Category: Android

Multiple active exploits could affect iPhone use of Bluetooth.

Flipper Zero hacker tool could be used to trigger iPhone DDoS attack using Bluetooth signals by AirPods, HomeKit accessories, etc. These signals usually trigger popup on iPhone allowing to connect to headphones or perform other actions. Crafting these signals in a specific way could result in iOS restart.

Newly discovered BLUFFS attack could be used to impersonate devices and trigger disclosure of private information. It is not yet clear, if AirDrop is affected by this attack as it uses more than just Bluetooth to authenticate the device. However, it is still possible to hijack audio or other Bluetooth connection. Fix would require device manufacturers to modify security mechanisms of Bluetooth stack.

References:

• Flipper Zero can still crash iPhones running the latest version of iOS 17
• Bluetooth security flaws allow connections to be hijacked; AirDrop unlikely to be affected [U]

Bitwarden shared a report on developer practices in relation to security.

Notable findings include:

• Around 25% of developers pass sensitive information into AI tools, which includes passwords, financial details, customer information, IP, even SSNs;
• And yet, more than 90% of developers pass annual security trainings;
• Passkeys are widely praised by developers, 68% already use passkeys.

Report shows that generative AI tools are getting much more attention from developers; developers also understand potential security threats of using AI.

Passkeys use could decrease password leakage probability, and development community overall starts gradually adopt this technology.

Bitwarden: Decoding tomorrow: Developer secrets, security and the future of passkeys

Reference: Bitwarden releases new developer survey on generative AI, passkeys, and more

New China law requires mobile application developers to file business details in order to distribute apps in China application stores.

Android applications stores started implementing required changes. Apple App Store apparently already supports all the requirements.

References:

• Android app stores comply with latest China law; Apple appears to have taken no action

Cyberspace Administration of China prepares the law that will restrict time for minors to access to smartphone features. Manufacturers will be required to implement special mode that will enforce these restrictions.

Reference: China mulls mandatory 'minor mode' on iPhone to curb youth Internet abuse

Counterpoint publishes a report outlining smartphone market situation in Q2 2023. Overall, smartphone shipments fell 24% year over year. Interestingly, Google sales are up 48% (while being on low starting position). iPhone sales down 6%.

Counterpoint: US Smartphone Shipments Fall 24% YoY in Q2 2023 on Lower Upgrade Rates

References:

• Counterpoint Says U.S. Smartphone Sales Are Down, But Mostly on the Android Side
• Android struggles against iPhone as US smartphone sales drop by a quarter

Report from Consumer Intelligence Research Partners (CIRP) shows that brand loyalty is much higher for Apple device users.

During last year 14% of new iPhone users previously had an Android smartphone. And only 4% of Android buyers used an iPhone before that. 

CIRP: Apple to Android and Android to Apple - Do People Really Switch?

References:

• Here’s how many more Android users switch to iPhone than the other way around
• Apple is better at converting people to iPhone than Google for Android

Montana passes a bill to ban TikTok within state. Under this bill ByteDance is prohibited from doing business in Montana. Anyone violating this ban will be fined $10,000 per violation per day. Fine, however, is to be paid by ByteDance itself.

Bill also requires mobile platforms App Store and Google Play to limit access to TikTok within state. This might become a precedent in US and will require Apple and Google to provide app availability on per-state basis.

Reference: First US state officially bans TikTok, $10,000 fine per violation

Apple and Google are cooperating (again!) on use of Bluetooth (again!) tracking technology. AirTags and other item trackers based on Bluetooth could be used to perform unwanted tracking.

Apple added additional safeguards to report unrecognized AirTag traveling with user. Also, app was introduced for Android users.

Now Apple and Google are working together to have unified specification to alert users of unwanted location trackers. Future versions of iOS and Android are to implement these specifications.

Apple Newsroom: Apple, Google partner on an industry specification to address unwanted tracking

IETF Datatracker: Detecting Unwanted Location Trackers

Google Play: Tracker Detect

References:

• Apple and Google Submit Spec to Industry Group Addressing Unwanted Use of Item Trackers
• Apple to Expand AirTag-Like Unwanted Tracking Alerts to Other Item Trackers in Future iOS Version
• Apple and Google team up to bring AirTag-like unwanted tracking alerts to all item trackers on iPhone and Android

This release contains new features like Pager and Flow Layouts, and new ways to style your text, such as hyphenation and line-break behavior. It also improves the performance of modifiers and fixes a number of bugs.

more:
https://android-developers.googleblog.com/2023/03/whats-new-in-jetpack-compose-march-23-release.html

Google has released the first developer preview of Android 14, and you can install it now on supported Pixel phones. Based on my experience, you can face some battery optimization issues, so I recommend waiting until the next beta if you use this phone daily.

Main features and app changes:

• Migrate foreground services to user-initiated data transfer jobs
• Foreground service types are required
• Schedule exact alarms are denied by default
• Context-registered broadcasts are queued while apps are cached
• Minimum installable target API level (For new Android it is 23)
• Non-linear font scaling to 200%