Michael Carroll, FierceWireless, 8/28/15
Swisscom said it is the first operator in Europe to combine voice-over-LTE (VoLTE) with Wi-Fi calling to overcome weak mobile signals in heavily insulated buildings.
The operator launched its Wi-Fi calling service in Switzerland and Liechtenstein on Thursday and said it planned to extend the service to other countries over time. The Wi-Fi element forms part of the operator’s Advanced Calling service, which it announced in June when it launched VoLTE in the same two countries.
Marc Werner, Swisscom’s head of residential customers, said it plans to launch Wi-Fi calling in other markets “over the course of the coming year.”
The service automatically switches subscribers to Wi-Fi networks if the signal is stronger than their mobile reception. Swisscom said that can help to improve mobile phone battery life by eliminating the process of switching between 2G, 3G and 4G networks, and that making calls over Wi-Fi would not affect users’ web browsing speeds.
Swisscom is offering Advanced Calling to subscribers on its Natel packages, and said Wi-Fi calls are charged at the standard mobile calling rate.
Werner said the rollout of Advanced Calling in other countries would boost the value of Swisscom’s Natel Infinity plus subscriptions, which already offer “between 30 and 365 days of unlimited calls per year” to users roaming in other European Union markets.
While the company is working to deploy the Wi-Fi service to all Natel subscribers, it is presently only available to customers with a Samsung Galaxy S6 edge smartphone. Swisscom said it would expand availability to other smartphones by the end of the year.
The operator last week said it plans to launch an upgraded LTE network offering data rates of up to 450 Mbps by the year end as part of a push to match growing demand for mobile broadband services. The volume of mobile data transmitted on the operator’s network in the opening half of 2015 doubled compared to the same period of 2014, it said.
Swisscom also plans to launch three-carrier aggregation combining LTE FDD and TDD modes in a commercial network by summer 2016, following a recent demonstration run in conjunction with Ericsson and Qualcomm in Zurich.
– see this Swisscom announcement
– view the operator’s marketing material
ruadhan, MorbiForge, 8/28/15
It’s five years now since Steve Jobs famously declared war on Flash in an open letter entitled Thoughts on Flash. With his knack for prescience, only now is it really looking like it’s lights out for Flash. Android & Google, at the time, somewhat limply, chimed in that it “wasn’t a very nice thing” for Apple to do. But, five years on, Flash has been officially dropped from the Android platform, and since late 2011, Adobe no longer develops its mobile Flash player:
We will no longer continue to develop Flash Player in the browser to work with new mobile device configurations (chipset, browser, OS version, etc.) following the upcoming release of Flash Player 11.1 for Android and BlackBerry PlayBook.
Pressure is mounting on Flash from all sides: advertisers, publishers, and browser manufacturers. The latest death knell for Flash has come from Amazon, who has said that Flash based ads will no longer be permitted on its platforms from September. Use HTML5 instead, is the company’s advice.
Further woes for Flash come with the news that the Chrome browser will begin to automatically pause Flash based ads from 1st September. Google recommends switching to HTML5 (and indeed converts Flash ads to HTML5 automatically where possible). So, with Amazon’s ad network also ceasing Flash ads on this day, September 1st is going to be something of a day of reckoning for Flash, and perhaps a day to be celebrated as a turning point in the history of the web (I propose #FlashBegoneDay). From that day, we should all begin to see fewer Flash ads in our browsers.
In addition a large group of major news publishers have banded together, manifesto-style, urging advertisers to deliver the final death blow to Flash, by moving away from the technology altogether. The letter lists the many benefits of moving to HTML5:
[T]he one open, industry-standard, universal format for building mobile-ready creative is HTML5. Your opportunity has never been greater. Nearly half of the US population has a mobile phone with internet access, and one out of five pageviews on the web happen on a mobile device – a number that is growing every month. HTML5 will enable you […] to make your creative ideas captivating on every screen, elevate your brand image, and lower your creative costs.
The letter closes off like this, with the prominence and influence of the participating publishers hard to miss:
The impact for mobile web can only be positive.
