Saturday, June 30, 2018

How to immediately get OxygenOS updates for the OnePlus 6/5T/5/3T/3

OxygenOS Open Beta for the OnePlus 5 and OnePlus 5T

One of the most annoying parts of over-the-air (OTA) updates is waiting for the update to be delivered on your device. This varies wildly from device to device, and many factors take part while checking if you're eligible: your carrier, your OEM, your current Android version, and your actual geographical location/IP, just to name a few. It's particularly annoying when your OEM doesn't officially support your country. If you want to skip the wait and immediately get OxygenOS updates on your OnePlus 6, OnePlus 5T, OnePlus 5, OnePlus 3T, or OnePlus 3, then you can use the free Oxygen Updater app to do so.

Skipping the line with Oxygen Updater

I live in Caracas, Venezuela, and I currently use a OnePlus 5T as my daily driver. OnePlus doesn't officially sell their phones in Venezuela—I had to import mine from the U.S. store and have it shipped to me via a third-party, so OxygenOS updates are sometimes delayed by quite a bit here. I often download update packages with my browser, either from the official OnePlus download section or XDA threads, in order to update my device and then proceed to install it with either TWRP or the Oxygen Recovery.

It's even worse for other devices made by other manufacturers. Just to cite an example, update rollouts for LG can often take months to roll out from one country to the other. This is pretty common practice in the Android ecosystem. It's pretty rare to find a phone that actually receives timely security patches, without counting the Google Pixel phones. OnePlus used to be pretty slow when keeping their phones up to date, but they have picked up the pace recently, especially when it comes to security patches. But actual OTA rollouts still take a while to reach everyone. There's a good reason for that, though, and it's to ensure that bugs are caught early before the update reaches everyone.

If you don't want to wait for an update, you can use a VPN to connect to OnePlus' usual test markets: Germany or Canada. This is exactly what the Oxygen Updater app does for you. Oxygen Updater is a pretty nifty tool that, despite what the name would tell you, is not made by OnePlus or anyone closely related to the company. It's instead an unofficial tool which focuses on OnePlus devices like the OnePlus 6, OnePlus 5T, OnePlus 5, OnePlus 3T, and OnePlus 3. The concept is pretty simple: you select your device and the app checks whether an update is available.

How to get OxygenOS updates on the OnePlus 6, OnePlus 5T, OnePlus 5, OnePlus 3T, and OnePlus 3 How to get OxygenOS updates on the OnePlus 6, OnePlus 5T, OnePlus 5, OnePlus 3T, and OnePlus 3 How to get OxygenOS updates on the OnePlus 6, OnePlus 5T, OnePlus 5, OnePlus 3T, and OnePlus 3

Oxygen Updater grabs update packages for all currently supported OnePlus devices, including the OnePlus 6, the OnePlus 5/OnePlus 5T, and the OnePlus 3/OnePlus 3T, in both OxygenOS stable and Open Beta channels. It also gives you the option to download partial OTA packages (if you're unrooted) and full firmware ZIPs, both of which you can install through your recovery of choice. Furthermore, it skips over OnePlus' OTA rollouts: if an update exists for your device, you'll be able to download said update right away, even if the Update section in your phone says your device is up to date.

How to get OxygenOS updates on the OnePlus 6, OnePlus 5T, OnePlus 5, OnePlus 3T, and OnePlus 3 How to get OxygenOS updates on the OnePlus 6, OnePlus 5T, OnePlus 5, OnePlus 3T, and OnePlus 3

How to get OxygenOS updates on the OnePlus 6/5T/5/3T/3

For all intents and purposes, it's just as feature rich as the OxygenOS update manager. Maybe even better. It's pretty simple to use, actually:

  1. Download Oxygen Updater from the Google Play Store using the button below.
  2. Start the app. It'll start on the setup screen, where the app will be configured for your device.
  3. Note that the app may check for root access and ask for root permissions. If applicable, then grant it, since it will simply default the update method to "full update" instead of partial update otherwise.
  4. Follow through the setup until you get to the main screen. If it says your device is up to date, then congrats!
  5. If it says an update is available, download it and the update will begin downloading in the background.
  6. After it's finished, just tap on the notification. The app will follow through the normal update cycle: it'll reboot, boot into recovery mode, install, then reboot again.

I found it to be a pretty reliable tool during my own testing. I bumped my OnePlus 5T from Open Beta 8 straight to Open Beta 10 in a breeze. As we said before, it's also compatible with all devices currently supported by OnePlus, so it's definitely something worth checking out if you're a OnePlus user. You can download and give Oxygen Updater a shot yourself for free from Google Play.

