These Nine Android Apps May Have Stolen Your Facebook Login Information

Technology

Gizmodo 03 July, 2021 - 03:38pm 59 views

These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.

All nine of these apps no longer appear in Play Store search results. A Google spokesperson told Ars Technica that the developers behind these apps have also been banned, thus prohibiting them from submitting new apps.

Read full article at Gizmodo

Apps with 5.8 million Google Play downloads stole users’ Facebook passwords

Ars Technica 03 July, 2021 - 06:26pm

Sign up or login to join the discussions!

Google has given the boot to nine Android apps downloaded more than 5.8 million times from the company's Play marketplace after researchers said these apps used a sneaky way to steal users' Facebook login credentials.

In a bid to win users’ trust and lower their guard, the apps provided fully functioning services for photo editing and framing, exercise and training, horoscopes, and removal of junk files from Android devices, according to a post published by security firm Dr. Web. All of the identified apps offered users an option to disable in-app ads by logging into their Facebook accounts. Users who chose the option saw a genuine Facebook login form containing fields for entering usernames and passwords.

Then, as Dr. Web researchers wrote:

These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.

Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts. However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.

The researchers identified five malware variants stashed inside the apps. Three of them were native Android apps, and the remaining two used Google’s Flutter framework, which is designed for cross-platform compatibility. Dr. Web said that it classifies all of them as the same trojan because they use identical configuration file formats and identical JavaScript code to steal user data.

Dr. Web identified the variants as:

The majority of the downloads were for an app called PIP Photo, which was accessed more than 5.8 million times. The app with the next greatest reach was Processing Photo, with more than 500,000 downloads. The remaining apps were:

A search of Google Play shows that all apps have been removed from Play. A Google spokesman said that the company has also banned the developers of all nine apps from the store, meaning they will not be allowed to submit new apps. That’s the right thing for Google to do, but it nonetheless poses only a minimal hurdle for the developers because they can simply sign up for a new developer account under a different name for a one-time fee of $25.

Anyone who has downloaded one of the above apps should thoroughly examine their device and their Facebook accounts for any signs of compromise. Downloading a free Android antivirus app from a known security firm and scanning for additional malicious apps isn’t a bad idea, either. The offering from Malwarebytes is my favorite.

You must login or create an account to comment.

Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.

This Week in Apps: iOS 15 public beta arrives, Android App Bundles to replace APKs, app consumer spend hits new record – TechCrunch

TechCrunch 03 July, 2021 - 01:00pm

Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

The app industry continues to grow, with a record 218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also spent 3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices.

Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year

This week Google announced it will require new apps to be published using the Android App Bundle as of August 2021. The company first launched the Android App Bundle standard, which replaces the APK, in May 2018 as part of its modern development push. Since then, the majority of the top 1,000 apps and games have switched over to AABs including those from companies like Adobe, Duolingo. Gameloft, Netflix, reBus, Rainy, and Twitter. Today, there are over 1 million apps using AAB in production.

AABs solve some problems with the aging APK standard, particularly around larger apps and games. With AABs, developers don’t have to create an APK that contains everything for every type of Android device. They offer a way to quickly and more efficiently download the assets needed for a particular device, and they do so in a way that focuses on getting the user or player to the app or game’s content as fast as possible.

But not everyone agrees the change is for the better. Those who utilize APK Hosting sites like APKMirror or APKPure to download and share apps worry that the shift to AAB is a way to force users to use the Play Store instead of alternatives. Meanwhile, Epic Games founder and CEO Tim Sweeney — who is taking on tech giants over their alleged app store monopolies with both lawsuits and lobbying — pointed out that the move away from the more open APK standard is about locking users into Google Play.

This is one of the many reasons we mustn’t accept the argument: “If you don’t like iPhone’s restrictions, buy an Android phone”.

Both companies have run amok, trampling the rights of users and developers alike. The distinction is just that Apple’s several steps ahead. https://t.co/m2ZIv7PnbK

— Tim Sweeney (@TimSweeneyEpic) June 30, 2021

From the first half of 2019 to the first half of 2020, consumer spending on mobile apps grew 28.4% from $40.5 billion to $52 billion, for comparison — slower than the 24.8% seen in the current period.

