Tag: Android

Categories
News

The first developer preview of Android 16 is now available

Android 15 just arrived on Pixel devices last month, but the first Android 16 developer preview is set to be released today — which is significantly earlier than we would have previously expected.

For reference, the first developer preview for Android 15 was released back in February, followed by the first beta release in April. So Google is effectively running 3 months ahead of schedule.

Considering Android 15 release much later than many people had hoped, things do seem to be moving rather quickly. Google has also elaborated promising that the Major SDK release will happen in Q2 2025, complete with Behavior changes, APIs and new features. Then a minor SDK release will follow in Q4 with new APIs and features — but without any “app-impacting behavior changes”.

Android 16 developer preview’s newest features

Google has given us a glimpse at what’s coming in the next major version of Android. The first is the latest version of Android’s Privacy Sandbox, which will offer more robust safeguards around users’ data collection and sharing. This will also feature SDK Runtime, which allows SDKs to “run in a dedicated runtime environment separate from the app they are serving.”

Also the preview available today allows developers to embed Android’s photo picker — the menu that lets users select specific images and videos they want to share — directly into their apps. This should make sharing media with apps more seamless without granting them access to your entire device or cloud storage library. It also includes the latest version of Privacy Sandbox, Google’s in-development replacement for Android’s advertising ID.

Finally, a preview of the Health Connect app “contains an early version of APIs supporting health records” that “allows apps to read and write medical records in FHIR format,” according to Google. This could let apps and medical devices share information and medical records (with explicit consent from the user) the way wearables and fitness trackers already do, mirroring a similar Apple Health feature on iPhones.

Categories
News

Google fixes two Android vulnerability used in targeted attacks

Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework.

“There are indications that the following may be under limited, targeted exploitation,” says Google’s advisory.

Qualcomm patched CVE-2024-43047 – a use-after-free vulnerability in the Digital Signal Processor (DSP) service that could be exploited to escalate privileges on targeted devices – in October 2024, and urged original equipment manufacturers (OEMs) to deploy the patches as soon as possible.

CVE-2024-43093 is also a high-severity elevation of privilege flaw,that allows privilege escalation and has been fixed by restricting access to “Android/data,” “Android/obb,” and “Android/sandbox” directories and their sub-directories. This time impacting the Android Framework component and Google Play system updates, specifically in the Documents UI.

While Google did not share any details on how the vulnerabilities were exploited, as researchers at Amnesty International discovered CVE-2024-43047, it could indicate that the flaw was used in targeted spyware attacks.

Propagating fixes in the Android ecosystem

Google issues two patch levels each month, in this case, November 1 (2024-11-01 Patch Level) and November 5 (2024-11-05 Patch Level).

The first level addresses core Android vulnerabilities, with 17 issues this time, while the second patch level encompasses those plus vendor-specific fixes (Qualcomm, MediaTek, etc.), counting an additional 34 fixes this month.

To apply the latest update, head toSettings>System>Software updates>System update.Alternatively, go toSettings>Security & privacy>System & updates>Security update. A restart will be required to apply the update.

Android 11and olderare no longer supported but may receive security updates to critical issues for actively exploited flaws through Google Play system updates, though that’s not guaranteed.

The best course of action for devices still running those older releases should be either to replace them with newer models or use a third-party Android distribution that incorporates the latest security fixes.