Samsung on Wednesday unveiled three new foldable smartphones at a time when the company is facing increased competition from Chinese rivals such as Honor and Oppo, reports CNBC. The company's share of the global foldable phone market slipped to 45% in 2024, down from 54% a year earlier. Today's new devices include the ultra-thin Galaxy Z Fold 7, the clamshell-style Galaxy Z Flip 7, and the more affordable Flip 7 FE. Here's a breakdown of each: The Galaxy Z Fold 7 is super thin at a thickness of 8.9 millimeters (0.35 inches) closed and only 4.2 millimeters open. It's also much lighter than its predecessor, weighing 215 grams (7.62 ounces). These stats put the phone on par with both Honor's Magic V5 and the Oppo Find N5. The new Fold device has a 6.5-inch cover screen and an 8-inch main display when opened, making it bigger than its predecessor. It's also decked out with premium new cameras, featuring a 200-megapixel main lens, as well as a 10-megapixel telephoto sensor, 12-megapixel ultra-wide and two 10-megapixel front cameras on both the cover screen and on the main display.

Samsung's new Fold generation is, nevertheless, much more limited than other devices in the market when it comes to battery capacity. The Galaxy Z Fold 7 has a 4,400 milliampere-hour (mAh) battery -- far less than the 6,100 mAh power pack in Honor's Magic V5's or the Oppo Find N5's 5,600 mAh battery. Samsung says its device is capable of 24 hours of video playback.

Samsung's Galaxy Z Flip 7 is also thinner than its predecessor, coming in at 6.5 millimeters when opened flat. By contrast, the Galaxy Z Flip 6 has a depth of 6.9 millimeters when unfolded. The new phone has a 4.1-inch cover screen and a 6.9-inch main display. It comes with a 50-megapixel main camera and 12-megapixel ultra-wide sensor on the back and a 10-megapixel lens on the main display. It also has a bigger 4,300 mAh battery, which Samsung says supports 31 hours of video playtime on a single charge.

In addition to Flip 7, Samsung is also introducing a cheaper version of the phone, called the Galaxy Z Flip 7 FE, which is slightly smaller and thicker than its more premium counterpart. What about the AI features, you ask? They all include various AI-driven camera tools that can identify and suggest removal of unwanted people or objects in photos, and an audio eraser that filters out background noise in videos.

The Galaxy Z Flip 7 also integrates Gemini Live, allowing users to overlay the AI assistant during live video recordings -- for instance, to receive real-time outfit suggestions.

The Z Fold 7 starts at $1,999, and the Z Flip 7 starts at $1,099. Meanwhile, the Flip 7 FE is priced at $899.

Samsung is working on a trifold smartphone that could be unveiled at the company's July 9th Unpacked event, according to leaked animations discovered in the latest One UI 8 build update. The animations, spotted by Android Authority, reveal a three-panel device with a dual-hinge folding mechanism where the left-hand display folds inward while the right-hand display sandwiches over the top.

The device features a triple-camera setup on the rear of the right-hand panel when fully unfolded, with the central panel serving as a cover display. The animations label the device as "Multifold 7," though it is speculated to be called the "Galaxy G Fold."

A California jury has ordered Google to pay $314.6 million to Android smartphone users in the state after finding the company liable for collecting data from idle devices without permission.

The San Jose jury ruled Tuesday that Google sent and received information from phones while idle, creating "mandatory and unavoidable burdens shouldered by Android device users for Google's benefit." The 2019 class action represented an estimated 14 million Californians who argued Google consumed their cellular data for targeted advertising purposes.

Facebook now supports passkeys for login, offering users a more secure, phishing-resistant alternative to passwords by using biometrics or a PIN stored on their device. The feature is rolling out to iOS and Android "soon," while Messenger will get the feature "in the coming months." Lifehacker reports: Meta seems pretty excited about the news -- and not just because the company happens to be a member of the FIDO Alliance, the organization that developed passkeys. Aside from logging into your Facebook account, Meta says you'll be able to use passkeys to autofill your payment info when buying things with Meta Pay. You'll also be able to use the same passkey between both Facebook and Messenger, and your passkey will act as a key to lock out your encrypted Messenger chats.

Google has removed device trees and driver binaries for Pixel phones from the Android 16 source code release, significantly complicating custom ROM development for those devices. The Android-maker intentionally omitted these resources as it shifts its Android Open Source Project reference target from Pixel hardware to a virtual device called "Cuttlefish."

