All posts in “Google Play Store”

Google releases Android 10

Android 10 is now available, assuming you have a phone that already supports Google’s latest version of its mobile operating system. For now, that’s mostly Google’s own Pixel phones, though chances are that most of the phones that were supported during the beta phase will get updated to the release version pretty soon, too.

Since the development of Android pretty much happens in the open these days, the release itself doesn’t feature any surprises. Just like with the last few releases, chances are you’ll have to look twice after the update to see whether your phone actually runs the latest versions. There are plenty of tweaks in Android 10, but some of the most interesting new features are a bit hidden and (at least in the betas) off by default.

The one feature everybody has been waiting for is a dark mode and here, Android 10 doesn’t disappoint. The new dark theme is now ready for your night-time viewing, with the promise of improved battery life for your OLED phone and support from a number of apps like Photos and Calendar. Over time, more apps will automatically switch to a dark theme as well, but right now, the number seems rather limited and a bit random, with Fit offering a dark mode while Gmail doesn’t.

[embedded content]

The other major tweak is the updated gesture navigation. This remains optional — you can still use the same old three-button navigation Android has long offered. It’s essentially a tweak of the navigation system the launched with Android Pie. For the most part, the new navigation gestures work just fine and feel more efficient than those in Pie, especially when you try to switch between apps. Swiping left and right from the screen replaces the back button, which isn’t immediately obvious, and a slightly longer press on the side of the screen occasionally opens a navigation drawer. I say ‘occasionally,’ because I think this is the most frustrating part of the experience. Sometimes it works, sometimes it doesn’t. The trick to opening the drawer, it seems, is to swipe at an angle that’s well above 45 degrees.

Also new is an updated Smart Reply feature that now suggests actions from your notifications. If a notification includes a link, for example, Smart Reply will suggest opening it in Chrome. Same for addresses, where the notification can take you right to Google Maps, or YouTube videos that you can play in — you guessed it — Youtube. This should work across all popular messaging apps.

There are also a couple of privacy and security features here, including the ability to only share location data with apps while you use them and a new Privacy section in Settings that gives you access to controls for managing your web and app history, as well as your ad settings in a slightly more prominent place.

The new Google Play system updates, the company can now also push important security and privacy fixes right to the phone from the Google Play store, which allows it to patch issues without having to go through the system update process. Given the slow Android OS upgrade cycles, that’s an important new feature, though it, too, is an evolution of Google’s overall strategy to decouple these updates and core features from the OS updates.

Two other interesting new features are still in beta or won’t be available until later this year, but Google prominently highlights Focus mode, which allows you to silence specific apps for a while and which is now in beta, and Live Caption, which will launch in the fall on Pixel phones and which can automatically caption videos and audio across all apps. I’ve been beta testing Focus Mode for a bit and I’m not sure it has really made a difference in my digital wellbeing, but the ability to mute notifications from YouTube during the workday, for example, has probably made me a tiny bit more productive.

Oh, and there’s also native support for foldable phones, but for the time being, there are no foldable phones on the market.

[embedded content]

Like with most recent releases, those are just some of the highlights. There are plenty of small tweaks, too, and chances are you’ll notice a few new fonts and visual tweaks here and there. For the most part, though, you can continue to use Android like you always have. Even major changes like the updated gesture controls are optional. It’s very much an evolutionary update, but that’s pretty much the case for any mobile OS these days.

Huawei responds to Android ban with service and security guarantees, but its future is unclear

Huawei has finally gone on the record about a ban on its use of Android, but the company’s long-term strategy on mobile still remains unclear.

In an effort to appease its worried customer base, the embattled Chinese company said today that it will continue to provide security updates and after-sales support to its existing lineup of smartphones, but it’s what the company didn’t say that will spark concerns.

Huawei was unable to make guarantees about whether existing customers will continue to receive Android software updates, while its statement is bereft of any mention of whether future phones will ship with the current flavor of Android or something else.

