Sunbird, the app that brings iMessage to Android, has temporarily shut down the service over "security concerns." From a report: In a notice to users, Sunbird says it has "decided to pause Sunbird usage for now" while it investigates reports that its messages aren't actually end-to-end encrypted. Sunbird launched in 2022 as a messaging app that attempts to put the blue versus green bubble battle to rest. It has only been available to those who sign up for its waitlist, touting numerous privacy features, like end-to-end encryption, no message data collection, and no ads.

Last week, Sunbird partnered with Nothing, the phone brand owned by OnePlus co-founder Carl Pei, on the launch of Nothing Chats. The Sunbird-powered messaging service is supposed to let owners of the Phone 2 send texts via iMessage, but it was pulled from the Google Play Store just one day after its launch. At the time, Nothing said it had to fix "several bugs" within the app. However, its removal from the Play Store came around the same time a post from Texts.blog revealed that messages sent via Sunbird may not be end-to-end encrypted.

Epic Games Chief Executive Officer Tim Sweeney testified that Google's Android operating system is a "fake open platform" in a high-stakes antitrust lawsuit over claims that the technology giant thwarts app market competition. From a report: Sweeney, who founded the company that makes the blockbuster Fortnite, took the witness stand Monday in San Francisco federal court to reinforce his claims that Google Play policies are unlawful and allow Alphabet to maintain a monopoly in the Android mobile-app distribution market. The court fight started in 2020 when Epic marketed Fortnite on Android and sidestepped the Google Play billing system and the 30% revenue cut it was taking from app developers.

"We very much wanted to avoid that and do business directly with our customers," Sweeney told jurors. Google denies abusing its market power. The jury trial started two weeks ago and is expected to wrap up in early December. If Epic prevails, Google could be forced to allow competing app marketplaces and payment methods on its app store, threatening billions of dollars in revenue generated by Google Play. Sweeney previously testified in a 2021 trial in a similar antitrust suit targeting Apple's App Store policies as unfair and self-serving. Epic mostly lost that fight, which was decided by a federal judge in Oakland, California, after a trial. An appeals court upheld the judge's ruling and Epic is now asking the US Supreme Court to review it.

An anonymous reader quotes a report from The Verge: Music streaming service Spotify struck a seemingly unique and highly generous deal with Google for Android-based payments, according to new testimony in the Epic v. Google trial. On the stand, Google head of global partnerships Don Harrison confirmed Spotify paid a 0 percent commission when users chose to buy subscriptions through Spotify's own system. If the users picked Google as their payment processor, Spotify handed over 4 percent -- dramatically less than Google's more common 15 percent fee. Google fought to keep the Spotify numbers private during its antitrust fight with Epic, saying they could damage negotiations with other app developers who might want more generous rates.

Google's User Choice Billing program, launched in 2022, is typically described as shaving about 4 percent off Google's Play Store commission if developers use their own payment system, bringing down Google's 15 percent subscription service fee to more like 11 percent. That often ends up saving developers little or no money since they must foot the cost of payment processing themselves. And in court, Google has focused on benefits like greater flexibility rather than cost savings. [...] Harrison says Spotify's "unprecedented" popularity was great enough to justify a "bespoke" deal. "If we don't have Spotify working properly across Play services and core services, people will not buy Android phones," Harrison testified. As part of the deal, both parties also agreed to commit $50 million apiece to a "success fund."

Google acknowledged Harrison's testimony in a statement to The Verge. "A small number of developers that invest more directly in Android and Play may have different service fees as part of a broader partnership that includes substantial financial investments and product integrations across different form factors," says spokesperson Dan Jackson. "These key investment partnerships allow us to bring more users to Android and Play by continuously improving the experience for all users and create new opportunities for all developers." Google would not name other developers that have gotten the company to agree to more generous rates. During the trial, we learned that Google offered Netflix a special discounted rate of just 10 percent, but Netflix refused. Netflix no longer offers an in-app purchase option on Android and no longer pays Google anything to distribute its app as a result.