Samsung and Google previewed their wearable platform ahead of the next Galaxy Watch launch. The two companies agreed to partner on wearables in order to better compete against Apple Watch. At Mobile World Congress, Samsung showed off the first device to feature the One UI Watch user experience and the new unified platform built in partnership with Google.

Instagram adds a new feature that will allow businesses in the U.S. to designate themselves as being Black-owned businesses using badges that appear on their profiles and on their product shopping pages. It may also be highlighted in places like the Shop tab, to help more potential customers discover the business.

Walmart partnered with mobile couponing app Ibotta on a multi-year deal that will offer cash-back rewards to Walmart customers that will be applied directly to customers’ Walmart accounts, where they can be used for future purchases. The offers will be made available on Walmart.com and inside the Walmart mobile app.

Following Apple and Google’s lead, Shopify dropped App Store commissions. However, it’s dropping its cut to 0% for the first million, and then will only take a 15% commission on “marginal” revenue above that $1 million. The change could increase pressure on other app stores to make further adjustments to their models in the future.

Rakuten Viber has partnered with Snap to bring augmented reality Lenses from Snapchat to its own Viber calling and messaging app. The over 30 Lenses will be built using Snap’s creative tools, including Bitmoji, Camera Kit, and Creative Kit and will offer AR-enabled messaging and photos to Viber’s users. The deal is another example of how Snap is growing its licensing business for its AR and creative tools alongside the development of its own social app.

Google’s Arts & Culture app created a new feature called Art Filter that allows everyone to learn about significant pieces of art from around the world and put themselves inside famous paintings using AR. Google talked this week about its work with MediaPipe to utilize their face mesh and 3D face transform tech to create custom effects for each of the artifacts chosen.

Venmo introduced a new feature that allows users to add a “good and services” tag to payments sent to personal accounts to differentiate them from personal transactions. The system is meant to protect buyers and sellers, Venmo says. Buyers on these transactions will be eligible for Venmo’s Purchase Protection Program, but sellers are unable with the new fees associated with the change as Venmo will now deduct 1.9% of the transaction plus 10 cents from the money sent to the seller.

Intuit-owned finance and budgeting app Mint added the ability to track cryptocurrency investments across a number of supported exchanges, including Binance, BlockFi, Coinbase/Coinbase Pro, Gemini, Kraken, PayPal, and Robinhood. As a result, the app shot to No. 12 overall on the U.S. App Store on Wednesday and became the No. 1 app in the Finance category, though it has since dropped in ranking.

TikTok is expanding its max video length to 3 minutes, up from 60 seconds, after testing this feature publicly for many months with a select group of creators. The feature will allow for more long-form video content, potentially making TikTok even more of a threat to YouTube.

Pinterest bans weight loss ads on its platform, becoming the first major social platform to take this sort of action. The company says social media plays a role in promoting harmful beauty standards, and ads that glorify weight loss contribute to a rise in disordered eating behaviors rather than healthy habits.

Instagram is developing its own version of Twitter’s Super Follow with “Exclusive Stories.” Instagram confirmed that the screenshots of an “Exclusive Stories” feature recently circulated across social media are from an internal prototype that’s now in development, but not yet being publicly tested. The feature would allow creators to offer Stories that only members (likely paying subscribers) would be able to see. These would appear on their profile in different colors and would display a message that their Story was only for members when others tried to view them. They could also be saved as Highlights, and can’t be screenshot, according to the leaks.

Trump and Parler reportedly discussed a deal that would move the bulk of Trump’s social media presence to the right-wing Twitter alternative, according to New York Magazine. The deal would have seen Trump taking 40% of Parler’s revenues had it gone through. Parler was okay with the rev share, but wouldn’t ban Trump’s critics from the app, which scuttled the deal, the report said.

Instagram is testing a feature that would allow anyone to be able to share a link directly in their Stories through a linking sticker, which would work the same way the swipe-up links currently do. The company said the test is looking to understand how many people would use links, if available.

Twitter offered users a chance to receive one of seven free NFTs this week, which were minted on Rarible in editions of 20, making for 140 NFTs (get it?) in total. The NFTs were offered to those who replied to a post from the company’s main Twitter account, and could signal Twitter’s plans to invest in making NFTs more a part of its platform in the future.

