APKPure app contained malicious adware, say researchers

Security researchers say APKPure, a widely popular app for installing older or discontinued Android apps from outside of Google’s app store, contained malicious adware that flooded the victim’s device with unwanted ads.

Kaspersky Lab said that it alerted APKPure on Thursday that its most recent app version, 3.17.18, contained malicious code that siphoned off data from a victim’s device without their knowledge, and pushed ads to the device’s lock screen and in the background to generate fraudulent revenue for the adware operators.

But the researchers said that the malicious code had the capacity to download other malware, potentially putting affected victims at further risk.

The researchers said the APKPure developers likely introduced the malicious code, known as a software development kit or SDK, from an unverified source. APKPure removed the malicious code and pushed out a new version, 3.17.19, and the developers no longer list the malicious version on its site.

APKPure was set up in 2014 to allow Android users access to a vast bank of Android apps and games, including old versions, as well as app versions from other regions that are no longer on Android’s official app store Google Play. It later launched an Android app, which also has to be installed outside Google Play, serving as its own app store to allow users to download older apps directly to their Android devices.

How to respond to a data breach

APKPure is ranked as one of the most popular sites on the internet.

But security experts have long warned against installing apps outside of the official app stores as quality and security vary wildly as much of the Android malware requires victims to install malicious apps from outside the app store. Google scans all Android apps that make it into Google Play, but some have slipped through the cracks before.

TechCrunch contacted APKPure for comment but did not hear back.

A new Android spyware masquerades as a ‘system update’

from Android – TechCrunch https://ift.tt/3wF26Ke
via IFTTT

Watch a monkey equipped with Elon Musk’s Neuralink device play Pong with its brain

Elon Musk’s Neuralink, one of his many companies and the only one currently focused on mind control (that we’re aware of), has released a new blog post and video detailing some of its recent updates — including using its hardware to make it possible for a monkey to play pong with only its brain.

In the video above, Neuralink demonstrates how it used its sensor hardware and brain implant to record a baseline of activity from this macaque (named ‘Pager’) as it played a game on-screen where it had to move a token to different squares using a joystick with its hand. Using that baseline data, Neuralink was able to use machine learning to anticipate where Pager was going to be moving the physical controller, and was eventually able to predict it accurately before the move was actually made. Researchers then removed the paddle entirely, and eventually did the same thing with Pong, ultimately ending up at a place where Pager no longer was even moving its hand on the air on the nonexistent paddle, and was instead controlling the in-game action entirely with its mind via the Link hardware and embedded neural threads.

The last we saw of Neuralink, Musk himself was demonstrating the Link tech live in August 2020, using pigs to show how it was able to read signals from the brain depending on different stimuli. This new demo with Pager more clearly outlines the direction that the tech is headed in terms of human applications, since, as the company shared on its blog, the same technology could be used to help patients with paralysis manipulate a cursor on a computer, for instance. That could be applied to other paradigms as well, including touch controls on an iPhone, and even typing using a virtual keyboard, according to the company.

Elon Musk demonstrates Neuralink’s tech live using pigs with surgically implanted brain-monitoring devices

Musk separately tweeted that in fact, he expects the initial version of Neuralink’s product to be able to allow someone with paralysis that prevents standard modes of phone interaction to use one faster than people using their thumbs for input. He also added that future iterations of the product would be able to enable communication between Neuralinks in different parts of a patient’s body, transmitting between an in-brain node and neural pathways in legs, for instance, making it possible for “paraplegics to walk again.”

These are obviously bold claims, but the company cites a lot of existing research that undergirds its existing demonstrations and near-term goals. Musk’s more ambitious claims, should, like all of his projections, definitely be taken with a healthy dose of skepticism. He did add that he hopes human trials will begin to get underway “hopefully later this year,” for instance – which is already two years later than he was initially anticipating those might start.

Elon Musk’s Neuralink looks to begin outfitting human brains with faster input and output starting next year

from iPhone – TechCrunch https://ift.tt/39YARjY

Facebook ran ads for a fake ‘Clubhouse for PC’ app planted with malware

Cybercriminals have taken out a number of Facebook ads masquerading as a Clubhouse app for PC users in order to target unsuspecting victims with malware, TechCrunch has learned.

