The U.K.'s antitrust watchdog has given the clearest signal yet that interventions under an upcoming reform of the country's competition rules will target tech giants Apple and Google -- including their duopolistic command of the mobile market, via iOS and Android; their respective app stores; and the browsers and services bundled with mobile devices running their OSes. From a report: So it could mean good news for third-party developers trying to get oxygen for alternatives to dominant Apple and Google apps and services down the line. Publishing the first part of a wide-ranging mobile ecosystem market study -- which was announced this summer -- the Competition and Markets Authority (CMA) said today that it has "provisionally" found Apple and Google have been able to leverage their market power to create "largely self-contained ecosystems"; and that the degree of lock-in they wield is damaging competition by making it "extremely difficult for any other firm to enter and compete meaningfully with a new system." "The CMA is concerned that this is leading to less competition and meaningful choice for customers," the watchdog writes in a press release. "People also appear to be missing out on the full benefit of innovative new products and services -- such as so-called 'web apps' and new ways to play games through cloud services on iOS devices."

Apple has released a new Android app called Tracker Detect, designed to help people who don't own iPhones or iPads to identify unexpected AirTags and other Find My network-equipped sensors that may be nearby. CNET reports: The new app, which Apple released on the Google Play store Monday, is intended to help people look for item trackers compatible with Apple's Find My network. "If you think someone is using AirTag or another device to track your location," the app says, "you can scan to try to find it." If the Tracker Detector app finds an unexpected AirTag that's away from its owner, for example, it will be marked in the app as "Unknown AirTag." The Android app can then play a sound within 10 minutes of identifying the tracker. It may take up to 15 minutes after a tracker is separated from its owner before it shows up in the app, Apple said.

If the tracker identified is an AirTag, Apple will offer instructions within the app to remove its battery. Apple also warns within the app that if the person feels their safety is at risk because of the item tracker, they should contact law enforcement. [...] The Tracker Detect app, which Apple first discussed in June, requires users to actively scan for a device before it'll be identified. Apple doesn't require users have an Apple account in order to use the detecting app. If the AirTag is in "lost mode," anyone with an NFC-capable device can tap it and receive instructions for how to return it to its owner. Apple said all communication is encrypted so that no one, including Apple, knows the location or identity of people or their devices.

Google is bringing Android games from Google Play to Windows laptops, PCs, and tablets, the company announced on Thursday. Gizmodo reports: Google announced a standalone Google Play Games launcher that lets gamers play mobile titles on Windows PCs at The Game Show Awards on Thursday. The upcoming app will allow players to close out of their game on one device and resume playing where they left off on another. This means you could switch between a Chromebook, Windows PC, and Android phone without losing saved data. The app, which is being built and distributed by Google, runs games locally on your system, no cloud streaming required. So far, Google has only teased the service in a brief video clip, so some important details haven't been revealed. We do, however, know it is set to arrive sometime in 2022.

JoeyRox writes: Last week, a Reddit user reported that they weren't able to call 911 using their Pixel 3 and later said they were working with Google support to figure out the issue. Yesterday, Google announced what was causing the issue in a reply to the post: an "unintended interaction between the Microsoft Teams app and the underlying Android operating system." In its comment, Google says that the bug happens when someone is using Android 10 or later and has Teams installed but isn't logged into the app. The company says that Microsoft will be releasing an update to Teams "soon" to prevent the issue and that there's an update to Android coming January 4th.

For their fifteenth International Day Against DRM this Friday, the Free Software Foundation's "Defective by Design" campaign is "calling on you to help us send a message to purveyors of Digital Restrictions Management (DRM)".

And this year they're targeting Disney+ The ongoing pandemic has only tightened the stranglehold streaming services have as some of the most dominant forms of entertainment media, and Disney+ is among the worst of them. After years of aggressive lobbying to extend the length of copyright, based on their perceived need to keep a certain rat from entering the public domain, they've now set their sights on "protecting" their various franchises in a different way: by shackling them with digital restrictions. If Disney's stated mission is to keep "inspiring hope and sparking the curiosity of all ages", using DRM to limit that curiosity remains the wrong move.

This year, we'll be using one of Disney's own means of spreading their "service" and the DRM bundled with it: their mobile app. If you're an existing user of the Google Play (Android) or Apple App Stores, you can support the International Day Against DRM by voicing your objection to Disney's subjugation of their users. Streaming services like Netflix and Peacock have the same issues, but by targeting a newer one with such massive investment and capital behind it, we can make sure that we're heard. Disney+ is new: that gives it time to change.

