Android and iOS apps on Windows: What is Microsoft doing—and will it work?

At its Build developer conference last week, Microsoft made a pair of announcements about Windows development that were more than a little surprising: Windows will support applications developed for iOS and Android.

This immediately felt like a dangerous move. Windows will not be the first operating system to run foreign applications. Famously, IBM advertised OS/2 as a “Better Windows than Windows” in the 1990s, boasting that its platform would run all your existing Windows applications with greater stability and performance. More recently, BlackBerry 10 included support for Android applications, with BlackBerry licensing the Amazon App Store and using it as its gateway to a world of Android-compatible software.

Neither OS/2 nor BlackBerry 10 has made a success of this capability. There are two major problems with supporting foreign applications on a niche platform. The first is straightforward: it removes any incentive for developers to bother with the native platform. Investing in developing for a minor platform is already something of a gamble, and by telling developers “Oh hey, you can just use your existing Win16 or Android program…” as IBM and BlackBerry (respectively) did, you’re implicitly sending them a message. “Don’t bother learning our platform or writing native apps for it.”

It turned out as expected for both platforms. While a few true OS/2 applications were created—and similarly there are some true BlackBerry 10 apps—they’re relatively unusual. After all, what’s the point? If IBM is going to boast about just how well OS/2 will run Win16 apps and those Win16 apps can be sold both to OS/2 users and to Windows 3.1 users, why would a developer write anything other than a Win16 app?

This capability cedes a lot of control. By being dependent on apps developed for a third-party platform, you give the owner of that third-party platform the power to choose how to evolve its APIs and add new features. This bit OS/2 hard: while IBM was busy promoting how well OS/2 could run 16-bit Windows applications, Microsoft was busy encouraging developers to create new 32-bit Windows applications and end-users to buy the 32-bit capable Windows 95. This new world of 32-bit software wouldn’t run on OS/2, and so the big OS/2 feature that IBM heavily marketed was rendered semi-useless. OS/2 found some niche success, but it was ultimately a failure.

Supporting Android apps creates similar risks. If Android software constitutes a major part of a platform’s software ecosystem, any changes to Android (new APIs or capabilities, say) that Android software expects to be able to take advantage of have to be replicated. This is, however, tempered by Android’s uniquely poor update situation. Most Android phones don’t have access to the latest and greatest version of Android or the latest and greatest Android features, so most Android software has to refrain from demanding such capabilities. This means an Android-compatible platform could trail Google’s cutting edge by a year or more and still be highly compatible with Android apps.

Read More: Android and iOS apps on Windows: What is Microsoft doing—and will it work? | Ars Technica.

Google is no longer encrypting new Lollipop devices by default

Google sparked headlines last September when the company confirmed that Lollipop would indeed enable Full Disk Encryption (FDE) by default. Once the new mobile OS got into the hands of consumers, however, it was discovered that encryption could slow down the storage system of its host device by more than 80 percent.

Google’s own Nexus 6 and Nexus 9 did indeed ship with encryption enabled but older devices that received the upgrade didn’t have it enabled. As Ars Technica notes, this made sense at the time as perhaps those dated devices weren’t meant to be encrypted and doing so was causing a slowdown (this still didn’t explain the slowdown on new devices).

Now that we’re starting to see new handsets ship with Lollipop, we’re finding that they aren’t encrypted by default, either. Examples include the second generation Moto E and the brand new Samsung Galaxy S6.

Reaching out to Google and Motorola, the publication learned that FDE is no longer a requirement for OEMs but rather a suggestion – just as it was in KitKat and older versions. So, why the sudden (quiet) change of heart?

Google hasn’t yet said but all signs point to the aforementioned performance issues. In Ars’ review of the Nexus 6, for example, it was shown that the handset could be slower than the Nexus 5 in some tasks. This was backed up by benchmarks from Anandtech that showed major slowdowns during the read / write process.