TechCrunch was alerted Wednesday to Facebook ads tied to several Facebook pages impersonating Clubhouse, the drop-in audio chat app only available on iPhones. Clicking on the ad would open a fake Clubhouse website, including a mocked-up screenshot of what the non-existent PC app looks like, with a download link to the malicious app.

When opened, the malicious app tries to communicate with a command and control server to obtain instructions on what to do next. One sandbox analysis of the malware showed the malicious app tried to infect the isolated machine with ransomware.

But overnight, the fake Clubhouse websites — which were hosted in Russia — went offline. In doing so, the malware also stopped working. Guardicore’s Amit Serper, who tested the malware in a sandbox on Thursday, said the malware received an error from the server and did nothing more.

The fake website was set up to look like Clubhouse’s real website, but featuring a malicious PC app. (Image: TechCrunch)

It’s not uncommon for cybercriminals to tailor their malware campaigns to piggyback off the successes of wildly popular apps. Clubhouse reportedly topped more than 8 million global downloads to date despite an invite-only launch. That high demand prompted a scramble to reverse-engineer the app to build bootleg versions of it to evade Clubhouse’s gated walls, but also government censors where the app is blocked.

A new Android spyware masquerades as a ‘system update’

Each of the Facebook pages impersonating Clubhouse only had a handful of likes, but were still active at the time of publication. When reached, Facebook wouldn’t say how many account owners had clicked on the ads pointing to the fake Clubhouse websites.

At least nine ads were placed this week between Tuesday and Thursday. Several of the ads said Clubhouse “is now available for PC,” while another featured a photo of co-founders Paul Davidson and Rohan Seth. Clubhouse did not return a request for comment.

The ads have been removed from Facebook’s Ad Library, but we have published a copy. It’s also not clear how the ads made it through Facebook’s processes in the first place.

Why ‘blaming the intern’ won’t save startups from cybersecurity liability

 

from Android – TechCrunch https://ift.tt/2QcCvr9
via IFTTT

Epic cries monopoly as Apple details secret ‘Project Liberty’ effort to provoke ‘Fortnite’ ban

The Epic v. Apple lawsuit alleging monopolistic practices by the latter will begin next month, and today the main arguments of each company were published, having been trimmed down somewhat at the court’s discretion. With the basic facts agreed upon, the two companies will go to battle over what they mean, and their CEOs will likely take the (virtual) stand to do so.

As we’ve covered in previous months, the thrust of Epic’s argument is that Apple’s hold over the app market and 30 percent standard fee amount to anti-competitive behavior that must be regulated by antitrust law. It rebelled against what it describes as an unlawful practice by slipping its own in-game currency store into the popular game Fortnite, circumventing Apple payment methods. (CEO Tim Sweeney would later, and unadvisedly, compare this to resisting unjust laws in the civil rights movement.)

Apple denies the charge of monopoly, pointing out it faces enormous competition all over the market, just not within its own App Store. And as for the size of the fees — well, perhaps it’s a matter that could stand some adjustment (the company dropped its take to 15% for any developer’s first million following criticism throughout 2020), but it hardly amounts to unlawfulness.

Judge denies Epic’s request to force Apple to bring Fortnite back to App Store

For its part, Apple contends that the whole antitrust allegation and associated dust-kicking is little more than a PR stunt, and it has something in the way of receipts.

Epic did, after all, have a whole PR strategy ready to go when it filed the lawsuit, and the filings describe “Project Liberty,” a long-term program within the company to, in Apple’s opinion, shore up sagging revenues from Fortnite. Epic does seem to have paid a PR firm some $300K to advise on the “two-phase communications plan,” involving a multi-company complaint campaign against Apple and google via the “Coalition for App Fairness.”

Project Liberty makes up a whole section in Apple’s filing, detailing how the company and Sweeney planned to “draw Google into a legal battle over anti-trust,” (and presumably Apple) according to internal emails, by getting banned by the companies’ app stores for circumventing their payment systems. Epic only mentions Project Liberty in one paragraph, explaining that it kept the program secret because “Epic could not have disclosed it without causing Apple to reject Version 13.40 of Fortnite,” viz. the one with the offending payment system built in. It’s not much of a defense.

