Tech News - Mobile

Yesterday, Apple brought it’s popular Apple Music streaming service to the web. Apple Music for the web is launched in public beta and you can access it from anywhere in the world with your Apple ID, if you are an Apple Music subscriber. This is the first time that Apple Music has been officially offered on the web. You can visit the link beta.music.apple.com to get started. New users will be able to sign up for Apple Music through the website later in the future. Twitterati were shocked to the core as Apple Music came to the web. Appreciation tweets flooded the social media platform. https://twitter.com/viticci/status/1169715776279973889 https://twitter.com/bzamayo/status/1169705640215945218 https://twitter.com/kylewagaman/status/1169878550523940865 Apple Music for web allows you to search for and play any song in the Apple Music catalog. If you have set up the Sync Library option on other devices, you can play tunes from your own library as well. All the main sections from the Apple Music app will also be available, including Library, Search, For You, Browse and Radio. The player has some of the same features as the macOS Catalina Music app, for instance, adapting to a Dark Mode setting. At WWDC, Apple announced that with macOS Catalina, Apple is replacing iTunes with Apple Music. Once the new Music app launches on Mac this fall, it will help Apple move away from supporting iTunes on Windows. A web app is also accessible for people unable to install the iTunes or Apple Music apps. This is another of Apple’s steps in putting more focus on services. Building a web app is a sensible business move that will benefit Apple’s current and future subscribers. Apple Music on web also brings the company on par with Spotify, which is Apple’s biggest competitor in the music sphere. In March this year, Spotify had filed an EU antitrust complaint against Apple. Apple had responded that Spotify’s aim is to make more money off others’ work. More interesting news for Apple Is Apple’s ‘Independent Repair Provider Program’ a bid to avoid the ‘Right To Repair’ bill? Apple accidentally unpatches a fixed bug in iOS 12.4 that enables its jailbreaking Apple announces ‘WebKit Tracking Prevention Policy’ that considers web tracking as a security vulnerability

Yesterday, the Android team announced the official release of Android 10 for its Pixel users. It explores many new features like gesture navigation, dark theme, smart reply, live captioning, new emojis and more. Android 10 also focuses on privacy improvements and security updates. https://twitter.com/Android/status/1168935724655218691 In a blog post, the senior director of product management for Android, Stephanie Cuthbertson says, “Android 10 is built around three important themes. First, Android 10 is shaping the leading edge of mobile innovation with advanced machine-learning and support for emerging devices. Next, Android 10 has a central focus on privacy and security, with almost 50 features that give users greater protection, transparency, and control. Finally, Android 10 expands users' digital wellbeing controls so individuals and families can find a better balance with technology.” Android 10 will be rolled out in all the three generations of Pixel phones (Pixel 3, Pixel 3a, Pixel 2, and the original Pixel) immediately, while other Pixel devices will get an update over the next week. Many partner devices, including those involved in Android’s Beta program, are expected to receive an update by the end of 2019. The Android team has also released the source code for Android 10 to the Android Open Source Project (AOSP), which is a repository that offers all the necessary information to create a custom variant of an Android OS, and accessories for the Android platform. Prior to this stable release, Android 10, previously nicknamed as Android Q had six beta releases. The Android Q Beta 6 was released last month. Read Also: Google confirms and fixes 193 security vulnerabilities in Android Q Let’s have a look at some of the new features in Android 10. Gesture navigation Android 10 presents a full gesture navigation mode which showcases an ‘edge to edge’ display. This feature enables users to navigate back (left/right edge swipe), to the home screen (swipe up from the bottom), and trigger the device assistant (swipe in from the bottom corners) with only gestures, rather than buttons. “By moving to a gesture model for system navigation, we can provide more of the screen to apps to enable a more immersive experience,” says Android UI product managers Allen Huang and Rohan Shah. The Android team has provided proof that their users rely on the Black button, 50% more than the Home button. In a statement to WIRED, Google vice president of Android engineering Dave Burke said that he believes the new gesture control will make it easier for users to use a smartphone with just one hand. Dark theme Following Apple’s footsteps, Android has also introduced a Dark theme in Android 10. The system-wide dark theme will reduce power usage by a significant amount. It aims to improve visibility for users with low vision and those who are sensitive to bright light. Google applications like YouTube, Google Fit, Google Keep, and Google Calendar will be available in dark mode right away. However, Gmail and Chrome will be able to support the dark theme only by the end of this month. Android 10 also provides a Force Dark feature which will implement the dark mode, without explicitly setting a DayNight theme. It analyzes each view of a light-themed app to convert it into a dark theme, even before it is drawn to the screen. Read Also: Apple previews iOS 13: Sign in with Apple, dark mode, advanced photo and camera features, and an all-new Maps experience Smart Reply in notifications Android 10 uses on-device machine learning to suggest actions, called ‘smart reply’ based on the content of the notification. It may include suggestions to open applications like Maps, Chrome or Youtube depending on the context of the message received. The Android team says, “We’ve built this feature with user privacy in mind, keeping the ML processing completely on the device.” The smart reply feature is expected to work across all popular messaging apps. Users can also opt-out of this feature, if not interested. Live captioning for audios and videos in mobiles The live caption feature will caption real time videos, podcasts, audio messages, and even manual recordings, without any wifi or cell phone data. It uses a local speech analyzer technique to identify the voices on the device. Unlike other features, live caption is not ready yet, and will be launched later this year, particularly for Pixel devices only.. https://youtu.be/YL-8Xfx6S5o Foldables to extend multitasking Android 10 supports foldable devices with different folding patterns. The blog post states, “Android 10 extends multitasking across app windows and provides screen continuity to maintain your app state as the device folds or unfolds.” Android developers believe that unfolding the device to provide a larger screen will provide users with “a more immersive experience.” Unfortunately, there are no foldable phones in the market currently. https://youtu.be/4dIULf4ma_I New privacy features in Android 10 Giving users more control over location data: Users have more control over location data in Android 10. They can choose from the following three options to decide about location access to an app. All the time: The app can access location at any time While in use: The app can access location only while the app is being used/ present in the foreground Deny: The app cannot access location at all Protecting location data in network scans: Android 10 increases the protection around scanning network APIs. Some telephony, Bluetooth, Wi-Fi APIs will now need the fine location permission (ACCESS_FINE_LOCATION) in order to use several methods within the Wi-Fi, Wi-Fi Aware, or Bluetooth APIs. Preventing device tracking: Android 10 will not allow applications to access the non-resettable device identifiers which could have been used for tracking previously. Security updates in Android 10 Storage encryption: All compatible devices launching with Android 10 will have to encrypt user data. This stable version of Android presents a new encryption mode called Adiantum which provides encryption with very little performance overhead. TLS 1.3 by default: TLS 1.3 is a major revision to the TLS standard with performance benefits and enhanced security. Platform hardening:  Android 10 includes hardening for several security-critical areas of the platform, and updates to the BiometricPrompt framework which manages system-provided biometric dialog. Read Also: 25 million Android devices infected with ‘Agent Smith’, a new mobile malware Users love the new features in Android 10, especially the dark mode and live captioning. https://twitter.com/CourtMejias/status/1169073325513105408 https://twitter.com/rongbin99/status/1169087701032808448 https://twitter.com/Nooshith4/status/1169075545012756480 Few users found the new gesture navigation feature of Android 10 similar to iPhones. https://twitter.com/r3dash/status/1169095752271876097 Interested readers can check out the Android 10 website and the Android Developers blog for more information about Android 10. Other news in Tech Laravel 6.0 releases with Laravel vapor compatibility, LazyCollection, improved authorization response and more Over 47K Supermicro servers’ BMCs are prone to USBAnywhere, a remote virtual media vulnerability Microsoft introduces Static TypeScript, as an alternative to embedded interpreters, for programming MCU-based devices

