Bluetooth communications are still not safe in 2023

Multiple active exploits could affect iPhone use of Bluetooth.

Flipper Zero hacker tool could be used to trigger iPhone DDoS attack using Bluetooth signals by AirPods, HomeKit accessories, etc. These signals usually trigger popup on iPhone allowing to connect to headphones or perform other actions. Crafting these signals in a specific way could result in iOS restart.

Newly discovered BLUFFS attack could be used to impersonate devices and trigger disclosure of private information. It is not yet clear, if AirDrop is affected by this attack as it uses more than just Bluetooth to authenticate the device. However, it is still possible to hijack audio or other Bluetooth connection. Fix would require device manufacturers to modify security mechanisms of Bluetooth stack.

References:

California passes a bill requiring apps to be child-safe by default

"Kids' Code" bill passed in California. This bill requires apps to be kids-safe by default.

A Californian bill colloquially known as the Kids’ Code has been unanimously passed by the State Senate, following earlier approval by the State Assembly. It now requires the signature of Gov. Gavin Newsom to take effect.

9to5Mac

Apps should have guardrails for users under 18. This requirement might affect features of the applications, age verification might be required for more app sections.

Reference: Kids’ Code bill passed in California, apps must be child-safe by default

Weekend good reads for Android developers, issue #33 (19/2022)

It’s Friday and we have a new pack of articles to go over the weekend.

13 Things to know for Android developers at Google I/O!

A lot of news related to Android was presented during the Google I / O conference. The most important of them are:

  • Jetpack Compose 1.2 Beta with more advanced features such as LazyLayouts, built-in Window Insets, or nested scrolling
  • Live Edit, i.e. the ability to immediately preview views created with Jetpack Compose in Android Studio
  • Baseline Profiles accelerating application development by up to 30%
  • More tablet support - Along with this news, Google announced a new Pixel tablet, expected to be available next year
  • Jetpack Compose for Wear OS beta. Additionally, Google announced the release of the Pixel Watch in the fall of this year
  • Health Connect to access and share your health information with other applications
  • Google Play Index, i.e. verification by Google Play that the application uses the correct SDK based on various metrics
  • Android 13 Beta 2

I strongly recommend watching a dedicated playlist for
Android and Play at Google I/O 2022.

Using MotionLayout in Compose

In this blog post, the Author goes over an example of using MotionLayout in Jetpack Compose by animating several widgets in relation to each other.

Design a pixel perfect Android app

The success of your app depends heavily on its UI/UX and from this article, you will learn how to create the best UI for different screens and resolutions.

Fact or kapt? Build your next annotation processor with KSP with David Rawson

Today we have a day of awesome videos :)

https://youtu.be/zI1BWZOoTfw

That’s all from us

Okta security breach affects multiple clients

Okta, single sign-on provider, recently got hacked. Clients using Okta for authentication are at risk.

After a thorough analysis of these claims, we have concluded that a small percentage of customers — approximately 2.5% — have potentially been impacted and whose data may have been viewed or acted upon. We have identified those customers and are contacting them directly. If you are an Okta customer and were impacted, we have already reached out directly by email. We are sharing this interim update, consistent with our values of customer success, integrity, and transparency.

Okta

Reference: