App developers are going through your email – here is how to put a stop to it

Never trust anyone when it comes to managing your privacy.

The Wall Street Journal reports that application developers, both mobile and desktop, are busy rummaging through the email of thousands and thousands of users with free accounts from Gmail, Yahoo, and Microsoft. The Journal rightfully chastises the companies involved for allowing this to happen then proceeds to tell us why it’s happening: because we said they could.

Of course developers (and worse, think of that last crummy app you installed that just spammed trash at you until you deleted it) are going to access your account when they asked you if they could and you said yes. It’s also not something new and not something isolated to any particular service provider. But it is predatory behavior and one of those things that should cause heads to roll.

It’s easy to blame the user. It’s also lazy and lets the real culprit get away with it.

Here’s what’s going on: You see an app or browser extension or something you can install and give it access to your email account so it can do wonderful things like price match airline tickets or help you build out a marketing mail list or something else that sounds like a good idea. You understand that this service will need to see the email that comes to your inbox, because how else will it know you’re reserving two tickets to Jamacia for a nice vacation? Everything sounds nice and tidy, but most people never stop to think that giving an app’s developers access to your inbox means they can see what’s inside your inbox.

The companies called out by the Journal, like Return Path are telling you in advance what they need to do then getting explicit permission for it by adding a line into the terms and agreements we need to understand before we install the service. The companies that give you free email service are only letting companies you have authorized sift through your mail. It sounds like a blameless situation that’s entirely our fault and we should have known better. But it’s still sad that it is allowed to happen.

I can’t undo it. I can make sure you know what the WSJ is talking about and angrily type words late on a Monday night, but I can’t make it go away. But you can.

• Visit the account settings page where you can see what apps have access to your account.
  • Click here for Gmail.
  • Click here Microsoft Mail.
  • Click here for Yahoo!
• Find the section of the page labeled “Apps with access to your account” or something very similar. For Gmail, it is the very top item.
• Go through the list and revoke permissions for any app you do not want accessing your mail.
• Go through it a second time and make sure you want the apps that are left to have access to the parts of your account that are listed.

And remember, always read what the thing you are installing or signing up for can do, and never trust anyone when it comes to decisions about your privacy.

To promote ‘Border Break,’ Sega is building the world’s largest mecha

Guinness is about to get a new world record and it’s not one that you see every day. Video game company Sega has teamed up with the plastic model creators Kotobukiya in order to construct what will be the world’s largest plastic mecha model in the history of mecha models (which is to say, the world). The enormous one-to-one scale plastic model is to be inspired by the upcoming PlayStation 4 edition of Border Break, and will feature parts made of Styrol resin that are intended to dock into one another, Hypebeast reports.

The individual parts have apparently yet to be assembled but are presently sitting on runners in Shinjuku Station in Tokyo. However, over the course of the coming days and weeks, they will gradually make their way out of the station and actually be combined in order to create this life-size model.

The game that serves as the inspiration for the mecha model, Border Break, is a 10 versus 10 robot team battle that is slated to make its debut on PlayStation next month on August 2. The original version of the game first came out in 2009 as an arcade game, but it has apparently become popular enough (at least in Japan), to not only spawn another edition, but an enormous plastic model, too.

For now, if you find yourself on vacation in Tokyo, you can check out the parts of what will ultimately be the world record-setting model at the Tokyo Metro Marunouchi Line Shinjuku Station Metro Promenade, where they will remain until July 8. It is not entirely clear when the entire structure will be assembled, though the team will likely want to get a move on if it is aiming to be finished by early next month.

The Border Break team has revved up quite a bit of attention around this new project, and has even offered its fans some pretty neat video footage of how the mecha is being manufactured. In the approximately 90-second video, you can check out everything from the design process to sneak peeks of the game, with the promise of a finished product coming very soon.