Yesterday, Apple announced a new ‘Independent Repair Provider Program’ which will offer customers additional options for common out-of-warranty iPhone repairs. It will also provide independent repair businesses with genuine Apple parts, tools, training, repair manuals and diagnostics. Customers can now approach these independent repair shops to fix their devices instead of being restricted to Apple Authorized Service Providers (AASPs). The program is only available in U.S. for now, but will soon be expanded to other countries. To qualify for the Independent Repair Provider Program, an independent repair business will need to have at least one Apple-certified technician to perform the iPhone repair. In the press release, Apple states that only “qualifying repair businesses will receive Apple-genuine parts, tools, training, repair manuals and diagnostics at the same cost as AASPs.” Apple’s certification program is simple and an indie business can enroll in it free of any cost. Apple’s Chief Operating Officer, Jeff Williams says, “When a repair is needed, a customer should have confidence that the repair is done right. We believe the safest and most reliable repair is one handled by a trained technician using genuine parts that have been properly engineered and rigorously tested” In the past one year, Apple has launched a “successful pilot” with 20 independent repair businesses which supplies genuine parts to customers in North America, Europe and Asia. Read Also: Apple announces expanded security bug bounty program up to $1 million; plans to release iOS Security Research Device program in 2020 Is this Apple’s way to avoid the ‘Right To Repair’ bill? Apple’s sudden shift to a new trajectory comes as a surprise after it was reported that Apple was trying hard to kill the ‘Right To Repair’ bill in California. If passed, the bill would provide customers the right to fix or modify their devices without any effect on their warranty. The Apple representatives tried to protest the bill by stoking fears of battery explosions for the consumers who attempt to repair their iPhones. Currently, the bill has been pushed till 2020, allegedly due to successful lobbying of Californian lawmakers by Apple. Many people believe that Apple is going to use this ‘Independent Repair Provider Program’ to support their side of the right-to-repair debate. A user on Hacker News says, “Pretty straightforward attempt to stave off right-to-repair laws... and coming after years of attempts to destroy independent repair businesses. Very hard to see this as a good faith effort by Apple.” Another user comments, “I feel like this is an end-run attempt to avoid right-to-repair legislation. While I hope for the best from this program, it seems to little to late and in direct opposition of prior arguments they’ve made concerning third-party repairs and parts distribution.” Apple’s iPhone sales have declined in the past two fiscal quarters. Kyle Wiens, chief executive of repair guide company iFixit and a longtime advocate for right-to-repair laws, said “This is Apple realizing that the market for repair is larger than Apple could ever handle themselves, and providing independent technicians with genuine parts is a great step,” Wiens said. But, he said, “what this clearly shows is that if right-to-repair legislation passed tomorrow, Apple could instantly comply.” Another critical point which is not highlighted by Apple in the press release he says is that this program does not provide customers the opportunity to repair their own phones. Apple also reserves the right to reject any application they want, without comment. https://twitter.com/kwiens/status/1167076331953090561 Others believe that this a step in the right direction. https://twitter.com/LaurenGoode/status/1167156636789592064 A Redditor comments, “Sounds like Apple is choosing a great halfway point between letting anyone access parts and only letting established shops/businesses from offering repairs. Hopefully we’ll see more independent repair stores offering repairs officially if as it sounds it’s free to apply and get certified!” Another reason Apple probably would have felt the need to change its longstanding policy, is seeing viable and easy to repair alternatives cropping up in the smartphone market. For instance, this week, Fairphone, a Dutch company launched a sustainable smartphone called ‘Fairphone 3’ which aims to minimize electronic waste. Fairphone 3 contains 7 modules, which have been designed to support easy repairs. It also boasts tech specifications of any modern 2019 smartphone. For more details on the Independent Repair Provider Program, head over to the official press release by Apple. Interested businesses can also check out the Independent Repair Provider Program official website. Other interesting news in Tech The Accelerate State of DevOps 2019 Report: Key findings, scaling strategies and proposed performance & productivity models “Rust is the future of systems programming, C is the new Assembly”: Intel principal engineer, Josh Triplett #Reactgate forces React leaders to confront community’s toxic culture head on

