But that was then, and this is now. Today, an increasing number of mobile apps are functionally identical to the mobile websites they are intended to replace, and developer uptake of Instant Apps was minimal. Even in 2017, loading an app instead of a website had limited utility. As a result, most of us probably only encountered Instant Apps a handful of times in all the years it was an option for developers.
To use the feature, which was delivered to virtually all Android devices by Google Play Services, developers had to create a special “instant” version of their app that was under 15MB. The additional legwork to get an app in front of a subset of new users meant this was always going to be a steep climb, and Google struggles to incentivize developers to adopt new features. Plus, there’s no way to cram in generative AI! So it’s not a shock to see Google retiring the feature.
This feature is currently listed in the collection of Google services in your phone settings as “Google Play Instant.” Unfortunately, there aren’t many examples still available if you’re curious about what Instant Apps were like—the Finnish publisher Ilta-Sanomat is one of the few still offering it. Make sure the settings toggle for Instant Apps is on if you want a little dose of nostalgia.
Google’s Pixel phones got a big update this week with the release of Android 16 and a batch of Pixel Drop features. Pixels now have enhanced security, new contact features, and improved button navigation. However, some of the most interesting features, like desktop windowing and Material 3 Expressive, are coming later. Another thing that’s coming later, it seems, is a fix for an annoying bug Google introduced a few months back.
Google broke the system dark mode schedule in its March Pixel update and did not address it in time for Android 16. The company confirms a fix is coming, though.
The system-level dark theme arrives in Android 10 to offer a less eye-searing option, which is particularly handy in dark environments. It took a while for even Google’s apps to fully adopt this feature, but support is solid five years later. Google even offers a scheduling feature to switch between light and dark mode at custom times or based on sunrise/sunset. However, the scheduling feature was busted in the March update.
Currently, if you manually toggle dark mode on or off, schedules stop working. The only way to get them back is to set up your schedule again and then never toggle dark mode. Google initially marked this as “intended behavior,” but a more recent bug report was accepted as a valid issue.
Adobe has spent years releasing mobile apps that aren’t Photoshop, and now it’s finally giving people what they want. Yes, real Photoshop. After releasing a mobile version of Photoshop on iPhone earlier this year, the promised Android release has finally arrived. You can download it right now in beta, and it’s free to use for the duration of the beta period.
The mobile app includes a reasonably broad selection of tools from the desktop version of Adobe’s iconic image editor, including masks, clone stamp, layers, transformations, cropping, and an array of generative AI tools. The app looks rather barebones when you first start using it, but the toolbar surfaces features as you select areas and manipulate layers.
Depending on how you count, this is Adobe’s third attempt to do Photoshop on phones. So far, it appears to be the most comprehensive, though. It’s much more capable than Photoshop Express or the ancient Photoshop Touch app, which Adobe unpublished almost a decade ago. If you’re not familiar with the ins and outs of Photoshop, the new app comes with a robust collection of tutorials—just tap the light bulb icon to peruse them.
Photoshop on Android makes a big deal about Adobe’s generative AI features, which let you easily select subjects or backgrounds, remove objects, and insert new content based on a text prompt. This works about as well as the desktop version of Photoshop because it’s relying on the same cloud service to do the heavy lifting. This would have been impressive to see in a mobile app a year ago, but OEM features like Google’s Magic Editor have since become more widespread.
The new Razrs are sleek, capable, and overflowing with AI features.
Motorola’s 2025 Razr refresh includes its first Ultra model. Credit: Ryan Whitwam
Motorola’s 2025 Razr refresh includes its first Ultra model. Credit: Ryan Whitwam
For phone nerds who’ve been around the block a few times, the original Motorola Razr is undeniably iconic. The era of foldables has allowed Motorola to resurrect the Razr in an appropriately flexible form, and after a few generations of refinement, the 2025 Razrs are spectacular pieces of hardware. They look great, they’re fun to use, and they just about disappear in your pocket.
The new Razrs also have enormous foldable OLEDs, along with external displays that are just large enough to be useful. Moto has upped its design game, offering various Pantone shades with interesting materials and textures to make the phones more distinctive, but Motorola’s take on mobile AI could use some work, as could its long-term support policy. Still, these might be the coolest phones you can get right now.
An elegant tactile experience
Many phone buyers couldn’t care less about how a phone’s body looks or feels—they’ll just slap it in a case and never look at it again. Foldables tend not to fit as well in cases, so the physical design of the Razrs is important. The good news is that Motorola has refined the foldable formula with an updated hinge and some very interesting material choices.
The Razr Ultra is available with a classy wood back.
