Android

OnePlus Will Continue Software Updates After US and Europe Exit (9to5google.com) 15

OnePlus has confirmed that it will exit the North American and European markets, consolidating its operations under parent company Oppo. Existing customers will continue to receive "software updates, security patches, and applicable support," but OxygenOS will be replaced by Oppo's ColorOS. 9to5Google reports: As a part of its shutdown in global regions, OnePlus has confirmed that its flavor of Android, OxygenOS, is going away. Instead, all active OnePlus devices will be moving over to Oppo's ColorOS starting with their Android 17 updates. This includes in India, where OnePlus is adamant it will continue operations -- reliable reporting disagrees.

OnePlus explains: "As part of an operational adjustment to our software strategy, following the official release of ColorOS 17, users globally with existing OnePlus devices that fall within the eligible upgrade scope will have the option to voluntarily update to the latest ColorOS. This enables us to streamline software development, accelerate update delivery, improve software quality, and make better use of our shared engineering and R&D capabilities."

[...] OnePlus will continue "maintenance support" for OxygenOS versions on older models not included in the Android 17 update scope, but newer devices will likely need to make the switch to ColorOS for all forms of continued support. OnePlus does explain that rollback versions to OxygenOS will be available for those who prefer the prior experience: "OnePlus devices will be able to choose whether to update to the latest ColorOS system. Older models that are not included in the update scope will also continue to receive version maintenance support. If users update to ColorOS, they will be able to roll back to OxygenOS. The specific rollback versions available will be subject to future official announcements."

Security

Iran Abused Mobile Networks' Vulnerabilities To Locate US Military In Middle East (techcrunch.com) 140

An anonymous reader quotes a report from TechCrunch: The Iranian government abused well-known vulnerabilities in the global telecoms infrastructure to locate U.S. military personnel in the build-up to the Iran War, as well as in the early days of the conflict, according to Financial Times. The Iranian government exploited Signaling System 7, or SS7, a set of protocols for 2G and 3G networks that has long been the backbone of how cellular networks connect to each other to route subscribers' calls and texts around the world, the newspaper reported, citing research by the Mobile Surveillance Monitor, as well as anonymous government officials with knowledge of the spy campaign.

Intelligence agencies have long abused SS7 to track cellphones abroad, which is what happened in this campaign. Using this technique, Iran was reportedly able to locate U.S. military forces stationed in military bases as well as hotels in Iraq, Bahrain, and other countries in the Middle East, which allowed the regime to strike them. These attacks resulted in several injuries. Apart from SS7, Iran also abused advertising technology used to serve tailored ads to cellphone users, another well-known surveillance technique that relies on everyday technology.

Cellphones

OnePlus Is Reportedly Shutting Down In the US, Europe (9to5google.com) 65

OnePlus will reportedly announce this week that it is shutting down its brand in the U.S. and Europe, following months of signs that parent company Oppo was winding down the brand's global presence. India and China are reportedly unaffected, but it's unclear whether Oppo will replace the brand directly in those markets. The move also raises questions about future support for existing OnePlus users. 9to5Google reports: WinFuture reports that OnePlus is gearing up for an official withdrawal from the U.S. and European markets, with the announcement due in the "coming days" this week. Closed-door press conferences have apparently happened, with no details shared on the exact reason OnePlus as a brand is shutting down in these markets. India and China are, as far as this report claims, not affected. The report, citing "well-informed sources," notes that this OnePlus announcement will come amid "fundamental changes" to Oppo's strategy, but the big point here is the global death of OnePlus.
Security

US Government Warns That Russia State Hackers Are Coming After Your Router (arstechnica.com) 76

CISA and allied governments are warning users to secure their routers as Russian state-backed hackers continue compromising the devices and turning them into proxy nodes to disguise attacks against critical infrastructure. The advisory urges users to disable outdated SNMP versions, use strong passwords, update firmware, and turn off unnecessary router services to reduce the risk of being swept into these botnets. Ars Technica reports: "Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks," the Cybersecurity and Infrastructure Security Agency said Monday. The hacking groups are tracked under various names, including Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra. The advisory was co-issued by governments from around the world, including Australia, Denmark, New Zealand, and the UK.

The primary means of compromise the agency warned about was hackers scanning IP ranges with active Simple Network Management Protocol (SNMP) agents that accept common or default authentication credentials. These scans are run by the very sorts of router botnets the actors are trying to enroll the targeted device in. By sending malicious traffic from spoofed addresses, the hackers can use the SNMP agent on poorly configured routers to run malware. SNMP allows users to collect and organize information about managed networking devices or to modify that information to change device behavior.