Dutch company Fairphone has unveiled the third version of its sustainable smartphone - Fairphone 3. This new version builds on the company’s vision of creating sustainable but performant devices while also minimizing electronic waste. https://www.youtube.com/watch?v=S0fbZerTUjY Talking about specs, Fairphone 3 has all specifications of a modern 2019 smartphone. This sustainable smartphone has a 5.7-inch 1080x2160 18:9 touchscreen with Gorilla Glass 5 on top, it runs on the Snapdragon 632 SoC, has 4GB of RAM, 64GB of expandable storage, and a 3,000 mAh removable battery with fast charging support. It also runs Android 9 Pie and has a 12 MP rear camera and an 8 MP selfie shooter, dual-SIM functionality, Wi-Fi, Bluetooth 4.2, GPS, NFC, and 4G network support. Most importantly, Fairphone 3 contains 7 modules, which have been designed to support easy repairs in support of Fairphone’s goals for long-lasting and sustainable phones. It also ships in sustainable and reusable packaging, being delivered with its own protective bumper. The company revealed that you can save 30% of CO2 emissions or more by just maintaining the Fairphone 3 to last longer. The sustainable smartphone is made with responsibly sourced and conflict-free tin and tungsten, recycled copper and plastics, and sources Fairtrade gold. The phone also supports collection programs in countries like Ghana. To combat e-waste, it will reward buyers for using Fairphone’s recycle program to return their previous phones. Not just reducing electronic waste, Fairphone is also working to make its supply chain fairer for all those involved. Fairphone is collaborating with the final assembly partner Arima to improve employee satisfaction by improving worker representation, health, and safety and by paying a bonus to workers with the aim to bridge the gap between minimum and living wages in the factory. Read Also: The ethical mobile OS, /e/-MVP beta2 ported to Android-Oreo, /e/ powered smartphone may be released soon! Fairphone CEO Eva Gouwens sums up the company’s goals for Fairphone 3, commenting, “We envision an economy where consideration for people and the planet is a natural part of doing business and according to this vision, we have created scalable ways to improve our supply chain and product. We developed the Fairphone 3 to be a real sustainable alternative on the market, which is a big step towards lasting change. By establishing a market for ethical products, we want to motivate the entire industry to act more responsibly since we cannot achieve this change alone.” Fairphone 3 is available for presale on the company’s official website, for €450. It will be in stock on September 3, when it will be offered across Europe by select retailers and operators. People appreciated Fairphone 3 as a sustainable smartphone on various social networks. A Hacker News user posted, “Modular, repairable phone with fair and traceable raw materials (as far as possible). The company is a Dutch social enterprise and constantly creative, innovative and progressing further. Really happy they have been profitable as well and had s successful investment round last year. I followed this project from Fairphone 1 and they really have made impressive progress. FP3 looks great in specs and is with €450 priced a bit better than the previous one.” https://twitter.com/tonmoy_phy/status/1166424694544728064 Other interesting news in Tech CERN plans to replace Microsoft-based programs with an affordable open-source software Glitch hits 2.5 million apps, secures $30M in funding, and is now available in VS Code. VMware reaches the goal of using 100% renewable energy in its operations, a year Stripe’s ‘Negative Emissions Commitment’ to pay for the removal and sequestration of CO2 to mitigate global warming.

Last week, Google released the latest Android Q security release notes published to the Android Open Source Project (AOSP) security bulletin update. Per this update, there are 193 Android security vulnerabilities in the latest version of Android. These include elevation of privilege, remote code execution, information disclosure and denial of service categories. Two are in the Android runtime, two in the library and 24 in the framework. The Android media framework has 68 vulnerabilities and the Android system has 97. All have been defined with "moderate" severity. These issues Google says are fixed in the default Android 10 patch level of 2019-09-01 on the release of the new OS. “Android Q, as released on AOSP, has a default security patch level of 2019-09-01. Android devices running Android Q and with a security patch level of 2019-09-01 or later address all issues contained in these security release notes,” reads the update. The update specifies that "Google has had no reports of active customer exploitation or abuse of these newly reported issues." At the Google I/O in May, Google had released Android Q beta 3. With this new release, Google announced that Android Q will double down on security and privacy features, such as a Maps incognito mode, reminders for location usage and sharing (such as only when a delivery app is in use), and TLSV3 encryption for low-end devices. Security updates will also roll out faster, updating over the air without a reboot needed for the device. The last Beta update for Android Q was rolled out in August as Beta 6. Other privacy announcements announced for Android Q so far by Google include: Scoped storage: There are new limits on access to files in shared external storage. Device Location: Android Q has a new user option to allow access to device location only while using your app in the foreground Background App Starts: There are new restrictions on launching activities from the background without user interaction Hardware Identifiers: Restrictions on access to device hardware identifiers such as IMEI, serial number, MAC, and similar data Camera And Connectivity: Android 10 has restrictions on access to full camera metadata, and FINE location permission now required for many connectivity workflows. Android has been the target of hackers for a long time. Recently, in July, Check Point researchers reported a new mobile malware attack called ‘Agent Smith’ which infected around 25 million Android devices. This malware is being used for financial gains through the use of malicious advertisements. The malware, concealed under the identity of a Google-related app, exploited known Android vulnerabilities and automatically replaced installed apps with their malicious versions, without any consent of the user. Android Studio 3.4 releases with Android Q Beta emulator, a new resource manager and more. Android Q Beta is now available for developers on all Google Pixel devices Android Q will reportedly give network carriers more control over network devices