Audio chat comes to the workplace as Slack this week released a new audio tool called Slack Huddles that allows users to have real-time conversations with colleagues in Slack’s app instead of typing. The company also offered more details about an upcoming feature that allows users to leave video messages and it showed off an upgraded employee directory. The video messages tool is being piloted while the directory is currently available to a limited number of Business + and Enterprise Grid customers.

The U.K. issued guidance to messaging apps operating in the country to not use end-to-end encryption on children’s accounts, asking companies to consider the risks that e2e poses to younger users, as it makes it more difficult to identify illegal and harmful content that takes place on private channels. A government spokesperson stressed that there’s a way to implement strong encryption in a way that’s consistent with public safety. Privacy activists disagree with this stance.

WhatsApp is testing a redesigned voice message feature that will show short waveforms when the user is recording the message. After recording, the user can stop and listen to their message before sending it, too.

Dating app Bumble is planning to open its first cafe in New York later this month. The launch was originally planned for 2019, but was delayed due to the pandemic. The new venue, Bumble Brew, is being enabled by a partnership between the dating app maker and Italian restaurant Pasquale Jones. Decked out in Bumble’s yellow, the new cafe will open next to the restaurant, to offer a place for daters to meet for either coffee, cocktails or a meal.

Netflix users on Android devices will now be able to start streaming titles that have only partially downloaded, which could help in the scenario where you’ve forgotten to download your favorite shows before boarding a plane. Before, until the download completed, you couldn’t watch any portion of the video at all.

Chinese TikTok rival Kuaishou and Tencent acquired the short-form rights to the upcoming Tokyo and 2022 Beijing Winter Olympics from state broadcaster CCTV. This makes the app the first short-form and livestreaming platform globally to become an official broadcaster of the Olympics.

Amazon Music Unlimited is giving subscribers up to six months of Disney+ for free (or three for existing subscribers). Disney’s isn’t the first to bundle a streaming deal with music. Hulu and Spotify had once done the same.

Spotify launched its Spotify Audience Network ad marketplace to advertisers and Megaphone publishers in Australia, Canada and the U.K., following its U.S. launch in February. The marketplace lets advertisers buy audio ads on and off the Spotify platform.

Microsoft’s Xbox division announced the expansion of its Designed for Xbox mobile gaming accessories to iOS alongside the launch of the Xbox Cloud Gaming beta becoming available to Xbox Game Pass Ultimate members on Windows 10 PCs and Apple phones and tablets via the web browser at xbox.com/play.

As part of the accessories program expansion, the Backbone mobile controller joined the Designed for Xbox family with the Backbone One for Xbox, which supports all iPhones running iOS 13 or later. It also added OtterBox Power Swap Controller Batteries, a battery pack compatible with Xbox consoles, Android and iPhone devices.

App Annie spots signs of a pandemic recovery in its Q2 2021 report, noting in particular a rebound in travel apps. The firm found that monthly hours spent in Travel and Navigations apps are on an upward trend in markets like the U.S. and the U.K., where the rollout of vaccinations has been strong. South Korea is seeing an even better recovery, as time spent in travel apps has surpassed pre-pandemic levels. Travel apps in Brazil, France and India, however, have not yet reached pre-pandemic levels.

Alphabet’s Wing launched a free app in the U.S. called OpenSky aimed at both commercial and recreational drone pilots. The app shows pilots where it’s okay to fly using color-coded maps with greens, yellows and reds. It also allows pilots to submit requests to fly in controlled airspaces and receive near real-time authorizations. This feature works in hundreds of airspaces. The app had previously been available in Australia only.

Facebook is launching an educational app called Sabee in Nigeria, which is the first of the company’s new efforts to more directly target the country, and eventually, the African continent, with new mobile products. The app is being published by the company’s NPE Team, an internal R&D incubator, which had focused on new social experiences until now.

💰 Tapcart, a “Shopify for mobile apps,” raises $50 million Series B led by Left Lane Capital. The company offers a drag-and-drop builder that allows anyone to create a mobile app for their existing Shopify store and communicate with customers via push. Shopify was among the participating investors.

