Google Duo is coming soon to Android TV in beta

Google Duo has served as a great way to video chat on smartphones since its launch in 2016, and it’s soon about to make its big-screen debut. Alongside the recent launch of Google Meet on Chromecast, Google on Thursday teased the upcoming launch of Google Duo on Android TV.

“In an effort to bring the video calling experience to more parts of your home, Google Duo is rolling out a Beta on Android TV in the coming weeks,” Google said in a blog post.

If your TV has a camera, you can easily initiate a chat with an individual or group. If your TV doesn’t have a camera, you can use a USB camera. This will be a great new addition as folks can lounge on their couch while chatting with friends and family on a larger display.

The arrival of Duo on Android TV will come shortly after the service became available on the Google Nest Hub Max.

Google is reportedly in the planning stages to integrate some of Duo’s features into Meet, which is rumored to act as the search giant’s primary video calling and conferencing software. Even if the company plans to eventually merge the two services, it’s nice to see Google continue to iterate on Duo with new features and new platform launches.

Once Google launches the Android TV app for Duo, we’ll update this article. Until then, you can always download the latest version of Duo from the Google Play Store listing embedded below.

Google Duo - High Quality Video Calls (Free, Google Play) →

The post Google Duo is coming soon to Android TV in beta appeared first on xda-developers.

from xda-developers https://ift.tt/32y2nQN
via IFTTT

PSA: A Firebase Cloud Messaging exploit is likely behind strange push notifications from Microsoft Teams and Hangouts

It seems we can’t go a day without another significant security flaw popping up somewhere in some software or service. This week seems to be the time for Firebase Cloud Messaging to run up against an easily-exploitable vulnerability.

Firebase Cloud Messaging is a framework by Google to help make delivering notifications through apps on almost any platform easier. With some simple configuration of both your app and a server, you can send general or targeted push notifications out to your users within minutes. Most Android apps that deliver push notifications likely use Firebase Cloud Messaging (or the legacy Google Cloud Messaging) to do so. That includes apps from single hobbyist developers to apps from giant corporations like Microsoft and, of course, Google.

The Exploit

And that’s where this exploit comes in. If you use apps like Microsoft Teams or Google Hangouts, you may have recently noticed random notifications coming in, like the ones in the following screenshot. These are from people taking advantage of improper configurations of Firebase Cloud Messaging.

Screenshot from /u/ToTooThenThan on Reddit.

I won’t get into too much detail here, but this issue isn’t really Google’s fault. In order to securely send push notifications, Google requires that the server that’s actually sending them also send a key to validate that they’re genuine. This key is only supposed to be in your Firebase console and on your server.

But the affected apps, for whatever reason, also have the key built into them. It’s not used, but it’s there, in plaintext, for anyone to see and use. Somewhat ironically, Google Hangouts and Google Play Music seem to be vulnerable to this exploit, as well as Microsoft Teams. So it’s sort of Google’s fault, but also not really.

And it can be used for pretty nefarious purposes. While it seems most “implementations” of this vulnerability have only been used to send weird text to people, it is possible for an attacker to execute a phishing scam. The text of the notification could be something like, “Your session has expired. Please tap here to sign in again,” with a URL that gets launched when you tap it. That URL could end up being a site styled to look like, say, Microsoft’s login page. But instead of logging into Microsoft, you’re giving someone your login.

What Should Users Do?

Nothing. There’s not much you, as a user, can do to stop these notifications. You can block the channels they come in on (or block notifications from the app altogether), but you can’t filter out the illegitimate notifications, since, as far as Firebase knows, they are legitimate.

What you can do, though, is be careful. If you get a notification that seems to be asking for your login details—or any other personal information for that matter—don’t tap on it. Instead, open the app directly. If the notification was real, the app will indicate that. Otherwise, it was likely a phishing attempt. If you do tap a notification, immediately close any website that opens up.

And finally, if you’ve already put your password in somewhere through a notification, change it immediately, deauthorize all logged-in devices (if applicable), and enable two-factor authentication if you haven’t already.

What Should Developers Do?

If you’ve implemented Firebase Cloud Messaging into your apps, check the configuration files to make sure your server keys aren’t in there. If they are, invalidate them immediately, create new ones, and reconfigure your server.

Again, this isn’t a very technical article, so you’ll want to visit the links below for more information on mitigation.

Google and Microsoft Responses

A Google spokesperson told The Daily Swig that the issue was “specifically related to developers including API keys in their code for services that should not be included, which could then be exploited,” rather than the Firebase Cloud Messaging service itself being compromised. “In cases where Google is able to identify that a server key is used, we attempt to alert the developers so they can fix their app,” the spokesperson added.