Editors’ Recommendations

• Meet the man fighting plastic pollution with a fleet of A.I.-powered camera drones
• ‘Metro: Exodus’: News, rumors, and everything we know
• Here’s the latest news on the Tesla Model 3, including specs and performance
• Chevrolet now lets you pay for Shell gas right from the driver’s seat
• ‘FIFA 18’ adds Russia World Cup content to game in free update

Chrome OS keeps improving, but it still doesn’t work for me

Chrome OS, one of the newest and most talked-about operating systems around, has been making steady progress over the past several months. Android app support, enhanced tablet functionality, and more improvements are making the secure, easy to use, and easy to maintain OS an increasingly attractive option. That’s true even for someone like myself, who’s been a dedicated Windows users since version 1.0 hit the streets.

But its advantages come at a price: Chrome OS remains significantly limited compared to Windows 10 in some important ways. Do those limitations matter to you? That’s the question, and let’s take a look at a few of these limitations to see if they apply to you.

It’s fine for writers

Consider my role as a technology writer. My core task to put words down on paper, literally or figuratively.  For the most part, the simple act of writing and editing requires very little in the way of computing power, advanced applications, or much complexity of any kind.

If someone asks me if I could do my job as a writer using Chrome OS, my answer would be an unequivocally, “Yes.” 

I use OneNote for creating many of my own drafts, and then I mostly copy and paste into WordPress when it’s time to publish. Regardless, this step requires nothing more than a browser, and just about any browser will do. Even my limited photo editing can be done in a browser, using any one of the free, online photo editing tools out there.

Even Chrome OS’s reputation as online-only solution no longer holds much water. Thanks to a local file manager, Chrome OS apps that can work offline, and the contribution of Android apps, the main limitation to using Chrome OS when you can’t access the internet is how little local storage many Chromebooks equip. But that’s changing as well, and in many cases you can overcome that limitation with the use of external storage.

Therefore, if someone asks me if I could do my job as a writer using Chrome OS, my answer would be an unequivocally, “Yes.” But there are plenty of roles, even in my own life, where things are very different.

Most people aren’t just writers

I was a sales and marketing professional just a few short years ago — and spent half a decade as a sales engineer. In each of these roles, my professional computing requirements were very different than they are today. I needed to access all sorts of enterprise systems, plug in all kinds of peripherals, and run a number of desktop applications.

But again, the world has changed since then. Many enterprise systems are available to Chrome OS users today through increasingly capable web apps, and many of the peripherals I used back then — such as scanners — aren’t as important as they once were.

That’s not to say the Chrome OS’s peripheral support is equal to Windows 10 — you’re not likely to find the same software support for all of the features of that new wireless mouse, for example, nor will you be able to seamlessly connect the hardware necessary for eye control of the user interface. There’s just not the same breadth and depth of hardware support for Chrome OS and likely won’t be for some time.

At the same time, desktop applications also remain a problem, and if you rely on one or a couple of them, you’ll want to be careful making the switch to Chrome OS.

Thousands of robust desktop applications are stripped-down in the Chrome OS versions. 

For me, the clearest examples are the various Microsoft Office apps, particularly Excel. While Microsoft makes versions of its popular productivity suite available to Chrome OS, via both the web and Android apps, these versions are severely limited. In fact, they could more accurately be called Office “Lite.”

For example, I regularly used the desktop Excel application’s PivotTable function, which let me slice and dice data in complex ways. And then there were the various powerful tools for getting data into and out of the application. The mobile and web versions of Excel don’t have these capabilities, not to mention the various advanced formatting, charting, and printing options. Any serious sales or marketing professional would be poorly served by these cheap imitations.

The same is true for the other web and mobile Office apps, to one extent or another. The same could be said about Adobe’s applications, as well as the many thousands of robust desktop applications that simply don’t exist for Chrome OS.

The problem of Google’s ecosystem

Let’s face it: If you use Google’s properties exclusively, then a Chromebook is much more likely to work for you. In fact, that really the only way to get the most out of a Chrome OS device.

For example, the Google Keep notetaking app likely works better on Chrome OS than Evernote or Microsoft’s OneNote. Google Docs works better on Chrome OS than does Microsoft Office. Gmail is a better Chrome OS email client than any other option. And of course, there’s the Chrome browser itself. You can run Firefox, Edge, Opera, and other browsers as Android apps, but the experience isn’t the same.