A group of German researchers recently published a paper “A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link”, at the 28th USENIX Security Symposium (August 14–16), USA. The paper reveals security and privacy vulnerabilities in Apple’s AirDrop file-sharing service as well as denial-of-service (DoS) attacks which leads to privacy leaks or simultaneous crashing of all neighboring devices. As part of the research, Milan Stute and Alexander Heinrich, two researchers have developed an open-source implementation of Apple AirDrop written in Python - OpenDrop. OpenDrop is like a FOSS implementation of AirDrop. It is an experimental software and is the result of reverse engineering efforts by the Open Wireless Link project (OWL). It is compatible with Apple AirDrop and used for sharing files among Apple devices such as iOS and macOS or on Linux systems running an open re-implementation of Apple Wireless Direct Link (AWDL). The OWL project consists of researchers from the Secure Mobile Networking Lab at TU Darmstadt looking into Apple’s wireless ecosystem. It aims to assess security, privacy and enables cross-platform compatibility for next-generation wireless applications. Currently, OpenDrop only supports Apple devices. However, it does not support all features of AirDrop and may be incompatible with future AirDrop versions. It uses the current version of OpenSSL and libarchive and requires Python 3.6+ version. OpenDrop is licensed under the GNU General Public License v3.0. It is not affiliated with or endorsed by Apple Inc. Limitations in OpenDrop Triggering macOS/iOS receivers via Bluetooth Low Energy: Since Apple devices begin their AWDL interface and AirDrop server only after receiving a custom advertisement via Bluetooth LE, it is possible that Apple AirDrop receivers may not be discovered. Sender/Receiver authentication and connection state: Currently, OpenDrop does not conduct peer authentication. It does not verify that the TLS certificate is signed by Apple's root or not. Also, OpenDrop accepts any file that it receives automatically. Sending multiple files: OpenDrop does not support sending multiple files for sharing, a feature supported by Apple’s AirDrop. Users are excited to try the new OpenDrop implementation. A Redditor comments, “Yesssss! Will try this out soon on Ubuntu.” Another comment reads, “This is neat. I did not realize that enough was known about AirDrop to reverse engineer it. Keep up the good work.” Another user says, “Wow, I can’t wait to try this out! I’ve been in the Apple ecosystem for years and AirDrop was the one thing I was really going to miss.” Few Android users wish to see such implementations in an Android app. A user on Hacker News says, “Would be interesting to see an implementation of this in the form of an Android app, but it looks like that might require root access.” A Redditor comments, “It'd be cool if they were able to port this over to android as well.” To know how to send and receive files using OpenDrop, check out its Github page. Apple announces expanded security bug bounty program up to $1 million; plans to release iOS Security Research Device program in 2020 Google Project Zero reveals six “interactionless” bugs that can affect iOS via Apple’s iMessage ‘FaceTime Attention Correction’ in iOS 13 Beta 3 uses ARKit to fake eye contact

The internet was all ablaze when several security researchers reported that Apple has accidentally reintroduced a bug in iOS 12.4 that was patched in iOS 12.3. Many iOS users are already exploiting this vulnerability to jailbreak their devices with iOS 12.4. https://twitter.com/lorenzofb/status/1163480993707253761 iOS 12.4 jailbreaking As the name suggests, jailbreaking allows you to bypass the rules and regulations imposed by Apple on iOS, tvOS and watchOS operating systems. After getting the root access, you will be able to install software that is unavailable in the Apple App Store, run unsigned code, read and write to the root filesystem, and more. Many researchers shared steps and jailbreaking tools to help Apple users perform jailbreaking on their devices. A security researcher, who goes by the name Pwn20wnd on Twitter, released unc0ver v3.5.2, a jailbreaking tool, yesterday. With iOS 12.4 and unc0ver, you will be able to jailbreak A7-A11 devices. However, it does not currently fully support the A12 processor found in the iPhone XS, XS Max, and XR for iOS 12.1.3 and up. https://twitter.com/Pwn20wnd/status/1163537425211150336 Here’s a video by GeoSn0w showing how you can jailbreak your pre-A12 devices (iPhone 5S up to iPhone X) using unc0ver on iOS 12.4 which is currently the latest signed version from Apple: https://www.youtube.com/watch?v=qSItdLEr8WI Security implications of jailbreaking your iOS device Though there haven’t been any reports of malicious activity yet, this misstep does put millions of iOS users at risk as jailbreaking your devices can make them less secure. Security researchers are warning users to be careful about what apps they download. A hacker with malicious intentions can target jailbroken iPhones to easily install malware. Pwn20wnd told Motherboard that an attacker could “make perfect spyware” by exploiting this vulnerability. Giving an example, he said, “a malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox—a mechanism that prevents apps from reaching data of other apps or the system—and steal user data.” He adds, “It is very likely that someone is already exploiting this bug for bad purposes.” Patrick Wardle, a principal security researcher at the Mac management firm Jamf told the Wired, "This is rather inexcusable, as it puts millions of iOS users at risk. And the irony, as others have already noted, is that since Apple doesn't allow us to downgrade to old versions, we're really kind of sitting ducks." Apple and the security research community Earlier this month, Apple sued a Florida-based virtualization company Corellium for copyright infringement. Corellium offers “perfect replicas” or virtual iOS builds that can be used for security research and other purposes. Many security researchers felt that such tools could have been really helpful to identify mistakenly reintroduced vulnerabilities such as this one. "This shows that Apple continues to struggle with security—even on iOS which is clearly their priority. And this was uncovered by an independent security researcher, which illustrates the value such researchers add. Apple's more communicative approach with their new bug bounty program is good, but their attempts to shut down researcher tools like Corellium are bad," said Wardle in a Wired report. This month, Apple did take a few steps towards making its restrictive OS open to security researchers. It shared its plan to offer special iPhones to security researchers next year that will help them find security flaws and vulnerabilities in iOS. These devices will be given to researchers who report bugs through Apple’s bug bounty program for iOS, which was launched in 2016. At this year’s Black Hat conference, the company extended its use to cover macOS, Apple Watch, Apple TV, and more. Read Motherboard's full story of iOS 12.4 jailbreaking to know more in detail. Apple announces ‘WebKit Tracking Prevention Policy’ that considers web tracking as a security vulnerability MacStadium announces ‘Orka’ (Orchestration with Kubernetes on Apple) Microsoft contractors also listen to Skype and Cortana audio recordings, joining Amazon, Google and Apple in privacy violation scandals

Earlier this year, the Ionic team released the beta version of Ionic React. After receiving the developer feedback and contributions from the community, the team launched Ionic React RC on Wednesday. The team says that this first major release of Ionic React was made possible by Ionic 4.0. Previously, Ionic was built using Angular components, but Ionic 4.0 was rewritten to use Web Components. This change made the Ionic Framework, an app development framework that can be used alongside any front end frameworks, not just Angular. Why is Ionic React needed Explaining the motivation behind Ionic React, Ely Lucas, Software Engineer & Dev Advocate at Ionic wrote in the announcement, “Ionic React RC marks the first major release of our vision to bring Ionic development to more developers on other frameworks.” Though it is possible to import the core Ionic components directly into React projects, this method does not provide a good developer experience. Also, when working with web components in React, you need to write some boilerplate code to properly communicate with the web components. Ionic React will essentially work as a “thin wrapper” around the core components of Ionic and will export them as native React components. It will also handle the boilerplate code for you. However, you still need to write a few features in the native framework such as page lifetime management and lifecycle methods. You can do this by extending the react-router package with @ionic/react-router. Considering this is a release candidate, the team is not expecting many major changes. Sharing the team’s next steps, Lucas said, “We will be looking closely at any issues that pop up during the RC phase and working on some final code stabilization and minor bug fixes...We also plan on creating some more content and guides in the docs to help with some best practices we’ve found when working with Ionic React.” The team is now seeking developer feedback before they come up with the final release. If you encounter any issues, you can report it on the GitHub repo and tag the issue with “package react”. To know further updates on Ionic React, you can also have a chat with the team who will be present at React Rally from August 22-23 at Salt Lake City, UT. This is a community conference that brings together developers of all backgrounds using React.js, React Native, and related tools. Many developers are excited about this update. Here’s what a few Twitter users are saying: https://twitter.com/clandestoapp/status/1161893695194636289 https://twitter.com/miniallaghi/status/1161964880913719297 Check out the official announcement by the Ionic team to know more in detail. The Ionic team announces the release of Ionic React Beta Ionic Framework 4.0 has just been released, now backed by Web Components, not Angular Ionic v4 RC released with improved performance, UI Library distribution and more  

