Google last month started rolling out the final build of Android 7.0 Nougat for compatible Nexus devices. The Android 7.0 Nougat update was rolled out to the Nexus 5X, Nexus 6P, Nexus 9, Nexus Player, Pixel C tablet, and Android One General Mobile 4G devices gradually. Now, the company has started rolling out the monthly Android security update for September. The company has also released factory images and OTA binaries for Nexus devices.
The September security bulletin is now available to Nexus through an over-the-air (OTA) update. Google has also released the new Nexus firmware images to the Google Developer site. Google says that it notified the partners about the issues described in the bulletin on August 05, 2016 or earlier. The source code patches for the reported issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours.
The update patches seven vulnerabilities that have been flagged as “critical” by Google, and 23 vulnerabilities that fall on the spectrum of “high” severity. In addition, 17 “moderate” security glitches have also been resolved.
Some of the critical security vulnerabilities that have been fixed include remote code execution vulnerability in LibUtils, which if left untreated will enable an attacker using a specially crafted file to execute arbitrary code in the context of a privileged process; remote code execution vulnerability in Mediaserver, which if not resolved could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing; elevation of privilege vulnerability in kernel security subsystem; elevation of privilege vulnerability in kernel networking subsystem, elevation of privilege vulnerability in kernel netfilter subsystem, and elevation of privilege vulnerability in kernel USB driver, and elevation of privilege vulnerability in kernel shared memory subsystem, which if left untreated could enable a local malicious application to execute arbitrary code within the context of the kernel. These issues are rated as “Critical” due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device.
Apart from September Android security patch, Google is also rolling out Android 7.0 Nougat factory images for Nexus range. New Android 7.0 build for Pixel C is NRD90R; Nexus 5X is NRD90S; Nexus Player is NRD90R; Nexus 9 Wi-Fi is NRD90R, and Nexus 5 is MOB31E. Unfortunately, Google is yet to rollout Android 7.0 factory images for the Nexus 6P, Nexus 6, and Nexus 9 LTE devices.
OnePlus has started rolling out OxygenOS 3.1.0 update to OnePlus 2 users, containing both QuadRooter patch and August security patch. The update contains other fixes and improvements but most importantly brings these two security patches to the smartphone.
As per the change log posted by the company on its official forum, the OxygenOS 3.1.0 update brings along fixes for some notification issues, delivers improved performance in Doze Mode, and addition of media sound toggle for alert slider.
Moreover, the OxygenOS 3.1.0 update fixes the silent mode issue associated with alert slider. Apart from the aforementioned changes, the firmware brings along certain other bug fixes as well.
The QuadRooter issue that the update claims to patch is a set of four vulnerabilities that affects Android devices built on Qualcomm chipsets. According to the Check Point research team, which first highlighted the issue last month, if any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.
“An attacker can exploit these vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing,” Check Point mobile research team pointed out in its report.
The company has clarified in its post that as usual, the update rollout will be incremental and should show up for most users soon enough.
Cyanogen last week started rolling out new features from Microsoft’s Cortana voice-based virtual assistant for the OnePlus One users running Cyanogen OS 13.1 in India. The company says that the ‘Cortana India update’ will automatically start rolling out to the OnePlus One users when it is connected to a Wi-Fi.
Unlike Cortana for Android, the version Cyanogen uses is deeply integrated into the OS which means OnePlus One users can get things done by their voice commands. Some of the functions that the Cortana can do without need of a touch are to set an alarm, turn on or off Wi-Fi connectivity.
To recall, the Cortana integration was made available to the OnePlus One back in January with Cyanogen OS 12.1.1, after being promised in September last year. It was then only made available to users in the US and China, similar to the how the Cortana for Android app was rolled out.
“We’re happy to announce that we’re launching Cortana in India on Cyanogen OS first. OnePlus One owners running 13.1 in India can now take advantage of all of the awesome features available from Cortana,” said Cyanogen team in a blog post.
Apart from the regular Cortana features, Cyanogen has also enabled added the new Cortana mod for Camera and Lock Screen – made available to users in other regions with Cyanogen OS 13.1 and the Mod support it introduced in June. This allows users to give commands voice commands for taking a selfie or start searching right from the lock screen.
In separate news, OnePlus has confirmed that it is merging the Oxygen OS and the Hydrogen OS for future devices. OnePlus revealed the plans to XDA Developers and claimed that the merger will enable in faster updates. The company said that it will merge the OxygenOS and HydrogenOS teams to “work as one unified team on this one combined platform.”
The OnePlus team said, “The main benefit of combining our team resources is to speed up software updates. We know we have some room to continue improving there, and this is an important step in the right direction.”
