operating system

Apple has just patched the recent iOS 13.5 jailbreak

Posted by | Android, Apple, iPhone, iTunes, jailbreak, operating system, operating systems, Security, smartphones | No Comments

Well that didn’t last long.

Apple has patched a security vulnerability that allowed hackers to build a jailbreak tool allowing deep access to the iPhone software.

In a security advisory, Apple acknowledged that it had fixed the vulnerability in iOS 13.5.1, posted Monday. The technology giant credited the unc0ver team, which released the jailbreak just last week, for finding the vulnerability.

Although details of the vulnerability are not yet public, Apple typically works quickly to patch vulnerabilities that allow jailbreaks, fearing that the same vulnerability could also be abused by malicious hackers.

In a tweet, one of the lead jailbreakers confirmed that updating to iOS 13.5.1 will close the vulnerability and render the jailbreak useless.

I can confirm the new *OS updates have patched the kernel vulnerability used by the #unc0ver jailbreak.

If you are on iOS 13.5, stay and save blobs.

If you are not on iOS 13.5, update to it with the IPSW using a computer while it is still being signed and save blobs.

— @Pwn20wnd (@Pwn20wnd) June 1, 2020

Jailbreaking is a popular way to allow users to break free from Apple’s “jail” — hence the term — that prevents deep access to an iPhone’s operating system. Apple has does this to improve device security and to reduce the surface area in which hackers can attack the software. But jailbreakers say breaking through those restrictions allows them greater customization over their iPhones in a way that most Android users are already used to.

Security experts typically advise against jailbreaking as it can expose a device owner to a greater range of attacks, while advising users to install their devices and software as soon as updates become available.

Apple said iOS 13.5.1 also comes with new Memoji stickers and other bug fixes and improvements.

Update today. If security isn’t your thing, at least do it for the Memoji stickers.

Powered by WPeMatico

Huawei admits uncertainty following new US chip curbs

Posted by | Android, Asia, huawei, integrated circuits, operating system, Qwant, semiconductor, shenzhen, smartphones, telecommunications, TomTom, TSMC, U.S. Department of Commerce, U.S. government | No Comments

Following the U.S. government’s announcement that would further thwart Huawei’s chip-making capability, the Chinese telecoms equipment giant condemned the new ruling for being “arbitrary and pernicious.”

“Huawei categorically opposes the amendments made by the U.S. Department of Commerce to its foreign direct product rule that target Huawei specifically,” said Huawei Monday at its annual analyst summit in Shenzhen.

The new curbs, which dropped on Friday, would ban Huawei from using U.S. software and hardware in certain strategic semiconductor processes. This will affect all foundries using U.S. technologies, including those located abroad, some of which are Huawei’s key suppliers.

Earlier on Monday, the Nikkei Asian Review reported citing sources that Taiwanese Semiconductor Manufacturing Co., the world’s largest contract semiconductor that powers many of Huawei’s high-end phones, has stopped taking new orders from Huawei, one of its largest clients. Huawei declined to comment while TSMC said the report was “purely market rumor”.

Decisions from TSMC point to its attempt to strengthen bonds with the U.S. though, as it’s planning a new $12 billion advanced chip factory in Arizona with support from the state and the U.S. federal government.

At the Monday conference, Huawei’s rotating chairman Guo Ping admitted that while the firm is able to design some semiconductor parts such as integrated circuits (IC), it remains “incapable of doing a lot of other things.”

“Survival is the keyword for us at present,” he said.

Huawei stated the latest U.S. ban would not only affect its own business in over 170 countries, where it has spent “hundreds of billions of dollars,” but also the wider ecosystem around the world.

“In the long run, [the U.S. ban] will damage the trust and collaboration within the global semiconductor industry which many industries depend on, increasing conflict and loss within these industries.”

Huawei has announced a raft of contingency measures ever since the Trump administration began slapping technology sanctions on it, including one that had cut it off certain Android services from Google.

Huawei said at the summit that it had doubled down on investment in overseas developers in an effort to lure them to its operating system. Some 1.4 million developers have joined Huawei Mobile Services or HMS, a 150% jump from 2019. For comparison, iOS in 2018 counted 20 million registered developers, who collectively made about $100 billion in revenues. The question for Huawei is how much money app makers can generate from its ecosystem.

In its search to identify alternatives to Google’s app suite in Europe, it has partnered up with navigation services TomTom and Here, search engine Qwant and news app News UK. 

Powered by WPeMatico

How to create the best at-home videoconferencing setup, for every budget

Posted by | Amazon, articles, Bluetooth, driver, Gadgets, hardware, HDMI, Laptop, Logitech, microphone, Microsoft, microsoft windows, operating system, operating systems, Philips, RØDE, smartphones, Sony, TC, technology, telecommunications, Teleconferencing, usb, video conferencing, webcam, wi-fi, wireless earbuds | No Comments

Your life probably involves a lot more videoconferencing now than it did a few weeks ago – even if it already did involve a lot. That’s not likely going to change anytime soon, so why not make the most of it? The average MacBook webcam can technically get the job done, but it’s far from impressive. There are a number of ways to up your game, however – by spending either just a little or a whole lot. Whether you’re just looking to improve your daily virtual stand-up, gearing up for presenting at a virtual conference, or planning a new video podcast, here’s some advice about what to do to make the most of what you’ve got, or what to get if you really want to maximize your video and audio quality.