💰 BreezoMeter, an iPhone app that measures air quality, raises a $30 million Series C led by Fortissimo Capital, bringing its total raise to date to $45 million. The company uses AI and machine learning to gather and understand data from multiple sources, including more than 47,000 sensors worldwide.

💰Istanbul-based Dream Games raised $155 million Series at a $1 billion valuation in a round co-led by Index Ventures and Makers Fund. The mobile puzzle game developer is best known for Royal Match, which has 6M MAUs and $20M/month in revenue.

💰Apple and Snap partner Jigspace, “the Canva for 3D,” raised $4.7 million Series A in a round led by Rampersand. The free JigSpace app lets anyone combine presets and templates of 3D-modeled objects to create their own “Jigs” (models). The app has over 4 million users on the App Store.

💰South Korea edtech app maker Mathpresso raised $50 million in Series C funding from GGV Capital, Yellowdog, Goodwater Capital, and KDB. The service is used by over 9.8M users

📈 Robinhood files for its IPO. Earlier in the week, Robinhood agreed to pay $70 million in fines and restitution as part of its settlement with the Financial Industry Regulatory Authority over providing customers with “false or misleading information. The SEC, however, is still investigating the trading halt related to GameStop and other meme stocks. Robinhood has 18M accounts and $80B in assets. It will trade under “HOOD” on the Nasdaq.

💰 Women’s social networking app Peanut launches a microfund called StartHER to begin investing in early, pre-seed stage startups led by women or other historically excluded groups.

🤝 Social media app LYKA, focused on Southeast Asia, inked a deal with music-streaming technology company Tuned Global to integrate an immersive music-streaming service directly inside its app. The partnership will allow LYKA to provide on-demand streaming of music, video, and podcasts to the app’s users.

📈 Chinese m-commerce app Dingdong made a small gain during this week’s IPO, with shares that closed at $23.52, up 2 cents from its offer price, on its first day of trading. The app allows customers to buy fresh produce, meat, seafood and other daily necessities.

💰 Vietnamese investment app Infina raised $2 million in seed funding for its Robinhood-like app launched in January 2021, which now has some 500,000 trading accounts.

🤝 Gaming chat app Discord acquired AR startup Ubiquity6, which had raised $37.5 million in funding from top investors including Benchmark, First Round, Kleiner Perkins and Google’s Gradient Ventures. The startup had recently abandoned some of its projects, indicating it may have been struggling to find traction. Deal terms weren’t disclosed.

📈 Edtech unicorn Duolingo filed to go public following 129% revenue growth in 2020. The 400-person company had $161.7 million in revenue in 2020 and had recently turned profitable.

💰 Family app Life360 announced a $2.1 million investment round from celebs and influencers who will now help to advise the company on new features and help with product marketing. The round was led by Bryant Stibel, the firm co-founded by the late Kobe Bryant and business partner Jeff Stibel. Other investors included Vanessa Bryant, Joanna and Chip Gaines, Tony Hawk, Chris and Jada Paul, TikTok influencer Billy Perry, and Nicole and Michael Phelps. Life360 currently trades on the ASX.

💰Age of Learning, the creator of childhood education app ABCmouse, raised $300 million in a new round of funding led by TPG. The new investment more than doubled the company’s valuation to $3 billion. The company says it will use the funds to accelerate international expansion and the development of its next generation of apps.

💰Exercise and corporate wellness app Gympass raised $220 million in Series E funding. The Brazil-based app saw a record 4 million monthly check-ins across its network of more than 50,000 global partners in May.

💰Digital greeting card app Givingli raised $3 million in seed funding in a round led by Reddit co-founder Alexis Ohanian’s Seven Seven Six. The app aims to modernize the digital greeting card business for Gen Z users and monetizes through a $3.99 per month premium subscription and gift card sales. Snap also invested in the round after earlier partnering with the startup on a Snap Mini app.

💰Buzzer, a live sports app, raised $20 million in Series A funding from a number of sports and entertainment backers, including Michael Jordan, Naomi Osaka, Patrick Mahomes and others.