Oxygen Updater (Free+, Google Play) →



from xda-developers https://ift.tt/2yVR21F
via IFTTT

Google Pay prepares integrating Google Pay Send features into the main app

Google Pay Send

In the world of mobile payment systems, Google had a bit of an identity crisis until earlier this year. Their services once included Android Pay, Google Wallet, and Pay with Google. The Android Pay app was a digital wallet that used NFC to make payments. Google Wallet was a peer-to-peer payment service for people to send and receive money. Pay with Google used the Google Payment API to allow users to make payments via Google Assistant or web browsers with any card on file with their Google account. To reduce confusion, Google introduced the "Google Pay" brand at the beginning of 2018 to unify these services. However, Google Wallet remained a separate app (though it was rebranded as "Google Pay Send"). Now, it seems that the Google Pay Send features are nearly ready to be integrated into the main app.google pay

Google Pay services. Source: Google.

We were told this integration would be happening back during the initial rollout of the Pay service. Specifically, the integration would be rolling out "within the next few months," though we haven't heard any further news in the four months that have passed. Regardless, it appears that the former Google Wallet features are already fully functional in the standard Pay app, and furthermore, the peer-to-peer payments even work in the United Kingdom (the Pay Send app doesn't work in the U.K.)

The integration was discovered by XDA Recognized Developer Quinny899 (Kieron Quinn of Mighty Quinn Apps) and confirmed by us. With the Google Pay Send app uninstalled, we were able to activate the peer-to-peer payment functionality within the standard app and successfully send a payment. As you can see in the screenshots below, a new "send money" tab appears in the bottom toolbar. Tapping on this brings us to a page where we can send or request money from either an existing contact or new contact. Even a group request can be made on this page.

Google Pay Send, Android Pay, Google Wallet, Pay with Google Google Pay Send, Android Pay, Google Wallet, Pay with Google Google Pay Send, Android Pay, Google Wallet, Pay with Google Google Pay Send, Android Pay, Google Wallet, Pay with Google

Once this feature rolls out in the U.S. and U.K., you'll no longer need to install the separate Google Pay Send app to take advantage of the peer-to-peer payment functionality. For now, you'll have to keep both apps installed if you want to send or receive money to or from other people.

Google Pay Send (Free, Google Play) →

We'll keep an eye out on any new Pay features that we spot. The service continues to become more useful over time with new features like support for mobile boarding passes and event tickets (…almost like a wallet, no?) and sending money via Google Assistant.



from xda-developers https://ift.tt/2KlnwYq
via IFTTT

How EAS helps make the Google Pixel the fastest Android phone

Linux Kernel Energy Aware Scheduling

Far back in the past when Linux was just an idea in the mind of Linus Torvalds, CPUs were single-core entities which required an immense amount of energy for little power. The first ever commercially available processor, the Intel 4004, ran at a clock-rate of 740kHz on a single core. Back then, there was no need for a load scheduler. Load scheduling was reserved for the dual-core "behemoths" such as the IBM Power 4. These ran at a beastly 1.1GHz to 1.9GHz and required programs and the system to utilize these cores correctly. How did we get from these machines to software algorithms that make use of multiple cores? You may have heard of Energy Aware Scheduling (EAS) on our forums before. It's part of the reason why the Google Pixel smartphones perform so well. What's so great about EAS and how did we even get to this point? Before we can explain that, we need to talk about Linux load schedulers.


The Evolution of the Linux Load Schedulers

Round-Robin Scheduling

Round Robin Processing. Source: Wikipedia

Round robin processing is a simple concept to explain and understand, and an even simpler one to grasp its disadvantages. Round-robin uses time slicing to allocate time to each process. Let's assume we have four processes running on our computer.

  • Process A
  • Process B
  • Process C
  • Process D

Now, let's do the job of the round-robin scheduler. We will allocate 100 milliseconds (time-slicing) to each process before moving on to the next. This means Process A can take 100 milliseconds to do its processing, then it moves to Process B and so on. If an application's job takes 250 milliseconds to do, it will need to go through this process 3 times just to finish its work! Now scale this across different cores, so that Process A and Process B are allocated to core 1, and Process C and Process D are allocated to core 2. This was replaced by O(n) scheduling (which was like round-robin, but using epochs and allowing dynamic allocation of time), then O(1) scheduling (minimized overhead, unlimited process support), then finally the Completely Fair Scheduler (CFS). CFS was merged into the Linux kernel version 2.6.23 in October 2007. It has been overhauled since and is still the default scheduler in Linux systems.

