A serious vulnerability was disclosed this week that could allow malware complete access to Android phones when you install an app that looks completely legitimate. Google and affected device makers have taken steps to mitigate the issue, which some folks have apparently known about for years.  But it’s a good time to remember that there’s always some risk involved with sideloading apps on Android phones (that’s also true when it comes to installing apps on most desktop computer operating systems, but odds are you’re already used to downloading those apps from trusted sources, while that can be a little trickier to do when looking for apps outside the Google Play Store).

In other recent tech news, Google is beginning to roll out support for encrypted group chats to folks who have enrolled in a Google Messages open beta, Apple has renamed the operating system that will power its upcoming mixed-reality headset, and if you like the idea of a handheld gaming PC, but don’t want to actually spend money on one, Valve will be giving a bunch away on December 8th.

Google Messages group chat with end-to-end encryption

Here’s a roundup of tech news from around the web.

Major Android security leak left Samsung and other devices vulnerable to dangerous malware apps [9to5Google]

A major security vulnerability affecting Android devices from companies including Samsung, LG, and Xiaomi could grant malware complete access to your devices (due to leaked signing keys). Google and device makers are taking steps to mitigate.

Apple Renames Mixed-Reality Software ‘xrOS’ in Sign Headset Is Approaching [Bloomberg]

Apple’s mixed-reality headset could launch as soon as 2023. Ahead of launch the company has allegedly changed the name of its operating system from “realityOS” to “xrOS,” which stands for extended reality. It’s said to have VR and AR features.

Happy birthday and farewell, SMS! It’s time for RCS [Google]

Google Messages begins rolling out end-to-end encryption for group chats to “some members in the open beta program.” The feature makes use of RCS and may not work if someone without RCS is in your group chat. Google also says support for emoji message reactions will soon support use of any emoji, not just the handful that are already available.

The Game Awards Steam Deck Giveaway [Valve]

Valve will give away a Steam Deck every minute during the Game Awards on December 8th. But you’ll need to register and watch live to win.

Keep up on the latest headlines by following @[email protected] on Mastodon. You can also follow Liliputing on Twitter and Facebook, and keep up with the latest open source mobile news by following LinuxSmartphones on Twitter and Facebook.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,545 other subscribers

3 replies on “Lilbits: Android security vulnerability, encrypted group chat for Google Messages, and Apple’s extended reality OS”

  1. “A major security vulnerability affecting Android devices from companies including Samsung, LG, and Xiaomi could grant malware complete access to your devices (due to leaked signing keys).”

    Unbelievable! As a major device manufacturer and/or supplier, if your company cannot protect your private keys much less manage a secure key store to rapidly mitigate any compromised private keys already in the wild because of your ineptitude, your company needs to be shut down before you cause serious damage to society at-large.

    1. No, I think a fairer but far less destructive and equally drastic measure would be to force a device manufacturer, who relies on maintaining control over certain private keys to keep unwanted code from executing on the device, to let end users manage keys and signatures themselves, the way you can on any desktop OS.
      Not that anyone knows how to do that. But they should.

Comments are closed.