“Picture a massive football stadium filled with fans month after month,” Reichenstein wrote to Ars. In that stadium, he writes:
5 percent (max) have a two-week trial ticket
2 percent have a yearly ticket
0.5 percent have a monthly ticket
0.5 percent are buying “all-time” tickets
But even if every lifetime ticket buyer showed up at once, that’s 10 percent of the stadium, Reichenstein said. Even without full visibility of every APK—”and what is happening in China at all,” he wrote—iA can assume 90 percent of users are “climbing over the fence.”
“Long story short, that’s how you can end up with 50,000 users and only 1,000 paying you,” Reichenstein wrote in the blog post.
Piracy doesn’t just mean lost revenue, Reichenstein wrote, but also increased demands for support, feature requests, and chances for bad ratings from people who never pay. And it builds over time. “You sell less apps through the [Play Store], but pirated users keep coming in because pirate sites don’t have such reviews. Reviews don’t matter much if the app is free.”
The iA numbers on macOS hint at a roughly 10 percent piracy rate. On iOS, it’s “not 0%,” but it’s “very, very hard to say what the numbers are”; there is also no “reset trick” or trials offered there.
A possible future unfreezing
Reichenstein wrote in the post and to Ars that sharing these kinds of numbers can invite critique from other app developers, both armchair and experienced. He’s seen that happening on Mastodon, Hacker News, and X (formerly Twitter). But “critical people are useful,” he noted, and he’s OK with people working backward to figure out how much iA might have made. (Google did not offer comment on aspects of iA’s post outside discussing Drive access policy.)
iA suggests that it might bring back Writer on Android, perhaps in a business-to-business scenario with direct payments. For now, it’s a slab of history, albeit far less valuable to the metaphorical Darth Vader that froze it.
As a message highlighted above the thread warned YouTube users that there were “longer than normal wait times” for support requests, YouTube continually asked for “patience” and turned off the comments.
“We are very sorry for this error on our part,” YouTube said.
Unable to leave comments, thousands of users mashed a button on the support thread, confirming that they had “the same question.” On Friday morning, 8,000 users had signaled despair, and as of this writing, the number had notched up to nearly 11,000.
YouTube has not confirmed how many users were removed, so that’s likely the best estimate we have for how many users were affected.
On Friday afternoon, YouTube did update the thread, confirming that “all channels incorrectly removed for Spam & Deceptive Practices have been fully reinstated!”
While YouTube claims that all channels are back online, not all the videos mistakenly removed were reinstated, YouTube said. Although most of the users impacted were reportedly non-creators, and therefore their livelihoods were likely not disrupted by the bug, at least one commenter complained, “my two most-viewed videos got deleted,” suggesting some account holders may highly value the videos still missing on their accounts.
“We’re working on reinstating the last few videos, thanks for bearing with us!” YouTube’s update said. “We know this was a frustrating experience, really appreciate your patience while we sort this out.”
It’s unclear if paid subscribers will be reimbursed for lost access to content.
YouTube did not respond to Ars’ request to comment.
Enlarge/ There’s been a lot of AI news this week, and covering it sometimes feels like running through a hall full of danging CRTs, just like this Getty Images illustration.
But the rest of the AI world doesn’t march to the same beat, doing its own thing and churning out new AI models and research by the minute. Here’s a roundup of some other notable AI news from the past week.
Google Gemini updates
On Tuesday, Google announced updates to its Gemini model lineup, including the release of two new production-ready models that iterate on past releases: Gemini-1.5-Pro-002 and Gemini-1.5-Flash-002. The company reported improvements in overall quality, with notable gains in math, long context handling, and vision tasks. Google claims a 7 percent increase in performance on the MMLU-Pro benchmark and a 20 percent improvement in math-related tasks. But as you know, if you’ve been reading Ars Technica for a while, AI typically benchmarks aren’t as useful as we would like them to be.
Along with model upgrades, Google introduced substantial price reductions for Gemini 1.5 Pro, cutting input token costs by 64 percent and output token costs by 52 percent for prompts under 128,000 tokens. As AI researcher Simon Willison noted on his blog, “For comparison, GPT-4o is currently $5/[million tokens] input and $15/m output and Claude 3.5 Sonnet is $3/m input and $15/m output. Gemini 1.5 Pro was already the cheapest of the frontier models and now it’s even cheaper.”
Google also increased rate limits, with Gemini 1.5 Flash now supporting 2,000 requests per minute and Gemini 1.5 Pro handling 1,000 requests per minute. Google reports that the latest models offer twice the output speed and three times lower latency compared to previous versions. These changes may make it easier and more cost-effective for developers to build applications with Gemini than before.
