The Gmail app for Android has scored what used to be a web-only feature. It now has Google Wallet integration, so you can send and request money right within your emails. Say, you need to split the bill for a dinner — all you need to do is tap the attachment icon and click “Send money” to pay your friend. A Google Wallet pop up will ask you how much you want to send and will forward your payment as an attachment.
Mariella Moon, Engadget, 3/15/17
The Google Wallet integration used to be exclusive to Gmail for the web.
In case you’re typically the one receiving payments for group dinners, shared bills and the like, you can also tweak the feature’s settings to send the money straight to your bank account. The feature works even if your friends, roommates or co-workers don’t use Gmail, but only if you’re all in the US. Since it’s only available for users in the country and only on Android and the web, you’ll probably want to keep those other payment apps on your phone.
In: Android, Mobile Technology
Darlene Storm, ComputerWorld, 3/14/17
Android devices were infected with malware at some point after leaving the manufacturers, but before landing in the hands of companies’ employees.
The phone, given to you by your company, could be targeted at some point and end up with a malware infection, but you wouldn’t expect the malware to be pre-installed “somewhere along the supply chain.” Yet pre-installed malware is precisely what one security vendor found on 38 Android devices.
Check Point Software Technologies did not name the affected companies, saying only that the phones belonged to “a large telecommunications company” and “a multi-nation technology company.” A good chunk of the infected phones were Samsung models, but phones by Lenovo, LG, Asus, ZTE, Vivo, Oppo and Xiaomi were also preinstalled with malware after leaving the manufacturers but before landing in the hands of the companies’ employees.
Check Point explained that the malware was “already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”
The infected Android devices were tainted with various types of malware, with most being info-stealers and malicious ad networks; Check Point called Loki the most notable malware. One device came preinstalled with the mobile ransomware Slocker which encrypts all the files on a phone, demands a ransom in exchange for the decryption key, and communicates with its C&C server via Tor.
The malware was not always found in the same app. Check Point included the full list of malware, SHA hashes and affected devices. The list originally included 38 Android devices, but Check Point removed Nexus 5 and Nexus 5X without giving a detailed explanation.
The 36 remaining malware-tainted devices included these models:
- Galaxy Note 2
- LG G4
- Galaxy S7
- Galaxy S4
- Galaxy Note 8.0
- Xiaomi Mi 4i
- Galaxy A5
- Galaxy S4
- ZTE x500
- Galaxy Note 3
- Galaxy Note Edge
- Galaxy Note 4
- Galaxy Tab S2
- Galaxy Tab 2
- Oppo N3
- vivo X6 plus
- Asus Zenfone 2
- OppoR7 plus
- Xiaomi Redmi
- Galaxy Note 5
- Lenovo A850
Even if users are careful by avoiding risky sites and install apps only from trusted sources like the Play Store, Check Point said that is not enough to guarantee their security. “Pre-installed malware compromise the security even of the most careful users. In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity which often occur once a malware is installed.”
Hopefully you do use a malware scanner on your mobile devices. Keep in mind that not all mobile security apps are created equal.
In: Android, Mobile Technology · Tagged with: Malware
Darrell Etherington, Tech Crunch, 3/3/17
Google’s Pixel smartphone this year was a significant reset for the company’s mobile hardware strategy – and one that earned a lot of praise from customers and critics. Good news for those who liked it: Pixel’s successor will arrive sometime in 2017, as confirmed by Google SVP of Hardware Rick Osterloh to Android Pit at MWC this year.
It sounds like the Pixel 2 will continue the tradition of the original – Osterloh said it’ll remain “premium” in its next iteration, and he added that the company isn’t interested in offering a low-cost version, preferring instead to let that segment be addressed by its external hardware partners.
While it was to be expected that Google would put out a smartphone this year, since the annual release cycle for hardware is hardly new, Osterloh’s confirmation tells us a few things about the company’s strategy that weren’t previously totally pinned down. First, we know Google’s staying the course with the new strategy it set out with Pixel, whereby it aims to compete more directly with the iPhone. Second, we know it’s not going to split its focus by simultaneously going after mid- and low-market opportunities at the same time.
