[Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19

Update 5 (5/4/2020 @ 3:25 PM EST): Apple and Google have shared some screenshots of the Exposure Notification API and announce that location tracking will be prohibited.

Update 4 (4/29/2020 @ 2:30 PM EST): Apple and Google have released a beta version of their Exposure Notification API for public health agencies.

Update 3 (4/24/2020 @ 3:15 PM EST): Apple and Google are renaming the Contact Tracing API to “Exposure Notification,” adds more privacy protections.

Update 2 (4/24/2020 @ 11:30 AM EST): Apple and Google’s contact tracing API will go live next week and will include most Huawei devices.

Update 1 (4/13/2020 @ 5:51 PM EST): During a conference call with reporters, Google and Apple clarified some more details about how Contact Tracing will be rolled out for users.

Due to the ongoing threat posed by SARS-CoV-2, Google and Apple have teamed up to announce a new API and Bluetooth Low Energy specification called “Contact Tracing.” The idea behind contact tracing is to inform users if they’ve recently been in contact with someone who has been positively diagnosed with COVID-19. South Korea and Taiwan have successfully “flattened the curve,” as in they’ve limited the number of new cases to fall below the capacity of their healthcare systems, by implementing widespread testing and contact tracing. According to the Associated Press, several countries in Europe including the Czech Republic, the U.K., Germany, and Italy are developing their own contact tracing tools. Apple and Google hope to empower nations and medical organizations around the world with the ability to trace the spread of the novel coronavirus, but the two companies also recognize the potential privacy concerns with this pandemic containment method. That’s why the two companies have created the new API and Bluetooth spec “with user privacy and security central to the design.”

Google and Apple published blog posts and documents that outline their goals to roll out a new API and Bluetooth LE service. Due to urgent need, both companies are tackling this problem in two stages. First, in May, both companies will release an API that “[enables] interoperability between Android and iOS devices using apps from public health authorities.” These apps will be made available for users to download on the Google Play Store and Apple App Store. On Android, the API will likely become available for apps through an update to Google Play Services. Second, in the next few months, both Google and Apple will add support for a new Bluetooth Low Energy service into Android and iOS. For iOS, this new BLE service will likely come via an OS update, while for Android, this service will likely be added as part of another update to Google Play Services. Google says that adding a Bluetooth LE Contact Tracing service “is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities.”

Once an app integrates the new API or the BLE specification has been integrated, Android and iOS users can receive notifications if they’ve recently been in contact with someone who has been diagnosed with COVID-19. Notably, the BLE solution will not require the user to have an application installed (presumably they just need Google Play Services), but if they choose to install one of the official apps, then the app can inform them on the next steps to take after they receive a notification. This will allow users to decide if they need to self-quarantine for 14 days or to seek testing and further medical intervention. Here is an example flow of what Google and Apple envision will be possible with this new Bluetooth LE service:

An overview of COVID-19 contact tracing using Bluetooth Low Energy. Source: Google/Apple.

Here is what Google says about how they designed the new Android Contact Tracing API to protect user privacy and security:

• Apps calling the API via the startContactTracing method are required to get user consent to start contact tracing. If this is the first time the API is being invoked, the user will be shown a dialog asking for permission to start tracing.
• In order to be whitelisted to use this API, apps “will be required to timestamp and cryptographically sign the set of keys before delivery to the server with the signature of an authorized medical authority.” In other words, unauthorized COVID-19 apps will not be allowed to use this API.
• If the user uninstalls the app, the stopContactTracing method “will be automatically invoked and the database and keys will be wiped from the device.”
• The user, after having confirmed a positive diagnosis of COVID-19, must grant explicit consent to upload 14 days of daily tracing keys. A dialog will be shown to the user if the app calls the startSharingDailyTracingKeys method.
• Users will be shown what date and for how long they were in contact with a potentially contagious person, down to increments of 5 minutes, but not who or where the contact occurred.