The change forces custom ROM developers to reverse-engineer configurations they previously received directly from Google. Nolen Johnson from LineageOS said the process will become "painful," requiring developers to "blindly guess and reverse engineer from the prebuilt binaries what changes are needed each month." Google also squashed the Pixel kernel source code's commit history, eliminating another reference point developers used for features and security patches.

Google VP Seang Chau dismissed speculation that AOSP itself is ending, stating the project "is NOT going away." However, the changes effectively bring Pixel devices down to the same difficult development level as other Android phones.

An anonymous reader shares a blog post from Google: Today, we're bringing you Android 16, rolling out first to supported Pixel devices with more phone brands to come later this year. This is the earliest Android has launched a major release in the last few years, which ensures you get the latest updates as soon as possible on your devices. Android 16 lays the foundation for our new Material 3 Expressive design, with features that make Android more accessible and easy to use.

An anonymous reader quotes a report from BleepingComputer: The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. The BADBOX botnet is commonly found on Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices. "The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," warns the FBI.

These devices come preloaded with the BADBOX 2.0 malware botnet or become infected after installing firmware updates and through malicious Android applications that sneak onto Google Play and third-party app stores. "Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process," explains the FBI. "Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services4 known to be used for malicious activity."

Once infected, the devices connect to the attacker's command and control (C2) servers, where they receive commands to execute on the compromised devices, such as [routing malicious traffic through residential IPs to obscure cybercriminal activity, performing background ad fraud to generate revenue, and launching credential-stuffing attacks using stolen login data]. Over the years, the malware botnet continued expanding until 2024, when Germany's cybersecurity agency disrupted the botnet in the country by sinkholing the communication between infected devices and the attacker's infrastructure, effectively rendering the malware useless. However, that did not stop the threat actors, with researchers saying they found the malware installed on 192,000 devices a week later. Even more concerning, the malware was found on more mainstream brands, like Yandex TVs and Hisense smartphones. Unfortunately, despite the previous disruption, the botnet continued to grow, with HUMAN's Satori Threat Intelligence stating that over 1 million consumer devices had become infected by March 2025. This new larger botnet is now being called BADBOX 2.0 to indicate a new tracking of the malware campaign. "This scheme impacted more than 1 million consumer devices. Devices connected to the BADBOX 2.0 operation included lower-price-point, 'off brand,' uncertified tablets, connected TV (CTV) boxes, digital projectors, and more," explains HUMAN.

"The infected devices are Android Open Source Project devices, not Android TV OS devices or Play Protect certified Android devices. All of these devices are manufactured in mainland China and shipped globally; indeed, HUMAN observed BADBOX 2.0-associated traffic from 222 countries and territories worldwide."

"It appears as though Meta (aka: Facebook's parent company) and Yandex have found a way to sidestep the Android Sandbox," writes Slashdot reader TheWho79. Researchers disclose the novel tracking method in a report: We found that native Android apps -- including Facebook, Instagram, and several Yandex apps including Maps and Browser -- silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites. These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets. As native apps access programmatically device identifiers like the Android Advertising ID (AAID) or handle user identities as in the case of Meta apps, this method effectively allows these organizations to link mobile browsing sessions and web cookies to user identities, hence de-anonymizing users' visiting sites embedding their scripts.

This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users' web activity.

While there are subtle differences in the way Meta and Yandex bridge web and mobile contexts and identifiers, both of them essentially misuse the unvetted access to localhost sockets. The Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs. This technique circumvents privacy protections like Incognito Mode, cookie deletion, and Android's permission model, with Meta Pixel and Yandex Metrica scripts silently communicating with apps across over 6 million websites combined.

Following public disclosure, Meta ceased using this method on June 3, 2025. Browser vendors like Chrome, Brave, Firefox, and DuckDuckGo have implemented or are developing mitigations, but a full resolution may require OS-level changes and stricter enforcement of platform policies to prevent further abuse.

Microsoft is introducing a new "Cross Device Resume" feature for Windows 11, enabling app developers to let users seamlessly continue activity between devices in a manner closely mirroring Apple's Handoff for Macs and iPhones. Unveiled at Build 2025 during a session titled "Create Seamless Cross-Device Experiences with Windows for your app," the feature was demonstrated -- before the session was quietly edited to remove this segment -- by showing Spotify playing a song on an Android phone, then surfacing the Spotify app in the Windows taskbar with a phone icon; clicking this launches Spotify on the PC at precisely the same point in the app as on the phone, preserving playback position for uninterrupted use.