This bodes well for Google’s smartphone strategy. The first Pixel is still the best Android smartphone available, in my opinion, and it’s good to see Google continuing along that path.
In: Mobile Technology
Daniel Cooper, Engadget, 3/3/17
10GB per line, plus incentives for you to get DirecTV.
Remember when AT&T announced that it would once again offer unlimited data packages, and they were a little underwhelming? Sensing its error, the company has taken the opportunity to roll out a tweaked plan to ease the pain of your wallet. AT&T Unlimited Plus offers unlimited calls, texts and 22GB of high speed data before you hit the throttling wall for $90 a month. Even better, the plan now offers 10GB tethering data per line — something that was omitted from the prior set of plans.
AT&T’s also keen on tying folks in to both its mobile and TV packages, with juicy incentives for those who pay for both. Subscribers to Unlimited Plus will get a $25 monthly credit towards their DirecTV, DirecTV Now or U-Verse TV packages. In addition, AT&T is proud to offer zero-rating for its video packages, so if you watch DirecTV Now on your mobile connection, it won’t count against your data.
Naturally, the pricing schedule is increasingly complicated the more lines you pay for, but you can get four lines for $185 a month. You can also add on other devices, like a tablet, wireless home phone or hotspot, for another $20 a month. For most people, the easy calculation is that you’ll get the main data plan and DirecTV now for $100 a month once you’ve taken credits and incentives into account.
The company is also rolling out an unlimited data plan without the extra bells and whistles, so long as you’re happy with capped speeds. AT&T Unlimited Choice will set you back $60 a month (for the first line) with the speed limited to 3Mbps and video held at 480p resolution. Both plans however, will allow you to roam into Canada and Mexico without incurring additional charges.
In: Mobile Technology · Tagged with: AT&T, Tether
Tim Anderson, The Register, 3/3/17
MWC Alcatel, a brand of Hong Kong-based TCL Communication, has announced the A5 LED at Mobile World Congress, which it claims is “the world’s first interactive LED-covered smartphone.”
Before you quip “and there’s a reason for that”, have some sympathy for the plight of Android vendors struggling to differentiate their brands.
Aimed at “energetic young consumers”, the 5.2″ A5 LED has an illuminated back panel which you can use for notifications, setting different patterns for each type of message, and for creating your own pulsating light show in time with music playback.
Powered by a MediaTek MT6753 8-core, 1.5GHz processor, and running Android 6.0 Marshmallow, the A5 LED will be available in May for around €199.
TCL has licensed the BlackBerry brand for mobiles aimed at the business market, but that has not stopped Alcatel from launching a new Windows 10 Mobile handset which also has business users in mind. The 5.5″ (1080×1920 pixels) Idol 4 Pro runs a Qualcomm quad-core Snapdragon 820 and supports Microsoft’s Continuum feature, where you can dock to an external keyboard and screen for a PC-like experience, albeit restricted to Universal Windows Apps.
The spec is reasonable, with 21MP rear camera and 8MP front, fingerprint reader, 4GB RAM, 64GB storage and MicroSD support. It will be available in Europe “by June”, according to Alcatel, and will cost around €599.
Continuum is a neat trick, but Windows 10 Mobile users have to live with a limited range of apps compared to iOS or Android. Windows 10 Mobile is not quite dead then; though we suspect it will be a hard sell.
If you want to run Windows on the go, you might be better off with the Idol Plus 12 2-in-1 tablet, promised for July at around €499. This 11.6″ device runs an Intel Celeron N3350 and has a detachable keyboard in which you can install a SIM to create a mobile hotspot.
We took a quick look at the Plus 12 at Alcatel’s press event and it feels like a decent effort though why you would not just use your phone for a mobile data is not clear. Another puzzle is that the Plus 12 comes with Windows 10 Home, whereas most business users run Pro or Enterprise editions.
In: Android, Blackberry, iOS, Mobile Technology, WinPhone
Devin Coldewey, Tech Crunch, 3/3/17
The FCC has given several companies the go-ahead to activate a wireless technology called LTE-U in their base stations; if all goes as planned, devices will be able to communicate cellular data over unlicensed frequencies technically overlapping with those of Wi-Fi.