Disney+ is placed near the top of the most frequently downloaded apps on both the Google Play and Apple App Stores. We invite you to write a well-thought objection to Disney's use of DRM, with a fitting review. It is the perfect way to let the corporation, and other users intending to use its services know Disney's grievous mistake in using DRM to restrict customers who already want to view their many films and television shows. It will give you a chance to give them the exact rating that any service that treats its users so poorly: a single star.

DRM isn't the only problem with the Disney+ app. It's also nonfree software. If you're not already an Android or iOS user, we don't recommend starting an account just to participate in this action. You can also choose to send an email to Disney executives following our template.
They're urging supporters to also share the actions they've taken on social media using the tag #DayAgainstDRM. (And there's also an IRC channel "to discuss and share strategies for anti-DRM activism," with more anti-DRM actions still to come.

"While some aspects of the struggle have changed, the core principles remain the same: users should not be forced to surrender their digital autonomy in exchange for media."

According to Insider, Google is planning to launch its own in-house smartwatch in 2022. "Two employees said a spring launch was possible if the latest testing round is a success, however all sources stressed that details and timelines were subject to change depending on feedback from employees testing the device," reports Insider. From the report: The device, which is internally codenamed "Rohan," will showcase the latest version of Google's smartwatch software to customers and partners [...]. To date, Google has opted to create software for smartwatches built by partners such as Samsung, but has not made a device of its own. [...] Unlike the Apple Watch, Google's smartwatch is round and has no physical bezel, according to artistic renders viewed by Insider and employees who have seen it. Like Apple's device, it will capture health and fitness metrics.

The watch has sometimes been referred to internally as the "Pixel watch" or "Android watch," but executives have used a variety of names to refer to the project and it is unclear what branding Google will land on if and when it launches the device. [...] The Rohan watch has a heart-rate monitor and offers basic health-tracking features such as step counting. In its current form the watch will require daily charging, according to a feedback document seen by Insider. One employee testing the watch lamented the charging was slow. Like the Apple Watch, Google's wearable will also use proprietary watchbands. [...]

At the Snapdragon Tech Summit 2021 yesterday, Qualcomm introduced their new always-on camera capabilities in the Snapdragon 8 Gen 1 processor, which is expected to arrive in high-end Android phones early next year. The company says this new feature will let users wake and unlock their phone without having to pick it up or have it instantly lock when it no longer sees their face. Even though Judd Heape, Qualcomm Technologies vice president of product management, said that the "always-on camera data never leaves the secure sensing hub while it's looking for faces," it raises a serious privacy concern that "far outweighs any potential convenience benefits," argues The Verge's Dan Seifert. From the report: Qualcomm is framing the always-on camera as similar to the always-on microphones that have been in our phones for years. Those are used to listen for voice commands like "Hey Siri" or "Hey Google" (or lol, "Hi Bixby") and then wake up the phone and provide a response, all without you having to touch or pick up the phone. But the key difference is that they are listening for specific wake words and are often limited with what they can do until you do actually pick up your phone and unlock it. It feels a bit different when it's a camera that's always scanning for your likeness.

It's true that smart home products already have features like this. Google's Nest Hub Max uses its camera to recognize your face when you walk up to it and greet you with personal information like your calendar. Home security cameras and video doorbells are constantly on, looking for activity or even specific faces. But those devices are in your home, not always carried with you everywhere you go, and generally don't have your most private information stored on them, like your phone does. They also frequently have features like physical shutters to block the camera or intelligent modes to disable recording when you're home and only resume it when you aren't. It's hard to imagine any phone manufacturer putting a physical shutter on the front of their slim and sleek flagship smartphone.

Lastly, there have been many reports of security breaches and social engineering hacks to enable smart home cameras when they aren't supposed to be on and then send that feed to remote servers, all without the knowledge of the homeowner. Modern smartphone operating systems now do a good job of telling you when an app is accessing your camera or microphone while you're using the device, but it's not clear how they'd be able to inform you of a rogue app tapping into the always-on camera. [...] But even if it's not found in every phone next year, the mere presence of the feature means that it will be used by someone at some point. It sets a precedent that is unsettling and uncomfortable; Qualcomm may be the first with this capability, but it won't be long before other companies add it in the race to keep up. Maybe we'll just start having to put tape on our smartphone cameras like we already do with laptop webcams.

Over 300,000 Android smartphone users have downloaded what turned out to be banking trojans after falling victim to malware that has bypassed detection by the Google Play app store. ZDNet reports: Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions that are advertised in order to avoid users getting suspicious. In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.