Meta launches Llama 3.2
On Wednesday, Meta announced the release of Llama 3.2, a significant update to its open-weights AI model lineup that we have covered extensively in the past. The new release includes vision-capable large language models (LLMs) in 11 billion and 90B parameter sizes, as well as lightweight text-only models of 1B and 3B parameters designed for edge and mobile devices. Meta claims the vision models are competitive with leading closed-source models on image recognition and visual understanding tasks, while the smaller models reportedly outperform similar-sized competitors on various text-based tasks.
Willison did some experiments with some of the smaller 3.2 models and reported impressive results for the models’ size. AI researcher Ethan Mollick showed off running Llama 3.2 on his iPhone using an app called PocketPal.
Meta also introduced the first official “Llama Stack” distributions, created to simplify development and deployment across different environments. As with previous releases, Meta is making the models available for free download, with license restrictions. The new models support long context windows of up to 128,000 tokens.
Google’s AlphaChip AI speeds up chip design
On Thursday, Google DeepMind announced what appears to be a significant advancement in AI-driven electronic chip design, AlphaChip. It began as a research project in 2020 and is now a reinforcement learning method for designing chip layouts. Google has reportedly used AlphaChip to create “superhuman chip layouts” in the last three generations of its Tensor Processing Units (TPUs), which are chips similar to GPUs designed to accelerate AI operations. Google claims AlphaChip can generate high-quality chip layouts in hours, compared to weeks or months of human effort. (Reportedly, Nvidia has also been using AI to help design its chips.)
Notably, Google also released a pre-trained checkpoint of AlphaChip on GitHub, sharing the model weights with the public. The company reported that AlphaChip’s impact has already extended beyond Google, with chip design companies like MediaTek adopting and building on the technology for their chips. According to Google, AlphaChip has sparked a new line of research in AI for chip design, potentially optimizing every stage of the chip design cycle from computer architecture to manufacturing.
That wasn’t everything that happened, but those are some major highlights. With the AI industry showing no signs of slowing down at the moment, we’ll see how next week goes.
Google wound down its defense in the US Department of Justice’s ad tech monopoly trial this week, following a week of testimony from witnesses that experts said seemed to lack credibility.
The tech giant started its defense by showing a widely mocked chart that Google executive Scott Sheffer called a “spaghetti football,” supposedly showing a fluid industry thriving thanks to Google’s ad tech platform but mostly just “confusing” everyone and possibly even helping to debunk its case, Open Markets Institute policy analyst Karina Montoya reported.
“The effect of this image might have backfired as it also made it evident that Google is ubiquitous in digital advertising,” Montoya reported. “During DOJ’s cross-examination, the spaghetti football was untangled to show only the ad tech products used specifically by publishers and advertisers on the open web.”
One witness, Marco Hardie, Google’s current head of industry, was even removed from the stand, his testimony deemed irrelevant by US District Judge Leonie Brinkema, Big Tech On Trial reported. Another, Google executive Scott Sheffer, gave testimony Brinkema considered “tainted,” Montoya reported. But perhaps the most heated exchange about a witness’ credibility came during the DOJ’s cross-examination of Mark Israel, the key expert that Google is relying on to challenge the DOJ’s market definition.
Google’s case depends largely on Brinkema agreeing that the DOJ’s market definition is too narrow, with an allegedly outdated focus on display ads on the open web, as opposed to a broader market including display ads appearing in apps or on social media. But experts monitoring the trial suggested that Brinkema may end up questioning Israel’s credibility after DOJ lawyer Aaron Teitelbaum’s aggressive cross-examination.
According to Big Tech on Trial, which posted the exchange on X (formerly Twitter), Teitelbaum’s line of questioning came across as a “striking and effective impeachment of Mark Israel’s credibility as a witness.”
During his testimony, Israel told Brinkema that Google’s share of the US display ads market is only 25 percent, minimizing Google’s alleged dominance while emphasizing that Google faced “intense competition” from other Big Tech companies like Amazon, Meta, and TikTok in this broader market, Open Markets Institute policy analyst Karina Montoya reported.
On cross-examination, Teitelbaum called Israel out as a “serial ‘expert’ for companies facing antitrust challenges” who “always finds that the companies ‘explained away’ market definition,” Big Tech on Trial posted on X. Teitelbaum even read out quotes from past cases “in which judges described” Israel’s “expert testimony as ‘not credible’ and having ‘misunderstood antitrust law.'”
Israel was also accused by past judges of rendering his opinions “based on false assumptions,” according to USvGoogleAds, a site run by the digital advertising watchdog Check My Ads with ad industry partners. And specifically for the Google ad tech case, Teitelbaum noted that Israel omitted ad spend data to seemingly manipulate one of his charts.
“Not a good look,” the watchdog’s site opined.