The new Brickit mobile app is a Lego fan’s dream and an impressive use of computer vision technology. The app is able to quickly analyze a pile of Legos to identify which bricks you have in your collection. It then serves up some projects where you have all, or at least most of, the bricks you need to build. The process is very fast, too — the app makes sense of hundreds of bricks in your pile within just seconds. Brickit doesn’t come from Lego directly, however, which limits some of its capabilities in terms of integrating with Lego’s larger library of instructions. But, in time, it will likely generate some data on the Lego collections users have at home which could make it an interesting acquisition target for Lego, in addition to the tech itself.

Ho-ly shit pic.twitter.com/5dr2rqWKTc

— Alexander Klöpping (@AlexanderNL) June 30, 2021

It really is quite incredible that ~30 days after a major iOS release 70% of users have updated. Apple’s multi-year push to get most users on auto-update and then tightly managing the rollout is such a fantastic thing for the platform. (chart by @alexdbauer) pic.twitter.com/OKrgjZjH8m

— David Barnard (@drbarnard) June 30, 2021

— drew olanoff (@yoda) July 1, 2021

Turns out no one remembered to claim @​taylorswift. 🙈

So I’m now Taylor Swift on a platform about Taylor Swift. pic.twitter.com/YFSuIzEJ0y

— Noah Evans (@ThisIsNoahEvans) June 30, 2021

Android warning: DON'T download another app until know about these nasty new threats

Express 03 July, 2021 - 09:36am

When you subscribe we will use the information you provide to send you these newsletters. Sometimes they'll include recommendations for other related newsletters or services we offer. Our Privacy Notice explains more about how we use your data, and your rights. You can unsubscribe at any time.

Android users are constantly being warned of fresh threats to their devices but 2021 could be the worst year yet. A new report from security experts at McAfee has revealed the scale of the problem with the firm saying that "2021 is shaping up to be a year of malware misinformation and sneak attacks." These new threats range from annoying adware that fill devices with endless pop-ups to more serious banking malware which has the ability to steal personal financial data and access accounts.

Unlike Apple's iPhone, Android is a much more open platform which means applications can be installed from sources outside of the Play Store. This makes it a prime target for hackers intent on stealing data.

So, if you own an Android phone here are four of the biggest threats to watch out for this year.

Cyber thieves are using a number of tricks to tempt people into signing up for unwanted subscription and premium services that can be almost impossible to cancel. McAfee says these fraudulent apps often masquerade as legitimate ones and can even hijack SMS messages to sign users up without their knowledge or consent.

One recent app that found its way onto the Google Play Store amassed some 700,000 downloads before it was spotted and removed. To avoid detection, scammers often submit a clean version of the app to Google’s review process and then introduce malicious code during a later update.

Banking Malware has boomed in recent months with McAfee Mobile Security detecting a 141 percent increase between Q3 and Q4 2020.

Most Banking Trojans are distributed via mechanisms such as phishing SMS messages to avoid Google’s screening process. These malicious apps appear as some type of security scanner, with names such as OutProtect, PrivacyTitan, GreatVault, SecureShield, and DefenseScreen

Once activated they pretend to scan the phone for issues but they are simply looking for apps related to the targeted financial institutions such as online banking. If one is found, the malware notifies the user that a popular app, such as Google Chrome, WhatsApp, or a fake PDF reader, is out of date and urging an immediate update.

Clicking the “Update Now” button downloads additional malicious code and asks the user to enable accessibility services, which gives the app broad control of the user’s device.

Scammers will stop at nothing in a bid to access devices and have even sunk as low as to use the COVID pandemic for financial gain.

With most of the world still anxious about COVID-19 and getting vaccinated, cybercriminals are targeting these fears with bogus apps, text messages, and social media invitations.

McAfee says malware and malicious links hidden inside these fakes display ads and try to steal banking information and credentials.

One of the earliest coronavirus vaccine fraud campaigns was recorded in India in November 2020, before any vaccines had been approved in the country. This operation started with SMS and WhatsApp messages that encouraged users to download an app to apply for the vaccine. However, it was simply a trick to gain personal data.

Another nasty threat called Etinu has the ability to steal incoming SMS messages using a Notification Listener function. Where this malware is clever is that it can read a message without triggering the SMS read permission or read receipts.