Microsoft issued the following statement on Twitter:

We’ve isolated the source of the issue and applied a mitigation. We’ve confirmed that no further unexpected notifications are being sent to users’ Android devices. Additional details can be found in the admin center under TM221041.

— Microsoft 365 Status (@MSFT365Status) August 27, 2020

Further Reading

Here are a couple of articles that go into much more detail about what this exploit is, how it works, and how you can make sure you aren’t vulnerable. If you’re an app developer, or you’re just interested in checking out how this works, take a look.

• Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties
• Google Firebase messaging vulnerability allowed attackers to send push notifications to app users

The post PSA: A Firebase Cloud Messaging exploit is likely behind strange push notifications from Microsoft Teams and Hangouts appeared first on xda-developers.

from xda-developers https://ift.tt/31zzTan
via IFTTT

Amazon’s new Halo fitness tracker can detect your emotions from your voice and 3D scan your body to measure body fat

Amazon is getting into wearables, but its new device, called Halo, is far from a traditional fitness tracker. In fact, Amazon Halo doesn’t have a screen at all.

The online giant’s new wristband prioritizes health more than anything, with features such as activity tracking, heart rate monitoring, sleep tracking, and more. What makes Halo unique is its ability to track a wearer’s emotional state by listening to the tone of their voice, and also estimate a user’s body fat percentage by taking a three-dimensional render of their body.

It’s a departure from today’s most popular wearables, which offer general activity tracking features and also provide smartphone notifications for things like messages and phone calls. Also a departure from traditional wearables is Halo’s lack of GPS, Wi-Fi, and a cellular radio. It does, however, feature water resistance up to 5ATM and a battery that should last a week.

Amazon Halo also features an accelerometer, temperature sensor, heart rate monitor, two microphones, and an LED indicator light. These microphones are strictly for the voice tone feature and not for invoking Alexa, which isn’t supported. These microphones can be turned off with the press of a button.

The voice tone feature is particularly interesting. Amazon says Halo will pick up on the pitch, intensity, rhythm, and tempo of your voice, and then return insights into your emotional state. With a “notable moments” section in the smartphone app, you’ll see what you were like during an interview, conversation with mom, etc. According to Amazon, Halo won’t listen to your voice all the time, and when it does, no audio is uploaded to Amazon servers; humans are also not involved in any step of the way. Audio is sent to your phone via Bluetooth, and all analysis is handled there.

The 3D body scan feature is handled differently. When a user does create a 3D scan, pictures will be uploaded to Amazon’s servers but are deleted once a 3D scan is created. Amazon will employ machine learning models to analyze the scan and calculate your body fat percentage.

Amazon is hoping these features will be educational and motivational, providing users with information about how different levels of body fat can increase their risk for certain health problems. Users have to be 18 years or older to use the body scan feature, although users can be as young as 13 to use Halo.

Images: Amazon. Retrieved via: The Verge

Amazon Halo retails for $99 and ties into a service that costs $3.99 per month. This subscription will feature body composition, tone of voice analysis, sleep and activity tracking, and challenges designed to improve a wearer’s health, whether it be through things like meditation or exercise. As an introductory price, Halo will be available for $64 and come with six months of complimentary service.

At launch, Amazon Halo will offer a variety of bands and also a variety of sizes. Halo comes in small, medium, and large, so you can find a fit that works for you. Amazon Halo is currently available in early access in Black + Onyx, Blush + Rose Gold, and Winter + Silver. The product can only ship to addresses in the United States.

Amazon Halo Technical Details

Subscription	$99.99 device price with six month free subscription. After six months, your subscription will automatically renew at $3.99/month plus applicable tax. See terms of service to learn more.
Battery life	Up to 7 days (Tone disabled), up to 2 days (Tone enabled). Fully charges from 0% in less than 90 minutes. Battery life varies based on device settings and usage.
Water resistance	Swimproof; water resistant to 50M (5 atm). Learn more about water resistance.
Halo band/sensor colors	Black/Onyx, Winter/Silver, and Blush/Rose Gold
Band sizes	Fabric: Small (135-155 mm circumference), Medium (145-180mm circumference), Large (170-220 mm circumference), Sport: Small/Medium (130-180 mm circumference), Medium/Large (160-230 mm circumference)
Band material	Fabric: a woven blend of polyester, nylon, and spandex, Sport: high-performance silicone

Weight	Capsule: 18g, Band: 5.2g (S), 5.4g (M), 6.0g (L)
Bluetooth	Bluetooth 5.0 compatible, Serial Port Profile for Bluetooth connectivity to Android phones and iPod Accessory Protocol for Bluetooth connectivity to iPhones.
Audio	2 built-in microphones for Tone analysis
Warranty	1-year limited warranty. Use of Amazon Halo is subject to Amazon’s Conditions of Use and the terms found here.
Included in box	Sensor, band, USB charging clip, and Quick Start Guide
Generation	1st Generation – 2020 Release
Bands	Interchangeable and available in a variety of colors and materials
Requirements	Active Amazon.com account, compatible mobile device, and the Halo app

