Forwarded from Tech & Leaks Zone
BREAKING: Google Announced Changes to the Play Integrity API
Google has announced changes in the tech that powers the Play Integrity API on all devices running Android 13+ (API Level 33). API integrations will automatically transition to the new verdicts in May 2025.
The improved verdicts will require, and make greater use of, hardware-backed security signals using Android Platform Key Attestation, making it significantly harder and more costly for attackers to bypass. Weโll also be adjusting verdicts when we detect security threats across Android SDK versions, such as when there is evidence of excessive activity or key compromise, without requiring any developer work
The transition to the new verdicts will reduce the device signals that need to be collected and evaluated on Google servers by ~90% and our testing indicates verdict latency can improve by up to ~80%.
All optional verdict signals are being standardized across apps, games, SDKs, and more.
For apps installed outside of Google Play & all other API requests, developers receive a verdict with information about the device, account license, and app, but without the extra security signals. You can read the full changes on Android Developers Blog
Follow @TechLeaksZone
Google has announced changes in the tech that powers the Play Integrity API on all devices running Android 13+ (API Level 33). API integrations will automatically transition to the new verdicts in May 2025.
We're updating the โmeets-strong-integrityโ response to require a security update within the last year on devices running Android 13 and above. For example, your app could respond differently to the legacy โmeets-strong-integrityโ definition on devices running Android 12 and lower than to the enhanced definition on devices running Android 13 and higher. However, when the strong label isnโt available for the user, we recommend that you have a fallback option.
The improved verdicts will require, and make greater use of, hardware-backed security signals using Android Platform Key Attestation, making it significantly harder and more costly for attackers to bypass. Weโll also be adjusting verdicts when we detect security threats across Android SDK versions, such as when there is evidence of excessive activity or key compromise, without requiring any developer work
The transition to the new verdicts will reduce the device signals that need to be collected and evaluated on Google servers by ~90% and our testing indicates verdict latency can improve by up to ~80%.
All optional verdict signals are being standardized across apps, games, SDKs, and more.
For apps installed outside of Google Play & all other API requests, developers receive a verdict with information about the device, account license, and app, but without the extra security signals. You can read the full changes on Android Developers Blog
Follow @TechLeaksZone
Forwarded from Mishaal's Android News Feed
Interested in working on Android Automotive?
The folks from Snapp Automotive have created an AAOS development kit that's based on the existing VIM3 board from Khadas.
All you need to do is buy the VIM3 board and a display, set up your platform and flashing tools, flash the u-boot and Android bootloaders, then flash one of the prebuilt AAOS images compiled by Snapp Automotive.
If you want to know why you should choose this option over repurposing a Pixel phone or tablet like Google recommends, as well as the journey behind the creation of this dev kit, check out this article.
The folks from Snapp Automotive have created an AAOS development kit that's based on the existing VIM3 board from Khadas.
All you need to do is buy the VIM3 board and a display, set up your platform and flashing tools, flash the u-boot and Android bootloaders, then flash one of the prebuilt AAOS images compiled by Snapp Automotive.
If you want to know why you should choose this option over repurposing a Pixel phone or tablet like Google recommends, as well as the journey behind the creation of this dev kit, check out this article.
Forwarded from Mishaal's Android News Feed
The latest alpha release of the Jetpack PDF support library (version 1.0.0-alpha04) expands PDF Viewer support to devices running Android 12, 12L, 13, and 14 with SDK Extension level 13.
I haven't seen any apps integrate this new PDF Viewer library yet, but that's bound to change as this support library exits alpha (and adds Jetpack Compose support as mentioned in the changelog).
Android 15, if you'll recall, brought substantial improvements to Android's PdfRenderer APIs, letting apps incorporate advanced features. These features are being backported through Mainline updates and developers can simplify adding these capabilities to their apps through the Jetpack support library.
I haven't seen any apps integrate this new PDF Viewer library yet, but that's bound to change as this support library exits alpha (and adds Jetpack Compose support as mentioned in the changelog).
Android 15, if you'll recall, brought substantial improvements to Android's PdfRenderer APIs, letting apps incorporate advanced features. These features are being backported through Mainline updates and developers can simplify adding these capabilities to their apps through the Jetpack support library.