Google has announced a FIDO2 based local user verification for Google Accounts, for a simpler authentication experience when viewing saved passwords for a website. Basically, you can now use fingerprint or screen lock instead of passwords when visiting certain Google services. This password-free authentication service will leverage the FIDO2 standards, FIDO CTAP, and WebAuthn, which is designed to “provide simpler and more secure authentication experiences. They are a result of years of collaboration between Google and many other organizations in the FIDO Alliance and the W3C” according to a blog post from the company. This new authentication process is designed to speed up the process of logging into Google accounts as well as being more secure by replacing the password typing system with a direct biometric authentication system. How this works is that if you tap on any one of your saved passwords on passwords.google.com, then Google will prompt you to "Verify that it’s you," at which point, you can authenticate using your fingerprint or any other method you usually use to unlock your phone (such as using a pin number or a touch pattern). Google has not yet made it clear which Google services could be used by the biometric method; the blog post cited Google's online Password Manager, as the example. Source: Google Google is also being cautious about data privacy, noting, “Your fingerprint is never sent to Google's servers - it is securely stored on your device, and only a cryptographic proof that you've correctly scanned it is sent to Google's servers. This is a fundamental part of the FIDO2 design. This sign-in feature is currently available on all Pixel devices. It will be made available to all Android phones running 7.0 Nougat or later "over the next few days.  Google Titan Security key with secure FIDO two factor authentication is now available for purchase Google to provide a free replacement key for its compromised Bluetooth Low Energy (BLE) Titan Security Keys Cloud Next 2019 Tokyo: Google announces new security capabilities for enterprise users

Yesterday, Colin White, a Senior Android Engineer at Instacart, introduced Coroutine Image Loader (Coil). It is a fast, lightweight, and modern image loading library for Android backed by Kotlin. https://twitter.com/colinwhi/status/1160943333033648128 Currently, there are a number of image loading libraries for Android such as Glide, Fresco, Picasso, Mirage, among others. However, the Instacart team aims to introduce a new library that is “more modern and simpler” with Coil. Key features in Coil Backed by Kotlin Coil offers a “simple, elegant API” by leveraging the Kotlin language features like extension functions, inlining, lambda params, and sealed classes. It provides strong support for non-blocking asynchronous computation and work cancellation while ensuring maximum thread reuse with the help of Kotlin Coroutines. Leverages modern dependencies Coil relies on dependencies that are standard and recommended such as OkHttp, Okio, and AndroidX Lifecycles. Square’s OkHttp and Okio are by default efficient and enables Coil to avoid reimplementing things like disk caching and stream buffering. Likewise, AndroidX Lifecycles is a recommended way for tracking the lifecycle state. Lightweight Coil’s codebase consists of 8x fewer lines of code as compared to Glide. It adds approximately 1500 methods to your APK, which is comparable to Picasso and significantly less than Glide and Fresco. Supports extension The image pipeline of Coil consists of three main classes: Mappers, Fetchers, and Decoders. You can use these interfaces to augment or override the base behavior and add support for new file types in Coil. Supports dynamic image sampling Coil comes with a new feature, dynamic image sampling. Consider you want to load a 500x500 image into a 100x100 ImageView. The library will load the image into memory at 100x100. But, what if you want the quality to be as the 500x500 image? In this case, the 100x100 image is used as a placeholder while the 500x500 image is read. Coil will take care of this automatically for all BitmapDrawables. The placeholder is set synchronously on the main thread preventing white flashes where the ImageView is empty for one frame. It also creates a visual effect where the image detail appears to fade in with the help of the crossfade animation. To know more in detail about Coil, check out its official documentation and GitHub repository. 25 million Android devices infected with ‘Agent Smith’, a new mobile malware Mozilla launches Firefox Preview, an early version of a GeckoView-based Firefox for Android Facebook released Hermes, an open-source JavaScript engine to run React Native apps on Android  

