another external source, the audio isn't at its best. And while you could adjust the equalizer settings in the app that's streaming media, it won't fix much. Your phone and the audio device default to standard codecs rather than high-fidelity ones, which is why it doesn't sound as crisp and loud as it could.

Credit: Florence Ion/Lifehacker

You can force Android to use the highest-quality codecs whenever the audio device connects in Developer Options. Search for a Bluetooth audio codec and select the highest-quality option supported by your wireless device. Note that you must be connected to the device when you look for this option, or it will appear grayed out. While you're in the Developer Options, look for Bluetooth Audio Sample Rate and Bits Per Sample. You can adjust these to higher sampling rates if your hardware supports it.

Make Android look smooth

Even on the latest Android flagships, the interface can feel sluggish as you're moving between screens. That's because Android deliberately animates between every swipe and flick. But you can eliminate or shorten these animations to make the interface feel more fluid.

Credit: Florence Ion/Lifehacker

In Developer Options, look for Window animation scale, Transition animation scale, and Animator duration scale. You can adjust their defaults; the lower the number, the faster the animation. You can also choose to turn the animation off completely if it's just too much.  

Force dark mode

I suffer from migraines, and the brightest background can trigger the pain. I figured out how to force every Android app into dark mode, regardless of whether the developer coded it in.

Credit: Florence Ion/Lifehacker

First, ensure "Dark Theme" is on in your main display settings. Then, navigate to Developer Options and search for Override force-dark. Toggle it on to save your eyes. This feature is also super helpful if you prefer to stare at the screen at night to read. Note that it may cause some apps not to display text properly, in which case, you might want to reserve this ability for when it's most necessary.

Keep the screen on forever

Sometimes you need the display to stay on without timing out. Most Android devices tap out at 30 minutes. But in the developer settings, there is an option to keep the screen "awake" as long as the device is plugged into a power source. I've had this feature enabled since I started covering Android phones. It's the best way to run benchmarks without being affected by random variables.  

Credit: Florence Ion/Lifehacker

In Developer Options, search for Stay awake, then switch it on. Note that you will need to turn off the screen when charging the device overnight. Your phone could get hot from being connected and having the screen on for too long.

Get the right device to answer the phone

This has happened to me so many times: my phone rings, I answer it, but the call is routed to my smartwatch instead of my buds. While you could manually go into the phone and select the appropriate Bluetooth device, make it easier on yourself by eliminating the devices that you never want to answer the phone.  

Credit: Florence Ion/Lifehacker

In the Settings panel, under Bluetooth, select the offending device. The easiest way to keep it from rearing its ugly head is to find the switch that completely disables phone calls. You should see an option for it at the bottom of the device's Bluetooth settings. I've disabled the Pixel Watch 4 from answering any calls because there's no instance I'd ever want to take a call from my watch. It's too public!

Smartphone display issues are nothing new. Most of us have dropped our phones the wrong way one time or another, and had to deal with the pain (and cost) of getting them fixed. But when your smartphone's screen starts acting up for no particular reason, it's pretty frustrating—especially if the manufacturer still holds you accountable for the repair fees.

If that sounds like your experience with your Pixel 9 Pro, Pixel 9 Pro XL, or Pixel 9 Pro Fold, there's good news: Google is now launching an Extended Repair Program for the Pixel 9 Pro line. According to Google's announcement on Monday, the company has identified a "limited number" of Pixel 9 Pro and Pixel 9 Pro XL units that might exhibit display issues that impact the user's experience with the device. Should your Pixel 9 Pro's display show these symptoms, Google will fix the display at no cost to you.

What it takes for your Pixel 9 Pro to qualify

That doesn't mean any and all display issues on your Pixel 9 Pro device qualify here. Google has identified two specific problems that this Extended Repair Program actually covers. The first is a vertical line present on the display. The line has to run from the bottom of the screen to the top, so partial lines won't quality. The second is display flicker. If you notice your Pixel 9 Pro's display quickly getting brighter and darker, as if someone was flicking a switch back and forth, you qualify for the repair program.

The Pixel 9 Fold is another story altogether. Like the 9 Pro and 9 Pro XL, Google is offering a free repair program for the 9 Pro Fold. However, unlike the other devices, there are no specific issues identified here. The problems may be display-related, but since the company won't specify, you could bring your 9 Pro Fold in for just about anything that's going wrong with it—as long as you didn't cause the issue yourself. In addition, Google won't actually fix your foldable, but will instead replace it entirely.

The company is also being strict regarding the quality of the display outside of these issues across all Pixel 9 Pro devices. If your Pixel's display or cover-glass is cracked, that may disqualify you from the free repair. If Google finds liquid damage in your device, same story. In any of these cases, the company will still fix the display issues mentioned above, but they might charge you for it.

How to get your Pixel 9 Pro fixed

Affected Pixel 9 Pro, 9 Pro XL, and 9 Pro Fold units qualify for repair as of Dec. 8, and coverage will last for three years after the original purchase date of the device. You will need to have your device inspected at a Google walk-in center, Google-authorized center, or an online repair store before the company can confirm eligibility. You can get started on your claim from Google's official repair site.

This is good news for any Pixel 9 Pro users who have these specific issues—or any issues at all for Pixel 9 Pro Fold users. It joins a host of other Extended Repair Programs for Pixel devices, including the Pixel 4a battery program, the Pixel 6a battery program, the Pixel 7a repair program, and the Pixel 8 repair program,

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Google phones keep offering great value for the money, dropping in price very quickly after their release, including the latest Pixel. The Google Pixel 10, with the 128GB going for $599 (originally $799) and the 256GB for $699 (originally $899), are both at record low prices right now, according to price-tracking tools.

Google Pixel 10 - Unlocked Android Smartphone with Gemini, Your AI Assistant - Advanced Triple Rear Camera, Fast-Charging 24+ Hour Battery, and 6.3" Actua Display - Frost - 128 GB

$599.00 at Amazon

$799.00 Save $200.00

Get Deal

Get Deal

$599.00 at Amazon

$799.00 Save $200.00

Google Pixel 10 - Unlocked Android Smartphone - Gemini AI Assistant - Advanced Triple Rear Camera, Fast-Charging 24+ Hour Battery, and 6.3" Actua Display - Frost - 256 GB (2025 Model)

$699.00 at Amazon

$899.00 Save $200.00

Get Deal

Get Deal

$699.00 at Amazon

$899.00 Save $200.00

SEE -1 MORE

The Google Pixel 10 is the latest in the series to be released this year, back in September. It's the model under the Pixel 10 Pro, which is also at its lowest price right now and has a much faster chip. As Lifehacker's Associate Tech Editor Michelle Ehrhardt says in her review, the Pixel 10 features a telephoto lens, brings the Pixelsnap (Google's version of MagSafe), and has new AI features. However, the ultrawide lens gets weaker, and there are some problems with the chip for third-party apps (but it can be fixed).

This Pixel 10 has a lot of the same features you'll find in the Pixel Pro for $150 less, making it a great budget option for those who don't want or need all the fancy specs and features. It comes with a Google Tensor G5 chip, and the camera resolutions are 48MP, 13MP, and 10.8MP for the rear and 10.5MP for the front-facing one. You can expect about 24 hours of battery life, depending on your use.

One of my favorite things about Pixel phones is the ongoing support for many years. My Pixel 6A still gets all of the updates and tons of AI features that make the phone feel fresh many years later, with the latest ones dropping in September. With the Pixel 10, you'll be getting a quality phone with software updates for a while (as long as seven years).

If you're getting bored with your Galaxy phone, there are changes on the horizon. Samsung announced One UI 8.5 on Monday, Dec. 8, the latest update for Galaxy devices. At present, this new update is only out in beta, but select Galaxy users can try it out right now. Here's what's new, according to Samsung.

Proactive Quick Share

With One UI 8.5, Quick Share can automatically identify people in photos. While that sounds a bit creepy, the idea is to proactively offer sharing recommendations to the people who are featured in any given photo. Say you hit Quick Share on a family photo you took over the weekend. Rather than manually enter all of the contacts you'd like to share that image with, the feature can identify each, and automatically suggest sending the image to those contacts. It should speed up sharing pictures with groups of people after you take them, but, again, a little unsettling.

Photo Assist updates

Credit: Samsung

The Gallery app's Photo Assist feature is getting some upgrades in One UI 8.5. As of this version, Photo Assist now supports "uninterrupted editing." That means you can make your AI-generated edits without needing to save in between each change. Previously, each edit would produce an entirely new image, so this makes the feature a bit more like a traditional photo editor. In addition, you'll be able to view all of the AI images you made in your edit history, and choose the one you like the most.

Side note: Samsung says Photo Assist's Generate Edit feature requires an internet connection as well as a Samsung Account login. The feature also places a watermark on the image, so other people will know it was manipulated or generated with AI.

Audio Broadcast

Credit: Samsung

One UI 8.5 now supports sharing audio to other devices via Auracast, following Google's wider support for the standard back in September. If you have any LE Audio-supported devices, like headphones or speakers, you can use Audio Broadcast to share media from your Galaxy. This isn't limited to music, podcasts, or audio from videos, either, as Samsung says you can also broadcast your Galaxy's microphone to LE Audio devices, too.

This feature is limited to Galaxy S25 devices, even after One UI 8.5 rolls out to other Galaxy phones.

Storage Share

Credit: Samsung

If you have a number of Samsung Galaxy devices, you might find Storage Share useful. This One UI 8.5 feature lets you manage your files across other devices, including tablets, PCs and even TVs, in the My Files app on your smartphone.

Enhanced Security Controls

Samsung is also expanding One UI's security features with this latest beta. The company is rolling out updates to Theft Protection with One UI 8.5, an existing feature that can lock your device if it's lost or stolen. That way, whoever picks it up won't have access to your data, or won't be able to erase the device and set it up as their own. In that same vein, Samsung is also launching Failed Authentication Lock, which locks the display after too many failed verification attempts. If a thief tries too many PIN combinations, or the fingerprint scanner fails too many times, your screen will lock them out.

How to try the beta on your Galaxy

While you can apply for the beta program today, first, consider the risks. Like all beta software, this version of One UI is currently in testing, which means there may be bugs and glitches that could interrupt your experience using your smartphone. If you understand these risks (and back up all important information ahead of time), here's what you need to know.

First, this beta is only open for Galaxy S25 users in the U.S., Germany, India, Korea, Poland, and the UK. If you have an S24 or older, you'll need to wait for Samsung to roll out the One UI 8.5 beta more widely, or for the full release down the line.

Next, you'll need to apply to join the beta from the Samsung Members app. If you don't have the app yet, download it from the Play Store, then follow the instructions to enroll in the beta.

