Now that Apple's lost item finder AirTag has officially been introduced, competitor Tile is going on record ahead of its testimony in front of Congress tomorrow about how it perceives Apple's latest product. In a statement, Tile CEO CJ Prober said today: "Our mission is to solve the everyday pain point of finding lost and misplaced things and we are flattered to see Apple, one of the most valuable companies in the world, enter and validate the category Tile pioneered. The reason so many people turn to Tile to locate their lost or misplaced items is because of the differentiated value we offer our consumers. In addition to providing an industry leading set of features via our app that works with iOS and Android devices, our service is seamlessly integrated with all major voice assistants, including Alexa and Google. And with form factors for every use case and many different styles at affordable prices, there is a Tile for everyone.

Tile has also successfully partnered with top brands like HP, Intel, Skullcandy and fitbit to enable our finding technology in mass market consumer categories like laptops, earbuds and wearables. With over 30 partners, we look forward to extending the benefits of Tile to millions of customers and enabling an experience that helps you keep track of all your important belongings. We welcome competition, as long as it is fair competition. Unfortunately, given Apple's well-documented history of using its platform advantage to unfairly limit competition for its products, we're skeptical. And given our prior history with Apple, we think it is entirely appropriate for Congress to take a closer look at Apple's business practices specific to its entry into this category. We welcome the opportunity to discuss these issues further in front of Congress tomorrow.

Reddit unveiled its take on a Clubhouse-like social audio product on Monday, called Reddit Talk. The Verge reports: The company is billing Monday's announcement as a "sneak preview," since the feature isn't widely available yet. Moderators that want to try the feature out in their subreddit can add themselves to a waitlist for access. Based on Reddit's description and images shared by the company, Reddit Talk appears to look a lot like Clubhouse, Twitter Spaces, and other social audio products. Talks will "live" within subreddits, according to Reddit.

During the initial tests, only subreddit moderators will be able to initiate a Talk, and Talk hosts will have the ability to invite, mute, and remove speakers. While only mods can kick off Talks in the beginning, anyone on iOS and Android can listen to one. Moderation has been an issue for Clubhouse, so it's notable that Reddit is starting small and giving access only to moderators first. At some point in the future, mods will be able to bring on trusted community members as co-hosts. The company says it is "testing ways" for hosts to customize how Talks look with emojis and different background colors, and users will be able to change their avatar, too. Earlier today, Facebook also announced that the company is working on a Clubhouse clone.

Microsoft's Xbox Cloud Gaming service, previously known as xCloud, will begin rolling out in beta to iPhones, iPads and PCs this week. The service will be invite-only to start, Microsoft said in a blog post on Monday. From a report: Xbox Cloud Gaming was on track to launch for iPhones and iPads earlier, but Apple updated its App Store rules in September that impacted services like Xbox Gaming and Google Stadia. Apple's move forced the companies to use web browsers to redesign their services so that they could circumvent the App Store rules. Under the rules, Microsoft, Google and other companies with similar services would have had to offer each game as an individual download instead of offering a complete library the way Netflix does for movies.

Xbox Cloud Gaming is sort of like Netflix for games. People who subscribe to Microsoft's $14.99/month Xbox Game Pass Ultimate plan can access more than 100 titles. The cloud gaming aspect lets you stream the games without having to download them, provided you have a fast enough internet connection. The streaming option is already available for Android phones.

Google's Android team supports Rust for developing the Android operating system. Now they're also helping evaluate Rust for Linux kernel development. Their hopes, among other things, are that "New code written in Rust has a reduced risk of memory safety bugs, data races and logic bugs overall," that "abstractions that are easier to reason about," and "More people get involved overall in developing the kernel, thanks to the usage of a modern language."

Linus Torvalds responded in a new interview with IT Wire (shared by Slashdot reader juul_advocate): The first patches for Rust support in the Linux kernel have been posted and the man behind the kernel says the fact that these are being discussed is much more important than a long post by Google about the language. Linus Torvalds told iTWire in response to queries that Rust support was "not there yet", adding that things were "getting to the point where maybe it might be mergeable for 5.14 or something like that..." Torvalds said that it was still early days for Rust support, "but at least it's in a 'this kind of works, there's an example, we can build on it'."

Asked about a suggestion by a commenter on the Linux Weekly News website, who said, during a discussion on the Google post, "The solution here is simple: just use C++ instead of Rust", Torvalds could not restrain himself from chortling. "LOL," was his response. "C++ solves _none_ of the C issues, and only makes things worse. It really is a crap language.