- Performance: Performance was one of the reasons given by Jobs back in 2010:
Flash has not performed well on mobile devices. We have routinely asked Adobe to show us Flash performing well on a mobile device, any mobile device, for a few years now. We have never seen it.
Performance is still an issue. A recent article on the Verge lamented the crapness of the mobile web, whilst said article carried a payload of some 3.5MB, mostly pushed up by the inclusion of ads. No Flash ads will mean better performance all round. Amazon’s guidelines show that it takes performance seriously:
- Console statements must be omitted to avoid verbose logging and errors in older browsers
- Clicks are limited to three redirects
- Ads must limit https requests to six
- Assets must be hosted on a Content Delivery Network (CDN)
- External CSS/JS libraries must be pulled from a server that supports gzipping
- All code must be minified and concatenated
- Privacy & Security: Security was another issues Jobs raised in 2010, saying Symantec recently highlighted Flash for having one of the worst security records in 2009. HTML5, being open and standardised, is likely to suffer far fewer security issues than the closed and proprietary Flash, although let’s be fair, with access to the device hardware such as camera, microphone, and geolocation, as well as local storage, there is alot of sensitive data accessible via the browser; complacency would be remiss. Amazon is taking this seriously with respect to ads, specifying clearly that all ads and ad-tracking must be over HTTPS, and that HTML5 APIs for accessing device hardware are off-limits:
Accessing device API’s such as Local Storage, Geolocation, Microphone, or Camera is prohibited.
(Although, I wonder how easy it would be to sneak something past Amazon’s auditing process…)
It’s hard to see a future for Flash!
Sean Gallagher, ArsTechnica, 8/28/15
Based on anonymized data collected from users of an app designed to check for a newly revealed vulnerability in many Android devices, Check Point discovered that one application in the Google Play store is exploiting the vulnerability to gain a high level of access to the Android OS, bypassing user permissions—and bypassing Google’s security scans of Play applications to do so. Update: A Google spokesperson told Ars that the offending app has been suspended in the Play store.
While the app was discovered installed on an infinitesimal percentage of devices checked by Check Point, it shows that the vulnerability caused by insecure OEM and cell carrier software meant to provide remote access to devices for customer service engineers has already been exploited by “legitimate” phone applications—and the method used to bypass Google’s security checks could be used for more malicious purposes on millions of devices. And there’s no easy way for Google or phone manufacturers alone to patch the problem.
At the Black Hat security conference in Las Vegas earlier this month, Check Point’s Ohad Bobrov and Avi Bashan presented research into an Android vulnerability introduced by software installed by phone manufacturers and cellular carriers that could affect millions of devices. Labeled by Bobrov and Bashan as “Certifi-Gate,” the vulnerability is caused by insecure versions of remote administration tools installed by the manufacturers and carriers to provide remote customer service—including versions of TeamViewer, CommuniTake Remote Care, and MobileSupport by Rsupport. These carry certificates that give them complete access to the Android operating system and device hardware. The applications are commonly pre-installed on Samsung, LG, and HTC handsets.
Check Point has provided a free scanning application to allow individuals to determine if their Android device was vulnerable. Michael Shaulov, Check Point’s head of mobility product management, told Ars that there had been more than 100,000 downloads of the scanning app from Google Play, and more than 30,000 users had opted to provide anonymous scan results from their products. In a blog post published today, Check Point researchers share a summary of that data—a majority (about 58 percent) of the Android devices scanned were vulnerable, with 15.84 percent actually having a vulnerable version of the remote access plug-in installed. The brand with the highest percentage of devices already carrying the vulnerable plug-in was LG—over 72 percent of LG devices scanned in the anonymized pool had a vulnerable version of the plug-in.
In a small fraction of devices scanned, Check Point researchers found an app that was actively exploiting the vulnerability. A tool called “Recordable Activator” from UK-based Invisibility Ltd was advertised as an “EASY screen recorder” that doesn’t require root access to the device. But in fact once installed from the Google Play store, the app downloaded a vulnerable version of the TeamViewer plug-in from another source, Shaulov told Ars. “Because the plug-in is signed by various device manufacturers,” Check Point researchers wrote in their blog post, “it’s considered trusted by Android, and is granted system-level permissions. From this point ‘Recordable Activator’ exploits the authentication vulnerability and connects with the plug-in to record the device screen.”
