Phoronix reports: The Linux 5.17 kernel when it kicks off next month is slated to introduce a new driver "x86-android-tablets" just for dealing with all the quirky/buggy x86 tablets out there.

Longtime Linux developer Hans de Goede of Red Hat has been responsible for numerous x86 laptop/tablet improvements in recent years along with other desktop-related improvements at Red Hat. He has now queued up into the x86 platform drivers tree the x86-android-tablets driver he wrote for dealing with the mess of x86 (mostly Android) tablets that don't behave properly out-of-the-box with Linux.

As part of the ACPI DSDT (Differentiated System Description Table), many x86 tablets have simply invalid entries and other problems that cause issue when trying to run mainline Linux on said hardware. Hans explains as part of the commit currently in the platform-drivers-x86 "for-next" branch....

"This driver, which loads only on affected models based on DMI matching, adds DMI based instantiating of kernel devices for devices which are missing from the DSDT, fixing e.g. battery monitoring, touchpads and/or accelerometers not working."

This new x86-android-tablets driver will basically be a catch-all solution for overrides based on device matching. Hans ended the patch message with, "This is the least ugly option to get these devices to fully work and to do so without adding any extra code to the main kernel image (vmlinuz) when built as a module."

An anonymous reader quotes a report from TechCrunch: A security researcher found a Bluetooth vulnerability in a popular at-home COVID-19 test allowing him to modify its results. F-Secure researcher Ken Gannon identified the since-fixed flaw in the Ellume COVID-19 Home Test, a self-administered antigen test that individuals can use to check to see if they have been infected with the virus. Rather than submitting a sample to a testing facility, the sample is tested using a Bluetooth analyzer, which then reports the result to the user and health authorities via Ellume's mobile app. Gannon found, however, that the built-in Bluetooth analydzer could be tricked to allow a user to falsify a certifiable result before the Ellume app processes the data.

To carry out the hack, Gannon used a rooted Android device to analyze the data the test was sending to the app. He then identified two types of Bluetooth traffic that were most likely in charge of telling the mobile app if the user was COVID positive or negative, before writing two scripts that were able to successfully change a negative result into a positive one. Gannon says that when he received an email with his results from Ellume, it incorrectly showed he had tested positive. To complete the proof-of-concept, F-Secure also successfully obtained a certified copy of the faked COVID-19 test results from Azova, a telehealth provider that Ellume partners with for certifying at-home COVID-19 tests for travel or going into work.

While Gannon's writeup only includes changing negative results to positive ones, he says that the process "works both ways." He also said that, before it was patched, "someone with the proper motivation and technical skills could've used these flaws to ensure they, or someone they're working with, gets a negative result every time they're tested." In theory, a fake certification could be submitted to meet U.S. re-entry requirements. In response to F-Secure's findings, Ellume says it has updated its system to detect and prevent the transmission of falsified results.

Apple has released a new Android app called Tracker Detect, designed to help people who don't own iPhones or iPads to identify unexpected AirTags and other Find My network-equipped sensors that may be nearby. CNET reports: The new app, which Apple released on the Google Play store Monday, is intended to help people look for item trackers compatible with Apple's Find My network. "If you think someone is using AirTag or another device to track your location," the app says, "you can scan to try to find it." If the Tracker Detector app finds an unexpected AirTag that's away from its owner, for example, it will be marked in the app as "Unknown AirTag." The Android app can then play a sound within 10 minutes of identifying the tracker. It may take up to 15 minutes after a tracker is separated from its owner before it shows up in the app, Apple said.

If the tracker identified is an AirTag, Apple will offer instructions within the app to remove its battery. Apple also warns within the app that if the person feels their safety is at risk because of the item tracker, they should contact law enforcement. [...] The Tracker Detect app, which Apple first discussed in June, requires users to actively scan for a device before it'll be identified. Apple doesn't require users have an Apple account in order to use the detecting app. If the AirTag is in "lost mode," anyone with an NFC-capable device can tap it and receive instructions for how to return it to its owner. Apple said all communication is encrypted so that no one, including Apple, knows the location or identity of people or their devices.