Level 0

Turn on a light and put it in the right place

One of the easiest things you can do to improve the look of your video is to simply turn on any light you have handy and position it behind the camera shining on your face. That might mean moving a lamp, or moving your computer if all your available lights are in a fixed position, but it can make a dramatic difference. Check out these examples below, screen grabbed from my Microsoft Surface Book 2 (which actually has a pretty good built-in video camera, as far as built-in video cameras go).

The image above is without any light beyond the room’s ceiling lights on, and the image below is turning on a lamp and positioning it directed on my face from above and behind the Surface Book. It’s enough of a change to make it look less like I got caught by surprise with my video on, and more like I actually am attending a meeting I’m supposed to take part in.

Be aware of what’s behind you

It’s definitely too much to ask to set dress your surroundings for every video call you jump on, but it is worth taking a second to spot check what’s visible in the frame. Ideally, you can find a spot where the background is fairly minimal, with some organized decor visible. Close doors that are in frame, and try not to film in front of an uncovered window. And if you’re living in a pandemic-induced mess of clutter, just shovel the clutter until it’s out of frame.

Know your system sound settings

Get to know where the input volume settings are for your device and operating system. It’s not usually much of an issue, because most apps and systems set pretty sensible defaults, but if you’re also doing something unusual like sitting further away from your laptop to try to fit a second person in frame, then you might want to turn up the input audio slider to make sure anyone listening can actually hear what you have to say.

It’s probably controllable directly in whatever app you’re using, but on Macs, also try going to System Preferences > Sound > Input to check if the level is directly controllable for the device you’re using, and if tweaking that produces the result you’re looking for.

Level 1

Get an external webcam

The built-in webcam on most notebooks and all-in-ones isn’t going to be great, and you can almost always improve things by buying a dedicated webcam instead. Right now, it might be hard to find them in stock, since a lot of people have the same need for a boost in videoconferencing quality all at the same time. But if you can get your hands on even a budget upgrade option like the Logitech C922 Pro Stream 1080p webcam I used for the clip below, it should help with sharpness, low light performance, color and more.

Get a basic USB mic

Dedicated external mics are another way to quickly give your setup a big boost for relatively low cost. In the clip above, I used the popular Samson Meteor USB mic, which has built-in legs and dedicated volume/mute controls. This mic includes everything you need, and should work instantly when you plug it in via USB, and it produces great sound that’s ideal for vocals.

Get some headphones

Headphones of any kind will make your video calls and conferences better, since it minimizes the chance of echo from your mic picking up the audio from your own speakers. Big over ears models are good for sound quality, while earbuds make for less obvious headwear in your actual video image.

Level 2

Use a dedicated camera and an HDMI-to-USB interface

If you already have a standalone camera, including just about any consumer pocket camera with HDMI out capabilities, then it’s worth looking into picking up an HDMI-to-USB video capture interface in order to convert it into a much higher quality webcam. In the clip below I’m using the Sony RX100 VII, which is definitely at the high end of the consumer pocket camera market, but there are a range of options that should give you nearly the same level of quality, including the older RX100 models from Sony .

When looking for an HDMI interface, make sure that they advertise that it works with videoconferencing apps like Zoom, Hangouts and Skype on Mac and Windows without any software required: This means that they likely have UVC capabilities, which means those operating systems will recognize them as webcams without any driver downloads or special apps required out of the box. These are also in higher demand due to COVID-19, so the Elgato Cam Link 4K I used here probably isn’t in ready stock anywhere. Instead, look to alternatives like the IOGear Video Capture Adapter or the Magewell USB 3.0 Capture device, or potentially consider upgrading to a dedicated live broadcast deck like the Blackmagic ATEM Mini I’ll talk more about below.

Get a wired lav mic

A simple wired lavalier (lav) microphone is a great way to upgrade your audio game, and it doesn’t even need to cost that much. You can get a wired lav that performs decently well for as little as $20 on Amazon, and you can use a USB version for connecting directly to your computer even if you don’t have a 3.5mm input port. Rode’s Lavalier GO is a great mid-range option that also works well with the Wireless GO transmitter and receiver kit I mention in the next section. The main limitation of this is that depending on cord length, you could be pretty limited in terms of your range of motion while using one.

Get multiple lights and position them effectively

Lighting is a rabbit hole that ends up going very deep, but getting a couple of lights that you can move to where you need them most is a good, inexpensive way to get started. Amazon offers a wide range of lighting kits that fit the bill, or you can even do pretty well with just a couple of Philips Hue lights in gooseneck lamps positioned correctly and adjusted to the right temperature and brightness.

Level 3

Use an interchangeable lens camera and a fast lens

The next step up from a decent compact camera is one that features interchangeable lenses. This allows you to add a nice, fast prime lens with a high maximum aperture (aka a low ‘f’ number’) to get that defocused background look. This provides natural-looking separation of you, the subject, from whatever is behind you, and provides a cinematic feel that will wow colleagues in your monthly all-hands.

Get a wireless lav mic

A lav mic is great, but a wireless lav mic is even better. It means you don’t need to worry about hitting the end of your cable, or getting it tangled in other cables in your workspace, and it can provide more flexibility in terms of what audio interfaces you use to actually get your sound into the computer, too. A great option here is the RODE Wireless GO, which can work on its own or in tandem with a mic like the RODE Lavalier GO for great, flexible sound.