You get the theme here, right? All of Google’s properties are integrated directly into Chrome OS — or perhaps it’s more precise to say that Chrome OS is literally built around Google’s various tools. Everything is backed up, synced, and readily accessible on Chrome OS, as long as it’s made and supported by Google itself.

That’s fantastic if that’s how you already operate. However, that’s not me.

On a Chromebook, I’m primarily stuck with what Google offers, regardless of how I feel about any individual app or service.

I rely heavily on Microsoft Office products, as well as Firefox for my browsing experience. In Windows (or even MacOS), I’m more free to move between platforms, try out new apps, and adjust my workflow accordingly. On a Chromebook, I’m primarily stuck with what Google offers, regardless of how I feel about any individual app or service.

While Chrome OS is simple and relatively easy to use, I’m the kind of computer user that would have have plethora of features and customization options (even if I don’t use them all), then be in a spot where I needed something and didn’t have access to it. It’s really that simple, and while there are some complex and fidgety options to consider, such as streaming and virtual machines, none of them quite do the trick.

So, while Chromebooks might be a good option for a certain demographic out there, it’s just not me. At least — not yet.

Editors’ Recommendations

• The best Chromebooks of 2018
• New Chrome OS features make your Chromebook a better Windows replacement
• Acer Chromebook Spin 11 review
• Google’s new ‘tablet mode’ further blurs the line between Chrome OS and Android
• Chromebooks will start to feel more like Windows, but in a good way

Tinder is making it safer than ever for you to keep swiping

In case you were concerned, Tinder has now finally encrypted the photos you send on the popular dating app. In a letter to Oregon Senator Ron Wyden, Tinder’s parent company Match Group announced that it had implemented changes to ensure that photos sent between Tinder’s servers and the mobile app are now encrypted. This actually become effective back in February, following a report from security firm Checkmarx that showed that Tinder did not have basic HTTPS encryption for its photos.

So, um, this is pretty weird. Apparently Senator Wyden just got Tinder to properly encrypt your swipe data, so you can all get it on in private. pic.twitter.com/BniAVUi77Q

— Matthew Green (@matthew_d_green) June 29, 2018

What did that mean, exactly? Basically, if you were on the same Wi-Fi network as a Tinder user, you (assuming you were a trained security researcher or hacker) would be able to see any photo the user did, or insert your own images into his or her photo stream. Curiously enough, it was only the photos that were not HTTPS-encrypted — other data maintained this basic security protocol. However, the app as a whole was still unsecured enough that a hacker sharing a Wi-Fi network would be able to see all swipes and matches.

But now, all that has changed. Photos were encrypted beginning June 4, and more recently, the app introduced another security feature that makes all swipe data the same size. This makes it more difficult to differentiate among actions taken on the app (swiping, messaging, etc). That change was implemented more recently on June 19.

“I want to assure you that protecting the private data of our users is a top priority,” the Match Group wrote in its letter to Wyden. “We take the security and privacy of our users seriously and employ a network of tools and systems to protect the integrity of our platform, including encryption.”

We should point out, of course, that none of the above will really affect you in any capacity. Your Tinder profile won’t look any different, nor will your experience feel dissimilar from what you are accustomed to. That said, you can rest assured that nefarious actors should not be able to see your profile pictures. But please note — if there are nefarious actors using the dating app as fellow users, they are still fair game.

Editors’ Recommendations

• Hearts broke because Facebook made it hard for Tinder users to log in
• Money can’t buy you love, but it may buy you more compatible picks on Tinder
• Tinder begins testing a new video looping feature to add to profiles
• Tinder’s parent company Match Group swipes right on Hinge
• The best dating apps of 2018

A slimmer Spotify? Music streamer tests a ‘lite’ version for Android

Having a slower network or less data on your plan will no longer stop you from accessing the most popular apps and services on the market. The latest company to introduce a slimmed- down version of its mobile app is Spotify, who has recently debuted the predictably named Spotify Lite. As its name suggests, it’s a lightweight version of its original music streaming offering, though it seems as though it’s not exactly the most useful or successful of the “lite” apps we’ve seen thus far.