Completely Fair Scheduler

The Completely Fair Scheduler has existed in Android since its inception and is used on non-big.LITTLE devices. It uses an intelligent algorithm to determine processing order, time allocated etc. It is an example of a working implementation of the well-studied scheduling algorithm called "weighted fair queueing." This basically focuses on providing priority to system processes and other high priority processes running on the machine. If it were to run on a big.LITTLE device, all cores would be perceived as equal. This is bad, as low power cores may be forced to run intensive applications, or even worse, the opposite may occur. The decoding for listening to music may be done on the big core, for example, increasing power consumption needlessly. This is why we need a new scheduler for big.LITTLE, one which can actually recognise and utilise the difference in cores in a power efficient manner. That's where Heterogeneous Multi-Processing (HMP) comes in, the standard load scheduler most Android phones are running now.

Heterogeneous Multi-Processing

This is the standard load scheduler for any big.LITTLE device released in recent years, other than the Google Pixel. HMP makes use of the big.LITTLE architecture, delegating low priority, less intensive work to the little cores which consume less power. HMP is "safe" wherein it knows what should go to the big cores and what should go to the little cores, without making mistakes. It just works and requires a lot less effort to set up on the development side than something like EAS, which we'll get into in a moment. HMP is just an extension of CFS to make it power aware.

HMP doesn't take guesses, nor does it predict future processes. This is good but is why the device cannot be as fluid as those running EAS and is also why it consumes slightly more battery. This, finally, brings us to Energy Aware Scheduling (EAS), which I firmly believe is the future in ROM and kernel development as more OEMs adopt it.

Energy Aware Scheduling

Energy Aware Scheduling (EAS) is the next big thing that users on our forums are talking about. If you use a OnePlus 3 (or a Google Pixel, obviously) you've definitely heard about it in the forums. It launched into the mainstream with the Qualcomm Snapdragon 845, so if you have one of these devices you already have an EAS-enabled smartphone. EAS in the form of kernels such as RenderZenith and ROMs such as VertexOS and PureFusion were taking the OnePlus 3 forums by storm in its prime. Of course, the Google Pixel also comes with EAS. With the promises of improved battery life and better performance, what's the catch?

Energy Aware Scheduling is not as simple as it is not universal to every device like CFS or HMP. EAS requires an understanding of the processor it is running on, based off of an energy model. These energy models are made by teams of engineers constantly testing and working to give an optimal performance. As the Snapdragon 820 and 821 are basically the same, custom kernels on the OnePlus 3 uses the Google Pixel energy model. Devices with the Snapdragon 845 can utilise EAS, and the OnePlus 6 does to some degree. It's not as tuned as a Google Pixel device would be, but it gets the job done. Here's an example of how, despite the OnePlus 6 having a better processor with EAS, the Pixel 2 XL still beats it in smoothness. Both of these images were taken from our speed-oriented review of the OnePlus 6.

If you have trouble understanding the graphs, you can take a look at the image below for guidance. Anything exceeding the green line indicates dropped frames and, in the worst cases, noticeable stuttering.

The OnePlus 6 implementation of EAS is interesting, as it doesn't appear to be a fully-fledged implementation like you'd find on a Google Pixel with the same SoC. The scheduler tunables don't make much sense either, so that probably explains why it's not as performance efficient as you'd expect. It's extremely conservative in power consumption, with the system prioritising the low power cores for the majority of the work.

Tunables are simply a set of parameters that are passed to the CPU governor, which changes how the governor reacts to certain situations in terms of frequency. The scheduler then decides where it places tasks on different processors. The OnePlus 6's tunables are set to prioritise work on low-powered cores. It also doesn't help that the Google Pixel 2 has a huge amount of input boost, keeping all 8 cores online all the time. Google also uses an interrupt balancer which helps to remove frame drops and improve performance.

So how does EAS work? Why is it so efficient only in certain conditions?

Energy Aware Scheduling introduces the need to use an energy model, and as mentioned above requires a lot of testing and work to make it perfect. EAS attempts to unify three different core parts of the kernel which all act independently, and the energy model helps to unify them.

  • Linux scheduler (CFS, mentioned above)
  • Linux cpuidle
  • Linux cpufreq

Unifying all 3 parts under the scheduler and calculating them together gives a potential for energy saving, as calculating them together allows them to be as efficient as possible. CPUIdle tries to decide when the CPU should go into an idle mode, while CPUFreq tries to decide when to ramp up or down the CPU. Both of these modules have the primary goal of saving energy. Not only that, it then categorizes processes into four cgroups, being top-app, system-background, foreground, and background. Tasks due to be processed are placed into one of these categories, and then the category is given CPU power and the work is delegated over different CPU cores. top-app is the highest priority of completion, followed by foreground, background, and then system-background. Background technically has the same priority as system-background, but system-background usually also has access to more little cores. In effect, Energy Aware Scheduling is taking core parts of the Linux kernel and unifying it all into one process.

