Open source YouTube client “NewPipe” adds Android TV support and a YouTube Music parser

The open-source YouTube client on Android — NewPipe — is a great alternative to the YouTube app for those of you who don’t have Google Play Services on your phone. The client doesn’t use YouTube APIs and simply parses the YouTube website to extract data and play the videos you want, without any restrictions or ads. Due to the way NewPipe works, it also circumvents any limitations that Google might add to the YouTube app. For instance, YouTube recently restricted the quality of videos on smartphones to 480p in India following the nationwide lockdown imposed in the country in response to the COVID-19 outbreak. But users could easily overcome this restriction by using NewPipe instead.

Now, in a bid to make the client even more useful for users, the developers behind NewPipe are rolling out a major update that brings support for Android TV, adds a YouTube Music parser, and more. According to a recent blog post from the developers, NewPipe version 0.19.3 is now rolling out to users and it brings the following noteworthy changes:

Android TV support

While you could already run previous versions of NewPipe on an Android TV, the client didn’t officially support the platform. Due to this, the client had some issues that made it practically unusable. With the latest update, the developers have addressed all such issues and you can now use NewPipe on your Android TV without facing any annoying bugs.

Following the update, you’ll be able to scroll through long video descriptions, focus on any element on the screen, use the native keyboard instead of an on-screen one, seek videos however you like, and face no annoying ripple effects. To try out NewPipe on your Android TV, you can download the APK from the GitHub link below and sideload it on your TV.

YouTube Music parser

With the latest update, NewPipe also gets the ability to natively parse the YouTube Music library and allow users to easily search for music. To search for YouTube Music content on the client, you can tap on the filter button in the search UI and select either Songs, Videos, Albums, or Playlists to see search results from YouTube Music.

Along with the aforementioned changes, NewPipe v0.19.3 also brings a ton of improvements and bug fixes to the client. Here’s the complete changelog for the latest update:

• New
  • Search on YouTube Music
  • Basic Android TV support
• Improved
  • Improved checking for new version
  • Avoid unnecessary changes to the upload date of saved streams
  • Save and restore playback parameters into/from preferences
  • Show message when content isn’t supported yet instead of crashing
  • Improved size handling of the drawer header title
  • Improved popup player resize with pinch gestures
  • Enqueue streams on long press on background and popup buttons in channel
  • Added the ability to remove all watched videos from a local playlist
• Fixed
  • Fixed visibility of group sort button in the subscriptions fragment
  • Fixed detection of network related exceptions
  • Fixed age restricted content setting not working
  • Fixed certain kinds of reCAPTCHAs
  • Fixed crash when opening bookmarks while playlist is null
  • Fixed escaping in JSON created by the crash reported by using nanojson instead of org.json
• Development
  • Added Checkstyle to build scripts & code style improvements
  • Fixed F-Droid build by ensuring the debug apk file name is used only in debug builds
  • Force UTF-8 encoding for Gradle

Download NewPipe (v0.19.3) from GitHub

---

Source: NewPipe blog

The post Open source YouTube client “NewPipe” adds Android TV support and a YouTube Music parser appeared first on xda-developers.

from xda-developers https://ift.tt/35w9HO4
via IFTTT

This is likely the Lenovo Legion gaming smartphone with a 144Hz display, 90W charging, and side pop-up camera

Lenovo’s self-branded smartphones may not be nearly as popular as the company’s Motorola-branded devices, but the brand still has fans in Asian countries like India and China. In an effort to capitalize on the company’s existing popularity with gamers, Lenovo is preparing to launch its first-ever Android gaming smartphone under its Legion Gaming brand. The Lenovo Legion gaming phone has been on our radar for over 4 months now, but we’re now ready to share all of the details we’ve uncovered about the device. Thanks to a trusted source, we have obtained multiple unreleased teaser videos that showcase the likely design of the upcoming Legion gaming phone, and we also have a detailed set of specifications to go along with these teasers.

In late December of 2019, Lenovo created a new account called “Legion Gaming Phone” on Chinese social media platform Weibo. Over a month and a half later, Lenovo officially teased the first smartphone under its Legion gaming brand. The company uploaded a poster announcing that this upcoming smartphone will be powered by the Snapdragon 865, Qualcomm’s highest-end SoC for mobile devices. Next, on March 3rd, Chen Jin, General Manager of Lenovo China Mobile, teased that the Legion gaming smartphone will feature a “disruptive new architecture” in order to solve two pain points faced by mobile gamers: different surface temperatures on the left and right sides and reduced charging speeds when gaming. The teasers slowed down for a few weeks as much of the world went into lockdown due to COVID-19.

Early last month, Lenovo ramped up its marketing for the device by uploading a poster that teases 90W fast wired charging on the Legion gaming phone. There was a lot of skepticism initially about whether the Legion phone actually charges at 90W, but Lenovo has since clarified that they aren’t playing a numbers game here. Furthermore, Lenovo’s 90W fast charging system will be “standard for all systems,” according to the company on Weibo, hinting that there will be more than one first-generation Legion smartphone model. More recently, Lenovo shared a render suggesting the Legion gaming phone has a notch-less display, and they also uploaded a video revealing that there will be a second USB Type-C port on the side so users can charge the phone while they hold the device horizontally.

Apart from official teasers, there have been a few noteworthy leaks of the Lenovo Legion gaming phone. First, back in March, an image of what seems to be Lenovo’s Legion gaming phone bundle was published by a blogger on Weibo. This bundle includes the phone itself but also a pair of gamepads, true wireless earbuds, and a protective case. We couldn’t really see the phone all that well in this leak, though. One week later, the technology blog of the Indian shopping website Pricebaba published images of what they believed to be the Lenovo Legion gaming phone. Those images were taken from the Chinese Patent Office, though we’re now certain that those images do not reflect the phone’s actual design.