As it stands, Lollipop users can still enable FDE – they just probably need to do it manually. The feature will likely become a requirement in a future version of Android which will give OEMs enough time to install faster memory. When that’ll take place is anyone’s guess.

via Google is no longer encrypting new Lollipop devices by default – TechSpot.

Apple’s market share grows as Windows Phone continues to drop, Android still king

Kantar Worldpanel ComTech has released quarterly data for smartphone market share, and it is again bad news for Windows Phone fans, as the mobile operating system continues its decline in both U.S. and Europe, and barely manages to survive in other markets.

Apple’s market share has been given a great boost by strong sales of the company’s iPhone 6 and iPhone 6 Plus, and has continued its growth towards the end of 2014. The three month data survey ending November 2014 shows iOS eating heartily at Android’s sweets, managing to climb at roughly the same performance in the U.S., as shown in the image above.

Android also suffered losses in the Chinese and European markets, the most serious being in the U.K., where it saw a drop from over 60% in June 2014 to just under 50% in only five months, and we have yet to see what happened during the holidays, when iDevices were apparently the most popular gift.

Meanwhile, Windows Phone is hitting new lows in some markets, sitting at 7% in the U.K., 3% in the U.S., and 12.7% in Italy as of November 2014. The mobile OS is almost invisible in China, at a meager 0.6%, but Joe Belfiore has promised to change that in the near future, with special features dedicated to Chinese customers.

We have yet to see how Microsoft’s Lumia 730 and Lumia 830 performed during the holiday sales, but it’s clear that Windows Phone is in dire need of more market penetration. Hopefully the next version of Windows Phone will make the platform more attractive for users and developers alike.

Overall, it looks like Android still holds the crown as the global king of smartphones, especially due to Xiaomi’s contribution in the Chinese market, and satisfied customers of Samsung that are not looking to switch to Apple’s new iPhones.

via Apple’s market share grows as Windows Phone continues to drop, Android still king – Neowin.

Beware: Fake “The Interview” movie download app is in the wild

“The Interview” is undeniably the hottest movie of the year, which is a comedy about a plan to kill North Korea’s leader, Kim Jong-un. It has also been the most controversial, backed by disputes with hackers threatening theaters who will play the said movie with physical action, and also by demands to pull the film, delaying its release. The movie did reach theaters, albeit limited, and the internet, via YouTube, Xbox Video and other similar video streaming websites.

With all the racket and commotion, the Rogen-Franco movie has also been a big hit on torrent websites, downloaded tons of times illegally. Apparently, this has been a cue for the cyber evildoers to trick innocent minds again into infecting their smartphones and tablets with malware.

In a recent blog post by Graham Cluley, a security blogger, an Android app claiming to be a client to download the movie is swarming the internet today. Quoting Irfan Asrar, a McAfee security expert, the app is part of a torrent, exclusive to South Korea. Cluley states:

“Researchers at McAfee – in a joint investigation with the Technische Universität Darmstadt and the Centre for Advanced Security Research Darmstadt (CASED), has identified that a threat campaign has been active in South Korea in the last few days, attempting to exploit the media frenzy surrounding The Interview‘s release,”

The app looks like an innocent application that will help you pirate the movie. But in reality, it contains an Android Trojan named “Android/Badaccents”, which was hosted on Amazon Web Services. It is a banking Trojan which affects a number of Korean banks, including Citi Bank, and is out to steal your personal information and wipe the money off your bank cards. The collected data then apparently goes to a Chinese mail server. He has mentioned in his blog that at least 20,000 devices have been infected by the Trojan.

One peculiar thing was observed by Cluley though, the malware checks for the device’s manufacturing information; if the device is set to “Samjiyon” or “Arirang,” which means the handset has been purchased in North Korea, the malware will not infect the host device, and instead display an error message stating “an attempt to connect to the server failed.”

