LightBlog

mercredi 26 octobre 2016

Google Confirms Fix for Huawei Phone/Android Auto Incompatibility is on the Way

Android Auto has remained one of Google's more low-key products these past two years since its initial announcement in 2014, but the project has slowly been expanding each year. During this year's Google I/O, the company announced that it would be working with Qualcomm to deliver a customized Snapdragon SoC aimed at car kits as well as allowing car manufacturers the ability to customize the user interface and even develop their own apps. (By the way, we're still waiting on that promised standalone Android Auto app for smartphones, Google!)

For now it seems that the only way to truly experience Android Auto is if you have one of the vehicles listed on the Android Auto website. But even then, it seems that some users are having issues connecting their Huawei device to their Android Auto-enabled vehicle. The issue, as reported multiple times on our forums, seems to be affecting the Huawei P9, P9 Lite, and P9 Plus. The apparent "incompatibility" bug could be affecting other Huawei devices, but we haven't seen reports from users on other Huawei devices as of yet. Fortunately, we now have confirmation that Google is aware of the issue and that they are working with Huawei to deliver a fix.

In the recently launched "Android Auto User Community" Google Group, one of the Android Auto Community Managers states that they've discovered an issue with some Huawei devices that marks them incompatible with Android Auto. How or why this issue occurs is not mentioned in any sort of detail, but at least they've acknowledged the issue and have promised to resolve it as soon as possible. If you've ever used Android Auto before, let us know your experience below!



from xda-developers http://ift.tt/2eI0Eiq
via IFTTT

Report: 70% of Note 7 owners will stick with Samsung

Unless you've been living under a rock these past few weeks, you've probably heard of the sometimes explosive nature of the Samsung Galaxy Note 7's battery. The fiasco has resulted in Samsung recalling the millions of phones it had shipped out: not once, but twice. Samsung has been so careful with trying to salvage what's left of the Note brand that they've even sent thermally-insulated return kits to press so any further news wouldn't blow up in their faces (quite literally). Despite having weeks to investigate the issue, the company is still unsure why their Note 7 devices keep exploding. Estimates peg that the Note 7 fiasco will cost Samsung a catastrophic $9.5 billion in lost sales. Despite these setbacks, a new report by BayStreet indicates there may be a silver lining for Samsung amidst the Note 7 chaos. According to the report, 70% of prior Galaxy Note 7 owners will remain with Samsung and will likely purchase a Samsung branded smartphone in the future.

The report continues with its findings and tackles a different question: how many Note 7 owners will abandon the Android ecosystem in favor of the premium iPhone 7 Plus? The answer is, apparently, very few. BayStreet finds that despite the fact that Note 7 owners are "aspirational" and "value premium brands", they are unlikely to favor switching to an Apple product due to their loyalty to Samsung. These findings are quite surprising, considering the fact that an exploding smartphone is quite literally one of the few things one would expect a consumer to abandon a brand over. Instead, BayStreet estimates that only 15% of total Note 7 owners (approximately 200-300k) will switch to an iOS device.

Another marketing information and analysis firm, CCS Insight, believes that Samsung will easily weather the storm of financial and reputational damage incurred by the Note 7's PR disaster. They note that the company's $70 billion war chest as well as the estimated 80 to 90 million non-Galaxy Note smartphones they will ship will more than make up for the lost revenue from the Note 7. But if there is one lesson to be learned from this mess, it's that Samsung cannot rush its future products. The Note 7 seems to be an isolated incident among Samsung products, but any repeat disaster could spell doom for Samsung's future in smartphone electronics.


Source: FierceWireless

Source: CCS Insight



from xda-developers http://ift.tt/2f8z8i1
via IFTTT

Google Allo Updated to 2.0 With Split-Screen and Quick Reply Support

Google Allo did not quite have the start that Google had hoped for the app. In the saturated market of Instant Messaging platforms, Allo has offered very little to the average consumer that could keep the user, and his contact circles, hooked. Decouple the Assistant from Allo, and you're left with an IM app bereft of key messaging features found on other popular platforms such as Whatsapp.

Nevertheless, Google still has hope for Allo. The company has just pushed a new update to Allo which bumps up its version by a full number. Allo's Play Store listing does not yet display the change-log as the app is still rolling out, but the Google Nexus Twitter account has announced that the latest update brings Nougat split-screen support and quick-reply from notifications. However, a couple of community members have posted an unofficial change-log Allo 2.0's APKMirror page, which we've reproduced below.


What's new in Allo 2.0?