The post Amazon’s new Halo fitness tracker can detect your emotions from your voice and 3D scan your body to measure body fat appeared first on xda-developers.

from xda-developers https://ift.tt/3lzFUvE
via IFTTT

Google Assistant’s Snapshot feature now shows more reminders and recommendations

Google Assistant’s helpful Snapshot feature is expanding to add new reminders and recommendations to keep you on task, according to a new blog post by Google.

When the Google Assistant Snapshot feature launched a few years ago, it featured information cards for your upcoming schedule, your daily commute time, and your recent online orders, among other things. With expanded reminders support, you’ll now see upcoming birthdays and holidays. When a birthday card pops up in your Snapshot, you can tap on the card to see suggestions for things like calling, texting, or even singing a personalized birthday song.

Snapshot will also improve and expand upon its recommendations. Before, users would see more general recommendations for things like Google searches and streaming a playlist. Using your personal data, the new Snapshot will now recommend recipes, podcasts, and nearby restaurants that deliver.

As always, your Snapshot feed will dynamically change throughout the day based on what time it is and your interactions with Assistant. (You don’t want to get breakfast recipes during dinner time, and vice versa, for example.)

 

In addition to new reminders and recommendations, Google said users can easily see their Snapshot by saying, “Hey Google, show me my day.” Users can also see their Snapshot by activating Google Assistant and tapping on the icon in the bottom left corner. You can see the new Snapshot features now in the Google Assistant app for iOS and Android.

Google Assistant - Get things done, hands-free (Free, Google Play) →

The post Google Assistant’s Snapshot feature now shows more reminders and recommendations appeared first on xda-developers.

from xda-developers https://ift.tt/2YF1qoC
via IFTTT

Samsung will unveil more details about the Galaxy Z Fold 2 at the “Unpacked Part 2” event on September 1st

When the Galaxy Z Fold 2 launches later this year, it could cost €1999. At least, that’s according to a new report from Roland Quandt at WinFuture.de.

Announced earlier this month, the Galaxy Z Fold 2 is Samsung’s latest attempt at the foldable smartphone. When the first-generation Galaxy Fold originally launched, it was plagued by display issues that caused its general availability to be pushed back. The next-generation model looks to have addressed the flaws of the original.

For one, Samsung has opted to add a later of Ultra Thin Glass like on the Galaxy Z Flip. Samsung also expanded the outer display to a much-larger 6.23 inches, while the main display is now an expansive 7.59 inches. There’s also now a single hole punch cutout for a selfie camera instead of a long notch.

Some of the device’s other notable specs are the Qualcomm Snapdragon 865 Plus chip, 12GB of RAM, 256GB of storage, 4,500mAh battery, and a triple-camera setup with a primary 12MP sensor. The device will also be the first with the Qualcomm FastConnect 6900 mobile connectivity subsystem. If the Z Fold 2 really is going to launch for €1999, consumers are at least getting the specs and design to match.

Samsung Galaxy Z Fold 2 Forums

Although Samsung has tried to keep some mystery surrounding the Galaxy Z Fold 2, we’ve seen it out in the wild on more than one occasion, even recently appearing in a five minute review on YouTube.

Samsung opened up an online reservation system a few weeks ago without revealing the final retail price or even a release date. When the original Galaxy Fold launched last year, it cost $1,980 in the U.S. If WinFuture is to be believed, the Galaxy Z Fold 2 will launch at a comparable, if not lower, price. The publication has a stellar track record when it comes to leaks, but there’s always a chance that pricing information obtained from retailers before launch is inaccurate. We’ll know for sure on September 1st at 10:00AM EST, though, because that’s when Samsung will host “Unpacked Part 2” to unveil all the details of the new foldable device.