Forwarded from Mishaal's Android News Feed
Google announced at I/O that Health Connect on Android would let apps sync more than 30 days worth of data (historical reads) as well as read data in the background (background reads).
Both of these features are already live in the version of Health Connect that ships with Android 15 as well as Android 14 devices with SDK Extension version 13.
However, apps need to be updated to take advantage of these features. Version 1.1.0-alpha09 of the Health Connect Jetpack library added support for the background reads feature, while -alpha10 added support for the historical reads feature.
Once apps add support (likely will start happening after v1.1.0 exits alpha), then you'll be able to manage their access to historical/background data through the Health Connect app, as shown above.
Both of these features are already live in the version of Health Connect that ships with Android 15 as well as Android 14 devices with SDK Extension version 13.
However, apps need to be updated to take advantage of these features. Version 1.1.0-alpha09 of the Health Connect Jetpack library added support for the background reads feature, while -alpha10 added support for the historical reads feature.
Once apps add support (likely will start happening after v1.1.0 exits alpha), then you'll be able to manage their access to historical/background data through the Health Connect app, as shown above.
Forwarded from Mishaal's Android News Feed
The Linux Terminal app in Android 15 QPR2 is fairly barebones in terms of what it can let you do right now, but a lot of improvements are in the works, including:
* Hardware acceleration support. If the file
* Graphical environment support. By installing Wayland compositor and VNC backend, you can enable a graphical environment.
(Note: I tried this already, but it didn't work - likely need to wait for a future update.)
* A backup option to preserve your Linux VM install. (A restore option is still in the works.)
* Forced portrait mode if there's no hardware keyboard attached.
* NDK APIs for AVF.
* Removal of the VMLauncher app and full integration into the Terminal app. (
* Google's compiled Debian images will soon be downloaded from Google's download servers rather than GitHub. eg. here's a static link to the latest AArch64 images.
* Hardware acceleration support. If the file
/sdcard/linux/virglrenderer exists on the device, VirGL for the VM will be enabled. This requires enabling ANGLE for the Terminal app.* Graphical environment support. By installing Wayland compositor and VNC backend, you can enable a graphical environment.
(Note: I tried this already, but it didn't work - likely need to wait for a future update.)
* A backup option to preserve your Linux VM install. (A restore option is still in the works.)
* Forced portrait mode if there's no hardware keyboard attached.
* NDK APIs for AVF.
* Removal of the VMLauncher app and full integration into the Terminal app. (
vm_launcher_lib is being integrated into Terminal.)* Google's compiled Debian images will soon be downloaded from Google's download servers rather than GitHub. eg. here's a static link to the latest AArch64 images.
Forwarded from Mishaal's Android News Feed
Google has announced that it's hardening Play Integrity API verdicts so they're less spoofable but also faster and more privacy-friendly.
- Improved device integrity verdicts on Android 13+ will require the use of hardware-backed security signals using Android Platform Key Attestation, making them much harder to bypass. Google will adjust verdicts when it detects "security threats across Android SDK versions, such as when there is evidence of excessive activity or key compromise."
- The Play Integrity API will now have the "same level of reliability and support across all Android form factors."
- Because these new verdicts reduce the number of device signals that need to be collected and evaluated, Google says verdict latency can improve by up to 80%.
Developers can opt in to use these new verdicts today or wait until May 2025 which is when all API integrations will automatically transition.
In addition:
- The "meets-strong-integrity" response is being updated to require a security patch level within the last year on devices running Android 13+.
- A new device attributes field lets apps adjust their behavior based on the user's Android SDK version.
- All optional verdict signals are being standardized across apps, games, SDKs, and more.
- Improved device integrity verdicts on Android 13+ will require the use of hardware-backed security signals using Android Platform Key Attestation, making them much harder to bypass. Google will adjust verdicts when it detects "security threats across Android SDK versions, such as when there is evidence of excessive activity or key compromise."
- The Play Integrity API will now have the "same level of reliability and support across all Android form factors."
- Because these new verdicts reduce the number of device signals that need to be collected and evaluated, Google says verdict latency can improve by up to 80%.
