First US state bans TikTok

Montana passes a bill to ban TikTok within state. Under this bill ByteDance is prohibited from doing business in Montana. Anyone violating this ban will be fined $10,000 per violation per day. Fine, however, is to be paid by ByteDance itself.

Bill also requires mobile platforms App Store and Google Play to limit access to TikTok within state. This might become a precedent in US and will require Apple and Google to provide app availability on per-state basis.

Reference: First US state officially bans TikTok, $10,000 fine per violation

Apple and Google are partnering to prevent possible spying by item trackers

Apple and Google are cooperating (again!) on use of Bluetooth (again!) tracking technology. AirTags and other item trackers based on Bluetooth could be used to perform unwanted tracking.

Apple added additional safeguards to report unrecognized AirTag traveling with user. Also, app was introduced for Android users.

Now Apple and Google are working together to have unified specification to alert users of unwanted location trackers. Future versions of iOS and Android are to implement these specifications.

Apple Newsroom: Apple, Google partner on an industry specification to address unwanted tracking

IETF Datatracker: Detecting Unwanted Location Trackers

Google Play: Tracker Detect

References:

The Android 14 Developer Preview is here

Google has released the first developer preview of Android 14, and you can install it now on supported Pixel phones. Based on my experience, you can face some battery optimization issues, so I recommend waiting until the next beta if you use this phone daily.

Main features and app changes:

  • Migrate foreground services to user-initiated data transfer jobs
  • Foreground service types are required
  • Schedule exact alarms are denied by default
  • Context-registered broadcasts are queued while apps are cached
  • Minimum installable target API level (For new Android it is 23)
  • Non-linear font scaling to 200%

Google Play full of Trojans

Cybersecurity experts from SecneurX have recently compiled a long list of Google Play apps infected with dangerous Trojans, including:

  • Color Paint & Draw Master – Harly Trojan
  • Real Photo Editor - Joker Trojan
  • Coloring Painting - Joker Trojan
  • Happy Voice Changer - Harly trojan
  • Emoji Live Wallpaper - Joker trojan
  • Screen Mirroring Cast - Joker Trojan
  • Advanced Cast Screen - Joker Trojan
https://twitter.com/SecneurX/status/1619202483993169920?s=20&t=BrBOAe-mab7qbxXVT6DCBw

What can the Joker and Harly Trojans do?

A trend is emerging from the above reports. Most often, mobile applications with Joker and Harly Trojans impersonate relatively simple applications. Some of them are games, others are used for simple entertainment or personalization of the smartphone by changing the wallpaper or screensaver. Screen mirroring and screen casting applications are also popular. Viruses are designed to steal data, e.g. taking over our contacts or reading e-mails, text messages or conversations on messengers. Malware can also enable premium services and charge us a high phone bill.

Source: SecneurX 

Kotlin 1.8.0 Released

The Kotlin 1.8.0 release is out.
Here are some of its biggest highlights:

  • New experimental functions for JVM: recursively copy or delete directory content
  • Improved kotlin-reflect performance
  • New -Xdebug compiler option for better debugging experience
  • kotlin-stdlib-jdk7 and kotlin-stdlib-jdk8 merged into kotlin-stdlib
  • Improved Objective-C/Swift interoperability
  • Compatibility with Gradle 7.3

more: https://kotlinlang.org/docs/whatsnew18.html

KotlinDL 0.5 is out!

According to the latest blog post we now have quite interesting features on Android:

Version 0.5 of our deep learning library, KotlinDL, is now available! This release focuses on the new API for the flexible and easy-to-use deployment of ONNX models on Android. We have reworked the Preprocessing DSL, introduced support for ONNX runtime execution providers, and more. Here’s a summary of what you can expect from this release: […]

More:
https://blog.jetbrains.com/kotlin/2022/12/kotlindl-0-5-has-come-to-android/

Samsung, LG, Mediatek certificates compromised to sign Android malware

Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.

The biggest problem here is the fact that, are signed with the same platform certificate and assigned the highly privileged 'android.uid.system' user id, these apps will also gain system-level access to the Android device. Which mean that they can check and do much more than standard apps.

more:

https://arstechnica.com/gadgets/2022/12/samsungs-android-app-signing-key-has-leaked-is-being-used-to-sign-malware/

List of hashes: https://bugs.chromium.org/p/apvi/issues/detail?id=100

Apple Wallet Car Keys could now be shared with Google Pixel

Car Key introduced several years ago is yet not widely adopted by car manufactures (in some degree due to chip shortages in recent years) and was iPhone only feature for some time. Now these electronic keys could be shared with Google Pixel phone owners and other Android phones to follow soon.

Reference: You can now share your car key in Apple Wallet with Android users, starting with Google Pixel

Weekend good reads for Android developers, issue #40 (45/2022)

The weekend is coming so we have some reads for you:

SIMPLE IS NOT EASY

Unfortunately, most of the examples showing Clean Architecture and Hexagonal Architecture show that this is the model way. Abstraction on top of abstraction and next abstraction. But still, writing simple and easy to read code is not easy. It requires multiple iterations and effort. Read more in this article.

Mastering Android Dialogs: Don’t follow official Google Guides

This article explains why Google Guides for Dialogs are bad and what risks you and your apps may face if you follow them.

Performance Considerations for Memory Leaks: An Android Cookbook

Memory leaks can be found everywhere, in application code, dependencies, the Android operating system, and even in the JVM. It is difficult to come up with a complete list of the reasons why these problems occur, but showing a broad range can help us better characterize what they may be like. This great article gives you a better understanding of what memory leaks are.

Declarative UI — What, How, and Why?

This short but succinct post perfectly explains Declarative programming paradigm.

Library of the week:

https://github.com/touchlab/xcode-kotlin

The xcode-kotlin plugin allows debugging of Kotlin code running in an iOS application, directly from Xcode.

Have a nice Weekend!