Credit: Ryan Whitwam
The Razr Ultra is available with a classy wood back. Credit: Ryan Whitwam
The 2025 Razrs come in various colors, all of which have interesting material choices for the back panel. There are neat textured plastics, wood, vegan leather, and synthetic fabrics. We’ve got wood (Razr Ultra) and textured plastic (Razr) phones to test—they look and feel great. The Razr is very grippy, and the wooden Ultra looks ultra-stylish, though not quite as secure in the hand. The aluminum frames are also colored to match the back with a smooth matte finish. Motorola has gone to great lengths to make these phones feel unique without losing the premium vibe. It’s nice to see a phone maker do that without resorting to a standard glass sandwich body.
The buttons are firm and tactile, but we’re detecting just a bit of rattle in the power button. That’s also where you’ll find the fingerprint sensor. It’s reasonably quick and accurate, whether the phone is open or closed. The Razr Ultra also has an extra AI button on the opposite side, which is unnecessary, for reasons we’ll get to later. And no, you can’t remap it to something else.
The Razrs have a variety of neat material options.
Credit: Ryan Whitwam
The Razrs have a variety of neat material options. Credit: Ryan Whitwam
The front of the flip on these phones features a big sheet of Gorilla Glass Ceramic, which is supposedly similar to Apple’s Ceramic Shield glass. That should help ward off scratches. The main camera sensors poke through this front OLED, which offers some interesting photographic options we’ll get to later. The Razr Ultra has a larger external display, clocking in at 4 inches. The cheaper Razr gets a smaller 3.6-inch front screen, but that’s still plenty of real estate, even with the camera lenses at the bottom.
4,500 mAh, 30 W wired charging, 15 W wireless charging
4,000 mAh, 45 W wired charging, 15 W wireless charging
4,700 mAh, 68 W wired charging, 15 W wireless charging
Connectivity
Wi-Fi 6e, NFC, Bluetooth 5.4, sub-6 GHz 5G, USB-C 2.0
Wi-Fi 7, NFC, Bluetooth 5.4, sub-6 GHz 5G, USB-C 2.0
Wi-Fi 7, NFC, Bluetooth 5.4, sub-6 GHz 5G, USB-C 2.0
Measurements
Open: 73.99 x 171.30 x 7.25 mm; Closed: 73.99 x 88.08 x 15.85 mm; 188 g
Open: 73.99 x 171.42 x 7.09 mm; Closed: 73.99 x 88.09x 15.32 mm; 189 g
Open: 73.99 x 171.48 x 7.19 mm; Closed: 73.99 x 88.12 x 15.69 mm; 199 g
Motorola says the updated foldable hinge has been reinforced with titanium. This is the most likely point of failure for a flip phone, but the company’s last few Razrs already felt pretty robust. It’s good that Moto is still thinking about durability, though. The hinge is smooth, allowing you to leave the phone partially open, but there are magnets holding the two halves together with no gap when closed. The magnets also allow for a solid snap when you shut it. Hanging up on someone is so, so satisfying when you’re using a Razr flip phone.
Flip these phones open, and you get to the main event. The Razr has a 6.9-inch, 2640×1080 foldable OLED, and the Ultra steps up to 7 inches at an impressive 2992×1224. These phones have almost exactly the same dimensions, so the additional bit of Ultra screen comes from thinner bezels. Both phones are extremely tall when open, but they’re narrow enough to be usable in one hand. Just don’t count on reaching the top of the screen easily. While Motorola has not fully eliminated the display crease, it’s much smoother and less noticeable than it is on Samsung’s or Google’s foldables.
The Razr Ultra has a 7-inch foldable OLED.
Credit: Ryan Whitwam
The Razr Ultra has a 7-inch foldable OLED. Credit: Ryan Whitwam
The Razr can hit 3,000 nits of brightness, and the $1,300 Razr Ultra tops out at 4,500 nits. Both are bright enough to be usable outdoors, though the Ultra is noticeably brighter. However, both suffer from the standard foldable drawbacks of having a plastic screen. The top layer of the foldable screen is a non-removable plastic protector, which has very high reflectivity that makes it harder to see the display. That plastic layer also means you have to be careful not to poke or scratch the inner screen. It’s softer than your fingernails, so it’s not difficult to permanently damage the top layer.
Too much AI
Motorola’s big AI innovation for last year’s Razr was putting Gemini on the phone, making it one of the first to ship with Google’s generative AI system. This time around, it has AI features based on Gemini, Meta Llama, Perplexity, and Microsoft Copilot. It’s hard to say exactly how much AI is worth having on a phone with the rapid pace of change, but Motorola has settled on the wrong amount. To be blunt, there’s too much AI. What is “too much” in this context? This animation should get the point across.
Motorola’s AI implementation is… a lot.
Credit: Ryan Whitwam
Motorola’s AI implementation is… a lot. Credit: Ryan Whitwam
The Ask and Search bar appears throughout the UI, including as a floating Moto AI icon. It’s also in the app drawer and is integrated with the AI button on the Razr Ultra. You can use it to find settings and apps, but it’s also a full LLM (based on Copilot) for some reason. Gemini is a better experience if you’re looking for a chatbot, though.
Moto AI also includes a raft of other features, like Pay Attention, which can record and summarize conversations similar to the Google recorder app. However, unlike that app, the summarizing happens in the cloud instead of locally. That’s a possible privacy concern. You also get Perplexity integration, allowing you to instantly search based on your screen contents. In addition, the Perplexity app is preloaded with a free trial of the premium AI search service.
There’s so much AI baked into the experience that it can be difficult to keep all the capabilities straight, and there are some more concerning privacy pitfalls. Motorola’s Catch Me Up feature is a notification summarizer similar to a feature of Apple Intelligence. On the Ultra, this feature works locally with a Llama 3 model, but the less powerful Razr can’t do that. It sends your notifications to a remote server for processing when you use Catch Me Up. Motorola says data is “anonymous and secure” and it does not retain any user data, but you have to put a lot of trust in a faceless corporation to send it all your chat notifications.
The Razrs have additional functionality if you prop them up in “tent” or “stand” mode.
Credit: Ryan Whitwam
The Razrs have additional functionality if you prop them up in “tent” or “stand” mode. Credit: Ryan Whitwam
If you can look past Motorola’s frenetic take on mobile AI, the version of Android 15 on the Razrs is generally good. There are a few too many pre-loaded apps and experiences, but it’s relatively simple to debloat these phones. It’s quick, doesn’t diverge too much from the standard Android experience, and avoids duplicative apps.
We appreciate the plethora of settings and features for the external display. It’s a much richer experience than you get with Samsung’s flip phones. For example, we like how easy it is to type out a reply in a messaging app without even opening the phone. In fact, you can run any app on the phone without opening it, even though many of them won’t work quite right on a smaller square display. Still, it can be useful for chat apps, email, and other text-based stuff. We also found it handy for using smart home devices like cameras and lights. There are also customizable panels for weather, calendar, and Google “Gamesnack” games.
The Razr Ultra (left) has a larger screen than the Razr (right).
Credit: Ryan Whitwam
The Razr Ultra (left) has a larger screen than the Razr (right). Credit: Ryan Whitwam
Motorola promises three years of full OS updates and an additional year of security patches. This falls far short of the seven-year update commitment from Samsung and Google. For a cheaper phone like the Razr, four years of support might be fine, but it’s harder to justify that when the Razr Ultra costs as much as a Galaxy S25 Ultra.
One fast foldable, one not so much
Motorola is fond of saying the Razr Ultra is the fastest flip phone in the world, which is technically true. It has the Snapdragon 8 Elite chip with 16GB of RAM, but we expect to see the Elite in Samsung’s 2025 foldables later this year. For now, though, the Razr Ultra stands alone. The $700 Razr runs a Mediatek Dimensity 7400X, which is a distinctly midrange processor with just 8GB of RAM.
The Razr Ultra gets close to the S25.
Credit: Ryan Whitwam
The Razr Ultra gets close to the S25. Credit: Ryan Whitwam
In daily use, neither phone feels slow. Side by side, you can see the Razr is slower to open apps and unlock, and the scrolling exhibits occasional jank. However, it’s not what we’d call a slow phone. It’s fine for general smartphone tasks like messaging, browsing, and watching videos. You may have trouble with gaming, though. Simple games run well enough, but heavy 3D titles like Diablo Immortal are rough with the Dimensity 7400X.
The Razr Ultra is one of the fastest Android phones we’ve tested, thanks to the Snapdragon chip. You can play complex games and multitask to your heart’s content without fear of lag. It does run a little behind the Galaxy S25 series in benchmarks, but it thankfully doesn’t get as toasty as Samsung’s phones.
We never expect groundbreaking battery life from foldables. The hinge takes up space, which limits battery capacity. That said, Motorola did fairly well cramming a 4,700 mAh battery in the Razr Ultra and a 4,500 mAh cell in the Razr.
Based on our testing, both of these phones should last you all day. The large external displays can help by giving you just enough information that you don’t have to use the larger, more power-hungry foldable OLED. If you’re playing games or using the main display exclusively, you may find the Razrs just barely make it to bedtime. However, no matter what you do, these are not multi-day phones. The base model Razr will probably eke out a few more hours, even with its smaller battery, due to the lower-power MediaTek processor. The Snapdragon 8 Elite in the Razr Ultra really eats into the battery when you take advantage of its power.
The Razrs are extremely pocketable.
Credit: Ryan Whitwam
The Razrs are extremely pocketable. Credit: Ryan Whitwam
While the battery life is just this side of acceptable, the Razr Ultra’s charging speed makes this less of a concern. This phone hits an impressive 68 W, which is faster than the flagship phones from Google, Samsung, and Apple. Just a few minutes plugged into a compatible USB-C charger and you’ve got enough power that you can head out the door without worry. Of course, the phone doesn’t come with a charger, but we’ve tested a few recent models, and they all hit the max wattage.
OK cameras with super selfies
Camera quality is another area where foldable phones tend to compromise. The $1,300 Razr Ultra has just two sensors—a 50 MP primary sensor and a 50 MP ultrawide lens. The $700 Razr has a slightly different (and less capable) 50 MP primary camera and a 13 MP ultrawide. There are also selfie cameras peeking through the main foldable OLED panels—50 MP for the Ultra and 32 MP for the base model.
The cheaper Razr has a smaller external display, but it’s still large enough to be usable.
Credit: Ryan Whitwam
The cheaper Razr has a smaller external display, but it’s still large enough to be usable. Credit: Ryan Whitwam
Motorola’s Razrs tend toward longer exposures compared to Pixels—they’re about on par with Samsung phones. That means capturing fast movement indoors is difficult, and you may miss your subject outside due to a perceptible increase in shutter lag compared to Google’s phones. Images from the base model Razr’s primary camera also tend to look a bit more overprocessed than they do on the Ultra, which leads to fuzzy details and halos in bright light.
Razr Ultra outdoors. Ryan Whitwam
That said, Motorola’s partnership with Pantone is doing some good. The colors in our photos are bright and accurate, capturing the vibe of the scene quite well. You can get some great photos of stationary or slowly moving subjects.
Razr 2025 indoor medium light. Ryan Whitwam
The 50 MP ultrawide camera on the Razr Ultra has a very wide field of view, but there’s little to no distortion at the edges. The colors are also consistent between the two sensors, but that’s not always the case for the budget Razr. Its ultrawide camera also lacks detail compared to the Ultra, which isn’t surprising considering the much lower resolution.
You should really only use the dedicated front-facing cameras for video chat. For selfies, you’ll get much better results by taking advantage of the Razr’s distinctive form factor. When closed, the Razrs let you take selfies with the main camera sensors, using the external display as the viewfinder. These are some of the best selfies you’ll get with a smartphone, and having the ultrawide sensor makes group shots excellent as well.
Flip phones are still fun
While we like these phones for what they are, they are objectively not the best value. Whether you’re looking at the Razr or the Razr Ultra, you can get more phone for the same money from other companies—more cameras, more battery, more updates—but those phones don’t fold in half. There’s definitely a cool-factor here. Flip phones are stylish, and they’re conveniently pocket-friendly in a world where giant phones barely fit in your pants. We also like the convenience and functionality of the external displays.
The Razr Ultra is all screen from the front.
Credit: Ryan Whitwam
The Razr Ultra is all screen from the front. Credit: Ryan Whitwam
The Razr Ultra makes the usual foldable compromises, but it’s as capable a flip phone as you’ll find right now. It’s blazing fast, it has two big displays, and the materials are top-notch. However, $1,300 is a big ask.
Is the Ultra worth $500 more than the regular Razr? Probably not. Most of what makes the foldable Razrs worth using is present on the cheaper model. You still get the solid construction, cool materials, great selfies, and a useful (though slightly smaller) outer display. Yes, it’s a little slower, but it’s more than fast enough as long as you’re not a heavy gamer. Just be aware of the potential for Moto AI to beam your data to the cloud.
There is also the Razr+, which slots in between the models we have tested at $1,000. It’s faster than the base model and has the same large external display as the Ultra. This model could be the sweet spot if neither the base model nor the flagship does it for you.
The good
Sleek design with distinctive materials
Great performance from Razr Ultra
Useful external display
Big displays in a pocket-friendly package
The bad
Too much AI
Razr Ultra is very expensive
Only three years of OS updates, four years of security patches
Cameras trail the competition
Ryan Whitwam is a senior technology reporter at Ars Technica, covering the ways Google, AI, and mobile technology continue to change the world. Over his 20-year career, he’s written for Android Police, ExtremeTech, Wirecutter, NY Times, and more. He has reviewed more phones than most people will ever own. You can follow him on Bluesky, where you will see photos of his dozens of mechanical keyboards.
Nextcloud is a host-your-own cloud platform that wants to help you “Regain control over your data.” It contains products that allow for video chat, file storage, collaborative editing, and other stuff that reads a lot like a DIY Google Workspace replacement.
It’s hard to offer that kind of full replacement, though, if your Android app can’t upload anything other than media files. Since mid-2024, Nextcloud claims, Google has refused to reinstate the access it needs for uploading and syncing other file types.
“To make it crystal clear: All of you as users have a worse Nextcloud Files client because Google wanted that,” reads a Nextcloud blog post from May 13, attributed to its team. “We understand and share your frustration, but there is nothing we can do.”
A notice in Nextcloud’s Android app regarding file uploads.
Credit: Nextcloud
A notice in Nextcloud’s Android app regarding file uploads. Credit: Nextcloud
Ars has reached out to Google for comment and will update this post with any response. A representative for NextCloud told Ars late Tuesday that the company had no update on its Android app.
