South Korea's antitrust regulator has fined Alphabet's Google 42.1 billion won ($31.88 million) for blocking the release of mobile video games on a competitor's platform. From a report: The Korea Fair Trade Commission (KFTC) said on Tuesday that Google bolstered its market dominance, and hurt local app market One Store's revenue and value as a platform, by requiring video game makers to exclusively release their titles on Google Play in exchange for providing in-app exposure between June 2016 and April 2018.

Google said it will review the final decision by the KFTC to evaluate the next course of action. "Google makes substantial investments in the success of developers, and we respectfully disagree with the KFTC's conclusions", a spokesperson said. The KFTC said the move against the U.S. technology giant is part of efforts by the government to ensure fair markets.

If you want to sneak malware onto people's Android devices via the official Google Play store, it may cost you about $20,000 to do so, Kaspersky suggests. The Register reports: This comes after the Russian infosec outfit studied nine dark-web markets between 2019 and 2023, and found a slew of code and services for sale to infect and hijack the phones and tablets of Google Play users. Before cybercriminals can share their malicious apps from Google's official store, they'll need a Play developer account, and Kaspersky says those sell for between $60 and $200 each. Once someone's bought one of these accounts, they'll be encouraged use something called a loader.

Uploading straight-up spyware to the Play store for people to download and install may attract Google's attention, and cause the app and developer account to be thrown out. A loader will attempt to avoid that: it's software a criminal can hide in their otherwise innocent legit-looking app, installed from the official store, and at some convenient point, the loader will fetch and apply an update for the app that contains malicious code that does stuff like steal data or commit fraud. That update may ask for extra permissions to access the victim's files, and may need to be pulled from an unofficial store with the victim's blessing; it depends on the set up. The app may refuse to work as normal until the loader is allowed to do its thing, convincing marks into opening up their devices to crooks. These tools are more pricey, ranging from $2,000 to $20,000, depending on the complexity and capabilities required.

Would-be crims who don't want to pay thousands for a loader can pay substantially less -- between $50 and $100 -- for a binding service, which hides a malicious APK file in a legitimate application. However, these have lower successful install rates compared to loaders, so even in the criminal underground you get what you pay for. Some other illicit services offered for sale on these forums include virtual private servers ($300), which allow attackers to redirect traffic or control infected devices, and web injectors ($25 to $80) that look out for victims' visiting selected websites on their infected devices and replacing those pages with malicious ones that steal login info or similar. Criminals can pay for obfuscation of their malware, and they may even get a better price if they buy a package deal. "One of the sellers offers obfuscation of 50 files for $440, while the cost of processing only one file by the same provider is about $30," Team Kaspersky says. Additionally, to increase the number of downloads to a malicious app, thus making it more attractive to other mobile users, attackers can buy installs for 10 cents to $1 apiece. Kaspersky's report can be found here.

Google is cracking down on predatory loan apps by cutting off their access to "sensitive" data including debtors' contacts, photos and location, after growing criticism that unscrupulous lenders are tapping the contents of borrowers' smartphones for harassment and blackmail. From a report: The tech company said on Wednesday it would update policies for financial services apps listed on the Google Play store at the end of May, so that "apps aiming to provide or facilitate personal loans may not access user contacts or photos." Details provided to app developers for Google's Android mobile system also show that lending apps will, for the first time, be restricted from requesting access to users' precise location, phone numbers and videos. The new policy covers apps offering personal, payday and peer-to-peer loans, but not mortgages, car loans or credit cards. Studies have found hundreds of apps available through Google Play that have required prospective customers to grant them access to the most intimate information on their devices in order to proceed with an application. Consent is often obtained on the grounds that these details are needed to conduct a credit check or risk assessment.