Last week, Android smartphone manufacturer "Nothing" announced that it's bringing iMessage to its newest phone through a new "Nothing Chats" app powered by the messaging platform Sunbird. After launching Friday, the app was shut down within 24 hours and the Sunbird app, which Nothing Chat is a clone of, was put "on pause." The reason? It's a security nightmare. Ars Technica reports: The initial sales pitch for this app -- that it would log you into iMessage on Android if you handed over your Apple username and password -- was a huge security red flag that meant Sunbird would need an ultra-secure infrastructure to avoid disaster. Instead, the app turned out to be about as unsecure as you could possibly be. Here's Nothing's statement: "We've removed the Nothing Chats beta from the Play Store and will be delaying the launch until further notice to work with Sunbird to fix several bugs. We apologize for the delay and will do right by our users."

How bad are the security issues? Both 9to5Google and Text.com (which is owned by Automattic, the company behind WordPress) uncovered shockingly bad security practices. Not only was the app not end-to-end encrypted, as claimed numerous times by Nothing and Sunbird, but Sunbird actually logged and stored messages in plain text on both the error reporting software Sentry and in a Firebase store. Authentication tokens were sent over unencrypted HTTP so this token could be intercepted and used to read your messages. [...]

Despite being the cause of this huge catastrophe, Sunbird has been bizarrely quiet during this whole mess. The app's X (formerly Twitter) page still doesn't say anything about the shutdown of Nothing Chats or Sunbird. Maybe that's for the best because some of Sunbird's early responses to the security concerns raised on Friday do not seem like they came from a competent developer. [...] Nothing has always seemed like an Android manufacturer that was more hype than substance, but we can now add "negligent" to that list. The company latched on to Sunbird, reskinned its app, created a promo website and YouTube video, and coordinated a media release with popular YouTubers, all without doing the slightest bit of due diligence on Sunbird's apps or its security claims. It's unbelievable that these two companies made it this far -- the launch of Nothing Chats required a systemic security failure across two entire companies.

An anonymous reader shared this report from InfoWorld: JetBrains' Kotlin language, a Java rival endorsed by Google for Android mobile development, continues to scale up Tiobe's index of language popularity, reaching the 15th spot in the November 2023 rankings...

Software quality services company Tiobe cites Kotlin advantages including interoperability with Java and unrivaled Android accommodations as reasons for the language's rise. Kotlin, Tiobe CEO Paul Jansen said, also fits in with a modern programming culture of expressive languages that have a strong type system and avoid null pointer exceptions by design. "Based on my experience, I am pretty sure Kotlin can reach a top 10 position," Jansen said. It remains to be seen if it can ever scale as high as a top four slot, he added...

In the rival Pypl Popularity of Programming languages index this month, Kotlin was ranked 13th with a 1.76% share, having slipped slightly year-over-year.
Kotlin's rank on the TIOBE index rose three positions in the last month — after rising two positions the month before. TIOBE's CEO says the language has now achieved its highest ranking ever on the index, surpassing 2017's "first wave of Kotlin popularity...when Google announced first class support for Kotlin on Android."

Rust now ranks #20 on the index, behind Delphi/Object Pascal, Swift, Ruby, and R.

Here's TIOBE November rankings for top-20 most popular programming languages:

1. Python
2. C
3. C++
4. Java
5. C#
6. JavaScript
7. PHP
8. Visual Basic
9. SQL
10. Assembly Language
11. Scratch
12. Fortran
13. Go
14. MATLAB
15. Kotlin
16. Delphi/Object Pascal
17. Swift
18. Ruby
19. R
20. Rust

"NFTs aren't gone yet," writes the Verge.

"Disney will launch an 'all-new socially driven collectible experience' called Disney Pinnacle later this year, turning characters from Pixar, Star Wars, and its classic animated films into tradable digital pins." While announcing Pinnacle, Disney and its partner Dapper Labs won't even say the word "NFT." Dapper Labs still calls itself "the NFT company," but between a variety of scams, an eye-blistering episode at a recent Bored Ape event, and a market that has plunged since peaking in early 2021, that's a term they apparently will steer clear of. The only thing available on the site right now is a privacy policy that makes clear this is a Dapper Labs effort that's licensing content from Disney — not an in-house effort on the level of Disney Plus.

The NFT collection is being launched through an iOS app, and a spokesperson tells CoinDesk that web and Android applications will come later.
The Disney Pinnacle website has a few seconds of background animation showing the pins — and, of course, a waitlist signup form.

9to5Mac: In a surprising move, Apple has announced today that it will adopt the RCS (Rich Communication Services) messaging standard. The feature will launch via a software update "later next year" and bring a wide range of iMessage-style features to messaging between iPhone and Android users. Apple's decision comes amid pressure from regulators and competitors like Google and Samsung. It also comes as RCS has continued to develop and become a more mature platform than it once was.