Google is bringing Android games from Google Play to Windows laptops, PCs, and tablets, the company announced on Thursday. Gizmodo reports: Google announced a standalone Google Play Games launcher that lets gamers play mobile titles on Windows PCs at The Game Show Awards on Thursday. The upcoming app will allow players to close out of their game on one device and resume playing where they left off on another. This means you could switch between a Chromebook, Windows PC, and Android phone without losing saved data. The app, which is being built and distributed by Google, runs games locally on your system, no cloud streaming required. So far, Google has only teased the service in a brief video clip, so some important details haven't been revealed. We do, however, know it is set to arrive sometime in 2022.

According to Insider, Google is planning to launch its own in-house smartwatch in 2022. "Two employees said a spring launch was possible if the latest testing round is a success, however all sources stressed that details and timelines were subject to change depending on feedback from employees testing the device," reports Insider. From the report: The device, which is internally codenamed "Rohan," will showcase the latest version of Google's smartwatch software to customers and partners [...]. To date, Google has opted to create software for smartwatches built by partners such as Samsung, but has not made a device of its own. [...] Unlike the Apple Watch, Google's smartwatch is round and has no physical bezel, according to artistic renders viewed by Insider and employees who have seen it. Like Apple's device, it will capture health and fitness metrics.

The watch has sometimes been referred to internally as the "Pixel watch" or "Android watch," but executives have used a variety of names to refer to the project and it is unclear what branding Google will land on if and when it launches the device. [...] The Rohan watch has a heart-rate monitor and offers basic health-tracking features such as step counting. In its current form the watch will require daily charging, according to a feedback document seen by Insider. One employee testing the watch lamented the charging was slow. Like the Apple Watch, Google's wearable will also use proprietary watchbands. [...]

At the Snapdragon Tech Summit 2021 yesterday, Qualcomm introduced their new always-on camera capabilities in the Snapdragon 8 Gen 1 processor, which is expected to arrive in high-end Android phones early next year. The company says this new feature will let users wake and unlock their phone without having to pick it up or have it instantly lock when it no longer sees their face. Even though Judd Heape, Qualcomm Technologies vice president of product management, said that the "always-on camera data never leaves the secure sensing hub while it's looking for faces," it raises a serious privacy concern that "far outweighs any potential convenience benefits," argues The Verge's Dan Seifert. From the report: Qualcomm is framing the always-on camera as similar to the always-on microphones that have been in our phones for years. Those are used to listen for voice commands like "Hey Siri" or "Hey Google" (or lol, "Hi Bixby") and then wake up the phone and provide a response, all without you having to touch or pick up the phone. But the key difference is that they are listening for specific wake words and are often limited with what they can do until you do actually pick up your phone and unlock it. It feels a bit different when it's a camera that's always scanning for your likeness.

It's true that smart home products already have features like this. Google's Nest Hub Max uses its camera to recognize your face when you walk up to it and greet you with personal information like your calendar. Home security cameras and video doorbells are constantly on, looking for activity or even specific faces. But those devices are in your home, not always carried with you everywhere you go, and generally don't have your most private information stored on them, like your phone does. They also frequently have features like physical shutters to block the camera or intelligent modes to disable recording when you're home and only resume it when you aren't. It's hard to imagine any phone manufacturer putting a physical shutter on the front of their slim and sleek flagship smartphone.