In fact, here’s what the Lenovo Legion gaming phone will likely look like, based on screenshots we captured from multiple official marketing videos.

The two screenshots above are from a promotional video teasing the phone’s ultra-fast 90W wired charging. The floating light particles are from when a race car dissipates, revealing the Lenovo Legion as the “engine.” The streams of light following the phone in the second image end up entering the two USB Type-C charging ports: one on the bottom and another on the side. The caption “90W dual Type-C fast charge, 30 minutes to 100%” can be read at this time, confirming the phone will support this staggeringly fast charging speed. In a separate video, Lenovo reveals that the Legion gaming phone has a 5000mAh dual-cell battery design, which is what makes this ultra-fast charging speed possible. However, it isn’t clear from these videos whether or not you’ll reach the fastest 90W charging speed only when charging from the bottom USB-C port.

On the bottom of the device, you’ll find the SIM card tray alongside the primary USB-C charging and data port. On the top, there’s a microphone hole. I didn’t see a 3.5mm headphone jack anywhere on this device, which is disappointing considering the Lenovo Z6 Pro had one. The Y-shape area underneath the LED flash in the middle on the rear likely lights up for that “gamer aesthetic” that this phone is oozing. The dual rear cameras are located near the center of the device; the cameras are placed considerably lower on the body of the Lenovo Legion than they are on other smartphones, but this could be to retain the symmetrical appearance of the back cover. Speaking of which, the back cover looks like a smooth metal with a 3D texture, possibly either polycarbonate or aluminum. Near the middle-left (middle-top when viewing the phone horizontally), there’s the “LEGION” logo on top of a compartment that seemingly pops-up—but more on that later. The “LEGION” logo matches Lenovo’s official Legion Gaming logo, and the “Stylish Outside” and “Savage Inside” texts are part of Legion Gaming’s slogan.

In the separate video, Lenovo teases several other key features of the Legion gaming smartphone. First, the video shows visuals that demonstrate the phone’s “uEngine,” its symmetrical dual X-axis linear vibration motor. The video then goes on to tease the phone’s cooling and audio features, but the terms they use are heavy on marketing jargon, so they were difficult for us to translate. The video seems to say that the phone has a “3D cooling tower structure” with “dual heat pipe partitions” for “long-lasting cooling.” It also shows captions detailing the phone’s “positive stereo sound” from its “full symmetrical 65mm dual speakers”, “dual 0.6mm amp speaker system”, and “1.4cc large sound cavity.” The two speakers are located on the top and bottom bezel on the front.

What’s perhaps most interesting about this device, at least in my opinion, is how it deals with the placement of its front-facing camera. There’s no notch or hole-punch cutout on the display of the Lenovo Legion phone. Instead, there’s a pop-up camera…but it seems to be located on the side of the phone. Most other smartphones with pop-up cameras have them appear on top of the phone. Lenovo is going with a very unique approach here, and I’m not really sure how to react to this front-camera mechanism. It could turn out to be a really awful placement or it could end up being genuinely useful like the ASUS ZenFone 6‘s swivel camera.

Lastly, our source also provided us with a list of some of the specifications for the device. We don’t know everything yet, but we do know enough to say the Lenovo Legion gaming phone is packing top-tier hardware. First of all, the phone’s model name is L79031 and its code-name is “moba,” which likely refers to the multiplayer online battle arena video game genre. The first-generation Legion is powered by the Qualcomm Snapdragon 865 and will have UFS 3.0 internal storage and LPDDR5 RAM. We don’t know the exact storage or RAM capacities. Next, the Legion should have a 144Hz refresh rate flat display (though we don’t know if it’s LCD or OLED) at FHD+ resolution (2340×1080) and with a 270Hz touch sampling rate. The phone runs Android 10 with Lenovo’s ZUI 12 customizations on top, which Lenovo will likely market as “Legion OS” for this device. Lastly, the phone has dual rear cameras (64MP + 16MP wide-angle) and a single front-facing camera (20MP).

When I first saw these renders, I was skeptical about their accuracy. They seem a bit outlandish when it comes to smartphone design—maybe I’ve fallen victim to another one of Lenovo’s design tricks? Although I’m still not 100% convinced the actual Lenovo Legion will look like the phone in these renders, I am very sure that the videos I obtained are official marketing videos. Lenovo may be exaggerating a bit about the phone’s bezels—as some smartphone companies tend to do in their marketing renders—but the overall design shown here will likely reflect the actual phone’s design.

The post This is likely the Lenovo Legion gaming smartphone with a 144Hz display, 90W charging, and side pop-up camera appeared first on xda-developers.

from xda-developers https://ift.tt/3fgZppw
via IFTTT

This is likely the Lenovo Legion gaming smartphone with a 144Hz display, 90W charging, and side pop-up camera

Lenovo’s self-branded smartphones may not be nearly as popular as the company’s Motorola-branded devices, but the brand still has fans in Asian countries like India and China. In an effort to capitalize on the company’s existing popularity with gamers, Lenovo is preparing to launch its first-ever Android gaming smartphone under its Legion Gaming brand. The Lenovo Legion gaming phone has been on our radar for over 4 months now, but we’re now ready to share all of the details we’ve uncovered about the device. Thanks to a trusted source, we have obtained multiple unreleased teaser videos that showcase the likely design of the upcoming Legion gaming phone, and we also have a detailed set of specifications to go along with these teasers.

