As the ecological disaster continues, CNN reports the Palisades Fire near Malibu, California has burned at least 22,660 acres, left 100,000 peope under evacuation orders, left at least 11 people dead and "destroyed thousands of homes and other structures." From the last reports it was only 11% contained, and "flames are now spreading east in the Mandeville Canyon area, approaching Interstate 405, one of LA's busiest freeways."

But the Atlantic's assistant editor wrote Friday that "I have received 11 alerts. As far as I can tell, they were all sent in error." My home is not in a mandatory evacuation zone or even a warning zone. It is, or is supposed to be, safe. Yet my family's phones keep blaring with evacuation notices, as they move in and out of service....

Earlier today, Kevin McGowan, the director of Los Angeles County's emergency-management office, acknowledged at a press conference that officials knew alerts like these had gone out, acknowledged some of them were wrong, and still had no idea why, or how to keep it from happening again. The office did not immediately respond to a request for comment, but shortly after this article was published, the office released a statement offering a preliminary assessment that the false alerts were sent "due to issues with telecommunications systems, likely due to the fires' impacts on cellular towers" and announcing that the county's emergency notifications would switch to being managed through California's state alert system...

The fifth, sixth, and seventh evacuation warnings came through at around 6 a.m. — on my phone.
At the same time a Los Angeles-area couple "spent two hours watching a live stream of flames closing in on their home," reports the Washington Post, and at one point "saw firefighters come through the house and extinguish flames in the backyard." At around 4:30 p.m. Eastern time on Tuesday, the camera feeds gave out and the updates from their security system stopped. About four hours later, [Zibby] Owens's husband got an alert on his cellphone that the indoor sprinkler system had gone off and the fire alarm had been activated. They do not know the current status of their home, Owens said on Tuesday.

Real estate agent Shana Tavangarian Soboroff said in a phone interview Thursday that one set of clients had followed their Pacific Palisades home's ordeal this week in a foreboding play-by-play of text alerts from an ADT security system. The system first detected smoke, then motion, next that doors had been opened, and finally fire alerts before the system lost communication. Their home's destruction was later confirmed when someone returned to the neighborhood and recorded video, Tavangarian Soboroff said.
Soboroff also lost her home in the fire, the article adds. Burned to the ground are "the places where people raised their kids," Zibby Owens wrote in this update posted Friday. But "even if my one home, or 'structure' as newscasters call it, happens to be mostly OK, I've still lost something I loved more than anything. We've all lost it... [M]y heart and soul are aching across the country as I sit alone in my office and try to make sense of the devastation." [I]t isn't about our house.

It's about our life.

Our feelings. Our community. Our memories. Our beloved stores, restaurants, streets, sidewalks, neighbors. It's about the homes where we sat at friends' kitchen tables and played Uno, celebrated their birthdays, and truly connected.

It's all gone... [E]very single person I know and so many I don't who live in the Palisades have lost everything. Not just one or two friends. Everyone.

And then I saw video footage of our beloved village. The yogurt shop and Beach Street? Gone. Paliskates, our kids' favorite store? Gone. Burned to the ground.

Gelson's grocery store, where we just recently picked up the New York Post and groceries for the break? Gone...

The. Whole. Town.

How? How is it possible?

How could everyone have lost everything? Schools, homes, power, cell service, cars, everything. All their belongings...

All the schools, gone. It's unthinkable....

I've worked in the local library and watched the July 4 parade from streets that are now smoldering embers...

It is an unspeakable loss.
"Everyone I know in the Palisades has lost all of their possessions," the author writes, publishing what appear to be text messages from friends.

"It's gone."
"We lost everything."
"Nothing left."
"We lost it."

More than half-a-dozen VPN apps, including Cloudflare's widely-used 1.1.1.1, have been pulled from India's Apple App Store and Google Play Store following intervention from government authorities, TechCrunch reported Friday. From the report: The Indian Ministry of Home Affairs issued removal orders for the apps, according to a document reviewed by TechCrunch and a disclosure made by Google to Lumen, Harvard University's database that tracks government takedown requests globally.

Google's app store claims that their text-messaging app Google Messages means "conversations are end-to-end encrypted".

