Google Talks About Detecting and Blocking Tizi Android Spyward

We’ve reported in the past on the things Google does to keep Android smartphones and tablets safe from malware — for example, the Play Store detects Potentially Harmful Applications (PHAs) using a combination of algorithms and human screening. But sometimes new malware slips through the cracks. Case in point? Tizi, a spyware program that targets a small number of devices in specific geographic areas.

Tizi is part of a larger family of malware discovered by the Google Play Protect security team in September, which spotted it on device scans of root applications that exploited old vulnerabilities. After conducting an investigation this year, the team found more applications in the Tizi family, the oldest of which dated back to October 2015.

Source: Google Security Blog

Tizi was used in targeted attacks against 1,300 devices in a number of African countries, particularly Kenya, Nigeria, and Tanzania. The early versions didn’t have rooting capabilities or obfuscate their code, but the malware, which works by stealing sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram, gained those features over time.

That’s not the scariest part. The newest version of Tizi executes several info-stealing processes common to commercial spyware, including recording calls in WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call logs, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps. Tizi’s developer went as far as to create a website and used social media to drive app installs from Google Play and third-party websites.

But Tizi shouldn’t be a threat much longer. With Google’s investigation now concluded, the search giant updated its on-device security services as well as the server-based systems that search for PHAs. The changes will help discover this kind of malware in the future, Google says.

For a technical breakdown of Tizi and a five-step checklist about how to reduce your chance of being affected by it, follow the source link.

---

Source: Google Security Blog

from xda-developers http://ift.tt/2iYxvDa
via IFTTT

Ubuntu 17.10 Brings Back GNOME Desktop Environment

Ubuntu is one of the most popular Debian-based Linux distributions, and it’s undergone a lot of changes. Most recently, Canonical, the developer collective behind Ubuntu, switched from the GNOME desktop environment to an in-house alternative called Unity. But the most recent version of Ubuntu, 17.10, brings back GNOME 3.26.

With GNOME comes GDM (GNOME Display Manager), a tweakable settings menu that replaces Unity’s LightDM. GNOME’s ecosystem makes it arguably easier to customize than the latter — unlike previous versions of Ubuntu, for example, you can change the location of the Windows control buttons (minimise, fullscreen and close) in just a few button presses.

Source: Canonical

The flip-flop to GNOME follows Canonical’s abandonment of Ubuntu Touch, a phone-optimized version of Ubuntu that used Unity as the default interface, and it’s the first big change to Ubuntu in a while. It’s not the only one: Ubuntu 17.10 has a new default display server, Wyland, that replaces the deprecated Mir (which is now only enabled on Internet of Things (IoT) devices.). Other changes include improved Bluetooth audio playback, the discontinuation of 32-bit ISO images, and a Linux kernel update to the newest version (version 4.13).

Ubuntu 17.10 also marks the second version of the operating system that starts with the letter “A”. Ubuntu’s names are ordered alphabetically, just like Android, and Canonical’s started over again. Ubuntu 17.10 is “Artful Aardvark”.

For a full list of changes, follow the source link.

---

Source: Canonical Via: Ars Technica

from xda-developers http://ift.tt/2AFOAfM
via IFTTT

Moto X4 and Z2 Force are the First Phones with Qualcomm’s Neural Processing Engine

Lenovo, Motorola’s parent company, has been busy lately. It released the high-end Moto Z2 Force and the mid-range Moto X4 earlier this year, both of which rock Qualcomm system-on-chips (SoC) — the Moto X4 has the Snapdragon 630 SoC and the Moto Z2 Force has the Snapdragon 835. That’s not the only thing the two have in common: They’re the first commercially available phones to feature the Snapdragon Neural Processing Engine (NPE), a Qualcomm-designed platform that “accelerates on-device artificial intelligence (AI).”

The NPE leverages “on-device processing” and a deep learning model to improve the performance of the Qualcomm’s Adreno GPUs — specifically the Adreno 510 (on the Snapdragon 630) and the Adreno 540 (on the Snapdragon 835). Lenovo, for its part, is using it to power its Landmark Detection application, which serves up links to Wikipedia pages when it recognizes one of more than 1,200 buildings, sculptures, and landscapes from around the world.