Bank impersonation is a popular scam tactic, and one I've written about a lot. Fraudsters prey on people's fear, confusion, and desire to protect their money, which may lead targets to hand over login credentials, make irreversible wire transfers, or provide other sensitive information without stopping to question their actions.

Android users in the U.S. will soon have extra protection against scams targeting their financial apps, preventing threat actors impersonating bank representatives from accessing data on their devices. Google's in-call scam protection is designed to prevent users from sharing their screens with threat actors and help them avoid revealing their banking information.

How Android in-call protection works

Android's scam protection kicks in if you are on a phone call with a number not saved in your contacts and attempt to open a participating financial app. You'll get a pop-up warning that the call is likely a scam with a reminder not to make payments or share personal information and a button to end the call (and stop screen sharing). There's also a 30-second delay on further action on your device, which Google says is designed to disrupt any sense of urgency.

Note that financial institutions must opt into in this feature—at this time, Google has specifically named Cash App and JPMorganChase as partners, though it indicates expansion to other popular fintechs and banks.

Google initially rolled out in-call protections for banking apps to UK users earlier this year as part of a larger package of security features announced ahead of Google I/O. That launch also included real-time scam detection alerts for calls and texts, improved theft protection via remote lock and identity check, key verifier for Google Messages, and device-level Advanced Protection (in addition to account-level settings).

Alongside the US pilot, in-call scam protections will now cover most major banks in the UK as well as financial apps in Brazil and India.

It's tough to get people to answer the phone—though I'm not really blaming those who don't pick up. We are so inundated with spam calls these days that refusing to answer incoming calls en masse isn't actually a bad strategy. When that call could be someone trying to break into your bank account, or alerting you to fraudulent credit card charges that never happened, perhaps it's best to just wait for friends and family to text instead.

But let's say the call is from you to someone you know and trust, and let's assume they see it's you who's calling. Even though they know the call isn't spam, there are still plenty of reasons someone won't pick up the phone—including, of course, because they don't actually want to talk right now. But if you really need to get a hold of someone and don't want meetings, commutes, or the lack of desire for a phone call to get in the way, Google is currently working on a solution you can try right now.

Call Reason lets you mark calls as urgent

The new feature, named "Call Reason," is designed to separate important phone calls from the rest. When you start dialing a number, Google will give you the option to mark the call as urgent. If you choose to do so, the person you're calling will see a pop-up reading "It's urgent!" on the call screen. Hopefully, that pop-up will encourage them to answer; however, I imagine they'll stop picking up if you start using it too often.

That said, not everyone ignores calls on purpose. If you aren't by your phone when it goes off, or if it's on silent in your pocket or bag, you obviously won't catch the urgent tag on the call screen. In that case, Android adds the urgent tag to the missed call in their recipient's call history. As long as the person you're trying to reach checks out their missed calls, they should see that this one was marked urgent—though if it's a real emergency, they might've received extra calls and messages from you in the interim anyway.

It seems Google has been working on this feature for some time. Android Authority previously spotted something called Expressive Calling in the Phone app's APK, which would let the caller add animations and emojis to calls. In addition to that functionality, however, was the ability to flag the reason for a call when dialing.

How to try Call Reason

Google is still testing the Call Reason feature, but anyone using the current version of the Google Phone app will be able to try it out. (It's still rolling out, though, so you may not see it yet.) The feature also only works with saved contacts, and when calling Android users who have Google's Phone app set as the primary calling app.

When Call Reason does show up on your phone, you'll see it appear after placing your call. The UI says "Mark call as urgent?," with a prompt letting you know that the call will ring through and show the call is urgent. Tap "Notify," and you're set. Once the recipient sees the call, they'll see the "Incoming call" banner replaced by an animated "It's urgent!" pop-up. It's a fun design, but perhaps a bit too fun, when you're likely using this in important situations.

Credit: Google

Alongside Call Reason, Google announced a number of new features for Android 16. There are now improved parental controls locked behind a PIN of the parents' choosing; new UI customization options, like expanded dark mode support and new custom shapes for home screen icons; and the continued roll out of Google's AI notification summaries, which Lifehacker writer David Nield hasn't found all that useful yet.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The Samsung Galaxy Tab S11 is currently down to $759.99 on Amazon, down from $859.99.

Samsung Galaxy Tab S11 256GB Wi-Fi 11" Tablet With S Pen (Gray)

$759.99 at Amazon

$859.99 Save $100.00

Get Deal

Get Deal

$759.99 at Amazon

$859.99 Save $100.00

For those in the market for a premium Android tablet that leans into both productivity and entertainment, this might be one to consider. It has the same polished design and high-quality build Samsung brings to its flagship phones, with a sturdy Armor Aluminum frame, water and dust resistance (IP68), and a bright 11-inch Dynamic AMOLED display that’s crisp, color-rich, and plenty bright even outdoors. It also comes with the redesigned S Pen included at no extra charge, unlike the Apple Pencil.

In terms of performance, the Tab S11 holds its own. It’s powered by MediaTek’s 9400+ chip with 12GB RAM and Android 16, which keeps things snappy across multitasking and Samsung’s DeX mode (basically a desktop experience on a tablet). You get 256GB of onboard storage, expandable up to 2TB with a microSD card, which is handy for offline media or large files. Battery life clocked in around 9.5 hours in PCMag’s rundown test, which means real-world use lands somewhere in the all-day range unless you keep brightness maxed out. As for the audio, the stereo speakers are loud and clear enough for small rooms, but the bass is underwhelming—if audio quality matters to you, a solid pair of wireless headphones or earbuds might be a better bet.

Camera-wise, the 13MP rear camera and 12MP front cam handle video calls and quick snapshots fine, but don’t expect smartphone-level sharpness or dynamic range. The real edge lies in the software: Samsung’s One UI 8.0 and Galaxy AI tools like Notes Assist, Transcript Assist, and Circle to Search help streamline everyday use. Add seven years of promised updates, and you’ve got long-term support locked in.

Android Vulnerabilities CVE-2025-48572 and CVE-2025-48633 Under Attack

7 Critical Android Vulnerabilities Also Patched

There was once a time when foldable smartphones seemed like some futuristic idea. The concept of unfolding a smartphone to reveal a tablet-sized display was simply too cool to be possible. Of course, not only are foldables a reality today, there are a number of models out there to choose from. Samsung released its first Galaxy Z Fold back in 2019, and while the foldable market isn't nearly as hot as traditional smartphones, they are very much an option for anyone who isn't afraid of the inflated MSRP.

On Monday, Samsung unveiled its latest foldable smartphone: the Galaxy Z TriFold. Unlike the Z Fold, however, this new device doesn't have two displays: It has three. The appropriately named TriFold unfolds twice to reveal "one" large 10-inch display. That's an additional two inches when compared to the Galaxy Z Fold 7's unfolded display size.

Credit: Samsung

Samsung claims when the TriFold is fully open, it performs on par to three 6.5-inch smartphones lined up in a row. The company has some examples of how you can take advantage of that screen real estate: You could have three windows open at once, all the same uniform design; two windows, one smaller and one larger; or one huge window with multiple on-screen elements of its own. You can also watch videos on platforms like YouTube while reading comments at the same time.

Plus, the TriFold acts as its own Samsung DeX workstation. You can treat it like a small personal computer, saving up to four workspaces that can each run five apps at once. That means you can switch between as many as 20 apps all running at the same time, across four preset workspaces. You can also connect the TriFold to an external monitor, plus pair the foldable with a mouse and keyboard for a more traditional computing experience.

TriFold Samsung says the TriFold uses a "refined" version of its Armor FlexHinge to support the new triad displays. It uses two hinges of different sizes to stabilize folding and to reduce the gap between them, and adds a thin piece of metal to protect the folding mechanism. The design prevents the displays from actually touching each other when closed, which should reduce the chance of cracks or damage.

Galaxy Z TriFold specs

While we haven't seen much of the phone in action yet, we do have the device's on-paper specs. Here's what you can expect:

• Main screen: 2160 x 1584 10-inch AMOLED, 120 Hz refresh rate, 1600 nits of peak brightness

• Cover screen: 2520 x 1080 6.5-inch AMOLED, 120 Hz refresh rate, 2600 nits of peak brightness

• Dimensions: 159.2 x 75.0 x 12.9 mm (folded); 159.2 x 214.1 x 3.9 mm (unfolded)

• Weight: 309g

• Processor: Snapdragon 8 Elite Mobile Platform for Galaxy

• Rear cameras: 12MP, Dual Pixel AF, F2.2 (Ultra-wide); 200MP Quad Pixel AF, optical image stabilization (OIS), F1.7, 2x optical zoom (Wide); 10MP, OIS, F2.4, 3x optical zoom, 30x digital zoom (Tele)

• Front cameras: 10MP selfie camera, F2.2 (cover screen); 10MP main camera, F2.2 (main screen)

• Memory and storage: 16GB RAM, with either 512GB or 1TB of internal storage

• Battery: 5,600 mAh

• Charging: Super-Fast Charging 2.0 (45W); Wired charging up to 50% in 30 minutes (45W); Fast Wireless Charging 2.0 (15W)

• Water resistance: IP48

• Network and connectivity: 5G, LTE, Wi-Fi 7, Bluetooth 5.4

When is the Galaxy Z TriFold available?

Again, this isn't a concept or prototype: The TriFold is just about ready for launch. Customers in South Korea are the first to get a chance to try the TriFold, as Samsung is planning on a Dec. 12 release.

This is the only firm release date that Samsung currently has for the TriFold, but that doesn't mean the rest of the world is in the dark. Samsung says users in China, Taiwan, Singapore, and the UAE will have access shortly after that Dec. 12 release, while those of us in the U.S. will have our shot in the first quarter of 2026.

Release dates can change, but if Samsung sticks to this plan, we should be able to check out the TriFold here by the end of March. We don't know the U.S. price at this time, but we do know the Korean price: KRW 3,590,400. That converts to just shy of $2,450. For reference, the Z Fold 7 lists for $1,999.99.

Android 16 officially started rolling out back in June, with most of the Material 3 Expressive visual overhaul added in a major update in September. Now, the second big Android 16 update is here, ushering in a host of new features across notifications, customization, accessibility, and device restrictions.

As is the norm, this update will arrive on Pixel devices first. For other Android devices, including those made by Samsung, it's up to each phone and tablet manufacturer to adjust the software update as needed and push it out to their users. Despite the limited rollout, Google says this marks a "new chapter" for Android releases, which, going forward, will be "more frequent" rather than once a year. In other words, we might be seeing Android 17 much sooner than expected.

But we won't see it today. We're still in the Android 16 era, which is about to get the following new features and changes:

More interface customization

You now have more control over home screen icons. Credit: Google

Customization has always been one of the strengths of Android, and this Android 16 update brings with it a bunch of features to help you change the interface in a more flexible and consistent way. Home screen icons can now have custom shapes, while themed icons are auto-applied across apps.

