Connect with us

Biz & IT

Google releases Android 10 | Tech News Hero

Published

on

Android 10 is now available, assuming you have a phone that already supports Google’s latest version of its mobile operating system. For now, that’s mostly Google’s own Pixel phones, though chances are that most of the phones that were supported during the beta phase will get updated to the release version pretty soon, too.

Since the development of Android pretty much happens in the open these days, the release itself doesn’t feature any surprises. Just like with the last few releases, chances are you’ll have to look twice after the update to see whether your phone actually runs the latest version. There are plenty of tweaks in Android 10, but some of the most interesting new features are a bit hidden and (at least in the betas) off by default.

The one feature everybody has been waiting for is a dark mode and here, Android 10 doesn’t disappoint. The new dark theme is now ready for your night-time viewing, with the promise of improved battery life for your OLED phone and support from a number of apps like Photos and Calendar. Over time, more apps will automatically switch to a dark theme as well, but right now, the number seems rather limited and a bit random, with Fit offering a dark mode while Gmail doesn’t.

The other major tweak is the updated gesture navigation. This remains optional — you can still use the same old three-button navigation Android has long offered. It’s essentially a tweak of the navigation system that launched with Android Pie. For the most part, the new navigation gestures work just fine and feel more efficient than those in Pie, especially when you try to switch between apps. Swiping left and right from the screen replaces the back button, which isn’t immediately obvious, and a slightly longer press on the side of the screen occasionally opens a navigation drawer. I say “occasionally,” because I think this is the most frustrating part of the experience. Sometimes it works, sometimes it doesn’t. The trick to opening the drawer, it seems, is to swipe at an angle that’s well above 45 degrees.

Also new is an updated Smart Reply feature that now suggests actions from your notifications. If a notification includes a link, for example, Smart Reply will suggest opening it in Chrome. Same for addresses, where the notification can take you right to Google Maps, or YouTube videos that you can play in — you guessed it — YouTube. This should work across all popular messaging apps.

There are also a couple of privacy and security features here, including the ability to only share location data with apps while you use them and a new Privacy section in Settings that gives you access to controls for managing your web and app history, as well as your ad settings in a slightly more prominent place.

With the new Google Play system updates, the company can now also push important security and privacy fixes right to the phone from the Google Play store, which allows it to patch issues without having to go through the system update process. Given the slow Android OS upgrade cycles, that’s an important new feature, though it, too, is an evolution of Google’s overall strategy to decouple these updates and core features from the OS updates.

Two other interesting new features are still in beta or won’t be available until later this year, but Google prominently highlights Focus Mode, which allows you to silence specific apps for a while and which is now in beta, and Live Caption, which will launch in the fall on Pixel phones and which can automatically caption videos and audio across all apps. I’ve been beta testing Focus Mode for a bit and I’m not sure it has really made a difference in my digital well-being, but the ability to mute notifications from YouTube during the workday, for example, has probably made me a tiny bit more productive.

Oh, and there’s also native support for foldable phones, but for the time being, there are no foldable phones on the market.

Like with most recent releases, those are just some of the highlights. There are plenty of small tweaks, too, and chances are you’ll notice a few new fonts and visual tweaks here and there. For the most part, though, you can continue to use Android like you always have. Even major changes like the updated gesture controls are optional. It’s very much an evolutionary update, but that’s pretty much the case for any mobile OS these days.

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Biz & IT

Chrome “Feed” is tantalizing, but it’s not the return of Google Reader

Published

on

Enlarge / Digging into bleeding-edge Chrome code has made some bloggers hopeful, but Google has been focused on its own feeds for a while now. (credit: Getty Images)

Does Google enjoy teasing and sometimes outright torturing some of its products’ most devoted fans? It can seem that way.

Tucked away inside a recent bleeding-edge Chrome build is a “Following feed” that has some bloggers dreaming of the return of Google Reader. It’s unlikely, but never say never when it comes to Google product decisions.

Chrome added a sidebar for browsing bookmarks and Reading List articles back in March. Over the weekend, the Chrome Story blog noticed a new flag in Gerrit, the unstable testing build of Chrome’s open source counterpart Chromium. Enabling that #following-feed-sidepanel flag (now also available in Chrome’s testing build, Canary) adds another option to the sidebar: Feed.

Read 7 remaining paragraphs | Comments

Continue Reading

Biz & IT

1,900 Signal users’ phone numbers exposed by Twilio phishing

Published

on

Enlarge / Signal’s security-minded messaging app is dealing with a third-party phishing attempt that exposed a small number of users’ phone numbers.

