The iPhone S years

John Gruber on the Daring Fireball about the iPhones 6S.

The glaring downside to this tick-tock schedule is that we as a culture — and particularly the media, both on the tech/gadgetry side and the business side — are obsessed with “new”. And, well, the S-model iPhones don’t look new. This year there is a new rose gold aluminum finish, but at a glance, the iPhones 6S look like last year’s iPhones 6. Every year is an iterative improvement over the previous one, whether it’s an S year or not. But it’s hard not to see the S years as more iterative, less impressive, updates, simply because they look the same.

I think that’s a trap — a way to be fooled by your eyes. If you put aside what the phones look like, the S model years have brought some of the biggest changes to the platform. The display changes came in non-S years, of course — the iPhone 4 going retina; the iPhone 5 expanding from 3.5 to 4 inches diagonally and changing the aspect ratio; and of course last year’s 6/6 Plus expanding to 4.7 and 5.5 inches and higher display resolutions. But it was the 3GS that first improved on CPU performance and gave us the first improvements to the camera. The 4S ushered in Siri integration and a much faster camera. The 5S was Apple’s first 64-bit ARM device, years ahead of the competition, and was the first device with Touch ID. For a typical iPhone user on a two-year upgrade cycle, I think the S years are the better phones, historically.

Something that Matt and I agree with and often talk about.

Google’s own researchers challenge key Google PR on Android

Ars Technica reported on Google’s own researchers challenging key Android security talking point.

Throughout the resulting media storm, Google PR people have repeatedly held up the assurance that the raft of stagefright vulnerabilities is difficult to exploit in practice on phones running recent Android versions. The reason, they said: address space layout randomization, which came to maturity in Android 4.1, neutralizes such attacks. Generally speaking, ASLR does nothing to fix a buffer overflow or similar software bug that causes the vulnerability in the first place. Instead, the defense vastly decreases the chances that a remote-code-execution attack exploiting such bugs will succeed. ASLR does this by loading downloaded scripts in a different memory location each time the operating system is rebooted. If the attacker can’t locate the malicious code, the exploit results in a simple crash, rather than a game-over hack.

On Wednesday, Project Zero researchers tested a home-grown stagefright exploit on a Nexus 5 device running an Android 5.x version. The results showed that at best, ASLR will lower the chances their exploit will succeed. Meanwhile, Joshua Drake, the security researcher who first disclosed the critical vulnerabilities in the code library, said Android ASLR does even less to prevent a new custom exploit he has developed from working.

CNET blocks content from people who block ads

Dave Mark wrote on The Loop about CNET blocking content from readers using ad-blockers.

One more reason not to visit CNET.

Secondly, that they would make such a move speaks a lot about the amount of traffic that iOS brings to their site.

How to hack an Android phone

Business Insider reported on hacking an Android phone by typing in a really long password.

The vulnerability, discovered by John Gordon, is easy to exploit: simply open the phone’s “Emergency Call” feature, type a few characters and the repeatedly copy-and-paste them. The pasted text becomes longer and longer — Gordon’s reaches over 160,000 characters — and, as such, harder for the phone to handle.

Next, open the camera app which causes the phone to ask for a password into which the 160,000 character string is pasted. After a few minutes the phone restarts, booting straight to the unlocked home screen.

Apple’s iPhone keeps going its own way

Farhan Manjoo wrote on the New York Times about how Apple’s iPhone keeps going its own way.

You can expect Apple’s proportion to grow. As analysts at Credit Suisse explained in a note last week, only about 30 percent of the world’s 400 million iPhone users have upgraded to the large-screen models Apple introduced last year. Apple is bound to reap more money as the majority of its users inevitably jump to big phones over the next few years. In other words, for the foreseeable future, Apple stands virtually alone: It may be the only company making any money selling phones.

What’s driving the iPhone’s escape from the trap of commodity hardware is that it is more than a hardware device. Instead, an iPhone is a tightly integrated mix of hardware, great software, and several pretty good services rolled into a single gadget.

Something for the Apple naysayers to ponder upon.

How Apple built 3D Touch

Bloomberg reported on how Apple built 3D Touch.