In late December of 2019, Lenovo created a new account called “Legion Gaming Phone” on Chinese social media platform Weibo. Over a month and a half later, Lenovo officially teased the first smartphone under its Legion gaming brand. The company uploaded a poster announcing that this upcoming smartphone will be powered by the Snapdragon 865, Qualcomm’s highest-end SoC for mobile devices. Next, on March 3rd, Chen Jin, General Manager of Lenovo China Mobile, teased that the Legion gaming smartphone will feature a “disruptive new architecture” in order to solve two pain points faced by mobile gamers: different surface temperatures on the left and right sides and reduced charging speeds when gaming. The teasers slowed down for a few weeks as much of the world went into lockdown due to COVID-19.

Early last month, Lenovo ramped up its marketing for the device by uploading a poster that teases 90W fast wired charging on the Legion gaming phone. There was a lot of skepticism initially about whether the Legion phone actually charges at 90W, but Lenovo has since clarified that they aren’t playing a numbers game here. Furthermore, Lenovo’s 90W fast charging system will be “standard for all systems,” according to the company on Weibo, hinting that there will be more than one first-generation Legion smartphone model. More recently, Lenovo shared a render suggesting the Legion gaming phone has a notch-less display, and they also uploaded a video revealing that there will be a second USB Type-C port on the side so users can charge the phone while they hold the device horizontally.

Apart from official teasers, there have been a few noteworthy leaks of the Lenovo Legion gaming phone. First, back in March, an image of what seems to be Lenovo’s Legion gaming phone bundle was published by a blogger on Weibo. This bundle includes the phone itself but also a pair of gamepads, true wireless earbuds, and a protective case. We couldn’t really see the phone all that well in this leak, though. One week later, the technology blog of the Indian shopping website Pricebaba published images of what they believed to be the Lenovo Legion gaming phone. Those images were taken from the Chinese Patent Office, though we’re now certain that those images do not reflect the phone’s actual design.

In fact, here’s what the Lenovo Legion gaming phone will likely look like, based on screenshots we captured from multiple official marketing videos.

The two screenshots above are from a promotional video teasing the phone’s ultra-fast 90W wired charging. The floating light particles are from when a race car dissipates, revealing the Lenovo Legion as the “engine.” The streams of light following the phone in the second image end up entering the two USB Type-C charging ports: one on the bottom and another on the side. The caption “90W dual Type-C fast charge, 30 minutes to 100%” can be read at this time, confirming the phone will support this staggeringly fast charging speed. In a separate video, Lenovo reveals that the Legion gaming phone has a 5000mAh dual-cell battery design, which is what makes this ultra-fast charging speed possible. However, it isn’t clear from these videos whether or not you’ll reach the fastest 90W charging speed only when charging from the bottom USB-C port.

On the bottom of the device, you’ll find the SIM card tray alongside the primary USB-C charging and data port. On the top, there’s a microphone hole. I didn’t see a 3.5mm headphone jack anywhere on this device, which is disappointing considering the Lenovo Z6 Pro had one. The Y-shape area underneath the LED flash in the middle on the rear likely lights up for that “gamer aesthetic” that this phone is oozing. The dual rear cameras are located near the center of the device; the cameras are placed considerably lower on the body of the Lenovo Legion than they are on other smartphones, but this could be to retain the symmetrical appearance of the back cover. Speaking of which, the back cover looks like a smooth metal with a 3D texture, possibly either polycarbonate or aluminum. Near the middle-left (middle-top when viewing the phone horizontally), there’s the “LEGION” logo on top of a compartment that seemingly pops-up—but more on that later. The “LEGION” logo matches Lenovo’s official Legion Gaming logo, and the “Stylish Outside” and “Savage Inside” texts are part of Legion Gaming’s slogan.

In the separate video, Lenovo teases several other key features of the Legion gaming smartphone. First, the video shows visuals that demonstrate the phone’s “uEngine,” its symmetrical dual X-axis linear vibration motor. The video then goes on to tease the phone’s cooling and audio features, but the terms they use are heavy on marketing jargon, so they were difficult for us to translate. The video seems to say that the phone has a “3D cooling tower structure” with “dual heat pipe partitions” for “long-lasting cooling.” It also shows captions detailing the phone’s “positive stereo sound” from its “full symmetrical 65mm dual speakers”, “dual 0.6mm amp speaker system”, and “1.4cc large sound cavity.” The two speakers are located on the top and bottom bezel on the front.

What’s perhaps most interesting about this device, at least in my opinion, is how it deals with the placement of its front-facing camera. There’s no notch or hole-punch cutout on the display of the Lenovo Legion phone. Instead, there’s a pop-up camera…but it seems to be located on the side of the phone. Most other smartphones with pop-up cameras have them appear on top of the phone. Lenovo is going with a very unique approach here, and I’m not really sure how to react to this front-camera mechanism. It could turn out to be a really awful placement or it could end up being genuinely useful like the ASUS ZenFone 6‘s swivel camera.

Lastly, our source also provided us with a list of some of the specifications for the device. We don’t know everything yet, but we do know enough to say the Lenovo Legion gaming phone is packing top-tier hardware. First of all, the phone’s model name is L79031 and its code-name is “moba,” which likely refers to the multiplayer online battle arena video game genre. The first-generation Legion is powered by the Qualcomm Snapdragon 865 and will have UFS 3.0 internal storage and LPDDR5 RAM. We don’t know the exact storage or RAM capacities. Next, the Legion should have a 144Hz refresh rate flat display (though we don’t know if it’s LCD or OLED) at FHD+ resolution (2340×1080) and with a 270Hz touch sampling rate. The phone runs Android 10 with Lenovo’s ZUI 12 customizations on top, which Lenovo will likely market as “Legion OS” for this device. Lastly, the phone has dual rear cameras (64MP + 16MP wide-angle) and a single front-facing camera (20MP).