Getty Images

A successful phishing attack at SMS services company Twilio may have exposed the phone numbers of roughly 1,900 users of the secure messaging app Signal—but that’s about the extent of the breach, says Signal, noting that no further user data could be accessed.

In a Twitter thread and support document, Signal states that a recent successful (and deeply resourced) phishing attack on Twilio allowed access to the phone numbers linked with 1,900 users. That’s “a very small percentage of Signal’s total users,” Signal writes, and all 1,900 affected users will be notified (via SMS) to re-register their devices. Signal, like many app companies, uses Twilio to send SMS verification codes to users registering their Signal app.

With momentary access to Twilio’s customer support console, attackers could have potentially used the verification codes sent by Twilio to activate Signal on another device and thereby send or receive new Signal messages. Or an attacker could confirm that these 1,900 phone numbers were actually registered to Signal devices.

No other data could be accessed, in large part because of Signal’s design. Message history is stored entirely on user devices. Contact and block lists, profile details, and other user data require a Signal PIN to access. And Signal is asking users to enable registration lock, which prevents Signal access on new devices until the user’s PIN is correctly entered.

“The kind of telecom attack suffered by Twilio is a vulnerability that Signal developed features like registration lock and Signal PINs to protect against,” Signal’s support document reads. The messaging app notes that while Signal doesn’t “have the ability to directly fix the issues affecting the telecom ecosystem,” it will work with Twilio and other providers “to tighten up their security where it matters for our users.”

Signal PINs were introduced in May 2020, in part to de-emphasize the reliance on phone numbers as a primary user ID. This latest incident may provide another nudge to de-couple Signal’s strong security from the SMS ecosystem, where cheap, effective spoofing and broad network hacks remain all too common.

Continue Reading

Biz & IT

Update Zoom for Mac now to avoid root-access vulnerability

Published

on

Enlarge / A critical vulnerability in Zoom for Mac OS allowed unauthorized users to downgrade Zoom or even gain root access. It has been fixed, and users should update now.

Getty Images

If you’re using Zoom on a Mac, it’s time for a manual update. The video conferencing software’s latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system.

The vulnerability was first discovered by Patrick Wardle, founder of the Objective-See Foundation, a nonprofit Mac OS security group. Wardle detailed in a talk at Def Con last week how Zoom’s installer asks for a user password when installing or uninstalling, but its auto-update function, enabled by default, doesn’t need one. Wardle found that Zoom’s updater is owned and runs as the root user.

The gist of how Zoom's auto-update utility allows for privilege escalation exploits, from Patrick Wardle's Def Con talk.
Enlarge / The gist of how Zoom’s auto-update utility allows for privilege escalation exploits, from Patrick Wardle’s Def Con talk.

It seemed secure, as only Zoom clients could connect to the privileged daemon, and only packages signed by Zoom could be extracted. The problem is that by simply passing the verification checker the name of the package it was looking for (“Zoom Video ... Certification Authority Apple Root CA.pkg“), this check could be bypassed. That meant malicious actors could force Zoom to downgrade to a buggier, less-secure version or even pass it an entirely different package that could give them root access to the system.

Some of Wardle’s findings had been patched in a prior update, but key root access was still available as of Wardle’s talk on Saturday. Zoom issued a security bulletin the same day, and a patch for version Zoom 5.11.5 (9788) followed soon after. You can download the update directly from Zoom or click on your menu bar options to “Check for updates.” We wouldn’t suggest waiting for an automatic update, for multiple reasons.

Zoom’s software security record is spotty—and at times, downright scary. The company settled with the FTC in 2020 after admitting that it lied for years about offering end-to-end encryption. Wardle previously revealed a Zoom vulnerability that let attackers steal Windows credentials by sending a string of text. Prior to that, Zoom was caught running an entire undocumented web server on Macs, causing Apple to issue its own silent update to kill the server.

Last May, a Zoom vulnerability that enabled a zero-click remote code execution used a similar downgrade and signature-check bypass. Ars’ Dan Goodin noted that his Zoom client didn’t actually update when the fix for that issue arrived, requiring a manual download of an intermediate version first. Hackers can take advantage of exposed Zoom vulnerabilities quickly, Goodin noted, if Zoom users aren’t updated right away. Minus the root access, of course.

Continue Reading

Trending