The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users -- researchers describe it as an "advanced" banking trojan that can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user's screen, while a keylogger allows attackers to record all information entered into the phone. [...] The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan that can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store. [...] The other two forms of malware that have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber-criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information. ThreatFabric has reported all of the malicious apps to Google and they've either already been removed or are under review.

An anonymous reader writes: People running Android phones may want to hold off upgrading to Android 12 if they also use apps purchased through the Amazon Appstore. The Appstore app itself is not compatible with Android 12, which prevents many, if not all, apps purchased and downloaded via Amazon from running. The Android OS update began to be rolled out to Pixel phones over a month ago, and more recently, newer Samsung Galaxy handsets, such as the S21. Amazon has acknowledged the problem in a 90-post support forum thread, as well as in the Appstore app itself, but has not provided a timeline for a fix to restore users' apps.

Mozilla announced last week via a support article that its Firefox Lockwise password manager app will reach end-of-life on December 13th. The final release versions are 1.8.1 (iOS) and 4.0.3 (Android) and will no longer be available to download or reinstall after that date. The Verge reports: What started in 2018 as a small experimental mobile app called Lockbox ended up bringing a way to access saved passwords and perform autofills on iOS, Android, and desktop devices to a small but enthusiastic following of Firefox fans. The app was also later adapted as a Firefox extension. It seemed like it was apt to stick around for the long run.

The support article recommends that users continue accessing passwords using the native Firefox browsers on desktop and mobile. In an added note on the support site, Mozilla suggests that later in December, the Firefox iOS app will gain the ability to manage Firefox passwords systemwide. The note alludes to Mozilla adopting the features of Lockwise and eventually integrating them into the Firefox browser apps natively on all platforms.

An anonymous reader quotes a report from The Verge: Tile popularized marking items and tracking them from your phone with its small Bluetooth tags, but suddenly faces more competition from giants like Apple, Amazon, Google, and Samsung. The company that started out of an incubator and crowdfunding campaign has announced it will be acquired by Life360, which calls itself a "leading family safety platform." The deal is valued at $205 million and is expected to close in the first quarter of 2022. Tile has developed its product line over the years with a variety of different trackers and partnerships with other companies to use its technology. It also has a subscription service, Tile Premium, with extra features, battery replacements, and insurance against potential losses. However, the game may have changed once Apple and Google started building their own item-locating features into iPhones and Android devices.

Life360 bills itself as an overall family safety app, with location sharing between family members, crash detection, and other features. Over the summer, it announced that it has over 1 million paying customers and reported its valuation had crossed $1 billion. It also acquired another item locating hardware startup, Jiobit, which makes cellular-connected trackers for kids and pets. Life360 expects the deal will increase the global footprint for both companies, Tile's non-Bluetooth Finding Network, and create a larger combined subscriber base. Currently listed on the stock exchange in Australia, Life360 says it has plans for a "potential dual listing in the US" next year.

Apple sued the NSO Group, the Israeli surveillance company, in federal court on Tuesday, another setback for the beleaguered firm and the unregulated spyware industry. From a report: The lawsuit is the second of its kind -- Facebook sued the NSO Group in 2019 for targeting its WhatsApp users -- and represents another consequential move by a private company to curb invasive spyware by governments and the companies that provide their spy tools. Apple, for the first time, seeks to hold NSO accountable for what it says was the surveillance and targeting of Apple users. Apple also wants to permanently prevent NSO from using any Apple software, services or devices, a move that could render the company's Pegasus spyware product worthless, given that its core business is to give NSO's government clients full access to a target's iPhone or Android smartphone.

Apple is also asking for unspecified damages for the time and cost to deal with what the company argues is NSO's abuse of its products. Apple said it would donate the proceeds from those damages to organizations that expose spyware. Since NSO's founding in 2010, its executives have said that they sell spyware to governments only for lawful interception, but a series of revelations by journalists and private researchers have shown the extent to which governments have deployed NSO's Pegasus spyware against journalists, activists and dissidents. Apple executives described the lawsuit as a warning shot to NSO and other spyware makers. "This is Apple saying: If you do this, if you weaponize our software against innocent users, researchers, dissidents, activists or journalists, Apple will give you no quarter," Ivan Krstic, head of Apple security engineering and architecture, said in an interview on Monday.