When I first saw these renders, I was skeptical about their accuracy. They seem a bit outlandish when it comes to smartphone design—maybe I’ve fallen victim to another one of Lenovo’s design tricks? Although I’m still not 100% convinced the actual Lenovo Legion will look like the phone in these renders, I am very sure that the videos I obtained are official marketing videos. Lenovo may be exaggerating a bit about the phone’s bezels—as some smartphone companies tend to do in their marketing renders—but the overall design shown here will likely reflect the actual phone’s design.

The post This is likely the Lenovo Legion gaming smartphone with a 144Hz display, 90W charging, and side pop-up camera appeared first on xda-developers.

from xda-developers https://ift.tt/3fgZppw
via IFTTT

[Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19

Update 5 (5/4/2020 @ 3:25 PM EST): Apple and Google have shared some screenshots of the Exposure Notification API and announce that location tracking will be prohibited.

Update 4 (4/29/2020 @ 2:30 PM EST): Apple and Google have released a beta version of their Exposure Notification API for public health agencies.

Update 3 (4/24/2020 @ 3:15 PM EST): Apple and Google are renaming the Contact Tracing API to “Exposure Notification,” adds more privacy protections.

Update 2 (4/24/2020 @ 11:30 AM EST): Apple and Google’s contact tracing API will go live next week and will include most Huawei devices.

Update 1 (4/13/2020 @ 5:51 PM EST): During a conference call with reporters, Google and Apple clarified some more details about how Contact Tracing will be rolled out for users.

Due to the ongoing threat posed by SARS-CoV-2, Google and Apple have teamed up to announce a new API and Bluetooth Low Energy specification called “Contact Tracing.” The idea behind contact tracing is to inform users if they’ve recently been in contact with someone who has been positively diagnosed with COVID-19. South Korea and Taiwan have successfully “flattened the curve,” as in they’ve limited the number of new cases to fall below the capacity of their healthcare systems, by implementing widespread testing and contact tracing. According to the Associated Press, several countries in Europe including the Czech Republic, the U.K., Germany, and Italy are developing their own contact tracing tools. Apple and Google hope to empower nations and medical organizations around the world with the ability to trace the spread of the novel coronavirus, but the two companies also recognize the potential privacy concerns with this pandemic containment method. That’s why the two companies have created the new API and Bluetooth spec “with user privacy and security central to the design.”

Google and Apple published blog posts and documents that outline their goals to roll out a new API and Bluetooth LE service. Due to urgent need, both companies are tackling this problem in two stages. First, in May, both companies will release an API that “[enables] interoperability between Android and iOS devices using apps from public health authorities.” These apps will be made available for users to download on the Google Play Store and Apple App Store. On Android, the API will likely become available for apps through an update to Google Play Services. Second, in the next few months, both Google and Apple will add support for a new Bluetooth Low Energy service into Android and iOS. For iOS, this new BLE service will likely come via an OS update, while for Android, this service will likely be added as part of another update to Google Play Services. Google says that adding a Bluetooth LE Contact Tracing service “is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities.”

Once an app integrates the new API or the BLE specification has been integrated, Android and iOS users can receive notifications if they’ve recently been in contact with someone who has been diagnosed with COVID-19. Notably, the BLE solution will not require the user to have an application installed (presumably they just need Google Play Services), but if they choose to install one of the official apps, then the app can inform them on the next steps to take after they receive a notification. This will allow users to decide if they need to self-quarantine for 14 days or to seek testing and further medical intervention. Here is an example flow of what Google and Apple envision will be possible with this new Bluetooth LE service:

An overview of COVID-19 contact tracing using Bluetooth Low Energy. Source: Google/Apple.

Here is what Google says about how they designed the new Android Contact Tracing API to protect user privacy and security:

• Apps calling the API via the startContactTracing method are required to get user consent to start contact tracing. If this is the first time the API is being invoked, the user will be shown a dialog asking for permission to start tracing.
• In order to be whitelisted to use this API, apps “will be required to timestamp and cryptographically sign the set of keys before delivery to the server with the signature of an authorized medical authority.” In other words, unauthorized COVID-19 apps will not be allowed to use this API.
• If the user uninstalls the app, the stopContactTracing method “will be automatically invoked and the database and keys will be wiped from the device.”
• The user, after having confirmed a positive diagnosis of COVID-19, must grant explicit consent to upload 14 days of daily tracing keys. A dialog will be shown to the user if the app calls the startSharingDailyTracingKeys method.
• Users will be shown what date and for how long they were in contact with a potentially contagious person, down to increments of 5 minutes, but not who or where the contact occurred.

Here is how the new BLE Contact Detection Service will protect user privacy and security:

• The spec does not require the user’s location or any other personally identifiable information. Location-use is completely optional and is only done after the user provides explicit consent.
• Rolling Proximity Identifiers are changed every 15 minutes on average, which makes it “unlikely that user location can be tracked via Bluetooth over time.”
• Proximity identifiers retrieved from other devices “are processed exclusively on device.” This means that the “list of people you’ve been in contact with never leaves your phone.”
• It’s up to the user to decide if they want to contribute to contact tracing. Users who are diagnosed with COVID-19 must consent to sharing Diagnosis Keys with the server. There will be transparency about the user’s participation in contact tracing, and “people who test positive are not identified to other users, Google, or Apple.” In fact, this information “will only be used for contact tracing by public health authorities for COVID-19 pandemic management.”
• In case you’re wondering, the Content Detection Service should not significantly drain the battery of a device if the hardware and the OS support “Bluetooth controller duplicate filters and other [hardware] filters” to “account for large volumes of advertisers in public spaces.” Scanning is “opportunistic,” meaning it can occur within existing wake and scan window cycles, but will also occur at a minimum of every 5 minutes.