Perhaps most damaging, Teitelbaum asked Israel to confirm that “80 percent of his income comes from doing this sort of expert testimony,” suggesting that Israel seemingly depended on being paid by companies like Jet Blue and Kroger-Albertsons—and even previously by Google during the search monopoly trial—to muddy the waters on market definition. Lee Hepner, an antitrust lawyer with the American Economic Liberties Project, posted on X that the DOJ’s antitrust chief, Jonathan Kanter, has grown wary of serial experts supposedly sowing distrust in the court system.
“Let me say this clearly—this will not end well,” Kanter said during a speech at a competition law conference this month. “Already we see a seeping distrust of expertise by the courts and by law enforcers.”
“Best witnesses money can buy”
In addition to experts and Google staffers backing up Google’s proposed findings of fact and conclusions of law, Google brought in Courtney Caldwell—the CEO of a small business that once received a grant from Google and appears in Google’s marketing materials—to back up claims that a DOJ win could harm small businesses, Big Tech on Trial reported.
Google’s direct examination of Caldwell was “basically just a Google ad,” Big Tech on Trial said, while Check My Ads’ site suggested that Google mostly just called upon “the best witnesses their money can buy, and it still did not get them very far.”
According to Big Tech on Trial, Google is using a “light touch” in its defense, refusing to go “pound for pound” to refute the DOJ’s case. Using this approach, Google can seemingly ignore any argument the DOJ raises that doesn’t fit into the picture Google wants Brinkema to accept of Google’s ad empire growing organically, rather than anti-competitively constructed with the intent to shut out rivals through mergers and acquisitions.
Where the DOJ wants the judge to see “a Google-only pipeline through the heart of the ad tech stack, denying non-Google rivals the same access,” Google argues that it has only “designed a set of products that work efficiently with each other and attract a valuable customer base.”
Evidence that Brinkeman might find hard to ignore include a 2008 statement from Google’s former president of display advertising, David Rosenblatt, confirming that it would “take an act of god” to get people to switch ad platforms because of extremely high switching costs. Rosenblatt also suggested in a 2009 presentation that Google acquiring DoubleClick for Publishers would make Google’s ad tech like the New York Stock Exchange, putting Google in a position to monitor every ad sale and doing for display ads “what Google did to search.” There’s also a 2010 email where now-YouTube CEO Neal Mohan recommended getting Google ahead in the display ad market by “parking” a rival with “the most traction.”
On Friday, testimony concluded abruptly after the DOJ only called one rebuttal witness, Big Tech on Trial posted on X. Brinkema is expected to hear closing arguments on November 25, Big Tech on Trial reported, and rule in December, Montoya reported.
As the US Department of Justice aims to break up Google’s alleged ad tech monopoly, experts say that remedies sought in the antitrust trial could potentially benefit not just advertisers and publishers but also everyone targeted by ads online.
So far, the DOJ has argued that through acquisitions, Google allegedly monopolizes the ad server market, taking a substantial cut of every online ad sale by tying together products on the buyer and seller sides. Locking publishers into using its seller-side platform to access its large advertiser demand, Google also allegedly shut out rivals by pushing advertisers into a corner, then making it hard for publishers to switch platforms.
This scheme also allegedly set Google up to charge higher “monopoly” fees, the DOJ argued, allegedly putting some publishers out of business and raising costs for advertisers.
But while the harms to publishers and advertisers have been outlined at length, there’s been less talk about the seemingly major consequences for consumers perhaps harmed by the alleged monopoly. Those harms include higher costs of goods, less privacy, and increasingly lower-quality ads that frequently bombard their screens with products nobody wants.
By overcharging by as much as 5 or 10 percent for online ads, Google allegedly placed a “Google tax” on the price of “everyday goods we buy,” Tech Oversight’s Sacha Haworth explained during a press briefing Thursday, where experts closely monitoring the trial shared insights.
“When it comes to lowering costs on families,” Haworth said, “Google has overcharged advertisers and publishers by nearly $2 billion. That’s just over the last four years. That has inflated the price of ads, it’s increased the cost of doing business, and, of course, these costs get passed down to us when we buy things online.”
But while it’s unclear if destroying Google’s alleged monopoly would pass on any savings to consumers, Elise Phillips, policy counsel focused on competition and privacy for Public Knowledge, outlined other benefits in the event of a DOJ win.
She suggested that Google’s conduct has diminished innovation, which has “negatively” affected “the quality diversity and even relevancy of the advertisements that consumers tend to see.”
Were Google’s ad tech to be broken up and behavioral remedies sought, more competition might mean that consumers have more control over how their personal data is used in targeted advertising, Phillips suggested, and ultimately, lead to a future where everyone gets fed higher-quality ads.
That could happen if, instead of Google’s ad model dominating the Internet, less invasive ad targeting models could become more widely adopted, experts suggested. That could enhance privacy and make online ads less terrible after The New York Times declared a “junk ad epidemic” last year.
