Spotify Receives Minor Update
Spotify is everyone’s favorite music streaming service is starting off the year with a few minor updates to keep its fantastic streaming experience up to standard. The updates are going to impact user experience positively, which is definitely important, due to the current massive subscriber growth from the limited-time, 3-month, 99 cent offer to kick off the year.
Some of the updates to the app are a snappier start, taking less time to open up and start running, even with a poor connection. Also, whenever you get a noisy notification while streaming a song, you won’t have to worry about your phone stopping the music, which can be very annoying!
So update your Spotify app if you haven’t already.
Come comment on this article: Spotify Receives Minor Update
Android Security lead engineer provides further insight to WebView security issues on devices running Jelly Bean and older versions
It was reported by Talk Android’s Jeff Causey on the 12th of January (link here) that Google would no longer be providing security updates to WebView on devices running Android 4.3 (Jelly Bean) and earlier. In fact, it is even deeper than that: Google will not be managing the entire WebKit for these versions any longer, from which WebView is derived.
In a post on Google+ today, Android Security’s lead engineer, Adrian Ludwig, provided clarification and guidance to those nearly 1 billion device owners running Jelly Bean or earlier Android versions.
WebKit is a software component for web browsers that creates the layout engine for the browsers to render web pages. WebKit is used for both Google Chrome and Apple Safari, whereas Trident is used for Internet Explorer and Gecko is used for Firefox. WebKit is also found in the browser utilized by the Tizen Operating System.
WebView, a part of WebKit, is what allows apps to display web pages inside of the app itself. This is done to keep the user inside of the app, instead of exiting the app you’re in and redirecting you to the browser app.
WebKit, and thus WebView, is mostly open-source, with companies like Google pitching in and supporting the development of the software. By ending support for WebKit on Jelly Bean and earlier versions (from here forth, I will just say Jelly Bean), Google raised alarms that certain known exploits involving WebView may leave users running Jelly Bean exposed to malicious malware.
According to Ludwig, maintaining the legacy code for Jelly Bean in WebKit’s open-source environment was actually creating more security issues than abandoning support for it. Ludwig stated, “Until recently we have also provided backports for the version of WebKit that is used by WebView on Android 4.3 and earlier. But WebKit alone is over 5 million lines of code and hundreds of developers are adding thousands of new commits every month, so in some instances applying vulnerability patches to a 2+ year old branch of WebKit required changes to significant portions of the code and was no longer practical to do safely.”
Ludwig went on to say that the best practices that a user of Jelly Bean devices can do is to open web materials inside of the Chrome or Firefox browser, which is updated with the latest security patches regardless of what Android version they are running. This negates the ability for any exploits made possible by WebView, which again, is something that is used inside of third-party apps not wanting to redirect to the browser. “Using a browser that is updated through Google Play and using applications that follow security best practices by only loading content from trusted sources into WebView will help protect users.”
For developers of apps maintaining support on Jelly Bean devices, Ludwig encourages redirecting to the browser or making sure WebView only accesses content from local sources or over HTTPS. Additionally, he suggests that app developers abandon WebView altogether and instead incorporate a webpage renderer of their own design so they can maintain security patch updates on their own.
Adrian Ludwig came to Google after serving in technical leadership positions held at Adobe, Macromedia, and Joyent. He also worked for the National Security Agency. Since his arrival on the Android Security team, he’s been very vocal about Android’s minuscule vulnerability to malicious attacks.
During a speech to the Virus Bulletin conference in Berlin back in 2013, Ludwig claimed that Google and its data-driven methodology made it extremely difficult for it to be attacked by malcontents. He also pointed out the many layers of security that are in place to prevent malware from finding its way onto your Android device.
Source: Adrian Ludwig via Google+
Come comment on this article: Android Security lead engineer provides further insight to WebView security issues on devices running Jelly Bean and older versions
HTC One (M8) for AT&T getting software update “early next week”
In just a few days, expect a software update to begin rolling out to the HTC One (M8) for AT&T. Mo Versi, the Vice President of Product Management at HTC, responded to one eager customer on Friday. Versi announced that a software update would land on the device “early next week” and include a slew of items.