The NPE’s potential extends beyond landmark-detecting smartphones, though. Qualcomm thinks that automotive, healthcare, security, and imaging industries stand to benefit.

You needn’t look beyond the smartphone market for evidence. We recently reported that Google’s new Pixel phones, the Pixel 2 and Pixel 2 XL, are equipped with a custom SoC — the Pixel Visual Core (PVC) — that applies machine learning algorithms to the phones’ image processing. Other SoC vendors on the cutting edge include Huawei and Imagination Technologies, which both recently revealed details about their own neural processing technologies.

If one thing’s for certain, it’s that AI developments are only speeding up — not slowing down.

---

Source: Qualcomm

from xda-developers http://ift.tt/2AGhXhR
via IFTTT

WireGuard, a Revolutionary VPN Project, Adds Support for Android ROMs

It’s hard to imagine the modern Internet without a VPN. For many years, VPNs have extended private networks across public networks, enabling users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. This consequently has had the effect of allowing users to bypass particular geographical restrictions as well as to keep data secure. The VPN software landscape, however, has had a myriad of problems, which WireGuard, a new secure tunneling protocol, aims to address.

---

OpenVPN, IPsec, and their problems

Today’s well-known VPN solutions on Android are OpenVPN and IPsec, but they are not without problems. The popularity of OpenVPN sort of makes sense as it is easier to configure than IPsec and has been around for a long time. While the project is a somewhat acceptable solution for most users, its complexity is overwhelming. OpenVPN consists of around 120,000 lines of code. Such amount of code makes the project almost impossible to audit and secure, as witnessed by the massive trail of security bugs over the last few years. OpenVPN also lives in userspace, making it quite slow, since every packet must be copied several times and incur several context switches. IPsec, IKEv2, L2TP, PPTP, and related 90s technologies are also quite popular, but similarly problematic, being large bulky codebases — StrongSwan is around 430,000 lines of code, in addition, the entire kernel XFRM layer — and based on outdated 90s cryptographic wisdom. The ordinary use of these protocols is also very “chatty,” sending traffic unnecessarily, resulting in reduced battery life on laptops and mobile phones.

---

An Exciting New VPN Project: WireGuard

Recently we had the pleasure to talk to one of our Recognized Developers, zx2c4. In real life, he is Jason Donenfeld and is an author of WireGuard, a next-generation VPN tunnel, that may soon dethrone OpenVPN and IPsec. Launched in 2015, WireGuard offers cutting edge cryptography, is easier to audit since it is less than 4,000 lines of code, and is quite easy to use.

WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP.

The reception to WireGuard has been very positive, both inside the security community and inside the kernel community, with Greg KH, the stable maintainer of the Linux kernel, endorsing it after a thorough code review. It has been presented around the world, with the FOSDEM presentation being perhaps particularly relevant for XDA readers. The WireGuard white paper has been peer-reviewed by the academic community as well.

The protocol is very nice for mobile phones because it was developed as a “stealth VPN,” by default not sending any packets unless there is actual data to be sent. This has the effect of not draining the battery like other VPN clients commonly do. Additionally, WireGuard allows roaming freely between different IP addresses, meaning you can transition between WiFi and cellular connections, or between any other kinds of connections, without having to establish any connections; it’s entirely seamless.

The speed is best in class, offering SSSE3, AVX, AVX2, AVX512, and NEON-accelerated implementations of its ciphers. Its use of ChaCha20 means that it is extremely fast on nearly all hardware. In testing, WireGuard handily beats other protocols.

WireGuard is not only the fastest VPN on the block, but the cryptography has also been formally verified, which means there are mathematical proofs that its cryptographic constructs are secure in the symbolic model. While the cryptography is modern it is also conservative, erring on the side of paranoia rather than the side of frivolousness. That combined with its tiny and easily auditable code base make WireGuard very reliable from a security perspective.

---

WireGuard and Android Support

While WireGuard is primarily developed as an optimized kernel module for Linux, there is a userspace portable version in the works, so that it can be distributed in apps in the Play Store without needing root access. However, while the userspace implementation is still faster than the competition, much of the WireGuard magic shines when the native kernel module is used. For this reason, the primary interest of WireGuard to the XDA development community lies in integrating the kernel module into ROMs directly.