"For people who don't like C, go to a language that actually offers you something worthwhile. Like languages with memory safety and [which] can avoid some of the dangers of C, or languages that have internal GC [garbage collection] support and make memory management easier. C++ solves all the wrong problems, and anybody who says 'rewrite the kernel in C++' is too ignorant to even know that."

He said that when one spoke of the dangers of C, one was also speaking about part of what made C so powerful, "and allows you to implement all those low-level things efficiently".
Torvalds added that, while garbage collection is "a very good thing in most other situations," it's "generally not necessarily something you can do in a low-level system programming."

Australia's federal court found that Google misled users about personal location data collected through Android mobile devices between 2017 and 2018, the country's competition regulator said Friday. From a report: The Australian Competition and Consumer Commission (ACCC) -- which launched legal proceedings against Google in 2019 -- said the ruling was an "important victory for consumers" with regard to the protection of online privacy. Google misled Android users into thinking the search giant could collect personal data only if the "location history" setting was on, the ACCC said. The court found that Google could still collect, store and use personally identifiable location data if the setting for "web and application activity" was on -- even if "location history" was turned off. "This is an important victory for consumers, especially anyone concerned about their privacy online, as the Court's decision sends a strong message to Google and others that big businesses must not mislead their customers," ACCC Chair Rod Sims said in a statement.

According to a new report from Light Reading, the three major U.S. carriers (four at the time) have reportedly abandoned their joint venture to launch a new Cross Carrier Messaging Initiative (CCMI), that promised interoperability for an RCS Universal Profile-based messaging standard. It was originally set to be launched in 2020. [For a detailed explanation of RCS Messaging, we recommend this article.] Android Police reports: Although the company handling the logistics behind the cross-carrier effort claims that it's still "continuing to move forward with preparations," a Verizon spokesperson told Light Reading that "the owners of the Cross Carrier Messaging Initiative decided to end the joint venture effort." [...] This may seem like bad news, but things have changed since 2019. In the time since the CCMI was announced, Google leapfrogged the carrier's selfish dithering and rolled out its own RCS messaging solution via the Messages app, all connected to its Jibe network (though it will use your carrier network if it's Universal Profile-compatible). It's a move that means customers don't have to wait on their carriers to start the work they should have done five years ago. More recently, T-Mobile has essentially handed the reins for its whole network messaging solution to Google by adopting Messages as the default SMS app for all T-Mobile phones, connecting all its customers to Google's RCS network.

Given what has and hasn't succeeded when it comes to RCS messaging, what we'd like to see is for Verizon and AT&T to follow T-Mobile, give up on their own stupid standards, and simply adopt Google's RCS Messaging -- either by connecting their chat apps to Google's Jibe network somehow or by adopting the Messages app as sanctioned solutions, as T-Mobile did. But in the meantime, there's nothing to prevent customers on either network from just installing the Messages app themselves and bypassing the carrier mess altogether -- especially since it sounds like the carriers have given up on fixing it.

An anonymous reader writes: If you're a frequent user of WhatsApp, you may want to keep an eye on a disturbing hole discovered in its security this weekend. It's possible for an attacker to completely suspend your WhatsApp account, without any recourse for the individual user, and all they need is your phone number. At the time of writing there's no solution for this issue.

This newly-discovered flaw uses two separate vectors. The attacker installs WhatsApp on a new device and enters your number to activate the chat service. They can't verify it, because of course, the two-factor authentication system is sending the login prompts to your phone instead. After multiple repeated and failed attempts, your login is locked for 12 hours. Here's where the tricky part comes in: with your account locked, the attacker sends a support message to WhatsApp from their email address, claiming that their (your) phone has been lost or stolen, and that the account associated with your number needs to be deactivated. WhatsApp "verifies" this with a reply email, and suspends your account without any input on your end. The attacker can repeat the process several times in succession to create a semi-permanent lock on your account. The results are disturbing, but at the very least, this method can't be used to actually gain access to an account, merely to block access by its legitimate owner. Confidential text messages and contacts are not exposed. The proof-of-concept attack was first reported by Forbes from security researchers Luis Marquez Carpintero and Ernesto Canales Perena. There's no indication that it's being used in the wild.

An anonymous reader quotes a report from 9to5Google: A new Google Shopping experience that featured a personalized homepage launched in 2019. On Android, Google rebranded the existing Express app to Shopping, but it's now shutting down the mobile experience in favor of just the web. The [Android and iOS clients] will continue to work through June. It comes as Google has been expanding shopping functionality in Search, Image Search, and YouTube, while increasingly leveraging augmented reality: "Within the next few weeks, we'll no longer be supporting the Shopping app. All of the functionality the app offered users is available on the Shopping tab. We'll continue building features within the Shopping tab and other Google surfaces, including the Google app, that make it easy for people to discover and shop for the products they love."