Google wants to make it as easy to scrub an app account as it is to create one. The company has announced that Android apps on the Play Store will soon have to let you delete an account and its data both inside the app and on the web. Developers will also have to wipe data for an account when users ask to delete the account entirely. From a report: The move is meant to "better educate" users on the control they have over their data, and to foster trust in both apps and the Play Store at large. It also provides more flexibility. You can delete certain data (such as your uploaded content) without having to completely erase your account, Google says. The web requirement also ensures that you won't have to reinstall an app just to purge your info. The policy is taking effect in stages. Creators have until December 7th to answer questions about data deletion in their app's safety form. Store listings will start showing the changes in early 2024. Developers can file for an extension until May 31st of next year.

Bob Lee, the chief product officer at MobileCoin, was killed in a fatal stabbing in San Francisco. From a report: On Tuesday morning, at 2:35 a.m., the San Francisco Police Department responded to a report of a stabbing near the 300 block of Main Street in SoMa. He was taken to a hospital but succumbed to his injuries. Shortly after, NBC Bay Area reported that the victim of the stabbing was Bob Lee, 43. MobileCoin confirmed the information in a statement sent to Bloomberg and ABC7 News. Before joining MobileCoin, Bob Lee worked at Google for the first few years of Android, focusing on core library development. He then joined Square, the payment company that later became Block, to develop its Android app. He became the company's first CTO and also created Cash App. Bob Lee, also known as 'Crazy Bob,' was an investor in tech startups as well. According to his LinkedIn profile, he invested in SpaceX, Clubhouse, Tile, Figma, Faire, Orchid, Addressable, Nana, Ticket Fairy, Gowalla, Asha, SiPhox, Netswitch, Found and others.

Google is bringing Android's "Nearby Share" feature to the desktop with a new Windows app. Google says the new program will make sharing between Windows and Android easier, letting you send files over in just a few clicks and taps. From a report: Google's Nearby Share has been built into Android for a few years now and allows you to locally transfer files over Wi-Fi, with the initial device-pairing happening over Bluetooth. Nearby share has been kind of tough to use in real life, since most people share files over the Internet. And for personal use, most people only have one Android device, their phone, so there has been nothing to share files with. A ton of Android users have Windows PCs, though, so for many this will be the first time Nearby Share has an actual use. Using the app is easy. Just download it from the Android website and click a few "next" buttons in the installer. You need a 64-bit Windows PC (not ARM, ironically) with Bluetooth and Wi-Fi. From there you can easily share by dragging and dropping on Windows or by using the Android "share" button and hitting "Nearby Share." You have the option of signing in to the Windows app or not. If you don't you'll need to manually approve every transaction on both the phone and PC. If you sign in, you can set up auto-accept from yourself, anyone in your contacts, or the probably not advisable "everyone" option.

An anonymous reader quotes a report from TechCrunch: As U.S. lawmakers move forward with their plans for a TikTok ban or forced sale, the app's Chinese parent company ByteDance is driving another of its social platforms into the Top Charts of the U.S. App Store. ByteDance-owned app Lemon8, an Instagram rival that describes itself as a "lifestyle community," jumped into the U.S. App Store's Top Charts on Monday, becoming the No. 10 Overall app, across both apps and games. Today, it's ranked No. 9 on the App Store's Top Apps chart, excluding games. This is a dramatic move for the little-known app and one that points to paid user acquisition efforts powering this surge. Prior to yesterday, the Lemon8 app had never before ranked in the Top 200 Overall Charts in the U.S., according to app store intelligence provided to TechCrunch by data.ai.

The firm confirms that such a fast move from being an unranked app to being No. 9 among the top free apps in the U.S. -- ahead of YouTube, WhatsApp, Gmail and Facebook -- implies a "significant" and "recent" user acquisition push on the app publisher's part. Unfortunately, because the app is so new to the App Store's Top Charts, third-party app analytics firms don't yet have precise data on Lemon8's U.S. installs, or how those installs have recently changed over the past few days. [...] According to app intelligence provider Apptopia's data, Lemon8 debuted on both iOS and Android in March 2020 and has since gained 16 million global downloads, with Japan as its top market, accounting for 38% of its total installs. While the firm also doesn't have a figure for its U.S. installs, it was able to estimate the app currently has 4.25 million monthly active users. TechCrunch believes ByteDance may be leveraging TikTok to drive app installs of Lemon8. "Over on TikTok, we noticed a number of creators recently began posting about Lemon8, with many new videos appearing in just the past 24 hours," reports TechCrunch. "Concerningly, many of their reviews are extremely positive but are not marked as sponsored content. [...] In fact, some creators even said they're getting the app in case TikTok gets banned."