Long-time tlhIngan writes: Tim Sweeney is at it again. The CEO of Epic Games blasts Apple and Google and calls for a universal app store that works across all platforms. Naturally, he's proposing that Epic Games manage the store across iOS, Android, Xbox, PC, Nintendo and Sony. Bloomberg (paywalled) has more details. "What the world really needs now is a single store that works with all platforms," said Sweeney in an interview at the Global Conference for Mobile Application Ecosystem Fairness in Seoul, South Korea. "Right now software ownership is fragmented between the iOS App Store, the Android Google Play marketplace, different stores on Xbox, PlayStation, and Nintendo Switch, and then Microsoft Store and the Mac App Store." Sweeney added that Epic Games is working with developers and service providers to create a system to allow users "to buy software in one place, knowing that they'd have it on all devices and all platforms."

"There's a store market, there's a payments market, and there are many other related markets. And it's critical that antitrust enforcement not allow a monopolist in one market to use their control of that market to impose control over unrelated markets." He went on to accuse Apple of complying "with oppressive foreign laws" while "ignoring laws passed by Korea's democracy." "Apple must be stopped," he says.

An anonymous reader quotes a report from ZDNet: Bilibili has joined other Chinese technology powerhouses such as ByteDance, TikTok's parent company, and its rival Kuaishou, in joining the Open Invention Network (OIN). The OIN is the world's largest patent non-aggression consortium. It protects Linux and related open source software and the companies behind them from patent attacks and patent trolls. The OIN recently broadened its scope from core Linux programs and adjacent open source code by expanding its Linux System Definition to other patents such as the Android Open Source Project (AOSP) and the Extended File Allocation Table exFAT file system. The OIN does this by practicing patent non-aggression in core Linux and related open source technologies by cross-licensing Linux System patents to one another on a royalty-free basis. Patents owned by OIN are similarly licensed royalty-free to any organization that agrees not to assert its patents against the Linux System. Any company can do this by simply signing the OIN license online.

As Wang Hao, Bilibili's VP, explained, "We are committed to opening and sharing technologies and providing positive motivation in the innovation field of playback transmission, interactive entertainment, and cloud-native ecology through open source projects. Linux and open source are important software infrastructures that promote business developments. Our participation in the OIN community demonstrates our consistent and ongoing commitment to shared innovation. In the future, we will also firmly support Linux's open source innovation."

Google was so worried about Epic Games sidestepping its app store with Fortnite that it created a task force to confront the issue, according to a legal filing by the game developer. From a report: The task force was created after Epic began offering an Android version of the hugely popular game through Samsung Electronics's Galaxy Store and directly through Epic's website in 2018, giving users a way to bypass the Google Play store, according to the filing. Epic's efforts to avoid paying commissions on app stores from Google and Apple reached a flashpoint last year when both companies removed Fortnite and the game's creator sued them. The legal showdown has help draw criticism and regulatory scrutiny to the app store policies of Alphabet's Google and Apple, which are seen as a dominant force in mobile software. In October, Google countersued, arguing that Epic pushed an "unapproved" version of Fortnite on Android phones that placed users at risk. Google has said that its app store isn't a monopoly since the company allows other stores to run on Android devices, unlike Apple.

"An unprivileged application can corrupt data in memory by accessing 'hammering' rows of DDR4 memory in certain patterns millions of times a second, giving those untrusted applications nearly unfettered system privileges," writes long-time Slashdot reader shoor. Ars Technica reports: Rowhammer attacks work by accessing -- or hammering -- physical rows inside vulnerable chips millions of times per second in ways that cause bits in neighboring rows to flip, meaning 1s turn to 0s and vice versa. Researchers have shown the attacks can be used to give untrusted applications nearly unfettered system privileges, bypass security sandboxes designed to keep malicious code from accessing sensitive operating system resources, and root or infect Android devices, among other things. All previous Rowhammer attacks have hammered rows with uniform patterns, such as single-sided, double-sided, or n-sided. In all three cases, these "aggressor" rows -- meaning those that cause bitflips in nearby "victim" rows -- are accessed the same number of times.

Research published on Monday presented a new Rowhammer technique. It uses non-uniform patterns that access two or more aggressor rows with different frequencies. The result: all 40 of the randomly selected DIMMs in a test pool experienced bitflips, up from 13 out of 42 chips tested in previous work (PDF) from the same researchers. "We found that by creating special memory access patterns we can bypass all mitigations that are deployed inside DRAM," Kaveh Razavi and Patrick Jattke, two of the research authors, wrote in an email. "This increases the number of devices that can potentially be hacked with known attacks to 80 percent, according to our analysis. These issues cannot be patched due to their hardware nature and will remain with us for many years to come."