Developers can opt in to use these new verdicts today or wait until May 2025 which is when all API integrations will automatically transition.
In addition:
- The "meets-strong-integrity" response is being updated to require a security patch level within the last year on devices running Android 13+.
- A new device attributes field lets apps adjust their behavior based on the user's Android SDK version.
- All optional verdict signals are being standardized across apps, games, SDKs, and more.
Forwarded from Mishaal's Android News Feed
๐ฑHuawei's Harmony OS Next doesn't natively support Android apps, but that hasn't stopped some people
A new tool called 'EasyAbroad' lets you run various Android apps like YouTube, Gmail, and more in a container. It seems to work surprisingly well!
A new tool called 'EasyAbroad' lets you run various Android apps like YouTube, Gmail, and more in a container. It seems to work surprisingly well!
Android Authority
Harmony OS Next doesn't natively support Android apps, but that hasn't stopped some people
A new tool lets Huawei devices running Harmony OS Next run Android apps like YouTube, Gmail, Spotify, and more.
Forwarded from NoGoolag
This media is not supported in your browser
VIEW IN TELEGRAM
The EU Commission is apparently planning a major expansion of surveillance measures for digital devices. Even household appliances are affected.
WhatsApp , telephones, voice assistants from Google or Apple and even smart refrigerators in homes should be able to be monitored in the future, if the EU Commission has its way. This is the result of a confidential proposal paper that a group of experts has drawn up on behalf of the EU Commission.
The 28-page paper proposes 42 points for more stringent surveillance. Work is already underway on the possible implementation of these plans.
Soft disclosures of things they are already doing. This also lines up "nicely" with Digital IDs.
Problem | Reaction | "Solution"
ARTICLE
WhatsApp , telephones, voice assistants from Google or Apple and even smart refrigerators in homes should be able to be monitored in the future, if the EU Commission has its way. This is the result of a confidential proposal paper that a group of experts has drawn up on behalf of the EU Commission.
The 28-page paper proposes 42 points for more stringent surveillance. Work is already underway on the possible implementation of these plans.
Soft disclosures of things they are already doing. This also lines up "nicely" with Digital IDs.
Problem | Reaction | "Solution"
ARTICLE
Forwarded from Police frequency
Criminals exploit generative artificial intelligence to commit fraud and enhance their schemes. Since it can be difficult to identify, the FBI is providing examples of how criminals may use generative #AI in their fraud schemes. #TechTuesday
https://www.ic3.gov/PSA/2024/PSA241203
FBI Los Angeles
https://www.ic3.gov/PSA/2024/PSA241203
FBI Los Angeles
Forwarded from Treble GSI's | Privacy + Secure
๐ซต Chillax ๐
Forwarded from ๐ฝ๐ผ๐ฝ๐ ๐ข๐๐ฆ | ๐๐ข๐ฆ๐ฆ, ๐๐ถ๐ณ๐ฒ, ๐ ๐ฒ๐บ๐ฒ๐ (StoryFell Chara.)
CityHop Cafe
You can travel the world from the comfort of your desk at CityHop Cafe, where you can drive or walk through new cities while enjoying relaxing music. Just take a seat back and unwind.
๐ Links:
- Website
- Features
- Source code
Developer: Nickersoft
๐ท Tags: #Website #VirtualTravel #Relaxation #OpenSource #LoFi
You can travel the world from the comfort of your desk at CityHop Cafe, where you can drive or walk through new cities while enjoying relaxing music. Just take a seat back and unwind.
๐ Links:
- Website
- Features
- Source code
Developer: Nickersoft
๐ท Tags: #Website #VirtualTravel #Relaxation #OpenSource #LoFi
Forwarded from Hacker News
GitHub
GitHub - KopiasCsaba/open_sound_control_bridge: An advanced automation framework for audio mixer consoles, OBS, PTZ cameras andโฆ
An advanced automation framework for audio mixer consoles, OBS, PTZ cameras and more based on the Open Sound Control protocol. - KopiasCsaba/open_sound_control_bridge
Forwarded from Hacker News
Forwarded from Hacker News
Kagi
Search API | Kagi's Docs
Kagi Search Help