Here is what Versi said will be in the update:
- Android 4.4.4 KitKat
- HTC Eye Experience software
- Voice over LTE (VoLTE)
Even though it is not Android 5.0 Lollipop, it is a welcome
@jmchatton @htc We just received TA on 4.4.4 for AT&T M8. Will include VoLTE and the HTC Eye SW experience. OTA to start early next week
— Mo (@moversi) January 23, 2015
Source: @moversi (Twitter)
Come comment on this article: HTC One (M8) for AT&T getting software update “early next week”
Netflix and the Duplass brothers are working on four new movies
Last year at the Sundance Film Festival Mark Duplass implored indie filmmakers to “get their goddamn movies on Netflix” and this year, it’s clear he’ll be doing more of that. At this year’s festival, Netflix announced it has a four-picture deal with Mark (The League) and Jay Duplass (Transparent) to make their small-budget films. The two parties have had a relationship ever since Netflix bought The Puffy Chair from the brothers ten years ago. The brothers have produced a slew of indie flicks ever since, and their show Togetherness is airing on HBO. Unlike Netflix’s Crouching Tiger and Adam Sandler movie deals, Deadline reports these will premiere in theaters before they go to streaming shortly after. There’s no word on what the movies are, but fans of flicks like The Do-Deca-Pentathlon, Safety Not Guaranteed and The Skeleton Twins should have an idea of what to expect.
[Image credit: Chelsea Lauren/Getty Images for Sundance]
@MarkDuplass @mindykaling @jayduplass We can work with this…
– Netflix US (@netflix) January 24, 2015
Ahhhhhhh!!! http://t.co/wf1pIkoM79
– Mark Duplass (@MarkDuplass) January 23, 2015
Filed under: Home Entertainment, HD
Source: Deadline
T-Mobile SCORE! program to launch on January 25
Just when it seems that T-Mobile has cooled down, the carrier announces something new. T-Mobile wants even more people to upgrade earlier than usual with the new SCORE! program.
The program, uncovered by TmoNews, allows customers that purchased their device at full-price, brought their own device, have a prepaid plan, or have a postpaid plan without an equipment installment plan (EIP) to upgrade after at least six months. The exact plans included with the SCORE! program are Simply Prepaid, SCNC, Simple Choice Pay in Advance Monthly, Simple Choice, New Classic, and Legacy. Basically, every customer not participating in the JUMP! program is eligible for the SCORE! program.
Once six months have passed, a customer can upgrade for free to an entry-level smartphone. Customers that want special pricing on a high-end device will have to wait until the twelve month mark to upgrade. The monthly cost for the SCORE! program is $5 per line while JUMP! is $10 per line. And, unlike the JUMP! program, no trade-in is required.
A launch is expected on Sunday, January 25.
Source: TmoNews
Come comment on this article: T-Mobile SCORE! program to launch on January 25
Limited Edition Black & Gold BlackBerry Passport’s have started arriving
When BlackBerry announced the black and gold BlackBerry Passport, there was only 50 made available, truly making it a limited edition device. Those 50 were snatched up pretty quick and seemingly shipped out just as fast as they’ve now started arriving buyer’s doors.
‘Thunderstrike’ attack also fixed in OS X 10.10.2
“Thunderstrike” is the name for an attack that can target Mac hardware via the Thunderbolt port. Apple had previously updated the Retina 5K iMac and 2014 Mac mini to partially secure them against Thunderstrike. Now, the upcoming OS X Yosemite 10.10.2 beta should fix the problem for all recent Macs running Yosemite.