When waking the device, EAS will choose the core in the shallowest idle state, minimising the energy needed to wake the device. This helps to reduce the required power in using the device, as it will not wake up the large cluster if it doesn't need to. Load tracking is also an extremely crucial part of EAS, and there are two options. "Per-Entity Load Tracking" (PELT) is usually used for load tracking, the information is then used to decide frequencies and how to delegate tasks across the CPU. "Window-Assisted Load Tracking" (WALT) can also be used and is what's used on the Google Pixel. Many EAS ROMs on our forums, such as VertexOS, opt to use WALT. Many ROMs will release two versions of the kernel with WALT or PELT, so it's up to the user to decide. WALT is more bursty, with high peaks in CPU frequency while PELT tries to remain more consistent. The load tracker doesn't actually affect the CPU frequency, it just tells the system what the CPU usage is at. A higher CPU usage requires a higher frequency and so a consistent trait of PELT is that it causes the CPU frequency to ramp up or down slowly. PELT does tend to stray towards higher CPU load reporting, so it may provide higher performance at a higher battery cost. Nobody can really say at this point in time which load tracking system is better, however, as both load tracking methods are getting continually patched and refined.

Either way, it's obvious that, regardless of the load tracking method used, there is an increase in efficiency. Rather than just processing tasks on any processor, the task is analyzed and the amount of energy required to run it is estimated. This clever task placement means that tasks get completed in a much more efficient manner while also making the system quicker as a whole. EAS is all about getting the smoothest UI possible with minimal power usage. This is where other external components such as schedtune come into play.

Schedtune is defined in each cgroup by two tunables which ensure finer control over the tasks to be completed. It doesn't just control the spread out of tasks over multiple CPUs, but also if the perceived load should be inflated in order to ensure time-sensitive tasks are completed quicker. This way, foreground applications and services that the user is availing of won't slow down and cause unnecessary performance issues.

While Energy Aware Scheduling is the next big thing, it can also be argued it's already here and has been for a while. With more and more devices hitting the mainstream with Energy Aware Scheduling, a new age of mobile processing efficiency is here.

The Pros and Cons of Round-Robin, CFS, HMP and EAS

While my graphics skills are sub-par, I have thrown together an image which should summarize what the pros and cons of each of these schedulers are.


I would like to extend a special thank you to XDA Recognised Contributor Mostafa Wael whose explanations of various aspects of EAS greatly helped in making this article possible. I would also like to thank XDA Recognised Developer joshuous, XDA Recognised Developer RenderBroken and XDA Senior Member Freak07 for his write up on EAS. For those of you who found interest in EAS-related parts, Linaro has a lot of documentation on EAS which you can read.



from xda-developers https://ift.tt/2KAj4Bd
via IFTTT

Friday, June 29, 2018

Samsung DeX may get dual monitor support for the Samsung Galaxy Tab S4

Samsung DeX was released alongside the Samsung Galaxy S8 and S8+. DeX enabled users to use the phone as a desktop computer if they had a monitor, keyboard and mouse. Now, a report by SamMobile states that DeX will soon be getting dual monitor support, possibly when the Samsung Galaxy Tab S4 is released.

The report states that the Galaxy Tab S4 will indeed support DeX. Samsung will also add the option to use the tablet display as the second monitor when it's connected to DeX, and the same option will work with phones as well. A tablet display will be more suitable for dual monitor mode because of its larger size.

However, the report adds that it's not clear yet how exactly dual monitor mode will work with a tablet. The original form factor of DeX – the DeX Station – and even the new DeX Pad will not be able to prop up a tablet (kickstand) for proper viewing, so SamMobile speculates that Smausng may expect users to buy the Book Cover that will probably launch alongside the Galaxy Tab S4. Any other case of such type would also be sufficient.

With the Android 8.0 Oreo update, DeX gained teh ability to use the phone's display as a trackpad, so it's natural for Samsung to add the option to use the connected phone or tablet as a separate display. The Galaxy Tab S4 is expected to be unveiled at IFA 2018 in Berlin. SamMobile states that it may be that Samsung will send a software update for the Galaxy S and Note flagships — with the Samsung Galaxy Note 9 launching on August 9th — to add dual monitor support.