The thinking goes that if small businesses and publishers benefited from potentially reduced costs, increased revenues, and more options, consumers might start seeing a wider, higher-quality range of ads online, experts suggested.
Better ad models “are already out there,” Open Markets Institute policy analyst Karina Montoya said, such as “conceptual advertising” that uses signals that, unlike Google’s targeting, don’t rely on “gigantic, massive data sets that collect every single thing that we do in all of our devices and that don’t ask for our consent.”
But any emerging ad models are seemingly “crushed and flattened by this current dominant business model that’s really arising” from Google’s tight grip on the ad tech markets that the DOJ is targeting, Montoya said. Those include markets “for publisher ad servers, advertiser ad networks, and the ad exchanges that connect the two,” Reuters reported.
At the furthest extreme, loosening Google’s grip on the online ad industry could even “revolutionize the Internet,” Haworth suggested.
One theory posits that if publishers’ revenues increased, consumers would also benefit from more information potentially becoming available on the open web—as less content potentially gets stuck behind paywalls as desperate publishers seek ways to make up for lost ad revenue.
Montoya—who also is a reporter for the Center for Journalism & Liberty, which monitors how media outlets can thrive in today’s digital economy—noted that publishers depending on reader funding through subscriptions or donations is not sustainable if society wants to “have an open in free market where everybody can access information that they deserve and have a right to access.” By reducing Google’s control, the DOJ argues that publishers would be more financially stable, and Montoya hopes the public is starting to understand how that could benefit the open web.
“The trial is really allowing the public to see a full display of Google’s pattern of retaliatory behavior, really just to protect its monopoly power,” Montoya sad. “This idea that innovation and ways to monetize journalistic content has to come only from Google is wrong and this is really their defense.”
Users of Fitbit’s iOS and Android apps have been reporting problems with the apps’ ability to sync and collect and display accurate data. Some have been complaining of such problems since at least April, and Fitbit has been working on addressing syncing issues since at least September 3. However, Google’s Fitbit hasn’t said when it expects the bugs to be totally resolved.
On September 3, Fitbit’s Status Dashboard updated to show a service disruption, pointing to an incident affecting the web API.
“Some users may notice data discrepancies or syncing issues between [third-party] apps and Fitbit. Our team is currently investigating the root cause of the issue,” the dashboard reads.
On September 3, Fitbit also released version 4.24 of its mobile apps. It’s unclear if the update is related to the problems. At least some of the complaints in this story started coming to light before September.
Owners of older and newer Fitbit devices have taken to the company’s online support forum to discuss software problems they’re reportedly having. There are several threads with dozens of pages’ worth of responses pointing to issues, like the app’s dashboard “deleting steps and not syncing properly,” the app recording steps but not distance traveled, the app seemingly showing inaccurate data, and other bugs.
When reached for comment about the complaints, a Google spokesperson told Ars Technica: “We’re aware of the issue and are working hard to get it resolved.”
Monthslong problems
Some of the complaints about the apps have seemingly gone on for months. Fitbit representatives have said online that the issues are being worked on.
For example, in an 11-page thread on Fitbit’s community forum, users say the app inaccurately claims that they’ve taken about the same number of steps per day for several days in a row. The thread began on April 10. On September 8, a Fitbit moderator said that Fitbit “is aware of the situation and is working on a solution to it.”
“We haven’t received any time frame yet, how long our team still needs to solve this. Hopefully it will be fixed soon,” the Fitbit moderator going by JuanFitbit said.
The Fitbit app.
Google
In another thread, started on July 3, a Charge 5 user claimed that their iOS is tracking steps but not kilometers traveled. On September 18, JuanFitbit posted in the thread: “We still haven’t received an update on how long this will take. But our team has this problem as one of their priorities to solve.”
“Insanely annoying”
As expected, the ongoing bugs and broken features have left users frustrated and hungry for a solution.
“This is insanely annoying,” a forum user going by MonkeyPants wrote on September 11. “The app has constant syncing issues especially with the One.”
On Fitbit’s forum, a user called DustyStone claimed they are having problems with the app’s dashboard losing steps and not syncing properly. They said this happened with both an old Fitbit One and newly purchased Inspire 3:
It looks that Google just somehow screwed up the app. Worse yet, nothing has changed in weeks. Google is a tier 1 tech company. But their response to this issue and the deletion of the web based Fitbit platform shows that may no longer be the case.
Similarly, MBWaldo said they are “not sure how serious the fitbit team is about resolving” the app problems while lamenting the lack of an online dashboard, like countless other users we’ve seen.
“Very frustrating!!!!,” MBWaldo wrote. “I have been experiencing this for several days now. I have deleted app and reinstalled it, I have unpaired and re-paired the ONE and looked for app updates in the app store – NADA. And of course the dashboard is no longer available at fitbit.com.”
