TIME apps

You Can Now Use WhatsApp Web on Your iPhone

The service has been available on other mobile platforms since January

WhatsApp Web, the desktop browser version of the popular instant messaging app, is now available for Apple’s iOS operating system, meaning Apple users can pair the app with their computers like Blackberry, Windows phone and Android users are already able to.

The service has been available on Google Chrome since January, but was unavailable on the iPhone due to “Apple platform limitations.” However, iPhone users can now go to web.whatsapp.com and scan the automatically generated QR code to chat with people from their desktops.

TIME Nuance

This New Dictation App Is More Powerful Than Any You’ve Ever Seen

Apple Poised to Sell 10 Million IPhones in Record Debut
Bloomberg—Bloomberg via Getty Images A customer tries the Siri voice assistant function on an Apple Inc. iPhone.

Siri can't compete.

Nuance plans to launch its new Dragon Anywhere dictation app this fall on iOS and Android, the Verge reports.

Most of us already have basic dictation features that come with our phones, but this app is much more powerful than any of the features offered by Apple and Google. Those companies’ features require you to constantly stop and wait, and with varying levels of success. Dragon Anywhere, on the other hand, has proved to be “quite accurate.”

Users can also navigate the app using voice commands. They can move between entries, edit a document, and customize dictionaries and text shortcuts that can be synced between devices onto a Dragon desktop app.

Voice dictation apps aren’t in high demand for most people, especially since we already have the basic feature on our smartphones. However, Nuance believes that this app will be successful with professionals, such as doctors, service workers, and anyone else who constantly needs to fill out forms or record lengthy notes.

The only downside about this app is that it will exclusively be available as a subscription, the price of which has yet to be determined because running the servers to keep up with all the transcriptions will be expensive for Nuance. The desktop application will be sold at a flat rate.

TIME Smartphones

Is Your Android Phone Still Safe?

Google Unveils Music, Movie Services To Take On Apple, Amazon
Bloomberg—Bloomberg via Getty Images Google Inc.'s Android logo is displayed during a keynote speech at the Google I/O conference in San Francisco, California, U.S., on Tuesday, May 10, 2011.

A nasty new bug is getting phone makers to change their ways

Not everybody suffers from stage fright. But if you happen to own an Android smartphone, you’re particularly susceptible — and it doesn’t matter whether you’re under the spotlight or in the crowd.

A recently exposed vulnerability within Google’s smartphone operating system, “Stagefright” is the name of a exploit that can infect Android handsets without the phone’s owner knowing. The bug has also highlighted problems in how the mobile operating system used by more than half the world’s smartphones gets security updates.

Stagefright was discovered by researchers last month. Technical details aside, it essentially allows hackers to get access to targeted phones’ pictures and other data by sending a message with a malicious video attached. According to Zimperium, the company that uncovered the bug, Stagefright puts 950 million Android devices at risk. But there’s hope: the company reported the problem to Google and submitted patches before telling anyone else.

Alex Rice, co-founder and CTO of security firm HackerOne, Android’s open-source nature is what allowed the bug to be discovered in the first place, because anybody can look under the hood and check for problems. “One of the things that Android does fairly well is that it’s an incredibly open and transparent platform,” Rice says. “Through (Google’s) bug bounty program and a number of other factors, they actively encourage discussion and participation on the security of the platform.”

But uncovering and patching Stagefright is only the beginning. Updates need to be pushed out to 95% of all Android phones to make sure they’re protected. In an odd twist, that’s a feat made more complicated by Android’s open nature. Handset makers like Samsung and HTC alter Google’s stock Android software to differentiate their products from one another with exclusive interfaces and features. But that means they also need to make new security patches compatible with their modified software. Historically speaking, manufacturers haven’t done a great job of pushing out security updates, especially for older phones.

Part of the problem is the business model around mobile phones, Rice says. “If you walk into a Verizon store and purchase a Samsung Galaxy that has a platform built by Google,” he asks, “whose customer are you, in that case?” In that situation, Rice thinks Verizon should own the relationship with the customer, since it’s the company that’s taking their money. “But Verizon is three steps removed from the person who receives the vulnerability report and is capable of fixing it,” he adds.

This lack of accountability makes Android harder to keep secure, a frustration that was enough to make Vice’s Lorenzo Franceschi-Bibbhierai abandon his beloved Android device. Frustrated by the amount of time it takes security updates to filter through Google, handset manufacturers, and carriers, the security journalist argues that Android users are left exposed to bugs. By comparison, he writes, “When there’s a bug on iOS, Apple patches it and can push an update to all iPhone users as soon as it’s ready, no questions asked.”