The company, which is the world’s second largest smartphone vendor based on shipments, said it will continue to develop a safe software ecosystem for its customers across the globe. Huawei will also extend the support to Honor, a brand of smartphones it owns. Nearly 50 percent of all of Huawei’s sales comes from outside China, research firm Counterpoint told TechCrunch.

Here’s the statement in full:

Huawei has made substantial contributions to the development and growth of Android around the world. As one of Android’s key global partners, we have worked closely with their open-source platform to develop an ecosystem that has benefitted both users and the industry,

Huawei will continue to provide security updates and after sales services to all existing Huawei and Honor smartphone and tablet products covering those have been sold or still in stock globally. We will continue to build a safe and sustainable software ecosystem, in order to provide the best experience for all users globally.

In addition, the company said it plans to launch the Honor 20 as planned. The device is set to be unveiled at an event in London tomorrow. While Honor is a sub-brand, any sanctions levied on Huawei will likely be reflected in its business, too.

Huawei’s lukewarm response isn’t unexpected. Earlier, Google issued a similarly non-committal statement that indicated that owners of Huawei phones will continue to be able to access the Google Play Store and Google Play Protect, but — like the Chinese firm — it made no mention of the future, and that really is the key question.

Indeed, sources within both Google and Huawei have told TechCrunch that the immediate plan of action for what happens next remains unclear.

It could turn out that Huawei is forced to use the open source version of Android, AOSP, which comes stripped of Google Mobile Services, a suite for Google services such as Google Play Store, Gmail, and YouTube. That’s unless it doesn’t plump for its own homespun alternative, which media reports have claimed it has built in the case of an emergency situation.

Huawei’s response comes a day after Reuters reported that Google had suspended some of its businesses with the Chinese technology giant. The Android-maker is complying with a U.S. Commerce Department’s directive that placed Huawei and 70 of its affiliates on an “entity list” that requires any U.S. company to gain government approval before doing business with the Chinese tech company.

In the meantime, the troubles are mounting for Huawei. In addition to Android, the U.S. government’s move has seen Intel, Qualcomm, Xilinx, and Broadcom reportedly pause supplying chips to Huawei until a resolution has been reached.

Google says its app store will continue to work for existing Huawei smartphone owners

Google said today that existing users of Huawei Android devices can continue to use Google Play app store, offering some relief to tens of millions of users worldwide even as it remains unclear if the Chinese tech giant will be able to use the fully-functioning version of Android in its future phones.

Existing Huawei phone users will also be able to enjoy security protections delivered through Google Play Protect, the company said in a statement to TechCrunch. Google Play Protect is a built-in malware detector that uses machine learning to detect and weed out rogue apps. Google did not specify whether Huawei devices will receive future Android updates.

The statement comes after Reuters reported on Sunday that Google is suspending some businesses with Huawei, the world’s second largest smartphone maker that shipped over 200 million handsets last year. The report claimed, a point not addressed by Google, that future Android devices from Huawei will not run Google Mobile Services, a host of services offered by Google including Google Play Store, and email client Gmail. A Huawei spokesperson said the company is looking into the situation but has nothing to share beyond this.

It’s a major setback for Huawei, which unless resolved in the next few weeks, could significantly disrupt its phone business outside of China. The top Android phone vendor, which is already grappling with controversy over security concerns, will have to rethink its software strategy for future phones if there is no resolution. Dearth — or delay in delivery — of future Android updates would also hurt the company’s reputation among its customers around the globe.

“We are complying with the order and reviewing the implications,” a company spokesperson said in a statement.

The two tech companies find themselves in this awkward situation as a result of the latest development in the ongoing U.S-China trade war. Huawei and 70 of its affiliates have been put on an “entity list” by the U.S. Commerce Department over national security concerns, requiring local giants such as Google and Intel to take approval from the government before conducting business with the Chinese firm.

Huawei may have already foreseen this. A company executive revealed recently that Huawei had built its own Android-based operating system in case a future event prevented it from using existing systems. Per Reuters, Huawei can also continue to use AOSP, the open source Android operating system that ships stripped off Google Mobile Services. And on paper, it can also probably have an app store of its own. But convincing enough stakeholders to make their apps available on Huawei’s store and continually push updates could prove incredibly challenging.