Because the new Contact Tracing specs are designed with user privacy and security in mind, it’s debatable how effective they’ll be at limiting the spread of COVID-19. According to The Verge, such opt-in, non-invasive contact tracing measures may have limited effectiveness. The issues boil down to a lack of widespread adoption by the population and a potentially large number of false-positive Bluetooth proximity events. Still, I hope this new initiative is successful. It’s rare to see Google and Apple collaborate on anything, but desperate times call for desperate measures.

Sources: Google Blog Post, Overview of COVID-19 Contact Tracing, Contact Tracing BLE Spec, Contact Tracing Cryptography Spec, Android Contact Tracing API Spec

---

Update 1: More Details

In a conference call with reporters, Google and Apple clarified some points about the upcoming Contact Tracing API (rolling out in mid-May as part of “phase 1”) and BLE Contact Detection Service (rolling out later this year as part of “phase 2”). According to TechCrunch and Axios, both the Contact Tracing API and the BLE Contact Detection Service will be available on Android devices following updates to Google Play Services—so long as the Android smartphone is running Android 6.0 Marshmallow. Users will not need to manually update their devices or even update their OS since updates to Google Play Services happen silently in the background through the Google Play Store.

Although the introduction of BLE Contact Detection Service means that users won’t need to install an application to partake in contact tracing, Google says that users will still be prompted to download a relevant public health app if a positive contact event has been detected. This will help users determine the next steps they should take. Apple notes that while data, after being processed locally on-device, may be “relayed” to servers run by public health organizations around the world, there will not be a centralized data server. This will make it difficult for any government or other malicious actor to conduct surveillance. According to Axios, countries can run their own servers or use ones from Apple and Google. To prevent people from submitting false positive diagnoses, Apple and Google are working with public health organizations on a way to confirm diagnoses.

With the confirmation that Google will bring Contact Tracing to Android devices via updates to Google Play Services, what will happen to the millions of devices without Google Mobile Services? I’m referring, of course, to the millions of devices in China and the newer smartphone releases by Huawei and Honor. According to The Verge, Google “intends to publish a framework that those companies could use to replicate the secure, anonymous tracking system developed by Google and Apple.” Thus, it’s up to third-parties to decide whether they want to use that system. Google did not confirm if its Contact Tracing framework will be open-sourced, but they did say they will offer code audits to companies that want to adopt the system.

---

Update 2: Initial Rollout, Huawei Involvement

Originally planned to go live in “mid-May,” it looks like Apple and Google’s Contact Tracing timeline has moved up. According to Thierry Breton, the European Commissioner for internal market, Phase 1 of the plan will go live on April 28th. This information was given to Mr. Breton by Apple CEO Tim Cook.

Phase 1 of Contact Tracing is all about APIs. These APIs will be used by developers who are working on behalf of public health agencies, not third-party applications. The APIs will be made available through an update to Google Play Services and most devices with Android 6.0+ and Bluetooth Low Energy can support Contact Tracing.

Of course, recent Huawei and Honor devices do not have Google Play Services, but many older devices still do. TechRadar confirms that these older devices, which do not include the Huawei Mate 30, P40, Honor V30, and others, will be included in the rollout. As for the other Huawei/Honor devices, the previous article update stated that Google “intends to publish a framework that those companies could use to replicate the secure, anonymous tracking system developed by Google and Apple.”

Source 1: Les Echos | Via: TechCrunch | Source 2: TechRadar

---

Update 3: More Privacy Protections

Apple and Google are now referring to the Contact Tracing plan as “Exposure Notification,” which they say is a better description for the purpose of the tool. We also have some more information about how health authorities can fine-tune the API and the privacy protections that will be in place.

The API uses Bluetooth to detect if you’ve been in the vicinity of others who have tested positive, but that has the potential to be inaccurate (detecting people who weren’t close enough or behind a wall). The API will share the strength of the Bluetooth signal so health authorities can set their own threshold for what constitutes a “contact event.”

The API will share how many days have passed since an individual “contact event.” It will not share the precise length of time the two people were in contact. Rather, it will only share estimates of exposure time, from a minimum of 5 minutes to a maximum of 30 minutes, in increments of 5 minutes. Health authorities can use this information to alter their guidance to users based on how long ago the event was.

Bluetooth metadata will be encrypted to protect against it being used to track individuals in reverse identification attacks. This metadata includes signal strength and other information. The encryption algorithm is being changed to AES from HMAC that they were using before. AES encryption can be accelerated on many mobile devices, making the API more power-efficient.

Lastly, the keys used to trace potential contacts are now randomly generated rather than being derived every 24 hours from a “tracing key” that is permanently tied to a particular device. This gets rid of the chance that an attacker with direct access to a device can figure out how keys are generated from the tracing key, though that is very, very difficult to do already.

Source 1: Axios | Source 2: Bloomberg | Source 3: TechCrunch

---

Update 4: Beta APIs Available

Apple and Google are rolling out their Exposure Notification APIs (formerly called “Contact Tracing”) in a private beta starting today. Google is releasing the beta update through Google Play Services, so they’ll work on any Android 6.0+ device with Bluetooth Low Energy. Public health agencies can begin using these APIs in Android Studio and start testing.

The stable version of the API is still planned to be released in the coming weeks. As the two companies have consistently reiterated, this API is not intended to be used by third-party developers. It’s for public health agencies, and when work has been completed by the developers of these agencies, you will download an app from them.