Some app problems fixed
Based on Fitbit’s forums, it seems that at least some recently reported software problems have been fixed.
For example, some customers recently pointed to a problem with the apps’ “Exercise days” tiles not loading properly being fixed. Some people have also said that they’re no longer experiencing a problem where the app was listing calorie counts for days in the future.
One only needs to go back to the recent Sonos app debacle for a reminder of the importance of ensuring that software changes won’t hurt the experience of already-purchased hardware. A company’s bad app and slow response to issues can ruin otherwise functioning hardware and discourage future purchases.
Although this is different from the Charge 5’s battery problems that were suspected to be caused by a firmware update—Google denied this was the case but didn’t provide an alternate answer—it’s an improvement to see Google at least acknowledge the app problems. But killing features combined with a broken app experience won’t help the wearables brand’s errant reputation. Fixes are reportedly in the works, but for some it may be too little too late.
Enlarge/ Under C2PA, this stock image would be labeled as a real photograph if the camera used to take it, and the toolchain for retouching it, supported the C2PA. But even as a real photo, does it actually represent reality, and is there a technological solution to that problem?
On Tuesday, Google announced plans to implement content authentication technology across its products to help users distinguish between human-created and AI-generated images. Over several upcoming months, the tech giant will integrate the Coalition for Content Provenance and Authenticity (C2PA) standard, a system designed to track the origin and editing history of digital content, into its search, ads, and potentially YouTube services. However, it’s an open question of whether a technological solution can address the ancient social issue of trust in recorded media produced by strangers.
A group of tech companies created the C2PA system beginning in 2019 in an attempt to combat misleading, realistic synthetic media online. As AI-generated content becomes more prevalent and realistic, experts have worried that it may be difficult for users to determine the authenticity of images they encounter. The C2PA standard creates a digital trail for content, backed by an online signing authority, that includes metadata information about where images originate and how they’ve been modified.
Google will incorporate this C2PA standard into its search results, allowing users to see if an image was created or edited using AI tools. The tech giant’s “About this image” feature in Google Search, Lens, and Circle to Search will display this information when available.
In a blog post, Laurie Richardson, Google’s vice president of trust and safety, acknowledged the complexities of establishing content provenance across platforms. She stated, “Establishing and signaling content provenance remains a complex challenge, with a range of considerations based on the product or service. And while we know there’s no silver bullet solution for all content online, working with others in the industry is critical to create sustainable and interoperable solutions.”
The company plans to use the C2PA’s latest technical standard, version 2.1, which reportedly offers improved security against tampering attacks. Its use will extend beyond search since Google intends to incorporate C2PA metadata into its ad systems as a way to “enforce key policies.” YouTube may also see integration of C2PA information for camera-captured content in the future.
Google says the new initiative aligns with its other efforts toward AI transparency, including the development of SynthID, an embedded watermarking technology created by Google DeepMind.
Widespread C2PA efficacy remains a dream
Despite having a history that reaches back at least five years now, the road to useful content provenance technology like C2PA is steep. The technology is entirely voluntary, and key authenticating metadata can easily be stripped from images once added.
AI image generators would need to support the standard for C2PA information to be included in each generated file, which will likely preclude open source image synthesis models like Flux. So perhaps, in practice, more “authentic,” camera-authored media will be labeled with C2PA than AI-generated images.
Beyond that, maintaining the metadata requires a complete toolchain that supports C2PA every step along the way, including at the source and any software used to edit or retouch the images. Currently, only a handful of camera manufacturers, such as Leica, support the C2PA standard. Nikon and Canon have pledged to adopt it, but The Verge reports that there’s still uncertainty about whether Apple and Google will implement C2PA support in their smartphone devices.
Adobe’s Photoshop and Lightroom can add and maintain C2PA data, but many other popular editing tools do not yet offer the capability. It only takes one non-compliant image editor in the chain to break the full usefulness of C2PA. And the general lack of standardized viewing methods for C2PA data across online platforms presents another obstacle to making the standard useful for everyday users.
Currently, C2PA could arguably be seen as a technological solution for current trust issues around fake images. In that sense, C2PA may become one of many tools used to authenticate content by determining whether the information came from a credible source—if the C2PA metadata is preserved—but it is unlikely to be a complete solution to AI-generated misinformation on its own.
Enlarge/ Illustration of a person who refuses to check their iPhone’s messages until RCS is enabled on their MVNO carrier, out of respect for their Android-toting friends and family.
Getty Images
The future of inter-OS mobile messaging is here, it’s just unevenly distributed.