The suspicious text message that appeared on Ahmed Mansoor’s iPhone promised to reveal details about torture in the United Arab Emirates’ prisons. All Mansoor had to do was click the link.
Mansoor, a human rights activist, didn’t take the bait. Instead, he reported it to Citizen Lab, an internet watchdog, setting off a chain reaction that in two weeks exposed a secretive Israeli cyberespionage firm, defanged a powerful new piece of eavesdropping software and gave millions of iPhone users across the world an extra boost to their digital security.
“It feels really good,” Mansoor said in an interview from his sand-colored apartment block in downtown Ajman, a small city-state in the United Arab Emirates. Cradling his iPhone to show The Associated Press screenshots of the rogue text, Mansoor said he hoped the developments “could save hundreds of people from being targets.”
Hidden behind the link in the text message was a highly targeted form of spyware crafted to take advantage of three previously undisclosed weaknesses in Apple’s mobile operating system.
Two reports issued Thursday, one by Lookout, a San Francisco mobile security company, and another by Citizen Lab, based at the University of Toronto’s Munk School of Global Affairs, outlined how the program could completely compromise a device at the tap of a finger. If Mansoor had touched the link, he would have given his hackers free reign to eavesdrop on calls, harvest messages, activate his camera and drain the phone’s trove of personal data.
Apple issued a fix for the vulnerabilities Thursday, just ahead of the reports’ release, working at a blistering pace for which the Cupertino, California-based company was widely praised.
Arie van Deursen, a professor of software engineering at Delft University of Technology in the Netherlands, said the reports were disturbing. Forensics expert Jonathan Zdziarski described the malicious program targeting Mansoor as a “serious piece of spyware.”
A soft-spoken man who dresses in traditional white robes, Mansoor has repeatedly drawn the ire of authorities in the United Arab Emirates, calling for a free press and democratic freedoms. He is one of the country’s few human rights defenders with an international profile, close links to foreign media and a network of sources. Mansoor’s work has, at various times, cost him his job, his passport and even his liberty.
Online, Mansoor repeatedly found himself in the crosshairs of electronic eavesdropping operations. Even before the first rogue text message pinged across his phone on August 10, Mansoor already had weathered attacks from two separate brands of commercial spyware.
When he shared the suspicious text with Citizen Lab researcher Bill Marczak, they realized he’d been targeted by a third.
Citizen Lab and Lookout both fingered a secretive Israeli firm, NSO Group, as the author of the spyware. Citizen Lab said that past targeting of Mansoor by the United Arab Emirates’ government suggested that it was likely behind the latest hacking attempt as well.
Executives at the company declined to comment, and a visit to NSO’s address in Herzliya showed that the firm had recently vacated its old headquarters – a move recent enough that the building still bore its logo.
In a statement released Thursday which stopped short of acknowledging that the spyware was its own, the NSO Group said its mission was to provide “authorized governments with technology that helps them combat terror and crime.”
The company said it couldn’t comment on specific cases.
Marczak said he and fellow-researcher John Scott-Railton turned to Lookout for help to pick apart the malicious program, a process which Murray compared to “defusing a bomb.”
“It is amazing the level they’ve gone through to avoid detection,” Murray said of the software’s makers. “They have a hair-trigger self-destruct.”
Working over a two-week period, the researchers found that Mansoor had been targeted by an unusually sophisticated piece of software which some have valued at $1 million (roughly Rs. 6.69 crores). He told AP he was amused by the idea that so much money was being poured into watching him.
“If you would give me probably 10 percent of that I would write the report about myself for you!”
The apparent discovery of Israeli-made spyware being used to target a dissident in the United Arab Emirates raises awkward questions for both countries. The use of Israeli technology to police its own citizens is an uncomfortable strategy for an Arab country with no formal diplomatic ties to the Jewish state. And Israeli complicity in a cyberattack on an Arab dissident would seem to run counter to the country’s self-description as a bastion of democracy in the Middle East.
There are awkward questions, too, for Francisco Partners, the private equity firm which owns the NSO Group. Francisco is only an hour’s drive from the headquarters of Apple, whose products the cybersecurity firm is accused of hacking.
Messages left with Francisco partners’ offices in London and San Francisco went unreturned. Israeli and Emirati authorities did not return calls seeking comment.
Attorney Eitay Mack, who advocates for more transparency in Israeli arms exports, said his country’s sales of surveillance software are not closely policed.
He also noted that Israeli Prime Minister Benjamin Netanyahu has cultivated warmer ties with Arab Gulf states.
“Israel is looking for allies,” Mack said. “And when Israel finds allies, it does not ask too many questions.”