WireGuard has already made its way into some ROMs, in fact. Most notably, it’s integrated into Sultanxda’s popular ROMs for the OnePlus 3/3T and other developers will surely follow. The patching procedure is quite simple and can be done with a few simple steps. The best place to find the reference is the android_kernel_wireguard git repository page as well as zx2c4’s XDA thread on adding it to ROMs.

The currently in development Android app uses the kernel module opportunistically, if it is available, and otherwise falls back to using the userspace implementation. The app has a GUI for defining VPN tunnels, checking status, and very nicely adds a toggle switch to the notification area to turn on and off tunnels. Below you can have a glimpse of the simple toggling interface of the early versions of the app.

WireGuard for Android is maximally simple. #usablesecurity #johnnyencrypts http://pic.twitter.com/ihwu1Chz8U

— Edge Security (@EdgeSecurity) August 23, 2017

The WireGuard development team is currently recruiting Android GUI developers to work alongside them as they make advances in the core technology. If any XDA developers are interested, they shouldn’t hesitate to reach out to zx2c4. The WireGuard project is completely open-source and transparent.

Overall, WireGuard appears to be the future of VPNs and secure network tunnels, embracing rock solid modern cryptography, a secure auditable code base, and an innovative protocol well suited for smartphones. Its usage on the Linux server and desktop is already highly regarded, marching solidly ahead into mainline Linux. We at XDA look forward to seeing WireGuard come to Android and our ROMs.

If you are eager to test out WireGuard on your device, contact your ROM developer or, re-compile the ROM on your own. You can also grab the alpha version of the application from the official thread or Google Play store.

---

Visit the WireGuard thread on XDA

from xda-developers http://ift.tt/2AGbTWM
via IFTTT

Honor X-series Never Let You Down

For the past couple of years Honor has been a company that is growing constantly better with each release of their Honor phones. They have two primary lines- their flagships and their budget line, with occasional off-shoots like pro models. XDA’s continued partnership with Honor have allowed us to experience their phones, review them, and watch the development community grow around them.

The Honor 8, 6x, and 8 Pro

Honor 8

We started reviewing Honor phones with the Honor 8 in 2016. This phone was a step in a new direction for Honor. Being one of the first phones to adopt the dual lens setup, the Honor 8’s biggest selling point was its camera. Priced at a competitive $399, the phone was giving other flagships a run for their money. Powerful specs, an amazing display, and rock solid software with almost no bugs made the Honor 8 one of the most popular phones for the company so far.

The Honor 8 had a little brother known as the Honor 5x, which was their only phone to come with a Snapdragon chipset. This made the 5x one of the most development-friendly phones and had the community creating tons of ROMs, kernels, and mods for this device.

Shortly after, the Honor 6x was launched as part of their budget line. At $200, this phone came with a 1080p display, dual cameras, 3/4GB of RAM and the same great software experience from the Honor 8. Honor now had a solid presence in the flagship and budget market.

Honor soon capitalized on the popularity of the Honor 8, with the Honor 8 Pro. This high-end phone featured a 1440p display and the ability to shoot in 4K. They also put 6GB of RAM in it and redesigned the body from scratch.

The Honor 8, Honor 9, and Honor 7x

The Honor 9 and 7x

The next wave of phones is where Honor starts really making waves. The Honor 9 came out with the Kirin 960 and 6GB of RAM, making it one of the fastest phones at the time. One of the best upgrades in this new phone was the amazing new camera which took very impressive photos. With a similar design to the Honor 8, the body of the phone is designed to catch light in a way that made the phone glow from reflections. Being one of the best performing and the best looking phones at the time, the Honor 9 was an all-around great phone.

Honor’s newest phone at the time of writing this article is the Honor 7x. Adopting the body design of the Honor 8 Pro and implementing a new 18:9 HD+ display, makes the 7x is probably the best budget phone on the market.

 

Honor 7x

 

Honor has consistently delivered great phones at some of the most unbeatable prices. Their team works hard to bring the latest software updates to their phones, even having Oreo Builds out in beta for the Honor 8 Pro and the Honor 9. The Honor 8 was even one of the first phones to get the Android Nougat update, very early on.