With iOS 18, Apple has made it possible for non-Apple phones to message with iPhones through Rich Communication Services (RCS). This grants upgrades from standard SMS text messages, like read receipts, easier and higher-quality media sending, typing indicators, and emoji/response compatibility. More than that, it allows for messaging while on Wi-Fi without cellular services and makes group messages far less painful to navigate and leave. Notably, RCS messages between iPhones and non-iPhones will not be encrypted, like Apple’s private iMessage service available exclusively between Apple devices.
iOS 18 makes these RCS upgrades possible, but certainly not guaranteed, at least as of today. Lots of people have already been enjoying cross-platform RCS messaging when texting with iOS 18 beta users. And iPhones on the big carriers’ plans can now trade RCS with Android users. But some iPhone users, particularly on mobile virtual network operators (MVNOs)—typically pre-paid services that do not own network hardware but resell major carrier access—do not have an RCS option available to them yet.
Google, a major proponent of Apple adopting RCS, confirmed to Ars that Google Fi, its own MVNO cellular service, does not, as of this writing, offer RCS chat for iPhone users on Fi messaging with Android users. Android users on Google Fi can use RCS with iPhones on other carriers, so long as that iPhone has “RCS interoperability enabled.”
Reading between the lines, you might conclude that Google is waiting on Apple to enable RCS on a network-by-network basis, both for Fi and for Android users at large. And a Google spokesperson would suggest that is correct.
“We have been working for a long time to accelerate the adoption of RCS, and are excited that Apple is taking steps to adopt RCS with the launch of iOS 18,” a Google spokesperson said in a statement. “Only Apple has the ability to enable RCS interoperability for iPhone users on Fi, and our hope is that they will do so in the near future.”
Ars has contacted Apple, along with carriers Mint Mobile and Boost Mobile, for comment on RCS availability across carriers and will update this post with new information. Some customers of MVNOs offered by the major carriers themselves, like those on Visible from Verizon, have reported having RCS access with iOS 18 installed.
Apple got the message, kept it green
Users of other MVNOs have asked on Reddit why their upgrade from basic SMS to RCS did not occur during the iOS 18 betas. A co-founder and current CFO of Mint Mobile said on September 9 that it would “be a few months, unfortunately,” as the “backend transition is taking some time… Believe me, we want this out as soon as we can,” wrote Rizwan Kassim.
A moderator for the Mint Mobile subreddit suggested that the backend transition involves carriers setting up a relay API for messages, adding that to the “carrier bundle” they deliver to customers and then providing Apple with information it can add to a future iOS update.
If you have an iPhone that isn’t on one of the major carriers’ primary plans (AT&T, T-Mobile, or Verizon) and want to check if RCS should be available, you can do that in Settings. Head to General, choose About, and scroll down to the Carrier line under your active SIM or eSIM. Tap the “Carrier” line until you see “IMS Status.” If it reads “Voice & SMS,” you don’t have RCS yet, but if you see “Voice, SMS & RCS,” you do.
The version of RCS that iPhone and Android users might use now, or soon, is the “RCS Universal Profile,” which does not include the encryption that Google’s own messaging apps provide over RCS. Google’s “Get the Message” campaign tried to shame Apple into adopting RCS. The related site notes that “Apple is starting to #GetTheMessage” with RCS adoption but that iPhone users will have to “check with your carrier” to turn on the feature.
Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.
Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.
Dozens of variants
Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections.
“At the moment, the source of the TV boxes’ backdoor infection remains unknown,” Thursday’s post stated. “One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access.”
The following device models infected by Vo1d are:
TV box model
Declared firmware version
R4
Android 7.1.2; R4 Build/NHG47K
TV BOX
Android 12.1; TV BOX Build/NHG47K
KJ-SMART4KVIP
Android 10.1; KJ-SMART4KVIP Build/NHG47K
One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What’s more, Doctor Web said it’s not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models.
Further, while only licensed device makers are permitted to modify Google’s AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user.
“These off-brand devices discovered to be infected were not Play Protect certified Android devices,” Google said in a statement. “If a device isn’t Play Protect certified, Google doesn’t have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety.”
The statement said people can confirm a device runs Android TV OS by checking this link and following the steps listed here.
Doctor Web said that there are dozens of Vo1d variants that use different code and plant malware in slightly different storage areas, but that all achieve the same end result of connecting to an attacker-controlled server and installing a final component that can install additional malware when instructed. VirusTotal shows that most of the Vo1d variants were first uploaded to the malware identification site several months ago.
Researchers wrote:
All these cases involved similar signs of infection, so we will describe them using one of the first requests we received as an example. The following objects were changed on the affected TV box:
install-recovery.sh
daemonsu
In addition, 4 new files emerged in its file system:
/system/xbin/vo1d
/system/xbin/wd
/system/bin/debuggerd
/system/bin/debuggerd_real
The vo1d and wd files are the components of the Android.Vo1d trojan that we discovered.