Nextcloud states that it has had read and write access to all file types since its first Android app. In September 2024, a Nextcloud Android update with “All files access” was “refused out of the blue,” with a request that the app use “a more privacy aware replacement,” Nextcloud claims. The firm states it has provided background and explanations but received “the same copy-and-paste answers or links to documentation” from Google.
Google is adding a new security setting to Android to provide an extra layer of resistance against attacks that infect devices, tap calls traveling through insecure carrier networks, and deliver scams through messaging services.
On Tuesday, the company unveiled the Advanced Protection mode, most of which will be rolled out in the upcoming release of Android 16. The setting comes as mercenary malware sold by NSO Group and a cottage industry of other exploit sellers continues to thrive. These players provide attacks-as-a-service through end-to-end platforms that exploit zero-day vulnerabilities on targeted devices, infect them with advanced spyware, and then capture contacts, message histories, locations, and other sensitive information. Over the past decade, phones running fully updated versions of Android and iOS have routinely been hacked through these services.
A core suite of enhanced security features
Advanced Protection is Google’s latest answer to this type of attack. By flipping a single button in device settings, users can enable a host of protections that can thwart some of the most common techniques used in sophisticated hacks. In some cases, the protections hamper performance and capabilities of the device, so Google is recommending the new mode mainly for journalists, elected officials, and other groups who are most often targeted or have the most to lose when infected.
“With the release of Android 16, users who choose to activate Advanced Protection will gain immediate access to a core suite of enhanced security features,” Google’s product manager for Android Security, Il-Sung Lee, wrote. “Additional Advanced Protection features like Intrusion Logging, USB protection, the option to disable auto-reconnect to insecure networks, and integration with Scam Detection for Phone by Google will become available later this year.”
While the body of the phone is just 5.8 mm thick, the camera modules stick out a few millimeters more, making the phone quite wobbly when you set it on a table. The cameras have to stick out to leave more space for the internals, which are pretty powerful. Inside, this phone is essentially unchanged from the other S25 phones, with a Snapdragon 8 Elite, 12GB of RAM, and either 256 or 512GB of storage. The battery will be a problem, though.
It is very, very thin.
Credit: Samsung
It is very, very thin. Credit: Samsung
While the S25+ sports a passable 4,900 mAh cell, the super-slim S25 Edge has just 3,900 mAh of juice. That is a problem because the Snapdragon 8 Elite is a flagship processor designed for speed. While it’s relatively efficient in low-power mode, it will devour the Edge’s battery in short order if you’re playing games or multitasking. A 20 percent reduction in battery life compared to the Galaxy S25+, which is a one-day phone, is a tough sell.
Most smartphone manufacturers could never justify making such a strange, niche device. This is Samsung showing off its engineering skills, and the S25 Edge does look neat. But the novelty of a super-slim phone will probably wear off when you have to start plugging it in to get a boost mid-afternoon. It doesn’t even charge very fast, topping out at a mere 25 W. And you’ll be paying $1,099 for the privilege, which slots the Edge between the S25+ ($1,000) and the S25 Ultra ($1,300).
If you want a phone that is thin at the expense of everything else, you can order the Galaxy S25 Edge from Samsung or Best Buy. It comes in black, icy blue, and silver colors and will ship on May 30.
New ChoiceJacking attack allows malicious chargers to steal data from phones.
Credit: Aurich Lawson | Getty Images
Credit: Aurich Lawson | Getty Images
About a decade ago, Apple and Google started updating iOS and Android, respectively, to make them less susceptible to “juice jacking,” a form of attack that could surreptitiously steal data or execute malicious code when users plug their phones into special-purpose charging hardware. Now, researchers are revealing that, for years, the mitigations have suffered from a fundamental defect that has made them trivial to bypass.
“Juice jacking” was coined in a 2011 article on KrebsOnSecurity detailing an attack demonstrated at a Defcon security conference at the time. Juice jacking works by equipping a charger with hidden hardware that can access files and other internal resources of phones, in much the same way that a computer can when a user connects it to the phone.
An attacker would then make the chargers available in airports, shopping malls, or other public venues for use by people looking to recharge depleted batteries. While the charger was ostensibly only providing electricity to the phone, it was also secretly downloading files or running malicious code on the device behind the scenes. Starting in 2012, both Apple and Google tried to mitigate the threat by requiring users to click a confirmation button on their phones before a computer—or a computer masquerading as a charger—could access files or execute code on the phone.
The logic behind the mitigation was rooted in a key portion of the USB protocol that, in the parlance of the specification, dictates that a USB port can facilitate a “host” device or a “peripheral” device at any given time, but not both. In the context of phones, this meant they could either:
Host the device on the other end of the USB cord—for instance, if a user connects a thumb drive or keyboard. In this scenario, the phone is the host that has access to the internals of the drive, keyboard or other peripheral device.