Both of those changes should mean that when you play around with the visual look of Android, there isn't a jarring icon or two that stands out from the rest—everything should look more uniform. "Your phone should reflect your own unique aesthetic," Google says, and these tweaks should help.

There's also an improvement to dark mode: Dark mode will now be applied across all apps, even those that haven't been coded to include a dark mode by their developer. Again, the end result should be a more consistent visual look, plus extra savings on battery life if more of the screen is dimmed more often.

Improved parental controls

More parental controls can now be managed on-device. Credit: Google

If you have kids who use an Android device, you'll know the current parental controls are a little bit clunky, and mostly managed remotely. Going forward, more of these controls will be available on the actual devices your youngsters are using, which should mean they're easier to access and manage.

The new on-board settings will be protected by a PIN, so your kids can't change them, and will cover screen time, downtime schedules, and app usage. You'll also be able to add more time for app and device usage from the phone or tablet that's being used, which is more convenient if you're actually with a child.

Additionally, Google is making it easier to set up a Google Family Link from Android 16 phones and tablets, which is where the family connections and device rules are set to begin with. Other key parental controls, including protections over purchases and location tracking, are still managed remotely.

AI in your notifications

AI will group and summarize your notifications. Credit: Google

Technically launched in last month's Pixel Drop, Android 16 now summarizes your notifications for you through the power of AI—something that tech companies are continuing to push, in an effort to save us all time and avoid notification fatigue, even if the results have been mixed so far. Why Google is announcing it alongside these other new features isn't clear, but it's a good reminder for any Pixel users who might be interested in trying it out.

AI summaries are something Apple introduced for the iPhone, then partially pulled for certain apps, then brought back. According to Google, these AI summaries will give you "quick understanding and context at a glance"—so let's hope they understand what's important in your group chats and what isn't.

On top of that, we're getting AI-powered notification organization too, with "lower-priority notifications" (which Google says include promotions and social alerts) silenced and grouped together so they're not so much of a distraction. As yet, it's not clear exactly how much control you'll get over how all this works.

And even more updates

You'll be able to mark your calls as urgent in the future. Credit: Google

There are plenty of other minor updates rolling out to a broader selection of Android devices too, not just those running Android 16. They include more expressive closed captions; ease-of-use improvements to accessibility features, such as TalkBack (voice dictation) and Auto Click (using a mouse with Android); and pinned tabs in Chrome for Android.

Emoji Kitchen is getting more features and more ways to combine emojis, Circle to Search is adding a scam detection feature (just point it towards a suspected scam message), and group chats in Google Messages will now come with options for reporting issues—chats can be easily left, blocked, and reported.

We'll also soon be getting a beta version of a feature Google has named Call Reason, in the Phone app. This lets you mark your outgoing calls to saved contacts as urgent, which they'll see when you ring them (and might encourage them to pick up. For more details on this and everything else rolling out to Android from today, see the official blog post.

Google is following through on its pledge to split Android versions into more frequent updates. We already had one Android 16 release this year, and now it’s time for the second. The new version is rolling out first on Google’s Pixel phones, featuring more icon customization, easier parental controls, and AI-powered notifications. Don’t be bummed if you aren’t first in line for the new Android 16—Google also has a raft of general improvements coming to the wider Android ecosystem.

Android 16, part 2

Since rolling out the first version of Android in 2008, Google has largely stuck to one major release per year. Android 16 changes things, moving from one monolithic release to two. Today’s OS update is the second part of the Android 16 era, but don’t expect major changes. As expected, the first release in June made more changes. Most of what we’ll see in the second update is geared toward Google’s Pixel phones, plus some less notable changes for developers.

Google’s new AI features for notifications are probably the most important change. Android 16 will use AI for two notification tasks: summarizing and organizing. The OS will take long chat conversations and summarize the notifications with AI. Notification data is processed locally on the device and won’t be uploaded anywhere. In the notification shade, the collapsed notification line will feature a summary of the conversation rather than a snippet of one message. Expanding the notification will display the full text.

Read full article

Comments

It's Cyber Monday, and Lifehacker is sharing the best sales based on product reviews, comparisons, and price-tracking tools before it's over.

• Follow our live blog to stay up-to-date on the best sales we find.

• Browse our editors' picks for a curated list of our favorite sales on laptops, fitness tech, appliances, and more.

• Subscribe to our shopping newsletter, Add to Cart, for the best sales sent to your inbox.

• Sales are accurate at the time of publication, but prices and inventory are always subject to change.

The Google Pixel 10 only launched four months ago, but it's already discounted by a significant $250 for the holiday shopping season (almost a third off). You can now pick it up from Amazon for $549, its lowest price yet.

Google Pixel 10, Unlocked

$549.00 at Amazon

$799.00 Save $250.00

Get Deal

Get Deal

$549.00 at Amazon

$799.00 Save $250.00

That "lowest price yet" label does depend on the color and storage option you choose, but whichever one you pick, there are big discounts being applied for Cyber Monday. For the biggest discount, pick the 128GB lemongrass model.

I've been reviewing phones for decades at this point, and I've always loved the Pixel series (and the Nexus phones before that). They put photography and AI front and center—both high priorities for me—and they're perfect if you spend a lot of time in Google's various apps (from Gmail to Google Maps), which I do.

These phones are also well-built, durable, and distinctive-looking. I find them easy on the eye, though you do need to get past that camera bar (it at least ensures your phone doesn't wobble when laid down on its back). Add in the on-board smarts of Gemini, and there's a lot to like here.

Does Amazon have Cyber Monday deals?

Yes, Amazon has Cyber Monday sales, but prices aren’t always what they seem. Use a price tracker to make sure you’re getting the best deal, or refer to guides like our live blog that use price trackers for you. And if you have an Amazon Prime membership, make the most of it.

What stores have the best sales on Cyber Monday?

Nowadays, both large retailers and small businesses compete for Cyber Monday shoppers, so you can expect practically every store to run sales through Monday, December 1, 2025. The “best” sales depend on your needs, but in general, the biggest discounts tend to come from larger retailers that can afford lower prices: think places like Amazon, Walmart, Target, Best Buy, and Home Depot. You can find all the best sales from major retailers on our live blog.

Are Cyber Monday deals worth it?

In short, yes, Cyber Monday still offers discounts that can be rare throughout the rest of the year. If there’s something you want to buy, or you’re shopping for gifts, it’s a good time to look for discounts on what you need, especially tech sales, home improvement supplies, and fitness tech. Of course, if you need to save money, the best way to save is to not buy anything.

Read more of this story at Slashdot.

Read more of this story at Slashdot.

Google has made it very clear that it’s intending to bring Android to laptops and desktops, and replace Chrome OS with Android in the process. We now have a codename, and some more information about what this will look like in practice.

Over the weekend, a tipster on Telegram named Frost Core shared a link to an intriguing Google job listing for a ‘Senior Product Manager, Android, Laptop and Tablets.’ While we already know Google is bringing Android to the PC, the listing explicitly states that the role involves ‘working on a new Aluminium, Android-based, operating system.’ This effectively confirms that Aluminium is the codename for the new unified platform. The name appears to be a nod to the project’s roots: like Chromium (the open-source version of ChromeOS), Aluminium is a metal ending in ‘-ium.’ The choice of the British spelling — emphasizing the ‘Al’ prefix — likely pays homage to Android serving as the project’s foundation.”

↫ Mishaal Rahman at Android Authority

So we have the codename, and of course, what we also have is a strong focus on “AI”, which will be “at the core” of desktop Android. Further details uncovered in job openings include a focus not just on entry-level hardware, but also midrange and premium laptops and desktops, as well as Chrome OS being replaced by this new desktop Android variant. I somehow doubt existing Chrome OS devices will be updated to this new desktop Android variant, so Chrome OS will continue to exist as a product for at least quite a few years to come.

I still have a considerable amount of doubt that Google would be able to pull this off in a successful way. It’s already hard enough to get anyone to buy any laptop that isn’t running Windows or macOS, and I doubt the Android operating system has the kind of pull with consumers to make them consider switching to it on their laptops or desktops. Enthusiasts will surely eat it up – if only to try – but without any clear, massive success, this desktop Android thing runs the real risk of ending up at Google’s graveyard.

These Android laptops can be incredible products, but even if they are, I just won’t trust Google to remain interested in it.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Black Friday sales officially start Friday, November 28, and run through Cyber Monday, December 1, and Lifehacker is sharing the best sales based on product reviews, comparisons, and price-tracking tools before it's over.

• Follow our live blog to stay up-to-date on the best sales we find.

• Browse our editors' picks for a curated list of our favorite sales on laptops, fitness tech, appliances, and more.

• Subscribe to our shopping newsletter, Add to Cart, for the best sales sent to your inbox.

• Sales are accurate at the time of publication, but prices and inventory are always subject to change.

When I reviewed the Google Pixel 9 Pro Fold last year, I called it "a big step forward for foldables"—but it was undeniably expensive. Thanks to a big Black Friday discount, it's now a lot cheaper: It's currently $540 off, which means you can now pick it up for $1,259.99 from Amazon.

Google Pixel 9 Pro Fold

$1,259.99

$1,799.00 Save $539.01

Get Deal

Get Deal

$1,259.99

$1,799.00 Save $539.01

That's still a lot of money for a smartphone of course, but this is a smartphone than turns into a tablet when you open it up. The main 8-inch display is perfect for watching videos, browsing the web, and putting two apps side by side (so you can browse through social media and chat to your friends at the same time). Just as importantly, it feels like a standard phone when it's closed shut—when all you need is a normal form factor, you're not really making any compromises in terms of size or usability. (It comes with a Google Tensor G4 chipset and 16GB of RAM.)

I was seriously impressed with the Pixel 9 Pro Fold when I reviewed it, and while Google launched an updated version with the Pixel 10 series, there's not all that much difference between the 2024 and 2025 models. Given the significant reduction now offered by Amazon, I'd say it's a more appealing buy than ever.

Does Amazon have Black Friday deals?

Yes, Amazon has Black Friday sales, but prices aren’t always what they seem. Use a price tracker to make sure you’re getting the best deal, or refer to guides like our live blog that use price trackers for you. And if you have an Amazon Prime membership, make the most of it.

Are Black Friday deals worth it?

In short, yes, Black Friday still offers discounts that can be rare throughout the rest of the year. If there’s something you want to buy, or you’re shopping for gifts, it’s a good time to look for discounts on what you need, especially tech sales, home improvement supplies, and fitness tech. Of course, if you need to save money, the best way to save is to not buy anything.

Are Cyber Monday deals better than Black Friday?