Source: SamMobile



from xda-developers https://ift.tt/2tSh4ga
via IFTTT

WhatsApp now lets group admins restrict messages in groups

whatsapp

WhatsApp is the most popular IP-based messaging app worldwide. Since 2017, the app has added live location sharing, the ability to export user data to follow GDPR requirements, and an option to switch from voice calls to video calls. New group features have also been added in the form of the "Restrict Group Permissions" feature, which allows users to restrict permissions to admins only to change the group subject, subject, and info, as well as the dismiss an admin feature for demoting an administrator. With the most recent update, administrators of a group could no longer remove the group's creator.

Now, WhatsApp has started rolling out the "Send Messages" feature for WhatsApp beta users in Android as well as for iOS and Windows Mobile users, according to a WABetaInfo report. This feature is being remotely activated for WhatsApp beta version 2.18.201 users, although the site mentions that the roll-out is slow for Android, while it is comparatively faster for iOS and Windows Mobile. It will soon be enabled for the latest WhatsApp stable version for Android (2.18.191).

WhatsApp Send Messages Groups WhatsApp Send Messages Groups WhatsApp Send Messages Groups

The "Send Messages" feature in groups lets group administrators disable chat features in a group. All other participants will not be able to send text messages, images, videos, and voice messages in the group if the "Only Admins" option is selected for the Send Messages feature. Group administrators are able to configure this setting by opening Group Info. Once the permission has been changed, all group participants will be notified in the group with a particular message.

When the "Only Admins" option is selected by an administrator and only administrators can send messages, WhatsApp will hide the chat text input bar, alerting the user that messages cannot be sent. However, users can quickly contact administrators if they want an important message to be sent.

Once the feature is enabled, users will also be able to configure it using WhatsApp Web. The "Send Messages" feature is a useful addition that can remove group clutter. For the first time, the administrators will have the choice to allow only the administrators themselves to send messages to ensure lack of interruption by other users. Users can also use the feature to close the group at night to block messages from users, and then re-open it it in the morning.

Users can download the latest version of WhatsApp beta to use this feature. The feature will be remotely activated for users of the latest version of WhatsApp stable for Android soon.


Source: WABetaInfo



from xda-developers https://ift.tt/2lIG8mg
via IFTTT

Gboard testing smart replies for WhatsApp, Facebook, Allo, Snapchat, and more

Google Keyboard Gboard

Google's stock keyboard app for Nexus and Pixel smartphones, Gboard, is my go-to keyboard ever since Swype for Android was discontinued. The popular keyboard app for Android devices recently received the ability to create GIFs but the last update that added a feature I would call "smart" was back in February with the addition of email address autocompletion. Now, it appears that a feature hinted at in teardowns back in January is nearing completion as Gboard tests smart replies to messaging apps like WhatsApp, Facebook Messenger, Google Allo, Snapchat, and more.

The feature is currently in development and was discovered by XDA Recognized Developer Quinny899 (Kieron Quinn of Mighty Quinn Apps). Setting up the feature requires first opening up a notification that has a quick reply box then tapping on the suggestion to enable the feature in Gboard's autocomplete bar. Gboard will then request that you grant it the notification access permission.

Gboard smart replies for WhatsApp, Facebook Messenger, Snapchat, Allo, and more Gboard smart replies for WhatsApp, Facebook Messenger, Snapchat, Allo, and more

Once granted, you will start receiving smart replies for messages from the following applications:

  • Android Messages
  • Facebook Messenger
  • Facebook Messenger Lite
  • Google Allo
  • Google Hangouts
  • Snapchat
  • WhatsApp
  • WeChat
Gboard smart replies for WhatsApp, Facebook Messenger, Snapchat, Allo, and more Gboard smart replies for WhatsApp, Facebook Messenger, Snapchat, Allo, and more Gboard smart replies for WhatsApp, Facebook Messenger, Snapchat, Allo, and more

We tested the feature out with Hangouts, though it works with the other mentioned apps too like Facebook Messenger, WhatsApp, Allo, and Snapchat. We obtained the list of supported apps by performing a teardown of the latest version of Google's keyboard app. At this URL, we can see that Google is still tweaking the TensorFlow machine learning model used for smart replies. The latest update to the model was on May 14th, 2018.

Personally, I prefer having smart replies in Gboard rather than using the 'Reply' app. Sure, the Reply app supports more apps, but since it involves replacing the actual notification of the original messaging app there are some annoyances like the fact that dismissing the notification on the desktop client (say Android Messages for Web) won't clear the notification on Android. On the other hand, the Reply app will work for apps like Facebook Messenger, Allo, Snapchat, or WhatsApp regardless of your keyboard app which is nice.