Act as a peripheral device that’s hosted by a computer or malicious charger, which under the USB paradigm is a host that has system access to the phone.
An alarming state of USB security
Researchers at the Graz University of Technology in Austria recently made a discovery that completely undermines the premise behind the countermeasure: They’re rooted under the assumption that USB hosts can’t inject input that autonomously approves the confirmation prompt. Given the restriction against a USB device simultaneously acting as a host and peripheral, the premise seemed sound. The trust models built into both iOS and Android, however, present loopholes that can be exploited to defeat the protections. The researchers went on to devise ChoiceJacking, the first known attack to defeat juice-jacking mitigations.
“We observe that these mitigations assume that an attacker cannot inject input events while establishing a data connection,” the researchers wrote in a paper scheduled to be presented in August at the Usenix Security Symposium in Seattle. “However, we show that this assumption does not hold in practice.”
The researchers continued:
We present a platform-agnostic attack principle and three concrete attack techniques for Android and iOS that allow a malicious charger to autonomously spoof user input to enable its own data connection. Our evaluation using a custom cheap malicious charger design reveals an alarming state of USB security on mobile platforms. Despite vendor customizations in USB stacks, ChoiceJacking attacks gain access to sensitive user files (pictures, documents, app data) on all tested devices from 8 vendors including the top 6 by market share.
In response to the findings, Apple updated the confirmation dialogs in last month’s release of iOS/iPadOS 18.4 to require a user authentication in the form of a PIN or password. While the researchers were investigating their ChoiceJacking attacks last year, Google independently updated its confirmation with the release of version 15 in November. The researchers say the new mitigation works as expected on fully updated Apple and Android devices. Given the fragmentation of the Android ecosystem, however, many Android devices remain vulnerable.
All three of the ChoiceJacking techniques defeat the original Android juice-jacking mitigations. One of them also works against those defenses in Apple devices. In all three, the charger acts as a USB host to trigger the confirmation prompt on the targeted phone.
The attacks then exploit various weaknesses in the OS that allow the charger to autonomously inject “input events” that can enter text or click buttons presented in screen prompts as if the user had done so directly into the phone. In all three, the charger eventually gains two conceptual channels to the phone: (1) an input one allowing it to spoof user consent and (2) a file access connection that can steal files.
An illustration of ChoiceJacking attacks. (1) The victim device is attached to the malicious charger. (2) The charger establishes an extra input channel. (3) The charger initiates a data connection. User consent is needed to confirm it. (4) The charger uses the input channel to spoof user consent. Credit: Draschbacher et al.
It’s a keyboard, it’s a host, it’s both
In the ChoiceJacking variant that defeats both Apple- and Google-devised juice-jacking mitigations, the charger starts as a USB keyboard or a similar peripheral device. It sends keyboard input over USB that invokes simple key presses, such as arrow up or down, but also more complex key combinations that trigger settings or open a status bar.
The input establishes a Bluetooth connection to a second miniaturized keyboard hidden inside the malicious charger. The charger then uses the USB Power Delivery, a standard available in USB-C connectors that allows devices to either provide or receive power to or from the other device, depending on messages they exchange, a process known as the USB PD Data Role Swap.
A simulated ChoiceJacking charger. Bidirectional USB lines allow for data role swaps. Credit: Draschbacher et al.
With the charger now acting as a host, it triggers the file access consent dialog. At the same time, the charger still maintains its role as a peripheral device that acts as a Bluetooth keyboard that approves the file access consent dialog.
The full steps for the attack, provided in the Usenix paper, are:
1. The victim device is connected to the malicious charger. The device has its screen unlocked. 2. At a suitable moment, the charger performs a USB PD Data Role (DR) Swap. The mobile device now acts as a USB host, the charger acts as a USB input device. 3. The charger generates input to ensure that BT is enabled. 4. The charger navigates to the BT pairing screen in the system settings to make the mobile device discoverable. 5. The charger starts advertising as a BT input device. 6. By constantly scanning for newly discoverable Bluetooth devices, the charger identifies the BT device address of the mobile device and initiates pairing. 7. Through the USB input device, the charger accepts the Yes/No pairing dialog appearing on the mobile device. The Bluetooth input device is now connected. 8. The charger sends another USB PD DR Swap. It is now the USB host, and the mobile device is the USB device. 9. As the USB host, the charger initiates a data connection. 10. Through the Bluetooth input device, the charger confirms its own data connection on the mobile device.
This technique works against all but one of the 11 phone models tested, with the holdout being an Android device running the Vivo Funtouch OS, which doesn’t fully support the USB PD protocol. The attacks against the 10 remaining models take about 25 to 30 seconds to establish the Bluetooth pairing, depending on the phone model being hacked. The attacker then has read and write access to files stored on the device for as long as it remains connected to the charger.