Allo 2.0 adds the following changes, in addition to presumed bug fixes and performance enhancements:

  • Support for toggling chats to monochrome
  • Direct Voice Recognition in Assistant
  • Splash Screen
  • Quick Reply Support
  • Split-screen Support
  • GIF Support in keyboard for 7.1+
  • App Shortcuts for 7.1+
  • Direct share
Monochrome Toggle Normal Chat Monochrome Chat

While the update might not seem significant enough for a full version number jump, the update does add a few useful features to the app. The addition of quick reply and split-screen support was necessary to take proper advantage of Android 7.0 Nougat's feature set. With the Pixel devices shipping with Allo pre-installed, it was important for Google to provide the same set of features and experiences that we've grown accustomed to from other apps on Nougat. The splash screen might seem like a trivial addition, but it does give users on older devices with longer loading times something pleasant to look at instead of just a blank screen while the app is loading.

You can download Allo 2.0 from the Google Play Store, however, the new update may take some time to roll out to all users. Alternatively, you can also download the update from APKMirror.

Have you tried out the new update? Let us know in the comments below!


Source: Twitter: Google Nexus



from xda-developers http://ift.tt/2eHc8CD
via IFTTT

Google Pixel XL costs $285.75 to Manufacture – in line with Rival Smartphones

When Google finally unveiled the Pixel and Pixel XL on October 4th, many people were put off by the price tag of the two phones. While Google is no stranger to sticking a premium price tag on their products, many users hoped that the two Pixel phones would continue bucking the trend of expensive off-contract prices. Alas, this was not the case, but at least most users appear to be very satisfied with their purchase judging by early user reviews of the devices on our forums. Although many technology journalists have drawn similarities between the Pixel and iPhone in terms of price, just how true is this similarity? According to an IHS Markit teardown of the device, it appears that the cost to manufacture the Pixel XL is $285.75. At an unsubsidized price of $769 before taxes, this means that the cost-to-sales price ratio for the Pixel XL is similar to the iPhone 7 Plus and Samsung Galaxy S7 Edge.

google_pixel_xl_chart_exploded_version_two_revised


Pixel XL Price Teardown

In its press release, IHS Markit detailed how it determined the cost to manufacture the Pixel XL. The company deconstructed the Pixel XL to its base parts and then determined the approximate price point of each component, while adjusting for bulk purchasing costs. After assessing the cost of each component, IHS Markit determined that the bill of materials for the base Pixel XL model with 32GB of internal storage costs $278. Add to that a $7.75 cost to manufacture the phone in an HTC factory, and you get the $285.75 price figure.

googlepixelteardown

The company directly compares the manufacturing cost and design decisions of the Pixel XL to that of the iPhone and Samsung Galaxy S7 series, stating that the "total BOM costs for the Google Pixel XL are, not surprisingly, in line with those of other competitors, because the supply base and specs are very similar from phone to phone—whether it's an iPhone, a Galaxy-series phone or the Google Pixel XL" – Andrew Rassweiler, senior director of cost benchmarking services for IHS Markit. While Samsung is facing a tumultuous time with its Note 7 disaster, Google's Pixel XL arrives at the perfect time to challenge Samsung's dominance in the high-end Android smartphone market. It's clear that the Pixel XL was designed to compete with the upper echelon of premium flagship phones, and IHS Markit's price teardown only solidifies that point.


Source: IHS Markit



from xda-developers http://ift.tt/2eH4Kac
via IFTTT

Android Wear 2.0 will Require Installing Apps from new Wear-based Play Store

Ian Lake is an Android Developer Advocate who has been responding to some Android Wear 2.0 questions over in the Android Wear Developers Google+ community. In one particular Google+ thread, a user inquired about the current distribution numbers for the various Android Wear platform versions. For now, Mr. Lake says that all watches are capable of running the latest version of Android Wear, so developers targeting minSdkVersion 23 in their app's manifests is fine. But then things started to get interesting as the discussion pivoted towards the upcoming Android Wear 2.0 update.

A developer asks if Android Wear 2.0 devices will support embedded APKs rather than the current method which requires installing the main application on the linked smartphone and beaming the Wear component to the smartwatch. In response to this question, Mr. Lake reveals an interesting change to Android Wear 2.0: with the upcoming wearable update, all users will need to visit the Play Store from their smartwatch in order to install an application on it. With the new update, users will no longer automatically load their smartwatch with apps from their smartphone, and will instead need to interact with their smartwatch to install new apps. In preparation for this change, Android Wear 2.0 applications will be allowed full network access and can be installed completely separately from the smartphone app.

Mr. Lake continues and tells us that Google is expanding the PlayStoreAvailability APIs for the developers who have apps that still utilize the companion app model, but he reminds developers that users will be able to download their apps independent of what's on the user's smartphone. The Play Store application for Android Wear 2.0 will show apps that you have currently installed on your phone at the top of the list for convenience, but the user will have the ability to choose whether or not they want to install it to their smartwatch.