Black Friday used to be bigger for major retailers and more expensive tech and appliances, while Cyber Monday was for cheaper tech and gave smaller businesses a chance to compete online. Nowadays, though, distinction is almost meaningless. Every major retailer will offer sales on both days, and the smart move is to know what you want, use price trackers or refer to guides like our live blog that use price trackers for you, and don’t stress over finding the perfect timing.

Read more of this story at Slashdot.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Black Friday sales officially start Friday, November 28, and run through Cyber Monday, December 1, and Lifehacker is sharing the best sales based on product reviews, comparisons, and price-tracking tools before it's over. 

• Follow our live blog to stay up-to-date on the best sales we find.

• Browse our editors’ picks for a curated list of our favorite sales on laptops, fitness tech, appliances, and more.

• Subscribe to our shopping newsletter, Add to Cart, for the best sales sent to your inbox.

• Sales are accurate at the time of publication, but prices and inventory are always subject to change. 

The Pixel Watch is Google's answer to the Apple Watch. It's designed to be a health and fitness companion to your Android phone, and is actually pretty good at that, based on Lifehacker's own hands-on experience. Even though this model was launched just a few months ago, it's already on sale, too. You can grab the Pixel Watch 4 for a record low price this Black Friday. The discounts range from 15% to 22%, depending on which variant you pick, but all are tempting.

Pixel Watch 4 (41mm, WiFi)

$300.00 at Amazon

$350.00 Save $50.00

Get Deal

Get Deal

$300.00 at Amazon

$350.00 Save $50.00

Pixel Watch 4 (41mm, LTE)

$350.00 at Amazon

$450.00 Save $100.00

Get Deal

Get Deal

$350.00 at Amazon

$450.00 Save $100.00

Pixel Watch 4 (45mm, WiFi)

$400.00 at Amazon

Get Deal

Get Deal

$400.00 at Amazon

Pixel Watch 4 (45mm, LTE)

$400.00 at Amazon

$500.00 Save $100.00

Get Deal

Get Deal

$400.00 at Amazon

$500.00 Save $100.00

SEE 1 MORE

The Black Friday 2025 prices for the Pixel Watch 4 are as follows:

• 41mm, wifi: $300 (15% off)

• 41mm, LTE: $350 (22% off)

• 45mm, wifi: $350 (15% off)

• 45mm, LTE: $399 (20% off)

Lifehacker's Senior Health Editor Beth Skwarecki reviewed the Pixel Watch 4 and gave it a score of 4/5. She praised the Pixel Watch 4's charging speed in particular, as the device went from 0 to 94% in just 31 minutes. The device also has a useful new magnetic charging dock that holds it sideways while it charges. This means that it can act as a small desk clock while it's charging, which is very convenient. Beth also highlighted the Pixel Watch 4's support for satellite SOS on the LTE models, which is a useful life-saving feature in certain emergencies, where you might not have access to a cellular signal.

The review also points out the watch's addition of dual band GPS, which means that tracking your outdoor runs or rides will be much more accurate. Even the Apple Watch Series 11 doesn't have this feature, but the more expensive Apple Watch Ultra has it. As for the Pixel Watch 4's downsides, the battery life isn't that great, the display could be brighter, and the Fitbit app has quite a few limitations. Still, this is a fairly solid hardware, now with a sweet deal.

Does Amazon have Black Friday deals?

Yes, Amazon has Black Friday sales, but prices aren’t always what they seem. Use a price tracker to make sure you’re getting the best deal, or refer to guides like our live blog that use price trackers for you. And if you have an Amazon Prime membership, make the most of it.

Are Black Friday deals worth it?

In short, yes, Black Friday still offers discounts that can be rare throughout the rest of the year. If there’s something you want to buy, or you’re shopping for gifts, it’s a good time to look for discounts on what you need, especially tech sales, home improvement supplies, and fitness tech. Of course, if you need to save money, the best way to save is to not buy anything. 

Are Cyber Monday deals better than Black Friday?

Black Friday used to be bigger for major retailers and more expensive tech and appliances, while Cyber Monday was for cheaper tech and gave smaller businesses a chance to compete online. Nowadays, though, distinction is almost meaningless. Every major retailer will offer sales on both days, and the smart move is to know what you want, use price trackers or refer to guides like our live blog that use price trackers for you, and don’t stress over finding the perfect timing.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The Galaxy Watch 8 Classic is now available at a $100 discount for Black Friday, bringing the Bluetooth model down to $399.99 from its original $499.99, and the LTE version to $449.99 from $549.99. That extra $50 for LTE only really matters if you plan to use the watch without your phone nearby. For most people who keep their phone close, the Bluetooth version is more than enough.

Samsung Galaxy Watch 8 Classic (46mm, Bluetooth, Black Band)

$399.99 at Amazon

$499.99 Save $100.00

Get Deal

Get Deal

$399.99 at Amazon

$499.99 Save $100.00

The physical rotating bezel makes a return with the Classic and remains one of the easiest ways to navigate the interface, particularly when your hands are sweaty or occupied. The display is brighter and more readable in direct sunlight, the case has been trimmed slightly for a sleeker fit, and the battery comfortably lasts through a full day and a night of sleep tracking. The watch also gets Google’s Gemini assistant and an updated sleep dashboard, so even if you don’t dive deep into data, the summaries are easier to understand. 

Samsung has added a few smart touches this year. The updated health sensors feel more accurate in everyday use, the dual-band GPS locks onto routes faster, and the gesture controls make one-handed navigation easier when you’re on the move. The AI running coach also feels more grounded, offering small adjustments to your stride or pace instead of vague motivational fluff. None of these are headline-grabbing changes, but they’re the kind that make a difference in daily use.

Reviews (including this “excellent” PCMag review and our own hands-on review) agree that the Classic version feels more like a traditional watch while still packing in full smartwatch features. That said, the 46mm size may not suit everyone, particularly those who prefer a smaller or lighter option. And serious workout folks may want a longer battery life than the 30-ish hours you get here. But for an everyday smartwatch with a fitness angle, it strikes a strong balance.

If you’re weighing your options, we’ve also compared the Google Pixel Watch 4 with the Galaxy Watch 8 Classic in detail so you can see how they match up.

Android Malware Deploys Fake Login Screens

Capturing Encrypted Messages

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Black Friday sales officially start Friday, November 28, and run through Cyber Monday, December 1, and Lifehacker is sharing the best sales based on product reviews, comparisons, and price-tracking tools before it's over. 

• Follow our live blog to stay up-to-date on the best sales we find.

• Browse our editors’ picks for a curated list of our favorite sales on laptops, fitness tech, appliances, and more.

• Subscribe to our shopping newsletter, Add to Cart, for the best sales sent to your inbox.

• Sales are accurate at the time of publication, but prices and inventory are always subject to change. 

The OnePlus 13 isn’t just competing with flagship phones. It’s quietly undercutting them. At $699 for the unlocked 512GB Arctic Dawn model, down from $849, it’s currently at its lowest price according to price trackers, making a strong case for itself if you’ve been eyeing an Android phone with top-tier specs without crossing the $1,000 threshold.

OnePlus 13,16GB RAM + 512GB Storage

$1,295.00 at Amazon

Get Deal

Get Deal

$1,295.00 at Amazon

It runs on the new Snapdragon 8 Elite chip with 16GB RAM, includes a massive 6.82-inch ProXDR OLED display that stays readable even in direct sunlight, and delivers all-day battery life. Add in 80W wired charging (with the charger actually in the box) and a surprisingly premium build with IP68/IP69 protection, and you start to wonder why this phone isn’t getting more buzz. It also supports wireless charging, but you’ll need to buy OnePlus’ AirVOOC charger separately, notes this PCMag review.

Performance-wise, it holds its own. Whether you’re juggling dozens of apps or pushing it with demanding games, the OnePlus 13 barely breaks a sweat. Plus, its 120Hz refresh rate makes everyday scrolling feel extra smooth. On the connectivity side, you get wifi 7, NFC, Bluetooth 5.4, and support for advanced audio codecs like LDAC and LHDC 5.0, which is great news for wireless headphone users. 

OnePlus’ ongoing collaboration with Hasselblad anchors the camera setup of the OnePlus 13, and this year, all three rear lenses are 50MP—main, telephoto, and ultra-wide. Color reproduction leans natural, not oversaturated, which is great if you prefer photos that don’t need major editing.

Software updates won’t go as long as Pixel or Galaxy phones, which might be a dealbreaker if you plan to keep your phone for years. And it doesn’t have a microSD card slot, so the 512GB you get is all you’ll have. But if you want top-tier performance, clean design, and unbeatable battery life for the price, the OnePlus 13 is one of the best values out there right now.

How long do Black Friday deals really last?

Black Friday sales officially begin Friday, November 28, 2025, and run throughout “Cyber Week,” the five-day period that runs from Thanksgiving through Cyber Monday, December 1, 2025. But Black Friday and Cyber Monday dates have expanded as retailers compete for customers. Expect sales to wind down by December 3, 2025.

What stores have the best sales on Black Friday?

Nowadays, both large retailers and small businesses compete for Black Friday shoppers, so you can expect practically every store to run sales through Monday, December 1, 2025. The “best” sales depend on your needs, but in general, the biggest discounts tend to come from larger retailers that can afford lower prices: think places like Amazon, Walmart, Target, Best Buy, and Home Depot. You can find all the best sales from major retailers on our live blog. 

Are Black Friday deals worth it?

In short, yes, Black Friday still offers discounts that can be rare throughout the rest of the year. If there’s something you want to buy, or you’re shopping for gifts, it’s a good time to look for discounts on what you need, especially tech sales, home improvement supplies, and fitness tech. Of course, if you need to save money, the best way to save is to not buy anything. 

A controversy over data-gathering software secretly installed on Samsung phones has erupted again after a new accusatory post appeared on X last week.

In the post on the social media site, cybersecurity newsletter International Cyber Digest warned about a secretive application called AppCloud that Samsung had allegedly put on its phones. The software was, it said,

“unremovable Israeli spyware.”

This all harks back to May, when digital rights group SMEX published an open letter to Samsung. It accused the company of installing AppCloud on its Galaxy A and M series devices, although stopped short of calling it spyware, opting for the slightly more diplomatic “bloatware”.

The application, apparently installed on phones in West Asia and North Africa, did more than just take up storage space, though.According to SMEX, it collected sensitive information, including biometric data and IP addresses.

SMEX’s analysis says the software, developed by Israeli company ironSource, is deeply integrated into the device’s operating system. You need root access to remove it, and doing so voids the warranty.

Samsung has partnered with ironSource since 2022, carrying the its Aura toolkit for telecoms companies and device maker in more than 30 markets, including Europe. The pair expanded the partnership in November 2022—the same month that US company Unity Technologies (that makes the Unity game engine) completed its $4.4bn acquisition of ironSource. That expansion made ironSource

“Samsung’s sole partner on newly released A-series and M-series mobile devices in over 50 markets across MENA – strengthening Aura’s footprint in the region.”