As a result, the app can process information in the messages without alerting the user that messages have been read.

It can use these capabilities to make purchases and sign up for premium services and subscriptions that get charged to the user’s account.

Speaking about its latest threat report McAfee said: "To avoid security screening, many malware authors try to distribute their apps via SMS messages or links on popular social media sites.

"Others are writing apps with minimal but legitimate functionality, inserting malicious code during an update when scrutiny is lessened, and then downloading additional encrypted packages to obfuscate the real malware.

"Last year, cybercriminals expanded the methods they used to hide attacks and frauds, making them more difficult to identify and remove.

"Before downloading something to your device, do some quick research about the source and developer. Many of these have been flagged by other users."

"Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for accessibility services and message notification access."

9 cool features you can find in Google apps on iOS, but not Android

Android Police 03 July, 2021 - 06:30am

After buying an iPad Air several months ago, I was curious about the Google services experience on iOS. Over the previous years, I've frequently heard about features that roll out to Google's apps on its rival platform before making it to its own OS, so I wanted to dig into the biggest Google apps and services to see if they offered anything new on iOS that we haven't seen on Android. My investigation turned up several examples, nine of which are quite significant, plus a few other less substantial ones.

We've heard about Chrome's upcoming Read Later-like feature for more than a year, but we've yet to see it roll out to everyone. It has just recently popped up in the Canary release of Chrome on Android, so it'll still take a while to reach the stable version. In the meantime, Google suggests you use the page download function to replace it.

However, the reading list is already live on iOS and has been for many months. Thanks to it, you can add any open page to your list or tap and hold on any hyperlink in a site to save the linked page for later.

The functionality is limited with only the option to mark pages as read or delete them from your list, but it's the simplified offline reading mode that makes this all worth it.

Once a page is saved, it's accessible online and offline, and everything superfluous is stripped out, leaving just the main content of the article with only the text and images. It's a barebones Pocket alternative, but for casual users who want to save a few articles to read and enjoy when they're away from a connection, it's perfect.

Many Google apps on Android let you swipe up or down on your avatar image (top right) to switch between different logged-in accounts. We really love the feature, which is also available on iOS, though with one extra sprinkle on top.

If you tap and hold the avatar instead of swiping, you toggle on incognito mode, so you can use the app without any of the activity being tracked or associated with your account. This works in the main Google app on iOS. (It used to work in Google Maps too, but for some reason, Google removed the functionality recently.)

It's been years since Google Photos added the option to change the date and time of a photo or a series of photos on the web interface. The feature still hasn't made it to the Android app, but it's already there on iOS. You can either set the same date and time for all the pics, or shift them all so that the first one starts at a different time and the others follow along. The latter is awesome if you forgot to adjust your camera's time and everything ended up being off by a few hours (or days, months, years).

In general, Gboard is miles ahead on Android compared to iOS: It's smoother, offers a number row, multi-language support, a handy clipboard manager, and those awesome emoji combos that we love so much, among other extras. But there are two unique features that you can only find on Gboard for iOS now. The first is Dot shortcuts, a way to quickly insert preset emojis, GIFs, and stickers by simply typing a dot (period) followed by a keyword.

You can set as many keywords as you want, but they're limited to six characters in length (this is why my popcorn keyword is 'corn'), then search and select three suggestions, which can be mixed and matched among emojis, stickers, and GIFs. Given how clumsy it is to insert these on iOS, the dot shortcuts are very welcome on the platform, but they'd be very handy on Android as well.

The second Gboard feature that you can only find on iOS is the ability to customize any theme to your liking, down to the tiniest of details. You have to tap the pen (edit) icon on the bottom right of any theme you choose and you'll be taken to a new page with all the settings you could imagine: background transparency, text and background colors on regular and non-text keys, borders around each of these, pop-up text and background color, and even swipe trail color and length.

This lets you really personalize the keyboard's look to your liking, going from something extra dark suited for night usage (or vampires) to something as funky as whatever this blue, green, yellow, and red retina-searing mix is.

