Fully-remote (0-click) bug on the Samsung S24 if Google Messages is configured for RCS (the default configuration on this device), as the transcription service decodes incoming audio before a user interacts with the message for transcription purposes. Issue is fixed now.
https://project-zero.issues.chromium.org/issues/368695689

Discovery of 6 vulnerabilities in one Qualcomm driver and one of the used as In-the-Wild exploit
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html

Bluetooth RCE allows to compromise the car to be able to record in-car audio, take screenshots, and download contacts from a Skoda Superb over the Internet
https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf

Vulnerabilities in the eSIM download protocol
http://i.blackhat.com/EU-24/Presentations/EU-24-Ahmed-VulnerabilitiesIneSIM.pdf

How to detect ARP spoofing attack using Android app
https://www.mobile-hacker.com/2024/12/16/detect-arp-spoofing-attack-using-android-app/

DOJ filed paperwork to US District Court to force Google to spin off Chrome [pdf]
Article, Comments

That doc is 2 years old and says right at the top that it was already outdated.

The situation with Play Integrity has changed dramatically over the last two years.

Google is now extremely aggressive about shutting down workarounds quickly. Remember that there is no guarantee that you will be able to consistently pass it on a non-stock device: this is Play Integrity's core function.

In the meantime microG has finally added PI support, which can make it easier to pass PI, but once again, there are no guarantees of this. It's depends greatly on your device, your ROM and Google's latest countetmeasures.

"In a way".

And in other ways, it's just Google doing what Google does, destroying the value of the FOSS base of Android (AOSP) and trying to push every android user to be completely dependent on their proprietary, closed-source "addons" to android which are often presented as "inevitable" and "necessary" when the simple fact is, in many cases they are NOT. Not from any technical standpoint.

Fun fact:

In order to support Safetynet, microG had to actually include a proprietary Google blob ("Droidguard") in GmsCore to perform the "secret" Googly things that allowed microG to add support for that function.

I suspect the same is true of Play Integrity.

That code is, for obvious reasons, not open source and not publicly documented.

Needless to say, a lot of people in the FOSS world, both devs and users, are wary of having such proprietary/secret Google code on their devices.

But it's an optional feature and a tradeoff, just like installing official Play Store with all it's malware-like behaviour: to get features you can no longer get on a pure FOSS android device.

Google has for over 10 years now been moving more and more core OS functions out of AOSP and into their proprietary GMS, GSF and Gplay frameworks, to try to "marry" its android users to those things.

It's one of the main motivations for Marvin to found the microG project ~12 years ago.

Yep, just control in general and maximizing their revenue opportunies.

At a time when there are movements around the world to force both Google and Apple to stop forcing all users of their platforms to get software via their proprietary stores.

Google's answer to that is to ramp up harassment of customized android devices and demonize both those users and 3rd-party app stores by trying to convince their user base that horrible things will happen if they allow people more freedom in where they get their software.

HMD Key Announced for £59 in the UK, Australia, and New Zealand
Article, Comments

How hucksters are manipulating Google to promote shady Chrome extensions
Article, Comments

I will never need to buy a new computer again
Article, Comments

Tabby: Self-hosted AI coding assistant
Article, Comments

Look at what is possible with just a WiFi router…

Remember all the people who called us conspiracy theorists for saying 5G was going to be used as a catastrophically invasive surveillance ₩eapon?**

Join us now: Before Our Time📜

Qubes OS: A reasonably secure operating system
Article, Comments