Waymo is making its ride-hailing app more widely available by putting it on the Google Play store as the self-driving car company prepares to open its service to more Phoenix residents.
The company, which spun out to become a business under Alphabet, launched a limited commercial robotaxi service called Waymo One in the Phoenix area in December. The Waymo One self-driving car service, and accompanying app, was only available to Phoenix residents who were part of its early rider program, which aimed to bring vetted regular folks into its self-driving minivans.
Technically, Waymo has had Android and iOS apps for some time. But interested riders would only gain access to the app after first applying on the company’s website. Once accepted to the early rider program, they would be sent a link to the app to download to their device.
The early rider program, which launched in April 2017, had more than 400 participants the last time Waymo shared figures. Waymo hasn’t shared information on how many people have moved over to the public service, except to say “hundreds of riders” are using it.
Now, with Waymo One launching on Google Play, the company is cracking the door a bit wider. However, there will be still be limitations to the service.
Interested customers with Android devices can download the app. Unlike a traditional ride-hailing service, like Uber or Lyft, this doesn’t mean users will get instant access. Instead, potential riders will be added to a waitlist. Once accepted, they will be able to request rides in the app.
These new customers will first be invited into Waymo’s early rider program before they’re moved to the public service. This is an important distinction, because early rider program participants have to to sign non-disclosure agreements and can’t bring guests with them. These new riders will eventually be moved to Waymo’s public service, the company said. Riders on the public service can invite guests, take photos and videos and talk about their experience.
“These two offerings are deeply connected, as learnings from our early rider program help shape the experience we ultimately provide to our public riders,” Waymo said in a blog post Tuesday.
Waymo has been creeping toward a commercial service in Phoenix since it began testing self-driving Chrysler Pacifica minivans in suburbs like Chandler in 2016.
The following year, Waymo launched its early rider program. The company also started testing empty self-driving minivans on public streets that year.
Waymo began in May 2018 to allow some early riders to hail a self-driving minivan without a human test driver behind the wheel. More recently, the company launched a public transit program in Phoenix focused on delivering people to bus stops and train and light-rail stations.
Google announced an update on Wednesday to the Stable channel of its Chrome browser that includes a fix for an exploit that exists in the wild.
CVE-2022-2856 is a fix for “insufficient validation of untrusted input in Intents,” according to Google’s advisory. Intents are typically a way to pass data from inside Chrome to another application, such as the share button on Chrome’s address bar. As noted by the Dark Reading blog, input validation is a common weakness in code.
The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that’s all the information we have for now. Details of the exploit are currently tucked behind a wall in the Chromium bugs group and are restricted to those actively working on related components and registered with Chromium. After a certain percentage of users have applied the relevant updates, those details may be revealed.
Google says the update—104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows—will “roll out over the coming days/weeks,” but you can (and should) manually update Chrome now (check the “About” section of your settings).
There are 10 other security fixes included in the update. Dark Reading notes that this is Chrome’s fifth zero-day vulnerability disclosed in 2022.
A security researcher says that Apple’s iOS devices don’t fully route all network traffic through VPNs, a potential security issue the device maker has known about for years.
Michael Horowitz, a longtime computer security blogger and researcher, puts it plainly—if contentiously—in a continually updated blog post. “VPNs on iOS are broken,” he says.
Any third-party VPN seems to work at first, giving the device a new IP address, DNS servers, and a tunnel for new traffic, Horowitz writes. But sessions and connections established before a VPN is activated do not terminate and, in Horowitz’s findings with advanced router logging, can still send data outside the VPN tunnel while it’s active.
In other words, you’d expect a VPN to kill existing connections before establishing a connection so they can be re-established inside the tunnel. But iOS VPNs can’t seem to do this, Horowitz says, a finding that is backed up by a similar report from May 2020.
“Data leaves the iOS device outside of the VPN tunnel,” Horowitz writes. “This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6.”
Privacy company Proton previously reported an iOS VPN bypass vulnerability that started at least in iOS 13.3.1. Like Horowitz’s post, ProtonVPN’s blog noted that a VPN typically closes all existing connections and reopens them inside a VPN tunnel, but that didn’t happen on iOS. Most existing connections will eventually end up inside the tunnel, but some, like Apple’s push notification service, can last for hours.
The primary issue with non-tunneled connections persisting is that they could be unencrypted and that the IP address of the user and what they’re connecting to can be seen by ISPs and other parties. “Those at highest risk because of this security flaw are people in countries where surveillance and civil rights abuses are common,” ProtonVPN wrote at the time.
ProtonVPN confirmed that the VPN bypass persisted in three subsequent updates to iOS 13. ProtonVPN indicated in its blog post that Apple would add functionality to block existing connections, but this functionality as added did not appear to make a difference in Horowitz’s results.
Horowitz tested ProtonVPN’s app in mid-2022 on an iPad iOS 15.4.1 and found that it still allowed persistent, non-tunneled connections to Apple’s push service. The Kill Switch function added to ProtonVPN, which describes its function as blocking all network traffic if the VPN tunnel is lost, did not prevent leaks, according to Horowitz.
Horowitz tested again on iOS 15.5 with a different VPN provider and iOS app (OVPN, running the WireGuard protocol). His iPad continued to make requests to both Apple services and to Amazon Web Services.
ProtonVPN had suggested a workaround that was “almost as effective” as manually closing all connections when starting a VPN: Connect to a VPN server, turn on airplane mode, then turn it off. “Your other connections should also reconnect inside the VPN tunnel, though we cannot guarantee this 100%,” ProtonVPN wrote. Horowitz suggests that iOS’s Airplane Mode functions are so confusing as to make this a non-answer.
We’ve reached out to both Apple and OpenVPN for comment and will update this article with any responses.
Horowitz’s post doesn’t offer specifics on how iOS might fix the issue. For his part, Horowitz recommends a $130 dedicated VPN router as a truly secure VPN solution.
VPNs, especially commercial offerings, continue to be a complicated piece of Internet security and privacy. Picking a “best VPN” has long been a challenge. VPNs can be brought down by vulnerabilities, unencrypted servers, greedy data brokers, or by being owned by Facebook.
Does Google enjoy teasing and sometimes outright torturing some of its products’ most devoted fans? It can seem that way.
Tucked away inside a recent bleeding-edge Chrome build is a “Following feed” that has some bloggers dreaming of the return of Google Reader. It’s unlikely, but never say never when it comes to Google product decisions.
Chrome added a sidebar for browsing bookmarks and Reading List articles back in March. Over the weekend, the Chrome Story blog noticed a new flag in Gerrit, the unstable testing build of Chrome’s open source counterpart Chromium. Enabling that #following-feed-sidepanel flag (now also available in Chrome’s testing build, Canary) adds another option to the sidebar: Feed.