"That is some serious bullshit," argues tech blogger John Gruber: It's shamefully misleading regarding Google Messages's support for end-to-end encryption... Google Messages does support end-to-end encryption, but only over RCS and only if all participants in the chat are using a recent version of Google Messages. But the second screenshot in the Play Store listing flatly declares "Conversations are end-to-end encrypted", full stop...

I realize that "Some conversations are end-to-end encrypted" will naturally spur curiosity regarding which conversations are encrypted and which aren't, but that's the truth. And users of the app should be aware of that. "RCS conversations with other Google Messages users are encrypted" would work.

Then, in the "report card" section of the listing, it states the following:

Data is encrypted in transit
Your data is transferred over a secure connection

Which, again, is only true sometimes. It's downright fraudulent to describe Google Messages's transit security this way.... [D]epending who you communicate with — iPhone users, Android users with old devices, Android users who use other text messaging apps — it's quite likely most of your messages won't be secure... E2EE is never available for SMS, and never available if a participant in the chat is using any RCS client (on Android or Apple Messages) other than Google Messages. That's an essential distinction that should be made clear, not obfuscated.
Gruber's earlier blog post had pointed out that the RCS standard "has no encryption; E2EE RCS chats in Google Messages use Google's proprietary extension and are exclusive to the Google Messages app, so RCS chats between Google Messages and other apps, most conspicuously Apple Messages, are not encrypted."

And in his newer post, Gruber adds, "While I'm at it, it's also embarrassing that Google Voice has no support for RCS at all. It's Google's own app and service, and Google has been the world's most vocal proponent of RCS messaging."

According to Bloomberg, the U.S. Justice Department wants Google to sell off its Chrome browser as part of its ongoing search monopoly case. The recommendations will be made official on Wednesday. 9to5Google reports: At the top of the list is having Google sell Chrome "because it represents a key access point through which many people use its search engine." There are many questions about how that works, including what the impact on the underlying Chromium codebase would be. Would Google still be allowed to develop the open-source project by which many other browsers, like Microsoft Edge use? "The government has the option to decide whether a Chrome sale is necessary at a later date if some of the other aspects of the remedy create a more competitive market," reports Bloomberg. Google, which plans to appeal, previously said that "splitting off Chrome or Android would break them."

Bloomberg reports that "antitrust officials pulled back from a more severe option that would have forced Google to sell off Android." However, the government wants Google to "uncouple its Android smartphone operating system from its other products, including search and its Google Play mobile app store, which are now sold as a bundle." Meanwhile, other recommendations include licensing Google Search data and results, as well as allowing websites that are indexed for Search to opt out of AI training.

Google is rolling out a dedicated weather app on Pixel phones (model 6 and newer with Android 15) that integrates AI-generated summaries and customizable widgets. Ars Technica reports: There's a prominent "AI generated weather report" on top of the weather stack, which is a combination of summary and familiarity. "Cold and rainy day, bring your umbrella and hold onto your hat!" is Google's example; I can't provide another one, because an update to "Gemini Nano" is pending. You can see weather radar for your location, along with forecasted precipitation movement. The app offers "Nowcasting" precipitation guesses, like "Rain continuing for 2 hours" or "Light rain in 10 minutes."

The best feature, one seen on the version of Weather that shipped to the Pixel Tablet and Fold, is that you can rearrange the order of data shown on your weather screen. I moved the UV index, humidity, sunrise/sunset, and wind conditions as high as they could go on my setup. It's a trade-off, because the Weather app's data widgets are so big as to require scrolling to get the full picture of a day, and you can't move the AI summary or 10-day forecast off the top. But if you only need a few numbers and like a verbal summary, it's handy. Sadly, if you're an allergy sufferer and you're not in the UK, Germany, France, or Italy, Google can't offer you any pollen data or forecasts. There is also, I am sad to say, no frog. You can download the app here.

The Register's Laura Dobberstein reports: Huawei formally launched its home-brewed operating system, HarmonyOS NEXT, on Wednesday, marking its official separation from the Android ecosystem. Huawei declared it released and "officially started public beta testing" of the OS for some of its smartphones and tablets that run its own Kirin and Kunpeng chips.