Pondering on whether this was a politics related attack, Cluley quotes Asrar:

“Asrar says that he does not currently believe the limiting of infections to non-North Korean made devices was politically motivated, but instead a commercial decision not to waste bandwidth on users who were outside the targeted region (as North Koreans were unlikely to be customers of the targeted banks),”

Cluley has mentioned that McAfee has notified Amazon of the issue, so further infections can be prevented. Also, he has warned people that there is a possibility of the Trojan being hosted on other websites, wearing different disguises.

via Beware: Fake “The Interview” movie download app is in the wild – Neowin.

Android 5.0.1 Airs, Looks to Squash Numerous Lollipop Bugs

DailyTech - Android 5.0.1 Airs, Looks to Squash Numerous Lollipop Bugs

Google tweaks its core services in an attempt to remedy some of the problems associated with Lollipop

Google Inc.’s (GOOG) Android 5.0 Lollipop saw a soft launch in mid-October and hit official AOSP (Android Open Source Project) status roughly two and a half weeks later, on Nov. 3. It’s been roughly a month since that rollout and it’s been a rather painfully slow rollout process, with Lollipop accounting for less than 0.1 percent of Android devices at present.

Among the lucky few receiving quicker updates included select Motorola handsets (a subsidiary of the Lenovo Group Ltd. (HKG:0992)) and select Nexus devices (various OEMs). The downside for those early adopters and the upside, of sorts, for those who don’t have access to Lollipop yet is that by the time Lollipop does get to you, it may be less buggy.

Google announced today the availability of Android 5.0.1 AOSP, the first major ROM upgrade patch for Lollipop.

Among the issues it looks to fix:

Poor battery life (seen on the Nexus 5)

Storage issues (seen on the Nexus 6)

Overheating (seen on the Nexus 9)

Android L bugs

The Android 5.0.1 AOSP release carries the build number LRX22C. You can get images direct from Google for the following devices:

Nexus 7 (2013)

Nexus 9

Nexus 10

It should be interesting to see if this patch fixes Lollipop’s assorted early bugs, which appeared rather prevalent in the small population, forcing some users to roll back to Android 4.4 KitKat.

via DailyTech – Android 5.0.1 Airs, Looks to Squash Numerous Lollipop Bugs.

The Nexus 10, Lollipop, and the problem with big Android tablets

I’ve never been tempted to buy a large widescreen tablet. They’re good at certain things, but they’re too wide for everything onscreen to be reachable if you’re holding it with both hands. They’re too tall for portrait mode to be comfortable for long stretches. One-handed use is generally tolerable at best. Smaller widescreen tablets like the Nexus 7 are nice because they’re closer in size and heft to books, but 10-inch-and-up widescreen tablets have always been too gawky for my taste.

Which brings us to Google and Samsung’s Nexus 10. This tablet replaced the underwhelming Motorola Xoom in late 2012, and it was the Android ecosystem’s first answer to the high-density Retina display Apple had added to the iPad earlier that year. Its hardware was perfectly good then and it remains solid now—it has aged much better than the old Nexus 7—but hardware was never the Nexus 10’s problem.

The problem two years ago was that the Android ecosystem was light on good tablet apps. There wasn’t a ton to do with that big screen, which meant there wasn’t much incentive to choose the Nexus 10 over an iPad or a smaller Android tablet. In examining Lollipop on the Nexus 10, our biggest questions are about the ways the redesigned OS and apps make use of that extra space.

Performance: Nothing to see here

The Nexus 10’s hardware has aged much better than the 2012 Nexus 7’s. Samsung usually uses top-end flash memory in its devices, so the tablet doesn’t suffer from the smaller tablet’s NAND-related problems. It was also one of the first tablets to ship with an Exynos 5 SoC, which used a pretty fast dual-core Cortex A15-based CPU and a GPU that sits somewhere between the iPad 3 and iPad 4 in performance.

Our look at the old Nexus 7 showed that most apps don’t slow down significantly in the jump from KitKat to Lollipop and the Nexus 10 still glides along pretty smoothly most of the time. You’ll run into hitches occasionally, places where animations will stutter momentarily or an app will take an extra beat to respond to input, but it’s not the chronic problem that it is on the old Nexus 7. This is behavior that was present in KitKat, too, so we wouldn’t blame the software—we’re inclined to attribute it to the GPU, which is OK-not-great at driving a 2560×1600 display panel.