Windows Central reports: According to my sources who are familiar with Microsoft's plans, the company is once again hard at work on a new project internally that's designed to modernize the Windows platform with many of the same innovations it was working on for Windows Core OS, but with a focus on native compatibility for legacy Win32 applications on devices where it makes sense. The project is codenamed CorePC and is designed to be a modular and customizable variant of Windows for Microsoft to leverage different form factors with. Not all Windows PCs need the full breadth of legacy Win32 app support, and CorePC will allow Microsoft to configure "editions" of Windows with varying levels of feature and app compatibility.

The big change with CorePC versus the current shipping version of Windows is that CorePC is state separated, just like Windows Core OS. State separation enables faster updates and a more secure platform via read-only partitions that are inaccessible to the user and third-party apps, just like on iPadOS or Android. [...] CorePC splits up the OS into multiple partitions, which is key to enabling faster OS updates. State separation also enables faster and more reliable system reset functionality, which is important for Chromebook compete devices in the education sector.

[...] My sources tell me CorePC will allow Microsoft to finally deliver a version of Windows that truly competes with Chromebooks in OS footprint, performance, and capabilities. [...] Microsoft is also working on a version of CorePC that meet the current feature set and capabilities of Windows desktop, but with state separation enabled for those faster OS updates and improved security benefits. The company is working on a compatibility layer codenamed Neon for legacy apps that require a shared state OS to function, too. Lastly, I hear that Microsoft is experimenting with a version of CorePC that's "silicon-optimized," designed to reduce legacy overhead, focus on AI capabilities, and vertically optimize hardware and software experiences in a way similar to that of Apple Silicon. Unsurprisingly, AI experiences are a key focus for Windows going into 2024.

Security researchers at Moscow-based Kaspersky Lab have identified and outlined potential malware in versions of PDD Holdings' Chinese shopping app Pinduoduo, days after Google suspended it from its Android app store. From a report: In one of the first public accountings of the malicious code, Kaspersky laid out how the app could elevate its own privileges to undermine user privacy and data security. It tested versions of the app distributed through a local app store in China, where Huawei Technologies, Tencent Holdings and Xiaomi run some of the biggest app markets. Kaspersky's findings, shared with Bloomberg News, were among the clearest explanations from an independent security team for what triggered Google's action and malware warning last week. The cybersecurity firm, which has played a role in uncovering some of the biggest cyberattacks in history, said it found evidence that earlier versions of Pinduoduo exploited system software vulnerabilities to install backdoors and gain unauthorized access to user data and notifications. Those conclusions agreed in large part with those of researchers that had posted their discoveries online in past weeks, though Bloomberg News hasn't verified the authenticity of the earlier reports.

An anonymous reader quotes a report from KrebsOnSecurity: Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones. In November 2022, researchers at Google's Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device. Google said it believes the exploit chain for Samsung devices belonged to a "commercial surveillance vendor," without elaborating further. The highly technical writeup also did not name the malicious app in question.

On Feb. 28, 2023, researchers at the Chinese security firm DarkNavy published a blog post purporting to show evidence that a major Chinese ecommerce company's app was using this same three-exploit chain to read user data stored by other apps on the affected device, and to make its app nearly impossible to remove. DarkNavy likewise did not name the app they said was responsible for the attacks. In fact, the researchers took care to redact the name of the app from multiple code screenshots published in their writeup. DarkNavy did not respond to requests for clarification. "At present, a large number of end users have complained on multiple social platforms," reads a translated version of the DarkNavy blog post. "The app has problems such as inexplicable installation, privacy leakage, and inability to uninstall."