With control of a device, the hackers then use it as an exit node when probing or attacking targets in the communications, defense, energy, financial services, and government sectors. By funneling the malicious traffic through a benign-appearing device on a trustworthy IP address, the attackers are able to lower the chances of getting blocked by firewalls and other security defenses. Monday's advisory made no mention of identical operations carried out in recent years by China. So-called residential proxies are also a go-to tool used by financially motivated criminal hackers to obscure their true IP address. In many cases, these sorts of proxies are made up of millions of streaming devices that are sold with preloaded malware.

Cellphones

Parents' Phone Addiction Affects Bond With Kids, New Study Finds (bloomberg.com) 52

An anonymous reader quotes a report from Bloomberg: Parents' attachment to screens and smartphones can have negative, long-lasting developmental and psychological effects on their children, according to new research. Caregivers who mismanage their devices can both exacerbate "insecure attachment" and make healthy relationships more anxious and avoidant for children, according to the findings, which were published last month in Frontiers in Psychology, a peer-reviewed journal. The study, which surveyed 600 minors in the US from 12 to 17 years old, found that kids reported feeling marginalized or neglected by parents glued to their screens. "A child with insecure attachment may lack confidence or display a lower sense of self; demonstrate difficulty with interpersonal relationships and intimacy; and possess an unwillingness to take risks necessary to achieve success," reports Bloomberg, citing one of the study's researchers.

This type of behavior has become normalized: 2024 Pew data found that nearly half of U.S. teens say their parents are at least sometimes distracted by phones during interactions. "When parents were asked about their own behavior, far fewer said this was an issue," the report adds. "Still, earlier Pew data from 2020 found most parents feel their phones can interfere with quality family time, with 68% reporting being 'at least sometimes' distracted by them.
The Courts

Supreme Court Allows Texas To Require Age Verification For Mobile Apps (cnn.com) 120

The Supreme Court allowed Texas to enforce a law requiring app stores to verify users' ages and obtain parental consent before minors can download apps. Tech industry groups argue the law broadly restricts young people's access to digital speech, but the court let a 5th Circuit order stand without explanation or noted dissents. CNN notes that the Supreme Court's decision "doesn't resolve the case but rather will allow Texas to enforce the law while the litigation continues to play out." From the report: "A minor child who downloads a software application from an app store agrees to contractual terms of service, including whether the child's location will be tracked, whether the child's privacy will be protected, whether information from the child's phone can be sold by the developer, and whether the child waives the right to sue," Texas told the Supreme Court in urging the court to allow its law to take effect.

But the Computer & Communications Industry Association, a trade group whose members include Apple and Google, said the law would effectively bar young people from accessing a wide range of content, "be it a book by Ernest Hemingway or J.K. Rowling, a Taylor Swift album, or a subscription to National Geographic." Allowing the law to take effect, the group said, would have "profound consequences for the protection of digital speech."

[...] In the new case, involving Texas' age verification for apps, a federal district court blocked the law's enforcement in December -- days before it was set to take effect. But a three-judge panel of the conservative 5th US Circuit Court of Appeals put that decision on hold in early June, allowing the state to enforce it. By declining to take up the emergency appeal from the computer and student groups, the Supreme Court has left the 5th Circuit's decision in place.

GNU is Not Unix

FSF Shares Update on 'LibrePhone' and New Automated Site Monitoring Tool (fsf.org) 20

At the end of 2025, the FSF launched LibrePhone project, which is working to "better understand and reverse-engineer the nonfree blobs used by a great majority of (if not all) system on a chip designs available today." The FSF's summer newsletter shares this update: We started with researching the proprietary files in Android phones supported by the Lineage project, an Android-based volunteer-led mobile phone operating system with much free software already in it. Our current, primary focus is on the radio blobs that control WiFi, Bluetooth, NFC, and cellular communications.

The software freedom issues with mobile computing have been around for a long time, with the most challenging issue being the baseband/modem firmware that relies heavily on proprietary software. This creates a technical and legal maze that is nearly impossible to break free from, but that doesn't mean we should ever stop working to create free systems. It certainly doesn't mean we shouldn't liberate the software that we know can be free software. Now, half a year into this project, lead developer Rob Savoye has extracted firmware from over 200 Lineage install packages, processed 85GB of files, and imported the results of these analyses into a PostgreSQL database for cross-device comparison... [M]uch of the software and blobs we need to work through are shared across multiple devices; this means even greater strides for mobile phone freedom...

As insurmountable as it may seem at times, every blob we manage to free up will be progress. The FSF has proven time and time again that it can bring the free software philosophy to life, not just by advocating for it, but by making it so.