Source: Bloomberg

---

Update 5: Screenshots, No Location Tracking

Apple and Google are continuing to release more information about the Exposure Notification API. First, the companies shared some guidelines that public health authorities will have to follow to have their contract tracing apps in the respective app stores. The apps are prohibited from collecting device location data, the API is limited to one app per country, and the data collected can’t be used for targeted advertising.

The API limit of one app per country is to reduce fragmentation, but Apple and Google will be flexible and work with governments in countries that may need multiple apps. For example, countries where contact tracing is done regionally or by states.

Apple and Google have also shared some mock-up screenshots of what Exposure Notification settings and apps should look like. The image above shows the new “COVID-19 Exposure Notifications” section in Google Play Services. This section shows whether it’s enabled and which apps are able to send exposure notifications. Users can launch the app from here and see how many “exposure checks” have been done in the last 14 days, delete random IDs, and turn off notifications.

Google also shared some sample screenshots (above) of what an app that uses the Exposure Notification API could look like. The source code for this app has been published on the company’s Github page if health agencies wish to use it to build apps.

Sources: VentureBeat, 9to5Google, 9to5Google

The post [Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19 appeared first on xda-developers.

from xda-developers https://ift.tt/2UZOXLa
via IFTTT

Prototype Google Pixel 4 XL appears online in an unreleased gray color

Back in October, Google announced the Pixel 4 and Pixel 4 XL, their latest flagship Pixel smartphones with premium price tags. Google is selling the two phones in three different color options: Oh So Orange, Clearly White, and Just Black. Evidently, there may have been a fourth color option in development with a matte gray finish. Photos of a prototype Google Pixel 4 XL have just appeared on Chinese online shopping site Taobao, potentially giving us our first look at this unreleased color option.

Google Pixel 4 Forums ||| Google Pixel 4 XL Forums

Earlier today, Twitter user akes29 shared a photo of a Pixel 4 XL in a gray color we’ve never seen before. In a DM, he revealed that he spotted this photo on Taobao. The listing offers a Pixel 4 XL “engineering machine” with 6GB of RAM and 64GB of internal storage for 2699 Yuan, or approximately $382, which is strangely considerably cheaper than a brand new Pixel 4 XL sold in the U.S. (as of today, for $600). From the images that were shared in the listing, we can’t be 100% sure that the seller hasn’t swapped the rear cover of the device—do note, however, that this phone isn’t easy to take apart and put back together, according to repair website iFixit. Furthermore, there doesn’t appear to be any signs of damage on the phone or image manipulation, so it’s likely that the phone indeed came with a gray-colored glass back cover, as the seller claims. We are fairly certain this device is indeed the Pixel 4 XL since we’ve positively identified the IMEI using an online database, and, of course, there’s the fact that this just looks like the Pixel 4 XL. Take a look for yourself:

Other nuggets of information that we can glean from the rear include the code-name, C2, the intended carrier, Verizon, and the kind of prototype device we’re looking at, an Engineering Validation Test (EVT). In code, Google often refers to the Pixel 4 XL and Pixel 4 as “C2F2” which stands for “coral” and “flame” respectively. Interestingly, the sticker at the bottom says that “this device has not been authorized as required by the rules of the Federal Communications Commission and Industry Canada, nor has it been tested for compliance with EU regulations. This device may not be sold or leased. For internal testing and development only. Markings and packaging are not final.” It’s possible that this design was never intended for release and was only produced to get the device into the hands of testers as soon as possible.

Here are more images of the prototype Pixel 4 XL shared in the Taobao listing:

We can see that the phone runs Android 10, which isn’t surprising since Android 11 is still in developer preview stage. Another sticker can be seen on the front that says “do not remove unless authorized by hwpasafety.” This sticker seems to cover up the face unlock dot projector, face unlock flood illuminator, and one of the face unlock IR cameras.

Early leaks of the Pixel 4 XL appeared in China before the phone’s official launch, so we’re not surprised that there are still prototype devices floating around in Chinese markets. We may never find out the true story behind this prototype model, but that’s usually the case when it comes to pre-production units.

The post Prototype Google Pixel 4 XL appears online in an unreleased gray color appeared first on xda-developers.

from xda-developers https://ift.tt/3aZRN7D
via IFTTT

[Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19

Update 5 (5/4/2020 @ 3:25 PM EST): Apple and Google have shared some screenshots of the Exposure Notification API and announce that location tracking will be prohibited.

Update 4 (4/29/2020 @ 2:30 PM EST): Apple and Google have released a beta version of their Exposure Notification API for public health agencies.

Update 3 (4/24/2020 @ 3:15 PM EST): Apple and Google are renaming the Contact Tracing API to “Exposure Notification,” adds more privacy protections.

Update 2 (4/24/2020 @ 11:30 AM EST): Apple and Google’s contact tracing API will go live next week and will include most Huawei devices.

Update 1 (4/13/2020 @ 5:51 PM EST): During a conference call with reporters, Google and Apple clarified some more details about how Contact Tracing will be rolled out for users.

Due to the ongoing threat posed by SARS-CoV-2, Google and Apple have teamed up to announce a new API and Bluetooth Low Energy specification called “Contact Tracing.” The idea behind contact tracing is to inform users if they’ve recently been in contact with someone who has been positively diagnosed with COVID-19. South Korea and Taiwan have successfully “flattened the curve,” as in they’ve limited the number of new cases to fall below the capacity of their healthcare systems, by implementing widespread testing and contact tracing. According to the Associated Press, several countries in Europe including the Czech Republic, the U.K., Germany, and Italy are developing their own contact tracing tools. Apple and Google hope to empower nations and medical organizations around the world with the ability to trace the spread of the novel coronavirus, but the two companies also recognize the potential privacy concerns with this pandemic containment method. That’s why the two companies have created the new API and Bluetooth spec “with user privacy and security central to the design.”