It still baffles me that Google doesn't let you set up a biometric lock for many of its sensitive apps on Android. It does, however, offer that for Drive on iOS. The feature is called Privacy Screen and can be enabled when you switch away from Drive, either immediately, after 10 seconds, 1 minute, or 10 minutes. Whenever you try to get back to Drive after the preset timeout, you'll have to unlock it with Touch ID or your pin. This is a great security tool to keep anyone you don't trust away from your sensitive documents.

Besides Drive, you can also lock the Google app behind Touch ID, but only for incognito mode tabs after 15 minutes of inactivity. That makes a lot of sense. If you've started a search in incognito, you likely don't want it to be tracked back to you, whether by Google's algorithms or people who might have physical access to your device. After you've switched away from this for 15 minutes, you either forgot about it or got side-tracked, so it's only handy to see it locked and requiring your biometric authentication to show its content.

It might also save you from seeing some sensitive content if you open the app when there are people nearby, after you'd been inactive for a while and you'd forgotten what you were doing on it the last time.

Every week, there are at least five or six times where I wish the Google app on Android could allow me to perform a new search without closing or overriding the existing one. On iOS, though, the Google app has a tab switcher button that lets you perform a new search or open another recommended article while keeping the current one(s) open.

Switching between running searches and articles is as simple as selecting that thumbnail, and you can set open tabs to be automatically closed after one day, week, or month.

Most Google apps offer the same general functionality across Android and iOS, but for some reason, the Play Books team has decided that on Android, you get access to your book series, whereas on iOS, you can see your shelves. If you have a ton of books in your library, the latter is definitely the winner feature, as it lets you create separate shelves (think tags/collections) for your books, so you can easily group the ones that fit together.

You can then add and remove any book from your library to a shelf, so that it's easier to find among its peers. These shelves are also accessible on the web, and your collections will sync between the two platforms easily. Not Android, though.

It's possible to open two side-by-side windows on Chrome for Android, but you have to enable multi-window first then tap and hold any link on the current open page to open it in the second window. It's quite hidden and not very straightforward — I've been digging into Chrome's features for years and only learned about this a few months ago.

On iOS, the process is much more straightforward. You can tap and hold any link to open it in a new window, without having to trigger the multi-window mode first, or you can use iOS's gestures. Easy peasy.

Another minor Chrome improvement on iOS is the handy tab switcher that lets you move between open tabs on your current device, but also consult a list of your recently closed tabs and every tab you've kept open on other devices. These features are all available on Android, but they're not as easily accessible as they are on iOS through the tab switcher.

On iOS, Gmail lets you customize your snooze settings inside the app, thus saving you from having to open the web interface to change those. Minor, but why not add it to Android too?

When scrolling through your photo library on Android or when performing a search, animation thumbnails remain static. On iOS, they play in-line, so you can preview them without opening them. This can be handy if you have several animations with similar(ish) static thumbnail images, but with different content.

I love Google Calendar's cute illustrations for events, but they may not be to everyone's liking. If you prefer to keep your calendar serious and functional, you can disable month and event illustrations on the Calendar app on iOS through two toggles that are nowhere to be found on Android.

And just like that, your calendar becomes bland again with only calendar colors punctuating the schedule.

Search tools were added to the Google app on Android last year then mysteriously disappeared, never to be seen again. They're available on iOS, though, letting you restrict your search results by date (any time, past hour, 24 hours, week, month, or year). It's confusing to find these filters on the web (desktop and mobile) and in the iOS app, but not the Android one.

Google is still offering the deprecated Today Extensions (iOS 13 and earlier) for some of its apps on iOS. Although these aren't official "widgets" yet, they offer a lot of functionality that could've easily been implemented as an Android widget. Sadly, we don't get most of these on our favorite platform.

Among the most interesting options are some quick actions for Chrome (including QR scanning), suggested sites that you visit often, and a smorgasbord of interesting Maps widgets for local traffic, transit departures near you, travel times to your home or work, and suggested actions of Local Guides. All of these would be welcome on Android, and it seems that Google is considering bringing some of them over to our side.

Many Google apps offer feature parity across Android and iOS, but some (like Chrome or Assistant) remain more powerful on Android. It's curious, though, to see that the opposite is true in a few cases, and that Google's iOS teams are rolling out some features to Apple's platform before offering them on Android. Sure, none of these are crucial, but several are quite cool and useful, and would be more than welcome additions to our mobile experience.