The basic idea behind LTE-U (and related techniques called License Assisted Access and MuLTEfire) is that some frequencies in the 5 GHz band used by Wi-Fi routers were going unused. Carriers and device makers had proposed allowing these unlicensed bits of spectrum to augment existing base stations’ signals, potentially improving short-range connection speeds.
Some have raised objections over the last couple years of developmnet saying this would lead to interference and congestion in the 5 GHz band, but studies from Qualcomm (a champion of the tech) and others suggest otherwise. Well, we’re about to find out.
The devices approved today by the FCC are base stations from Ericsson and Nokia already in service and compatible with both LTE-U and LAA.
“These transmitters were already approved as LTE base stations previously,” an FCC representative told TechCrunch. “The grants issued today are for the ability for the devices to operate under Part 15 rules in the 5 GHz band.”
T-Mobile appears to be the first to take advantage of this, and compatible base stations should get the LTE-U boost in the spring. Other wireless companies have been bullish on the tech as well and will likely make similar announcements soon.
In: Mobile Technology · Tagged with: FCC, LAA, LTE, LTE-U, T-Mobile, WiFi
Mariella Moon, Engadget, 2/13/17
But still only for Pixel and Nexus devices running Nougat.
Instant tethering started making its way to some Android users in late January, allowing them to set up an automatic hotspot connection between devices. Now that the feature is officially available, more people should have access to it — but it still only works with Pixel and Nexus devices. The new FAQ section dedicated to the feature confirms what was reported before: Pixel and Nexus phones running Nougat can act as hosts or the source of internet connection. Tablets like the Pixel C and Nexus 9, as well as phones running Android Marshmallow, however, can only use shared data connections and can’t act as hosts.
To be able to use the feature, all your devices must share the same Google account. You can then activate Instant Tethering in the Settings menu: tap “Provide data connection” to set up a host device or tap “Get data connection” to set up a non-host phone or tablet. After the initial setup, your non-host devices will automatically connect to your host devices when you need an internet connection. It’s a pretty sweet deal if you’re always busy on the go, since manually tethering devices all the time can be time consuming. Another plus is that your receiving device will automatically disconnect after 10 minutes of no activity to save power and make sure your tablet/phone doesn’t die too quickly.
In: Android · Tagged with: Tether
Dan Goodin, Ars Technica, 2/13/17
Study of nearly 300 apps finds shocking omissions, including a failure to encrypt.
Over the past half-decade, a growing number of ordinary people have come to regard virtual private networking software as an essential protection against all-too-easy attacks that intercept sensitive data or inject malicious code into incoming traffic. Now, a comprehensive study of almost 300 VPN apps downloaded by millions of Android users from Google’s official Play Market finds that the vast majority of them can’t be fully trusted. Some of them don’t work at all.
- 18 percent didn’t encrypt traffic at all, a failure that left users wide open to man-in-the-middle attacks when connected to Wi-Fi hotspots or other types of unsecured networks
- 84 percent leaked traffic based on the next-generation IPv6 internet protocol, and 66 percent don’t stop the spilling of domain name system-related data, again leaving that data vulnerable to monitoring or manipulation
- Of the 67 percent of VPN products that specifically listed enhanced privacy as a benefit, 75 percent of them used third-party tracking libraries to monitor users’ online activities. 82 percent required user permissions to sensitive resources such as user accounts and text messages
- 38 percent contained code that was classified as malicious by VirusTotal, a Google-owned service that aggregates the scanning capabilities of more than 100 antivirus tools
- Four of the apps installed digital certificates that caused the apps to intercept and decrypt transport layer security traffic sent between the phones and encrypted websites
The researchers—from Australia’s Commonwealth Scientific and Industrial Research Organization, the University of New South Wales, and the University of California at Berkeley—wrote in their report:
Our results show that—in spite of the promises for privacy, security, and anonymity given by the majority of VPN apps—millions of users may be unawarely subject to poor security guarantees and abusive practices inflicted by VPN apps… Despite the fact that Android VPN-enabled apps are being installed by millions of mobile users worldwide, their operational transparency and their possible impact on user’s privacy and security remains terra incognita even for tech-savvy users.