The Federal Communications Commission has released a new speed test app to help measure internet speeds across the country, available on both Android and iOS. From a report: The FCC Speed Test App works similarly to existing speed-testing apps like Ookla's and Fast by Netflix, automatically collecting and displaying data once users press the "start testing" button. According to the FCC, the data collected through the app will inform the agency's efforts to collect more accurate broadband speed information and aid its broadband deployment efforts. "To close the gap between digital haves and have nots, we are working to build a comprehensive, user-friendly dataset on broadband availability," Acting Chair Jessica Rosenworcel said in a statement Monday. "Expanding the base of consumers who use the FCC Speed Test app will enable us to provide improved coverage information to the public and add to the measurement tools we're developing to show where broadband is truly available throughout the United States."

"Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in," reports a new article in Forbes. "Even two-factor authentication will not stop this..."

The attacker triggers a 12-hour freeze on new verification codes being sent to your phone — then simply reports that same phone number as a lost/stolen phone needing deactivation. There are apparently no follow-up questions, and "an automated process has been triggered, without your knowledge, and your account will now be deactivated," Forbes writes.

The phone can't be reactivated without one of those verification codes blocked by that 12-hour freeze (which the attacker can renew for another 12-hour window, until the next day WhatsApp blocks those reactivating codes indefinitely). "There is no sophistication to this attack — that's the real issue here and WhatsApp should address it immediately..." Forbes complains. This shouldn't happen. It shouldn't be possible. Not with a platform used by 2 billion people. Not this easily. When researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, warned they could kill WhatsApp on my phone, blocking me from my own account using just my phone number, I was doubtful. But they were right...

Despite its vast user base, WhatsApp is creaking at the seams. Its architecture has fallen behind its rivals, missing key features such as multi-device access and fully encrypted backups. As the world's most popular messenger focuses on mandating new terms of service to enable Facebook's latest money-making schemes, these much-needed advancements remain "in development...."
Reached for comment, WhatsApp told Forbes that any victims of the attack should contact their support team — adding that such an attack would "violate our terms of service."

But Forbes adds "your other option would be to follow Mark Zuckerberg's reported example and start to use Signal..." Unfortunately, playing down the seriousness of security risks has become the in-house style at Facebook. Back in 2019, I reported on a vulnerability that allowed private user phone numbers to be pulled from Facebook databases at scale using automated bots. That hack was acknowledged by Facebook but dismissed as an "unlikely problem." Some 533 million users might now disagree.

An anonymous reader quotes a report from ZDNet: A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers from Computest demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction. As Zoom has not yet had time to patch the critical security issue, the specific technical details of the vulnerability are being kept under wraps. However, an animation of the attack in action demonstrates how an attacker was able to open the calculator program of a machine running Zoom following its exploit. As noted by Malwarebytes, the attack works on both Windows and Mac versions of Zoom, but it has not -- yet -- been tested on iOS or Android. The browser version of the videoconferencing software is not impacted. Computest researchers Daan Keuper and Thijs Alkemade earned themselves $200,000 for this Zoom discovery, as it was part of the Pwn2Own contest.

In a statement to Tom's Guide, Zoom thanked the Computest researchers and said the company was "working to mitigate this issue with respect to Zoom Chat." In-session Zoom Meetings and Zoom Video Webinars are not affected. "The attack must also originate from an accepted external contact or be a part of the target's same organizational account," Zoom added. "As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust."

Security researchers say APKPure, a widely popular app for installing older or discontinued Android apps from outside of Google's app store, contained malicious adware that flooded the victim's device with unwanted ads. From a report: Kaspersky Lab said that it alerted APKPure on Thursday that its most recent app version, 3.17.18, contained malicious code that siphoned off data from a victim's device without their knowledge, and pushed ads to the device's lock screen and in the background to generate fraudulent revenue for the adware operators. But the researchers said that the malicious code had the capacity to download other malware, potentially putting affected victims at further risk.

Apple knows that iMessage's blue bubbles are a big barrier to people switching to Android, which is why the service has never appeared on Google's mobile operating system. From a report: That's according to depositions and emails from Apple employees, including some high-ranking executives, revealed in a court filing from Epic Games as part of its legal dispute with the iPhone manufacturer. Epic argues that Apple consciously tries to lock customers into its ecosystem of devices, and that iMessage is one of the key services helping it to do so. It cites comments made by Apple's senior vice president of Internet Software and Services Eddie Cue, senior vice president of software engineering Craig Federighi, and Apple Fellow Phil Schiller to support its argument.