Gboard - the Google Keyboard (Free, Google Play) →

Smart reply features have made their way into a bunch of Google apps and services lately. Non-Project Fi Android Messages users just started getting it and the major desktop Gmail redesign also brings along such functionality. We'll keep an eye out for when the smart reply feature rolls out on Android, especially if it makes its way over to Chromebooks.

In case you're wondering, the missing back button in the first set of screenshots is from a special ADB command I ran to make the back button invisible. The navigation bar in the second set of screenshots is missing because I had enabled the new OnePlus-style gestures in the XDA Navigation Gestures app. Lastly, the quick settings panel is themed thanks to Substratum supporting rooted Android P devices.



from xda-developers https://ift.tt/2MChtvh
via IFTTT

LTE flaw lets attackers hijack your browsing session and spy on the websites you visit

lte aLTEr

Long-Term Evolution (LTE) was introduced in order to improve upon current mobile data network protocols. LTE combines performance goals with security and is used by both the general consumer and enterprise alike. As such, it requires a high level of resilience against attacks due to the potentially private nature of the data being transmitted. aLTEr is an attack written by David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper which abuses the second layer of LTE, known as the data link layer.

What is aLTEr?

aLTEr is an attack which abuses the second layer of LTE, known as the data link layer. It can allow an attacker to hijack your browsing session and also redirect your network requests via DNS spoofing. Is it dangerous? Yes, but it also requires about $4,000 worth of equipment to operate. What's more, it only works within a 1-mile radius of the attacker. You can check out the video below of how it was abused on a commercial LTE network to redirect Hotmail to a website that looks like Hotmail but is not Hotmail.

What is the data link layer of LTE?

The data link layer in this particular attack is what the researchers abused. This layer protects data through encryption, organizes how users access resources on the network, and helps to correct transmission errors. It's on top of the physical channel which maintains continuous transmission of data between client and cell tower.

How does aLTEr work?

aLTEr works by abusing an inherent design flaw of LTE, meaning that no, it cannot be patched. Observe the image below.

aLTEr works by creating a cell tower which masquerades as the user it's attempting to attack. This fake cell tower then takes the requests from the user and forwards them to the real cell tower, but not before modifying some key points of the data. Layers above the data link layer are protected via a mutual connection with the cell tower, but those below it are not. A user can then modify the DNS server requests that are sent to the cell tower, even if they are encrypted. This is because if you know the original DNS server, you can change what one it requests by decrypting the packet and re-encrypting it with a new DNS server to target. This is all in between the user and the cell tower, so neither end should be aware of what is happening.

But what does this mean? Well, you can create your own DNS server which points a web address to another IP. For example, XDA-Developers' IP address is 209.58.128.90. All a DNS server does is request that IP, so what if a DNS server lied and gave you another IP address? In a non-malicious sense, it could forward you to 64.233.177.94 instead, for example, which is Google's website in Ireland. There's a lot of control you can gain over a user by changing the DNS server.

How practical is aLTEr and am I safe?

Well, there's good news and bad news. The good news is as mentioned – this requires around $4,000 worth of hardware to do. Not something that people usually have lying around. This was tested in a very controlled environment, so there's no telling how it will work in real life. What's more, it would need to be a very targeted attack. The researchers estimate you would need to be within a mile radius of the target for it to work.

However, this attack is very practical. In theory, there's nothing stopping somebody investing a lot of money and time into implementing this attack in your locality. What's more, this cannot be patched as it would require overhauling the entire LTE protocol. The GSM Association and the 3rd Generation Partnership Project have both been notified, along with many other telephone companies that may benefit to be told about it.

So how can you protect yourself? The easiest way to do it is through the use of HTTPS. Always keep a lookout for that "Secure" text beside your address bar.

Left: Good / Right: Bad

Some of this is simple, but often users have a tendency to ignore the "Not secure" warning that our browsers give us. Never trust a website that Chrome says isn't secure, as it's very likely that it's trying to steal your data by either spoofing a real website or by lying to you. Sometimes having an expired certificate will still lead to your web browser saying that the site isn't secure, but it still shouldn't be trusted.

ArsTechnica contacted the GSM Association and received this statement.

Although LTE user traffic is encrypted over the radio interface and cannot be eavesdropped, it is not integrity protected. The research has shown that this lack of integrity protection can be exploited in certain circumstances using sophisticated radio equipment to modify user traffic. For example, when a user attempts to connect to a website that does not enforce the use of the HTTPS security protocol, the researchers have shown that it can be possible to re-direct users to a fake website.