Use in-ear monitors

You still want to be using headphones at this stage, but the best kind to use really are in-ear monitors that do their best to disappear out of sight. You can get some dedicated broadcast-style monitors like those Shure makes, or you can spring for a really good pair of Bluetooth headphones with low latency and the latest version of Bluetooth. Apple’s AirPods Pro is a great option, as are the Bang & Olfusen E8 fully wireless earbuds, which I’ve used extensively without any noticeable lag.

Use 3-point lighting

At this stage, it’s really time to just go ahead and get serious about lighting. The best balance in terms of optimizing specifically for streaming, videoconferencing and anything else your’e doing from your desk, basically, is to pick up at least two of Elgato’s Key Lights or Key Light Airs.

These are LED panel lights with built-in diffusers that don’t have a steep learning curve, and that come with very sturdy articulating tube mounts with desk clamps, and that connect to Wi-Fi for control via smartphones or desktop applications. You can adjust their temperature, meaning you can make them either more ‘blue’ or more ‘orange’ depending on your needs, as well as tweak their brightness.

Using three of these, you can set up a standard 3-point lighting setup which are ideal for interviews or people speaking directly into a camera – aka just about every virtual conference/meeting/event/webinar use you can think of.

Level 4

Get an HDMI broadcast switcher deck

HDMI-USB capture devices do a fine job turning most cameras into webcams, but if you really want to give yourself a range of options, you can upgrade to a broadcast switching interface like the Blackmagic ATEM Mini. Released last year, the ATEM Mini packs in a lot of features that previously were basically only available to video pros, and provides them in an easy-to-use form factor with a price that’s actually astounding given how much this thing can really do.

On its own paired with a good camera, the ATEM Mini can add a lot to your video capabilities, including allowing you to tee up still graphics, and switch to computer input to show videos, work live in graphics apps, demonstrate code or run a presentation. You can set up picture-in-picture views, put up lower thirds and even fade-to-black using a hardware button dedicated to that purpose.

But if you really want to make the most of the ATEM Mini, you can add a second or even a third and fourth camera to the mix. For most uses, this is probably way too much camera – there are only so many angles one can get of a single person talking, in the end. But if you get creative with camera placement and subjects, it’s a fun and interesting way to break up a stream, especially if you’re doing something longer like giving a speech or extended presentation. The newer ATEM Mini Pro is just starting to ship, and offers built-in recording and streaming as well.

Use a broadcast-quality shotgun mic

The ATEM Mini has two dedicated audio inputs that really give you a lot of flexibility on that front, too. Attaching one to the output on an iPod touch, for instance, could let you use that device as a handy soundboard for cueing up intro and title music, plus sound effects. And this also means you can route sound from a high-quality mic, provided you have the right interface.

For top level streaming quality, with minimal sacrifices required in terms of video, I recommend going to a good, broadcast-quality shotgun mic. The Rode VideoMic NTG is a good entry-level option that has flexibility when it comes to also being mountable on-camera, but something like the Rode NTG3m mounted to a boom arm and placed out of frame with the mic end angled down towards your mouth, is going to provide the best possible results.

Add accent lighting

You’ve got your 3-point lighting – but as I said, lighting is a nearly endless rabbit hole. Accent lighting can really help push the professionalism of your video even further, and it’s also pretty easy and to set up using readily available equipment. Philips Hue is probably my favorite way to add a little more vitality to any scene, and if you’re already a Hue user you can make do with just about any of their color bulbs. Recent releases from Philips like the Hue Play Smart LED Light Bars are essentially tailor made for this use, and you can daisy chain up to three on one power adapter to create awesome accent wall lighting effects.

All of this is, of course, not at all necessary for basic video conferencing, virtual hangouts and meetings. But if you think that remote video is going to be a bigger part of our lives going forward, even as we return to some kind of normalcy in the wake of COVID-19, then it’s worth considering what elements of your system to upgrade based on your budget and needs, and hopefully this article provides some guidance.

Powered by WPeMatico

Sonos debuts new Arc soundbar, next-generation Sonos Sub, and Sonos Five speaker

Posted by | Alexa, consumer electronics, Gadgets, hardware, operating system, play:3, smart speakers, Sonos, soundbar, Speaker, TC | No Comments

Sonos has introduced a trio of new hardware today, adding three new smart speakers to its lineup, including the Sonos Arc soundbar that includes Dolby Atmos support, as well as Sonos Five, the next version of its Sonos Play:5 speaker, and a third-generation Sonos Sub. All of these will require the new S2 app that Sonos announced it will release to customers starting on June 8, which will introduce higher-res audio, a new UI and more.

The new Sonos Arc retails for $799, while the Sonos Sub is priced at $699 and the Sonos Five will set you back $499; all three are available for pre-order directly via the Sonos website. They’ll start shipping and become available at retail globally beginning on June 10.

This latest generation of Sonos soundbar succeeds the Sonos Beam, one the first of Sonos speakers to include support for Alexa after the introduction of the Sonos One in 2017. Beam is a lower-cost option, more compact option, available for $399, whereas Arc is a larger soundbar that more closely resembles the Playbar and Playable speakers that Sonos previously sold. Arc seems designed to replace both, since neither currently appears on the updated Sonos website following this launch.