Google co-founder Sergey Brin candidly addressed the failure of Google Glass during an unscheduled appearance at Tuesday's Google I/O conference, where the company announced a new smart glasses partnership with Warby Parker. "I definitely feel like I made a lot of mistakes with Google Glass, I'll be honest," Brin said.

He noted several key issues that doomed the $1,500 device launched in 2013, including a conspicuous front-facing camera that sparked privacy concerns. "Now it looks like normal glasses without that thing in front," Brin said of the new design. He also blamed the "technology gap" that existed a decade ago and his own inexperience with supply chains that prevented pricing the original Glass competitively.

Google has launched the NotebookLM app for Android and iOS, offering a native mobile experience with offline support, audio overviews, and integration into the system share sheet for adding sources like PDFs and YouTube videos. 9to5Google reports: This native experience starts on a homepage of your notebooks with filters at the top for Recent, Shared, Title, and Downloaded. The app features a light and dark mode based on your device's system theme with no manual toggle. Each colorful card features the notebook name, emoji, number of sources, and date, as well as a play button for Audio Overviews. There's background playback and offline support for the podcast-style experience (the fullscreen player has a nice glow), while you can "Join" the AI hosts (in beta) to ask follow-up questions.

You get a "Create new" button at the bottom of the list to add PDFs, websites, YouTube videos, and text. Notably, the NotebookLM app will appear in the Android and iOS share sheet to quickly add sources. When you open a notebook, there's a bottom bar for the list of Sources, Chat Q&A, and Studio. It's similar to the current mobile website, with the native client letting users ditch the Progressive Web App. Out of the gate, there are phone and (straightforward) tablet interfaces. You can download the app for iOS and Android using their respective links.

Google is enhancing Android's Factory Reset Protection (FRP) to make stolen phones virtually unusable by detecting setup wizard bypasses and requiring a second factory reset until ownership is verified. Android Authority reports: You can factory reset an Android phone in several ways. However, triggering a reset through the Android recovery menu or Google's Find My Device service activates Factory Reset Protection (FRP). During setup after such a reset, the wizard requires you to verify ownership by either signing into the previously associated Google account or entering the device's former lock screen PIN, password, or pattern. Failing this verification step blocks setup completion, rendering the device unusable. [...]

Factory Reset Protection (FRP) is a valuable feature that discourages theft by rendering stolen Android phones useless to potential buyers if wiped improperly. However, FRP isn't foolproof; thieves have discovered numerous methods over the years to circumvent it. These bypasses typically involve skipping the setup wizard, allowing someone to use the phone without entering the previous owner's Google account details or screen lock.

During The Android Show: I/O Edition, Google announced plans to "further harden Factory Reset protections, which will restrict all functionalities on devices that are reset without the owner's authorization." While the company didn't elaborate much, a screenshot it shared suggests that Android will likely detect if someone bypasses the setup wizard and then force another factory reset, preventing unauthorized use until the user proves ownership. [...] Google stated this FRP improvement is coming "later this year." Since the stable Android 16 release is coming soon, this timeline suggests the feature won't be part of the initial launch. It might arrive later in one of Android 16's Quarterly Platform Releases (QPRs), but that remains to be seen.

LG will permanently shut down its Android smartphone update servers on June 30, 2025, ending all software, app, and security updates for its devices. If you're still using an smartphone, you'll want to install any remaining updates before that date, as no future updates will be available afterward. 9to5Google reports: When LG called it quits for Android smartphones, the company also committed to a few more updates. That included an Android 12 update for select devices, the last major update the company would put out, as well as security updates for at least three years after each device had been released. That three-year cutoff has long since passed for all LG devices, but any devices still floating around out there will soon no longer be able to pull updates. LG's notice can be read here.

ZDNet's reviewer says "I tested this affordable E Ink phone for two weeks, and it rewired my brain (for the better)." It's Mudita's new Kompakt smartphone with a two-color E Ink display — which ZDNet calls "an affordable choice" for those "considering investing in a so-called 'dumbphone'..." Compared to modern smartphones, the Mudita Kompakt is a bit chunky at half an inch thick and five inches long. It's still rather light, though, weighing just 164 grams and covered in soft touch material, so it feels good in the hand. The bezels around the 4.3-inch display are rather large, with three touch-sensitive buttons for back, home, and quick settings, so navigating to key elements is intuitive, whether you're coming from Android or iOS.