Here is how the new BLE Contact Detection Service will protect user privacy and security:

• The spec does not require the user’s location or any other personally identifiable information. Location-use is completely optional and is only done after the user provides explicit consent.
• Rolling Proximity Identifiers are changed every 15 minutes on average, which makes it “unlikely that user location can be tracked via Bluetooth over time.”
• Proximity identifiers retrieved from other devices “are processed exclusively on device.” This means that the “list of people you’ve been in contact with never leaves your phone.”
• It’s up to the user to decide if they want to contribute to contact tracing. Users who are diagnosed with COVID-19 must consent to sharing Diagnosis Keys with the server. There will be transparency about the user’s participation in contact tracing, and “people who test positive are not identified to other users, Google, or Apple.” In fact, this information “will only be used for contact tracing by public health authorities for COVID-19 pandemic management.”
• In case you’re wondering, the Content Detection Service should not significantly drain the battery of a device if the hardware and the OS support “Bluetooth controller duplicate filters and other [hardware] filters” to “account for large volumes of advertisers in public spaces.” Scanning is “opportunistic,” meaning it can occur within existing wake and scan window cycles, but will also occur at a minimum of every 5 minutes.

Because the new Contact Tracing specs are designed with user privacy and security in mind, it’s debatable how effective they’ll be at limiting the spread of COVID-19. According to The Verge, such opt-in, non-invasive contact tracing measures may have limited effectiveness. The issues boil down to a lack of widespread adoption by the population and a potentially large number of false-positive Bluetooth proximity events. Still, I hope this new initiative is successful. It’s rare to see Google and Apple collaborate on anything, but desperate times call for desperate measures.

Sources: Google Blog Post, Overview of COVID-19 Contact Tracing, Contact Tracing BLE Spec, Contact Tracing Cryptography Spec, Android Contact Tracing API Spec

---

Update 1: More Details

In a conference call with reporters, Google and Apple clarified some points about the upcoming Contact Tracing API (rolling out in mid-May as part of “phase 1”) and BLE Contact Detection Service (rolling out later this year as part of “phase 2”). According to TechCrunch and Axios, both the Contact Tracing API and the BLE Contact Detection Service will be available on Android devices following updates to Google Play Services—so long as the Android smartphone is running Android 6.0 Marshmallow. Users will not need to manually update their devices or even update their OS since updates to Google Play Services happen silently in the background through the Google Play Store.

Although the introduction of BLE Contact Detection Service means that users won’t need to install an application to partake in contact tracing, Google says that users will still be prompted to download a relevant public health app if a positive contact event has been detected. This will help users determine the next steps they should take. Apple notes that while data, after being processed locally on-device, may be “relayed” to servers run by public health organizations around the world, there will not be a centralized data server. This will make it difficult for any government or other malicious actor to conduct surveillance. According to Axios, countries can run their own servers or use ones from Apple and Google. To prevent people from submitting false positive diagnoses, Apple and Google are working with public health organizations on a way to confirm diagnoses.

With the confirmation that Google will bring Contact Tracing to Android devices via updates to Google Play Services, what will happen to the millions of devices without Google Mobile Services? I’m referring, of course, to the millions of devices in China and the newer smartphone releases by Huawei and Honor. According to The Verge, Google “intends to publish a framework that those companies could use to replicate the secure, anonymous tracking system developed by Google and Apple.” Thus, it’s up to third-parties to decide whether they want to use that system. Google did not confirm if its Contact Tracing framework will be open-sourced, but they did say they will offer code audits to companies that want to adopt the system.

---

Update 2: Initial Rollout, Huawei Involvement

Originally planned to go live in “mid-May,” it looks like Apple and Google’s Contact Tracing timeline has moved up. According to Thierry Breton, the European Commissioner for internal market, Phase 1 of the plan will go live on April 28th. This information was given to Mr. Breton by Apple CEO Tim Cook.

Phase 1 of Contact Tracing is all about APIs. These APIs will be used by developers who are working on behalf of public health agencies, not third-party applications. The APIs will be made available through an update to Google Play Services and most devices with Android 6.0+ and Bluetooth Low Energy can support Contact Tracing.

Of course, recent Huawei and Honor devices do not have Google Play Services, but many older devices still do. TechRadar confirms that these older devices, which do not include the Huawei Mate 30, P40, Honor V30, and others, will be included in the rollout. As for the other Huawei/Honor devices, the previous article update stated that Google “intends to publish a framework that those companies could use to replicate the secure, anonymous tracking system developed by Google and Apple.”