Lastly, there have been many reports of security breaches and social engineering hacks to enable smart home cameras when they aren't supposed to be on and then send that feed to remote servers, all without the knowledge of the homeowner. Modern smartphone operating systems now do a good job of telling you when an app is accessing your camera or microphone while you're using the device, but it's not clear how they'd be able to inform you of a rogue app tapping into the always-on camera. [...] But even if it's not found in every phone next year, the mere presence of the feature means that it will be used by someone at some point. It sets a precedent that is unsettling and uncomfortable; Qualcomm may be the first with this capability, but it won't be long before other companies add it in the race to keep up. Maybe we'll just start having to put tape on our smartphone cameras like we already do with laptop webcams.

Over 300,000 Android smartphone users have downloaded what turned out to be banking trojans after falling victim to malware that has bypassed detection by the Google Play app store. ZDNet reports: Detailed by cybersecurity researchers at ThreatFabric, the four different forms of malware are delivered to victims via malicious versions of commonly downloaded applications, including document scanners, QR code readers, fitness monitors and cryptocurrency apps. The apps often come with the functions that are advertised in order to avoid users getting suspicious. In each case, the malicious intent of the app is hidden and the process of delivering the malware only begins once the app has been installed, enabling them to bypass Play Store detections.

The most prolific of the four malware families is Anatsa, which has been installed by over 200,000 Android users -- researchers describe it as an "advanced" banking trojan that can steal usernames and passwords, and uses accessibility logging to capture everything shown on the user's screen, while a keylogger allows attackers to record all information entered into the phone. [...] The second most prolific of the malware families detailed by researchers at ThreatFabric is Alien, an Android banking trojan that can also steal two-factor authentication capabilities and which has been active for over a year. The malware has received 95,000 installations via malicious apps in the Play Store. [...] The other two forms of malware that have been dropped using similar methods in recent months are Hydra and Ermac, which have a combined total of at least 15,000 downloads. ThreatFabric has linked Hydra and Ermac to Brunhilda, a cyber-criminal group known to target Android devices with banking malware. Both Hydra and Ermac provide attackers with access to the device required to steal banking information. ThreatFabric has reported all of the malicious apps to Google and they've either already been removed or are under review.

This week, following successful tests on Android smartphones and tablets, Netflix has announced that it will bring AV1 to TVs. 9to5Google reports: In a blog post this week, Netflix confirms it will start using the AV1 codec on some TVs. AV1, which has been available since 2018, allows for the more efficient encoding and decoding of data for streaming, leading to higher quality for the end user and better use of bandwidth for providers. However, the codec relies on hardware support. To ensure that TVs using AV1 streams will provide a good experience, Netflix says it analyzes the steam to ensure the device is spec-compliant for AV1 decoding.

For the time being, Netflix isn't specifically announcing which devices will support AV1 outside of the Netflix app on Sony's PS4 Pro console. On other TVs, support is only specified as working on "a number of AV1 capable TVs." In theory, this should include a considerable number of Android TV models.

Amid a heightened amount of scrutiny and tension surrounding the App Store and how users download and install apps on the iPhone, Apple CEO Tim Cook said today that customers who wish to sideload apps should consider purchasing an Android device as the experience offered by the iPhone maximizes their security and privacy. From a report: Speaking at The New York Times "DealBook" summit, Cook said that customers currently already have a choice between wanting a secure and protected platform or an ecosystem that allows for sideloading. "I think that people have that choice today, Andrew. If you want to sideload, you can buy an Android phone." Cook drew the comparison of sideloading to a carmaker selling a car without airbags or seatbelt, saying it would be "too risky." "I think that people have that choice today, Andrew, if you want to sideload, you can buy an Android phone. That choice exists when you go into the carrier shop. If that is important to you, then you should buy an Android phone. From our point of view, it would be like if I were an automobile manufacturer telling [a customer] not to put airbags and seat belts in the car. He would never think about doing this in today's time. It's just too risky to do that. And so it would not be an iPhone if it didn't maximize security and privacy," he said.

"New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks," reports BleepingComputer.

Cybersecurity company Lookout said on its blog that they'd spotted the malware on Google Play "and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store.... To protect Android users, Google promptly removed the app as soon as we notified them of the malware." We named the malware "AbstractEmu" after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads...