At this month’s Black Hat USA conference in Las Vegas, an annual gathering of the world’s information security experts, Google made efforts to right the ship. With Stagefright generating a lot of the buzz, one of the talks kicking off the conference was about the state of Android security. Adrian Ludwig, one of Android’s lead security engineers, announced that Google is now committing to monthly, over-the-air security updates for three years on all Google-branded Nexus devices. Samsung and LG are reportedly making similar commitments.

“This is exactly the commitment consumers should demand from manufacturers,” says Rice, who thinks three years is a strong commitment to a device. And while many people wonder if these systemic vulnerabilities spell trouble for the future of Android, the reality is that your Google smartphone is probably safer today than it was last month. Unless you have an older model, of course, in which case you should consider upgrading — like, yesterday.

TIME Volkswagen

Volkswagens Are Getting A Long Overdue Upgrade

USB ports, finally.

Volkswagen is rolling out a new console platform, MIB II, in its 2016 models, reflecting the car company’s increased investment in technology. According to Left Lane News, 90% of Volkswagen’s current innovations are in the realm of electronic systems.

The MIB II replaces phone-specific ports for phones with USB ports. It also offers an increased amount of connectivity with an App-Connect feature that recognizes the type of phone brought into the vehicle and syncs the platform display to match. Drivers will be able to use hands-free and voice-assistance features with the MIB II as well.

The new technology will be available on most 2016 VW vehicles, according to Cars.com.

TIME Google

Google Has a Stagefright Bug Fix For Android Owners

It reportedly infected nearly 1 billion phones

Stagefright, the bug that infected nearly 1 billion of Google’s Android phones with a single text, has a fix.

Google announced that the bug was handled in a recent software update to its Android phones.

The security firm Zimperium found that 95% of Android phones were vulnerable to the malware by opening the text message. However, Google told CNBC Wednesday that 90% of Android devices were protected because of what’s called “address space layout randomization.”

Google has also said that there will be updates to its Messenger service in which video messages won’t play automatically when previewed. That would halt a similar bug from infecting devices in the future.

For more on Stagefright, here’s a Fortune explainer on the bug.

TIME Google

Google Translate Just Got Way Better

Google Opens New Berlin Office
Adam Berry—Getty Images

It now works for Lithuanian, Norwegian, Polish and Romanian

Google Translate is now even more useful for those last-minute translation needs.

The app now has the ability to instantly translate 27 languages from text. The way it works is simple, too: Just point your smartphone’s camera at the text you don’t understand and have the app translate it in real time.

TechCrunch reports that the app has recently expanded from translating seven languages to 27 languages, including Lithuanian, Norwegian, Polish, and Romanian. The update is available for both iOS and Android devices. TechCrunch spoke with Julie Cattiau, the product manager for Google Translate, who said:

Our mission is to help overcome language barriers. Whenever someone faces an obstacle due to encountering a second language, we want to be there to help solve the problem. Within that mission, our most important project is improving the quality of machine translation. But part of that is also the overall user experience, which is why we also invest in things like instant camera translation and multi-language conversation.

TIME Android

Stagefright: Everything You Need To Know About Google’s Android Megabug

The Latest Mobile Apps At The App World Multi-Platform Developer Show
Bloomberg—Bloomberg via Getty Images A logo for Google Inc.'s Android operating system is displayed on an advertising sign during the Apps World Multi-Platform Developer Show in London, U.K., on Wednesday, Oct. 23, 2013. Retail sales of Internet-connected wearable devices, including watches and eyeglasses, will reach $19 billion by 2018, compared with $1.4 billion this year, Juniper Research said in an Oct. 15 report. Photographer: Chris Ratcliffe/Bloomberg via Getty Images

Here's a friendly Q&A to help you understand what happened, why it is a problem that still needs fixing, and what you can do about it.

Stagefright? What? Huh? That’s what you’ve been asking yourself ever since the Internet erupted yesterday over the announcement of a big computer bug in Google’s Android operating system.

In fact, you might still be wondering: Is my phone safe? Wait, the Internet erupted? Did it actually explode? (Is that even possible?)

Thankfully, no. I mean maybe, but as long as you’re still able to read this then I think we’re doing okay. Anyway, for those who still have questions about all the hullabaloo, Fortune has drafted a friendly Q&A to help you understand what happened, and why it is a problem that still needs fixing.

What is stage fright?

Stage fright is the nervous sensation a presenter feels before appearing publicly. (Say, for example, at a major security conference next month.)

Stagefright, on the other hand, is the nickname of a terrible Android flaw found in the open source code of Google’s Android operating system. The vulnerability, disclosed on Monday, may be the worst one to date. It puts 95% of Android devices—950 million gadgets—at risk of being hacked.

Where does the name come from?

“Stagefright” is the name of the media library—a portion of Android’s open source code—in which the bugs were found. It’s obviously a great bug name, too.

No lie. What does that media library do?