Unlike previous iterations of HarmonyOS, HarmonyOS NEXT no longer supports Android apps. Huawei maintains top Chinese outfits aren't deterred by that. It cited Meituan, Douyin, Taobao, Xiaohongshu, Alipay, and JD.com as among those who have developed native apps for the OS. In case you're not familiar, they're China's top shopping, payment, and social media apps.

Huawei also claimed that at the time of its announcement, over 15,000 HarmonyOS native applications and meta-services were also launched. That's a nice number, but well short of the millions of apps found on the Google Play Store and Apple's App Store. The Chinese tech player also revealed that the operating system has 110 million lines of code and claimed it improves the overall performance of mobile devices running it by 30 percent. It also purportedly increases battery life by 56 minutes and leaves an average of 1.5GB of memory for purposes other than running the OS.

Analogue, a retro gaming company, is releasing a hardware-emulated Nintendo 64 console that can play every N64 game in 4K resolution. TechCrunch reports: Analogue, as is its habit, spent years meticulously re-engineering the N64 in FPGA form -- basically, this means that the new 3D console is, in several important ways, indistinguishable from the original hardware. One hundred percent compatibility with the console's game library is the most obvious one, meaning every single N64 cartridge works with this thing. Perhaps the bigger challenge with the N64, as with many other consoles of that era, is how it produces an image.

The N64 put out an analog video signal intended for display on interlaced CRT displays -- something that directly influenced the gameplay and art styles of countless games for the platform. Many retro games simply look bad on modern high-resolution displays not because they are dated or the art is insufficient, but because the display techs are fundamentally different.

To that end, Analogue has built in a native upscaler that, rather than cleaning up and digitizing the analog video output of the original system (as some upscalers do, with varying degrees of success), produces a natively digital, 4K signal with imitation CRT artifacts and scanlines. This is something they pioneered early on and produced several versions of to reproduce accurate phosphors and display modes for the multi-system Analogue Pocket. [...] The result is simply that games ought to look how you remembered them, which is to say probably a sight better than they actually looked. The Analogue 3D is available for pre-order at 8am PDT on October 21. It's priced at $250.

Fourteen years after it debuted on PS3 and Xbox 360, and endless rumors later, Red Dead Redemption is finally coming to PC. From a report: It will hit the Rockstar Store, Steam and the Epic Games Store on October 29 with the Undead Nightmare standalone expansion included. Developer Double Eleven helped Rockstar with the port, which has many of the bells and whistles you'd come to expect from a PC version of a classic. Rockstar says RDR will run at up to 144Hz (no unlocked framerates, sadly) in a native 4K resolution if you have capable hardware. There's support for HDR 10 along with Ultrawide (21:9) and Super Ultrawide (32:9) monitors. You'll be able to play with a keyboard and mouse too.

A U.S. federal judge has mandated significant changes to Google's Android app store operations. Judge James Donato's ruling in Epic v. Google requires Google to allow rival app stores within its Play Store and grant them access to its app catalog for three years, beginning November 2024.

The order prohibits Google from requiring its payment system for Play Store apps and permits developers to inform users about alternative payment methods. Google is also barred from offering incentives for app launch exclusivity or sharing app revenue with potential app store competitors. The ruling restricts Google from providing financial perks to device makers and carriers for Play Store exclusivity.

An anonymous reader shared this post from the blog It's FOSS It has been more than two years since K-9 Mail (an open-source email client for Android) joined the Mozilla Thunderbird project. Instead of making a new mobile app from scratch, Mozilla decided to convert K-9 Mail slowly into the new Thunderbird Android app.

While we have known about it for some time now, we finally have something to test: Thunderbird for Android (Beta). Mozilla is looking for users to test it and plans a stable release at the end of October. The new Thunderbird app is now available on the Play Store as a beta version for user testing. So, we are closer to the stable launch than ever before.
The article includes a few screenshots of the app...

"For the functionality side, you can expect things like light/dark theme, email signature, unified inbox, ability to enable/disable contact pictures, threaded view, and opt out of data usage collection for privacy..."

"Pig Butchering Alert: Fraudulent Trading App targeted iOS and Android users."