The bulletin also describes how waves of botnets from "aggressive LLM scrapers, vulnerability scanners, poorly optimized CI/CD servers" inspired the FSF to create a new free-as-in-freedom automated monitoring tool: In our efforts to combat the botnets, we optimized several detection rules to ban abusive behavior. We found the upper limit of fail2ban and replaced it with reaction, an efficient alternative with our configuration that uses ipset. We also split several monolithic machines into many separate machines so that when a web service is overwhelmed the other functions of the service do not go down with it... We found quite a few ways to respond to and prevent botnet attacks, but still faced a significant related challenge: communicating when a website or service is down...

Uptime Kuma is a human-readable, automated monitoring addition to our systems... You can check out our recently-launched self-hosted Uptime Kuma instance at https://status.fsf.org/. When you see the page, you will also likely say, "Wow! The FSF and GNU sure do run a ton of services!" and you would be right... If you maintain websites and services, and are looking for a simple way to communicate publicly with your users, consider using Uptime Kuma or another free software solution instead of choosing a proprietary monitoring solution."

There's also an article on the state of free-as-in-freedom videogame console emulators.
Cellphones

OnePlus Is Quietly Steering Customers Toward OPPO Products (androidauthority.com) 32

OnePlus is directing customers in some European markets toward OPPO devices, with its German website presenting OPPO as the natural upgrade path for existing users. The regional handoff adds to "months of speculation that the smartphone brand is slowly being folded into its parent company," reports Android Authority. From the report: The banner, seen on OnePlus' German website, tells visitors seeking "the experience you trust" that OPPO offers the same speed, performance, and compatibility that OnePlus users have come to expect. It hosts devices ranging from earbuds and tablets to OPPO's latest foldables, with each button taking users straight to OPPO's website. Particularly revealing is the wording. Instead of pushing future OnePlus hardware, the company focuses on the fact that OPPO's products are built on the hardware and software that users already know, while promising seamless compatibility with current OnePlus devices. In other words, if you're up for your next upgrade, OnePlus seems to be saying OPPO has what you're looking for right now.

Reports in the past several months have said OnePlus has been scaling back operations in several global markets. Previous restructuring reportedly included cutting headcount, a more focused regional strategy, and greater dependence on OPPO's infrastructure. The two brands have been sharing engineering resources, software development, and supply chains for years now, particularly as OxygenOS and ColorOS have begun to look more and more alike.

Interestingly, the change appears to be regional. OPPO already has a retail footprint in Germany, so the handoff is fairly straightforward. In the United States, however, things are very different, where OPPO does not officially sell smartphones. That means American OnePlus customers aren't getting the same messaging, mostly because there isn't an OPPO lineup waiting to step in.

Security

Apple iPhone 18 Details Leaked In Tata Data Breach (yahoo.com) 13

"Another breach at Tata has leaked details about Apple's iPhone 18, along with documents belonging to several other Tata clients," writes Longtime Slashdot reader Ritz_Just_Ritz. "It's becoming a recurring theme for the company." Reuters reports: Reuters has previously reported the Tata Electronics leak of more than 200,000 files on the dark web by World Leaks had files with purported component design papers of older iPhones and some parts of Tesla -- both Tata clients. They also included documents of Taiwan Semiconductor Manufacturing Co and Qualcomm, both of which make parts used in iPhones. New documents reviewed by Reuters show there are at least six files that map many components in the iPhone 18 Pro models to the specific company that supplies them. These include details of chips on its main circuit board and parts of the battery and cameras.

Apple considers this detail sensitive and is concerned about the documents being shared on the dark web as they relate to unreleased models, according to the person familiar with the matter. The data maps suppliers to iPhone parts, which Apple does not disclose in its public database of suppliers, the person added. In all, the documents detail hundreds of parts to be on the upcoming iPhone 18 Pro models. The records also show where Apple draws a part from several suppliers and where it relies on just a few, laying bare both its bargaining leverage and its vulnerabilities.
More broadly, the leak threatens Apple's trust in Tata just as Tata is becoming central to its effort to shift iPhone production away from China. With India expected to produce roughly a quarter of the world's iPhones in 2026, any deterioration in that relationship could complicate Apple's diversification strategy and force tighter security controls across its suppliers.
Power

Spain To Require Carriers To Keep Mobile Networks Live During Power Outages (reuters.com) 108

An anonymous reader quotes a report from Reuters: Spain will require mobile networks to have backup systems that maintain connectivity when power outages occur. Per a royal decree that will be approved by the end of 2026, mobile network operators (MNOs) and infrastructure companies will need to install batteries or other backups to keep service active for at least four hours during a blackout.