Whether Apple’s fees are too high, and whether Epic is doing this to extend Fortnite’s profitable days, the case itself will be determined on the basis of antitrust law and doctrine, and on this front things do not look particularly dire for Apple.

Four perspectives: Will Apple trim App Store fees?

Although the legal arguments and summaries of fact run to hundreds of pages from both sides, the whole thing is summed up pretty well in the very first sentence of Epic’s filing: “This case is about Apple’s conduct to monopolize two markets within its iOS ecosystem.”

To be specific, it is about whether Apple can be said to be a monopolist over an ecosystem it created and administrated from the very beginning, and one that is provably assailed on all sides by competitors in the digital distribution and gaming space. This is a novel application of antitrust law and one that would carry a heavy burden of proof for Epic — and that an (admittedly amateur) review of the arguments doesn’t suggest there’s much chance of success.

But the opinion of a random reporter is not much in the accounting of things; there will have to be a trial, and one is scheduled to occur next month. There’s a lot of ground to cover, as Epic’s presentation of its arguments will need to be as meticulous as Apple’s dismantling of them. To that end we can expect live testimony from Apple CEO Tim Cook, Epic CEO Tim Sweeney, Apple’s former head of marketing and familiar face Phil Schiller, among others.

The timing and nature of that testimony or questioning will not be known until later, but it’s likely there will be some interesting interactions worth hearing about. The trial is scheduled to begin May 3 and last for about 3 weeks.

Notably there are a handful of other lawsuits hovering about relating to this, such as Apple’s countersuit against Epic alleging breach of contract. Many of these will depend entirely on the outcome of the main case — e.g. if Apple’s terms were found to be unlawful, there was no contract to break, or if not, Epic pretty much admitted to breaking the rules so the case is practically over already.

You can read the full “proposed findings of fact” documents from each party on the invaluable RECAP; the case number is 4:20-cv-05640.

‘Willful, brazen, and unlawful’: Apple files breach-of-contract countersuit against Epic

from Apple – TechCrunch https://ift.tt/3s6m4Km

Spotify stays quiet about launch of its voice command ‘Hey Spotify’ on mobile

In 2019, Spotify began testing a hardware device for automobile owners it lovingly dubbed “Car Thing,” which allowed Spotify Premium users to play music and podcasts using voice commands that began with “Hey, Spotify.” Last year, Spotify began developing a similar voice integration into its mobile app. Now, access to the “Hey Spotify” voice feature is rolling out more broadly.

Spotify chose not to officially announce the new addition, despite numerous reports indicating the voice option was showing up for many people in their Spotify app, leading to some user confusion about availability.

One early report by GSM Arena, for example, indicated Android users had been sent a push notification that alerted them to the feature. The notification advised users to “Just enable your mic and say ‘Hey Spotify, Play my Favorite Songs.” When tapped, the notification launched Spotify’s new voice interface where users are pushed to first give the app permission to use the microphone in order to be able to verbally request the music they want to hear.

Image Credits: GSM Arena (opens in a new window)

Several outlets soon reported the feature had launched to Android users, which is only partially true.

As it turns out, the feature is making its way to iOS devices, as well. When we launched the Spotify app here on an iPhone running iOS 14.5, for instance, we found the same feature had indeed gone live. You just tap on the microphone button by the search box to get to the voice experience. We asked around and found that other iPhone users on various versions of the iOS operating system also had the feature, including free users, Premium subscribers and Premium Family Plan subscribers.

The screen that appears suggests in big, bold text that you could be saying “Hey Spotify, play…” followed by a random artist’s name. It also presents a big green button at the bottom to turn on “Hey Spotify.”

Once enabled, you can ask for artists, albums, songs and playlists by name, as well as control playback with commands like stop, pause, skip this song, go back and others. Spotify confirms the command with a robotic-sounding male voice by default. (You can swap to a female voice in Settings, if you prefer.)