Facebook, Facebook Messenger, Instagram, and YouTube have all previously created smaller, more data-efficient versions of their apps. And while most of these maintain the major features of their bulkier older siblings, Spotify seems to have missed the mark a bit. As originally reported by Android Police, it would appear that several of the features that make Spotify, well, Spotify, aren’t appearing in Spotify Lite.

Sure, the app is only 15MB (the main app is about 100 MB), and there is also a customized launch screen and Facebook integration. But by cutting down so much on the app, it seems that Spotify has also cut down on a lot of key functionality, too. For example, you can’t access offline playback, which seems counterintuitive seeing as this feature is one of the primary data savers that Spotify currently offers.

Also missing is any extreme quality playback, though this is more forgivable seeing as you’re likely not as concerned with how clear your tunes are — just that you’re able to get them. However, Spotify Connect is also nowhere to be found, which means that you can’t stream audio from wireless speakers and other similar devices. And even if you’re a paid Spotify Premium subscriber, you won’t be able to select a specific song to play, even if you’re working from within a playlist. You’re effectively stuck on an endless shuffle loop, which means that basically none of the Premium features you pay for are present in this version of the app.

But all these shortcomings aside, you could still, of course, take Spotify Lite on a test run. Android Police has the Spotify Lite APK at APK Mirror, and you can also check it out on the Play Store, where it’s being listed as a test. It’s actually only available for download on Android in Brazil.

A Spotify spokesperson told The Verge that the team “routinely conduct[s] a number of tests in an effort to improve our user experience. Some of those tests end up paving the path for our broader user experience and others serve only as an important learning. We aren’t going to comment on specific tests at this time.”

Editors’ Recommendations

• Spotify overhauls its free tier, adds on-demand streaming on mobile
• Apple Music vs. Spotify: Which service is the streaming king?
• Spotify vs. Pandora: Which music streaming service is better for you?
• How much is Spotify Premium, and how can you get it at a discount (or for free)?
• The best music apps for iOS and Android

Game stream service found adware plaguing over 78,000 ‘Fortnite’ players

Game streaming service Rainway recently discovered adware plaguing over 78,000 Fortnite players. Rainway is a game streaming client installed on your PC that will stream your games to other devices using an internet connection. The platform itself includes a tracker that records error reports for the engineering team. To their surprise, hundreds of thousands of these reports began appearing on June 26, raising a red flag.

“Not feeling very excited to see such an influx of events on a Tuesday the engineering team was a bit flustered, after all, we hadn’t released any updates to that particular piece of our solution,” says Rainway CEO Andrew Sampson. “It became pretty clear soon after that this new flood of errors was not caused by something we did, but by something someone was trying to do.”

After examining the reports, the team noticed calls to various advertisement platforms. Given Rainway doesn’t include ads, they dug deeper and discovered that JavaScript was attempting to grab advertisements but couldn’t because only specific web addresses are whitelisted by the platform. The resulting JavaScript errors are what flagged the Rainway team.

A further examination confirmed that the problem had nothing to do with the Rainway platform itself. That pushed the team to seek out a common factor. Since customers have different hardware configurations and internet service providers, the only common factor in the error reports was Fortnite. More specifically, a Fortnite hack.

The beauty of PC games is that many can be modified. The dark side of this benefit is that hackers will take advantage of gamers wanting cheats, cool weapons, and armor. The team jumped on YouTube, discovered who and what hacks you can download for Fortnite, and installed “hundreds.” Most were malicious, but the team sought after one specific hack.

Ultimately, they struck gold. The offensive hack promised free V-Bucks (the in-game currency) and an auto-aim component. The team created a virtual machine and installed the hack to see adware route all internet traffic through itself. The result was a man-in-the-middle attack that generated web page requests containing tags for Adtelligent.

Sampson says Fortnite players downloaded the fake mod more than 78,000 times before it was pulled by the file host due to Rainway’s report. The team also contacted video ad serving platform SpringServe to identify the “abusive creatives” and Adtelligent to report the ad-based keys linked to the internet addresses.

“We’ve also put out an alert to all infected users and increased our security by enabling certificate pinning, helping mitigate any future MiTM attacks,” Sampson says. “In the future, we will alert users when we detect any foreign activity that we think could be a sign of an infection.”