That's the title of a new report released this week by cybersecurity company Group-IB revealing the official Apple App Store and Google Play store offered apps that were actually one part of a larger fraud campaign. "To complete the scam, the victim is asked to fund their account... After a few seemingly successful trades, the victim is persuaded to invest more and more money. The account balance appears to grow rapidly. However, when the victim attempts to withdraw funds, they are unable to do so."

Forbes reports: Group-IB determined that the frauds would begin with a period of social engineering reconnaissance and entrapment, during which the trust of the potential victim was gained through either a dating app, social media app or even a cold call. The attackers spent weeks on each target. Only when this "fattening up" process had reached a certain point would the fraudsters make their next move: recommending they download the trading app from the official App Store concerned.

When it comes to the iOS app, which is the one that the report focussed on, Group-IB researchers said that the app remained on the App Store for several weeks before being removed, at which point the fraudsters switched to phishing websites to distribute both iOS and Android apps. The use of official app stores, albeit only fleetingly as Apple and Google removed the fake apps in due course, bestowed a sense of authenticity to the operation as people put trust in both the Apple and Google ecosystems to protect them from potentially dangerous apps.
"The use of web-based applications further conceals the malicious activity," according to the researchers, "and makes detection more difficult." [A]fter the download is complete, the application cannot be launched immediately. The victim is then instructed by the cybercriminals to manually trust the Enterprise developer profile. Once this step is completed, the fraudulent application becomes operational... Once a user registers with the fraudulent application, they are tricked into completing several steps. First, they are asked to upload identification documents, such as an ID card or passport. Next, the user is asked to provide personal information, followed by job-related details...

The first discovered application, distributed through the Apple App Store, functions as a downloader, merely retrieving and displaying a web-app URL. In contrast, the second application, downloaded from phishing websites, already contains the web-app within its assets. We believe this approach was deliberate, since the first app was available in the official store, and the cybercriminals likely sought to minimise the risk of detection. As previously noted, the app posed as a tool for mathematical formulas, and including personal trading accounts within an iOS app would have raised immediate suspicion.
The app (which only runs on mobile phones) first launches a fake activity with formulas and graphics, according to the researchers. "We assume that this condition must bypass Apple's checks before being published to the store. As we can see, this simple trick allows cybercriminals to upload their fraudulent application to the Apple Store." They argue their research "reinforces the need for continued review of app store submissions to prevent such scams from reaching unsuspecting victims". But it also highlights "the importance of vigilance and end-user education, even when dealing with seemingly trustworthy apps..."

"Our investigation began with an analysis of Android applications at the request of our client. The client reported that a user had been tricked into installing the application as part of a stock investment scam. During our research, we uncovered a list of similar fraudulent applications, one of which was available on the Google Play Store. These apps were designed to display stock-related news and articles, giving them a false sense of legitimacy."

An anonymous reader quotes a report from 404 Media: Somewhere over the streets of San Francisco's Mission, a microphone sits surveilling ... for banger songs. Bop Spotter is a project by technologist Riley Walz in which he has hidden an Android phone in a box on a pole, rigged it to be solar powered, and has set it to record audio and periodically sends it to Shazam's API to determine which songs people are playing in public. Walz describes it as ShotSpotter, but for music. "This is culture surveillance. No one notices, no one consents. But it's not about catching criminals," Walz's website reads. "It's about catching vibes. A constant feed of what's popping off in real-time."

ShotSpotter, of course, is the microphone-based, "gunshot detection" surveillance company that cities around the country have spent millions of dollars on. ShotSpotter is often inaccurate, and sometimes detects things like fireworks or a car backfiring as gunshots. Chicago, one of ShotSpotter's biggest clients, is finally allowing its contract with the company to end. Bop Spotter, on the other hand, is designed to figure out what cool music people are blasting from their cars or as they walk down the street. "I am a chronic Shazam-er. Most songs I listen to come from first hearing them at a party, store, or on the street," Walz told 404 Media. "Years ago I had the thought that it'd be cool to Shazam 24/7 from a fixed location, and I recently learned about ShotSpotter, and thought it'd be amusing to do what they do with music instead of gunshots. Was a great weekend project."