SMEX’s investigation of ironSource’s products points to software called Install Core. It cites our own research of this software, which is touted as an advertising technology platform, but can install other products without the user’s permission.

AppCloud wasn’t listed on the Unity/Ironsource website this February when SMEX wrote its in-depth analysis. It still isn’t. It also doesn’t appear on the phone’s home screen. It runs quietly in the background, meaning there’s no privacy policy to read and no consent screen to click, says SMEX.

Screenshots shared online suggest AppCloud can access network connections, download files at will, and prevent phones from sleeping. However, this does highlight one important aspect of this software: While you might not be able to start it from your home screen or easily remove it, you can disable it in your application list. Be warned, though; it has a habit of popping up again after system updates, say users.

Not Samsung’s first privacy controversy

This isn’t Samsung’s first controversy around user privacy. Back in 2015, it was criticized for warning users that some smart TVs could listen to conversations and share them with third parties.

Neither is it the first time that budget phone users have had to endure pre-installed software that they might not have wanted. In 2020, we reported on malware that was pre-installed on budget phones made available via the US Lifeline program.

In fact, there have been many cases of pre-installed software on phones that are identifiable as either malware or potentially unwanted programs. In 2019, Maddie Stone, a security researcher for Google’s Project Zero, explained how this software makes its way onto phones before they reach the shelves. Sometimes, phone vendors will put malware onto their devices after being told that it’s legitimate software, she warned. This can result in botnets like Chamois, which was built on pre-installed malware purporting to be from an SDK.

One answer to this problem is to buy a higher-end phone, but you shouldn’t have to pay more to get basic privacy. Budget users should expect the same level of privacy as anyone else. We wrote a guide to removing bloatware— it’s from 2017, but the advice is still relevant.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Last year, Apple finally added support for Rich Communications Services (RCS) texting to its platforms, improving consistency, reliability, and security when exchanging green-bubble texts between the competing iPhone and Android ecosystems. Today, Google is announcing another small step forward in interoperability, pointing to a slightly less annoying future for friend groups or households where not everyone owns an iPhone.

Google has updated Android’s Quick Share feature to support Apple’s AirDrop, which allows users of Apple devices to share files directly using a local peer-to-peer Wi-Fi connection. Apple devices with AirDrop enabled and set to “everyone for 10 minutes” mode will show up in the Quick Share device list just like another Android phone would, and Android devices that support this new Quick Share version will also show up in the AirDrop menu.

Google will only support this feature on the Pixel 10 series, at least to start. The company is “looking forward to improving the experience and expanding it to more Android devices,” but it didn’t announce anything about a timeline or any hardware or software requirements. Quick Share also won’t work with AirDrop devices working in the default “contacts only” mode, though Google “[welcomes] the opportunity to work with Apple to enable ‘Contacts Only’ mode in the future.” (Reading between the lines: Google and Apple are not currently working together to enable this, and Google confirmed to The Verge that Apple hadn’t been involved in this at all.)

Read full article

Comments

Read more of this story at Slashdot.

As it does every year, Google has picked its favorite apps, games, and books of 2025 from the Play Store catalog—and the annual selection is always useful as a pointer towards some high-quality titles for your Android devices that you may have missed so far.

Topping the pile is Focus Friend from YouTuber Hank Green, which aims to keep you on task and undistracted via a series of cutesy animations and cartoon living spaces. The less you check your phone, the better the experience for your 'bean' inside the app.

It's an app we've written about before, and I've given it a go myself while trying to focus on writing this article with as few distractions as possible. I've also cast an eye over the other picks from Google, which you may want to add to your phone or tablet.

Focus Friend really does help you focus

I'd previously heard a bit of buzz around Focus Friend, but it being picked as Google's favorite Play Store app of the year gave me the nudge I needed to actually install it and give it a go. It's been earning some rave reviews, but it's not actually all that different to the many other focus apps available on mobile.

This one does ramp up the cartoon cuteness, giving you your own personal bean character who will get busy knitting as long as you're not checking other apps on your phone. You can trade the socks that get knitted for a variety of furnishings and decorations for the bean's living space, which starts off very bare indeed.

Focus Friend is built around a timer system. Credit: Lifehacker

It's a well-implemented app that's straightforward and fun to use, and I found it did encourage me to pick up my phone less. There's a pro version—yours for $2 a month—which unlocks access to more items for your bean to knit and more decorations for the surrounding room.

I like that you don't even have to sign up for an account to use the app (a constant bind if you write about tech and apps all day), and there's a decent amount of customization here—you've got sound effects and music you can turn on and off, the option to actually block other apps, and a lock screen mode to make use of.

The app offers a variety of customization options. Credit: Lifehacker

Your mileage may vary depending on how taken you are with the bean character and the various items you can get to kit out its room. This is essentially just a stopwatch with a lot of nice dressing around it, and you can get much the same effect by starting a timer on your phone—without worrying about hurting the feelings of an imaginary bean.

It's a good pick by Google, but it's also fair to say there are lots of similar apps out there. I actually prefer Forest (for Android or iOS), which grows a little forest for you rather than having a bean knit socks, but my favorite app of this type is Focus Traveller (only available on iOS, sadly for Android users) that turns your focus sessions into cross-country hikes.

More apps, games, and ebooks

There's plenty more in Google's list besides Focus Friend—and I'll confess I haven't used many of these apps or games. The best multi-device app award goes to Luminar, a comprehensive photo editing tool that's packed with tools (and AI, as you would expect). The interface adapts really well across devices, including foldables and Chromebooks.

The other apps that made the list are Instagram app Edits (best for fun), audiobook summarizer Wiser (best everyday essential), language tutor Pingo AI (best hidden gem), kids learning game ABCmouse 2 (best for families), sleep alarm SleepisolBio (best for watches), note taker Goodnotes (best for large screens), audio app SoundCloud (best for cars), and meditation app Calm (best for XR headsets).

Luminar is the best multi-device app of the year. Credit: Google

When it comes to games, the outright winner was Pokémon TCG Pocket, a digital take on the physical Pokémon card game that lets you collect cards on your Android device and battle with other players across the globe. It's going to have limited appeal outside Pokémon fans, but it's certainly well-designed.

Google's other game picks are combat racer Disney Speedstorm (best multi-device game), streetball game Dunk City Dynasty (best multi-player), card game Candy Crush Solitaire (best pick up and play), puzzle adventure Chants of Sennaar (best indie), interactive detective story Disco Elysium (best story), open-world RPG Wuthering Waves (best ongoing), dark fishing adventure Dredge (best on Play Pass), and Norse mythology MMORPG Odin: Valhalla Rising (best for Google Play Games on PC).

Disney Speedstorm is the best multi-device game. Credit: Google

There's a lot to choose from when it comes to ebooks and audiobooks, too, with 17 titles across fiction, non-fiction, and reads for younger people: from fantasy tale "The Raven Scholar" by Antonia Hodgson, to historical fiction title "Herod the Great" by Zora Neal Hurson. You can find the full list here.

As for iOS, at the time I'm writing this article Apple has announced a shortlist for the 2025 App Store Awards, but we don't have the final winners yet.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The Samsung Galaxy Tab S10+ in Platinum Silver is currently priced at $749.99, down from its regular $999.99, and price trackers confirm this is the tablet’s lowest price to date. That discount alone makes a premium device more approachable, especially one that PCMag didn’t hesitate to call “excellent” in their review. They also named it their Editor’s Choice and their pick for the best Android tablet of 2024, which sets a certain expectation. The S10+ meets most of it.

Samsung Galaxy Tab S10+ Plus 12.4” 256GB Android Tablet

$749.99 at Amazon

$999.99 Save $250.00

Get Deal

Get Deal

$749.99 at Amazon

$999.99 Save $250.00

The 12.4-inch Dynamic AMOLED 2X display looks sharp and handles colors cleanly, and its anti-reflective coating makes a difference when you’re using it outdoors. It still struggles under direct sunlight, but you won’t be tilting the screen around during a casual commute or on your couch. The tablet also feels sturdy in the hand, thanks to Samsung’s Armor Aluminum frame and Gorilla Glass 5 on the front, and the IP68 rating means it can handle dust and water better than any iPad.

Performance-wise, the MediaTek Dimensity 9300+ chip paired with 12GB of RAM keeps apps running smoothly without hesitation, and the 256GB of storage (with support for up to 1.5TB via microSD) makes it easy to load up with work files or games. Demanding games like Genshin Impact run smoothly, and not surprisingly, everyday tasks like email, browsing, reading, and hopping between apps don’t strain it either. Battery life lands at a little over eight hours in continuous playback at full brightness, which is decent, though anyone hoping for an all-day endurance champion might want to keep expectations in check.

​​Samsung’s software and AI tools round out the experience. Android 14 with One UI 6.1.1 brings multitasking shortcuts, a desktop-like DeX mode, and Galaxy AI tools such as Circle to Search, automatic note cleanup, and webpage summaries. These small conveniences add up and make the tablet feel more helpful in day-to-day use. Samsung also promises four years of OS updates and seven years of security patches. That said, the cameras feel like the most compromise-heavy part of the tablet. The 13MP main camera and 8MP ultra-wide do fine for video calls and scanning pages, but colors skew oversaturated and lack detail compared to what you’d expect at this price. Still, this is one of the best tablets you can buy in 2025, according to our Associate Tech Editor Michelle Ehrhardt.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The Samsung Galaxy Tab S6 Lite was originally released in 2020, but it was revamped in 2022, and then again in 2024 for a third time with a better processor. Right now, you can get the latest 2024 model with 64GB of storage for $159.99 (originally $329.99) after a 52% discount. The 128GB model is also discounted, currently $229.99 (originally $399.99) after a 43% discount. These are both record-low prices, according to price tracking tools.

Samsung Galaxy Tab S6 Lite 64GB Wi-Fi Tablet (Oxford Gray, 2024 Model)

$159.99 at Amazon

$329.99 Save $170.00

Get Deal

Get Deal

$159.99 at Amazon

$329.99 Save $170.00

Samsung Galaxy Tab S6 Lite 128GB Wi-Fi Tablet (Oxford Gray)

$229.99 at Amazon

$399.99 Save $170.00

Get Deal

Get Deal

$229.99 at Amazon

$399.99 Save $170.00

SEE -1 MORE

The Samsung Galaxy Tab S6 Lite is a solid entry-level tablet for drawing, taking notes, and light gaming. What makes this one special is its budget price and that it comes with the S Pen stylus included. It is light, hence the name, but not by much compared to the iPad, at 1.025 pounds. (The 11th-generation iPad is 1.05 pounds, for comparison.) It measures 9.63 by 6.07 by .28 inches and has a 10.4-inch screen with a 2,000 x 1,200 resolution. The processor is a step up from the 2022 Qualcomm Snapdragon 720G, now with Samsung's own Exynos 1280. This S6 comes with the Android 14 operating system, 4GB of RAM, and 64GB of storage (expandable up to 1TB). As far as battery life, the 7,040 mAh battery should last anywhere between five to 15 hours, depending on your use.