Stagefright—the library, not the bug—helps phones unpack multimedia messages. It enables Android phones to interpret MMS content (multimedia message service content), which can contain videos, photos, audio, text, as opposed to, say, SMS content (short message service content), which can contain only 160 characters. The bugs are in that library.

Wait, I thought you said Stagefright is a bug, not bugs?

Okay, okay. So Stagefright is a collection of bugs, if you want to be technical. Seven to be exact. If you want to get real technical, their designations are:

  • CVE-2015-1538,
  • CVE-2015-1539,
  • CVE-2015-3824,
  • CVE-2015-3826,
  • CVE-2015-3827,
  • CVE-2015-3828, and
  • CVE-2015-3829

But for our purposes, I’ll just refer to them collectively as Stagefright. A singular bug set; one vulnerability.

Fine, that seems easier. Why should I care about it?

Well, if you’re an Android user then your device is probably vulnerable.

Is that bad?

That means an attacker can infect your device simply by sending you a malicious MMS message. (Remember that acronym? Multimedia message service.) In fact, a victim doesn’t even have to open a booby-trapped message for the attack to spring. Once the message received, your phone is toast.

Er…that doesn’t sound good.

Right. Once inside, an attacker can access your phone’s data, photos, camera, microphone. What’s worse is that a clever baddie can delete the booby-trapped message from your phone before you even realize that your device has been compromised. So basically, yeah it’s bad.

That does sound bad.

Yup. And it gets worse! Imagine this scenario: Someone attacks your phone, steals your contact list, automatically targets those devices—rinse, repeat. Now everyone’s infected.

That’s what we like to call a computer worm.

How long has this been the case?

About five years.

What?? You mean my phone has been open to attack this whole time???

Yes.

Surely, Google must have patched it by now!

You’re right! Google patched the bugs right away. The company learned about one set of vulnerabilities in April and another set in May. The person who discovered the problems—Joshua Drake, a researcher at the mobile security company Zimperium zLabs—says he provided patches, and Google adopted them within two days. (The company reportedly paid him $1,337 for his work.)

Woohoo! So I’m safe?

Nope. The problem isn’t fixed.

What? Huh? Why?

That’s because Google’s Android ecosystem relies on its partnering phone-makers to push out software upgrades. That means Samsung, HTC, LG, Lenovo, Motorola, Sony, among others, are responsible for delivering the patches to customers.

Have they done so yet?

CyanogenMod, Mozilla, and Silent Circle’s Blackphone have.

I don’t use those…

Then you’ll have to wait. The other companies have issued statements that basically say, “We’re working on it.” You can read them here.

Is there a way to test whether I’m vulnerable?

If you’re using a phone that runs on Android version 2.2 or above, you may as well assume you’re at risk. The most vulnerable phones predate Jelly Bean (version 4.1), and that accounts for about 11% of Android phones on the market.

(We’ll add a link to a test when one comes to our attention but, unfortunately, there’s nothing available yet—at least that we know of. Though it would be pretty cool if someone came up with one. Nudge nudge, wink wink.)

Why are post-Ice Cream Android phones better off?

As Google Android’s lead security engineer explains here, that’s about the time that Google put in place some strong exploit mitigation technologies, like one called Address Space Layout Randomization. “This technology makes it more difficult for an attacker to guess the location of code, which is required for them to build a successful exploit,” Adrian Ludwig writes. He goes on: “(For the layperson — ASLR makes writing an exploit like trying to get across a foreign city without access to Google Maps, any previous knowledge of the city, any knowledge of local landmarks, or even the local language. Depending on what city you are in and where you’re trying to go, it might be possible but it’s certainly much more difficult.)”

You can find a list of similar security technologies implemented since Ice Cream (version 4.0) here.

So I get that I should pressure my phone-maker to push out the fixes. What about my wireless carrier?

Well, if your wireless carrier was real cool, it could create a signature for Stagefright-based attacks, and block those threats on its network. Fiat Chrysler recently worked with Sprint to make its cars much less hackable that way. Your carrier could also help make sure the fix works for older versions of Android, too, rather than just making sure the latest version is protected. The security researcher Nicholas Weaver recently made this point on Twitter.

He suggested something similar for Google, too.

Can I do anything else to be safer?

First, ask your device manufacturer for an update: When will a patch be available and will you be covered? You might also consider changing the settings on your Android apps that use MMS, like Messaging and Hangouts. Un-click “automatically retrieve MMS messages.” In the meantime, consider using Snapchat or WhatsApp to swap clips, GIFs, and whatnot.

Other than that, keep your phone number private, I guess? Drake, the guy who found the flaw, plans to present more details at the Black Hat conference next month.

Okay, thanks for the tips. If I have any other questions, can I call you?

No, sorry. My phone number is private information.