On March 3, 2023, a denizen of the now-defunct cybercrime community BreachForums posted a thread which noted that a unique component of the malicious app code highlighted by DarkNavy also was found in the ecommerce application whose name was apparently redacted from the DarkNavy analysis: Pinduoduo. A Mar. 3, 2023 post on BreachForums, comparing the redacted code from the DarkNavy analysis with the same function in the Pinduoduo app available for download at the time. On March 4, 2023, e-commerce expert Liu Huafang posted on the Chinese social media network Weibo that Pinduoduo's app was using security vulnerabilities to gain market share by stealing user data from its competitors. That Weibo post has since been deleted. On March 7, the newly created Github account Davinci1010 published a technical analysis claiming that until recently Pinduoduo's source code included a "backdoor," a hacking term used to describe code that allows an adversary to remotely and secretly connect to a compromised system at will. That analysis includes links to archived versions of Pinduoduo's app released before March 5 (version 6.50 and lower), which is when Davinci1010 says a new version of the app removed the malicious code. Pinduoduo boasts approximately 900 million monthly active users in China. In August of last year, the Guardian published an article covering the company's plans to expand to the U.S. and take on Amazon.

An anonymous reader quotes a report from Ars Technica: Back in 2018, Pixel phones gained a built-in screenshot editor called "Markup" with the release of Android 9.0 Pie. The tool pops up whenever you take a screenshot, and tapping the app's pen icon gives you access to tools like crop and a few colored drawing pens. That's very handy assuming Google's Markup tool actually does what it says, but a new vulnerability points out the edits made by this tool weren't actually destructive! It's possible to uncrop or unredact Pixel screenshots taken during the past four years.

The bug was discovered by Simon Aarons and is dubbed "Acropalypse," or more formally CVE-2023-21036. There's a proof-of-concept app that can unredact Pixel screenshots at acropalypse.app, and it works! There's also a good technical write-up here by Aarons' collaborator, David Buchanan. The basic gist of the problem is that Google's screenshot editor overwrites the original screenshot file with your new edited screenshot, but it does not truncate or recompress that file in any way. If your edited screenshot has a smaller file size than the original -- that's very easy to do with the crop tool -- you end up with a PNG with a bunch of hidden junk data at the end of it. That junk data is made up of the end bits of your original screenshot, and it's actually possible to recover that data. While the bug was fixed in the March 2023 security update for Pixel devices, it doesn't solve the problem, notes Ars. "There's still the matter of the last four years of Pixel screenshots that are out there and possibly full of hidden data that people didn't realize they were sharing."

Microsoft is preparing to launch a new app store for games on iPhones and Android smartphones as soon as next year if its $75bn acquisition of Activision Blizzard is cleared by regulators, according to the head of its Xbox business. From a report: New rules requiring Apple and Google to open up their mobile platforms to app stores owned and operated by other companies are expected to come into force from March 2024 under the EU's Digital Markets Act. "We want to be in a position to offer Xbox and content from both us and our third-party partners across any screen where somebody would want to play," said Phil Spencer, chief executive of Microsoft Gaming, in an interview ahead of this week's annual Game Developers Conference in San Francisco. "Today, we can't do that on mobile devices but we want to build towards a world that we think will be coming where those devices are opened up."

Microsoft is fighting with regulators in the US, Europe and UK, which have all raised concerns about the potential impact on competition from the owner of the Xbox console buying the developer of Call of Duty, one of the world's most popular games franchises. PlayStation maker Sony has been a vocal opponent of the deal. However, Spencer argues the deal can boost competition in what he called the "largest platform people play on" -- smartphones -- where Apple and Google currently operate what some antitrust authorities have called a "duopoly" over distribution of games and other apps. [...] While acknowledging it was hard to predict exactly when Microsoft will be able to launch its own store, Spencer said it would be "pretty trivial" for Microsoft to adapt its Xbox and Game Pass apps to sell games and subscriptions on mobile devices. Microsoft's current lack of mobile games was an "obvious hole in our capability" that it needed Activision Blizzard to fill, he added.