Sonos describes the Arc’s audio as “rich, realistic 3D sound” that emphasizes a “premium audio experience” with “crisp dialogue.” It’s also the first Sonos soundbar with Dolby Atmos support, which it manages using two new height channels that are designed to render all 5.1 channels accurately with room-filling qualities. When the signal isn’t a true 5.1 one, those are repurposed to help with low-end for better bass.

The new third-generation Sonos Sub has more memory and processing power than previous iterations, as well as a new wireless radio for connecting to the rest of your system.

Sonos Five, meanwhile, has the same acoustic design as the Play:5, but with more memory, pricing power and a new radio on board as well. It also now comes in a full white version, whereas the previous generation only offered a white face with a black body.

As mentioned, all three of these will work with the new Sonos S2 app the company is launching in June — but these speakers will only work with that app, because of the operating system updates the app includes, which brings improved security and support for better audio quality when streaming.

That S2 app is the future of the company, but it will come with some compromises for long-time Sonos users. The most important of which is that if you have older Sonos hardware, you’ll need to remain on the S1 network. Those devices include some of the oldest that Sonos makes, but it’s definitely dangling a carrot for upgraders here with this new lineup to convince them to retire those in order to upgrade to the new experience.

Powered by WPeMatico

Meet EventBot, a new Android malware that steals banking passwords and two-factor codes

Posted by | Android, capitalone, computing, Cybereason, encryption, Finance, malware, mobile malware, operating system, operating systems, Security, security breaches, social media | No Comments

Security researchers are sounding the alarm over a newly discovered Android malware that targets banking apps and cryptocurrency wallets.

The malware, which researchers at security firm Cybereason recently discovered and called EventBot, masquerades as a legitimate Android app — like Adobe Flash or Microsoft Word for Android — which abuses Android’s in-built accessibility features to obtain deep access to the device’s operating system.

Once installed — either by an unsuspecting user or by a malicious person with access to a victim’s phone — the EventBot-infected fake app quietly siphons off passwords for more than 200 banking and cryptocurrency apps — including PayPal, Coinbase, CapitalOne and HSBC — and intercepts and two-factor authentication text message codes.

With a victim’s password and two-factor code, the hackers can break into bank accounts, apps and wallets, and steal a victim’s funds.

“The developer behind Eventbot has invested a lot of time and resources into creating the code, and the level of sophistication and capabilities is really high,” Assaf Dahan, head of threat research at Cybereason, told TechCrunch.

The malware quietly records every tap and key press, and can read notifications from other installed apps, giving the hackers a window into what’s happening on a victim’s device.

Over time, the malware siphons off banking and cryptocurrency app passwords back to the hackers’ server.

The researchers said that EventBot remains a work in progress. Over a period of several weeks since its discovery in March, the researchers saw the malware iteratively update every few days to include new malicious features. At one point the malware’s creators improved the encryption scheme it uses to communicate with the hackers’ server, and included a new feature that can grab a user’s device lock code, likely to allow the malware to grant itself higher privileges to the victim’s device like payments and system settings.

But while the researchers are stumped as to who is behind the campaign, their research suggests the malware is brand new.

“Thus far, we haven’t observed clear cases of copy-paste or code reuse from other malware and it seems to have been written from scratch,” said Dahan.

Android malware is not new, but it’s on the rise. Hackers and malware operators have increasingly targeted mobile users because many device owners have their banking apps, social media, and other sensitive services on their device. Google has improved Android security in recent years by screening apps in its app store and proactively blocking third-party apps to cut down on malware — with mixed results. Many malicious apps have evaded Google’s detection.

Cybereason said it has not yet seen EventBot on Android’s app store or in active use in malware campaigns, limiting the exposure to potential victims — for now.

But the researchers said users should avoid untrusted apps from third-party sites and stores, many of which don’t screen their apps for malware.

Powered by WPeMatico

Polestar’s first all-electric vehicle will start at $59,900 in the US

Posted by | Android, automotive, automotive industry, california, cars, China, electric vehicles, Europe, Geely, Google Assistant, Google Play Store, Google-Maps, linux, New York, operating system, Polestar, smartphones, TC, Tesla, tesla model 3, United States, Volvo Cars, west coast | No Comments

Polestar, the electric performance brand spun out of Volvo, said the base price of its first all-electric vehicle will be $59,900 in the United States, lower than originally targeted.

The 2021 Polestar 2, an electric performance fastback, is the first EV to come out of a brand that was relaunched three years ago. Polestar, once a high-performance brand under Volvo Cars, was recast as an electric performance brand in 2017. The aim was to produce exciting and fun-to-drive electric vehicles — a niche that Tesla was the first to fill and has dominated ever since.

The company believes the vehicle is well-positioned for a successful entry into the U.S. market thanks to its lower pricing, tax incentives and the ability for customers to buy it online, said Gregor Hembrough, who heads up Polestar USA. The U.S. prices are also below incentive thresholds in a few critical markets such as California and New York.

Polestar has been trickling out announcements around the upcoming Polestar 2 for months now, including pricing for Europe, which starts at €58,800. On Thursday, the company revealed a few more pricing details for the various options customers can buy, including a $5,000 performance pack, a $4,000 upgrade of Nappa leather interior and $1,200 for 20-inch alloy wheels.