"The #1 most difficult [reason] to leave the Apple universe app is iMessage ... iMessage amounts to serious lock-in," was how one unnamed former Apple employee put it in an email in 2016, prompting Schiller to respond that, "moving iMessage to Android will hurt us more than help us, this email illustrates why." "iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones," was Federighi's concern according to the Epic filing. Although workarounds to using iMessage on Android have emerged over the years, none have been particularly convenient or reliable.

schwit1 shares a report from Ars Technica: Austrian privacy activist Max Schrems has filed a complaint against Google in France alleging that the US tech giant is illegally tracking users on Android phones without their consent. Android phones generate unique advertising codes, similar to Apple's Identifier for Advertisers (IDFA), that allow Google and third parties to track users' browsing behavior in order to better target them with advertising. In a complaint filed on Wednesday, Schrems' campaign group Noyb argued that in creating and storing these codes without first obtaining explicit permission from users, Google was engaging in "illegal operations" that violate EU privacy laws.

Noyb urged France's data privacy regulator to launch a probe into Google's tracking practices and to force the company to comply with privacy rules. It argued that fines should be imposed on the tech giant if the watchdog finds evidence of wrongdoing. "Through these hidden identifiers on your phone, Google and third parties can track users without their consent," said Stefano Rossetti, privacy lawyer at Noyb. "It is like having powder on your hands and feet, leaving a trace of everything you do on your phone -- from whether you swiped right or left to the song you downloaded." Last year, Schrems won a landmark case at Europe's highest court that ruled a transatlantic agreement on transferring data between the bloc and the US used by thousands of corporations did not protect EU citizens' privacy.

For the past few years, Google has been encouraging developers to write Android apps with Kotlin. The underlying OS still uses C and C++, though Google today announced Android Open Source Project (AOSP) support for Rust. From a report: This is part of Google's work to address memory safety bugs in the operating system: "We invest a great deal of effort and resources into detecting, fixing, and mitigating this class of bugs, and these efforts are effective in preventing a large number of bugs from making it into Android releases. Yet in spite of these efforts, memory safety bugs continue to be a top contributor of stability issues, and consistently represent ~70% of Android's high severity security vulnerabilities."

The company believes that memory-safe languages, like Rust, are the "most cost-effective means for preventing memory bugs" in the bootloader, fastboot, kernel, and other low-level parts of the OS. Unlike C and C++, where developers manage memory lifetime, Rust "provides memory safety guarantees by using a combination of compile-time checks to enforce object lifetime/ownership and runtime checks to ensure that memory accesses are valid." Google has been working to add this support to AOSP for the past 18 months. Performance is equivalent to the existing languages, while increasing the effectiveness of current sandboxing and reducing the overall need for it. This allows for "new features that are both safer and lighter on resources." Other improvements include data concurrency, a more expressive type system, and safer integer handling.

The developers behind Niagara Launcher, a popular third-party home screen replacement app, have found new evidence in the Android 12 preview documentation, which suggests that Google is adding a new device search API in Android 12 that will let third-party launchers offer a similar universal search feature. XDA Developers reports: [T]he feature will give third-party launchers "access to the centralized AppSearch index maintained by the system." It further highlights that the AppSearch index is a search library for managing structured data featuring: A fully offline on-device solution; A set of APIs for applications to index documents and retrieve them via full-text search; APIs for applications to allow the System to display their content on the system UI surfaces; and Similarly, APIs for applications to allow the System to share their content with other specified applications. This feature will essentially provide a native alternative to universal search apps like Sesame, giving users the option to search for almost anything on their device in an instant.

An anonymous reader quotes a report from Ars Technica: It sounds like this custom Google SoC-powered Pixel is really going to happen. Echoing reports from about a year ago, 9to5Google is reporting that the Pixel 6 is expected to ship with Google's custom "Whitechapel" SoC instead of a Qualcomm Snapdragon chip. The report says "Google refers to this chip as 'GS101,' with 'GS' potentially being short for 'Google Silicon.'" It also notes that chip will be shared across the two Google phones that are currently in development, the Pixel 6 and something like a "Pixel 5a 5G." 9to5 says it has viewed documentation that points to Samsung's SLSI division (Team Exynos) being involved, which lines up with the earlier report from Axios saying the chip is "designed in cooperation with Samsung" and should be built on Samsung's 5nm foundry lines. 9to5Google says the chip "will have some commonalities with Samsung Exynos, including software components."