The mobile network rules will apply to businesses that serve at least 500,000 users or generate upwards of 50 million euros ($56.9 million) in annual revenue. The decree will stipulate that half of the population will need to be covered by this failsafe within the first year, then 65 percent in the second year and three quarters in the third.

[...] The decree will require other key infrastructure elements to remain up and running for a certain period after a power outage. For instance, control centers that could impact all of Spain if they were to go offline will need to remain in service for at least 24 hours. Emergency call centers will also need to have plans in place to maintain operations, as Reuters notes.
The move is in response to the widespread blackout across the Iberian peninsula in 2025, which left more than 50 million people without power. Experts called it "the most severe and unprecedented blackout that had occurred in Europe in the past 20 years."
Cellphones

2,000 Retired Google Pixel Phones Get a Second Life As a Private Cloud (theregister.com) 27

UC San Diego researchers are working with Google to build a private cloud from 2,000 retired Pixel Fold motherboards, demonstrating how discarded smartphones could provide useful, low-cost computing capacity. "The full smartphone cluster is expected to launch this fall," reports The Register. "Depending on how well the initial phase goes, we're told the cluster could grow even larger." From the report Once the phone's motherboards have been extracted from their shells, the researchers say that the chips hiding within remain more than potent enough to be useful for a variety of tasks. In many cases, the single-threaded performance of these chips is as good as, if not better than, what you'd find from a many-cored datacenter chip. The Pixel Fold smartphones, which will form the basis of the cluster, are powered by a Google Tensor G2 processor with two 2.85 GHz Cortex-X1, two 2.35 GHz Cortex-A78 and four 1.80 GHz Cortex-A55 Arm cores, a Mali-G710 MP7 GPU, and 12 GB of system memory. Early benchmarking using the SPEC suite suggests that 25-50 phones should deliver performance similar to that of a conventional server.

The major challenge, instead, is distributing workloads across multiple devices, each of which has a handful of cores of one or more varieties, and most have 8-12 GB of memory. UCSD researchers are approaching this challenge from a couple of different angles. The first is by targeting applications that can easily fit within a single device. The second is using Kubernetes to orchestrate container deployments across clusters of 25-50 phones. For this to work, the devices first need to be flashed with a Linux operating system suitable for the job. While Android makes for a great handheld experience, it is not intended for server duty. In the blog post, researchers note that Android includes functionality intended to stop rogue applications from chewing up excessive amounts of memory and draining your battery. In server context, these safety mechanisms are no longer necessary.

[Ryan Kastner, an associate professor of computer science at UCSD] told us this was by no means an easy task, but the team has made steady progress toward getting Linux running smoothly on these devices, including support for the phone's onboard GPUs. Access to some functionality, like the chip's integrated tensor processing unit, remains elusive. Clustering these devices will require networking the phones together. Normally these devices would connect over cellular or Wi-Fi, but at this scale, this not only isn't practical, but also has implications for security, he explained. Instead, the team will employ PCBs that both supply power and break out wired Ethernet networking.

The researchers suggest that many EdTech, grading, and research workloads commonly run by universities in the cloud are small enough to run on the cluster without issue. "The vast majority of these applications are within the capabilities of a single smartphone to host, with the standard grading backend running on small cloud instances," a blog post detailing the planned deployment reads. "Early experiments show that even a moderately-sized cluster of 20 phones is capable of supporting peak submission rates for a 75+ student class."

Cellphones

Cellphone Alert System Breached in Brazil, Message Sent in Leetspeak (cnn.com) 9

CNN reports: An unauthorized alert bearing a mysterious message that was sent to cell phones in several states across Brazil on Saturday morning is suspected to be the work of hackers, the Brazilian government said. Devices lit up with the word "misantropi4," an alphanumeric spelling of the Portuguese word "misantropia," which in English translates to "misanthropy". The final letter "a" was substituted with a number '4' — a practice often used by hackers and termed "leetspeak.". The alert — categorized as "extreme" — was initially received in the southern state of Paraná, but a second warning was triggered a few minutes later for cell phones in the major cities of São Paulo and Rio de Janeiro. Brazilian authorities said that the National Civil Defense's warning platform was taken offline after being targeted by a likely hacker attack, and the government is working to restore the tool once all security conditions are reestablished.
Security

New Unpatchable Exploit Targets Apple Devices With A12 and A13 Chips (9to5mac.com) 39

Researchers have disclosed a new unpatchable BootROM exploit affecting Apple devices with A12, A13, S4, and S5 chips. The attack requires physical USB access and DFU mode, but can let an attacker run code before iOS loads, bypass signature checks, and boot modified software. 9to5Mac reports the details: In a highly detailed technical post published today, the Paradigm Shift Team details usbliter8, a new exploit that "leverages both a hardware bug in the USB controller and a specific configuration flaw present in the device firmware" and cannot be patched. The PS Team explains that ahead of today's disclosure, it shared its findings and worked with Apple Product Security to coordinate the release. The researchers also thanked Apple's security team for its "prompt response, constructive engagement, and cooperation throughout" the process.