In a statement to 9to5Mac, an Apple spokesperson said that the company believes RCS will offer better interoperability for cross-platform messages. "Later next year, we will be adding support for RCS Universal Profile, the standard as currently published by the GSM Association. We believe RCS Universal Profile will offer a better interoperability experience when compared to SMS or MMS. This will work alongside iMessage, which will continue to be the best and most secure messaging experience for Apple users."

Samsung has admitted that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems. From a report: In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the company via a third-party agency, said Samsung was "recently alerted to a security incident" that "resulted in certain contact information of some Samsung U.K. e-store customers being unlawfully obtained." Samsung declined to answer further questions about the incident, such as how many customers were affected or how hackers accessed its internal systems.

In a letter sent to affected customers, Samsung admitted that attackers exploited a vulnerability in an unnamed third-party business application to access the personal information of customers who made purchases at Samsung U.K.'s store between July 1, 2019 and June 30, 2020. The letter, which was shared on X (formerly Twitter), Samsung said it didn't discover the compromise until more than three years later, on November 13, 2023. Samsung told affected customers that hackers may have accessed their names, phone numbers, postal addresses, and email addresses.

An anonymous reader shares a report: In May this year, Alexis Hancock's daughter got a children's tablet for her birthday. Being a security researcher, Hancock was immediately worried. "I looked at it kind of sideways because I've never heard of Dragon Touch," Hancock told TechCrunch, referring to the tablet's maker. As it turned out, Hancock, who works at the Electronic Frontier Foundation, had good reasons to be concerned. Hancock said she found that the tablet had a slew of security and privacy issues that could have put her daughter's and other children's data at risk.

The Dragon Touch KidzPad Y88X contains traces of a well-known malware, runs a version of Android that was released five years ago, comes pre-loaded with other software that's considered malware and a "potentially unwanted program" because of "its history and extensive system level permissions to download whatever application it wants," and includes an outdated version of an app store designed specifically for kids, according to Hancock's report, which was released on Thursday and seen by TechCrunch ahead of its publication. Hancock said she reached out to Dragon Touch to report these issues, but the company never responded. Dragon Touch did not respond to TechCrunch's questions either. After TechCrunch reached out to the company, Walmart removed the listing from its website, while Amazon said it's looking into the matter.

Microsoft has created a Windows App for iOS, iPadOS, macOS, Windows, and web browsers. From a report: The app essentially takes the previous Windows 365 app and turns it into a central hub for streaming a copy of Windows from a remote PC, Azure Virtual Desktop, Windows 365, Microsoft Dev Box, and Microsoft's Remote Desktop Services.

Microsoft supports multiple monitors through its Windows App, custom display resolutions and scaling, and device redirection for peripherals like webcams, storage devices, and printers. The preview version of the Windows App isn't currently available for Android, though. The Windows App is also limited to Microsoft's range of business accounts, but there are signs it will be available to consumers, too. The sign-in prompt on the Windows App on Windows (yes that's a mouthful) suggests you can access the app using a personal Microsoft Account, but this functionality doesn't work right now.

Lauren Irwin reports via The Hill: Google agreed to pay $8 billion over four years to Samsung to make its apps default on Samsung phones, according to information presented by Epic Games in court. James Kolotouros, vice president for partnerships at Google, testified Monday in a San Francisco trial, saying that the company and Samsung were to share app store revenue to ensure Android mobile devices came with Google Play preinstalled. Epic, the company that makes the popular video game "Fortnite," sued Google in 2020, alleging the company's app marketplace violates antitrust laws.

Epic is trying to show that Google executives have discouraged third-party app stores on Samsung devices so it wouldn't cut into the profit of Google Play, Bloomberg reported. According to Kolotouros's testimony, half or more of Google Play revenue comes from Samsung devices. The trial targets the app store that distributes apps for the company's Android software, which powers virtually all the world's smartphones that aren't made by Apple.