Source 1: Les Echos | Via: TechCrunch | Source 2: TechRadar

---

Update 3: More Privacy Protections

Apple and Google are now referring to the Contact Tracing plan as “Exposure Notification,” which they say is a better description for the purpose of the tool. We also have some more information about how health authorities can fine-tune the API and the privacy protections that will be in place.

The API uses Bluetooth to detect if you’ve been in the vicinity of others who have tested positive, but that has the potential to be inaccurate (detecting people who weren’t close enough or behind a wall). The API will share the strength of the Bluetooth signal so health authorities can set their own threshold for what constitutes a “contact event.”

The API will share how many days have passed since an individual “contact event.” It will not share the precise length of time the two people were in contact. Rather, it will only share estimates of exposure time, from a minimum of 5 minutes to a maximum of 30 minutes, in increments of 5 minutes. Health authorities can use this information to alter their guidance to users based on how long ago the event was.

Bluetooth metadata will be encrypted to protect against it being used to track individuals in reverse identification attacks. This metadata includes signal strength and other information. The encryption algorithm is being changed to AES from HMAC that they were using before. AES encryption can be accelerated on many mobile devices, making the API more power-efficient.

Lastly, the keys used to trace potential contacts are now randomly generated rather than being derived every 24 hours from a “tracing key” that is permanently tied to a particular device. This gets rid of the chance that an attacker with direct access to a device can figure out how keys are generated from the tracing key, though that is very, very difficult to do already.

Source 1: Axios | Source 2: Bloomberg | Source 3: TechCrunch

---

Update 4: Beta APIs Available

Apple and Google are rolling out their Exposure Notification APIs (formerly called “Contact Tracing”) in a private beta starting today. Google is releasing the beta update through Google Play Services, so they’ll work on any Android 6.0+ device with Bluetooth Low Energy. Public health agencies can begin using these APIs in Android Studio and start testing.

The stable version of the API is still planned to be released in the coming weeks. As the two companies have consistently reiterated, this API is not intended to be used by third-party developers. It’s for public health agencies, and when work has been completed by the developers of these agencies, you will download an app from them.

Source: Bloomberg

---

Update 5: Screenshots, No Location Tracking

Apple and Google are continuing to release more information about the Exposure Notification API. First, the companies shared some guidelines that public health authorities will have to follow to have their contract tracing apps in the respective app stores. The apps are prohibited from collecting device location data, the API is limited to one app per country, and the data collected can’t be used for targeted advertising.

The API limit of one app per country is to reduce fragmentation, but Apple and Google will be flexible and work with governments in countries that may need multiple apps. For example, countries where contact tracing is done regionally or by states.

Apple and Google have also shared some mock-up screenshots of what Exposure Notification settings and apps should look like. The image above shows the new “COVID-19 Exposure Notifications” section in Google Play Services. This section shows whether it’s enabled and which apps are able to send exposure notifications. Users can launch the app from here and see how many “exposure checks” have been done in the last 14 days, delete random IDs, and turn off notifications.

Google also shared some sample screenshots (above) of what an app that uses the Exposure Notification API could look like. The source code for this app has been published on the company’s Github page if health agencies wish to use it to build apps.

Sources: VentureBeat, 9to5Google, 9to5Google

The post [Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19 appeared first on xda-developers.

from xda-developers https://ift.tt/2UZOXLa
via IFTTT

May 2020 Android security patches rolling out for Google Pixel devices

In keeping with its tradition of rolling out Android security patches on the first Monday of each month, Google has now started pushing the May 2020 Android security patches for its Pixel devices. The update is now rolling out to the Pixel 4, Pixel 4 XL, Pixel 3a, Pixel 3a XL, Pixel 3, Pixel 3 XL, Pixel 2, and Pixel 2 XL.

Google has not listed any functional patches for Pixel devices this month. There were, however, 15 issues resolved in the Android security patches. There are two sets of build numbers for the patches this month. The builds below are each appended with either “A3” or “B3.” The A3 builds are for Taiwan carriers and the B3 builds are for all other carriers.