The non-uniform patterns work against Target Row Refresh. Abbreviated as TRR, the mitigation works differently from vendor to vendor but generally tracks the number of times a row is accessed and recharges neighboring victim rows when there are signs of abuse. The neutering of this defense puts further pressure on chipmakers to mitigate a class of attacks that many people thought more recent types of memory chips were resistant to. In Monday's paper, the researchers wrote: "Proprietary, undocumented in-DRAM TRR is currently the only mitigation that stands between Rowhammer and attackers exploiting it in various scenarios such as browsers, mobile phones, the cloud, and even over the network. In this paper, we show how deviations from known uniform Rowhammer access patterns allow attackers to flip bits on all 40 recently-acquired DDR4 DIMMs, 2.6x more than the state of the art. The effectiveness of these new non-uniform patterns in bypassing TRR highlights the need for a more principled approach to address Rowhammer." While PCs, laptops, and mobile phones are most affected by the new findings, the report notes that cloud services like AWS and Azure "remain largely safe from Rowhammer because they use higher-end chips that include a defense known as ECC, short for Error Correcting Code."

"Concluding, our work confirms that the DRAM vendors' claims about Rowhammer protections are false and lure you into a false sense of security," the researchers wrote. "All currently deployed mitigations are insufficient to fully protect against Rowhammer. Our novel patterns show that attackers can more easily exploit systems than previously assumed."

Huawei, whose smartphone business has been devastated by U.S. sanctions, is planning to license its handset designs to third parties as a way to gain access to critical components, Bloomberg is reporting, citing people with knowledge of the matter. From the report: The Shenzhen-based tech giant is considering licensing its designs to a unit of state-owned China Postal and Telecommunications Appliances Co, or PTAC, which will then seek to buy parts barred under the Trump-era blacklisting, said one of the people, asking not to be identified discussing internal matters. The unit, known as Xnova, is already selling Huawei-branded Nova phones on its e-commerce site and the partnership will see it offer self-branded devices based on the larger company's designs.

Chinese telecom equipment maker TD Tech Ltd. will also sell some phones featuring Huawei's designs under its own brand, another person said. The partnerships are subject to change as negotiations are still ongoing. The move may be Huawei's best chance at salvaging its smartphone business after U.S. sanctions cut off its access to key chipmaker Taiwan Semiconductor Manufacturing Co, Google's Android apps and Qualcomm's 5G wireless modems. Since Huawei first came under fire from the Trump administration, its shrinking consumer business has seen sales fall for four straight quarters.

This week, following successful tests on Android smartphones and tablets, Netflix has announced that it will bring AV1 to TVs. 9to5Google reports: In a blog post this week, Netflix confirms it will start using the AV1 codec on some TVs. AV1, which has been available since 2018, allows for the more efficient encoding and decoding of data for streaming, leading to higher quality for the end user and better use of bandwidth for providers. However, the codec relies on hardware support. To ensure that TVs using AV1 streams will provide a good experience, Netflix says it analyzes the steam to ensure the device is spec-compliant for AV1 decoding.

For the time being, Netflix isn't specifically announcing which devices will support AV1 outside of the Netflix app on Sony's PS4 Pro console. On other TVs, support is only specified as working on "a number of AV1 capable TVs." In theory, this should include a considerable number of Android TV models.

Alphabet unit Google lost an appeal against a 2.42-billion-euro ($2.8-billion) antitrust decision on Wednesday, a major win for Europe's competition chief in the first of three court rulings central to the EU push to regulate big tech. From a report: Competition Commissioner Margrethe Vestager fined the world's most popular internet search engine in 2017 over the use of its own price comparison shopping service to gain an unfair advantage over smaller European rivals. The shopping case was the first of three decisions that saw Google rack up 8.25 billion euros in EU antitrust fines in the last decade. The company could face defeats in appeals against the other two rulings involving its Android mobile operating system and AdSense advertising service, where the EU has stronger arguments, antitrust specialists say. The court's support for the Commission in its latest ruling could also strengthen Vestager's hand in her investigations into Amazon, Apple and Facebook.

Google launched a beta app today that people with speech impairments can use as a voice assistant while contributing to a multiyear research effort to improve Google's speech recognition. From a report: The goal is to make Google Assistant, as well as other features that use speech to text and speech to speech, more inclusive of users with neurological conditions that affect their speech. The new app is called Project Relate, and volunteers can sign up at g.co/ProjectRelate. To be eligible to participate, volunteers need to be 18 or older and "have difficulty being understood by others." They'll also need a Google account and an Android phone using OS 8 or later. For now, it's only available to English speakers in the US, Canada, Australia, and New Zealand. They'll be tasked with recording 500 phrases, which should take between 30 to 90 minutes to record.