Google and Apple published blog posts and documents that outline their goals to roll out a new API and Bluetooth LE service. Due to urgent need, both companies are tackling this problem in two stages. First, in May, both companies will release an API that “[enables] interoperability between Android and iOS devices using apps from public health authorities.” These apps will be made available for users to download on the Google Play Store and Apple App Store. On Android, the API will likely become available for apps through an update to Google Play Services. Second, in the next few months, both Google and Apple will add support for a new Bluetooth Low Energy service into Android and iOS. For iOS, this new BLE service will likely come via an OS update, while for Android, this service will likely be added as part of another update to Google Play Services. Google says that adding a Bluetooth LE Contact Tracing service “is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities.”

Once an app integrates the new API or the BLE specification has been integrated, Android and iOS users can receive notifications if they’ve recently been in contact with someone who has been diagnosed with COVID-19. Notably, the BLE solution will not require the user to have an application installed (presumably they just need Google Play Services), but if they choose to install one of the official apps, then the app can inform them on the next steps to take after they receive a notification. This will allow users to decide if they need to self-quarantine for 14 days or to seek testing and further medical intervention. Here is an example flow of what Google and Apple envision will be possible with this new Bluetooth LE service:

An overview of COVID-19 contact tracing using Bluetooth Low Energy. Source: Google/Apple.

Here is what Google says about how they designed the new Android Contact Tracing API to protect user privacy and security:

• Apps calling the API via the startContactTracing method are required to get user consent to start contact tracing. If this is the first time the API is being invoked, the user will be shown a dialog asking for permission to start tracing.
• In order to be whitelisted to use this API, apps “will be required to timestamp and cryptographically sign the set of keys before delivery to the server with the signature of an authorized medical authority.” In other words, unauthorized COVID-19 apps will not be allowed to use this API.
• If the user uninstalls the app, the stopContactTracing method “will be automatically invoked and the database and keys will be wiped from the device.”
• The user, after having confirmed a positive diagnosis of COVID-19, must grant explicit consent to upload 14 days of daily tracing keys. A dialog will be shown to the user if the app calls the startSharingDailyTracingKeys method.
• Users will be shown what date and for how long they were in contact with a potentially contagious person, down to increments of 5 minutes, but not who or where the contact occurred.

Here is how the new BLE Contact Detection Service will protect user privacy and security:

• The spec does not require the user’s location or any other personally identifiable information. Location-use is completely optional and is only done after the user provides explicit consent.
• Rolling Proximity Identifiers are changed every 15 minutes on average, which makes it “unlikely that user location can be tracked via Bluetooth over time.”
• Proximity identifiers retrieved from other devices “are processed exclusively on device.” This means that the “list of people you’ve been in contact with never leaves your phone.”
• It’s up to the user to decide if they want to contribute to contact tracing. Users who are diagnosed with COVID-19 must consent to sharing Diagnosis Keys with the server. There will be transparency about the user’s participation in contact tracing, and “people who test positive are not identified to other users, Google, or Apple.” In fact, this information “will only be used for contact tracing by public health authorities for COVID-19 pandemic management.”
• In case you’re wondering, the Content Detection Service should not significantly drain the battery of a device if the hardware and the OS support “Bluetooth controller duplicate filters and other [hardware] filters” to “account for large volumes of advertisers in public spaces.” Scanning is “opportunistic,” meaning it can occur within existing wake and scan window cycles, but will also occur at a minimum of every 5 minutes.

Because the new Contact Tracing specs are designed with user privacy and security in mind, it’s debatable how effective they’ll be at limiting the spread of COVID-19. According to The Verge, such opt-in, non-invasive contact tracing measures may have limited effectiveness. The issues boil down to a lack of widespread adoption by the population and a potentially large number of false-positive Bluetooth proximity events. Still, I hope this new initiative is successful. It’s rare to see Google and Apple collaborate on anything, but desperate times call for desperate measures.

Sources: Google Blog Post, Overview of COVID-19 Contact Tracing, Contact Tracing BLE Spec, Contact Tracing Cryptography Spec, Android Contact Tracing API Spec

---

Update 1: More Details

In a conference call with reporters, Google and Apple clarified some points about the upcoming Contact Tracing API (rolling out in mid-May as part of “phase 1”) and BLE Contact Detection Service (rolling out later this year as part of “phase 2”). According to TechCrunch and Axios, both the Contact Tracing API and the BLE Contact Detection Service will be available on Android devices following updates to Google Play Services—so long as the Android smartphone is running Android 6.0 Marshmallow. Users will not need to manually update their devices or even update their OS since updates to Google Play Services happen silently in the background through the Google Play Store.

Although the introduction of BLE Contact Detection Service means that users won’t need to install an application to partake in contact tracing, Google says that users will still be prompted to download a relevant public health app if a positive contact event has been detected. This will help users determine the next steps they should take. Apple notes that while data, after being processed locally on-device, may be “relayed” to servers run by public health organizations around the world, there will not be a centralized data server. This will make it difficult for any government or other malicious actor to conduct surveillance. According to Axios, countries can run their own servers or use ones from Apple and Google. To prevent people from submitting false positive diagnoses, Apple and Google are working with public health organizations on a way to confirm diagnoses.

With the confirmation that Google will bring Contact Tracing to Android devices via updates to Google Play Services, what will happen to the millions of devices without Google Mobile Services? I’m referring, of course, to the millions of devices in China and the newer smartphone releases by Huawei and Honor. According to The Verge, Google “intends to publish a framework that those companies could use to replicate the secure, anonymous tracking system developed by Google and Apple.” Thus, it’s up to third-parties to decide whether they want to use that system. Google did not confirm if its Contact Tracing framework will be open-sourced, but they did say they will offer code audits to companies that want to adopt the system.