Build Numbers

• Pixel 2(XL): QQ2A.200501.001.A3 or B3
• Pixel 3 (XL): QQ2A.200501.001.A3 or B3
• Pixel 3a (XL): QQ2A.200501.001.A3 or B3
• Pixel 4 (XL): QQ2A.200501.001.A3 or B3

Download Factory Images | Download OTA Images

Android Security Bulletin | Pixel Update Bulletin | Pixel Functional Changes

The post May 2020 Android security patches rolling out for Google Pixel devices appeared first on xda-developers.

from xda-developers https://ift.tt/3c9ukCo
via IFTTT

Create a Dual Monitor Setup at Home with the DUEX Pro Laptop Display

For tasks such as coding and design, working on a 13-inch laptop screen can be quite frustrating. At your desk, you can easily hook up external displays. But what about when you want to work on the sofa? The Mobile Pixels DUEX Pro Portable Dual Monitor attaches to the side of your laptop to extend your digital workspace. You can get it now for just $179.35 when you use code SAVEDUEXPRO at the XDA Developers Depot.

https://www.youtube.com/embed/3ccSagT42m8

Brought to life by over $1 million in funding on Indiegogo, DUEX Pro was originally aimed at commuters and remote workers. But given the current crisis, many users are finding the display pretty useful at home.

This 12.5-inch screen clips on to the bezel around the edge of your laptop’s display. DUEX Pro offers a wide viewing angle thanks to IPS technology, and you get 1080p resolution. This makes the display well suited to creativity.

The mount offers 270 degrees of freedom, meaning you can find the perfect angle for your second display. You can even use DUEX Pro to deliver a presentation. It works with Windows, Mac, Linux, and Chrome, connecting via the supplied USB cable.

It’s normally $249.99, but you can grab the display now for $179.35 with the code SAVEDUEXPRO.

 

Mobile Pixels DUEX Pro Portable Dual Monitor – $179.35 with code SAVEDUEXPRO

See Deal

Prices subject to change 

More from the XDA Developers Depot

• Work-from-home accessories to keep you productive
• DIY projects to keep you entertained indoors
• New skills you can learn without leaving home

The post Create a Dual Monitor Setup at Home with the DUEX Pro Laptop Display appeared first on xda-developers.

from xda-developers https://ift.tt/2xwx79s
via IFTTT

Samsung Galaxy S8 and Galaxy S8+ will now receive security updates quarterly instead of monthly

The Samsung Galaxy S8 and Galaxy S8+ were launched back in March 2017 as the premier flagships from Samsung. At the time of their launch, these were some of the best devices you could buy in the market, with excellent performance across the board. But time is a cruel mistress, and what were once amazing flagships, are now older devices in an ever-expanding portfolio. Samsung’s usual update policy promises regular monthly security updates for flagships for three years since their launch, and quarterly updates after that point. Sadly, for the Galaxy S8 and Galaxy S8+, these devices have now reached the threshold, and hence, will be moved to a quarterly release schedule.

Samsung Galaxy S8 XDA Forums

Current models for Quarterly Security Updates

Samsung is known to release two major Android OS updates for its flagships, in addition to the monthly security update releases for three years. The Galaxy S8 and Galaxy S8+, launched with Android 7.0 Nougat, received Android Pie last year alongside OneUI. There’s no further indication that any other major software jumps are planned for the device, and that is fair enough. Owing to their age, the devices will now receive a single firmware update every three months which will bundle all the security patches from the preceding months.

Current models for Monthly Security Updates

Samsung has been very good when it comes to security patches, for its flagships at least, including the older ones. Newer flagships like the Samsung Galaxy Fold, Samsung Galaxy S20, and Galaxy Note 10 have received their monthly update even before Google released the bulletin to the public and rolled out updates to Pixels, and this has happened for a few months now. Devices as old as the Samsung Galaxy S6 have also received security patches four years after their launch. The Galaxy S7 also received promised security updates for four years. So we can definitely acknowledge the work Samsung has been doing on this end. Meanwhile, if you do really want the latest Android update on your Galaxy S8, may we suggest some custom ROMs for this?