Apple made some major announcements at the Black Hat cybersecurity conference 2019 which concluded yesterday, in Las Vegas. Apple’s head of security engineering, Ivan Krstić announced that anybody who can hack an iPhone will get up to $1 million reward. They have also released a new payout system for security researchers, depending on the type of vulnerability found by them. Krstić also unveiled Apple’s new iOS Security Research Device program, which will be out next year. As part of the program, qualified security researchers will be provided with special iPhones to find out flaws in them. Apple expands its Security bug Bounty program Apple first launched its bug bounty program, in 2016. The previous bug bounty program consisted of $200,000 and included only those involved in Apple’s invite-only bug bounty program. Yesterday, Apple announced that, per Apple’s new security bug bounty program, anyone who can hack an iPhone will receive up to $1 million. Also, the security bounty program has been opened to all security researchers. It will include all of Apple’s platforms, including iCloud, iOS, tvOS, iPadOS, watchOS, and macOS. https://twitter.com/mikebdotorg/status/1159557138580004864 Apple has also released a new payout system with the payouts starting from $100,000 for finding a bug that allows lock screen bypass or unauthorized access to iCloud. Researchers can also gain up to 50% bonus if they find any bugs in a pre-released software. The top payout is booked for hackers who can discover a zero-click kernel code execution with persistence. https://twitter.com/Manzipatty/status/1159680310348537861 https://twitter.com/sdotknight/status/1159807563036340224 https://twitter.com/kennwhite/status/1159705960061030400 Apple’s new iOS Security Research Device program Apple gave out details about its new iOS Security Research Device program, which will be out next year. In this program, Apple will be supplying special iPhones to security researchers to help them find security flaws in iOS. However, this the iOS security research device program is available only to researchers who have great experience in security research on any platforms. https://twitter.com/0x30n/status/1159553364159414272 The special devices will be different from the regular iPhones, as it will come with ssh, a root shell, and advanced debug capabilities to ensure identification of bugs. “This is an unprecedented fully Apple supported iOS security research platform,” said Krstić at the conference. https://twitter.com/skbakken/status/1159556808198852608 https://twitter.com/marconielsen/status/1159584902339276801 Though many users have praised Apple for the great money and initiating the security research device program, few also opine that this is not so huge. Given the kind of knowledge and expertise required to find these bugs, there are suggestions that Apple should consider paying these hackers more as they are the ones saving Apple from a lot of negative P.R. Also, they found a bug, which even the Apple employees are sometimes unable to find. A user on Hacker News comments, “1M is a lot of money to me, a regular person, but when you consider that top security engineering talent could be making north of 500k in total compensation, 1M suddenly doesn’t seem all that impressive. It’s a good bet to make on their risk. Imagine paying a mere 1M to avoid a public fiasco where all of your users get owned. This just seems like good business. They could make it 5M, and it would still be worth it to them in the medium to long term.” Another user says, “I'm surprised by how cheap the vulnerabilities market is. A good exploit, against a popular product like Chrome, selling for 100k or even $1M may sound like a lot, but it's really pennies for any top software firm. And $1M is still a lot for a vulnerability by market prices.” Another comment on Hacker News reads, “When I read the article, my first reaction was "Only a million?" Considering the importance of a bug like this to Apple's business and the size of their cash hoard, this sounds like they don't actually care that much.” To know about other highlights at the Black Hat cybersecurity conference 2019, head over to our full coverage. Apple Card, iPhone’s new payment system, is now available for select users Apple plans to suspend Siri response grading process due to privacy issues Data Transfer Project: Now Apple joins Google, Facebook, Microsoft and Twitter to make data sharing seamless

Update - 20th August 2019: Apple Card is now available to qualified customers in the US with iPhone 6 and later. To apply, customers can update to iOS 12.4 on iPhone, open Wallet and tap +. The Apple Card 3 percent Daily Cash is now extended to new merchants - Uber and Uber Eats. Update - 23rd August 2019: The article has been updated to include details of how Apple wants users to store and clean the card. At its March event, Apple announced its paid subscription service, Apple Card. This is Apple’s new digital credit card which can be used for purchases and comes with simpler applications, no fees, lower interest rates, and daily rewards. Now, Apple Card is available as a  “preview rollout” since yesterday and will be broadly available to all iPhone owners in the US later this month. The Apple Card is created in partnership with Goldman Sachs and Mastercard. It is available as two options. First, as a digital card which users will be able to access by signing up on their iPhone in the Apple Wallet app.  Second, as a physical titanium card with no credit card number, CVV, expiration date, or signature. All of the authorization information is stored directly in the Apple Wallet app. The card also provides a virtual number for online merchants that don’t take Apple Pay. Users can deactivate it entirely from the Wallet app with a single tap. The preview version is available to a random group of users who have signed up to be notified about the Apple Card. The sign up will require iOS 12.4, address, birthday, income level, and last four digits of their Social Security number. This information is sent to Goldman Sachs, which will approve or decline an application in real-time. Users would also need to enable two-factor authentication. They are also not allowed to modify their Apple device or jailbreak it. The card makes use of machine learning and Apple Maps to label stores and to categorize them based on color. Users can easily track purchases in the Wallet app across categories like “food and drink” or “shopping.” It also has a rewards program, “Daily Cash,” which adds 2 percent of the daily purchase amount in cash to your Apple Cash account, also within the Wallet app. Though, purchases made through the physical card will get just 1 percent cashback. Apple has although faced criticism for its variable APR (Annual Percentage Rate) which starts at 12.99 percent and goes up to 24.24 percent. John Gruber from Daring Fireball wrote, “Variable APRs range from 13.24% to 24.24% based on creditworthiness. Rates as of March 2019.” What a crock of shit this “low-interest rates” line is. Those interest rates are usury, right in line with the rest of the credit card industry. 24% interest ought to be criminal, and 13% is not “low”.” Apple is quite cautious of the card’s privacy features and will store the spending, tracking and other information directly on the device. Jennifer Bailey, VP of Apple Pay said, “Apple doesn’t know what you bought, where you bought it, and how much you paid for it. Goldman Sachs will never sell your data to third parties for marketing and advertising.” Store your Apple Card lot in your wallet without touching another credit card, warns Apple Although Apple's new titanium Apple Card boasts of a multitude of features, it requires detailed handling, care, and cleaning which is quite different from how people use and store their normal credit cards. Apple says you should clean your Apple Card with a microfiber cloth and avoid contact with leather and denim. You should also be placing your card in a slot in your wallet or billfold without touching another credit card. It should not be placed in a pocket or bag that contains loose change, keys, or other potentially abrasive objects. Apple warns that storing the card with other credit cards can scratch and damage it. Apple has previously been criticized for making products that are aesthetically pleasing but easily damaged in everyday use. People on Twitter agree. https://twitter.com/JasonHirschhorn/status/1164352999122071552 https://twitter.com/alexstamos/status/1164367608038088704 Apple Card also signifies a transition from devices to services. In light of the recent news of Apple’s iPhone sales dwindling, the company is now shifting its focus to other means of revenue growth to keep its consumers occupied in the world of Apple. Apart from Apple card, these include smart home devices, streaming service, and Apple Arcade. You can sign up to be notified of the release of the card on Apple.com Apple’s March Event: Apple changes gears to services, is now your bank, news source, gaming zone, and TV Apple advanced talks with Intel to buy its smartphone modem chip business for $1 billion. OpenID Foundation questions Apple’s Sign-In feature, says it has security and privacy risks