Not every behavior called out in the report is an automatic indication of a privacy or security failing. A variety of VPNs have been called out in the past for leaking IPv6 and DNS traffic. In some cases, the shortcomings may compromise only anonymity, rather than allowing attackers to monitor or manipulate traffic to and from a phone. Still, most security and privacy experts agree that at a minimum, the behaviors found in the study are things that should be avoided by VPN developers.
The research was based on Google Play apps that, as of November, used a permission called BIND_VPN_SERVICE, which allows apps to intercept and take full control of all traffic flowing over an affected phone or tablet. The results don’t take into account apps that have been added, removed, or modified since then. Still, however the Google Play offerings have changed in the past two months, the findings should serve as a wakeup call for anyone using a VPN app on an Android device. Those relying on an app that isn’t Freedome should consider dumping it or at least suspending use of it until they have reviewed the app’s performance.
In: Android, Mobile Technology · Tagged with: WiFi
Chris Welch, The Verge, 1/26/17
Google just announced the new and improved Google Voice that the company teased a few weeks ago. Today you’ll find updated versions of Voice available for Android, iOS, and on the web. The service has been given a much-needed visual refresh, bringing it in line with Google’s other apps. According to Google’s blog post on the changes, “your inbox now has separate tabs for text messages, calls and voicemails. Conversations stay in one continuous thread, so you can easily see all your messages from each of your contacts in one place.”
Aside from simply bringing Voice up to date aesthetically, the upgraded app carries over some features that until now were only available for users who had switched to Hangouts for some Voice functions like texting and voicemail. For one, photo MMS is now supported by Google Voice on all platforms and across pretty much all major carriers. Images show up inline in your conversations, and firing off your own is as easy as any other texting app. That sounds like basic functionality, but MMS has been a longtime sore spot for Voice. No more emails with MMS attachments or other weird workarounds.
Group texting has also been added to the main Voice apps — no Hangouts required. This is another crucially important feature to many people that Google Voice has been bad at until now. With today’s update, group conversations are labeled very clearly and should work as you’d expect them to.
Voicemail transcriptions are still in there too. And with this update, Google is introducing voicemail transcriptions for Spanish. Other nice touches I’ve noticed in a few days spent testing the new Google Voice include: in-notification replies on Android (but sadly not iOS), 3D Touch support for iPhone (mostly in Messages view), and a user experience that finally feels less like a relic from the early App Store days. This is what the Android version looked like in the year 2017 before today’s redesign:
Those days are thankfully over. Speaking of which, Google claims it’s committed to preventing Voice from falling into the neglected state it was stuck in prior to today. The company says users can expect “regular” updates and new features for the mobile apps and web client, though it offers no estimate on how often they’ll arrive. Let’s just say that Google has a lot to prove if it wants to convince anyone that Voice is a priority again. One thing a spokesperson has already confirmed to The Verge is that Google is working to implement RCS messaging in Voice.
But today is just step one, a redesign that seems more about making up for lost time than reinventing what Google Voice is. If you’ve already moved your Voice account into Hangouts (and you actually still use Hangouts), the blog post says there’s “no need to change to the new apps, but you might want to try them out as we continue to improve and add more features.”
These Google Voice updates will launch first today on Android, followed by iOS in a couple days. Once your mobile app is updated, the web client will automatically change over to the new design. Everyone should have it within a couple weeks, according to Google.
In: Android, iOS, Mobile Technology · Tagged with: MMS, RCS
Eric Ravenscraft, LifeHacker, 1/26/17
Many Android phones can create handy hotspots to share your phone’s internet connections, but they can be tedious to set up. Google wants to fix this with its new Instant Tethering feature.
The new feature is currently rolling out as an update to Google Play Services. When you have multiple devices logged into the same account and one loses a connection, it will automatically offer to share another device’s internet connection.
For now, the feature is very limited. Only Nexus and Pixel devices running Android 7.1.1 are supported. Furthermore, only phones like the Pixel and Pixel XL will be able to share their internet connection with tablets like the Nexus 9 and Pixel C, not the other way around. One Pixel phone can share its connection with another Pixel phone, however. It seems that Google is still testing to this to see how well it will work. However, if this works out it should make staying online much easier.