Just testing you!

Ah I see what you did there, you jokester!

TIME Microsoft

Microsoft Just Unveiled This Totally Unexpected New Product

US-IT-INTERNET-SOFTWARE-MICROSOFT
AFP—AFP/Getty Images The Microsoft logo.

No, it doesn't have anything to do with Windows 10

While many Microsoft customers are patiently awaiting the release of Windows 10, Microsoft has surprised us all by quietly unveiling a completely unexpected new product: Arrow Launcher Beta.

Arrow Launcher is a basic and user-friendly Android launcher with three main pages, and as its name suggests this is an early version of the product.

Your home page contains all of your apps. It’s divided into a Recent section, displaying the ones you recently downloaded, and a Frequent section, showing the apps which you use most often. Swipe to the left of the home page to find your phone and email contacts, which are also organized by frequent use. To the right of the home page are your notes and reminders, a valuable feature that isn’t included in most Android launchers. Swipe up for a list of quick-access apps, settings, and feedback options.

Arrow Launcher is currently in private beta. In order to access it, you need an invitation, which you can ask for by joining this Google+ group. However, you may want to keep in mind that, as with any other product that’s undergoing beta-testing, Arrow Launcher does come with some bugs: the row of apps on the bottom of the home page may be cut off, the Frequent sections on the home and People pages take some time to settle in accurately and, as of yet, the launcher does not support widgets. If you think you’re strong enough to endure all that, you can request an invitation to access it by joining this Google+ group.

TIME Smartphones

Miss Your Flip Phone? LG Has Released a New One

Snag: Right now, it's only available in South Korea

The flip phone is back. On Monday, LG unveiled the Gentle—an Android-powered flip phone that evokes the svelte simplicity of the Motorola Razr, which was all the rage back in 2005.

It’s not just a stylistic emulation, apparently: Mashable reports that the Gentle’s capabilities are “terribly outdated,” with just 4 gigabytes of storage (on par with the first iPhone model, circa 2007) and a camera operating with just three meager megapixels.

Still, it’s compact, probably user-friendly, and almost certain to go for longer between charges than its more advanced peers, whose innumerable capabilities come at the cost of battery life. It’s also super affordable. According to Mashable, the phone will sell in South Korea for the equivalent of $171. The iPhone 6 goes for about $730.

[Mashable]

TIME Android

Nearly 1 Billion Phones Can Be Hacked With 1 Text

The Latest Mobile Apps At The App World Multi-Platform Developer Show
Chris Ratcliffe—Bloomberg / Getty Images Google's Android platform is vulnerable to the attack.

"Stagefright" is one of the worst Android vulnerabilities to date.

So listen: Can I have your number?

Can I have it? Can I? Have it?

Um…maybe not. Actually, you should think twice before giving away your cell phone number—especially if you happen to own a phone that runs on Google’s Android operating system.

That’s the only thing a hacker needs to compromise a handset.

A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices—that’s 950 million gadgets—exposed to attack. The computer bug, nicknamed “Stagefright” after a vulnerable media library in the operating system’s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on.

Should a hacker learn someone’s cell phone number, all it takes is for that person to send a malware-laced Stagefright multimedia message to an affected phone in order to steal its data and photos or to hijack its microphone and camera, among other nefarious actions. Worse yet, a user might have no idea that his or her device has been compromised.

Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs, says an attacker can delete the message before a victim has any idea.

“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” he writes on his company’s blog. “Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

When Drake reported the severe vulnerabilities along with potential fixes to Google in April (as well as another set May), the company, he writes, “acted promptly and applied the patches to internal code branches within 48 hours.” That doesn’t mean the problem is resolved, however.

As Forbes reporter Thomas Fox-Brewster writes, device manufacturers will still need to push the updates out in order to safeguard their customers. Google’s major Android partners, which include phone-makers like LG, Lenovo, Motorola, Samsung, and Sony were not immediately available to comment. (Fortune will update this when we hear back.)

An HTC spokesperson responded: “Google informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”

Drake praises the security firm Silent Circle, based in Geneva, Switz., which makes the Blackphone handset, for its quick response protecting users since it released PrivatOS version 1.1.7. He also praises Mozilla, maker of the Firefox web browser, for including fixes since version 38. “We applaud these vendors for prioritizing security and releasing patches for these issues quickly.”

“This is Heartbleed for mobile,” said Chris Wysopal, chief tech and information security officer at the application security firm Veracode. These vulnerabilities “are exceedingly rare and pose a serious security issue for users since they can be impacted without having clicked on a link, opened a file or opened an SMS.”

Drake plans to present his research at the Black Hat and Def Con security conferences in Las Vegas next month.

So, um, can I have your number?

Your browser is out of date. Please update your browser at http://update.microsoft.com