Two more ways to hack Android
The two other members of the ChoiceJacking family work only against the juice-jacking mitigations that Google put into Android. In the first, the malicious charger invokes the Android Open Access Protocol, which allows a USB host to act as an input device when the host sends a special message that puts it into accessory mode.
The protocol specifically dictates that while in accessory mode, a USB host can no longer respond to other USB interfaces, such as the Picture Transfer Protocol for transferring photos and videos and the Media Transfer Protocol that enables transferring files in other formats. Despite the restriction, all of the Android devices tested violated the specification by accepting AOAP messages sent, even when the USB host hadn’t been put into accessory mode. The charger can exploit this implementation flaw to autonomously complete the required user confirmations.
The remaining ChoiceJacking technique exploits a race condition in the Android input dispatcher by flooding it with a specially crafted sequence of input events. The dispatcher puts each event into a queue and processes them one by one. The dispatcher waits for all previous input events to be fully processed before acting on a new one.
“This means that a single process that performs overly complex logic in its key event handler will delay event dispatching for all other processes or global event handlers,” the researchers explained.
They went on to note, “A malicious charger can exploit this by starting as a USB peripheral and flooding the event queue with a specially crafted sequence of key events. It then switches its USB interface to act as a USB host while the victim device is still busy dispatching the attacker’s events. These events therefore accept user prompts for confirming the data connection to the malicious charger.”
The Usenix paper provides the following matrix showing which devices tested in the research are vulnerable to which attacks.
The susceptibility of tested devices to all three ChoiceJacking attack techniques. Credit: Draschbacher et al.
User convenience over security
In an email, the researchers said that the fixes provided by Apple and Google successfully blunt ChoiceJacking attacks in iPhones, iPads, and Pixel devices. Many Android devices made by other manufacturers, however, remain vulnerable because they have yet to update their devices to Android 15. Other Android devices—most notably those from Samsung running the One UI 7 software interface—don’t implement the new authentication requirement, even when running on Android 15. The omission leaves these models vulnerable to ChoiceJacking. In an email, principal paper author Florian Draschbacher wrote:
The attack can therefore still be exploited on many devices, even though we informed the manufacturers about a year ago and they acknowledged the problem. The reason for this slow reaction is probably that ChoiceJacking does not simply exploit a programming error. Rather, the problem is more deeply rooted in the USB trust model of mobile operating systems. Changes here have a negative impact on the user experience, which is why manufacturers are hesitant. [It] means for enabling USB-based file access, the user doesn’t need to simply tap YES on a dialog but additionally needs to present their unlock PIN/fingerprint/face. This inevitably slows down the process.
The biggest threat posed by ChoiceJacking is to Android devices that have been configured to enable USB debugging. Developers often turn on this option so they can troubleshoot problems with their apps, but many non-developers enable it so they can install apps from their computer, root their devices so they can install a different OS, transfer data between devices, and recover bricked phones. Turning it on requires a user to flip a switch in Settings > System > Developer options.
If a phone has USB Debugging turned on, ChoiceJacking can gain shell access through the Android Debug Bridge. From there, an attacker can install apps, access the file system, and execute malicious binary files. The level of access through the Android Debug Mode is much higher than that through Picture Transfer Protocol and Media Transfer Protocol, which only allow read and write access to system files.
The vulnerabilities are tracked as:
CVE-2025-24193 (Apple)
CVE-2024-43085 (Google)
CVE-2024-20900 (Samsung)
CVE-2024-54096 (Huawei)
A Google spokesperson confirmed that the weaknesses were patched in Android 15 but didn’t speak to the base of Android devices from other manufacturers, who either don’t support the new OS or the new authentication requirement it makes possible. Apple declined to comment for this post.
Word that juice-jacking-style attacks are once again possible on some Android devices and out-of-date iPhones is likely to breathe new life into the constant warnings from federal authorities, tech pundits, news outlets, and local and state government agencies that phone users should steer clear of public charging stations. Special-purpose cords that disconnect data access remain a viable mitigation, but the researchers noted that “data blockers also interfere with modern power negotiation schemes, thereby degrading charge speed.”
As I reported in 2023, these warnings are mostly scaremongering, and the advent of ChoiceJacking does little to change that, given that there are no documented cases of such attacks in the wild. That said, people using Android devices that don’t support Google’s new authentication requirement may want to refrain from public charging.
Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.
A silent update rolling out to virtually all Android devices will make your phone more secure, and all you have to do is not touch it for a few days. The new feature implements auto-restart of a locked device, which will keep your personal data more secure. It’s coming as part of a Google Play Services update, though, so there’s nothing you can do to speed along the process.
Google is preparing to release a new update to Play Services (v25.14), which brings a raft of tweaks and improvements to myriad system features. First spotted by 9to5Google, the update was officially released on April 14, but as with all Play Services updates, it could take a week or more to reach all devices. When 25.14 arrives, Android devices will see a few minor improvements, including prettier settings screens, improved connection with cars and watches, and content previews when using Quick Share.