While it’s possible for device owners to uninstall vulnerable plug-ins, the vulnerability that allows the plug-in to be installed in the first place without the user’s knowledge can’t be fixed so easily—because the permissions for remote access are burned into the ROM of the device itself. And in some cases, as Bobrov said at Black Hat, the tool is pre-installed and unreachable by the customer. “To get rid of it, you need an upgrade of Android OS,” he explained.
In some scenarios—not with TeamViewer, but another of the vulnerable tools— Bobrov said, “you can trick this tool with SMS to respond and get it to work with a malicious command and control server. The user doesn’t see any of this.” While most of the third-party developers have issued patches to their tools to the Play store, he added, “the issue is more problematic—it’s not just the bug itself, it’s the architecture. The vendors themselves signed this tool with their certificate, and there is no way to patch this problem currently. If someone a year from now can trick you into installing a vulnerable version, they’ll still be able to take control.”
Based on Check Point’s findings, that’s exactly what Invisibility Ltd is doing for what is advertised as a legitimate application. Given how easily the developer was able to bypass Google Play’s security scans, it’s possible there are already more malicious applications already out there.
, TheVarGuy, 8/28/15
Ubuntu Linux developers plan to focus efforts on transactionally updated software in Snappy Core, shifting away from the Ubuntu Software Center in Canonical’s open source OS.
Desktop apps stores are dead, and their mobile-oriented equivalents are the future. That’s the message from Canonical, which has quietly made clear that it intends to jettison the Software Center in Ubuntu Linux to focus on mobile apps for Snappy Ubuntu Core.
A little background: Back in elder days, Ubuntu and most other Debian-based Linux distributions shipped with Synaptic, a graphical frontend for installing and removing applications through the Debian package management system. (Most of Ubuntu’s core code is derived from Debian Linux, which is why they share the same system for adding and removing software.)
Then, in 2009, Canonical announced plans to replace Synaptic with an app of its own making called Ubuntu Software Center—which the company at first tried to name the Ubuntu Software Store, to the dismay of many users. The Software Center did most of the same things as Synaptic, but it also offered ways for Canonical to promote certain apps to users, including some that were available for purchase.
Fast forward to the present, and Canonical has announced that it will no longer be maintaining the Software Center. “The deb-based store [read: center; apparently the “store” terminology dies hard] has continued to be a huge problem over time and in fact it has been increasingly expensive to keep running,” according to one representative. Another indicated that, going forward, the “resources that were initially allocated to the classic desktop” will support “building the vision of the mobile store, initially released for the phone.”
For most desktop users, none of this is likely to matter too much. Synaptic and other graphical front ends for adding and removing programs on desktop versions of Ubuntu remain available.
But the bigger item of note here—and what Canonical has not yet said in an entirely explicit way—is that Ubuntu developers appear poised to move further away from the Debian-based package management system as a whole. Instead, they’ll be focusing on Snappy, which uses a separate, transactionally updated software-management platform.
In this respect, the deprecation of the Ubuntu Software Center means that Canonical’s open source operating system will be unique in yet another important way from the rest of the Linux world. That’s consistent with a trend the company has been pursuing for years, as it has replaced community-built applications in Ubuntu with alternatives it created itself, such as the Unity interface and Mir, a display server that should eventually replace X. (For now, Mir, which was launched in 2013, remains under development.)
Sophie-Claire Hoeller, Business Insider, 8/17/15
Forget exorbitant roaming charges, overpriced international data packages, or spotty internet coverage.
FireChat is the perfect travel app, allowing users to send and receive text messages entirely without data or internet thanks to something called mesh networking.
Basically, mesh networking allows you to communicate wirelessly by bouncing your message from one phone equipped with FireChat (within 210 feet of you) to another via Wi-Fi or Bluetooth antennas.