Yesterday, Facebook posted a detailed report of their research in brain-computer interface (BCI) with an aim to build a non-invasive device that would type what a person is imagining. This device is expected to be an input solution for future augmented reality (AR) glasses. Facebook first proposed its plan to build this technology at the F8 2017 conference. https://twitter.com/boztank/status/1156228719129665539 Two weeks ago, Elon’s Musk presented ‘Neuralink’ based on a brain-computer interface technology. It is a sewing machine-like robot that can implant ultrathin threads deep into the human brain. It uses four sensors which will be placed in a wearable device, under the scalp to an inductive coil behind the ear. It will contain a Bluetooth radio and a battery and will be controlled through an iPhone app. Neuralink aims to give people the ability to read computers and smartphones using their thoughts, while Facebook aims to explore human brain to write an input solution for AR glasses. Unlike Neuralink, Facebook plans to take a non-invasive route to reading minds. One part of the vision of Facebook’s research coincides with a paper titled “Real-time decoding of question-and-answer speech dialogue using human cortical activity”. The paper is published by a team of researchers from the University of California San Francisco (UCSF) and are supported by Facebook. The paper demonstrates real-time decoding of perceived and produced speech from high-density electrocorticography (ECoG) activity in humans to detect when they heard or said an utterance and then decode the utterance’s identity. The researchers were able to perceive and produce utterances with 76% and 61% accuracy rates respectively. The paper aims to help patients, who are unable to speak or move due to locked-in syndrome, paralysis or epilepsy, to interact on a rapid timescale similar to human conversations. How does real-time decoding of question-and-answer speech work? Three human epilepsy patients undergoing treatment at the UCSF Medical Center gave his or her written informed consent to participate in this research. ECoG arrays were surgically implanted on their cortical surface i.e., outer layer of the cerebrum of each participant. Image Source: Real-time decoding approach For each trial, each participant was made to hear a question with a possible set of answer choices on a screen. The participants were asked to choose any one of the answers and verbally say it when a green response cue appears on the screen. At that same time, participant’s cortical activity was acquired from the ECoG electrodes, implanted on the participants temporal and frontal cortex surface. The cortical activity is then filtered in real-time to extract high gamma activity. Next, a speech detection model uses the spatiotemporal pattern of a high gamma activity to predict if a question is being heard or an answer is being produced (or neither) at each time point. If a question event is detected, the time window of high gamma activity is passed to a question classifier which uses Viterbi decoding to compute question utterance probability. The question with the highest probability is considered the output of the decoded question. A stimulus set is designed such that each answer is only likely for a particular set of questions called context priors. These context priors are then combined with the predicted question probabilities to obtain answer priors. When the speech detection model detects an answer event, the same procedure is followed with an answer classifier. Finally, the context integration model combines all the answer probabilities with the answer priors to yield answer posterior probabilities. The answer with the highest number of posterior probability is considered as the output i.e., the decoded answer. Thus by integrating what the participants hear and say, the researchers are using “an interactive question-and-answer behavioral paradigm” to present a real-world assistive communication setting for patients. Although the researchers were unable to “make quantitative and definitive claims about the relationship between decoder performance and functional-anatomical coverage” with three participants, they are satisfied that this is a promising step towards the goal of “demonstrating that produced speech can be detected and decoded from neural activity in real-time while integrating dynamic information from the surrounding context.” Many people have found it fascinating and consider this research as an important implication for patients who are unable to communicate. https://twitter.com/drjkwan/status/1156251608260534272 https://twitter.com/SaberaTalukder/status/1156450592274956288 How is Facebook using brain-computer interface for AR? The UCSF researchers have maintained that their algorithm is capable of recognizing only a small set of words and phrases, and are working towards translating much larger vocabulary. Facebook say that Facebook Reality Labs (FRL) researchers have limited access to de-identified data, as it remain onsite at UCSF and under its control at all times. In the post, Facebook states that FRL has built a research kit of a wearable brain-computer interface device. They have been testing the ability of the system to decode single imagined words like “home,” “select,” and “delete,” with non-invasive technologies, using near-infrared light. It also says that though the system is currently bulky, slow, and unreliable, it’s potential is significant. “We don’t expect this system to solve the problem of input for AR anytime soon. It could take a decade, but we think we can close the gap,” Facebook writes in the post. Facebook is building towards a bigger goal of implementing systems that can “interact with today's VR systems — and tomorrow's AR glasses.” Users are highly skeptical of Facebook’s vision as many doubt Facebook’s intention of exploring human brain control in the name of AR wearables. https://twitter.com/HuxleysRazor/status/1156243187251470337 https://twitter.com/Croftt/status/1156256571569033216 While many have raised ethical questions that exploring human membranes in the name of research is risky and disturbing. https://twitter.com/gjergjdollani/status/1156320052943228935 https://twitter.com/MichaelCholod/status/1156303132315402240 https://twitter.com/hubertpaulo/status/1156320970778533888 Many have also raised concerns that Facebook, a company who has been in the wrong books lately, (read data breaches, GDPR violation, tracking users data), cannot be trusted. https://twitter.com/sterlingcrispin/status/1156360116557344768 https://twitter.com/sterlingcrispin/status/1156399668403691521 Facebook did manage to find few supporters who were excited about this technology. https://twitter.com/FKSportsBlog/status/1156436559173955584 https://twitter.com/DrewRoberts/status/1156255780548616192 Along with platforms like Facebook, now websites using embedded ‘Like’ buttons are jointly responsible for what happens to the collected user data, rules EU court The US Justice Department opens a broad antitrust review case against tech giants Microsoft Azure VP demonstrates Holoportation, a reconstructed transmittable 3D technology