The 8 MP rear camera and 5MP front camera won't blow you away, but they're fine for daytime snapshots and video calls. If you're still holding on to your wired headphones, you will be happy to know it has a 3.5 mm headphone jack. It has no physical home button, but it does have volume control keys, a power button, a micro SD card slot, and a USB-C 2.0 port (you can't extend your display to a monitor with this port).

For the price, this is a great budget Android tablet even in 2025. It's not worth upgrading if you have the 2022 version (unless you want the assurance of more years of Samsung support). But if you have an older tablet or are looking for your first one, the S6 Lite is a great choice.

Google has been using Rust in Android more and more for its memory safety characteristics, and the results on that front were quite positive. It turns out, however, that not only does using Rust reduce the number memory safety issues, it’s also apparently a lot faster to code in Rust than C or C++.

We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust’s impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.

↫ Jeff Vander Stoep at the Google Security Blog

When you think about it, it actually makes sense. If you have fewer errors of a certain type, you’ll spend less time fixing those issues, time which you can then spend developing new code. Of course, it’s not that simple and there’s a ton more factors to consider, but on a base level, it definitely makes sense. Spellcheck in word processors means you have to spend less time detecting and fixing spelling errors, so you have more time to spend on actually writing.

I’m sure we’ll all be very civil about this, and nobody will be weird about Rust at all.

Shifting the Balance in Systems Programming 

Throughput Improvements: Fewer Revisions, Faster Reviews 

Rust’s Footprint 

• Kernel: Android 6.12 is the first shipping kernel with Rust support enabled and includes the platform’s first production Rust driver. Android is also collaborating with Arm and Collabora on a Rust-based GPU driver. 
• Firmware: Rust has been deployed in firmware for years. Android and Arm are now collaborating on Rusted Firmware-A to enhance security in high-privilege firmware environments. 

• Nearby Presence uses Rust for secure Bluetooth-based device discovery. 
• MLS, the RCS messaging security protocol, is implemented in Rust and will appear in Google Messages in a future release. 
• Chromium has replaced PNG, JSON, and web-font parsers with Rust-based memory-safe implementations. 

The First Almost-Vulnerability in Rust 

Conclusion 

Only a few months ago, Google announced it was going to require that all Android applications – even those installed outside of the Play Store – had to be verified. This led to a massive backlash, and it seems our protests and complaints have had effect: the company announced a change in plans today, and will, in fact, not require certification for installing applications outside of the Play Store.

Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified. We are designing this flow specifically to resist coercion, ensuring that users aren’t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months.

↫ Matthew Forsythe Director at the Android Developers Blog

While this is great news, I’m still concerned this is only temporary. Companies like Google have a tendency to announce some draconian measure to test the waters, walk it back in response to backlash, only to then reintroduce it through some sneaky backdoor a year later when nobody’s looking. Installing whatever we want on the devices we own should be a protected right, not something graciously afforded to us by our corporate overlords.

If you think this is the end of this story, you’re a fool.

Researchers at Zimperium identified Fantasy Hub, a new Android spyware developed and sold as a subscription on Russian-language cybercrime forums.

Malware-as-a-Service (MaaS) means cybercriminals rent out to malware to other criminals, complete with the infrastructure necessary to harvest and abuse stolen information. Usually, it’s up to the buyer to spread the malware, but Fantasy Hub goes a step further—it comes with full documentation, video tutorials, and a subscription model that makes it easy for even inexperienced attackers to use. Its creators provide step-by-step guides to create fake Google Play pages that imitate apps like Telegram or online banking portals, complete with realistic reviews. It’s a Remote Access Trojan (RAT) that anyone can distribute.

Distribution relies heavily on social engineering and phishing. Attackers use Fantasy Hub’s templates and tools to set up convincing fake app pages, tricking users into downloading the malicious software. A “dropper” option even lets buyers upload any Android app APK and get back a modified version with Fantasy Hub added.

These counterfeit apps look legitimate, and often request only a single permission: SMS access. But that permission unlocks much more. The SMS handler role bundles multiple powerful permissions: contacts, camera, and file access into a single authorization step, unlocking extensive control over the device’s messaging, contacts, and camera functions. Fantasy Hub is designed to bypass standard security checks and can remain concealed, making detection difficult for users.

What can it do?

Once installed, Fantasy Hub can steal SMS messages, call logs, contacts, photos, and videos. It can also intercept, reply to, and delete notifications. More dangerously, it can initiate live audio and video streams using the device’s camera and microphone without the user’s consent. It’s been found in imitation banking apps, displaying fake windows to harvest user credentials such as usernames, PINs, and passwords. As part of the handy pack provided by Fantasy Hub’s creators, attackers are given tools to tailor these phishing windows for almost any banking app they wish to target.

While individuals at at risk from this malware, the threat extends to organizations that use Bring Your Own Device (BYOD) policies or rely on mobile banking and work apps. A single infected phone could expose company data or communications.

How to stay protected

Fantasy Hub shows how easily cybercriminals can now buy and run complex spyware. But a few simple habits can help you stay safe:

• Stick to trusted sources. Download apps only from Google Play, Apple’s App Store, or the official provider. Your bank will never ask you to use another source.
• Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware as Android/Trojan.Spy.ACRF949851CC4.
• Scrutinize permissions. Does it really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for SMS or camera access.
• Unsolicited communications. Stay wary of messages, emails, or links urging you to “update” or install outside the official app stores.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Another day, another malware attack on smartphones. Researchers at Unit 42, the threat intelligence arm of Palo Alto Networks, have revealed a sophisticated spyware known as “Landfall” targeting Samsung Galaxy phones. The researchers say this campaign leveraged a zero-day exploit in Samsung Android software to steal a raft of personal data, and it was active for almost a year. Thankfully, the underlying vulnerability has now been patched, and the attacks were most likely targeted at specific groups.

Unit 42 says that Landfall first appeared in July 2024, relying on a software flaw now catalogued as CVE-2025-21042. Samsung issued a patch for its phones in April 2025, but details of the attack have only been revealed now.

Even if you were out there poking around the darker corners of the Internet in 2024 and early 2025 with a Samsung Galaxy device, it’s unlikely you’d be infected. The team believes Landfall was used in the Middle East to target individuals for surveillance. It is currently unclear who was behind the attacks.

Read full article

Comments

The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts.

Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims’ phones—without ever physically stealing the cards.

NFC is a wireless technology that allows devices such as smartphones, payment cards, and terminals to communicate when they’re very close together. So, instead of stealing your bank card, the attackers capture NFC (Near Field Communication) activity on a mobile phone infected with the NGate malware and forward that transaction data to devices at ATMs. In NGate’s case the stolen data is sent over the network to the attackers’ servers rather than being relayed purely by radio.

NFC comes in a few “flavors.” Some produce a static code—for example, the card that opens my apartment building door. That kind of signal can easily be copied to a device like my “Flipper Zero” so I can use that to open the door. But sophisticated contactless payment cards (like your Visa or Mastercard debit and credit cards) use dynamic codes. Each time you use the NFC, your card’s chip generates a unique, one-time code (often called a cryptogram or token) that cannot be reused and is different every time.

So, that’s what makes the NGate malware more sophisticated. It doesn’t simply grab a signal from your card. The phone must be infected, and the victim must be tricked into performing a tap-to-pay or card-verification action and entering their PIN. When that happens, the app captures all the necessary NFC transaction data exchanged — not just the card number, but the fresh one-time codes and other details generated in that moment.

The malware then instantly sends all that NFC data, including the PIN, to the attacker’s device. Because the codes are freshly generated and valid only for a short time, the attacker uses them immediately to imitate your card at an ATM; the accomplice at the ATM presents the captured data using a card-emulating device such as a phone, smartwatch, or custom hardware.

But, as you can imagine, being ready at an ATM when the data comes in takes planning—and social engineering.

First, attackers need to plant the malware on the victim’s device. Typically, they send phishing emails or SMS messages to potential victims. These often claim there is a security or technical issue with their bank account, trying to induce worry or urgency. Sometimes, they follow up with a phone call, pretending to be from the bank. These messages or calls direct victims to download a fake “banking” app from a non-official source, such as a direct link instead of Google Play.

Once installed, the app app asks for permissions and leads victims through fake “card verification” steps. The goal is to get victims to act quickly and trustingly—while an accomplice waits at an ATM to cash out.

How to stay safe

NGate only works if your phone is infected and you’re tricked into initiating a tap-to-pay action on the fake banking app and entering your PIN. So the best way to stay safe from this malware is keep your phone protected and stay vigilant to social engineering:

• Stick to trusted sources. Download apps only from Google Play, Apple’s App Store, or the official provider. Your bank will never ask you to use another source.
• Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware.
• Do not engage with unsolicited callers. If someone claims to be from your bank, tell them you’ll call them back at the number you have on file.
• Ignore suspicious texts. Do not respond to or act upon unsolicited messages, no matter how harmless or urgent they seem.

Malwarebytes for Android detects these banking Trojans as Android/Trojan.Spy.NGate.C; Android/Trojan.Agent.SIB01022b454eH140; Android/Trojan.Agent.SIB01c84b1237H62; Android/Trojan.Spy.Generic.AUR9552b53bH2756 and Android/Trojan.Banker.AURf26adb59C19.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Researchers at Cyfirma have investigated Android Trojans capable of stealing sensitive data from compromised devices. The malware spreads by pretending to be trusted apps—like a news reader or even digital ID apps—tricking users into downloading it by accident.

In reality, it’s Android-targeting malware that preys on people who use banking and cryptocurrency apps. And a sneaky one. Once installed, it doesn’t announce itself in any way, but quietly works in the background to steal information such as login details and money.​

First, it checks if it’s running on a real phone or in a security test system so it can avoid detection. Then, it asks users for special permissions called “Accessibility Services,” claiming these help improve the app but actually giving the malware control over the device without the owner noticing. It also adds itself as a Device Administrator app.

With these permissions, the Trojan can read what’s on the screen, tap buttons, and fill in forms as if it were the user. It also overlays fake login screens on top of real banking and cryptocurrency apps, so when someone enters their username and password, the malware steals them.

Simply put, the Android overlay feature allows an app to appear on top of another app. Legitimate apps use overlays to show messages or alerts—like Android chat bubbles in Messenger—without leaving the current screen.