Specification	Samsung Galaxy Z Fold 2
Dimensions & Weight	Folded: 159.2 x 68 x 16.8 mm Unfolded: 159.2 x 128.2 x 6.9 mm 279g
Display	Outer Display: 6.23″ HD+ Super AMOLED 2,260 x 816 pixels 25:9 aspect ratio Infinity-O 60Hz refresh rate HDR10+ support Inner Display: 7.6″ FHD+ Dynamic AMOLED 2X 2,208 x 1,768 pixels 5:4 aspect ratio Infinity-O 120Hz refresh rate Dynamic refresh rate HDR10+ support
SoC	Qualcomm Snapdragon 865 Plus
RAM & Storage	12GB LPDDR5 + 256GB
Battery & Charging	4,500 mAh 25W wired fast charging 11W wireless charging Reverse wireless charging
Fingerprint sensor	Side-mounted fingerprint scanner
Rear Camera	Primary: 12MP, f/1.8, OIS Secondary: 12MP, f/2.2, ultra-wide-angle Tertiary: 12MP, f/2.4, telephoto
Front Camera	Folded: 10MP, f/2.2, fixed focus Unfolded: 10MP, f/2.2, fixed focus
Other Features	Folding design 5G: SA, NSA, mmWave
Android Version	Android 10 with One UI

The post Samsung will unveil more details about the Galaxy Z Fold 2 at the “Unpacked Part 2” event on September 1st appeared first on xda-developers.

from xda-developers https://ift.tt/3b4iA41
via IFTTT

Become a Salesforce Expert With 53 Hours of Highly-Rated Instruction for $25

From American Express to Spotify, thousands of companies use Salesforce to handle daily operations. If you want to build a career in sales or marketing, it pays to learn about this versatile platform. With seven in-depth courses, the Complete Salesforce Trailhead 2020 bundle takes you from zero to hero. You can currently pick up the training for just $25 at the XDA Developers Depot.

A recent survey found that 4.2 million jobs relating to Salesforce will be created by 2024. In the meantime, specialist developers earn $117k on average according to Indeed. In other words, there are many good reasons to learn the platform.

The Trailhead 2020 provides the perfect education for Salesforce newbies, with 53 hours of engaging content. The beginner-friendly training shows you how to navigate the platform and take control as an admin. This includes instruction on building processes, data security, and more.

With the basics in place, you can then dive into Salesforce development. The bundle includes three separate courses that show you how to build apps on Salesforce and use integrations. You also get a walkthrough of developing and testing for AppExchange.

Your instructor is Jimmy Tanzil, a Salesforce Certified Application Architect, Developer, and Admin. He has 20 years of experience in IT, and an instructor rating of 4.3 stars.

The training is worth $299, but you can currently get lifetime access to all seven courses for just $25.

 

The Complete Salesforce Trailhead 2020: From Zero to Hero 7-Course Bundle – $25

See Deal

Prices subject to change

The post Become a Salesforce Expert With 53 Hours of Highly-Rated Instruction for $25 appeared first on xda-developers.

from xda-developers https://ift.tt/3b59tAq
via IFTTT

Download: Xiaomi Mi Note 10 / Mi CC9 Pro gets its first MIUI 12 beta with Android 11

Android 11’s stable release is allegedly expected around September 8, but you can take an early glimpse of the upcoming major version of the OS right now through the beta builds. Apart from Google, several OEMs have come forward to offer official Android 11 beta builds for a bunch of smartphones. Xiaomi, for example, initially released vanilla AOSP 11 firmware for the Mi 10, Mi 10 Pro, and the Redmi K30 Pro (Chinese variant of the POCO F2 Pro), but the subsequent builds were rebased on top of the company’s MIUI custom skin. The Chinese OEM has now offered a similar treatment to the owners of the Mi Note 10 by releasing a closed beta build of MIUI 12 based on Android 11 Beta 3 for the phone.

Xiaomi Mi Note 10 XDA Forums

Matter of fact, the actual beta firmware is meant for the China-exclusive Mi CC9 Pro. Since the Mi Note 10 and its “Pro” variant are nothing but a rebranded edition of the Mi CC9 Pro (code-name “tucana”), the package itself can be manually sideloaded on the former phone duo as well. Of course, you can’t use MIUI’s built-in updater for this task, so better opt for a custom recovery solution like TWRP for the flashing job. Moreover, you can’t find Google Play Services or any pre-installed Google apps in this firmware, as such closed beta builds of MIUI 12 are intended for the Chinese userbase.

---

Download Android 11 Beta 3 with MIUI 12 for the Mi Note 10 / Mi CC9 Pro

Caution: The build mentioned on this page is an early release and never intended to be used as a daily driver. The firmware may contain serious bugs and other system instabilities. It is highly recommended that you backup your data before proceeding. Please exercise your own discretion.

You can download the build from the link below:

• Mi Note 10 (Pro)/Mi CC9 Pro
  • Download Android 11 Beta 3 with MIUI 12 (Build number 20.8.26)

To update, download the file and simply use TWRP to flash it. In case you want to downgrade, it would be better to pick the stable Fastboot firmware for your model and do a clean flash.

The post Download: Xiaomi Mi Note 10 / Mi CC9 Pro gets its first MIUI 12 beta with Android 11 appeared first on xda-developers.

from xda-developers https://ift.tt/2QxF6c4
via IFTTT