The consumer version of BBM is shutting down on May 31

It might be time to move on from BBM. The consumer version of the BlackBerry Messenger will shut down on May 31. Emtek, the Indonesia-based company that partnered with BlackBerry in 2016, just announced the closure. It’s important to note, BBM will still exist and BlackBerry today revealed a plan to open its enterprise-version of BBM to general consumers.

Starting today, BBM Enterprise will be available through the Google Play Store and eventually from the Apple App Store. The service will be free for the one year and after that, $2.49 for six months of service. This version of the software, like the consumer version, still features group chats, voice and video calls, and the ability to edit and retract messages.

As explained by BlackBerry, BBMe features end-to-end encryption.

BBMe can be downloaded on any device that uses Android, iOS, Windows or MAC operating systems. The sender and recipient each have unique public/private encryption and signing keys. These keys are generated on the device by a FIPS 140-2 certified cryptographic library and are not controlled by BlackBerry. Each message uses a new symmetric key for message encryption. Additionally, TLS encryption between the device and BlackBerry’s infrastructure protects BBMe messages from eavesdropping or manipulation.

BBM is one of the oldest smartphone messaging services. Research in Motion, BlackBerry’s original name, released the messenger in 2005. It quickly became a selling point for BlackBerry devices. BBM wasn’t perfect and occasionally crashed, but it was a robust, feature-filled messaging app when most of the world was still using SMS. Eventually with the downfall of RIM and eventually BlackBerry, BBM fell behind iMessage, WhatsApp, and other independent messaging platforms. Emtek’s partnership with BlackBerry was supposed to bring the service into the current age, but some say the consumer version ended up bloated with games, channels and ads. BlackBerry’s BBMe lacks a lot of those extra features so consumers might find it a better platform for communicating.

Android users’ security and privacy at risk from shadowy ecosystem of pre-installed software, study warns

A large-scale independent study of pre-installed Android apps has cast a critical spotlight on the privacy and security risks that preloaded software poses to users of the Google developed mobile platform.

The researchers behind the paper, which has been published in preliminary form ahead of a future presentation at the IEEE Symposium on Security and Privacy, unearthed a complex ecosystem of players with a primary focus on advertising and “data-driven services” — which they argue the average Android user is unlikely to be unaware of (while also likely lacking the ability to uninstall/evade the baked in software’s privileged access to data and resources themselves).

The study, which was carried out by researchers at the Universidad Carlos III de Madrid (UC3M) and the IMDEA Networks Institute, in collaboration with the International Computer Science Institute (ICSI) at Berkeley (USA) and Stony Brook University of New York (US), encompassed more than 82,000 pre-installed Android apps across more than 1,700 devices manufactured by 214 brands, according to the IMDEA institute.

“The study shows, on the one hand, that the permission model on the Android operating system and its apps allow a large number of actors to track and obtain personal user information,” it writes. “At the same time, it reveals that the end user is not aware of these actors in the Android terminals or of the implications that this practice could have on their privacy.  Furthermore, the presence of this privileged software in the system makes it difficult to eliminate it if one is not an expert user.”

An example of a well-known app that can come pre-installed on certain Android devices is Facebook .

Earlier this year the social network giant was revealed to have inked an unknown number of agreements with device makers to preload its app. And while the company has claimed these pre-installs are just placeholders — unless or until a user chooses to actively engage with and download the Facebook app, Android users essentially have to take those claims on trust with no ability to verify the company’s claims (short of finding a friendly security researcher to conduct a traffic analysis) nor remove the app from their device themselves. Facebook pre-loads can only be disabled, not deleted entirely.

The company’s preloads also sometimes include a handful of other Facebook-branded system apps which are even less visible on the device and whose function is even more opaque.

Facebook previously confirmed to TechCrunch there’s no ability for Android users to delete any of its preloaded Facebook system apps either.

Facebook uses Android system apps to ensure people have the best possible user experience including reliably receiving notifications and having the latest version of our apps. These system apps only support the Facebook family of apps and products, are designed to be off by default until a person starts using a Facebook app, and can always be disabled,” a Facebook spokesperson told us earlier this month.

