Bluetooth communications are still not safe in 2023

Multiple active exploits could affect iPhone use of Bluetooth.

Flipper Zero hacker tool could be used to trigger iPhone DDoS attack using Bluetooth signals by AirPods, HomeKit accessories, etc. These signals usually trigger popup on iPhone allowing to connect to headphones or perform other actions. Crafting these signals in a specific way could result in iOS restart.

Newly discovered BLUFFS attack could be used to impersonate devices and trigger disclosure of private information. It is not yet clear, if AirDrop is affected by this attack as it uses more than just Bluetooth to authenticate the device. However, it is still possible to hijack audio or other Bluetooth connection. Fix would require device manufacturers to modify security mechanisms of Bluetooth stack.

References:

Bitwarden releases developer survey results on generative AI and other topics

Bitwarden shared a report on developer practices in relation to security.

Notable findings include:

  • Around 25% of developers pass sensitive information into AI tools, which includes passwords, financial details, customer information, IP, even SSNs;
  • And yet, more than 90% of developers pass annual security trainings;
  • Passkeys are widely praised by developers, 68% already use passkeys.

Report shows that generative AI tools are getting much more attention from developers; developers also understand potential security threats of using AI.

Passkeys use could decrease password leakage probability, and development community overall starts gradually adopt this technology.

Bitwarden: Decoding tomorrow: Developer secrets, security and the future of passkeys

Reference: Bitwarden releases new developer survey on generative AI, passkeys, and more

App Store complies with China business details requirements

New China law requires mobile application developers to file business details in order to distribute apps in China application stores.

Android applications stores started implementing required changes. Apple App Store apparently already supports all the requirements.

References:

Smartphone sales are down affecting mostly Android phones

Counterpoint publishes a report outlining smartphone market situation in Q2 2023. Overall, smartphone shipments fell 24% year over year. Interestingly, Google sales are up 48% (while being on low starting position). iPhone sales down 6%.

Counterpoint: US Smartphone Shipments Fall 24% YoY in Q2 2023 on Lower Upgrade Rates

References:

Apple is better at converting users to iOS than Google to Android

Report from Consumer Intelligence Research Partners (CIRP) shows that brand loyalty is much higher for Apple device users.

During last year 14% of new iPhone users previously had an Android smartphone. And only 4% of Android buyers used an iPhone before that. 

CIRP: Apple to Android and Android to Apple - Do People Really Switch?

References:

First US state bans TikTok

Montana passes a bill to ban TikTok within state. Under this bill ByteDance is prohibited from doing business in Montana. Anyone violating this ban will be fined $10,000 per violation per day. Fine, however, is to be paid by ByteDance itself.

Bill also requires mobile platforms App Store and Google Play to limit access to TikTok within state. This might become a precedent in US and will require Apple and Google to provide app availability on per-state basis.

Reference: First US state officially bans TikTok, $10,000 fine per violation

Apple and Google are partnering to prevent possible spying by item trackers

Apple and Google are cooperating (again!) on use of Bluetooth (again!) tracking technology. AirTags and other item trackers based on Bluetooth could be used to perform unwanted tracking.

Apple added additional safeguards to report unrecognized AirTag traveling with user. Also, app was introduced for Android users.

Now Apple and Google are working together to have unified specification to alert users of unwanted location trackers. Future versions of iOS and Android are to implement these specifications.

Apple Newsroom: Apple, Google partner on an industry specification to address unwanted tracking

IETF Datatracker: Detecting Unwanted Location Trackers

Google Play: Tracker Detect

References:

The Android 14 Developer Preview is here

Google has released the first developer preview of Android 14, and you can install it now on supported Pixel phones. Based on my experience, you can face some battery optimization issues, so I recommend waiting until the next beta if you use this phone daily.

Main features and app changes:

  • Migrate foreground services to user-initiated data transfer jobs
  • Foreground service types are required
  • Schedule exact alarms are denied by default
  • Context-registered broadcasts are queued while apps are cached
  • Minimum installable target API level (For new Android it is 23)
  • Non-linear font scaling to 200%