In a nutshell, this bug affects the following Apple SoCs: A12, S4, S5, and A13. [...] They add that "technical support for A12X/Z is possible," but "it is not currently implemented." That could add the 2018 and 2020 iPad Pro lineups to the list. The way usbliter8 works is: it sends specially crafted data to a device over USB while it is in DFU mode, confusing the USB controller and causing it to write data to the wrong part of memory. That gives an attacker with physical access to the device control over its startup process. From there, they can run their own code before iOS loads, bypass signature checks, and boot modified system software.

Importantly, the exploit does not affect or compromise the device's Secure Enclave, which in practice means that data such as passcodes and encrypted user data remain secure. That said, PS Team says that "although usbliter8 doesn't affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave," adding that "by releasing this exploit publicly, we hope to highlight the real-world impact of these hardware flaws and contribute to a broader understanding of modern SecureROM security." [...] Given that this is also an unpatchable exploit, the researchers note that "affected users should be aware that migrating to newer hardware remains the most effective mitigation."

Android

Android 17 Drops For Pixel Phones and Watch (phonearena.com) 27

Google has begun rolling out Android 17, the June Pixel Feature Drop, and Wear OS 7 simultaneously across supported Pixel phones and watches. Highlights include floating app bubbles, improved foldable multitasking and gaming, tighter location and contact permissions, stronger lost-device protections, new Pixel AI tools, and up to 10% better Pixel Watch battery life. PhoneArena reports: Pixel owners are the clear winners, since everything here reaches Pixel first and a lot of it goes back to the Pixel 6. Fold owners get the most toys, with the Bubble Bar and foldable gaming mode built for the big screen. Watch wearers get the quietly important upgrade. Better battery and Live Updates make an everyday wearable easier to rely on, especially if you keep it on overnight. Google's latest Pixel Drop combines several AI-powered tools with a broader slate of Android 17 upgrades. Pixel owners gain Lyria 3 for generating music from text or images, Gemini Omni for creating custom video clips, enhanced call translation and screening, AirDrop-compatible Quick Share, expanded Magic Cue support, and conversational photo editing.

Android 17 builds on those additions with floating app Bubbles, selfie-camera Screen Reactions, and a split-screen gaming mode for foldables, while also strengthening privacy and security with more granular location and contact permissions, improved lost-device protection, tighter PIN-guessing limits, and enhanced threat detection.

Other additions include expanded parental controls, separate assistant volume and app memory settings, and an option to hide app names for greater privacy.

You can read more about everything new in Android 17 in Google's blog post.
The Almighty Buck

Tim Cook Says Apple Price Increases Are 'Unavoidable' Due To Memory Costs (macrumors.com) 73

An anonymous reader quotes a report from MacRumors: Apple is raising its prices to offset the high cost of memory and storage, CEO Tim Cook told The Wall Street Journal. Apple is no longer able to absorb the increased prices and will need to pass some of the cost on to consumers. "Unfortunately, price increases are unavoidable," said Cook. "We're doing our best to mitigate the huge increases that are being passed to us, and we've been trying to shield our customers from the increases, but the situation has become unsustainable."

Growing demand for memory and storage chips from AI companies has led to chip shortages and higher costs. The Wall Street Journal suggests Apple will need to increase device costs "substantially" to maintain its current profit margins given the cost of memory chips and SSDs. Research firm TechInsights claims Apple will need to make the iPhone 18 Pro around $270 more expensive to keep its existing profit margin.

Apple is struggling more with memory chips, but storage chips are also an issue. "There's less supply at a time when consumers want devices and the memory guys are passing along huge price increases," Cook told The Wall Street Journal. Cook said Apple will use its cash to increase memory supply, but he did not give details on what that means. Apple does not plan to create its own memory and storage factories. "We can't do everything," Cook said. "We know what we're good at."
Cook likened the memory shortages to a hundred-year flood. "I've never seen anything like it in any area in over 40 years," he said.

Further reading: Smartphone Market To Shrink 15% This Year Due To Memory Crisis

Slashdot Top Deals