This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years. As the Android ecosystem matures there are fewer exploits that affect a large number of devices, making them less useful for threat actors... By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances...

AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device.
"Apps bundling the malware included password managers and tools like data savers and app launchers," reports BleepingComputer, "all of them providing the functionality they promised to avoid raising suspicions..."

Lookout's blog post said they'd spotted people affected by the malware in 17 different countries.

An anonymous reader quotes a report from Bloomberg: Meta, the company formerly known as Facebook, is developing a smartwatch with a front-facing camera and rounded screen, according to an image of the device found inside one of the tech giant's iPhone apps. The photo shows a watch with a screen and casing that's slightly curved at the edges. The front-facing camera -- similar to what you'd see on a smartphone -- appears at the bottom of the display, and there's a control button for the watch on the right side. The image was found inside of the company's app for controlling its new smart glasses launched in partnership with Ray-Ban. The picture was located by app developer Steve Moser and shared with Bloomberg News.

The watch has a detachable wrist strap and what appears to be a button at the top of the watch case. Its large display mimics the style of Apple's watch -- rather than the more basic fitness trackers sold by Google's Fitbit and Garmin. The camera suggests the product will likely be used for videoconferencing, a feature that would make Meta's device stand out. Apple's smartwatch doesn't have a camera, nor do rival products from companies such as Samsung. Facebook has been planning to launch its first watch as early as 2022, but a final decision on timing hasn't been made yet and the debut could be later, according to a person with knowledge of the matter. The company is working on three generations of the product aimed at different release time frames, the person said. The device in the image could ultimately represent a version that is never released, but it's the first evidence of the company's work on the project. Not only does the code inside the software of the watch indicate it'll work with iOS and Android devices, but it may also be used as an input device or accessory for the company's VR and AR headsets.

At this year's Android Dev Summit, Google announced an upcoming update for devices with larger screens, which includes tablets, foldables, and devices that run ChromeOS. From a report: Google is calling the update 12L, and it's supposed to make Android 12 run smoother on big screens. We first heard the possibility of a "12.1" update in late September, and it looks like many of the rumored features are true. 12L optimizes the layout of a device's UI, adjusting the placement of the home screen, lock screen, notifications, Quick Settings, and more. Google notes that any screen 600 density-independent pixels (dp) and above will display a two-column layout that makes use of the entire screen. In the example Google shows, the Quick Settings menu is pushed towards the left side of the screen, while the notifications panel is locked to the right, giving you the ability to access both simultaneously -- all without opening one app and closing another. 12L also introduces a new taskbar that makes it easier for users to quickly switch between different apps. Dragging and dropping an app from the taskbar opens it up in split-screen mode, which Google notes it has enabled for all apps, whether they're resizable or not.

Nvidia's new RTX 3080 plan for GeForce Now is probably the biggest upgrade for its cloud-streaming service since it turned on RTX ray tracing for subscribers over two years ago. From a report: The new plan is targeted at more traditional gamers for whom 60fps simply doesn't cut it, and it'll cost $100 for every six months you're signed up. In addition to the RTX ray tracing of the Priority plan, it offers 8-hour sessions, up to 1440p and 120fps gaming on PC and Mac (1600p on MacBooks), 4K HDR 60fps with 7.1 surround audio on Nvidia Shield (using DLSS) and up to 120fps on select Android devices. On iOS, GeForce Now has to use Safari rather than a dedicated app, which likely either can't handle or is too locked down to hit the higher frame rates.) According to the company, MacBooks are the second most popular device it sees used by the service, which isn't surprising given how poor the Mac's gaming is compared to PCs. The new MacBook Pro models, with their 120Hz displays, will be able to take advantage of the higher resolution and frame rates.