Walz said that the phone itself is rigged to a solar panel, and that it records audio in 10-minute blocks while in airplane mode. "Then it connects to WiFi to send the file to my server, which then split it into 20-second chunks that get passed to Shazam's API. The device doesn't Shazam directly, that would use way too much power. Probably $100 of parts," he said. BopSpotter's website has a constant feed of songs it hears, as well as links to play the songs in Spotify or Apple Music. As I'm writing this, BopSpotter has picked up "Not Like Us" by Kendrick Lamar, "The Next Episode" by Dr. Dre, and "Never Gonna Give You Up" by Rick Astley (a Rick Roll already?) among dozens of songs in the last few hours. The site also has a constant feed of the device's power levels. So far in three days, it has detected 380 songs. "I thought the solar panel would be annoying but it provides 4 times more power than the phone needs," Walz said. "The hardest part was scoping out which pole to actually put it up on. I had to balance finding a busy location where lots of music could be picked up, with enough sunlight, and good connection to a public wifi network."

Walz didn't say where exactly the phone is located.

Gemini Live is rolling out its Live Voice Mode for all Android users, allowing them to hold real-time, interactive voice conversations with Gemini. "Previously locked into conventional text-based input and responses, Gemini Live Voice Mode gives hands-free ways to explore ideas, brainstorm, and talk through topics in real-time," reports Tom's Guide. From the report: This new voice feature is integrated into the Android Gemini app, so users need to update their app or download it from the Google Play Store if they haven't already done so. Once installed, users can turn on Live Voice Mode and start talking directly to Gemini. Do you want to get your thoughts sorted out or chat? It's fast and interactive, and no typing is required in this mode.

Users can have voice conversations on virtually anything. Suppose one is stuck with a complex project and needs a fresh perspective or researching a new hobby or course of study and wants to flesh out the subject by talking it out with Gemini. It promises to offer rich insight and ideas through conversation so that one's productivity and creativity are enhanced in ways that, up until now, have been possible only with human dialogue. [...]

The main advantage of Gemini Live Voice Mode is that it is interactive. A voice assistant would respond to a question you pose in voice, while with the live voice mode in Gemini, the dialogue sounds and feels more natural, with a tone that takes on that of the discussion and facilitates a back-and-forth interaction style. You can ask follow-up questions, clarify misunderstandings, or refine your ideas as you speak, making it more like a collaboration than a simple Q&A.

Mobile video game phenomenon Flappy Bird is set to return 10 years after its creator pulled it offline. From a report: In 2014, Vietnam-based developer Dong Nguyen shocked the gaming world when he pulled viral hit Flappy Bird from the App Store and the Google Play Store at a time when it was making tens of thousands of dollars a day. He went on to say: "I can call Flappy Bird a success of mine. But it also ruins my simple life. So now I hate it."

Now, Flappy Bird is set to return, with an expanded version aiming for launch by the end of October across multiple platforms including web browsers, and an iOS and Android version planned for release in 2025. But this new Flappy Bird isn't from Nguyen, it's from 'The Flappy Bird Foundation,' which is described as "a new team of passionate fans committed to sharing the game with the world."
UPDATE (9/15/2024): The original creator of Flappy Bird returned to social media after a seven-year silence just to disavow the resurrected game -- and its possible ties to cryptocurrency. PC Gamer also digs into exactly how the Flappy Bird trademark was acquired.

Android Authority's Mishaal Rahman reports: There are many reasons why you may want to sideload apps on your Android phone, but there are also good reasons why developers would want to block sideloading. A sideloaded app won't contribute to the developer's Play Store metrics, for one, but it also prevents the developer from curating which devices can use their app. Improperly sideloaded apps can also crash due to missing assets or code, or they might be missing certain features because you installed the wrong version for your device. Whatever the reason may be, developers who want to stop you from sideloading their apps now have an easier way to do so thanks to the Play Integrity API.

The Google Play Integrity API is an interface that helps developers "check that interactions and server requests are coming from [their] genuine app binary running on a genuine Android device." It looks for evidence that the app has been tampered with, that the app is running in an "untrustworthy" software environment, that the device has Google Play Protect enabled, and more. If you've heard of or dealt with SafetyNet Attestation before on a rooted phone, then you're probably already familiar with Play Integrity, even if not by that name. Play Integrity is the successor to SafetyNet Attestation, only it comes with even more features for developers.