Epic alleges Google has created an illegal monopoly on Android apps so it can boost its profits through commissions, ranging from 15 to 30 percent on purchases made within an app. Google argues it was doing so to compete with Apple and its app store, an argument attacked by Epic attorney Lauren Moskowitz. Earlier in the trial, Google's attorney said the company can't be a monopoly because it faces competition from companies such as Apple. Further reading: Apple Gets 36% of Google Revenue in Search Deal, Witness Says

An anonymous reader quotes a report from Ars Technica: If you've only ever used standard Qi chargers with devices that don't have their own schemes, the Wireless Power Consortium's announcement today of the first Qi 2.0 devices being ready to launch before the holidays, with more than 100 in the queue behind them, is great. Qi2 sports a "Magnetic Power Profile" (MPP), created with help by Apple's MagSafe team, to help align devices and chargers' coils for faster, more efficient charging. Qi2-certified devices set onto Qi2 chargers can achieve 15 W charging, up from 7.5 W in the standard Qi scheme.

That brings Qi2 devices up to the same speed as iPhones on MagSafe chargers, and it clears up some consumer confusion about how fast a device might charge on Qi, MagSafe, or proprietary chargers. Should a phone and charger be Qi2 certified, you can now expect about 15 W out of it, regardless of whatever Google, Apple, or third party is behind them. Android and iPhone users alike are no longer beholden to their primary hardware vendor if they want 15 W of wireless juice. This announcement does not, however, bring the Qi2 standard close to the far-out speeds that proprietary setups now offer. [...]

A number of accessory makers, including stalwarts Anker and Belkin, had already lined up their Qi2-compatible offerings, waiting for the certification to drop. It will be interesting to see if Qi2 brings a wave of magnet mania to Android phones, akin to the MagSafe-induced blitz a few years back. Magnetic charging packs, wallets, wireless charging for a non-wireless-charging phone -- there's a lot to work with, especially at now somewhat more respectable charging speeds. Regarding speed, the WPC told Android Authority back in January that the Qi2 standards group intends to standardize charging speeds above 15 W by mid-2024. If you need a fast charge, plugging in the right cable to a well-powered source is still the most certain route. But with magnetic alignment and a good deal more universal compatibility, Qi2 drags the broader wireless charging market forward.

Nothing Phone 2 owners get blue bubbles now. The company shared it has added iMessage to its newest phone through a new "Nothing Chats" app powered by the messaging platform Sunbird. From a report: The feature will be available to users in North America, the EU, and other European countries starting this Friday, November 17th. Nothing writes on its page that it's doing this because "messaging services are dividing phone users," and it wants "to break those barriers down." But doing so here requires you to trust Sunbird. Nothing's FAQ says Sunbird's "architecture provides a system to deliver a message from one user to another without ever storing it at any point in its journey," and that messages aren't stored on its servers.

Marques Brownlee has also had a preview of Nothing Chats. He confirmed with Nothing that, similar to how other iMessage-to-Android bridge services have worked before, "...it's literally signing in on some Mac Mini in a server farm somewhere, and that Mac Mini will then do all of the routing for you to make this happen." Nothing's US head of PR, Jane Nho, told The Verge in an email that Sunbird stores user iCloud credentials as a token "in an encrypted database" and associated with one of its Mac Minis in the US or Europe, depending on the user's location, that then act as a relay for iMessages sent via the app. She added that, after two weeks of inactivity, Sunbird deletes the account information.

Does Gmail want to be an instant messaging client? From a report: Last month the popular webmail app shipped an emoji reactions bar in the mobile app, where a single tap would send a new email with your emoji response. Now, a wild new UI experiment spotted by Android Police goes another step further: a quick reply bar that looks just like instant messaging input. Rather than the usual input block you get for writing paragraphs of overly formal text, this new Gmail experiment has a one-line input bar at the bottom for replies. A drop-down menu just above it lets you pick from the usual "reply," "reply all," or "forward" options. Besides that, you get an attachment and send button. An "expand" button will presumably launch the usual compose interface.

A partnership between Qualcomm and Iridium to bring satellite connectivity to Android phones has fallen apart, almost a year after the deal was announced. From a report: In January, the two companies debuted the Snapdragon Satellite platform, a way to bring satellite-based SMS and emergency messaging to high-end smartphones. But on Thursday, Iridium said Qualcomm will cancel the partnership, effective Dec. 3. "The companies successfully developed and demonstrated the technology; however, notwithstanding this technical success, smartphone manufacturers have not included the technology in their devices," Iridium said in the announcement. "Due to this, on November 3, 2023, Qualcomm notified Iridium that it has elected to terminate the agreements."