Most importantly, Play Services 25.14 adds a feature that Google describes thusly: “With this feature, your device automatically restarts if locked for 3 consecutive days.”
This is similar to a feature known as Inactivity Reboot that Apple added to the iPhone in iOS 18.1. This actually caused some annoyance among law enforcement officials who believed they had suspects’ phones stored in a readable state, only to find they were rebooting and becoming harder to access due to this feature.
There aren’t many phones these days that come with a stylus, and those that do tend to be very expensive. If you can’t swing a Galaxy S25 Ultra, Motorola’s G Stylus lineup could be just what you need. The new 2025 Moto G Stylus is now official, featuring several key upgrades while maintaining the same $400 price tag.
The Moto G Stylus 2025 sticks with the style Motorola has cultivated over recent years, with a contoured vegan leather back. It comes in two Pantone colors called Gibraltar Sea and Surf the Web—one is dark blue and the other is a lighter, more vibrant blue. They look like fun colors. Moto’s language makes it sound like there could be more colors down the road, too.
The spec sheet paints a picture of a solid mobile device, but it won’t exceed expectations. Motorola moved to a Snapdragon 6 Gen 3 processor, which runs at a slightly higher clock speed than the Gen 1 it used in the 2024 model. It also has 8GB of RAM and 128GB of storage in the base model. An upgraded version with 256GB of storage and the same 8GB of RAM will be available, too.
5,000 mAh, 68 W wired charging, 15W wireless charging
Connectivity
Wi-Fi 6e, NFC, Bluetooth 5.4, sub-6 GHz 5G
Measurements
162.15 x 74.78 x 8.29mm; 191 g
With the modest mid-range chipset, the 2025 Moto G Stylus should have excellent battery life. The company promises more than 40 hours of average usage from the 5,000 mAh cell, and it recharges at an impressive 68 W with a USB-PD cable. It also has speedy 15 W wireless charging. You often don’t even get charging that fast on flagship phones, including the Pixel 9 series.
Making mid-range a little less mid
Motorola opted to upgrade the screen on this device, moving to a 6.7-inch pOLED at an impressive 2,712 x 1,220 resolution. It retains the 120 Hz refresh rate of its predecessor and jumps to 3,000 nits of peak brightness (more than double that of last year’s phone). We haven’t seen this display in real life, but on paper, it checks all the boxes you’d expect from a much more expensive phone.
The phone’s raison d’être has been upgraded, as well. Motorola says the stylus for the new phone is 6.4 times more responsive. Moto is vague about how this was achieved—the stylus itself is still just a capacitive nub rather than an active stylus like you’d see on an expensive Samsung phone. The 2025 G Stylus display reportedly has lower latency, making the stylus input less laggy.
Google is planning a major change to the way it develops new versions of the Android operating system. Since the beginning, large swaths of the software have been developed in public-facing channels, but that will no longer be the case. This does not mean Android is shedding its open source roots, but the process won’t be as transparent.
Google has confirmed to Android Authority that all Android development work going forward will take place in Google’s internal branch. This is a shift from the way Google has worked on Android in the past, which featured frequent updates to the public AOSP branch. Anyone can access AOSP, but the internal branches are only available to Google and companies with a Google Mobile Services (GMS) license, like Samsung, Motorola, and others.
According to the company, it is making this change to simplify things, building on a recent change to trunk-based development. As Google works on both public and private branches of Android, the two fall out of sync with respect to features and API support. This forces Google to tediously merge the branches for every release. By focusing on the internal branch, Google claims it can streamline releases and make life easier for everyone.
When new versions of Android are done, Google says it will continue to publish the source code in AOSP as always. Supposedly, this will allow developers to focus on supporting their apps without keeping track of pending changes to the platform in AOSP. Licensed OEMs, meanwhile, can just focus on the lively internal branch as they work on devices that can take a year or more to launch.
One of the best mostly invisible updates in iOS 18 was Apple’s decision to finally implement the Rich Communications Services (RCS) communication protocol, something that is slowly helping to fix the generally miserable experience of texting non-iPhone users with an iPhone. The initial iOS 18 update brought RCS support to most major carriers in the US, and the upcoming iOS 18.4 update is turning it on for a bunch of smaller prepaid carriers like Google Fi and Mint Mobile.
Now that Apple is on board, iPhones and their users can also benefit from continued improvements to the RCS standard. And one major update was announced today: RCS will now support end-to-end encryption using the Messaging Layer Security (MLS) protocol, a standard finalized by the Internet Engineering Task Force in 2023.
“RCS will be the first large-scale messaging service to support interoperable E2EE between client implementations from different providers,” writes GSMA Technical Director Tom Van Pelt in the post announcing the updates. “Together with other unique security features such as SIM-based authentication, E2EE will provide RCS users with the highest level of privacy and security for stronger protection from scams, fraud and other security and privacy threats. ”