As is the case with SafetyNet Attestation, developers call the Play Integrity API at any point in their app, receive what's called an integrity verdict, and then decide what they want to do from there. Some apps call the Play Integrity API when they launch and block access entirely depending on what the verdict is, while others only call the API when you're about to perform a sensitive action, so they can warn you that you shouldn't proceed. The Play Integrity API makes it easy for apps to offload the determination of whether the device and its software environment are "genuine," and with the latest update to the API, apps can now easily determine whether the person who installed them is "genuine" as well. "As Google continues to bolster Play Integrity's detection mechanisms and add new features, it's going to become harder and harder for power users to justify rooting Android," concludes Rahman. "At the same time, regular users will be better protected from potentially risky and fraudulent interactions, so it's clear that Play Integrity will continue to be adopted by more and more apps."

"Solar farms could blanket millions of acres in the United States over the coming decades," writes the New York Times.

But "the sites that capture that energy take up land that wildlife needs to survive and thrive." "We have to address both challenges at the same exact time," said Rebecca Hernandez, a professor of ecology at the University of California, Davis, whose research focuses on how to do just that. Insects, those small animals that play a mighty role in supporting life on Earth, are facing alarming declines. Solar farms can offer them food and shelter by providing a diverse mix of native plants. Such plants can also decrease erosion, nourish the soil and store planet-warming carbon. They can also attract insects that improve pollination of nearby crops...

On a recent morning at the solar meadow in Ramsey, it was time to count insects... In solar pollinator habitat, Minnesota was an early leader among states. Since 2017, funded by the Department of Energy, Lee Walston [a landscape ecologist at Argonne National Laboratory] has been studying sites there and throughout the Midwest. "If you build it, will they come?" he asks in his research. So far, the answer is a resounding yes, if you grow the right plants. In a study published late last year, his team found that insect abundance had tripled over five years on test plots at two other Minnesota solar sites. The abundance of native bees grew twentyfold. The results come amid a global decline of wildlife that leaders are struggling to address.

Some of the most well-known insect species are in trouble: Later this year, the federal government is expected to rule on whether to place monarch butterflies on the Endangered Species List. North American birds, for their part, are down almost 30% since 1970. But at this site, called Anoka County Solar, acoustic monitoring has documented 73 species of birds, presumably attracted by the buffet of seeds and insects. Some build nests in the structures supporting the panels. Mammals are showing up, too... What makes this meadow possible is the height of the panels. A prairie restoration firm had told ENGIE, the owner and developer, that taller panels would allow for a sharp increase in native vegetation species, providing much more ecological diversity, said John Gantner, the director of engineering and delivery for ENGIE's smaller-scale sites. The price of the additional steel and the native seeds were "insignificant to the overall project cost," Gantner said. Over the life of the project, ENGIE has found, pollinator-friendly landscaping actually saves money because it needs far less mowing...

Nationwide, it's unclear what portion of solar farms include any kind of pollinator habitat. The federal project that Walston is part of has a running rough count of just under 24,000 acres. That's compared with about 600,000 acres of currently operating large-scale sites across the country, according to the Solar Energy Industries Association, with a sharp increase expected over the next couple decades.
The article adds that it also helps develoipers get their projects approved "at a time when communities are increasingly wary of vast solar farms. Developers are taking note..."

Others have also suggested "agrivoltaics" — where farming land is also used for generating renewable energy.

The Google Play Store is now rolling out support for downloading up to three Android app updates simultaneously, addressing a long-standing limitation where apps could only be downloaded one at a time. 9to5Google reports: We're seeing simultaneous app update downloads working in the Google Play Store today across multiple devices, and a few of our readers are seeing the same behavior this week as well. It's unclear if this is a server-side change on Google's part or an update to the Play Store itself, but the functionality is much appreciated. As far as we can tell, you can download up to three app updates at once through the Play Store. The apps will start to download, with only anything beyond three showing the "Pending" status that we're all so used to seeing in the Play Store. This matches the App Store on iOS which can also download up to three apps at once. The same limit of three also now applies to new app installs, which was previously limited to two at a time.