Image Credits: Spotify screenshot iOS

This screen also alerts users that when the app hears the “Hey Spotify” voice command, it sends the user’s voice data and other information to Spotify. There’s a link to Spotify policy regarding its use of voice data, which further explains that Spotify will collect recordings and transcripts of what you say along with information about the content it returned to you. The company says it may continue to use this data to improve the feature, develop new voice features and target users with relevant advertising. It may also share your information with service providers, like cloud storage providers.

The policy looks to be the same as the one that was used along with Spotify’s voice-enabled ads, launched last year, so it doesn’t seem to have been updated to fully reflect the changes enabled with the launch of “Hey Spotify.” However, it does indicate that, like other voice assistants, Spotify doesn’t just continuously record — it waits until users say the wake words.

Given the “Hey Spotify” voice command’s origins with “Car Thing,” there’s been speculation that the mobile rollout is a signal that the company is poised to launch its own hardware to the wider public in the near future. There’s already some indication that may be true — MacRumors recently reported finding references and photos to Car Thing and its various mounts inside the Spotify app’s code. This follows Car Thing’s reveal in FCC filings back in January of this year, which had also stoked rumors that the device was soon to launch.

Spotify was reached for comment this morning, but has yet been unable to provide any answers about the feature’s launch despite a day’s wait. Instead, we were told that they “unfortunately do not have any additional news to share at this time.” That further suggests some larger projects could be tied to this otherwise more minor feature’s launch.

Spotify Group Session UX teardown: The fails and their fixes

Though today’s consumers are wary of tech companies’ data collection methods — and particularly their use of voice data after all three tech giants confessed to poor practices on this front — there’s still a use case for voice commands, particularly from an accessibility standpoint and, for drivers, from a safety standpoint.

And although you can direct your voice assistant on your phone (or via CarPlay or Android Auto, if available) to play content from Spotify, some may find it useful to be able to speak to Spotify directly — especially since Apple doesn’t allow Spotify to be set as a default music service. You can only train Siri to launch Spotify as your preferred service.

If, however, you have second thoughts about using the “Hey Spotify” feature after enabling it, you can turn it off under “Voice Interactions” in the app’s settings.

from Android – TechCrunch https://ift.tt/2Q3FjHl
via IFTTT

Spotify stays quiet about launch of its voice command ‘Hey Spotify’ on mobile

In 2019, Spotify began testing a hardware device for automobile owners it lovingly dubbed “Car Thing,” which allowed Spotify Premium users to play music and podcasts using voice commands that began with “Hey, Spotify.” Last year, Spotify began developing a similar voice integration into its mobile app. Now, access to the “Hey Spotify” voice feature is rolling out more broadly.

Spotify chose not to officially announce the new addition, despite numerous reports indicating the voice option was showing up for many people in their Spotify app, leading to some user confusion about availability.

One early report by GSM Arena, for example, indicated Android users had been sent a push notification that alerted them to the feature. The notification advised users to “Just enable your mic and say ‘Hey Spotify, Play my Favorite Songs.” When tapped, the notification launched Spotify’s new voice interface where users are pushed to first give the app permission to use the microphone in order to be able to verbally request the music they want to hear.

Image Credits: GSM Arena (opens in a new window)

Several outlets soon reported the feature had launched to Android users, which is only partially true.

As it turns out, the feature is making its way to iOS devices, as well. When we launched the Spotify app here on an iPhone running iOS 14.5, for instance, we found the same feature had indeed gone live. You just tap on the microphone button by the search box to get to the voice experience. We asked around and found that other iPhone users on various versions of the iOS operating system also had the feature, including free users, Premium subscribers and Premium Family Plan subscribers.

The screen that appears suggests in big, bold text that you could be saying “Hey Spotify, play…” followed by a random artist’s name. It also presents a big green button at the bottom to turn on “Hey Spotify.”

Once enabled, you can ask for artists, albums, songs and playlists by name, as well as control playback with commands like stop, pause, skip this song, go back and others. Spotify confirms the command with a robotic-sounding male voice by default. (You can swap to a female voice in Settings, if you prefer.)