---

Update 2: Initial Rollout, Huawei Involvement

Originally planned to go live in “mid-May,” it looks like Apple and Google’s Contact Tracing timeline has moved up. According to Thierry Breton, the European Commissioner for internal market, Phase 1 of the plan will go live on April 28th. This information was given to Mr. Breton by Apple CEO Tim Cook.

Phase 1 of Contact Tracing is all about APIs. These APIs will be used by developers who are working on behalf of public health agencies, not third-party applications. The APIs will be made available through an update to Google Play Services and most devices with Android 6.0+ and Bluetooth Low Energy can support Contact Tracing.

Of course, recent Huawei and Honor devices do not have Google Play Services, but many older devices still do. TechRadar confirms that these older devices, which do not include the Huawei Mate 30, P40, Honor V30, and others, will be included in the rollout. As for the other Huawei/Honor devices, the previous article update stated that Google “intends to publish a framework that those companies could use to replicate the secure, anonymous tracking system developed by Google and Apple.”

Source 1: Les Echos | Via: TechCrunch | Source 2: TechRadar

---

Update 3: More Privacy Protections

Apple and Google are now referring to the Contact Tracing plan as “Exposure Notification,” which they say is a better description for the purpose of the tool. We also have some more information about how health authorities can fine-tune the API and the privacy protections that will be in place.

The API uses Bluetooth to detect if you’ve been in the vicinity of others who have tested positive, but that has the potential to be inaccurate (detecting people who weren’t close enough or behind a wall). The API will share the strength of the Bluetooth signal so health authorities can set their own threshold for what constitutes a “contact event.”

The API will share how many days have passed since an individual “contact event.” It will not share the precise length of time the two people were in contact. Rather, it will only share estimates of exposure time, from a minimum of 5 minutes to a maximum of 30 minutes, in increments of 5 minutes. Health authorities can use this information to alter their guidance to users based on how long ago the event was.

Bluetooth metadata will be encrypted to protect against it being used to track individuals in reverse identification attacks. This metadata includes signal strength and other information. The encryption algorithm is being changed to AES from HMAC that they were using before. AES encryption can be accelerated on many mobile devices, making the API more power-efficient.

Lastly, the keys used to trace potential contacts are now randomly generated rather than being derived every 24 hours from a “tracing key” that is permanently tied to a particular device. This gets rid of the chance that an attacker with direct access to a device can figure out how keys are generated from the tracing key, though that is very, very difficult to do already.

Source 1: Axios | Source 2: Bloomberg | Source 3: TechCrunch

---

Update 4: Beta APIs Available

Apple and Google are rolling out their Exposure Notification APIs (formerly called “Contact Tracing”) in a private beta starting today. Google is releasing the beta update through Google Play Services, so they’ll work on any Android 6.0+ device with Bluetooth Low Energy. Public health agencies can begin using these APIs in Android Studio and start testing.

The stable version of the API is still planned to be released in the coming weeks. As the two companies have consistently reiterated, this API is not intended to be used by third-party developers. It’s for public health agencies, and when work has been completed by the developers of these agencies, you will download an app from them.

Source: Bloomberg

---

Update 5: Screenshots, No Location Tracking

Apple and Google are continuing to release more information about the Exposure Notification API. First, the companies shared some guidelines that public health authorities will have to follow to have their contract tracing apps in the respective app stores. The apps are prohibited from collecting device location data, the API is limited to one app per country, and the data collected can’t be used for targeted advertising.

The API limit of one app per country is to reduce fragmentation, but Apple and Google will be flexible and work with governments in countries that may need multiple apps. For example, countries where contact tracing is done regionally or by states.

Apple and Google have also shared some mock-up screenshots of what Exposure Notification settings and apps should look like. The image above shows the new “COVID-19 Exposure Notifications” section in Google Play Services. This section shows whether it’s enabled and which apps are able to send exposure notifications. Users can launch the app from here and see how many “exposure checks” have been done in the last 14 days, delete random IDs, and turn off notifications.

Google also shared some sample screenshots (above) of what an app that uses the Exposure Notification API could look like. The source code for this app has been published on the company’s Github page if health agencies wish to use it to build apps.

Sources: VentureBeat, 9to5Google, 9to5Google

The post [Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19 appeared first on xda-developers.

from xda-developers https://ift.tt/2UZOXLa
via IFTTT

May 2020 Android security patches rolling out for Google Pixel devices

In keeping with its tradition of rolling out Android security patches on the first Monday of each month, Google has now started pushing the May 2020 Android security patches for its Pixel devices. The update is now rolling out to the Pixel 4, Pixel 4 XL, Pixel 3a, Pixel 3a XL, Pixel 3, Pixel 3 XL, Pixel 2, and Pixel 2 XL.

Google has not listed any functional patches for Pixel devices this month. There were, however, 15 issues resolved in the Android security patches. There are two sets of build numbers for the patches this month. The builds below are each appended with either “A3” or “B3.” The A3 builds are for Taiwan carriers and the B3 builds are for all other carriers.

Build Numbers

• Pixel 2(XL): QQ2A.200501.001.A3 or B3
• Pixel 3 (XL): QQ2A.200501.001.A3 or B3
• Pixel 3a (XL): QQ2A.200501.001.A3 or B3
• Pixel 4 (XL): QQ2A.200501.001.A3 or B3

Download Factory Images | Download OTA Images

Android Security Bulletin | Pixel Update Bulletin | Pixel Functional Changes

The post May 2020 Android security patches rolling out for Google Pixel devices appeared first on xda-developers.

from xda-developers https://ift.tt/3c9ukCo
via IFTTT