Forwarded from Gizchina.com
iQOO Z10R Teased With Curved Screen, 4K Video and Portrait Perks Ahead of Launch
https://www.gizchina.com/2025/07/13/iqoo-z10r-teased-with-curved-screen-4k-video-and-portrait-perks-ahead-of-launch/
https://www.gizchina.com/2025/07/13/iqoo-z10r-teased-with-curved-screen-4k-video-and-portrait-perks-ahead-of-launch/
Forwarded from XiaomiTime: Xiaomi & HyperOS News (IFTTT)
"Android 16 QPR1 beta for Pixel smartphones is live! Features a revamped UI, advanced notifications, and enhanced customization. HyperOS 2.3 updates expected on June 22. Both offer unique experiences for users in 2025!"
🔗 Check More
🔗 Check More
XiaomiTime
Android 16 QPR1 vs HyperOS 2.3: Who dominates the UI space in 2025? - XiaomiTime
Google has officially rolled out the Android 16 QPR1 beta update to Pixel smartphones, which features an extensive UI revamp similar to what we've seen last
🔥Official android 16 custom rom DerpFest OS baklava
🤯 First officially supported GSI rom
🚀Old is gold with best of performance, UI and stability
https://youtu.be/-kN3FpdYC-U
🤯 First officially supported GSI rom
🚀Old is gold with best of performance, UI and stability
https://youtu.be/-kN3FpdYC-U
Forwarded from Hacker News
GitHub
GitHub - dsekz/chrome-x-browser-validation-header: Reverse engineering and generation toolkit for Chrome's private x-browser-validation…
Reverse engineering and generation toolkit for Chrome's private x-browser-validation header, used for integrity. - dsekz/chrome-x-browser-validation-header
#A14 #Official #TD #GSI #iodéOS #LineageOS
Build Date: 2025 07 13
??? Security Patch
iodéOS-5.15-20250713
Note
Maintainer: iodé.tech
Download: LINK
@TrebleGsis_PrivacySecure_Chat
@TrebleGsis_PrivacySecure_Channel
Build Date: 2025 07 13
??? Security Patch
iodéOS-5.15-20250713
iodéOS is an Android based Operating System freed from Google trackers. iodéOS analyses in real-time connection attempts from your apps and allows you to:
see the identity of all recipients and the quantity of data they wish to collect
block if you want malicious recipients (advertisements, malwares, spams, statistics & trackers)
measure how privacy-respectful your apps are
Note
On my test device (FP4) it passes safetynet and Revolut works. Maybe on a different device/vendor it won't be the case
Maintainer: iodé.tech
Download: LINK
@TrebleGsis_PrivacySecure_Chat
@TrebleGsis_PrivacySecure_Channel
Forwarded from Gizchina.com
Qualcomm’s Snapdragon Wear W6 Promises Big Upgrades
https://www.gizchina.com/2025/07/13/qualcomms-snapdragon-wear-w6-promises-big-upgrades/
https://www.gizchina.com/2025/07/13/qualcomms-snapdragon-wear-w6-promises-big-upgrades/
Forwarded from Hacker News
Electronic Frontier Foundation
Axon’s Draft One is Designed to Defy Transparency
Axon Enterprise’s Draft One — a generative artificial intelligence product that writes police reports based on audio from officers’ body-worn cameras — seems deliberately designed to avoid audits
Forwarded from Tech & Leaks Zone
Lenovo Yoga Tab Plus Launched in India
Specifications:
• 12.7-inch (2944 x1840 px) 3K resolution LCD Screen
• 144Hz refresh rate
• Anti-reflection coating
• 900nits peak brightness
• Dolby Vision
• Runs ZUI 16 based on Android 14
• 3 AndroidOS upgrade (Last is Android 17)
• 4yrs Security Patches
• Snapdragon 8 Gen 3 SoC
• LPDDR5X RAM; UFS 4.0 storage
• 13MP main (AF; NO OIS) + 2MP useless sensor
• 13MP (AF) front camera
• Side-mounted fingerprint scanner
• Six Harman Kardon speakers, Dolby Atmos
• USB Type-C audio; USB-C 3.2 Gen1
• 10,200mAh battery with 45W fast charging
Accessories: Lenovo Tab Pen Plus stylus & Lenovo Yoga Tab Plus 2-in-1 Keyboard
Pricing:
• 16GB+256GB= Rs.44,999 (~525$)
• 16GB+512GB= Rs.47,999 (~560$)
FREE Pen and Keyboard both
Follow @TechLeaksZone
Specifications:
• 12.7-inch (2944 x1840 px) 3K resolution LCD Screen
• 144Hz refresh rate
• Anti-reflection coating
• 900nits peak brightness
• Dolby Vision
• Runs ZUI 16 based on Android 14
• 3 AndroidOS upgrade (Last is Android 17)
• 4yrs Security Patches
• Snapdragon 8 Gen 3 SoC
• LPDDR5X RAM; UFS 4.0 storage
• 13MP main (AF; NO OIS) + 2MP useless sensor
• 13MP (AF) front camera
• Side-mounted fingerprint scanner
• Six Harman Kardon speakers, Dolby Atmos
• USB Type-C audio; USB-C 3.2 Gen1
• 10,200mAh battery with 45W fast charging
Accessories: Lenovo Tab Pen Plus stylus & Lenovo Yoga Tab Plus 2-in-1 Keyboard
Pricing:
• 16GB+256GB= Rs.44,999 (~525$)
• 16GB+512GB= Rs.47,999 (~560$)
FREE Pen and Keyboard both
Follow @TechLeaksZone
Forwarded from XiaomiTime: Xiaomi & HyperOS News (IFTTT)
"Become a HyperOS Mi Pilot beta tester!1. Download the latest Mi Community app.2. Change region to Global in settings.3. Apply for the Beta Program under 'Beta testing'.Eligibility checks and basic questions apply. Approval within 7 days! Enjoy early access to HyperOS!"
🔗 Check More
🔗 Check More
XiaomiTime
How to become a HyperOS Mi Pilot beta tester? - XiaomiTime
If you want to be able to test and install HyperOS Mi Pilot releases early, you should become a HyperOS Beta Tester. Becoming a HyperOS Beta tester is a very
Forwarded from Tech & Leaks Zone
OnePlus Nord CE 5 Announced Globally
OnePlus Nord CE 5 is rebranded Ace 5 Racing Edition. As usual, OnePlus is again offering inferior processor & storage to the global markets. These includes:
1. Dimensity 9400e (basically flagship Dimensity 9300 Plus) in China while midrange MediaTek Dimensity 8350 globally.
2. UFS 4.0 storage for China while UFS 3.1 globally.
However, OnePlus has added MicroSD Card slot support for global markets and have also replaced the 2MP useless camera with 8MP ultrawide. All other specifications remains the same like the single mono speaker, 7100mAh battery etc.
Pricing:
• 8GB+128GB= Rs. 25,000/ €299/ £249
• 8GB+256GB= Rs. 27,000/ €349/ £299
• 12GB+256GB= Rs. 29,000
Follow @TechLeaksZone
OnePlus Nord CE 5 is rebranded Ace 5 Racing Edition. As usual, OnePlus is again offering inferior processor & storage to the global markets. These includes:
1. Dimensity 9400e (basically flagship Dimensity 9300 Plus) in China while midrange MediaTek Dimensity 8350 globally.
2. UFS 4.0 storage for China while UFS 3.1 globally.
However, OnePlus has added MicroSD Card slot support for global markets and have also replaced the 2MP useless camera with 8MP ultrawide. All other specifications remains the same like the single mono speaker, 7100mAh battery etc.
Pricing:
• 8GB+128GB= Rs. 25,000/ €299/ £249
• 8GB+256GB= Rs. 27,000/ €349/ £299
• 12GB+256GB= Rs. 29,000
Follow @TechLeaksZone
Telegram
Tech & Leaks Zone
OnePlus Ace 5 Ultra and Ace 5 Racing Edition Launched in China
Both of them features self-developed “Fengchi gaming core kernel”, glacier cooling system and self-developed "Lingxi touch chip" which enhances touch responsiveness with upto 3000Hz touch sampling…
Both of them features self-developed “Fengchi gaming core kernel”, glacier cooling system and self-developed "Lingxi touch chip" which enhances touch responsiveness with upto 3000Hz touch sampling…
https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part1/README.md
TL;DR
matrix.org and vector.im receive a lot of private, personal and identifiable data on a regular basis, or metadata that can be used to precisely identify and/or track users/server, their social graph, usage pattern and potential location. This is possible both by the default configuration values in synapse/Riot that do not promote privacy, and by specific choices made by their developers to not disclose, inform users or resolve in a timely manner several known behaviours of the software.