This morning, at the company's virtual hardware event, Google is finally showing us what it means to pick up and start over again. From a report: In many ways, the Pixel 6 marks the most radical departure in the history of Google's flagship devices -- and its most serious attempt to take the fight to Samsung and Apple. The company gave us our first glimpse of the device back in August. It was a surprisingly complete look at a device it would take another three and a half months to announce. Hardware head Rick Osterloh primarily focused on chips, design and the fact that Google was becoming the latest company to buck its reliance on Qualcomm by building its own in-house chip, Tensor. And now it is. The Tensor had landed, alongside the Pixel 6 and 6 Pro it powers. I have the latter in my possession, and it's immediately clear that this is a radically new direction for the Pixel line. Google's clearly gone in a premium direction with the new device, which shares more common DNA with the likes of Samsung's devices than any of the Pixels we've seen to date.

The Pixel 6 sports a 6.4-inch FHD+ OLED at 411 ppi -- that bit, at least, is keeping with mid-range specs. The Pro bumps it up to a 6.7-inch QHD+ at 512 ppi. Those displays have refresh rates of 90 and 120 Hz, respectively, protected by a Gorilla Glass Victus cover, which curves on the edges. [...] The 6 supports two lenses: a 50-megapixel wide-angle camera and 12-megapixel on the 6, plus a 48 megapixel telephoto on the 6 Pro. That last one does 4x optical or up to 20x Super Res, though even with computational photography, things are going to degrade pretty quickly. The front-facing camera, meanwhile, is eight megapixels on the 6 and 11 megapixels on the 6 Pro, with 84- and 94-degree fields of view, respectively. [...] The company has addressed some of the battery issues that plagued earlier models. The 6 and 6 Pro feature 4,614 and 5,003mAh batteries, respectively -- that's a nice jump from the Pixel 5's 4,080mAh (which, in turn, was a nice jump from the Pixel 4). The Pixel 6 starts at $599 and the Pixel 6 Pro starts at $899.

For its 60th anniversary, Fisher-Price announced a special edition Chatter telephone that can make and receive real phone calls. Engadget reports: Before you start planning on where to display it at your home, know that it doesn't work as a landline unit. It connects to your iOS or Android phone via Bluetooth instead and has to be within 15 feet of your mobile device to work. You'll get nine hours of talk time on the Chatter phone on a single charge, and it comes with a speakerphone button. Other than the features that make it a working device, this Chatter for grown-ups looks just like its toy counterpart with its rotary dial, red handset and wheels. [...] You can get the fully functional Chatter for $60 exclusively from Best Buy's website, starting today until supplies last.

Pine64 today announced its latest Linux-powered device, the PinePhone Pro, an update to the original PinePhone which sees a more powerful device running mainline Linux (Manjaro in this case) on a mobile device that works as a cellphone and a desktop computer. Tom's Hardware reports: This combination of hardware and software makes the still slightly futuristic idea of confluence between mobile and desktop devices seem a step closer. Carry it around with you, and it's a phone. Plug it into a monitor, and it's a desktop PC. The KDE Plasma Mobile front-end adapts to the circumstances. Inside, it's much like any other phone, with a Rockchip RK3399S six-core SoC operating at 1.5GHz, 4GB of dual-channel LPDDR4 RAM, and 128GB of internal eMMC flash storage. It features a 13MP main camera sensor and a 5MP front-facing camera. There's a Micro-SD slot for expanded storage, and a six-inch 1440 x 720 IPS touchscreen. The PinePhone Pro is not a typical cell phone, rather the concept of convergence, the ability to use your phone as a computer is intriguing. Plug your PinePhone Pro into an external display and use it as a low-power desktop computer is something that has been attempted by a number of companies, including Canonical's attempt with Ubuntu Edge.