XDA Developers says it can corroborate the report, saying, "According to our source, it seems the SoC will feature a 3 cluster setup with a TPU (Tensor Processing Unit). Google also refers to its next Pixel devices as 'dauntless-equipped phones,' which we believe refers to them having an integrated Titan M security chip (code-named 'Citadel')." A "3 cluster setup" would be something like how the Snapdragon 888 works, which has three CPU core sizes: a single large ARM X1 core for big single-threaded workloads, three medium Cortex A78 cores for multicore work, and four Cortex A55 cores for background work. The Pixel 6 should be out sometime in Q4 2021, and Pixel phones always heavily, heavily leak before they launch. So I'm sure we'll see more of this thing soon. "I think the biggest benefit we'll see from a Google SoC is an expanded update timeline," writes Ron Amadeo. "Android updates go a lot smoother when you get support from the SoC manufacturer, but Qualcomm abandons all its chips after the three-year mark for major updates. This lack of support makes updates significantly harder than they need to be, and today that's where Google draws the line at updates."

"Beyond easier updates, I don't know that we can expect much from Whitechapel," adds Amadeo, noting that lots of Android manufacturers have made their own chips but none of them have been able to significantly beat Qualcomm. "It's hard to be bullish on Google's SoC future when the company doesn't seem to be making the big-money acquisitions and licensing deals that Apple, Qualcomm, and Samsung are making. But at least it's a start."

The U.S. Supreme Court ruled that Alphabet's Google didn't commit copyright infringement when it used Oracle's programming code in the Android operating system, sparing Google from what could have been a multibillion-dollar award. From a report: The 6-2 ruling, which overturns a victory for Oracle, marks a climax to a decade-old case that divided Silicon Valley and promised to reshape the rules for the software industry. Oracle was seeking as much as $9 billion. The court said Google engaged in legitimate "fair use" when it put key aspects of Oracle's Java programming language in the Android operating system. Writing for the court, Justice Stephen Breyer said Google used "only what was needed to allow users to put their accrued talents to work in a new and transformative program." Each side contended the other's position would undercut innovation. Oracle said that without strong copyright protection, companies would have less incentive to invest the large sums needed to create groundbreaking products. Google said Oracle's approach would discourage the development of new software that builds on legacy products.

This week the lead consumer technology writer for The New York Times urged readers to switch their browser from Chrome, Safari, or Microsoft Edge to a private browser.

"For about a week, I tested three of the most popular options — DuckDuckGo, Brave and Firefox Focus. Even I was surprised that I eventually switched to Brave as the default browser on my iPhone." Firefox Focus, available only for mobile devices like iPhones and Android smartphones, is bare-bones. You punch in a web address and, when done browsing, hit the trash icon to erase the session. Quitting the app automatically purges the history. When you load a website, the browser relies on a database of trackers to determine which to block.

The DuckDuckGo browser, also available only for mobile devices, is more like a traditional browser. That means you can bookmark your favorite sites and open multiple browser tabs. When you use the search bar, the browser returns results from the DuckDuckGo search engine, which the company says is more focused on privacy because its ads do not track people's online behavior. DuckDuckGo also prevents ad trackers from loading. When done browsing, you can hit the flame icon at the bottom to erase the session.

Brave is also more like a traditional web browser, with anti-tracking technology and features like bookmarks and tabs. It includes a private mode that must be turned on if you don't want people scrutinizing your web history. Brave is also so aggressive about blocking trackers that in the process, it almost always blocks ads entirely. The other private browsers blocked ads less frequently....

In the end, though, you probably would be happy using any of the private browsers... For me, Brave won by a hair. My favorite websites loaded flawlessly, and I enjoyed the clean look of ad-free sites, along with the flexibility of opting in to see ads whenever I felt like it. Brendan Eich, the chief executive of Brave, said the company's browser blocked tracking cookies "without mercy."

"If everybody used Brave, it would wipe out the tracking-based ad economy," he said.

Count me in.

Google today announced a series of policy updates for apps distributed through the Play Store. The most impactful sees Google limit most developers from seeing which Android apps are installed on your device. From a report: As part of its ongoing work to restrict the use of high risk/sensitive permissions, Google is limiting what apps can use the QUERY_ALL_PACKAGES permission that "gives visibility into the inventory of installed apps on a given device." This applies to apps that target API 30+ on devices running Android 11 and newer. Enforcement was originally meant to occur earlier, but delayed in light of COVID-19.