Ultimately, Rainway received 381,000 reports stemming from the malicious Fortnite mod.

As Sampson points out, if something you download seems too good to be true, you may end up reformatting your PC. Mods are great for PC gaming, but only through controlled platforms that examine the legitimacy and safety of these user-created modifications. Not everyone has good intentions.

Editors’ Recommendations

• Google might be planning a game console. That doesn’t mean it will happen
• App downloads and revenues continue to grow on Android and iOS
• Intel reportedly gears up to patch 8 Spectre Next Generation CPU flaws
• Google ‘Yeti’ game console rumors: Everything we know
• Adware posing as a private network client secretly takes screenshots

The next Huawei Watch could store a pair of wireless earbuds

The Huawei Watch is considered by many to be one of the best Wear OS smartwatches out there, but if Huawei’s latest patent is anything to go by, the company could be preparing a new smartwatch that seriously steps things up in terms of versatility. Why? The patents describes a smartwatch that can store a pair of true wireless earbuds.

The patent was first spotted by LetsGoDigital and it details a few different ways in which the earbuds could be stored in the watch. For starters, they could be stored in a spring mechanism that can open or close, or they could magnetically attach to the watch. In one example, the earbuds are even stored in the watch’s clasp.

The patent also goes into the earbuds themselves, noting that they could be water-resistant and feature active noise cancellation.

Of course, while there is no doubt that this is something Huawei could do with the Huawei Watch 3, it’s another topic entirely when it comes to whether the company should do it. Smartwatches have already been criticized for their bulk compared to typical analog watches, and adding storage for a pair of earbuds likely won’t help much.

It’s important to note that just because Huawei has filed for a patent for this tech, that doesn’t mean we’ll see an actual product that can store earbuds any time soon. Companies routinely file patents for tech that never ends up getting used in a product, and it’s certainly possible — and even likely — that will be the case for this patent.

It could be a while before Huawei released a new smartwatch. The company recently launched a 2018 edition of the Huawei Watch 2, making it clear that a true Huawei Watch 3 may not be released for some time. Still, the company did confirm in an interview with TechRadar that it was working on a third iteration of the Huawei Watch, so it’s possible that we’ll see it released at some point in the next year.

In any case, even if the watch can’t actually store earbuds in its body, it would be nice to see it ship with them. Smartwatches are becoming increasingly independent from smartphones, meaning that it can be useful to have a pair of headphones that you use with your watch when you don’t want to take your phone with you.

Editors’ Recommendations

• Apple MacBook 12-inch review
• New blow for ZTE and Huawei: Devices pulled from military base stores
• Here’s everything you need to know about the Huawei P20
• Why can’t Americans buy the best Android phone of 2018? Scaremongers
• Huawei has a clever way to put Windows on phones

Another streaming service is about to raise its prices, too

That’s $60 for the year, across the board.

So the funniest thing just happened. First DirecTV Now increased the monthly price of its plans by $5 a month over the weekend. And you’ll never guess what else just happened.

Now PlayStation Vue is increasing the price of its plans by $5 a month. (Never mind that DirecTV Now had said it was increasing prices to better stay in line with where the market was.)

The change goes into effect at the end of the month and will raise the price on all four of PlayStation Vue’s streaming plans.

PSVue is available on just about every device you can think of (save for the Xbox, obviously). So if you’re using this on Android TV or Apple TV or Roku or whatever, it might be time to check that monthly bill and make sure you’re getting what you pay for.

Read the full story at CordCutters.com

Introducing CordCutters.com

• The hardware you need
• All about streaming services
• What channels are on which service
• FREE over-the-air TV
• How to watch sports
• Join the discussion

Get the latest deals

Android Security Bulletin: Everything you need to know!

Fixing the latest bugs and exploits in Android every month.

Google has detailed the latest Android Security Bulletin and released the fixes for Nexus and Pixel devices.

These are exploits and other security concerns that affect Android as a whole. Issues with the operating system, kernel patches, and driver updates may not affect any particular device, but these need to be fixed in the Android base by the folks maintaining the operating system code. That means Google, and they’ve detailed the things they have improved for this month.