If there aren’t any connections nearby, messages are stored until they can be sent. And don’t worry: Messages will be encrypted, so only the intended recipient will be able to read them. The message then keeps bouncing from phone to phone until it reaches said recipient — and to cross oceans, for example, it’ll hop from phone to phone until it reaches one with internet, then making its way to its final destination like any other message.
Sure, this can take a few minutes — 10 to 20 across a dense metro area, according to Skift — but you’ll be able to send texts from abroad without incurring roaming charges or even from remote or blackout areas that have little to no coverage, including planes and subways.
Of course, this means that the more people download the app the better: According to Skift, only about 5 million mobile users worldwide have downloaded the app, but the app’s creators estimate that as long as 5% of a city’s population has it, messages can be delivered in around 10 minutes.
Originally designed for people to get in touch with each other at crowded events, FireChat became hugely popular in Iraq last year after the country faced restrictions on internet use, and it was an integral part of the 2014 Hong Kong protests and 2015 Ecuadorian protests.
While you may continue to use Facebook Messenger or WhatsApp when connected to the internet, what makes FireChat so great is that it doesn’t rely on any carrier and will work anywhere.
Available on: Android and iOS.
Jacob Siegal, BGR, 8/11/15
Late last month, security researcher Joshua Drake informed the world about an Android exploit known as Stagefright. Google was informed about the vulnerability months in advance, but this was the first time the public was hearing about a security hole that could theoretically affect 95% of all the Android devices in the world.
On Wednesday, Google teamed up with its Android partners on order to announce a fix that would be distributed to vulnerable devices, but as Ron Amadeo of Ars Technica points out, the update is only going to be available to a sliver of the Android community.
“In a perfect world,” Amadeo writes, “the inability to update billions of potentially pwnable Android handsets would be enough to get Google, the OEMs, and the carriers to all sit down, set aside their branding guidelines and marketing department-enforced differences, and say, ‘We need to fix this.’ But we don’t live in a perfect world.”
Amadeo knows that smartphone owners like to compare Android to iOS, but the two couldn’t be further apart when it comes to dealing with manufacturers and issuing updates to a wide variety of devices.
Rather, Android is more comparable to Windows, and although the Android OS will never be as closed off as Windows, Google is going to have to reclaim some of the access that it has freely given to carriers and OEMs in the past if it wants to provide effective safeguards against these kind of vulnerabilities in the future.
Here are Amadeo’s closing thoughts:
There’s too much disregard for the customer in the Android ecosystem to expect any of this get fixed proactively. Carriers and OEMs don’t want to be relegated to the user space, and right now there are no repercussions for their self-centered actions. But consequences are coming. When the big Android malwarepocalypse does arrive, users won’t care about the “two-year flagship” limit on patches if their phones stop working or their data gets stolen.
Users have been (rightly) complaining about the ridiculous degree of fragmentation in the Android ecosystem for years, but there’s nothing they can do until Google takes the issue seriously. Be sure to read the full piece on Ars Technica.
Greg Kumparak, TechCrunch, 8/7/15
The Wi-Fi at my house is almost perfect, save for one frustrating flaw: the signal tanks down to nearly nothing about five feet from where I park.
The signal is strong enough that my phone stays connected, but just so weak that pulling anything up — like, say, directions to where I’m going – doesn’t actually work. It’ll just sit there spinning its wheels until I manually kill the Wi-Fi.
iOS 9 fixes this. When the Wi-Fi signal isn’t quite up to snuff — even though it seems like it SHOULD be okay — it’ll automatically drop back onto cellular data connectivity.
It’s a seemingly simple concept (Connection bad? Use the other one), yet one that no one has really implemented well to date (though you can pull off something similar on Android on certain Samsung devices or with third-party apps like BestSignal or Tasker). In most cases, our phones just trust that a seemingly strong signal is in fact a good connection and will just sit there timing out into infinity.
The catch: this new trick is exclusive to the developers-only iOS 9 beta, for now. If you’re on iOS 8, you’ll have to wait a while. It’ll presumably hit the public, open-to-anyone version of the iOS 9 beta within a few days.
This new “Wi-Fi Assist” feature was spotted first by 9to5Mac, along with a bunch of other new stuff hiding in the beta.