A recent indictment (PDF) of an Alaska man stands out due to the sophisticated use of multiple encrypted communication tools, privacy-focused apps, and dark web technology. "I've never seen anyone who, when arrested, had three Samsung Galaxy phones filled with 'tens of thousands of videos and images' depicting CSAM, all of it hidden behind a secrecy-focused, password-protected app called 'Calculator Photo Vault,'" writes Ars Technica's Nate Anderson. "Nor have I seen anyone arrested for CSAM having used all of the following: [Potato Chat, Enigma, nandbox, Telegram, TOR, Mega NZ, and web-based generative AI tools/chatbots]." An anonymous reader shares the report: According to the government, Seth Herrera not only used all of these tools to store and download CSAM, but he also created his own -- and in two disturbing varieties. First, he allegedly recorded nude minor children himself and later "zoomed in on and enhanced those images using AI-powered technology." Secondly, he took this imagery he had created and then "turned to AI chatbots to ensure these minor victims would be depicted as if they had engaged in the type of sexual contact he wanted to see." In other words, he created fake AI CSAM -- but using imagery of real kids.

The material was allegedly stored behind password protection on his phone(s) but also on Mega and on Telegram, where Herrera is said to have "created his own public Telegram group to store his CSAM." He also joined "multiple CSAM-related Enigma groups" and frequented dark websites with taglines like "The Only Child Porn Site you need!" Despite all the precautions, Herrera's home was searched and his phones were seized by Homeland Security Investigations; he was eventually arrested on August 23. In a court filing that day, a government attorney noted that Herrera "was arrested this morning with another smartphone -- the same make and model as one of his previously seized devices."

The government is cagey about how, exactly, this criminal activity was unearthed, noting only that Herrera "tried to access a link containing apparent CSAM." Presumably, this "apparent" CSAM was a government honeypot file or web-based redirect that logged the IP address and any other relevant information of anyone who clicked on it. In the end, given that fatal click, none of the "I'll hide it behind an encrypted app that looks like a calculator!" technical sophistication accomplished much. Forensic reviews of Herrera's three phones now form the primary basis for the charges against him, and Herrera himself allegedly "admitted to seeing CSAM online for the past year and a half" in an interview with the feds.

Android Authority's Mishaal Rahman reports: Security vulnerabilities are lurking in most of the apps you use on a day-to-day basis; there's just no way for most companies to preemptively fix every possible security issue because of human error, deadlines, lack of resources, and a multitude of other factors. That's why many organizations run bug bounty programs to get external help with fixing these issues. The Google Play Security Reward Program (GPSRP) is an example of a bug bounty program that paid security researchers to find vulnerabilities in popular Android apps, but it's being shut down later this month. Google announced the Google Play Security Reward Program back in October 2017 as a way to incentivize security searchers to find and, most importantly, responsibly disclose vulnerabilities in popular Android apps distributed through the Google Play Store. [...]

The purpose of the Google Play Security Reward Program was simple: Google wanted to make the Play Store a more secure destination for Android apps. According to the company, vulnerability data they collected from the program was used to help create automated checks that scanned all apps available in Google Play for similar vulnerabilities. In 2019, Google said these automated checks helped more than 300,000 developers fix more than 1,000,000 apps on Google Play. Thus, the downstream effect of the GPSRP is that fewer vulnerable apps are distributed to Android users.

However, Google has now decided to wind down the Google Play Security Reward Program. In an email to participating developers, such as Sean Pesce, the company announced that the GPSRP will end on August 31st. The reason Google gave is that the program has seen a decrease in the number of actionable vulnerabilities reported. The company credits this success to the "overall increase in the Android OS security posture and feature hardening efforts."

Roku has removed the Redbox app from its platform, effectively cutting off users' access to purchased content following Redbox parent company Chicken Soup for the Soul Entertainment's bankruptcy filing. The move signals the likely end of Redbox's digital streaming service, which launched in 2017 to complement its DVD rental kiosks. Customers attempting to use the Redbox app on Roku devices now receive an error message directing them to other streaming services. While the app remains downloadable on some platforms, including Apple's App Store and Google Play, its functionality is severely limited. The shutdown raises questions about the fate of content purchased through Redbox's streaming service and the company's remaining 24,000 physical kiosks.