This move is a significant departure from the original Android Wear user experience. Mr. Lake states that internal user studies show that users are not happy with the way the platform currently automatically installed apps to the smartwatch without the user's permission. This route should simplify things when the smartphone and smartwatch application are not required to be linked together. So for the Android Wear developers out there, be sure you're ready to provide support for Android Wear 2.0 as there are many changes included in the next big update for the wearable platform.

Source: Android Wear Developers

Via: 9to5Google



from xda-developers http://ift.tt/2ebv0Jp
via IFTTT

XDA Forums Live for the Xiaomi Mi Note 2 and Xiaomi Mi MIX

Xiaomi's latest flagship, the Mi Note 2, and its "concept" phone, the Mi MIX are the latest devices that can call XDA their home! Head on over to the forums to interact with other users!



from xda-developers http://ift.tt/2dXgjMa
via IFTTT

9 Year Old Linux Kernel bug dubbed ‘Dirty Cow’ can Root every version of Android

Despite the fact that tens of thousands of users actively pore over the Linux kernel source code actively looking for security flaws, it's not unheard of for serious bugs to go unnoticed. After all, though the chances of missing something incredibly serious are lowered by having more eyes auditing the code, we're all still human and are bound to make a mistake. The mistake this time seems to be quite serious, unfortunately. A privilege-escalation exploit was recently discovered last week, and although it has already been patched in the mainline Linux kernel, the bug could potentially be exploited on nearly every Android phone on the market until each device receives the appropriate kernel patch.


Enter Dirty Cow

screenshot-dirtycow-ninja-2016-10-26-11-23-31

The privilege-escalation bug is known colloquially as the Dirty Cow exploit, though it is cataloged in the Linux kernel's bug tracker system as CVE-2016-5195. Though only discovered last week, the bug has existed within the Linux kernel's code for 9 years. Furthermore, the exploitable code is found in a section of the Linux kernel that is shipped on virtually every modern operating system built on top of the Linux kernel – that includes Android, by the way. What's worse is that the researchers who uncovered the exploit have found evidence that the exploit is being used maliciously in the real-world, so they are advising any and all vendors shipping software built on the Linux kernel to immediately patch the exploit.

Dirty Cow is itself not an exploit, but rather a vulnerability. However, this vulnerability allows for escalating the privilege of a user space process, granting it super user privileges. By exploiting this vulnerability, a malicious user space process can have unfettered root access on a victim's device. In more technical terms, the bug involves a race condition of the Linux memory duplication technique known as copy on write. By exploiting this race condition, users can gain write-access to memory mappings that are normally set to read-only. More details of the vulnerability can be gleaned from here, here, and here.

The security vulnerability is said to be rather trivial to exploit, and indeed within mere days of the vulnerability being made public a proof-of-concept privilege-escalation exploit has been demonstrated for all Android devices. Any Android device running a Linux kernel version greater than 2.6.22 (read: every single Android distribution in existence) can potentially fall victim to this proof-of-concept exploit. Though the proof-of-concept exploit does not actually attain root access, attacking the system using this vulnerability makes that quite simple. In an e-mail sent to ArsTechnica, Phil Oester, a Linux kernel developer who is cataloging known real-world exploits of Dirty Cow on his website had this to say about the bug:

Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff.

The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works.

The particular exploit which was uploaded to my system was compiled with GCC 4.8.5 released 20150623, though this should not imply that the vulnerability was not available earlier than that date given its longevity. As to who is being targeted, anyone running Linux on a web facing server is vulnerable.

For the past few years, I have been capturing all inbound traffic to my webservers for forensic analysis. This practice has proved invaluable on numerous occasions, and I would recommend it to all admins. In this case, I was able to extract the uploaded binary from those captures to analyze its behavior, and escalate to the appropriate Linux kernel maintainers.

After further work by developers on demonstrating the effectiveness of exploiting Dirty Cow on Android, one developer was able to successfully root his HTC device within seconds by exploiting the vulnerability. We at XDA generally welcome the ability for users to acquire root access, but we do not celebrate the existence of root exploits such as this, especially one which is so widespread and potentially incredibly dangerous to end users. To give you an idea of how dangerous Dirty Cow can be in the wild, YouTuber Computerphile put together a quick video demonstrating the potential malicious attack vectors that hackers can use to quietly attain root access on your device.


Source: ArsTechnica [1]

Source: ArsTechnica [2]



from xda-developers http://ift.tt/2dKT7xv
via IFTTT