The phone features a fingerprint sensor to lock and unlock, and it's housed on the power button in the middle of the right side. I'm a huge fan of consolidating these two purposes to the same button, and it works flawlessly.... You can charge via the USB-C, but surprisingly, it also supports wireless charging. All in all, the battery is quite good. Mudita says it can last for up to six days on standby, with around two days of standard use. In my testing, I found this to be about accurate.

On the left side of the device is a button that houses one of its key features: offline mode. Switching to this mode disables all wireless connectivity and support for the camera, so it truly becomes distraction-free.. [T]here is undoubtedly some lag in certain apps — such as the camera — due to the E Ink display technology and processor/RAM specifications. You will also likely notice some lag in text messaging if you tap quickly on the keyboard, often resulting in getting ahead of the spell-checking feature. As far as apps go, in addition to phone calls and text messages, the Kompakt includes an alarm, calculator, chess game, maps, meditation, weather, and a voice recorder.
Phone calls "sounded great on both ends," according to the review. (And text messaging "works well if you don't tap too quickly on the keyboard.") But the 8MP camera produced photos "that look like they were taken over ten years ago." (And accessing the internal storage "requires connecting to a Windows PC and launching File Explorer," although "you can also just share photos via text messaging, as it's much faster than using a computer.") But ZDNet calls it an "attractive — if very simplified — E Ink display."

Mudita is asking $369 now for preorder customers, according to the article, while the phone will be available in May for $439.

An anonymous reader quotes a report from Ars Technica: Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. The malware is hidden inside a modified app for Alpine Quest mapping software, which is used by, among others, hunters, athletes, and Russian personnel stationed in the war zone in Ukraine. The app displays various topographical maps for use online and offline. The trojanized Alpine Quest app is being pushed on a dedicated Telegram channel and in unofficial Android app repositories. The chief selling point of the trojanized app is that it provides a free version of Alpine Quest Pro, which is usually available only to paying users.

The malicious module is named Android.Spy.1292.origin. In a blog post, researchers at Russia-based security firm Dr.Web wrote: "Because Android.Spy.1292.origin is embedded into a copy of the genuine app, it looks and operates as the original, which allows it to stay undetected and execute malicious tasks for longer periods of time. Each time it is launched, the trojan collects and sends the following data to the C&C server:

- the user's mobile phone number and their accounts;
- contacts from the phonebook;
- the current date;
- the current geolocation;
- information about the files stored on the device;
- the app's version."

If there are files of interest to the threat actors, they can update the app with a module that steals them. The threat actors behind Android.Spy.1292.origin are particularly interested in confidential documents sent over Telegram and WhatsApp. They also show interest in the file locLog, the location log created by Alpine Quest. The modular design of the app makes it possible for it to receive additional updates that expand its capabilities even further.

Amazon plans to release its first TV streaming device powered by Vega OS later this year while courting major publishers to bring their apps to the platform, according to Lowpass, which cites sources familiar with the company's plans and multiple leaks.

Vega, a Linux-based operating system, may eventually replace Amazon's Android-based Fire OS across its device ecosystem. The company has already implemented Vega in three products: the Echo Show 5 and Echo Hub smart displays, as well as the Echo Spot smart clock/speaker. The tech giant has moved more cautiously in transitioning its TV hardware to Vega, having previously delayed a Vega-powered streaming stick originally slated for release in late 2024.

An anonymous reader shares a report: A silent update rolling out to virtually all Android devices will make your phone more secure, and all you have to do is not touch it for a few days. The new feature implements auto-restart of a locked device, which will keep your personal data more secure. It's coming as part of a Google Play Services update, though, so there's nothing you can do to speed along the process.

Google is preparing to release a new update to Play Services (v25.14), which brings a raft of tweaks and improvements to myriad system features. First spotted by 9to5Google, the update was officially released on April 14, but as with all Play Services updates, it could take a week or more to reach all devices. When 25.14 arrives, Android devices will see a few minor improvements, including prettier settings screens, improved connection with cars and watches, and content previews when using Quick Share.

Google is rolling out new AI-powered features across Maps, Search, and Hotels to simplify travel planning, including a screenshot-detection tool in Maps that identifies and saves locations mentioned in image text. The Verge reports: Once the new screenshot list is enabled in Maps, the Gemini-powered feature will detect places that are mentioned in text within screenshots on the device, show users the locations on the map, and allow them to review and save locations to a sharable list. The screenshot list feature will start rolling out in English this week to iOS users in the US, with Android support "coming soon."