---

Source: Samsung Mobile Security
Story Via: Galaxyclub.nl

The post Samsung Galaxy S8 and Galaxy S8+ will now receive security updates quarterly instead of monthly appeared first on xda-developers.

from xda-developers https://ift.tt/2VYZvdS
via IFTTT

Xiaomi Mi 10 5G to now launch in India on May 8th

Xiaomi has been at the forefront of the smartphone revolution in India. The affordable offerings under the Redmi branding have helped Xiaomi establish a strong base in India and surpass established players like Samsung to become the leading phone brand in the country. While Xiaomi announced Mi-series flagships such as the Mi 5 and the Mi MIX 2 in the past, the company has primarily focussed on Redmi because it is oriented with the demands of this price-sensitive market. But after testing the waters with its flagship killer – Redmi K20 Pro (review) last year, Xiaomi will reintroduce the Mi-branded flagship lineup in India. While the original plan was to launch the Xiaomi Mi 10 5G in India at the end of March, it was delayed by the nationwide lockdown due to COVID-19.

Instantly after the Indian government announced relaxations in the lockdown, Xiaomi has jumped back into action. In a fresh statement issued by the company, it has revealed a fresh date for the launch of the Mi 10 5G, one that isn’t too far from now. The Mi 10 flagship will be launched in India on May 8th, 2020, Mi India announced in a tweet. As expected, the event will be hosted and broadcast virtually, ensuring compliance with the restriction due to the yet-to-be-contained pandemic.

This is gonna evoke a lot of excitement.
This is gonna #EvokeYourImagination.

Mi fans, #Mi10 is launching on MAY 8th.

Yes, just 4⃣ days to go for the #108MP phone and more…

RT if you have been waiting for the launch date. pic.twitter.com/sFSfrpqIhB

— Mi India (@XiaomiIndia) May 4, 2020

Xiaomi’s Mi 10 will be the most expensive phone to be sold by the company in India. Moreover, the phone will not be manufactured in India initially; the import duties along with the 50% hike in Goods & Services Tax (GST) will pile on top of the direct CNY-INR conversion, pushing the price past the ₹45,000-mark easily. This is also the reason why Xiaomi will not be launching the Mi 10 Pro 5G in India just yet.

Among the changes for the Indian variant of the Mi 10, the phone will feature Google apps such as Messages, Dialer, Contacts instead of Xiaomi’s own apps while the MIUI skin comes without any ads. With the Mi 10, Xiaomi will be testing the Indian industry for the response for phones that are not aligned with the brand’s typical strategy for the country.

Do you think Xiaomi will be able to survive against the competition from OnePlus, Samsung, and even Apple? Let us know in the comments below.

The post Xiaomi Mi 10 5G to now launch in India on May 8th appeared first on xda-developers.

from xda-developers https://ift.tt/3aWzpMF
via IFTTT

Microsoft Surface Pro X, Surface Pro 7 and Surface Laptop 3 now available in India

Back in October 2020, Microsoft refreshed its Surface hardware with three new devices in the form of the Surface Pro X, the Surface Pro 7, and the Surface Laptop 3. While all three Surface devices were only available in the U.S, the UK‌, and some European markets at the time being, the products have now finally arrived in India. The Surface Pro 7 made an appearance in an Amazon.in listing earlier this year, seemingly available for purchase. Microsoft has now made the official announcement, and for all three of these products.

Surface Pro 7

The Microsoft Surface Pro 7 is the update to Microsoft’s main 2-in-1 product line. It features a 12.3-inch display, 10th gen Intel processors, up to 16GB of RAM, and USB Type-C ports, and weighs just 775g. It also has the optional keyboard cover and Surface Pen.

In India, the Surface Pro 7 will be available in 2 colors: Black and Platinum. The Signature Type Cover, the Surface Arc Mouse, and Surface Slim Pen are also available in the country.

Surface Pro X

The Surface Pro X is essentially the ARM version of the Surface Pro 7. It has a 13-inch display with a 3:2 aspect ratio, weighs just 774g, has USB Type-C, fast charging, and LTE support. It’s powered by a custom variant of Qualcomm’s Snapdragon 8cx processor and is capable of dual 4K video output via USB Type-C.