The Polestar 2 will likely be held up as a possible competitor to the Tesla Model 3. The pricing on the two vehicles don’t quite match up unless the $7,500 federal tax incentive, for which Polestar still qualifies, is considered. Tesla no longer qualifies for the federal tax credit because it has sold more than 200,000 electric vehicles.

Stripping out the incentives, the base price of the Polestar 2 is slightly more expensive than the performance version of the Model 3, which starts at $56,990.

Until the automaker begins delivery to the U.S., which is expected this summer, it won’t be clear how it stacks up against the Model 3.

Polestar is aiming to attract customers with tech and the performance specs of the fastback, which produces 408 horsepower, 487 pound feet of torque and has a 78 kWh battery pack that delivers an estimated range of 292 miles under Europe’s WLTP. Polestar hasn’t released the EPA estimates for the Polestar 2.

The interior of the Polestar 2, which features Google’s Android Automotive operating system.

The Polestar 2’s infotainment system will be powered by Android OS and, as a result, bring into the car embedded Google services such as Google Assistant, Google Maps and the Google Play Store. This shouldn’t be confused with Android Auto, which is a secondary interface that lies on top of an operating system. Android OS is modeled after its open-source mobile operating system that runs on Linux. But instead of running smartphones and tablets, Google modified it so it could be used in cars.

Polestar, which is jointly owned by Volvo Car Group and Zhejiang Geely Holding of China, plans to open physical retail showrooms called Polestar Spaces once stay-at-home orders prompted by the COVID-19 pandemic are lifted. The first of these locations will open on the West Coast of the United States and New
York in late summer 2020, the company said. The Polestar 2 will be available in all 50 states to buy or lease.

Powered by WPeMatico

Apple and Google are launching a joint COVID-19 tracing tool for iOS and Android

Posted by | Android, api, Apple, Bluetooth, computing, contact tracing, coronavirus, Covid19, Google, Health, Indoor Positioning System, MIT, operating system, operating systems, smartphones, Software, TC, terms of service | No Comments

Apple and Google’s engineering teams have banded together to create a decentralized contact tracing tool that will help individuals determine whether they have been exposed to someone with COVID-19.

Contact tracing is a useful tool that helps public health authorities track the spread of the disease and inform the potentially exposed so that they can get tested. It does this by identifying and “following up with” people who have come into contact with a COVID-19-affected person.

The first phase of the project is an API that public health agencies can integrate into their own apps. The next phase is a system-level contact tracing system that will work across iOS and Android devices on an opt-in basis.

The system uses on-board radios on your device to transmit an anonymous ID over short ranges — using Bluetooth beaconing. Servers relay your last 14 days of rotating IDs to other devices, which search for a match. A match is determined based on a threshold of time spent and distance maintained between two devices.

If a match is found with another user that has told the system that they have tested positive, you are notified and can take steps to be tested and to self-quarantine.

Contact tracing is a well-known and debated tool, but one that has been adopted by health authorities and universities that are working on multiple projects like this. One such example is MIT’s efforts to use Bluetooth to create a privacy-conscious contact tracing tool that was inspired by Apple’s Find My system. The companies say that those organizations identified technical hurdles that they were unable to overcome and asked for help.

Our own Jon Evans laid out the need for a broader tracing apparatus a week ago, along with the notion that you’d need buy-in from Apple and Google to make it happen.

The project was started two weeks ago by engineers from both companies. One of the reasons the companies got involved is that there is poor interoperability between systems on various manufacturer’s devices. With contact tracing, every time you fragment a system like this between multiple apps, you limit its effectiveness greatly. You need a massive amount of adoption in one system for contact tracing to work well.

At the same time, you run into technical problems like Bluetooth power suck, privacy concerns about centralized data collection and the sheer effort it takes to get enough people to install the apps to be effective.

Two-phase plan

To fix these issues, Google and Apple teamed up to create an interoperable API that should allow the largest number of users to adopt it, if they choose.

The first phase, a private proximity contact detection API, will be released in mid-May by both Apple and Google for use in apps on iOS and Android. In a briefing today, Apple and Google said that the API is a simple one and should be relatively easy for existing or planned apps to integrate. The API would allow apps to ask users to opt-in to contact tracing (the entire system is opt-in only), allowing their device to broadcast the anonymous, rotating identifier to devices that the person “meets.” This would allow tracing to be done to alert those who may come in contact with COVID-19 to take further steps.

The value of contact tracing should extend beyond the initial period of pandemic and into the time when self-isolation and quarantine restrictions are eased.

The second phase of the project is to bring even more efficiency and adoption to the tracing tool by bringing it to the operating system level. There would be no need to download an app, users would just opt-in to the tracing right on their device. The public health apps would continue to be supported, but this would address a much larger spread of users.

This phase, which is slated for the coming months, would give the contract tracing tool the ability to work at a deeper level, improving battery life, effectiveness and privacy. If its handled by the system, then every improvement in those areas — including cryptographic advances — would benefit the tool directly.