Worried that you might end up gobbling up all of your cell data by accidentally Netflix-binging in one of your house’s Wi-Fi deadzones? Don’t panic: you can turn WiFi Assist off.
Tom Warren, The Verge, 8/7/15
Microsoft announced some huge news at its Build developers conference earlier this year, revealing that Windows 10 can run reworked Android and iOS apps. While developers were intrigued by the news back in April, Microsoft has kept the tools under wraps until today. In yet another surprise move, Microsoft is open sourcing its key porting tool for iOS to Windows apps. Previously codenamed Project Islandwood, the Windows Bridge for iOS enters preview today and all the source code is available immediately on GitHub.
Preview today, full release in the fall
The iOS bridge allows developers to create both Windows 8.1 and Windows 10 apps, with plans to add support for mobile later in the year. This first release is strictly a preview, so it’s not final and Microsoft is really leaning on the open-source community to contribute code, testing, bug reports, and comments on where the company is heading with its porting tool. Microsoft is aiming to release the Windows Bridge for iOS broadly in the fall, alongside a public beta of the Windows Bridge for Android. Microsoft’s Android bridge is currently available as a technical preview by invitation only, and Microsoft is planning to get those on the waitlist access by the end of the month.
Both the tools are designed to make it easier for developers to bring their existing Android and iOS code to universal Windows apps. While the Android version is limited to just phone apps, the iOS equivalent will allow developers to create apps that span across PCs, tablets, and phones. It’s still too early to say whether these porting tools will make a big dent on Microsoft’s lack of apps for Windows tablets and phones, it’s a significant step to open source the iOS version to let the community decide on the direction of Microsoft’s app porting tool.
Cyber security firm Zimperium on Monday warned of a flaw in the world’s most popular smartphone operating system that lets hackers take control with a text message.
“Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message),” Zimperium Mobile Security said in a blog post.
“A fully weaponized successful attack could even delete the message before you see it. You will only see the notification.”
Android code dubbed “Stagefright” was at the heart of the problem, according to Zimperium.
Stagefright automatically pre-loads video snippets attached to text messages to spare recipients from the annoyance of waiting to view clips.
Hackers can hide malicious code in video files and it will be unleashed even if the smartphone user never opens it or reads the message, according to research by Zimperium’s Joshua Drake.
“The targets for this kind of attack can be anyone,” the cyber security firm said, referring to Stagefright as the worst Android flaw discovered to date.
“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.”
Malicious code executed by hackers could take control of smartphones and plunder contents without owners knowing.
Stagefright imperils some 95 percent, or an estimated 950 million, of Android phones, according to the security firm.
Zimperium said that it reported the problem to Google and provided the California Internet firm with patches to prevent breaches.
“Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that’s only the beginning of what will be a very lengthy process of update deployment,” Zimperium said.
It did not appear as though hackers had taken advantage of the Stagefright vulnerability, according to Zimperium.
Updating Android software powering mobile devices is controlled by hardware makers and sometimes telecommunication service carriers, not Google.
While Apple controls the hardware and software in iPhones, iPads, and iPods powered by its mobile operating system, Google makes Android available free to device makers who customize the code and update it as they see fit.
More about Drake’s research was to be disclosed at a Black Hat computer security conference taking place in Las Vegas early in August.
It Runs on Linux, 7/29/15
Linux on your Smartphone does exists for years with Android, Tizen, Sailfish OS and Ubuntu. Now there is Plasma Phone OS. Today the developers from KDE Plasma Mobile anounced their latest project, named after their Linux desktop environment.
KDE Plasma Phone OS
According to the KDE Plasma Mobile developers; Plasma Phone OS is a complete software stack for mobile devices and includes the following libre technologies:
- Plasma Mobile (a Plasma-based shell)
Plasma Phone OS allows you to run several Qt-based applications on top of it, for example:
- Plasma apps
- Sailfish OS based apps
- Ubuntu Touch based apps
- Nemo based apps
If you have a Nexus 5 you can download Plasma Phone OS here. Be warned though, this version is still very experimental.