In India, the Surface Pro X will be available in Matte Black color variant only.

Surface Laptop 3

The Surface Laptop comes in both 13.5″ and 15″ sizes in India. The 13.5-inch Surface Laptop 3 is powered by the 10th gen Intel Ice Lake processor, whereas the 15-inch model has two AMD Ryzen “Surface Edition” chips. The laptop features USB Type-C and USB Type-A ports, and dual far-field Studio Mics. There’s also a removable hard drive on board.

The Surface Laptop 3 will be available in India in Matte Black and Platinum color options for the 13.5″ model, and in Matte Black for the 15″ model. The 13.5″ model weighs just 1,288g and 1,265g for its Matte Black and Platinum colour variants respectively, while the 15″ weighs only 1,542g.

Pricing and Availability in India

The Microsoft Surface Pro X, Surface Pro 7 and Surface Laptop 3 are generally available via authorised retail and online partners such as Reliance Digital, Vijay Sales, Amazon, and Flipkart.

Sr. No.	Device Model and Configuration	Price and Purchase Link
1.	Surface Pro X – 8GB/128GB LTE	₹98,999
2.	Surface Pro 7 – i3/4/128	₹72,999
	Surface Pro 7 – i5/8/128	₹88,999
	Surface Pro 7 – i5 /8/256	₹116,999
	Surface Pro 7 – i7/16/256	₹141,999
3.	Surface Laptop 3 – 13.5″	₹98,999
	Surface Laptop 3 – 15″	₹116,999

Keep in mind that while the devices are now officially available, local regulations may pose a roadblock in your purchase. India currently is divided into color-coded zones in light of the COVID-19 pandemic, and hence, actual product availability at your local level may differ.

The post Microsoft Surface Pro X, Surface Pro 7 and Surface Laptop 3 now available in India appeared first on xda-developers.

from xda-developers https://ift.tt/3bWWosp
via IFTTT

DisplayPort Alt Mode 2.0 will allow 16K video output over USB 4 Type-C ports

The Video Electronics Standards Association (VESA) recently released version 2.0 of the DisplayPort Alternate Mode (Alt Mode) standard which enables up to 16K video output over USB 4 Type-C ports. As a report from AnandTech explains, the new standard remaps USB Type-C‘s high-speed data pins to unlock more bandwidth for videos, resulting in a maximum raw bandwidth of up to 80Gbps. This is accomplished by reconfiguring a 4 lane USB 4 connection into a 2 or 4 lane DisplayPort connection and driving DisplayPort signals over high-speed lanes which would otherwise be carrying USB 4 signals.

In a statement regarding the new standard, Craig Wiley, senior director of marketing at Parade Technologies, VESA board member, and DisplayPort Alt Mode sub-group leader, was quoted saying, “VESA’s updated DisplayPort Alt Mode spec includes a number of under-the-hood developments — including updates to interface discovery and configuration as well as power management — to ensure seamless integration with the USB 4 specification…This major undertaking, which was several years in the making, could only be made possible through the combined efforts of VESA and the USB-IF. Through our latest collaboration with the USB-IF, VESA is now taking care of everything related to high-performance displays over USB-C, whether through a native DisplayPort or USB-C connector, or through tunneling of DisplayPort over the native USB 4 interface.”

For the unaware, USB 4 relies on a 2-up/2-down configuration to form a bidirectional connection. Since video signals don’t need to go both ways, DisplayPort Alt Mode 2.0 can take over all four lanes. In essence, this means that a DisplayPort Alt Mode 2.0 connection will be as capable as a regular DisplayPort 2.0 connection as far as connectivity and bandwidth are concerned.

Additionally, the new standard doesn’t require users to have a USB 4 controller on either end of the cable, which means that you’ll be able to use your existing monitors with DisplayPort hardware without upgrading to a USB 4 supported monitor. For a more detailed explanation of all that the new standard entails, you can check out AnandTech’s coverage from the link below.

---

Via: AnandTech, The Verge

Source: VESA

The post DisplayPort Alt Mode 2.0 will allow 16K video output over USB 4 Type-C ports appeared first on xda-developers.

from xda-developers https://ift.tt/2SAhqW3
via IFTTT