How it works

A quick example of how a system like this might work:

  1. Two people happen to be near each other for a period of time, let’s say 10 minutes. Their phones exchange the anonymous identifiers (which change every 15 minutes).
  2. Later on, one of those people is diagnosed with COVID-19 and enters it into the system via a Public Health Authority app that has integrated the API.
  3. With an additional consent, the diagnosed user allows his anonymous identifiers for the last 14 days to be transmitted to the system.
  4. The person they came into contact with has a Public Health app on their phone that downloads the broadcast keys of positive tests and alerts them to a match.
  5. The app gives them more information on how to proceed from there.

Privacy and transparency

Both Apple and Google say that privacy and transparency are paramount in a public health effort like this one and say they are committed to shipping a system that does not compromise personal privacy in any way. This is a factor that has been raised by the ACLU, which has cautioned that any use of cell phone tracking to track the spread of COVID-19 would need aggressive privacy controls.

There is zero use of location data, which includes users who report positive. This tool is not about where affected people are but instead whether they have been around other people.

The system works by assigning a random, rotating identifier to a person’s phone and transmitting it via Bluetooth to nearby devices. That identifier, which rotates every 15 minutes and contains no personally identifiable information, will pass through a simple relay server that can be run by health organizations worldwide.

Even then, the list of identifiers you’ve been in contact with doesn’t leave your phone unless you choose to share it. Users that test positive will not be identified to other users, Apple or Google. Google and Apple can disable the broadcast system entirely when it is no longer needed.

All identification of matches is done on your device, allowing you to see — within a 14-day window — whether your device has been near the device of a person who has self-identified as having tested positive for COVID-19.

The entire system is opt-in. Users will know upfront that they are participating, whether in app or at a system level. Public health authorities are involved in notifying users that they have been in contact with an affected person.

The American Civil Liberties Union appears to be cautiously optimistic.

“No contact tracing app can be fully effective until there is widespread, free, and quick testing and equitable access to healthcare. These systems also can’t be effective if people don’t trust them,” said ACLU’s surveillance and cybersecurity counsel Jennifer Granick. “To their credit, Apple and Google have announced an approach that appears to mitigate the worst privacy and centralization risks, but there is still room for improvement. We will remain vigilant moving forward to make sure any contract tracing app remains voluntary and decentralized, and used only for public health purposes and only for the duration of this pandemic.”

Apple and Google say that they will openly publish information about the work that they have done for others to analyze in order to bring the most transparency possible to the privacy and security aspects of the project.

“All of us at Apple and Google believe there has never been a more important moment to work together to solve one of the world’s most pressing problems,” the companies said in a statement. “Through close cooperation and collaboration with developers, governments and public health providers, we hope to harness the power of technology to help countries around the world slow the spread of COVID-19 and accelerate the return of everyday life.”

You can find more information about the contact tracing API on Google’s post here and on Apple’s page here including specifications.

Updated with comment from the ACLU.

Powered by WPeMatico

Test and trace with Apple and Google

Posted by | alipay, america, Android, Apple, apple inc, Bluetooth, China, Companies, computing, cryptography, digital rights, encryption, Google, google play services, human rights, MIT, NHS, operating system, Opinion, privacy, Singapore, south korea, surveillance, TC, terms of service, United Kingdom, world health organization | No Comments

After the shutdown, the testing and tracing. “Trace, test and treat is the mantra … no lockdowns, no roadblocks and no restriction on movement” in South Korea. “To suppress and control the epidemic, countries must isolate, test, treat and trace,” say WHO.

But what does “tracing” look like exactly? In Singapore, they use a “TraceTogether” app, which uses Bluetooth to track nearby phones (without location tracking), keeps local logs of those contacts, and only uploads them to the Ministry of Health when the user chooses/consents, presumably after a diagnosis, so those contacts can be alerted. Singapore plans to open-source the app.

In South Korea, the government texts people to let them know if they were in the vicinity of a diagnosed individual. The information conveyed can include the person’s age, gender, and detailed location history. Subsequently, even more details may be made available:

The level of detail provided by @Seoul_gov for each and every COVID-19 case in the city is astonishing:

Last name (which I’ve obscured)
Sex
Birth year
District of residence
Profession
Travel history
Contact with known cases
Hospital where they’re being treated pic.twitter.com/GsI0QQPcVH

— Victoria Kim (@vicjkim) March 24, 2020

In China, as you might expect, the surveillance is even more pervasive and draconian. Here, the pervasive apps Alipay and WeChat now include health codes – green, yellow, or red – set by the Chinese government, using opaque criteria. This health status is then used in hundreds of cities (and soon nationwide) to determine whether people are allowed to e.g. ride the subway, take a train, enter a building, or even exit a highway.

What about us, in the rich democratic world? Are we OK with the Chinese model? Of course not. The South Korean model? …Probably not. The Singaporean model? …Maybe. (I suspect it would fly in my homeland of Canada, for instance.) But the need to install a separate app, with TraceTogether or the directionally similar MIT project Safe Paths, is a problem. It works in a city-state like Singapore but will be much more problematic in a huge, politically divided nation like America. This will lead to inferior data blinded by both noncompliance and selection bias.

More generally, at what point does the urgent need for better data collide with the need to protect individual privacy and avoid enabling the tools for an aspiring, or existing, police state? And let’s not kid ourselves; the pandemic increases, rather than diminishes, the authoritarian threat.