The Trojan connects to a remote command center, sending information about the phone, its location, and which banking apps are installed. At this point, attackers can send new instructions to the malware, like downloading updates to hide better or deleting traces of its activity. As soon as it runs, the Trojan also silences notifications and sounds so users don’t notice anything out of the ordinary.

The main risk is financial loss: once cybercriminals have banking credentials or cryptocurrency wallet codes, they can steal money or assets without warning. At this point in time the malware targets banking users in Southeast Asia, but its techniques could spread anywhere.

As we rely more on our phones for payments and important tasks, it’s clear that our mobile devices need the same level of protection that we expect on our laptops.

Malwarebytes for Android detects these banking Trojans as Android/Trojan.Spy.Banker.AUR9b9b491bC44.

How to stay safe

• Stick to trusted sources. Download apps—especially VPNs and streaming services—only from Google Play, Apple’s App Store, or the official provider. Never install something just because a link in a forum or message promises a shortcut.
• Check an app’s permissions. If an app asks for control over your device, your settings, Accessibility Services, or wants to install other apps, stop and ask yourself why. Does it really need those permissions to do what you expect it to do?
• Use layered, up-to-date protection. Install real-time anti-malware protection on your Android that scans for new downloads and suspicious activity. Keep both your security software and your device system updated—patches fix vulnerabilities that attackers can exploit.
• Stay informed. Follow trustworthy cybersecurity news and share important warnings with friends and family.

Indicators of compromise

File name: IdentitasKependudukanDigital.apk

SHA-256: cb25b1664a856f0c3e71a318f3e35eef8b331e047acaf8c53320439c3c23ef7c

File Name: identitaskependudukandigital.apk

SHA256:19456fbe07ae3d5dc4a493bac27921b02fc75eaa02009a27ab1c6f52d0627423

File Name: identitaskependudukandigital.apk

SHA-256: a4126a8863d4ff43f4178119336fa25c0c092d56c46c633dc73e7fc00b4d0a07

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Researchers from Google’s Project Zero discovered a medium-severity remote code execution (RCE) vulnerability that affects multiple platforms, including Android (Samsung and Pixel devices) and Windows. Remote code execution means an attacker could run programs on your device without your permission. The flaw, found in Dolby’s Unified Decoder Component (UDC) that handles audio playback, can be triggered automatically when a device receives an audio message—no tap or user action required.

The flaw affects Android devices that use Dolby audio processing (for example, Google Pixel and Samsung smartphones) and Windows systems running Dolby UDC versions 4.5–4.13. Other vendors that integrate Dolby’s decoding capabilities may also be indirectly impacted, depending on their library updates.

Tracked as CVE-2025-54957, the problem arises from the way the Dolby UDC handles “evolution data.” In the context of Dolby Digital Plus (DD+) audio streams, evolution data refers to a specialized extension block introduced in later versions of Dolby’s codecs to support additional functionality, such as higher channel counts, advanced loudness metadata, and dynamic range adjustments.

The buffer overflow occurs when the decoder parses the evolution data and miscalculates the size of incoming packets. Because this data block can vary in length, depending on the metadata or the embedded audio mode, the faulty length calculation can lead to insufficient buffer allocation. Malformed data can then overwrite adjacent memory and potentially allow remote code execution.

Buffers are areas of memory set aside to hold data. When a buffer overflow happens, it can overwrite neighboring memory areas, which may contain other data or executable code. This overwriting is not a deliberate action by the transaction or program, but an unintended consequence of the vulnerability, which could have been prevented by bounds checking.

While not every overflow carries malicious intent, the behavior of buffer overflows can be exploited. Attackers can use them to disrupt the operation of other programs, causing them to malfunction, expose secrets, or even run malicious code. In fact, buffer overflow vulnerabilities are the most common security vulnerabilities today.

The vulnerability is exploitable by sending a target a specially crafted audio file. An attacker could make a phone or PC run malicious code inside the audio-decoding process, leading to crashes or unauthorized control. It’s similar to getting a song stuck in your head so badly that you can’t think of anything else and end up dancing off a cliff.

The abuse of CVE-2025-54957 is not a purely hypothetical case. In its official October 14 security advisory, Dolby mentions that it is:

“aware of a report found with Google Pixel devices indicating that there is a possible increased risk of vulnerability if this bug is used alongside other known Pixel vulnerabilities. Other Android mobile devices could be at risk of similar vulnerabilities.”

Dolby did not reveal any details, but just looking at the September 2025 Android security updates, there are several patches that could plausibly be chained with this bug to allow a local attacker to gain an elevation of privilege (EoP).

How to stay safe

To prevent falling victim to an attack using this vulnerability, there are a few things you can do.

• Don’t open unsolicited attachments, including sound files.
• Install updates promptly. Dolby has released fixes that device makers must roll into firmware and OS updates—enable automatic updates where possible.
• Use an up-to-date real-time anti-malware solution, preferably with a web component.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

The LineageOS project has released version 23 of their AOSP-based Android variant. LineageOS 23 is based on the initial release of Android 16 – so not the QPR1 release that came later – because Google has not made the source code for that release available yet. Like other, similar projects, LineageOS also suffers from Google’s recent further lockdown of Android; not only do they not have access to Android 16 QPR1’s source code, they also can’t follow along with the latest security patches for Android due to changes Google made to the patch release process, and without the device trees for Pixel devices, Pixels are now no longer supported any better than other Android devices.

LineageOS 23 brings many of the same features Android 16 brought, and comes with updated versions of LineageOS’ own camera application and music player, as well as a new TV launcher. They’ve also worked hard to make it much easier to run LineageOS in QEMU, they’ve improved support for running mainline kernels, they’ve made it easier to merge security fixes and updates for various kernel versions, and much more.

Update instructions can be found on the devices page, and specifically note that if you’re using an unofficial LineageOS build, you’ll need to perform the original installation again. With LineageOS being the Debian of the Android world, you can expect a ton of these unofficial versions to pop up over the coming months for devices LineageOS does not officially support.

Google has been on a bit of a marketing blitz to try and counteract some of the negative feedback following its new developer verification requirement for Android applications, and while they’re using a lot of words, none of them seem to address the core concerns. It basically comes down to that they just don’t care about the consequences this new requirement has for projects like F-Droid, nor are they really bothered by any of the legitimate privacy concerns this whole thing raises.

If this new requirement is implemented in its current form, F-Droid will simply not be able to continue to exist in its current form. F-Droid builds the applications in its repository themselves and signs them, and developer verification does not fit into that picture at all. F-Droid works this way to ensure its applications are built from the publicly available sources, so developers can’t sneak anything nefarious into any binaries they would otherwise be submitting themselves.

The privacy angle doesn’t seem to bother Google much, either, which shouldn’t be a surprise to anyone. With this new requirement, Android application developers can simply no longer be anonymous, which has a variety of side-effects, not least of which is that anyone developing applications for, say, dissidents, can now no longer be anonymous. Google claims they won’t be sharing developer information with governments, but we all know that’s a load of bullshit, made all the more relevant after whatever the fuck this was. If you want to oppose the genocide in Gaza or warn people of ICE raids, and want to create an Android application to coordinate such efforts, you probably should not, and stick to more anonymous organising tools.

Students and hobbyists are getting the short end of the stick, too, as Google’s promised program specifically for these two groups is incredibly limited. Yes, it waves the $25 fee, but that’s about the only positive here:

Developers who register with Google as a student or hobbyist will face severe app distribution restrictions, namely a limit on the number of devices that can install their apps. To enforce this, any user wanting to install software from these developers must first retrieve a unique identifier from their device. The developer then has to input this identifier into the Android Developer Console to authorize that specific device for installation.

↫ Mishaal Rahman at Android Authority

Google does waive the requirement for developer certification for one particular type of user, and in doing so, highlights the only group of users Google truly cares about: enterprise users. Any application installed by an enterprise on managed devices will not need to have its developer certified. Google states that in this particular use case, the enterprise’s IT department is responsible for any security issues that may arise. Isn’t it funny how the only group of users who won’t have to deal with this nonsense are companies who pay Google tons of money for their enterprise tools?

The only way we’re going to get out of this is if any governments step up and put a stop to this. We can safely assume the United States’ government won’t be on our side – they’re too busy with their recurring idiotic song-and-dance anyway – so our only hope is the European Commission stepping in, but I’m not holding my breath. After all, Apple’s rules and regulations regarding installing applications outside of the App Store in the EU are not that different from what Google is going to do. While the EU is not happy with the details of Apple’s rules, their general gist seems to be okay with them.

I’m afraid governments won’t be stepping in to stop this one.

An infostealer and banking Trojan rolled into one is making the rounds in Facebook groups aimed at “active seniors”.

Attackers used social engineering methods to lure targets into joining fake Facebook groups that appeared to promote travel and community activities—such as trips, dance classes, and community gatherings. Once people joined, they were invited to download an Android app to “register” for those offered activities.

Researchers at ThreatFabric found numerous Facebook groups created under this pretense, stocked with AI-generated content to appear authentic and trick users into downloading the malware. App names included Senior Group, Lively Years, ActiveSenior, and DanceWave. In some cases, victims were also asked to pay a sign-up fee on the same website, leading to phishing and card detail theft.

One of the servers hosting these downloads was located at download.seniorgroupapps[.]com.

Sometimes the cybercriminals sent a follow-up message through Messenger or WhatsApp, sharing the download links for the malicious apps.

Often this would be the Datzbro Trojan, but sometimes victims were hit with Zombinder, a Trojan dropper capable of bypassing the security restrictions Google introduced in Android 13 and later versions.

What Datzbro can do

The researchers found that Datzbro had capabilities similar to both spyware and banking Trojans—specifically designed to drain bank accounts.

Once installed, this Android malware can:

• Record audio and video, and access files and photos.
• Display phishing overlays that mimic other apps to steal passwords and send them to the attackers.
• Let attackers remotely control infected Android devices, including locking or unlocking the screen.

Researchers analyzed the code and suspect that it was likely developed in China, but later leaked and was reused by broader cybercriminal groups. The campaign has reached victims worldwide, including Australia, Singapore, Malaysia, Canada, South Africa, and the UK.

How to stay safe in Facebook groups

Although many of the Facebook groups involved in this campaign have been taken down, there might be others. To protect yourself:

• Check a Facebook group’s history and avoid those might have freshly set up for malicious purposes. Unfortunately, it’s not possible to check the age of a group before you join, but once you’re a member, look at the dates of historical posts or pinned posts.
• Don’t click on links or install apps provided by such groups or by private messages from people you don’t really know.
• Use up-to-date real-time anti-malware protection, especially on your mobile devices.
• Be wary of groups offering suspicious or too-good-to-be-true promises.
• Check a group’s description and rules for professionalism or red flags.

