Can This New Android Threat Brick Your Phone When You Answer A Call?

Microsoft recently published a security blog that warned about a sophisticated new ransomware variant. Not, as you might expect, ransomware that impacts users of the Windows operating system, though. Nope, instead, this was a warning for Android users.

The discovery of a context-aware machine learning code module in the MalLocker.B certainly deserves the sophisticated tag. However, that module has yet to be activated, and more of that in a moment. What has grabbed the attention of Android users who have read the various reports online, it would seem, is the fact that MalLocker.B can effectively brick phones only with a press of the home button when answering a call. But how true is that, and how worried should Android smartphone users actually be?

First things first, this is a fascinating and highly detailed bit of technical blogging from the Microsoft security folk. As such, that is to be welcomed, as is all information that helps us understand how threats, including ransomware, are evolving. Most users, however, will not have read that report for the very same reason: it’s a technical deep dive. That’s a shame, but not unsurprising. The job of journalists and reporters in the information security space is to explain such highly technical revelations in a way that can be absorbed by almost anyone regardless of their level of technical understanding.

On the whole, I think ‘we’ do a pretty decent job of that, and the MalLocker.B reporting is no exception. Apart from one thing: my inbox would suggest that many readers are coming away with the idea that their Android smartphones are in danger of being bricked simply because they have pressed the home button in response to an incoming call. That is

Google Assistant Now Works With Android Apps

Google announced that now it’s possible to use Google Assistant with third-party apps on Android phones. So, Android users will be able to search and control their third-party apps when they ask it to Google Assistant. Google is rolling out the ability to search apps, use voice commands for popular tasks like sending text messages, ask for the news on Twitter, or browsing your shopping cart. For example, you can now say, “Hey Google, search cozy blankets on Etsy” and get right to what you’re looking for. Or if you’re looking for something (or someone) specific within an app, just say, “Hey Google, open Selena Gomez on Snapchat.” 

Previously, Google Assistant’s third-party support was largely limited to some custom actions, mostly apps that run within Assistant. With the new functionality, Google Assistant will work directly with apps that you have installed on your phone. Now, these kinds of voice commands will work with more than 30 of the top apps on Google Play. “People do a lot more with their apps beyond simply opening and searching within apps, and we want to enable voice commands to those frequent tasks, too. Now you can do things like playing music, starting a run, posting on social media, ordering food, paying back a friend, hailing a ride—the list goes on and on—all with just your voice. Starting today, you can try doing more using your voice with more than 30 of the top apps on Google Play available in English globally, with more apps coming.” Google states. 

Google Assistant brings new functionality to most common tasks as well. For your most common tasks, you can create custom shortcut phrases. So instead of saying, “Hey Google, tighten my shoes with Nike Adapt,” you can create a shortcut to just say, “Hey Google, lace it.”

U.S. Supreme Court divided over Google’s bid to end Oracle’s Android copyright lawsuit

(Reuters) — The U.S. Supreme Court appeared divided on Wednesday as it considered whether to protect Alphabet Inc’s Google from a long-running lawsuit by Oracle accusing it of infringing Oracle copyrights to build the Android operating system that runs most of the world’s smartphones.

The shorthanded court, down one justice following last month’s death of Ruth Bader Ginsburg, heard oral arguments in Google’s appeal of a lower court ruling reviving the lawsuit in which Oracle has sought at least $8 billion in damages.

Some of the eight justices expressed concern that Google simply copied Oracle’s software code instead of innovating and creating its own for mobile devices. Others emphasized that siding with Oracle could give software developers too much power with potentially harmful effects on the technology industry.

A jury cleared Google in 2016, but the U.S. Court of Appeals for the Federal Circuit overturned that decision in 2018, finding that Google’s inclusion of Oracle’s software code in Android was not permissible under U.S. copyright law.

Oracle accused Google of copying thousands of lines of computer code from its popular Java programming language without a license in order to make Android, a competing platform that has harmed Oracle’s business.

Google lawyer Thomas Goldstein told the justices that the disputed Java code should not receive copyright protection because it was the “the only way” to create new programs using the programming language.

“The language only permits us to use those,” Goldstein said.

Chief Justice John Roberts suggested Google still should have paid Oracle for a license to Java.

“Cracking the safe may be the only way to get the money that you want, but that doesn’t mean you can do it,” Roberts said.

Justice Neil Gorsuch questioned Goldstein on whether Google had simply piggybacked on Oracle’s innovation.

Gorsuch asked,

Samsung’s Android 11-powered One UI 3.0 update enters public beta in the US

Samsung’s One UI 3.0 update, which incorporates Android 11’s new features alongside some Samsung-specific improvements, has started rolling out in public beta in the US, SamMobile reports. The software is reportedly available for the T-Mobile variants of Samsung’s Galaxy S20 lineup, including the standard S20, S20 Plus, and S20 Ultra, though the rollout should expand in the hours and days ahead. If you’ve got a supported device, you can enroll in the beta via the Samsung Members app.

Thanks to the earlier developer beta release, we already have a pretty good idea of what to expect from One UI 3.0. There are minor UI tweaks like being able to touch and hold an app to quickly access its widgets, or double-tapping the home screen to turn off the phone’s display. A full list of these Samsung-specific improvements, which also include include DeX, stock app, and Bixby updates, can be found in a full changelog posted by Android Police.

As well as Samsung’s changes, One UI 3.0 also delivers Android 11’s new features, which include updated media player controls and notification panel tweaks. You can read all about them in our full Android 11 review. The update also includes Android’s latest security patch from October 2020, SamMobile reports.

Samsung’s One UI 3.0 beta launched in South Korea yesterday, and SamMobile reports that it’s expected to launch soon in China, Germany, India, Poland, and the United Kingdom.

Source Article

Google initiative warns of Android security flaws in non-Pixel devices

Google already has efforts to improve Android security, such as speeding updates and offering bug bounties, but it’s now ramping things up by disclosing flaws for software it didn’t write. The company has launched an Android Partner Vulnerability Initiative (via XDA-Developers) to manage security flaws it discovers that are specific to third-party Android devices. Google hopes to both “drive remediation” (read: prompt faster patch releases) and warn users about potential problems.



a hand holding a cellphone: Huawei P30 and P30 Pro running Android


Huawei P30 and P30 Pro running Android

The company added that its initiative had already addressed a number of Android issues. It didn’t mention companies by name in a blog post, but a bug tracker for the program mentioned several manufacturers. Huawei had issues with insecure device backups in 2019, for example. Oppo and Vivo phones had sideloading vulnerabilities. ZTE had weaknesses in its message service and browser autofill. Other affected vendors included Meizu, chip maker MediaTek, Digitime, and Transsion.

Google notified all of the vendors before disclosing the flaws, and most if not all appear to have been fixed.

The move is a reminder to keep your device updated, of course, but it also applies pressure to Android partners — fix your flaws or the public will know that you didn’t. If that works, you’ll hopefully see a stronger emphasis on security across the Android ecosystem, not just from Google itself.

Continue Reading

Source Article