Image Credits: Spotify screenshot iOS

This screen also alerts users that when the app hears the “Hey Spotify” voice command, it sends the user’s voice data and other information to Spotify. There’s a link to Spotify policy regarding its use of voice data, which further explains that Spotify will collect recordings and transcripts of what you say along with information about the content it returned to you. The company says it may continue to use this data to improve the feature, develop new voice features and target users with relevant advertising. It may also share your information with service providers, like cloud storage providers.

The policy looks to be the same as the one that was used along with Spotify’s voice-enabled ads, launched last year, so it doesn’t seem to have been updated to fully reflect the changes enabled with the launch of “Hey Spotify.” However, it does indicate that, like other voice assistants, Spotify doesn’t just continuously record — it waits until users say the wake words.

Given the “Hey Spotify” voice command’s origins with “Car Thing,” there’s been speculation that the mobile rollout is a signal that the company is poised to launch its own hardware to the wider public in the near future. There’s already some indication that may be true — MacRumors recently reported finding references and photos to Car Thing and its various mounts inside the Spotify app’s code. This follows Car Thing’s reveal in FCC filings back in January of this year, which had also stoked rumors that the device was soon to launch.

Spotify was reached for comment this morning, but has yet been unable to provide any answers about the feature’s launch despite a day’s wait. Instead, we were told that they “unfortunately do not have any additional news to share at this time.” That further suggests some larger projects could be tied to this otherwise more minor feature’s launch.

Spotify Group Session UX teardown: The fails and their fixes

Though today’s consumers are wary of tech companies’ data collection methods — and particularly their use of voice data after all three tech giants confessed to poor practices on this front — there’s still a use case for voice commands, particularly from an accessibility standpoint and, for drivers, from a safety standpoint.

And although you can direct your voice assistant on your phone (or via CarPlay or Android Auto, if available) to play content from Spotify, some may find it useful to be able to speak to Spotify directly — especially since Apple doesn’t allow Spotify to be set as a default music service. You can only train Siri to launch Spotify as your preferred service.

If, however, you have second thoughts about using the “Hey Spotify” feature after enabling it, you can turn it off under “Voice Interactions” in the app’s settings.

from iPhone – TechCrunch https://ift.tt/2Q3FjHl

E-bikes and earbuds among the first third-party hardware to support Apple’s Find My tracking

Yesterday we noted that Apple launched a new Find My Certification Asst. app, designed to test support for third-party hardware. Find My, of course, has been a long-standing feature for Apple’s own hardware like iPhones, AirPods and Macs, but back at WWDC, the company announced plans to open it up to manufacturers.

Today the company made official its Find My Network Accessory program and unveiled a handful of hardware that will take advantage of the new Made for iPhone (MFi)-affiliated offering. Users will be able to locate missing devices via Apple’s Find My app.

Image Credits: Apple

At the top of the list are a pair of e-bikes, produced by VanMoof. The S3 and X3 will sport tracking functionality, along with a “Locate with Apple Find My” logo located on the bottom side of the crossbar. Belkin’s Soundform Freedom earbuds, meanwhile, will join Apple’s iPods in sporting the feature, while the Chipolo ONE Spot will beat the long-rumored AirTags to the punch.

According to Apple, the new products are set to hit the market next week. There are a bunch of different privacy concerns laid out by Apple in the white papers, along with other specifications companies will have to adhere to. Interestingly, among the prerequisites is that a device needs to be able to emit sound in order to use the functionality. That’s pretty straightforward for things like earbuds, but the also means that things like the e-bikes need to make a sounds specifically for this purpose.

Draft specs for chip makers will also be released in the spring, so companies can utilize the Ultra Wideband tech on Apple devices sporting a U1 chip. That should improve directional tracking, among other potential benefits. Approved products will be able to display the aforementioned “Works with Apple Find My” badge.

Will Apple’s spectacular iPhone 12 sales figures boost the smartphone industry in 2021?

Apple launches an app for testing devices that work with ‘Find My’

 

from Apple – TechCrunch https://ift.tt/2OsFVFQ