Meta on Friday launched its subscription service in the U.S., which would allow Facebook and Instagram users pay for verification in the same vein as Elon Musk-owned Twitter. From a report: The Meta Verified service will give users a blue badge after they verify their accounts using a government ID and will cost $11.99 per month on the web or $14.99 a month on Apple's iOS system and Google-owned Android, Meta said in a statement. The service, which Meta said it was testing in February, follows in the footsteps of Snapchat as well as messaging app Telegram and marks the latest effort by a social media company to diversify its revenue away from advertising.

Remember Second Life? The virtual world launched on the desktop web back in 2003 with 3D avatars and spaces for various social activities. Believe it or not, it has been running continually this entire time -- and now it's coming to mobile for the first time. From a report: In fact, this will be the first time that Second Life has expanded beyond the PC (across Windows, macOS, and Linux) in any form. In a post to the virtual world's community web forum, a community manager for Second Life developer Linden Lab shared a video with some details about the mobile version's development, and announced that a beta version of the mobile app will launch sometime this year.

The video reveals that the app was built using Unity -- in part to make for an easy path to releasing and maintaining the app on multiple platforms, including the iPhone, iPad, Android phones, and Android tablets. It also includes a few minutes of footage of Second Life's detailed character models and environments, with accompanying commentary by Linden Lab developers about bringing as much of the experience to mobile as possible.

Google has announced today that it will no longer be selling its Glass Enterprise Edition 2 headsets, with support set to be discontinued later this year. 9to5Google reports: After the commercial failure of its original Google Glass headsets, the company segued the AR product into a solution for businesses and industrial customers, intended to allow workers to stay connected in a hands-free way. This lineup, dubbed Glass Enterprise Edition, received a second-generation update in 2019, which was built on the Snapdragon XR1 hardware platform.

Google has updated many of the pages related to the Google Glass Enterprise Edition to announce that sales of the headset have been discontinued as of March 15. For existing Glass Enterprise Edition customers, Google will continue to support the headset until September 15, 2023, though the company has said that "no software updates from Google are planned." Instead, "support" here means that customers will be able to receive replacement devices under the existing programs until that deadline.

After the deprecation date, all existing headsets will continue to work as normal, and third-party developers will still be able to update their applications, which are usually responsible for any business-specific tasks. One caveat, though, is that Google says the "Meet on Glass" app that launched less than a year ago is only guaranteed to work until the September 15 deadline, after which the app has the potential to break.

An anonymous reader quotes a report from Ars Technica: Microsoft announced Tuesday that it has signed a 10-year deal to bring its Xbox PC games to little-known Ukraine-based streaming platform Boosteroid. The move is being positioned in part to "mak[e] even more clear to regulators that our acquisition of Activision Blizzard will make Call of Duty available on far more devices than before," as Microsoft Vice Chair and President Brad Smith said in a statement. "If the only argument is that Microsoft is going to withhold Call of Duty from other platforms, and we've now entered into contracts that are going to bring this to many more devices and many more platforms, that is a pretty hard case to make to a court," Smith told The Wall Street Journal.

Started in 2017, Boosteroid boasts 4 million streaming customers using servers based in nine European countries and six US states. Those customers pay 7.50 euro per month to stream games from those servers to any smartphone, Windows/Mac/Linux-based PC, or Android TV device. Boosteroid currently links to users' accounts on other PC-based platforms -- including Steam, the Epic Games Store, Blizzard's Battle.net, EA's Origin, the Rockstar Game Launcher, and Wargaming -- and lets them play games from those services without having to install them on a local gaming PC. With this new deal, that access will expand to include games available through Microsoft's Xbox app on the PC.

Apple is launching a new music streaming service focused on classical music. TechCrunch reports: Based on its 2021 acquisition of Amsterdam-based streamer Primephonic, the new Apple Music Classical app will offer Apple Music subscribers access to more than 5 million classical music tracks, including new releases in high-quality audio, as well as hundreds of curated playlists, thousands of exclusive albums and other features like composer bios and deep dives on key works, Apple says.