There’s no need to compare app launch times in Lollipop and KitKat on this tablet—just know that performance isn’t a problem here. If you’re happy with how your Nexus 10 is doing with KitKat, you’ll be equally happy with it after updating to Lollipop. As in our 2012 Nexus 7, our battery life tests showed Android 4.4 and 5.0 getting roughly equal amounts of runtime, though Project Volta may still end up getting you a little extra battery life in actual everyday use.

Read more: The Nexus 10, Lollipop, and the problem with big Android tablets | Ars Technica.

Mozilla blasts at Android and iOS for lack of openness

Mozilla has accused Google and Apple of not being transparent with their mobile technologies and misusing their dominant positions.

Google’s Android and Apple’s iOS make up for the majority marketshare in smartphone OSes globally and Mozilla has shown concern over the irresponsible behavior of the companies by not being transparent about the utilization of user data.

In a report from the Guardian, Mozilla’s chief technology officer, Andreas Gal, has revealed that the current mobile situation is not favorable for users’ privacy and believes Firefox OS can change the scenario.

According to Gal, neither Android nor iOS is transparent and users are kept in the dark about what happens with their data. Although, Android is based on open source software, Google has kept large portions of its integrated services proprietary and iOS has been closed since the very beginning. Gal feels that, “right now the user has a choice between one phone where you can’t tell what goes on inside it and another phone where you can’t tell what goes on inside it.”

Both Apple and Google have in the past banned or removed privacy-centric applications from their respective app stores, which can be termed as misuse of their dominant positions and Mozilla hopes that people realize this and choose open platforms in the future.

via Mozilla blasts at Android and iOS for lack of openness – Neowin.

KitKat now powering over a third of Android devices, Jelly Bean’s adoption falls to 50 percent

Google has updated its Android Platform Distribution numbers for the month of November, revealing that KitKat, which was released an year ago, is now powering over a third of mobile devices running the company’s mobile OS.

This shouldn’t come as a surprise given that KitKat’s market share has continued to rise over the past several months. As per the latest stats, Android KitKat is installed on 30.2 percent of devices that accessed the Play Store during the past week, compared to 24.5 percent in the month prior.

Version Codename API Distribution

2.2 Froyo 8 0.6%

2.3.3 – 2.3.7 Gingerbread 10 9.8%

4.0.3 – 4.0.4 Ice Cream Sandwich 15 8.5%

4.1.x Jelly Bean 16 22.8

4.2.x – 17 20.8%

4.3 – 18 7.3%

4.4 KitKat 19 30.2%

Aside from KitKat, all other Android versions saw a dip in their adoption share. Although Jelly Bean, which was released back in 2012, remains the leading platform, its market share dropped to 50.9 percent from 53.8 percent.

Similarly, Ice Cream Sandwich’s market share came down to 8.5 percent from 9.6 percent, while Gingerbread slipped to single digits with 9.8 percent market share, down from 11.4 percent in September. All other versions of Android accounted for less than 1 percent share.

Google has also started rolling out Android 5.0 Lollipop, so it will be interesting to see how it affects KitKat’s market share moving forward.

It’s also worth mentioning that this data reflects devices running the latest Google Play Store app, which is compatible with Android 2.2 and higher.

via KitKat now powering over a third of Android devices, Jelly Bean’s adoption falls to 50 percent – TechSpot.

Firefox 33 brings H.264 support, lets you send videos to Chromecast and Roku devices from Android

More than a month after Mozilla came out with Firefox 32, the company has updated the web browser for Android, Windows, Linux, and Mac platforms, bumping it to version 33.0. Aside from bug fixes, the update also brings some new features as well as performance improvements.