AI Overviews for Google Search are also being updated to expand travel planning tools, with itinerary-building features rolling out in English to mobile and desktop devices in the US this week that can create trip ideas for "distinct regions or entire countries." Users can use terms like "create a vacation itinerary for Greece that focuses on history" to explore reviews and photos from other users alongside a map of location recommendations, which can be saved to Google Maps or exported to Docs or Gmail.

On March 9, older Chromecast and Chromecast Audio devices stopped working due to an expired device authentication certificate authority that made them untrusted by Google's apps. While unofficial apps like VLC continue to function, Google's fix will require either updating client apps to bypass the issue or replacing the expired certificates, a process that could take weeks; however, Google has since announced it is beginning a gradual rollout of a fix. The Register reports: Tom Hebb, a former Meta software engineer and Chromecast hacker, has published a detailed analysis of the issue and suggests a fix could take more than a month to prepare. He's also provided workarounds here for folks to try in the meantime. We spoke to Hebb, and he says the problem is this expired device authentication certificate authority. [...] The fix is not simple. It's either going to involve a bit of a hack with updated client apps to accept or workaround the situation, or somehow someone will need to replace all the key pairs shipped with the devices with ones that use a new valid certificate authority. And getting the new keys onto devices will be a pain as, for instance, some have been factory reset and can't be initialized by a Google application because the bundled cert is untrusted, meaning the client software needs to be updated anyway.

Given that the product family has been discontinued, teams will need to be pulled together to address this blunder. And it does appear to be a blunder rather than planned or remotely triggered obsolescence; earlier Chromecasts have a longer certificate validity, of 20 years rather than 10. "Google will either need to put in over a month of effort to build and test a new Chromecast update to renew the expired certificates, or they will have to coordinate internally between what's left of the Chromecast team, the Android team, the Chrome team, the Google Home team, and iOS app developers to push out new releases, which almost always take several days to build and test," Hebb explained. "I expect them to do the latter. A server-side fix is not possible."

So either a week or so to rush out app-side updates to tackle the problem, or much longer to fix the problem with replaced certs. Polish security researcher Maciej Mensfeld also believes the outage is most likely due to an expired device authentication certificate authority. He's proposed a workaround that has helped some users, at least. Hebb, meanwhile, warns more certificate authority expiry pain is looming, with the Chromecast Ultra and Google Home running out in March next year, and the Google Home Mini in January 2027.

Google has introduced a Debian Linux terminal app for Android in its ongoing effort to transform Android into a versatile desktop OS. It's initially available on Pixel devices running Android 15 but will be expanded to "all sufficiently robust Android phones" when Android 16 arrives later this year," writes ZDNet's Steven Vaughan-Nichols. An anonymous reader shares an excerpt from the report: Today, Linux is only available on the latest Pixel devices running Android 15. When Android 16 arrives later this year, it's expected that all sufficiently robust Android phones will be able to run Linux. Besides a Linux terminal, beta tests have already shown that you should be able to run desktop Linux programs from your phone -- games like Doom, for example. The Linux Terminal runs on top of a Debian Linux virtual machine. This enables you to access a shell interface directly on your Android device. And that just scratches the surface of Google's Linux Terminal. It's actually a do-it-all app that enables you to download, configure, and run Debian. Underneath Terminal runs the Android Virtualization Framework (AVF). These are the APIs that enable Android devices to run other operating systems.

To try the Linux Terminal app, you must activate Developer Mode by navigating to Settings - About Phone and tapping the build number seven times. I guess Google wants to make sure you want to do this. Once Developer Mode is enabled, the app can be activated via Settings - System - Developer options - Linux development environment. The initial setup may take a while because it needs to download Debian. Typically this is a 500MB download. Once in place, it allows you to adjust disk space allocation, set port controls for network communication, and recover the virtual machine's storage partition. However, it currently lacks support for graphical user interface (GUI) applications. For that, we'll need to wait for Android 16.

According to Android specialist Mishaal Rahman, 'Google wants to turn Android into a proper desktop operating system, and in order to do that, it has to make it work better with traditional PC input methods and display options. Therefore, Google is now testing new external display management tools in Android 16 that bring Android closer to other desktop OSes.'