However, while the app is being announced today, it's only available for preorder on the App Store for now. The release date will be later this month, on March 28. In addition, the app will only support iOS devices running iOS 15.4 or newer at launch. Apple Music Classical will present a simple interface for engaging with classical works. Users will be able to search by composer, work, conductor or even catalog number, to locate recordings. These can be streamed in high-quality audio of up to 192 kHz/24-bit Hi-Res Lossless. And thousands of recordings will be available in Apple's immersive spatial audio, as well.

The app will also let users dive into the recordings to read editorial notes about the composers and descriptions of their key works. Famous composers will have their own high-resolution digital portraits available, which Apple commissioned from artists. These were designed with color palettes and artistic references from the relevant classical period, Apple notes, and more will be added in time. At launch, portraits will be available for Ludwig van Beethoven, Frederic Chopin and Johann Sebastian Bach. The service will continue to be updated with new music over time, too. There's no additional charge for Apple Music Classical if you're an Apple Music subscriber. Android support is coming "soon."

Microsoft "is adding iPhone support to its Phone Link app on Windows 11," reports MacRumors. "The app allows iPhone users to make and receive phone calls, send and receive text messages, and view an iPhone's notifications directly on a PC." Notably, the app brings limited iMessage functionality to Windows. After pairing an iPhone with a PC via Bluetooth and granting some permissions on the iPhone, users can send and receive iMessages and SMS text messages in Phone Link, but there is no support for group chats or sending photos and videos.
The Verge notes you won't see the full message history in conversations, "as only messages that have been sent or received using Phone Link will be displayed." Microsoft isn't using blue or green bubbles in Phone Link either, as the company isn't able to differentiate between a standard text message and one sent via iMessage. The Phone Link integration for iOS is basic compared to what's available for Android, but Microsoft has never supported messaging or calls for iPhone users before, so this is a step in the right direction....

This new Phone Link support arrives alongside a big new Windows 11 update that includes AI-powered Bing on the taskbar, a screen recording feature, better touch optimizations, and more. If you're interested in testing this new Phone Link support for iOS, it will be available for Windows Insiders in the Dev, Beta, and Release Preview channels, but Microsoft is kicking off testing with a "small percentage" of testers this week.
Thanks to ttyler (Slashdot reader #20,687) for sharing the news.

Starting today, Google is rolling out fall detection to all Pixel Watches. The Verge reports: Google's version of fall detection is similar to those you'll find on other smartwatches, like the Apple Watch and the Samsung Galaxy Watch 4 and 5 lineups. It uses the device's motion sensors and machine learning to figure out when someone's taken a tumble and might need some help. The feature will purportedly kick in about 30 seconds after it detects a hard fall. At that point, the watch will vibrate, sound an alarm, and flash a notification asking if the Pixel Watch owner needs help. If users don't respond after a minute, the watch will automatically call emergency services and share their location.

According to Google, the Pixel Watch ought to be able to differentiate between a hard fall, stumble, or physical activity that may mimic falling -- like the dreaded burpee. Whether that claim holds water is another matter that we'll have to test for ourselves. [...] The feature is opt in, so you'll have to turn it on manually if it's something you want. Google says Pixel Watch owners may see a promotional card pop up in the Updates page within the Watch Companion app. If you don't see it there, you can also check directly from the wrist in the Personal Safety app.

Google has announced that the Magic Eraser feature, which tried to automatically remove unwanted parts of a picture and debuted with the Pixel 6, will no longer be exclusive to phones with its custom chips. From a report: Starting on Thursday, it's going to be rolling out to Google One subscribers who use the Google Photos app on Android or iOS as well as "all Pixel users." Magic Eraser, as well as the "Camouflage" function that lets you desaturate potentially distracting background objects rather than erasing them from a picture completely, will come with any level of Google One plan. If you have a Pixel, you won't have to have a plan at all to get it. Google says it's also adding editing features like an HDR effect for videos and exclusive collage editor styles for Google One subscribers and Pixel users. Google says it could be a few weeks before everyone gets access to the new photo editing features.