Category: android

According to a newly posted code change, Android 14 is set to make API requirements stricter, entirely blocking the installation of outdated apps. This change would block users from sideloading specific APK files and also block app stores from installing those same apps. Initially, Android 14 devices will only block apps that target especially old Android versions. Over time though, the plan is to increase the threshold to Android 6.0 (Marshmallow), with Google having a mechanism to “progressively ramp [it] up.” That said, it will likely still be up to each device maker to decide the threshold for outdated apps or whether to enable it at all. The report notes that it’ll still be possible to install an outdated version of an app “through a command shell, by using a new flag.”

The improvements are thanks largely to structural changes in how Android is developed and deployed. For example, Project Treble was launched in 2017 to re-architect the platform, separating the OS framework from the low-level vendor code. This made it easier to update devices without waiting on vendors to provide updated drivers. We saw evidence of improvement that very year, and it’s gotten better ever since.

That count is for “vulnerabilities reported in the Android security bulletin, which includes critical/high severity vulnerabilities reported through our vulnerability rewards program (VRP) and vulnerabilities reported internally.” During that period, the amount of new memory-unsafe code entering Android has decreased: “Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language. ”

Rust makes up 21% of all new native code in Android 13, including the Ultra-wideband (UWB) stack, DNS-over-HTTP3, Keystore2, Android’s Virtualization framework (AVF), and “various other components and their open source dependencies.” Google considers it significant that there have been “zero memory safety vulnerabilities discovered in Android’s Rust code” so far across Android 12 and 13. Google’s blog post today also talks about non-memory-safety vulnerabilities, and its future plans: “… We’re implementing userspace HALs in Rust. We’re adding support for Rust in Trusted Applications. We’ve migrated VM firmware in the Android Virtualization Framework to Rust. With support for Rust landing in Linux 6.1 we’re excited to bring memory-safety to the kernel, starting with kernel drivers.

Here’s an excerpt from his manifesto (via smallandroidphone.com): My Dream Small Android phone
Optimizes for only 3 things:

– Sub 6″ display, matching size and design of iPhone 13 Mini
– Great cameras
– Stock Android OS

If you can hit these three bullets, you’ve built the perfect phone. Currently there are ZERO premium Android phones with less than 6″ displays. No amount of money can buy one right now. Focus on these three bullets, all other specs are flexible.

Price: $700-800 (again, we have no alternatives so we should be willing to pay a bit more!) In a call-to-action, Migicovsky asks readers who agree with him to sign up on this page to help “convince a manufacturer to build us our dream phone.” He adds: “If no one else makes one I guess I will be forced to make it myself, but I really really don’t want it to come to that!”

Here’s how Google describes the process to developers: “You alone are responsible for making complete and accurate declarations in your app’s store listing on Google Play. Google Play reviews apps across all policy requirements; however, we cannot make determinations on behalf of the developers of how they handle user data. Only you possess all the information required to complete the Data safety form. When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action.”

Once the section is up and running, developers will be expected to list what data they’re collecting, why they’re collecting it, and who they’re sharing it with. The support page features a big list of data types for elements like “location,” “personal info,” “financial info,” “web history,” “contacts,” and various file types. Developers are expected to list their data security practices, including explaining if data is encrypted in transit and if users can ask for data to be deleted. There’s also a spot for “Google Play’s Families Policy” compliance, which is mostly just a bunch of US COPPA and EU GDPR requirements. Google says developers can also indicate if their app has “been independently validated against a global security standard.”

Volla OS also has a built-in user-customizable firewall, an App Locker feature for disabling and hiding apps, and optional support for using the Hide.me VPN for anonymous internet usage. The source code for Volla OS is also available for anyone that wants to inspect the code. The operating system also has a custom user interface including a Springboard that allows you to quickly launch frequently-used apps by pressing a red dot for a list, or by starting to type in a search box for automatic suggestions such as placing a phone call, sending a text message, or opening a web page. You can also create notes or calendar events from the Springboard or send an encrypted message with Signal. The phone is expected to ship in June at an early bird price of about $408.

“The data sent by Google Messages includes a hash of the message text, allowing linking of sender and receiver in a message exchange,” the paper says. “The data sent by Google Dialer includes the call time and duration, again allowing linking of the two handsets engaged in a phone call. Phone numbers are also sent to Google.” The timing and duration of other user interactions with these apps has also been transmitted to Google. And Google offers no way to opt-out of this data collection. […] Both pre-installed versions of these apps, the paper observes, lack app-specific privacy policies that explain what data gets collected — something Google requires from third-party developers. And when a request was made through Google Takeout for the Google Account data associated with the apps used for testing, the data Google provided did not include the telemetry data observed.

Google is also integrating Google Photos into the Message app to improve the video sharing experience. While the modern RCS standard allows people with Android devices to share high-quality videos with each other, those same videos appear blurry when shared with those on iPhone, as iMessage doesn’t support RCS. By sending the link to the video through Google Photos, iPhone users will be able to watch the video in the same high resolution. This feature will later include support for photos, too. This addition aims to push Apple to adopt the industry standard by shaming the company over video quality.