This post has been updated with more current information. We've also added several suggestions that our readers brought to our attention.

People Who Hate Walled Gardens Aren’t Going to Like Where Google’s Taking the Play Store

Gizmodo 02 July, 2021 - 02:20pm

The requirement only applies to new apps, however. Existing apps are currently exempt, as well as private apps published to “managed Google Play users,” wrote Google in its blog. Developers have about a month to reconfigure their apps to the Android App Package, or .aab file extension.

Google originally introduced the Android App Package in Android 9 to help alleviate the bloat associated with app distribution. There are so many different hardware and language combinations within the device ecosystem that shipping code to accommodate it can lead to hefty apps. A high-end flagship device doesn’t usually have an issue parsing through all that. But low-budget and mid-range devices struggle to sort through large amounts of data due to their limited processing power and they have limited storage space.

The Android App bundle essentially splits the APKs from an archived file that contains it all into a mass of “Split APKs” installed individually by the Google Play Store, depending on the corresponding device. Ars Technica has a nice breakdown of how Split APKs work with different configurations:

As the name suggests, these “Split APKs” aren’t entire apps. They’re parts of an app, each targeting a specific area of change, that combine to form the final app. With App Bundles, if you have a high-resolution, ARMv8 device with a locale set to English with App Bundles, the Play Store will spit out a set of Split APKs that supports only that device type. If your friend has a low-resolution ARM v7 phone set for English and Hindi, they’ll get another set of APK that supports exactly that. Google Play can generate bespoke APKs for every user, giving them only the code they need and nothing more.

The result of Split APKs is apps that are, on average, 15 percent smaller than the standard app package. Developers can even modularize different features in their apps, so they’re installed only when applicable and available to use.

There is a caveat, as there always is when a technology company starts to clamp down on how it distributes software. Since this is Google’s way of vetting apps before installation, it has to go through the Play Store to be unbundled. App bundles are based on an open-source format, but they rely on cloud power to manage all the app signing requirements needed to verify on the back-end. Small-time app stores don’t have that kind of money or firepower, so this makes Google’s offerings the status quo.

It’s also a wonder how this will work within platforms like Windows 11, which will distribute Android apps through Amazon’s store and allow sideloading of APKs. If developers release only .aab files moving forward, then the APKs published may only contain parts of the app needed to run it. Not to mention, Amazon doesn’t support that file type, so will those apps even show up in the Microsoft Store?

I imagine it might be something like what I encountered when installing app bundles on the Huawei MatePad Pro 12.6, with the help of an app like APKMirror. The tablet uses Android apps, but it runs Huawei’s version of the operating system and doesn’t have any Google Play Services access. I was able to sideload APK files successfully. But anything packaged as an app bundle would return an error message. I’m still figuring out how to get around that.

When this new requirement goes live, the mass of app bundles will help ensure a safer and better functioning Android device for those who use their smartphones and tablets as Google intended. It would also help save Google some bandwidth since it wouldn’t constantly be pulling down heavy amounts of data any time a user installs a new app. But it’s a wonder how it will affect the rest of the ecosystem, which has long prided itself on its openness to all.

Google Health App Will Want Your Medical Data

Droid Life 02 July, 2021 - 01:10pm

According to screenshots that have hit the web, Google is internally testing a new Google Health app, dedicated to storing your personal medical records and sharing them should you need to with family.

From the screenshots posted by 91mobiles, we can see that users would be able to import their medical records and information from past doctor visits. You’d also be able to view lab results. On the bottom of the app, you have your navigational tabs, with options for Records, Contacts, and Sharing available.

Right now, Google doesn’t have a public app that does these things, so I see how something such as this could be useful. For example, my Kaiser app is pretty tough to use at times. However, I’d also need to see what sort of information Google is collecting from this app’s users. I’m not about to be served ads based on my test results. I’m sure Google will try to be very transparent about privacy when it comes to this app, should it be released.

Right now, the app appears to be in internal testing and not even fully green lit yet. We’ll keep you posted as we learn more.

You ready to hand your medical data over to Google?

// 91mobiles

Technology Stories