Updated factory images for Pixel and Nexus devices that are supported are available, and over-the-air updates are rolling out to users. If you don’t want to wait, you can download and flash the factory image or OTA update file manually, and here are some handy instructions to get you started.

How to manually update your Nexus or Pixel

The company that made your phone uses these patches to send an update out to you.

These changes have been released to the people making Android phones for at least 30 days, but Google can’t force anyone to deliver them to you. If you’re using a phone from Samsung, LG, or anyone besides Google, you’ll need to wait for them to send an update and shouldn’t try to flash any of the above files.

Of course, Google has safety checks in place to prevent any problems on your phone because of any security exploits. Verify Apps and SafetyNet are at work anytime you add an app to your phone, and seamless updates to Google Play Services will keep them up to date regardless of any hold up from a manufacturer or carrier. Details and incident numbers can be found in the yearly Android Security Review (.pdf file).

Highlights for July 2018

July 2018’s update comes with two patch dates: 07/01/2018 and 07/05/2018.

• The same as every month, the Android Media Framework sees patches to prevent the latest exploits. This time several escalation of privilege attacks and a denial of service exploit have been patched.
• Qualcomm has patched a slew of issues, both open source and closed, that address issues for phones using its hardware.
• Google also patched a Pixel-specific issue to improve Wi-Fi reception with specific routers. That can be seen here.

Previous bulletin highlights

Here are summaries and highlights of recent patches from the monthly Android Security Bulletin. As with the current bulletin, these issues were also mitigated by Google’s Verify Apps, Safety Net, and seamless updates to Google Play Services.

Highlights for June 2018

June 2018’s update comes with two patch dates: 06/01/2018 and 06/05/2018.

• Once again the Android Media Framework sees patches to prevent the latest exploits from gaining elevated privileges, as does the Application Framework.
• LG, Qualcomm, MediaTek, and NVIDIA all provide important fixes for their assorted binaries across all devices, and critical issues with the bootloader were patched by Qualcomm and LG.
• Google also patched a number of Nexus and Pixel-specific issues in this month’s bulletin as well as made usability tweaks for those devices. Those can be seen here.

Highlights for May 2018

May 2018’s update comes with two patch dates: 05/01/2018 and 05/05/2018.

• The most severe issues addressed are in the Android runtime and Media framework, and would allow a remote user to gain elevated privileges if not fixed.
• Qualcomm and NVIDIA both provide important fixes for their assorted binaries across all devices, and Qualcomm has addressed a critical bug in the WLAN driver of their chips.
• Google also patched a number of Nexus and Pixel-specific issues in this month’s bulletin, which can be seen here.

Archives of all previous Android Security Bulletins are available at the Android Security website.

See the Android Security website for details on all bulletins

Updated July 2018: Google has detailed the latest Android Security Bulletin and released July 2018 security updates for Pixel devices.

How to manually turn on dark mode in Android P

Let’s do this thing.

Beta 3 / Developer Preview 4 for Android P is officially here, and while it’s not a drastic change over the previous version, there is one highlight feature worth pointing out — a manual dark mode. Google told us this was coming in mid-June, and now that that day has finally arrived, we’re here to tell you just how to enable it.

In order for this to work, you’ll need to have a Pixel phone running the latest available version of the Android P beta (currently Beta 3 / Developer Preview 4). Assuming you do, manually turning on dark mode is pretty simple.

Open Settings.
Tap Display.
Tap Advanced.
Scroll down and tap Device theme.

Tap Dark.

By default, the device theme is set to Automatic (based on wallpaper) like we’ve had since the Pixel 2 came out last October. However, with this latest version of the Android P beta, you can manually toggle the dark or light setup no matter what wallpaper you have.

As it stands, device theme changes the appearance of your app drawer, quick settings panel, folders, Google Feed page, the outline surrounding the Google Search bar and app shortcuts when viewing your recently opened apps, and the power menu/volume level popups.

Now, only one question remains — light or dark?

Android P features we love: Better, faster biometrics

Android P

• Android P: Everything you need to know
• Android P Beta hands-on: The best and worst features
• All the big Android announcements from Google I/O 2018
• Will my phone get Android P?
• How to manually update your Pixel to Android P
• Join the Discussion