Data sent on a potential regular basis based on a common web/desktop+smartphone usage even with a self-hosted client and Homeserver:
The Matrix ID of users, usually including their username.
Email addresses, phone numbers of the user and their contacts.
Associations of Email, phone numbers with Matrix IDs.
Usage patterns of the user.
IP address of the user, which can give more or less precise geographical location information.
The user's devices and system information.
The other servers that users talks to.
Room IDs, potentially identifying the Direct chat ones and the other user/server.
With default settings, they allow unrestricted, non-obfuscated public access to the following potentially personal data/info:
Matrix IDs mapped to Email addresses/phone numbers added to a user's settings.
Every file, image, video, audio that is uploaded to the Homeserver.
Profile name and avatar of users.
See below for a detailed analysis.
TL;DR
matrix.org and vector.im receive a lot of private, personal and identifiable data on a regular basis, or metadata that can be used to precisely identify and/or track users/server, their social graph, usage pattern and potential location. This is possible both by the default configuration values in synapse/Riot that do not promote privacy, and by specific choices made by their developers to not disclose, inform users or resolve in a timely manner several known behaviours of the software.
Data sent on a potential regular basis based on a common web/desktop+smartphone usage even with a self-hosted client and Homeserver:
The Matrix ID of users, usually including their username.
Email addresses, phone numbers of the user and their contacts.
Associations of Email, phone numbers with Matrix IDs.
Usage patterns of the user.
IP address of the user, which can give more or less precise geographical location information.
The user's devices and system information.
The other servers that users talks to.
Room IDs, potentially identifying the Direct chat ones and the other user/server.
With default settings, they allow unrestricted, non-obfuscated public access to the following potentially personal data/info:
Matrix IDs mapped to Email addresses/phone numbers added to a user's settings.
Every file, image, video, audio that is uploaded to the Homeserver.
Profile name and avatar of users.
See below for a detailed analysis.
GitHub
paper-research-privacy-matrix.org/part1/README.md at master · libremonde-org/paper-research-privacy-matrix.org
Privacy research on Matrix.org. Contribute to libremonde-org/paper-research-privacy-matrix.org development by creating an account on GitHub.
Forwarded from cKure
■■■■□ New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities.
https://cybersecuritynews.com/esim-hack/
https://cybersecuritynews.com/esim-hack/
Cyber Security News
New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities
A critical vulnerability in eSIM technology enables attackers to clone mobile subscriber profiles and hijack phone identities.
Bypassing Google's big anti-adblock update
Article, Comments
After a lot of time looking into the C++ code, I found exactly one vulnerable thing:
the opt_webViewInstanceId parameter. This was set for Chrome platform apps, in order to let them manage their embedded websites (WebViews). Among other things, it let them use web request blocking to control navigation. Basically, if an event had a WebView ID, the permission check for webRequestBlocking would be skipped. The issue was that the browser never verified that an event with a WebView ID actually belonged to a platform app. So an extension could spoof it, skip the check, and use the blocking feature.
Maybe I should note that platform apps were deprecated in 2020. I found this bug in 2023, and the code to handle opt_webViewInstanceId still exists in 2025. Goes to show how ancient code leads to bugs.
Article, Comments
After a lot of time looking into the C++ code, I found exactly one vulnerable thing:
the opt_webViewInstanceId parameter. This was set for Chrome platform apps, in order to let them manage their embedded websites (WebViews). Among other things, it let them use web request blocking to control navigation. Basically, if an event had a WebView ID, the permission check for webRequestBlocking would be skipped. The issue was that the browser never verified that an event with a WebView ID actually belonged to a platform app. So an extension could spoof it, skip the check, and use the blocking feature.
let WebRequestEvent = chrome.webRequest.onBeforeRequest.constructor // opt_webViewInstanceId is the 5th argument let fakeEvent = new WebRequestEvent("webRequest.onBeforeRequest", 0, 0, 0, 1337) fakeEvent.addListener(() => { return { cancel: true } }, { urls: ['*://*.example.com/*'] }, ['blocking']) Maybe I should note that platform apps were deprecated in 2020. I found this bug in 2023, and the code to handle opt_webViewInstanceId still exists in 2025. Goes to show how ancient code leads to bugs.