The trojan’s authors probably tried to disguise one if its components as the system program /system/bin/vold, having called it by the similar-looking name “vo1d” (substituting the lowercase letter “l” with the number “1”). The malicious program’s name comes from the name of this file. Moreover, this spelling is consonant with the English word “void”.
The install-recovery.sh file is a script that is present on most Android devices. It runs when the operating system is launched and contains data for autorunning the elements specified in it. If any malware has root access and the ability to write to the /system system directory, it can anchor itself in the infected device by adding itself to this script (or by creating it from scratch if it is not present in the system). Android.Vo1d has registered the autostart for the wd component in this file.
The modified install-recovery.sh file
Doctor Web
The daemonsu file is present on many Android devices with root access. It is launched by the operating system when it starts and is responsible for providing root privileges to the user. Android.Vo1d registered itself in this file, too, having also set up autostart for the wd module.
The debuggerd file is a daemon that is typically used to create reports on occurred errors. But when the TV box was infected, this file was replaced by the script that launches the wd component.
The debuggerd_real file in the case we are reviewing is a copy of the script that was used to substitute the real debuggerd file. Doctor Web experts believe that the trojan’s authors intended the original debuggerd to be moved into debuggerd_real to maintain its functionality. However, because the infection probably occurred twice, the trojan moved the already substituted file (i.e., the script). As a result, the device had two scripts from the trojan and not a single real debuggerd program file.
At the same time, other users who contacted us had a slightly different list of files on their infected devices:
debuggerd_real (the original file of the debuggerd tool);
install-recovery.sh (a script that loads objects specified in it).
An analysis of all the aforementioned files showed that in order to anchor Android.Vo1d in the system, its authors used at least three different methods: modification of the install-recovery.sh and daemonsu files and substitution of the debuggerd program. They probably expected that at least one of the target files would be present in the infected system, since manipulating even one of them would ensure the trojan’s successful auto launch during subsequent device reboots.
Android.Vo1d’s main functionality is concealed in its vo1d (Android.Vo1d.1) and wd (Android.Vo1d.3) components, which operate in tandem. The Android.Vo1d.1 module is responsible for Android.Vo1d.3’s launch and controls its activity, restarting its process if necessary. In addition, it can download and run executables when commanded to do so by the C&C server. In turn, the Android.Vo1d.3 module installs and launches the Android.Vo1d.5 daemon that is encrypted and stored in its body. This module can also download and run executables. Moreover, it monitors specified directories and installs the APK files that it finds in them.
The geographic distribution of the infections is wide, with the biggest number detected in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.
Enlarge/ A world map listing the number of infections found in various countries.
Doctor Web
It’s not especially easy for less experienced people to check if a device is infected short of installing malware scanners. Doctor Web said its antivirus software for Android will detect all Vo1d variants and disinfect devices that provide root access. More experienced users can check indicators of compromise here.
On Thursday, Google made Gemini Live, its voice-based AI chatbot feature, available for free to all Android users. The feature allows users to interact with Gemini through voice commands on their Android devices. That’s notable because competitor OpenAI’s Advanced Voice Mode feature of ChatGPT, which is similar to Gemini Live, has not yet fully shipped.
Google unveiled Gemini Live during its Pixel 9 launch event last month. Initially, the feature was exclusive to Gemini Advanced subscribers, but now it’s accessible to anyone using the Gemini app or its overlay on Android.
Gemini Live enables users to ask questions aloud and even interrupt the AI’s responses mid-sentence. Users can choose from several voice options for Gemini’s responses, adding a level of customization to the interaction.
Gemini suggests the following uses of the voice mode in its official help documents:
Talk back and forth: Talk to Gemini without typing, and Gemini will respond back verbally. Brainstorm ideas out loud: Ask for a gift idea, to plan an event, or to make a business plan. Explore: Uncover more details about topics that interest you. Practice aloud: Rehearse for important moments in a more natural and conversational way.
Interestingly, while OpenAI originally demoed its Advanced Voice Mode in May with the launch of GPT-4o, it has only shipped the feature to a limited number of users starting in late July. Some AI experts speculate that a wider rollout has been hampered by a lack of available computer power since the voice feature is presumably very compute-intensive.
To access Gemini Live, users can reportedly tap a new waveform icon in the bottom-right corner of the app or overlay. This action activates the microphone, allowing users to pose questions verbally. The interface includes options to “hold” Gemini’s answer or “end” the conversation, giving users control over the flow of the interaction.
Currently, Gemini Live supports only English, but Google has announced plans to expand language support in the future. The company also intends to bring the feature to iOS devices, though no specific timeline has been provided for this expansion.
Enlarge/ Emojipedia sample images of the new Unicode 16.0 emoji.