One of the notable features of the update is that Firefox for Android now lets you send supported videos straight from Web pages you visit in the web browser to streaming-enabled TVs via connected devices like Roku and Chromecast. When you play a video in the smartphone browser, you’ll now see the ‘send to device’ icon in the video playback controls and the URL bar, tapping on which brings up a list of connected Roku or Chromecast devices that are on the same WiFi network. Pick a device and you’re good to go.

“You can choose the content you want to view in your living room and can play, pause and close videos directly from the Media Control Bar in Firefox for Android”, the company said in a blog post. “This appears at the bottom of the screen on your Android phone when a video is being sent and stays visible as long as the video is playing, even if you change tabs or visit new Web pages”.

In addition, Firefox 33 for Android also includes an option to clear data when quitting the browser app, undo a closed tab, list recently closed tabs, close all tabs at once, and more.

As for the desktop version, Firefox 33 now supports proprietary H.264 video codec for WebRTC-based video chat (H.264 videos still won’t play natively), thanks to a collaboration with Cisco, which has agreed to distribute OpenH264, a free H.264 codec plugin that the web browser requires.

In addition, the desktop version also boasts an improved search experience, slimmer and faster JavaScript, search suggestions on the Start (about:home) and new tab (about:newtab) pages, support for connecting to HTTP proxy over HTTPS, and more.

The desktop version is available for download here, while the Android version is slowly rolling out on Google Play.

via Firefox 33 brings H.264 support, lets you send videos to Chromecast and Roku devices from Android – TechSpot.

Android attack improves timing, allows data theft

Android attack improves timing, allows data theft | Ars Technica

A malicious application could enable the theft of login credentials, sensitive images, and other data from Android smartphones by making use of a newly discovered information-leakage weakness in the operating system, according to a team of researchers from the University of Michigan and the University of California at Riverside.

The attack, known as a user interface (UI) inference attack, makes use of the design of programming frameworks that share memory, allowing one application to gather information about the state of other applications. The information can be gathered without any special Android permissions or by grabbing screen pixels, according to a paper presented at the USENIX Security Conference on Friday.

The technique gives attackers the ability to infer the state of a targeted application, enabling more convincing attacks. If malware knows that the targeted user has just clicked on a “login” button, then it can throw up a dialog box asking for a username and password. If the malware can infer that a user is about to take a picture of a check or sensitive document, it can quickly take a second picture.

“Although UI state knowledge does not directly reveal user input, due to a lack of direct access to the exact pixels or screenshots, we find that it can effectively serve as a building block and enable more serious attacks such as stealing sensitive user input,” the researchers stated in the paper.

An attack application must be running in the background, where it can determine the foreground activity of a targeted app with 80 to 90 percent accuracy in most applications, the researchers said. The technique detects transitions in the UI state of the targeted app and then uses a signature to identify the new state. The signature is created from four different events–input from the user, content provided by another application, CPU utilization of any drawing event, and size of any packets sent–that together can represent, quite accurately it appears, the state of the targeted program.

“The assumption has always been that these apps can’t interfere with each other easily,” Zhiyun Qian, an associate professor of computer security at UC Riverside and co-author of the paper, said in a statement. “We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.”

Any attack that is more convincing if actions are tied to specific user-interface events will benefit from the UI inference technique, the researchers said. The leakage of information about purportedly isolated applications is an example of what is known as a side-channel attack.

In videos demonstrating the UI inference attack, the research group showed the malicious software stealing a username and password from the H&R Block application, copying an image of a check taken by the Chase Bank application, and stealing credit-card information from the NewEgg store.

“By design, Android allows apps to be preempted or hijacked,” Qian said in a statement. “But the thing is you have to do it at the right time so the user doesn’t notice. We do that and that’s what makes our attack unique.”

Because the attack does not focus on any specific vulnerability in the operating system, hardening the software to attack will be difficult, according to the paper.

While the researchers focused on the Android operating system, the operating-system architecture that they exploit is present on most other major OSes, including MacOS X, iOS and Windows, the paper stated.

“We believe our attack on Android is likely to be generalizable to other platforms,” the paper stated.

via Android attack improves timing, allows data theft | Ars Technica.