Maybe, like the UK’s NHS, creators of new pandemic data infrastructures will promise “Once the public health emergency situation has ended, data will either be destroyed or returned” — but not all organizations instill the required level of trust in their populace. This tension has provoked heated discussion around whether we should create new surveillance systems to help mitigate and control the pandemic.

This surprises me greatly. Wherever you may be on that spectrum, there is no sense whatsoever in creating a new surveillance system — seeing as how multiple options already exist. We don’t like to think about it, much, but the cold fact is that two groups of entities already collectively have essentially unfettered access to all our proximity (and location) data, as and when they choose to do so.

I refer of course to the major cell providers, and to Apple & Google . This was vividly illustrated by data company Tectonix in a viral visualization of the spread of Spring Break partygoers:

Want to see the true potential impact of ignoring social distancing? Through a partnership with @xmodesocial, we analyzed secondary locations of anonymized mobile devices that were active at a single Ft. Lauderdale beach during spring break. This is where they went across the US: pic.twitter.com/3A3ePn9Vin

— Tectonix GEO (@TectonixGEO) March 25, 2020

Needless to say, Apple and Google, purveyors of the OSes on all those phones, have essentially the same capability as and when they choose to exercise it. An open letter from “technologists, epidemiologists & medical professionals” calls on “Apple, Google, and other mobile operating system vendors” (the notion that any other vendors are remotely relevant is adorable) “to provide an opt-in, privacy preserving OS feature to support contact tracing.”

They’re right. Android and iOS could, and should, add and roll out privacy-preserving, interoperable, TraceTogether-like functionality at the OS level (or Google Play Services level, to split fine technical hairs.) Granted, this means relying on corporate surveillance, which makes all of us feel uneasy. But at least it doesn’t mean creating a whole new surveillance infrastructure. Furthermore, Apple and Google, especially compared to cellular providers, have a strong institutional history and focus on protecting privacy and limiting the remit of their surveillance.

(Don’t believe me? Apple’s commitment to privacy has long been a competitive advantage. Google offers a thorough set of tools to let you control your data and privacy settings. I ask you: where is your cell service provider’s equivalent? Ah. Do you expect it to ever create one? I see. Would you also be interested in this fine, very lightly used Brooklyn Bridge I have on sale?)

Apple and Google are also much better suited to the task of preserving privacy by “anonymizing” data sets (I know, I know, but see below), or, better yet, preserving privacy via some form(s) of differential privacy and/or homomorphic encryption — or even some kind of zero-knowledge cryptography, he handwaved wildly. And, on a practical level, they’re more able than a third-party app developer to ensure a background service like that stays active.

Obviously this should all be well and firmly regulated. But at the same time, we should remain cognizant of the fact that not every nation believes in such regulation. Building privacy deep into a contact-tracing system, to the maximum extent consonant with its efficacy, is especially important when we consider its potential usage in authoritarian nations who might demand the raw data. “Anonymized” location datasets admittedly tend to be something of an oxymoron, but authoritarians may still be technically stymied by the difficulty of deanonymization; and if individual privacy can be preserved even more securely than that via some elegant encryption scheme, so much the better.

Compared to the other alternatives — government surveillance; the phone companies; or some new app, with all the concomitant friction and barriers to usage — Apple and Google are by some distance the least objectionable option. What’s more, in the face of this global pandemic they could roll out their part of the test-and-trace solution to three billion users relatively quickly. If we need a pervasive pandemic surveillance system, then let’s use one which (though we don’t like to talk about it) already exists, in the least dangerous, most privacy-preserving way.

Powered by WPeMatico

Volvo’s Polestar begins production of the all-electric Polestar 2 in China

Posted by | Android, automotive, cars, China, coronavirus, COVID-19, electric vehicles, Europe, Ford, Geely, GM, Google Assistant, Google Play Store, Google-Maps, linux, Los Angeles, Lucid Motors, north america, operating system, Oslo, Polestar, Rivian, shanghai, smartphones, TC, Tesla, volkswagen, Volvo Cars | No Comments

Polestar has started production of its all-electric Polestar 2 vehicle at a plant in China amid the COVID-19 pandemic that has upended the automotive industry and triggered a wave of factory closures throughout the world.

The start of Polestar 2 production is a milestone for Volvo Car Group’s standalone electric performance brand  — and not just because it began in the midst of global upheaval caused by COVID-19, a disease that stems from the coronavirus. It’s also the first all-electric car under a brand that was relaunched just three years ago with a new mission.

Polestar was once a high-performance brand under Volvo Cars. In 2017, the company was recast as an electric performance brand aimed at producing exciting and fun-to-drive electric vehicles — a niche that Tesla was the first to fill and has dominated ever since. Polestar is jointly owned by Volvo Car Group and Zhejiang Geely Holding of China. Volvo was acquired by Geely in 2010.

COVID-19 has affected how Polestar and its parent company operate. Factory closures began in China, where the disease first swept through the population. Now Chinese factories are reopening as the epicenter of COVID-19 moves to Europe and North America. Most automakers have suspended production in Europe and North America.

Polestar CEO Thomas Ingenlath said the company started production under these challenging circumstances with a strong focus on the health and safety of its workers. He added that the Luqiao, China factory is an example of how Polestar has leveraged the expertise of its parent companies.