It’s worth noting that many of the groups also included a button to download an “iOS application.” These were just placeholders at the time, but might be an indication that there are plans to target iPhone users as well.

Indicators of Compromise (IOCs)

The malicious app used these names:

Senior Group

Lively Years

ActiveSenior

DanceWave

and these package names:

twzlibwr.rlrkvsdw.bcfwgozi

orgLivelyYears.browses646

com.forest481.security

inedpnok.kfxuvnie.mggfqzhl

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

The consequences of Google requiring developer certification to install Android applications, even outside of Google’s own Play Store, are starting to reverberate. F-Droid, probably the single most popular non-Google application repository for Android, has made it very clear that Google’s upcoming requirement is most likely going to mean the end of F-Droid.

If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid’s myriad users will be left adrift, with no means to install — or even update their existing installed — applications.

↫ F-Droid’s blog post

A potential loss of F-Droid would be a huge blow to anyone trying to run Android without Google’s applications and frameworks installed on their device. It’s pretty clear that Google is doing whatever it can to utterly destroy the Android Open Source Project, something I’ve been arguing is what the rumours about Google killing AOSP really mean. Why kill AOSP, when you can just make it utterly unusable and completely barren?

Sadly, there isn’t much F-Droid can do. They’re proposing regulators the world over look at Google’s plans, and hopefully come to the conclusion that they’re anti-competitive. Specifically the European Union and the tools provided by the Digital Markets Act could prove useful here, but in the end, only if the will exists to use them can these tools be used in the first place.

It’s dark times for the smartphone world right now, especially if you care about consumer rights and open source. iOS has always been deeply anti-consumer, and while the European Union has managed to soften some of the rough edges, nothing much has changed there. Android, on the other hand, had a thriving open source, Google-free community, but decision by decision, Google is beating it into submission and killing it off. The Android of yesteryear doesn’t exist anymore, and it’s making people who used to work on Android back during the good old times extremely sad.

Jean-Baptiste Quéru, husband of OSNews’ amazing and legendary previous managing editor Eugenia Loli-Queru, worded it like this a few days ago:

All the tidbits of news about Android make me sad.

I used to be part of the Android team.

When I worked there, making the application ecosystem as open as the web was a goal. Releasing the Android source code as soon as something hit end-user devices was a goal. Being able to run your own build on actual consumer hardware was a goal.

For a while after I left, there continued to be some momentum behind what I had pushed for.

But, now, 12 years later, this seems to have all died.

I am sad…

↫ Jean-Baptiste Quéru

And so am I. Like any operating system, Android is far from perfect, but it was remarkable just how open it used to be. I guess good things just don’t survive once unbridled capitalism hits.

It’s no secret that Google wants to bring Android to laptops and desktops, and is even sacrificing Chrome OS to get there. It seems this effort is gaining some serious traction lately, as evidenced by a conversation between Rick Osterloh, Google’s SVP of platforms and devices, and Qualcomm’s CEO, Christiano Amon, during Qualcomm’s Snapdragon Summit.

Google may have just dropped its clearest hint yet that Android will soon power more than phones and tablets. At today’s Snapdragon Summit kickoff, Qualcomm CEO Cristiano Amon and Google’s SVP of Devices and Services Rick Osterloh discussed a new joint project that will directly impact personal computing.

“In the past, we’ve always had very different systems between what we are building on PCs and what we are building on smartphones,” Osterloh said on stage. “We’ve embarked on a project to combine that. We are building together a common technical foundation for our products on PCs and desktop computing systems.”

↫ Adamya Sharma at Android Authority

Amon eventually exclaimed that’s he’s seen the prototype devices, and that “it is incredible”. He added that “it delivers on the vision of convergence of mobile and PC. I cannot wait to have one.” Now, marketing nonsense aside, this further confirms that soon, you’ll be able to buy laptops running Android, and possibly even desktop systems running Android. The real question, though, is – would you want to? What’s the gain of buying an Android laptop over a traditional Windows or macOS laptop?

Then there’s Google’s infamous fickle nature, launching and killing products seemingly randomly, without any clear long-term plans and commitments. Would you buy an expensive laptop running Android, knowing full well Google might discontinue or lose interest in its attempt to bring Android to laptops, leaving you with an unsupported device? I’m sire schools that bought into Chromebooks will gradually move over to the new Android laptops as Chrome OS features are merged into Android, but what about everyone else?

I always welcome more players in the desktop space, and anything that can challenge Microsoft and Apple is welcome, but I’m just not sure if I have faith in Google sticking with it in the long run.

GrapheneOS is a security and privacy-focused mobile operating system based on a modified version of Android (AOSP). To enhance its protection, it integrates advanced security features, including its own memory allocator for libc: hardened malloc. Designed to be as robust as the operating system itself, this allocator specifically seeks to protect against memory corruption.

This technical article details the internal workings of hardened malloc and the protection mechanisms it implements to prevent common memory corruption vulnerabilities. It is intended for a technical audience, particularly security researchers or exploit developers, who wish to gain an in-depth understanding of this allocator’s internals.

↫ Nicolas Stefanski at Synacktiv

GrapheneOS is quite possibly the best way to keep your smartphone secure, and even law enforcement is not particularly amused that people are using it. If the choice is between security and convenience, GrapheneOS chooses security every time, and that’s the reason it’s favoured by many people who deeply care about (smartphone) security. The project’s social media accounts can be a bit… Much at times, but their dedication to security is without question, and if you want a secure smartphone, there’s really nowhere else to turn – unless you opt to trust the black box security approach from Apple.

Sadly, GrapheneOS is effectively under attack not from criminals, but from Google itself. As Google tightens its grip on Android more and more, as we’ve been reporting on for years now, it will become ever harder for GrapheneOS to deliver the kind of security and fast update they’ve been able to deliver. I don’t know just how consequential Google’s increasing pressure is for GrapheneOS, but I doubt it’s making the lives of its developers any easier.

It’s self-defeating, too; GrapheneOS has a long history of basically serving as a test best for highly advanced security features Google later implements for Android in general. A great example is the Memory Tagging Extension, a feature implemented by ARM in hardware, which GrapheneOS implements much more widely and extensively than Google does. This way, GrapheneOS users have basically been serving as testers to see if applications and other components experience any issues when using the feature, paving the way for Google to eventually, hopefully, follow in GrapheneOS’ footsteps.

Google benefits from GrapheneOS, and trying to restrict its ability to properly support devices and its access to updates is shortsighted.

Researchers have discovered a large ad fraud campaign on Google Play Store.

The Satori Threat Intelligence and Research team found 224 malicious apps which were downloaded over 38 million times and generated up to 2.3 billion ad requests per day. They named the campaign “SlopAds.”

Ad fraud is a type of fraud that lets advertisers pay for ads even though the number of impressions (the times that the ad has been seen) is enormously exaggerated.

While the main victims of ad fraud are the advertisers, there are consequences for the users that had these apps installed as well, such as slowed-down devices and connections due to the apps executing their malicious activity in the background without the user even being aware.

At first, to stay under the radar of Google’s app review process and security software, the downloaded app will behave as advertised, if a user has installed it directly from the Play Store.

But if the installation has been initiated by one of the campaign’s ads, the user will receive some extra files in the form of a steganographically encrypted payload.

If the app passes the first check it will receive four .png images that, when decrypted and reassembled, are actually an .apk file. The malicious file uses WebView (essentially a very basic browser) to send collected device and browser information to a Control & Command (C2) server which determines, based on that information, what domains to visit in further hidden WebViews.

The researchers found evidence of an AI (Artificial Intelligence) tool training on the same domain as the C2 server (ad2[.]cc). It is unclear whether this tool actively managed the ad fraud campaign.

Based on similarities in the C2 domain, the researchers found over 300 related domains promoting SlopAds-associated apps, suggesting that the collection of 224 SlopAds-associated apps was only the beginning.

Google removed all of the identified apps listed in this report from Google Play. Users are automatically protected by Google Play Protect, which warns users and blocks apps known to exhibit SlopAds associated behavior at install time on certified Android devices, even when apps come from sources outside of the Play Store.

You can find a complete list of the removed apps here: SlopAds app list

How to avoid installing malicious apps

While the official Google Play Store is the safest place to get your apps from, there is no guarantee that it will remain a non-malicious app just because it is in the Google Play Store. So here are a few extra measures you can take:

• Always check what permissions an app is requesting, and don’t just trust an app because it’s in the official Play Store. Ask questions such as: Do the permissions make sense for what the app is supposed to do? Why did necessary permissions change after an update? Do these changes make sense?
• Occasionally go over your installed apps and remove any you no longer need.
• Make sure you have the latest available updates for your device, and all your important apps (banking, security, etc.)
• Protect your Android with security software. Your phone needs it just as much as your computer.

Another precaution you can take if you’re looking for an app, do your research about the app before you go to the app store. As you can see from the screenshot above, many of the apps are made to look exactly the same as very popular legitimate ones (e.g. ChatGPT).

So, it’s important to know in advance who the official developer is of the app you want and if it’s even available from the app store.

As researcher Jim Nielsen demonstrated for the Mac App Store, there are a lot of apps trying to look like ChatGPT, but they are not the real thing. ChatGPT is not even in the Mac App Store, it is available in the Google Play Store for Android, but make sure to check that OpenAI is listed as the developer.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Google continues putting nails in the coffin that is the Android Open Source Project. This time, they’re changing the way they handle security updates to appease slow, irresponsible Android OEMs, while screwing over everyone else. The basic gist is that instead of providing monthly security updates for OEMs to implement on their Android devices, Google will now move to a quarterly model, publishing only extremely severe issues on a monthly basis.

The benefit for OEMs is that for most vulnerabilities, they get three months to distribute (most) fixes instead of just one month, but the downsides are also legion. Vulnerabilities will now be out in the wild for three months instead of just one, and while they’re shared with OEMs “privately”, we’re talking tends of thousands of pairs of eyes here, so “privately” is a bit of a misnomer. The dangers are obvious; these vulnerabilities will be leaked, and they will be abused by malicious parties.

Another massive downside related to this change is that Google will now no longer be providing the monthly patches as open source within AOSP, instead only releasing the quarterly patch drops as open source. This means exactly what you think it does: no more monthly security updates from third-party ROMs, unless those third-party ROMs choose to violate the embargo themselves and thus invite all sorts of problems.

Extending the patch access window from one month to three is absolutely insane. Google should be striving to shorten this window as much as possible, but instead, they’re tripling it in length to create a false sense of security. OEMs can now point at their quarterly security updates and claim to be patching vulnerabilities as soon as Google publishes them, while in fact, the unpatched vulnerabilities will have been out in the wild for months by that point.

This change is irresponsible, misguided, and done only to please lazy, shitty OEMs to create a false sense of security for marketing purposes.