Rick Mogull previously explained how Thunderstrike works on TidBITS:
Macs, like all computers, have firmware that swings into action when you push the power button, booting up the computer, loading the operating system, initializing hardware, and performing other functions. Some technologies, such as FireWire and Thunderbolt, interact with this firmware at an extremely low level, below Mac OS X itself, for feature and performance reasons.
The Thunderstrike proof-of-concept takes advantage of this trust to replace the contents of the Mac’s boot ROM with the attacker’s own code, effectively embedding it into the Mac’s hardware and making it impossible to remove using standard techniques. The attack works because Apple relies on software checks to confirm the firmware is valid, and Hudson developed techniques to circumvent those checks (and even replace the encryption key).
To secure against Thunderstrike, Apple likely had to change the code to not only prevent the Mac’s boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again.
That’s the deep, layered process that has been completed in OS X 10.10.2, which was last seeded to developers earlier this week, and will be made available to everyone as soon as it goes into wide release. (OS X 10.10.2 also fixes three recently disclosed Project Zero vulnerabilities.)
In the meantime, no instances of Thunderstrike have been found in wild, and the attack requires either physical access to the targeted computer, or social engineering sufficient to trick the owner into “attacking” themselves.
So, as with other recent Apple-related security stories, be informed but don’t be alarmed. It’s known, it’s not likely to affect anyone reading this, and the fix is on its way.
Yahoo Weather update brings animated effects to already great app.
The Play Store has become saturated with weather apps and nowadays it’s hard to find one that stands out. Yahoo Weather accomplishes this by providing a clean and accurate app that just got better with their recent update. Instead of just having a nice stock image tailored to your location you will also get an animated effect that changes depending on the weather. Now when its snowing you can experience the fun digitally without having to go outside and risk catching a cold. The update comes with animated effects for rain, snow, fog, heat, lightning and frost. If you have been meaning to change your current weather app but have been holding off because you secretly crave visual effects with your weather news, I highly suggest you go and download Yahoo Weather.
For more information regarding the latest Yahoo Weather update you can download the app using the widget below or you can use the link provided.
The post Yahoo Weather update brings animated effects to already great app. appeared first on AndroidGuys.
LG takes to Twitter to tease Lollipop for G3
LG wants you G3 owners to know that soon™, you too will have the latest flavor of Android in your pocket or purse. Or wherever you store it, I don’t judge…
This afternoon, LG posted the above image on its Twitter account, with the message: “Introducing Lollipop: a sweet treat for your #LGG3.”
Source: LG via Twitter
Come comment on this article: LG takes to Twitter to tease Lollipop for G3
Why haven’t you updated to iOS 8?
According to Apple, as of January 19, 2015, 69% of devices — iPhones, iPads, and iPods touch — currently accessing the App Store are running iOS 8. That leaves 28% still running iOS 7, and 3% running iOS 6 or earlier.
The iPhone 4, originally released in 2010, is the only device capable of running iOS 7 that can’t be updated to iOS 8. iPhone 6, iPhone 6 Plus, iPad Air 2, and iPad mini 3 all shipped with iOS 8.
Everything else, including the iPhone 5, iPhone 5c, iPhone 5s, iPod touch 5, iPad 2, iPad 3, iPad 4, iPad Air, iPad mini, and iPad mini 2, can be updated to iOS 8. It’s reasonable to assume some portion of that 28% is comprised of iPhone 4. Tens of millions were sold between 2010 and 2014 and many are likely still in use. How many is impossible to say.
Presuming you’re not using an iPhone 4 or older device, however, and your device is capable of running iOS 8, and you haven’t updated yet, what are you still waiting for?
Do you not have enough storage space on your device to handle the software update process? Are you afraid iOS 8 will make your device run slower, or will be buggier than iOS 7? Are you extremely cautious and want to wait on iOS 8.2 before updating? Or is there another reason?
Let me know the reason in the poll above, and give me the details in the comments below. If you’ve already updated to iOS 8 but have relatives, friends, or colleagues who haven’t, please send them the link to this poll so they can vote. I’d love to know!
AIVAnet 