Honor is definitely a company to keep your eye on. If you’ve never used an Honor phone before, you should consider one as your next device. They won’t let you down.

Honor 9

 

Honor 6x

 

We thank Honor for sponsoring this post. Our sponsors help us pay for the many costs associated with running XDA, including server costs, full time developers, news writers, and much more. While you might see sponsored content (which will always be labeled as such) alongside Portal content, the Portal team is in no way responsible for these posts. Sponsored content, advertising and XDA Depot are managed by a separate team entirely. XDA will never compromise its journalistic integrity by accepting money to write favorably about a company, or alter our opinions or views in any way. Our opinion cannot be bought.

from xda-developers http://ift.tt/2zxfL82
via IFTTT

The Samsung Galaxy S8 is Now Available in Burgundy Red, Coming to Korea First

Samsung typically hasn’t been afraid of launching different color options for their devices. Unlike companies like Apple, which offer their devices in plain colors like black, white or gold, Samsung offers a wide range of color option with their flagships, a color roster which has grown and diminished throughout the years. The Galaxy S8 and Galaxy S8+, the company’s current flagship devices, are currently available in Midnight Black (black), Orchid Gray (purple-gray), Coral Blue (deep blue), Arctic Silver (silver) and Maple Gold (gold). Samsung has officially announced that the Galaxy S8, which is due for a refresh very soon, will be available in one more color option: Burgundy Red.

This “burgundy red” color option was rumored to be announced a few days back, and Samsung has effectively taken to their blog to announce the new color option. The new red variant features a vibrant, elegant red glass back with matching red metal edges and the typical front black bezels. Samsung has not tried out a widely-available red color option since the Galaxy S4, and they haven’t tried the color red at all since the Galaxy S6 edge Iron Man edition. So this is actually a new, refreshing change of look for Samsung’s 2017 flagship. The bigger phone, the Galaxy S8+, doesn’t seem to be getting the new color option as it’s not mentioned throughout the announcement release.

Burgundy Red, however, will not be available globally at first. The new edition of the S8 will initially be available in Samsung’s home country, South Korea, before rolling out to select markets afterward. US availability is still unknown, and we can’t tell for sure if the device is actually coming to this side of the globe at all, but further availability details will be announced by each market’s local Samsung offices and carriers. It is indeed a good-looking option, however, and we expect this color to become more widely available when the Galaxy S9, the successor to the S8, is officially announced.

---

Source: Samsung

from xda-developers http://ift.tt/2i08B5i
via IFTTT

Android Is Getting More Accessible With Support For Bluetooth Hearing Aids

With over a billion users of Android devices around the world, the operating system needs to accommodate users with a wide variety of needs. Smartphone accessibility is a major concern for millions of users worldwide, but it’s not something many of us really think about unless you or someone you know lives with a disability. One issue on Android that users with hearing deficits have complained about for years is the lack for native support for Bluetooth hearing aids. Apple has pioneered support for directly streaming audio to Bluetooth hearing aids, but Google has lagged behind. That may change in the near future, however, as Google is now working to bring this feature to all Android devices.

A hearing aid with Bluetooth connectivity support allows users with hearing deficits to stream audio to and from their smartphone without needing to remove their hearing aid. On Apple devices, this lets users listen to music, make and receive phone calls, receive alerts/messages, start voice calls, and more. This integration is convenient for users with Bluetooth-compatible hearing aids given how important smartphones have become in our daily lives.

Several new commits have shown up in AOSP that hint at this functionality. The first one we discovered states that Android will support the G.722 codec for hearing aid support. G.722 is a wideband audio codec usually used for high quality digital voice communication, so it makes sense to see support being added for it especially in relation to hearing aids. The G.722 commit is the only hearing aid-related commit that was merged, but a new hearing-aid-profile topic has shown up with several of them mentioning that the feature is a work in progress.

Thus, support for Bluetooth hearing aids will likely arrive in the next major version of Android which is Android P given that the second Developer Preview of Android 8.1 has already dropped with near-final APIs. If you or a loved one uses a Bluetooth hearing aid, then you’ll be happy to know that Android will finally support these devices in the near future.

from xda-developers http://ift.tt/2BunLYU
via IFTTT