Although the researchers have shown traffic modification to be feasible in a laboratory environment, there are a number of technical challenges to make it practical outside a laboratory. Mobile operators have fraud detection functions that can detect and react to certain attack scenarios, while several mobile applications and services use enforced HTTPS, which prevents traffic modification.

The GSMA does not believe that the specific technique demonstrated by the researchers has been used to target users in the past, nor is it likely to be used in the near future. However, as a result of this new research, the GSMA is working with the industry to investigate how to include the protection of the integrity of traffic and information (user plane integrity) in LTE. The 5G standards already include support for user plane integrity protection, and the GSMA is supporting the industry to ensure that it is fully deployed as 5G technology rolls out.

Officials with the 3rd Generation Partnership Project did not respond to a request for comment by ArsTechnica.

The researchers also discovered a number of passive exploits, including one that could identify with 89% +/- accuracy of what website a user was visiting based on what encrypted data was downloaded.

It's also worth noting that while it's technically possible that 5G will mitigate the issues, it will require specific hardware to be used in cell towers. You can check out the official website for aLTEr below.


Source: aLTEr Attack Via: ArsTechnica



from xda-developers https://ift.tt/2Mzlcd3
via IFTTT

RCS Universal Profile rolling out on T-Mobile devices starting with the Samsung Galaxy S7

samsung galaxy s7 t-mobile rcs

Rich Communication Services (RCS) is the next big communication protocol on your smartphone. Invented to supersede SMS, this isn't your typical messaging service like WhatsApp or Facebook. No, this is going to be carrier supported with Google spearheading the change. As usual, carriers are slow on the uptake and only Sprint currently supports it via the Android Messages application. T-Mobile pledged support earlier this year too, claiming they'd roll it out in Q2 of 2018. We're beginning to see the fruits of that pledge, as T-Mobile is rolling it out now, starting with the Samsung Galaxy S7.

Sure, we're at the end of Q2 but they're still sticking to their promise. That being said, it's strange that the Samsung Galaxy S7 is the first to be supported, rather than a more recent flagship like the Samsung Galaxy S9. RCS has a number of benefits over regular SMS, as it allows for larger group chats (up too 100 people) and larger file transfers. Carriers are beginning to take up the protocol, but what about OEMs? Carrier support will certainly be the hardest part, but phone manufacturers will also be hard to convince. We're still waiting on the two largest U.S. carriers, Verizon and AT&T, to announce their plans for supporting the protocol.

Thankfully, two of the biggest players, Samsung and Huawei, are already switching over. RCS has numerous benefits over regular SMS. These include read-receipts, typing notifications, high-quality attachments, and better group messaging. It essentially upgrades SMS messaging to be in-line with what online messengers offer. It doesn't even require you to download a new application, as once all carriers switch you'll be able to use it just like SMS. Until then, we won't truly be able to see the benefits. It's the closest Android will get to an iMessage competitor by the looks of things, and we welcome its arrival with open arms.



from xda-developers https://ift.tt/2tMd2aj
via IFTTT

How to enable YouTube Dark Mode on Android right now (Root)

Google recently added a Dark Mode to the YouTube mobile app (following Dark Mode for the desktop website), but there's just one problem: iOS users get it first. Dark Mode is still "coming soon" to Android and we're not exactly sure how long it will take. The good news is the Android developer community has once again come through for us. If you have root access on your Android device, you can get Dark Mode in the app right now.

Update 6/29/18: It has been over 3 months since this article was originally published and the dark theme is still not officially available for Android users. However, the flag to enable dark theme has changed so we have updated this article.

youtube dark mode youtube dark mode youtube dark mode YouTube Dark Theme on Android YouTube Dark Theme on Android

This method requires modifying a value in the shared preferences folder in the app's data folder. That's why root access is necessary. If your device is not already rooted, check out your device's forums for instructions. Once you have root access, you will need the Preferences Manager app and, of course, YouTube.

Here's how to do it:

Preferences Manager (Free, Google Play) →

  1. Install Preferences Manager from the Google Play Store.
  2. Find YouTube in the list. (If it doesn't show up, you may need to enable "show system apps" in the menu.)
  3. Tap it to open its preferences files.
  4. You should be on youtube.xml. If not, swipe left/right until you are.
  5. Search for dark
  6. Change both values from false to true. 
    • If you don't see the values, add them manually (app_theme_dark_developer and app_dark_theme) and set them to true YouTube Dark Theme YouTube Dark Theme
  7. Save the changes.
  8. Force close YouTube.