The Unicode Consortium has finalized and released version 16.0 of the Unicode standard, the elaborate character set that ensures that our phones, tablets, PCs, and other devices can all communicate and interoperate with each other. The update adds 5,185 new characters to the standard, bringing the total up to a whopping 154,998.
Of those 5,185 characters, the ones that will get the most attention are the eight new emoji characters, including a shovel, a fingerprint, a leafless tree, a radish (formally classified as “root vegetable”), a harp, a purple splat that evokes the ’90s Nickelodeon logo, and a flag for the island of Sark. The standout, of course, is “face with bags under eyes,” whose long-suffering thousand-yard stare perfectly encapsulates the era it has been born into. Per usual, Emojipedia has sample images that give you some idea of what these will look like when they’re implemented by various operating systems, apps, and services.
We last got new emoji in 2023’s Unicode 15.1 update, though all of these designs were technically modifications of existing emoji rather than new characters—many emoji, most notably for skin and hair color variants, use a base emoji plus a modifier emoji, combined together with a “zero-width joiner” (ZWJ) character that makes them display as one character instead. The lime emoji in Unicode 15.1 was actually a lemon emoji combined with the color green; the phoenix was a regular bird joined to the fire emoji. This was likely because 15.1 was only intended as a minor update to 2022’s Unicode 15.0 standard.
Most of the Unicode 16.0 emoji, by contrast, are their own unique characters. The one exception is the Sark flag emoji; flag sequences are created by placing two “regional indicator letters” directly next to each other and don’t require a ZWJ character between them.
Incorporation into the Unicode standard is only the first step that new emoji and other characters take on their journey from someone’s mind to your phone or computer; software makers like Apple, Google, Microsoft, Samsung, and others need to design iterations that fit with their existing spin on the emoji characters, they need to release software updates that use the new characters, and people need to download and install them.
We’ve seen a few people share on social media that the Unicode 16.0 release includes a “greenwashing” emoji designed by Shepard Fairey, an artist best known for the 2008 Barack Obama “Hope” poster. This emoji, and an attempt to gin up controversy around it, is all an elaborate hoax: there’s a fake Unicode website announcing it, a fake lawsuit threat that purports to be from a real natural gas industry group, and a fake Cory Doctorow article about the entire “controversy” published in a fake version of Wired. These were all published to websites with convincing-looking but fake domains, all registered within a couple of weeks of each other in August 2024. The face-with-bags-under-eyes emoji feels like an appropriate response.
Enlarge/ It’s never explained what this collection of app icons quite represents. A disorganized app you tossed together by sideloading? A face that’s frowning because it’s rolling down a bar held up by app icons? It’s weird, but not quite evocative.
You might sideload an Android app, or manually install its APK package, if you’re using a custom version of Android that doesn’t include Google’s Play Store. Alternately, the app might be experimental, under development, or perhaps no longer maintained and offered by its developer. Until now, the existence of sideload-ready APKs on the web was something that seemed to be tolerated, if warned against, by Google.
This quiet standstill is being shaken up by a new feature in Google’s Play Integrity API. As reported by Android Authority, developer tools to push “remediation” dialogs during sideloading debuted at Google’s I/O conference in May, have begun showing up on users’ phones. Sideloaders of apps from the British shop Tesco, fandom app BeyBlade X, and ChatGPT have reported “Get this app from Play” prompts, which cannot be worked around. An Android gaming handheld user encountered a similarly worded prompt from Diablo Immortal on their device three months ago.
Google’s Play Integrity API is how apps have previously blocked access when loaded onto phones that are in some way modified from a stock OS with all Google Play integrations intact. Recently, a popular two-factor authentication app blocked access on rooted phones, including the security-minded GrapheneOS. Apps can call the Play Integrity API and get back an “integrity verdict,” relaying if the phone has a “trustworthy” software environment, has Google Play Protect enabled, and passes other software checks.
Graphene has questioned the veracity of Google’s Integrity API and SafetyNet Attestation systems, recommending instead standard Android hardware attestation. Rahman notes that apps do not have to take an all-or-nothing approach to integrity checking. Rather than block installation entirely, apps could call on the API only during sensitive actions, issuing a warning there. But not having a Play Store connection can also deprive developers of metrics, allow for installation on incompatible devices (and resulting bad reviews), and, of course, open the door to paid app piracy.
Google
“Unknown distribution channels” blocked
Google’s developer video about “Automatic integrity protection” (at the 12-minute, 24-second mark on YouTube) notes that “select” apps have access to automatic protection. This adds an automatic checking tool to your app and the “strongest version of Google Play’s anti-tamper protection.” “If users get your protected app from an unknown distribution channel,” a slide in the presentation reads, “they’ll be prompted to get it from Google Play,” available to “select Play Partners.”