Extra precautions have been taken because of the outbreak, including frequent disinfecting of work spaces and requiring workers to wear masks and undergo regular temperature screenings, according to the company. Polestar has said that none of its workers in China tested positive for COVID-19 as a result of its efforts.

COVID-19 has also affected Polestar’s timeline. Polestar will only sell its vehicles online and will offer customers subscriptions to the vehicle. It previously revealed plans to open “Polestar Spaces,” a showroom where customers can interact with the product and schedule test drives. These spaces will be standalone facilities and not within existing Volvo retailer showrooms. Polestar had planned to have 60 of these spaces open by 2020, including in Oslo, Los Angeles and Shanghai.

COVID-19 has delayed the opening of the showrooms. The company will have some pop-up stores opening as soon as that situation improves, so people can go see the cars and learn more while the permanent showrooms are still under construction, TechCrunch has learned.

It’s not clear just how many Polestar 2 vehicles will be produced; Polestar has told TechCrunch that it is in the “tens of thousands” of cars per calendar year. Those numbers will also depend on demand for the Polestar 2 and other models that are built in the same factory.

Polestar 2 EV

Image Credits: Screenshot/Polestar

Polestar also isn’t providing the exact number of reservations until it begins deliveries, which are supposed to start this summer in Europe, followed by China and North America. It was confirmed to TechCrunch that reservations are in the “five digits.”

The Polestar 2, which was first revealed in February 2019, has been positioned by the company to go up against Tesla Model 3. (The company’s first vehicle, the Polestar 1, is a plug-in hybrid with two electrical motors powered by three 34-kilowatt-hour battery packs and a turbo and supercharged gas inline 4 up front.)

But it will likely face off against other competitors launching new EVs in 2020 and 2021, including Volkswagen, GM, Ford and startups Lucid Motors and even adventure-focused Rivian.

Polestar is hoping customers are attracted to the tech and the performance of the fastback, which produces 408 horsepower, 487 pound feet of torque and has a 78 kWh battery pack that delivers an estimated range of 292 miles under Europe’s WLTP.

The Polestar 2’s infotainment system will be powered by Android OS and, as a result, bring into the car embedded Google services such as Google Assistant, Google Maps and the Google Play Store. This shouldn’t be confused with Android Auto, which is a secondary interface that lies on top of an operating system. Android OS is modeled after its open-source mobile operating system that runs on Linux. But instead of running smartphones and tablets, Google modified it so it could be used in cars.

Powered by WPeMatico

Google launches the first developer preview of Android 11

Posted by | Android, api, Apps, BlackBerry Priv, computing, dave burke, Google, Google Play, machine learning, Mobile, mobile operating system, operating system, operating systems, PIXEL, smartphones, Software, TC | No Comments

With the days of desert-themed releases officially behind it, Google today announced the first developer preview of Android 11, which is now available as system images for Google’s own Pixel devices, starting with the Pixel 2.

As of now, there is no way to install the updates over the air. That’s usually something the company makes available at a later stage. These first releases aren’t meant for regular users anyway. Instead, they are a way for developers to test their applications and get a head start on making use of the latest features in the operating system.

With Android 11 we’re keeping our focus on helping users take advantage of the latest innovations, while continuing to keep privacy and security a top priority,” writes Google VP of Engineering Dave Burke. “We’ve added multiple new features to help users manage access to sensitive data and files, and we’ve hardened critical areas of the platform to keep the OS resilient and secure. For developers, Android 11 has a ton of new capabilities for your apps, like enhancements for foldables and 5G, call-screening APIs, new media and camera capabilities, machine learning, and more.”

Unlike some of Google’s previous early previews, this first version of Android 11 does actually bring quite a few new features to the table. As Burke noted, there are some obligatory 5G features like a new bandwidth estimate API, for example, as well as a new API that checks whether a connection is unmetered so apps can play higher-resolution video, for example.

With Android 11, Google is also expanding its Project Mainline lineup of updatable modules from 10 to 22. With this, Google is able to update critical parts of the operating system without having to rely on the device manufacturers to release a full OS update. Users simply install these updates through the Google Play infrastructure.

Users will be happy to see that Android 11 will feature native support for waterfall screens that cover a device’s edges, using a new API that helps developers manage interactions near those edges.

Also new are some features that developers can use to handle conversational experiences, including a dedicated conversation section in the notification shade, as well as a new chat bubbles API and the ability to insert images into replies you want to send from the notifications pane.

Unsurprisingly, Google is adding a number of new privacy and security features to Android 11, too. These include one-time permissions for sensitive types of data, as well as updates to how the OS handles data on external storage, which it first previewed last year.

As for security, Google is expanding its support for biometrics and adding different levels of granularity (strong, weak and device credential), in addition to the usual hardening of the platform you would expect from a new release.

There are plenty of other smaller updates as well, including some that are specifically meant to make running machine learning applications easier, but Google specifically highlights the fact that Android 11 will also bring a couple of new features to the OS that will help IT manage corporate devices with enhanced work profiles.

This first developer preview of Android 11 is launching about a month earlier than previous releases, so Google is giving itself a bit more time to get the OS ready for a wider launch. Currently, the release schedule calls for monthly developer preview releases until April, followed by three betas and a final release in Q3 2020.

Powered by WPeMatico