But the social network is just one of scores of companies involved in a sprawling, opaque and seemingly interlinked data gathering and trading ecosystem that Android supports and which the researchers set out to shine a light into.

In all 1,200 developers were identified behind the pre-installed software they found in the data-set they examined, as well as more than 11,000 third party libraries (SDKs). Many of the preloaded apps were found to display what the researchers dub potentially dangerous or undesired behavior.

The data-set underpinning their analysis was collected via crowd-sourcing methods — using a purpose-built app (called Firmware Scanner), and pulling data from the Lumen Privacy Monitor app. The latter provided the researchers with visibility on mobile traffic flow — via anonymized network flow metadata obtained from its users. 

They also crawled the Google Play Store to compare their findings on pre-installed apps with publicly available apps — and found that just 9% of the package names in their dataset were publicly indexed on Play. 

Another concerning finding relates to permissions. In addition to standard permissions defined in Android (i.e. which can be controlled by the user) the researchers say they identified more than 4,845 owner or “personalized” permissions by different actors in the manufacture and distribution of devices.

So that means they found systematic user permissions workarounds being enabled by scores of commercial deals cut in a non-transparency data-driven background Android software ecosystem.

“This type of permission allows the apps advertised on Google Play to evade Android’s permission model to access user data without requiring their consent upon installation of a new app,” writes the IMDEA.

The top-line conclusion of the study is that the supply chain around Android’s open source model is characterized by a lack of transparency — which in turn has enabled an ecosystem to grow unchecked and get established that’s rife with potentially harmful behaviors and even backdoored access to sensitive data, all without most Android users’ consent or awareness. (On the latter front the researchers carried out a small-scale survey of consent forms of some Android phones to examine user awareness.)

tl;dr the phrase ‘if it’s free you’re the product’ is a too trite cherry atop a staggeringly large yet entirely submerged data-gobbling iceberg. (Not least because Android smartphones don’t tend to be entirely free.)

“Potential partnerships and deals — made behind closed doors between stakeholders — may have made user data a commodity before users purchase their devices or decide to install software of their own,” the researchers warn. “Unfortunately, due to a lack of central authority or trust system to allow verification and attribution of the self-signed certificates that are used to sign apps, and due to a lack of any mechanism to identify the purpose and legitimacy of many of these apps and custom permissions, it is difficult to attribute unwanted and harmful app behaviors to the party or parties responsible. This has broader negative implications for accountability and liability in this ecosystem as a whole.”

The researchers go on to make a series of recommendations intended to address the lack of transparency and accountability in the Android ecosystem — including suggesting the introduction and use of certificates signed by globally-trusted certificate authorities, or a certificate transparency repository “dedicated to providing details and attribution for certificates used to sign various Android apps, including pre-installed apps, even if self-signed”.

They also suggest Android devices should be required to document all pre-installed apps, plus their purpose, and name the entity responsible for each piece of software — and do so in a manner that is “accessible and understandable to users”.

“[Android] users are not clearly informed about third-party software that is installed on their devices, including third-party tracking and advertising services embedded in many pre-installed apps, the types of data they collect from them, the capabilities and the amount of control they have on their devices, and the partnerships that allow information to be shared and control to be given to various other companies through custom permissions, backdoors, and side-channels. This necessitates a new form of privacy policy suitable for preinstalled apps to be defined and enforced to ensure that private information is at least communicated to the user in a clear and accessible way, accompanied by mechanisms to enable users to make informed decisions about how or whether to use such devices without having to root their devices,” they argue, calling for overhaul of what’s long been a moribund T&Cs system, from a consumer rights point of view.

In conclusion they couch the study as merely scratching the surface of “a much larger problem”, saying their hope for the work is to bring more attention to the pre-installed Android software ecosystem and encourage more critical examination of its impact on users’ privacy and security.

They also write that they intend to continue to work on improving the tools used to gather the data-set, as well as saying their plan is to “gradually” make the data-set itself available to the research community and regulators to encourage others to dive in.