When you open up the app again it should be in Dark Mode. The app will have a nice dark gray background and white-on-black icons. You can scroll through videos without the blinding white interface. Thanks to XDA member AL_IRAQI for sending in this method and providing screenshots.

YouTube (Free, Google Play) →



from xda-developers https://ift.tt/2FUGH8e
via IFTTT

Chromebooks with Linux app support will soon be able to install Debian packages

.deb support incoming chrome os chromebooks

Recent code updates indicate forthcoming support for no-fuss Debian .deb package installation on Chrome OS devices that support Linux apps. The forthcoming feature will bring a new flow for installing Linux applications through .deb packages. A string of commits shows that support isn't simply being turned on, but that all the finicky elements like interacting with the terminal, checking dependencies, and authentication will be hidden from the user.

The bug describes a user-friendly .deb package installation flow

The bug describes a user-friendly .deb package installation flow

The user interface flow still hasn't been finalized, but we can expect that .deb files will be clickable from the Chrome OS Files app, which then triggers the installation in your Linux app container directly with no need for the user to step in when the process trips up. Incidentally, the Files app is getting a major revamp to integrate better with the Android and Linux app environments.

Debian package in the Files app, soon to be clickable!

If you're curious about the full implementation, check out the bug tracker for this feature as it's rich with in-depth information. You'll also be able to see when the feature comes to fruition if you star it.

This feature will no-doubt simplify setup and installation for inexperienced users and make interacting with Linux apps less daunting for those not familiar with Linux.

Linux app support (also known as Project Crostini) is maturing fast. What started as a showcase on the Pixelbook two months ago is now available on dozens of devices. We expect Chrome OS version 69 to bring Linux apps to the Stable and Beta channels, but those on the Developer and Canary channels can enjoy all these new features right now.



from xda-developers https://ift.tt/2tQhp3g
via IFTTT

Become a DevOps Engineer with This Course Bundle

In an age dominated by software development and coding, knowing just one or two programming languages is no longer sufficient if you want to land a career in tech. Instead, you have to be familiar with a series of development tools and tactics.

The practice of DevOps (Development and Operations) unifies the essential elements of software development and operation in order to automate coding infrastructures and streamline everything from software construction to bug testing and beyond.

With seven courses aimed at introducing you to a variety of DevOps foundations, this extensive DevOps Bundle will give you the skills you need to enter this field, and the best part is that you only have to pay what you want.

Using real-world examples and easy-to-follow instructions, this bundle walks you through how to build automated integration pipelines with Jenkins, how to create user-friendly and best-selling apps from scratch, how to write shell scripts and Docker programs, and much more.

Pay only what you want, and if that's less than the average price paid you'll still take home something great. Beat the average price and you take home the entire bundle.



from xda-developers https://ift.tt/2N9c6EM
via IFTTT

Google Home app testing a redesign with Google’s Material Theme

Google Home

Originally built with only the Google Chromecast in mind, the Google Home app (formerly known as the Chromecast app and Google Cast app) has seen many updates since its last rebranding to improve functionality for Google's suite of smart home devices. The Home app can now be used to set up and control the Google Chromecast, Google Home, Google Home Mini, Google Home Max, and several supported smart home devices. With a growing repertoire of features and supported devices, it seems that Google is working on a major redesign of the app in accordance with the company's latest Material Design guidelines.

Here is the current design of the app:

Google Home app old design Google Home app old design Google Home app old design Google Home app old design

And here is the redesign in testing, as discovered by XDA Recognized Developer Quinny899 (AKA Kieron Quinn of Mighty Quinn Apps):

Google Home Material Theme redesign Google Home Material Theme redesign Google Home Material Theme redesign Google Home Material Theme redesign

As you can see, the biggest difference is that the sidebar menu has been removed in favor of a bottom toolbar. The home screen and the content browse screen haven't changed all that much, but the devices page has changed considerably. The device page is now much cleaner than before as the devices are now displayed with smaller icons rather than large cards full of wasted space. Lastly, the settings page also feels a bit less crowded even though the only change is the removal of the dividers between the options.

We're not sure when Google will roll out their latest Material Theme to the Home app, but we'll let you know when it goes live. Given it's mostly completed state, we suspect it won't be too long before it starts rolling out for some users. You can install the latest version of the Home app from the Play Store below.

Google Home (Free, Google Play) →



from xda-developers https://ift.tt/2IAut1P
via IFTTT