Google has started rolling out final build of Android 7.0 Nougat for its compatible Nexus devices, and soon after the tech giant also confirmed that the upcoming LG V20 will be the first “new smartphone” running on the new OS out-of-the-box. Without wasting much time, Sony has released the list of all its smartphones that will receive the Android 7.0 Nougat update.
Sony has confirmed that the Xperia Z3+, Xperia Z4 Tablet, Xperia Z5, Xperia Z5 Compact, Xperia Z5 Premium, Xperia X, Xperia XA, Xperia XA Ultra and Xperia X Performance will receive the Android 7.0 Nougat update. The tech company refrained from providing a time-frame for when the update will arrive.
This means select smartphones that were launched last year and this year are getting the update, while Sony has stopped its software support for all the smartphones released in 2014 completely. Many smartphones that were released in this two-year time-frame have also been left out. Interestingly, the Sony Xperia E5 that was launched in May this year has also been left out. The Sony Xperia Z4, and Xperia Z4v released in the second quarter of 2015 will also not get the update.This year, Sony launched the Sony Xperia X and Sony Xperia XA, and Xperia XA Ultra in India; and priced them at Rs. 48,990, Rs. 20,990, and Rs. 29,990 respectively. All of these smartphones are receiving the Android 7.0 Nougat update.
To recall, Sony is also hosting an event at IFA on September 1, where it is widely expected to unveil the Xperia XR smartphone. Past leaks suggest that the Sony Xperia XR is expected to feature a 5.1-inch display, and be powered by a Snapdragon 820 processor. With this smartphone, Sony is also expected to make the switch to USB Type-C ports. So far, Sony’s entire smartphone portfolio sports a Micro-USB ports. The smartphone is also expected to support 4K recording with the front and back cameras.
Microsoft is busy working round the clock to have its Windows 10 Mobile Anniversary Update ready for rollout. The update for Windows 10 PCs and tablets started rolling out from August 2 while the Windows 10 Mobile rollout is still expected. To allay concerns of a delay, head of the Windows Insider Program, Dona Sarkar, announced the team is “laser-focused” on preparing the rollout for the upcoming update.
“Right now, the team is laser-focused on preparing to release the Windows 10 Anniversary Update to Mobile devices and we think we’re almost ready. You can help us out by making sure you are running Build 14393.67 (KB3176931) on your phone and sending in feedback on any issues you run into via the Feedback Hub. Our team is determined to make sure we release a high quality build to our customers and your feedback really makes a difference,” she says in a blog post.
The Windows 10 Mobile Anniversary Update will not roll out on all mobile devices, as Microsoft has removed some of the devices that are not eligible for the update from its Insider program. Sarkar says Microsoft wants to make sure that its Anniversary Update, marking one year of Windows 10, is of the highest quality, which is why the rollout has seen several delays.
In the same blog post, Sarkar announced the release of Windows 10 Insider Preview Build 14901 for PC, which is now available for Windows Insiders in the Fast Ring. The Verge’s Tom Warren reports that while Build 14901 is an initial build for the Redstone 2 update (one of two major feature updates expected next year), it doesn’t yet contain many changes, and that users can start expecting feature additions in upcoming builds.
Google’s Android Wear smartwatch app is receiving a update that will kill the ‘Together’ feature. To recall, the ‘Together’ feature was a way users were able to communicate watch-to-watch and was claimed to take cues from Apple Watch’s Digital Touch functionality. In Android Wear, users were able to send messages, stickers, emojis, and doodles to each other using the ‘Together’ feature.
Google explains that the ‘Together’ feature is being shut down because most of the features now exist in the latest Android Wear 2.0 platform. According to Google, it will stop working on September 30.
After the update to the official Android Wear app, it shows a popup notification that explains why Google is shutting down the feature. It reads, “With the release of Android Wear 2.0, many of the best features of Together will be integrated directly into the platform so you can connect with more people using your favourite messaging services. In addition to emoji, you’ll be able to use Smart Reply keyboard, or handwriting on the watch screen. You’ll also be able to customize a number of different watch faces with useful data from your favourite apps. Thanks for using Together. We have had some great feedback and used this to make Android Wear 2.0 the best way to stay connected with the people you care about most.” The popup notification screenshot was first shared by Android Police.
Last month, Google started rolling out the second developer preview of Android Wear 2.0, bringing new functionalities and bug fixes. The preview introduced the option of standalone apps, input methods, a new notification design, and an API for “complications”. The latest developer preview brought features such as wrist gestures for developers – thus extending the functionality to third-party apps. The wrist gestures have been available to users since last year and they allowed scrolling through the notification stream via wrist gestures. Google recently opened this system to developers to use within their apps.
Nextbit has launched a new colour variant for its cloud-based Robin smartphone. The Ember colour variant will be made available in limited quantities via Flipkart beginning next week.