But in lieu of the usual polite deflection, Federighi picked up an iPhone 6S and explained one of 3D Touch’s simpler challenges: “It starts with the idea that, on a device this thin, you want to detect force. I mean, you think you want to detect force, but really what you’re trying to do is sense intent. You’re trying to read minds. And yet you have a user who might be using his thumb, his finger, might be emotional at the moment, might be walking, might be laying on the couch. These things don’t affect intent, but they do affect what a sensor [inside the phone] sees. So there are a huge number of technical hurdles. We have to do sensor fusion with accelerometers to cancel out gravity—but when you turn [the device] a different way, we have to subtract out gravity. … Your thumb can read differently to the touch sensor than your finger would. That difference is important to understanding how to interpret the force. And so we’re fusing both what the force sensor is giving us with what the touch sensor is giving us about the nature of your interaction. So down at even just the lowest level of hardware and algorithms—I mean, this is just one basic thing. And if you don’t get it right, none of it works.”

Long but good read.

Microsoft is downloading Windows 10 to PCs, even if you don’t “reserve” a copy

Ars Technica reported on Microsoft downloading Windows 10 to PCs, even if you don’t “reserve” a copy.

According to The Inquirer, the situation was first reported by an anonymous reader who claimed to have discovered a hidden directory called $Windows.~BT on his computer, despite not opting in for a free upgrade to Windows 10. The directory weighed in at “3.5GB to 6GB,” according to the reader.

“I thought Microsoft [said] this ‘upgrade’ was optional. If so, why is it being pushed out to so many computers where it wasn’t reserved, and why does it try to install over and over again?” he told the outlet.

Aggressive.

New Android ransomware locks out victims by changing lock screen PIN

Ars Technica reported on a new Android ransomware that locks out victims by changing lock screen PIN.

Dubbed Android/Lockerpin.A, the app first tricks inexperienced users into granting it device administrator privileges. To achieve this, it overlays a bogus patch installation window on top of an activation notice. When targets click on the continue button, they really grant the malicious app elevated rights that allow it to make changes to the Android settings. From there, Lockerpin sets or resets the PIN that unlocks the screen lock, effectively requiring users to perform a factory reset to regain control over the device. By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.

“After clicking on the button, the user’s device is doomed,” Lukas Stefanko, a researcher with antivirus provider Eset, wrote in a blog post published Thursday. “The trojan app has obtained administrator rights silently and now can lock [the] device—and even worse, it set[s] a new PIN for the lock screen. Not long after, the user will be prompted to pay a $US500 ransom for allegedly viewing and harboring forbidden pornographic material.”

Why would a developer be able overlay a notice?

Premium Android hits the wall

Charles Arthur wrote about Premium Android hitting the wall.

“Premium” Android is getting torn apart, piranha-style. Cheaper phones from Chinese companies such as Xiaomi, Huawei, OnePlus, and Oppo are taking away their high-end Chinese business. Slowdowns in developing countries (notably south America) are killing sales there.

And in the west, there isn’t the same appetite for continued upgrades that there was; people are upgraded out. Does the Galaxy S6 really offer anything special over the S4 or S5? If anything, Samsung has pared back on both the software and hardware features – it doesn’t have some of the weird things where you waved hands to scroll screens, nor the microSD card and removable battery that a number of previous Samsung buyers liked. As I said before, Samsung must know how many people actually use the removable battery. But maybe that’s like buying a car with airbags: you don’t expect to need them, you just want to know they’re there in an emergency.

[…]

I don’t think the crash in premium Android sales is a one-off. The competition from low- and mid-priced devices is fierce now, and yet these companies don’t seem to be putting any clear blue water between them; they’re not offering anything better than they did a year ago.

Case in point: Samsung’s Galaxy Note 5 has a smaller battery, also non-removable, than last year’s Note 4; and no SD card – which has pissed off some former Note buyers. How does that compete against the Xiaomis and Oppos and OnePlus phones of this world, which are much the same spec for less? Or even the iPhone 6 Plus, which has a better-adapted app store, and costs less?

Samsung is getting squeezed on both ends. Trying to be the premium Android brand isn’t and won’t work unless Samsung tries to be innovative instead of attempting to be an Apple clone.

A backwards S-Pen can permanently damage the Galaxy Note 5

Ars Technica reported on how a backwards S-Pen can permanently damage the Galaxy Note 5.

The right way to dock the S-Pen into the device is to slide the pointy end in first, but if you slide the blunt end in first, the S-Pen will get jammed in the device. The spring mechanism that holds the pen in will clamp down on the wrong end of the S-Pen and won’t let go. It is possible to wiggle the pen free from the spring’s hold, but when we tried it, the S-Pen detection features stopped working.

Normally on the Note 5, removing the S-Pen when the screen is off will launch a quick note taking app, and removing it when the screen is on will launch the radial S-Pen menu. After putting the S-Pen in backwards and wiggling it out, all of these features stopped working.

We can see that they put in a lot of thought into the design of the device.