PinePhone Pro offers something that is missing from the majority of phones, privacy. A series of hardware DIP-switches, hidden under a rear cover, cut off access to the cameras, microphone, Wi-Fi 5 and Bluetooth 4.1 chips, headphone jack, and LTE modem (including GPS) should you ever need to. The layout and Pogo Pins of the new phone are identical to the original PinePhone, so all existing accessories should work. Retailing at $399, the PinePhone Pro's makers are realistic about the challenges of putting desktop Linux on a mobile device, especially in an ecosystem dominated by iOS and Android.

A new study (PDF) by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. BleepingComputer reports: The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience. The conclusion of the study is worrying for the vast majority of Android users: "With the notable exception of /e/OS, even when minimally configured and the handset is idle these vendor-customized Android variants transmit substantial amounts of information to the OS developer and also to third parties (Google, Microsoft, LinkedIn, Facebook, etc.) that have pre-installed system apps." As the summary table indicates, sensitive user data like persistent identifiers, app usage details, and telemetry information are not only shared with the device vendors, but also go to various third parties, such as Microsoft, LinkedIn, and Facebook. And to make matters worse, Google appears at the receiving end of all collected data almost across the entire table.

It is important to note that this concerns the collection of data for which there's no option to opt-out, so Android users are powerless against this type of telemetry. This is particularly concerning when smartphone vendors include third-party apps that are silently collecting data even if they're not used by the device owner, and which cannot be uninstalled. For some of the built-in system apps like miui.analytics (Xiaomi), Heytap (Realme), and Hicloud (Huawei), the researchers found that the encrypted data can sometimes be decoded, putting the data at risk to man-in-the-middle (MitM) attacks. As the study points out, even if the user resets the advertising identifiers for their Google Account on Android, the data-collection system can trivially re-link the new ID back to the same device and append it to the original tracking history. The deanonymization of users takes place using various methods, such as looking at the SIM, IMEI, location data history, IP address, network SSID, or a combination of these. In response to the report, a Google spokesperson said: "While we appreciate the work of the researchers, we disagree that this behavior is unexpected -- this is how modern smartphones work. As explained in our Google Play Services Help Center article, this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds. For example, Google Play services uses data on certified Android devices to support core device features. Collection of limited basic information, such as a device's IMEI, is necessary to deliver critical updates reliably across Android devices and apps."

An anonymous reader quotes a report from Tom's Guide: A new survey has reached a startling conclusion: iPhone apps tend to violate your privacy just as often as Android apps do. "Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied," say the academic paper entitled "Are iPhones Really Better for Privacy?" and presented by researchers from the University of Oxford. "While it has been argued that the choice of smartphone architecture might protect user privacy, no clear winner between iOS and Android emerges from our analysis," the paper adds. "Data sharing for tracking purposes was common on both platforms." There's one big caveat regarding the new study: It was conducted before the introduction of iOS 14.5 in April 2021, which made opt-in to tracking and app privacy labels mandatory on iPhones.

The researchers analyzed the code, permissions and network traffic of 12,000 randomly selected free apps from each platform that had been updated or released in 2018 or later. Each app was run on a real device, either a first-generation iPhone SE running iOS 14.2 or a Google Nexus 5 running Android 7 Nougat. They found that nearly all (89%) of the Android apps contained at least one tracking library, which was almost always Google Play Services. The numbers weren't much lower on iOS, where 79% of apps had at least one tracking library, most likely Apple's own SKADNetwork, which tracks which ads a user clicks on. However, 62% of iOS apps also ran Google's AdMob ad tracking library, followed by 54% of iOS apps (and 58% of Android apps) running Google Firebase. Facebook trackers were in 28% of Android apps and 26% of iOS ones. In fact, most apps on either platforms -- 90% of Android apps and more than 60% of iOS -- shared data with tracking companies owned by Google. Almost all tracking companies observed were based in the U.S. About 9.5% of iOS apps and 5% of Android ones used Chinese-based trackers; 7.5% of iOS apps and 2% of Android ones used Indian trackers. The team commended Apple for making it possible for iPhone users to block the temporary advertising IDs that flag your phone to advertisers, but the team also saw an ulterior motive on Apple's part. "Apple's crackdown on Ad ID use could be interpreted as an attempt to divert revenue from Google and other advertising providers, and motivate the use of alternative monetization models -- which are more lucrative for Apple," the Oxford research paper states. "Apple has arguably placed a larger emphasis on privacy, seeking to gain a competitive advantage by appealing to privacy-concerned consumers."

In a significant departure from previous years, Google today rolled out Android 12 to AOSP but did not launch any devices, including Pixel phones. "Today we're pushing the source to the Android Open Source Project (AOSP) and officially releasing the latest version of Android," [said Dave Burke, VP of Engineering, in a blog post. "Keep an eye out for Android 12 coming to a device near you starting with Pixel in the next few weeks and Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices later this year." 9to5Google reports: Traditionally, the AOSP launch of the next version of Android coincides with day one availability for Google phones. That is not the case this year, with Google only revealing that Pixel phones can expect an update in the "next few weeks." Google says over 225,000 people tested Android 12 over the course of the developer previews and betas. [...] Google officially highlights four Android 12 tentpoles for developers as part of today's AOSP availability. This starts with a "new UI for Android" that incorporates Material You (referred to today as "Material Design 3"), redesigned widgets, Notification UI updates, and App launch splash screens.

In terms of "Performance," Google says it has "reduced the CPU time used by core system services by 22% and the use of big cores by 15%." We've also improved app startup times and optimized I/O for faster app loading, and for database queries we've improved CursorWindow by as much as 49x for large windows. "More responsive notifications" are achieved by restricting notification trampolines, with Google Photos launching 34% faster after this change. Other changes include Optimized foreground services, Performance classes for devices, and Faster machine learning. "Privacy" is led by the new Settings Dashboard, the ability to only grant apps Approximate location, and a new Nearby devices permission for setting up wearables and other smart home accessories without granting location access. There are also the microphone and camera indicators/toggles. Developers can take advantage of "Better user experience tools" like new APIs to better support rounded screen corners, rich content insertion, AVIF images, enhanced haptics, and new camera/sensor effects. There's also Compatible media transcoding, better debugging, and an Android 12 for Games push.

An anonymous reader quotes a report from Ars Technica: Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn't pleased with Telegram's months-long turnaround time -- and an offered $1,159 bounty award in exchange for his silence. In February 2021, Telegram introduced a set of such auto-deletion features in its 2.6 release: Set messages to auto-delete for everyone 24 hours or 7 days after sending; Control auto-delete settings in any of your chats, as well as in groups and channels where you are an admin; and To enable auto-delete, right-click on the chat in the chat list > Clear History > Enable Auto-Delete. But in a few days, mononymous researcher Dmitrii discovered a concerning flaw in how the Telegram Android app had implemented self-destruction.

Messages that should be auto-deleted from participants in private and private group chats were only 'deleted' visually [in the messaging window], but in reality, picture messages remained on the device [in] the cache," the researcher wrote in a roughly translated blog post published last week. Tracked as CVE-2021-41861, the flaw is rather simple. In the Telegram Android app versions 7.5.0 to 7.8.0, self-destructed images remain on the device in the /Storage/Emulated/0/Telegram/Telegram Image directory after approximately two to four uses of the self-destruct feature. But the UI appears to indicate to the user that the media was properly destroyed.

But for a simple bug like this, it wasn't easy to get Telegram's attention, Dmitrii explained. The researcher contacted Telegram in early March. And after a series of emails and text correspondence between the researcher and Telegram spanning months, the company reached out to Dmitrii in September, finally confirming the existence of the bug and collaborating with the researcher during beta testing. For his efforts, Dmitrii was offered a $1,159 bug bounty reward. Since then, the researcher claims he has been ghosted by Telegram, which has given no response and no reward. "I have not received the promised reward from Telegram in [$1,159] or any other," he wrote.