Two days ago, researchers from Facebook AI Research published a paper titled “CraftAssist: A Framework for Dialogue-enabled Interactive Agents”. The authors of this research are Facebook AI research engineers Jonathan Gray and Kavya Srinet, Facebook AI research scientist C. Lawrence Zitnick and Arthur Szlam and Yacine Jernite, Haonan Yu, Zhuoyuan Chen, Demi Guo and Siddharth Goyal. The paper describes the implementation of an assistant bot called CraftAssist which appears and interacts like another player, in the open sandbox game of Minecraft. The framework enables players to interact with the bot via in-game chat through various implemented tools and platforms. The players can also record these interactions through an in-game chat. The main aim of the bot is to be a useful and entertaining assistant to all the tasks listed and evaluated by the human players. Image Source: CraftAssist paper For motivating the wider AI research community to use the CraftAssist platform in their own experiments, Facebook researchers have open-sourced the framework, the baseline assistant, data and the models. The released data includes the functions which was used to build the 2,586 houses in Minecraft, the labeling data of the walls, roofs, etc. of the houses, human rephrasing of fixed commands, and the conversion of natural language commands to bot interpretable logical forms. The technology that allows the recording of human and bot interaction on a Minecraft server has also been released so that researcher will be able to independently collect data. Why is the Minecraft protocol used? Minecraft is a popular multiplayer volumetric pixel (voxel) 3D game based on building and crafting which allows multiplayer servers and players to collaborate and build, survive or compete with each other. It operates through a client and server architecture. The CraftAssist bot acts as a client and communicates with the Minecraft server using the Minecraft network protocol. The Minecraft protocol allows the bot to connect to any Minecraft server without the need for installing server-side mods. This lets the bot to easily join a multiplayer server along with human players or other bots. It also lets the bot to join an alternative server which implements the server-side component of the Minecraft network protocol. The CraftAssist bot uses a 3rd-party open source Cuberite server. It is a fast and extensible game server used for Minecraft. Read More: Introducing Minecraft Earth, Minecraft’s AR-based game for Android and iOS users How does the CraftAssist function? The block diagram below demonstrates how the bot interacts with incoming in-game chats and reaches the desired target. Image Source: CraftAssist paper Firstly, the incoming text is transformed into a logical form called the action dictionary. The action dictionary is then translated by a dialogue object which interacts with the memory module of the bot. This produces an action or a chat response to the user. The bot’s memory uses a relational database which is structured to recognize the relation between stored items of information. The major advantage of this type of memory is the easy to convert semantic parser, which is converted into a fully specified tasks. The bot responds to higher-level actions, called Tasks. Tasks are an interruptible process which follows a clear objective of step by step actions. It can adjust to long pauses between steps and can also push other Tasks onto a stack, like the way functions can call other functions in a standard programming language. Move, Build and Destroy are few of the many basic Tasks assigned to the bot. The The Dialogue Manager checks for illegal or profane words, then queries the semantic parser. The semantic parser takes the chat as input and produces an action dictionary. The action dictionary indicates that the text is a command given by a human and then specifies the high-level action to be performed by the bot. Once the task is created and pushed onto the Task stack, it is the responsibility of the command task ‘Move’ to compare the bot’s current location to the target location. This will make the bot to undertake a sequence of low-level step movements to reach the target. The core of the bot’s understanding of natural language depends on a neural semantic parser called the Text-toAction-Dictionary (TTAD) model. This model receives the incoming command/chat and then classifies it into an action dictionary which is interpreted by the Dialogue Object. The CraftAssist framework thus enables the bots in Minecraft to interact and play with players by understanding human interactions, using the implemented tools. The researchers hope that since the dataset of CraftAssist is now open-sourced, more developers will be empowered to contribute to this framework by assisting or training the bots, which might lead to the bots learning from human dialogue interactions, in the future. Developers have found the CraftAssist framework interesting. https://twitter.com/zehavoc/status/1151944917859688448 A user on Hacker News comments, “Wow, this is some amazing stuff! Congratulations!” Check out the paper CraftAssist: A Framework for Dialogue-enabled Interactive Agents for more details. Epic Games grants Blender $1.2 million in cash to improve the quality of their software development projects What to expect in Unreal Engine 4.23? A study confirms that pre-bunk game reduces susceptibility to disinformation and increases resistance to fake news

One of the major highlights at the ongoing Microsoft Inspire 2019 at Las Vegas, was the demonstration of Holoportation by Azure Corporate Vice President Julia White. Holoportation is a type of 3D capture technology that allows high-quality 3D models of people to be reconstructed, compressed and transmitted anywhere in the world in real-time. Microsoft Researchers have been working on this technology for several years by utilizing Mixed Reality (MR) devices with HoloLens, which is a pair of mixed reality smart glasses. Individuals owning these devices will be able to see each other virtually, thus giving the impression that they are in the same room at the same time. Yesterday, on Day 3 of the conference, White demonstrated this technology using Mixed Reality and Azure AI. White wore a HoloLens 2 headset which generated a ‘mini-me’ version of herself, which she could almost hold in her hand. After a little sparkling of green special effects, the miniature version got transformed into a full-size hologram of White. The hologram of White spoke in Japanese, even though the real White doesn’t know the language personally. The hologram White’s voice was the exact replica of the real White’s “unique voice signature”. https://www.youtube.com/watch?time_continue=169&v=auJJrHgG9Mc White said this “mind blowing” technology was made possible by using Mixed Real technology to create her hologram and to render it live. Next, it used Azure speech to text capability in English transcription to get the speech and then used Azure translate to translate her language in Japanese. Finally, the neural text to speech technology was applied to make it sound exactly like White, just speaking in Japanese. This is not the first time that Microsoft has demonstrated its holographic technology. Last year, during the Microsoft Inspire 2018 event, the Microsoft team had remotely collaborated in real-time with a 3D hologram. The demo participants had used advanced hand gestures and voice commands to collectively assess and dissect a 3D hologram of the Rigado Cascade IoT gateway. The Azure text-to-speech allows users to convert their custom voice into natural human-like synthesized speech. Thus, this technology gives the ability to converse with anybody, anywhere in the world in real-time, without any language barrier and in their own voice texture. The audience present expressed their amazement during the demo. The seamless technology has also impressed many Twitterati. https://twitter.com/tendaidongo/status/1151567203428384773 https://twitter.com/KamaraSwaby/status/1151528144198705158 https://twitter.com/bobbyschang/status/1151526620362002432 https://twitter.com/_dimpy_/status/1151526775404429312 With Microsoft showcasing its prowess in the field of virtual and augmented reality, it can be expected that devices like 3D cameras, HoloLens headsets might become the new norm in smartphones, video games, and many other applications. Microsoft adds Telemetry files in a “security-only update” without prior notice to users Microsoft introduces passwordless feature in its Windows 10 devices, replaces it with Windows Hello face authentication, fingerprints, or a PIN Microsoft will not support Windows registry backup by default, to reduce disk footprint size from Windows 10 onwards