Qualcomm didn't immediately respond to a request for comment. But the statement from Iridium suggests the Snapdragon Satellite platform suffered from technical issues, or perhaps failed to attract interest from smartphone vendors. Back in January, the companies also indicated that the Snapdragon Satellite platform would require supported phones to be manufactured with modems that could communicate with the Iridum network's L-Band radio frequencies.

Lowpass: Amazon has been working on a new operating system to replace Android on Fire TVs, smart displays and other connected devices, I have learned from talking to multiple sources with knowledge of these plans, as well as job listings and other materials referencing these efforts. Development of the new operating system, which is internally known as Vega, appears fairly advanced. The system has already been tested on Fire TV streaming adapters, and Amazon has told select partners about its plans to transition to a new application framework in the near future. A source with knowledge of the company's plans suggested that it could start shipping Vega on select Fire TV devices as early as next year.

Google -- under fire in court for allegedly resting on its laurels thanks to its 90% market dominance -- only made an effort to beef up the quality of its search engine in the European Union after being hit by a record antitrust fine, according to internal documents revealed in the US Justice Department's monopolization case against the tech giant. From a report: The Justice Department is arguing at a trial in Washington that Google's failure to improve its products -- unless put under pressure -- proves that it's illegally maintaining its monopoly. Alphabet's Google planned to improve its European search results only after a record 2018 European antitrust fine, according to the documents, which revealed that Google executives discussed a plan dubbed "Go Big in Europe."

The plan aimed to improve results in France and Germany in 2019 and 2020 with changes such as adding post-game soccer video highlights, more local content and news, pronunciation practice for different languages and more information on local television options available for streaming. The catalyst was a 2018 EU antitrust order that forced Google to offer a choice screen giving Android phone users five search engine options to choose from, according to US antitrust enforcers trying the case.

Google has confirmed in court that Epic was offered a $147 million deal to launch its hit game Fortnite on Android's Google Play Store. From a report: The deal, which Google's VP of Play partnerships, Purnima Kochikar, says was approved and presented to Epic but not accepted, would have seen the money dispensed over a three-year period of "incremental funding" (ending in 2021) to the games publisher. It was meant to stem a potential "contagion" of popular apps bypassing Android's official store and, with it, Google's lucrative in-app purchase fees.

Epic launched Fortnite on Android in 2018 directly through its website, avoiding the Play Store. That allowed it to sell Fortnite's in-game currency, V-Bucks, without paying the commission required of Play Store apps. It relented in 2020, saying that "scary, repetitive security pop-ups" and other factors had put it at a severe disadvantage. But in an antitrust lawsuit filed later that year -- and currently being argued before a jury -- it alleged its initial decision had thrown Google into a panic. It cited internal documents claiming Google feared a "contagion risk" if other game developers (including Blizzard, Valve, Sony, and Nintendo) followed Epic's lead, and it claimed Google attempted to forestall it by offering special benefits or even buying Epic.

The App Defense Alliance (ADA), an initiative set up by Google back in 2019 to combat malicious Android apps infiltrating the Play app store, has joined the Joint Development Foundation (JDF), a Linux Foundation project focused on helping organizations working on technical specifications, standards, and related efforts. From a report: The App Defense Alliance had, in fact, already expanded beyond its original Android malware detection roots, covering areas such as malware mitigation, mobile app security assessments (MASA), and cloud app security assessments (CASA). And while its founding members included mobile security firms such as ESET, Lookout and Zimperium, it has ushered in new members through the years including Trend Micro and McAfee. Today's news, effectively, sees ADA join an independent foundation, a move designed to open up the appeal to other big tech companies, such as Facebook parent Meta and Microsoft, both of which are now joining the ADA's steering committee. The ultimate goal is to "improve app security" through fostering greater "collaborative implementation of industry standards," according to a joint statement today.

Combing through the code of the new version of Google Photos app for Android, some users have found that Google plans to restrict Magic Editor, a feature it unveiled at Google I/O this year, from making certain kinds of edit. AndroidAuthority: Summarizing the strings above, it seems Magic Editor will refuse to edit:
1. Photos of ID cards, receipts, and other documents that violate Google's GenAI terms.
2. Images with personally identifiable information.
3. Human faces and body parts.
4. Large selections or selections that need a lot of data to be generated.