The limited edition variant has already gone up for sale in the US on the company website at $299 (approximately Rs. 20,100). Nextbit asserts that this colour variant is just available till stock lasts, and that the stock will not be replenished in the future. The price of the smartphone in India is Rs. 19,999.
The company has also announced that beta testers should’ve received the forthcoming August software update that should enable support for storing videos on smart storage. Nextbit has promised the update will also bring the latest security patches, and improved thermal tuning for keeping the Nexbit Robin smartphone cooler during multitasking. The company has also promised an Android N update sometime in the fourth quarter, and it is expected to bring along improvements to significantly boost battery life alongside all the new features.
The Nexbit addresses the limited storage issue in smartphones with a cloud-based storage solution. It can automatically back up photos and apps that haven’t been used recently to the cloud to free up space on the device. It features a 5.2-inch full-HD (1080×1920 pixels) display, a Qualcomm hexa-core Snapdragon 808 processor coupled with 3GB of RAM, and 32GB of inbuilt storage which is non-expandable. The Nextbit Robin comes with 100GB of free cloud storage space.
Other features of the Nextbit Robin include a 13-megapixel rear camera, a 5-megapixel front-facing camera, a 2680mAh battery, a USB Type-C charging port, and runs on Android 6.0 Marshmallow.
Despite no official announcement by the company, several OnePlus users had started receiving OxygenOS 3.2 update earlier this week. As it turns out, the company later stalled its Oxygen 3.2 update and has decided to now move ahead directly with OxygenOS 3.2.1 update.
On Thursday, a OnePlus staff member posted on company’s official forum that the company has decided to skip OxygenOS 3.2 rollout and that the 3.2.1 update will cover all of 3.2 update’s improvements. He added that “the incremental rollout of OxygenOS 3.2.1 on the OnePlus 3” was starting from Thursday itself.
The new update will bring with itself the much requested sRGB mode, improved RAM management, and better GPS performance. It will also bring the latest Google security patches and is said to enhance audio playback quality.
The 3.2.1 update will also pack updated custom icon packs and is said to fix certain issues in Gallery. The company also claims that it will improve the camera’s quality and its functionality.
The company has also resolved some issues with SIM recognition, and problems with clock and music apps with the latest update, according to the change log posted by the staff member on the forum.
The 3.2 update was reported to be around 396MB in size. Some users who were already on 3.2.0 version have said on forum that they have received a 15MB update for 3.2.1.
Last month, OnePlus CEO Carl Pei expressed his displeasure about the criticism that OnePlus 3’s display has received, and clarified why the company didn’t initially include the sRGB mode. Ultimately, Pei had to give in to the feedback from the customers, and confirm that OnePlus would bring sRGB in the next update.
Freedom 251 units will finally start shipping on Friday, the controversial manufacturer of the Rs. 251 smartphone said in New Delhi on Thursday. At the event, Ringing Bells also announced two new budget Android smartphones – Ringing Bells Elegance and Ringing Bells Elegant – as well as four new feature phones, three power banks, and a HD TV.
The company reiterated that Freedom 251 deliveries will begin on Friday with 5,000 units that will ship out to customers chosen by lucky draws. ‘Based on feedback from these customers’, Ringing Bells will decide the fate of the millions of others who’d pre-ordered the Rs. 251 smartphone, the company said.
As for Elegance and Elegant, the two new phones announced by Ringing Bells, they come with a 5-inch 720p display and are powered by a 1.3GHz quad-core processor alongside 1GB RAM and 8GB internal storage, expandable by another 32GB via a microSD slot. Both smartphones run Android 6.0 out of the box, and come with an 8-megapixel rear camera, as well as a 3.2-megapixel front shooter. Connectivity options on the two phones include Wi-Fi, GPS, Bluetooth, and FM.
While the Rs. 4,499 Ringing Bells Elegance comes with 4G connectivity (with VoLTE support) and a 2800mAh battery, the Ringing Bells Elegance, carrying a price tag of Rs. 3,999, is a 3G phone powered by a 2500mAh battery.
Both phones are listed on Ringing Bells’ website but there’s no word yet on how and when they will become available.
At the event, the company also announced four new feature phones: Ringing Bells Hit (Rs. 699), Ringing Bells King (Rs. 899), Ringing Bells Boss (Rs. 999), and Ringing Bells Raja (Rs. 1,099). Three power banks – RB Power (4000mAh, Rs. 399), RB Power Plus (5500mAh, Rs. 499), RB Smart (8000mAh, Rs. 699) – are now listed on the company’s website as well.
Ringing Bells has also announced a 31.5-inch HD LED TV priced at Rs. 9,900 that will be launched on August 15. Pre-order and other details will be shared at a later date.