Redmi 9A and Redmi 9C launch with big batteries, notched displays, and new MediaTek processors

Taiwanese chipmaker MediaTek just unveiled the new Helio G25 and Helio G35 chipsets for budget gaming smartphones. The new octa-core chipsets are manufactured on a 12nm fabrication process and feature 8x ARM Cortex-A53 CPU cores clocked at 2.0GHz and 2.3GHz, respectively. The chipsets are making a debut with Xiaomi’s new Redmi 9A and Redmi 9C, which have now been unveiled in Malaysia.

Xiaomi Redmi 9A and Redmi 9C: Specifications

Specifications	Redmi 9A	Redmi 9C
Dimensions & Weight	164.9 x 77.07 x 9.0 mm 194g	164.9 x 77.07 x 9.0 mm 196g
Display	6.53″ LCD HD+, 1600 x 720 pixels	6.53″ LCD HD+, 1600 x 720 pixels
SoC	MediaTek Helio G25	MediaTek Helio G35
RAM	2GB LPDDR4x 3GB LPDDR4x	2GB LPDDR4x 3GB LPDDR4x 4GB LPDDR4x
Storage	32GB eMMC 5.1	32GB eMMC5.1 64GB eMMC5.1
Battery & Charging	5,000 mAh 10W wired fast charging	5,000 mAh 10W wired fast charging
Rear Camera	13MP, f/2.2	Primary: 13MP, f/2.2 Secondary: 2MP, macro, f/2.4 Tertiary: 2MP depth sensor, f/2.4
Front Camera	5MP, f/2.2	5MP, f/2.2
Other Features	Micro USB 3.5mm headphone jack	Rear-mounted fingerprint sensor Micro USB 3.5mm headphone jack
Colors	Granite Gray Peacock Green Sky Blue	Midnight Gray Sunrise Orange Twilight Blue

---

As seen in previous leaks, the latest devices in the Xiaomi Redmi 9 series feature large 5,000mAh batteries, notched displays, and MediaTek’s new chipsets. The new Redmi 9A features a design reminiscent of older devices in the series and is powered by the MediaTek G25 chip. The device features a 6.53-inch HD+ display (1600×720 pixels) with a waterdrop style notch, up to 3GB of LPDDR4x RAM, and 32GB of eMMC 5.1 storage.

In the camera department, the device packs in a single 13MP f/2.2 camera on the back and a 5MP f/2.2 selfie shooter over on the front. As mentioned earlier, the device features a massive 5,000mAh battery that includes support for 10W fast charging using the included charging brick. In terms of ports, the device includes a micro USB port for charging and data syncing, along with a 3.5mm headphone jack. The device doesn’t include a fingerprint sensor, but it does support face unlock using the selfie camera.

The Redmi 9C, on the other hand, features a slightly different design with a square camera module on the back, instead of the vertically oriented camera module found on the Redmi 9A, and it’s powered by the MediaTek Helio G35 chip. The device includes the same 6.53-inch HD+ display (1600×720 pixels) with a waterdrop style notch, up to 4GB of LPDDR4x RAM, and up to 64GB of eMMC 5.1 storage.

In the camera department, the device features a triple camera setup on the back with a 13MP f/2.2 primary camera, a 2MP f/2.4 macro camera, and a 2MP depth sensor. Over on the front, the device features the same 5MP f/2.2 selfie shooter. Much like the Redmi 9A, the Redmi 9C features a 5,000mAh battery with support for 10W fast charging using the included charger. In terms of ports, the device features a micro USB port for charging and data syncing, along with a 3.5mm headphone jack. Unlike the Redmi 9A, the Redmi 9C does include a capacitive fingerprint scanner on the back panel.

Pricing and Availability

The Redmi 9A has been launched in Malaysia at a price of RM359 (~$84) for the 2GB+32GB variant. The device comes in three color variants — Granite Gray, Peacock Green, and Sky Blue — and will be available for purchase on Lazada and Shopee starting from July 7th. The device will also be available at all authorized Mi stores in Malaysia starting from 14th July. As of now, the company hasn’t released any information about the pricing and availability for the 3GB+32GB variant, except for the fact that it will be available in Indonesia.

The 2GB+32GB variant of the Redmi 9C has been priced at RM429 (~$100) and it also comes in three color variants — Midnight Gray, Sunrise Orange, and Twilight Blue. The device will be available for purchase towards the end of July in Malaysia and, much like the Redmi 9A, the higher-end 4GB+64GB variant of the device will be launched in Indonesia.

---

Source: Xiaomi Malaysia Facebook (1,2)

The post Redmi 9A and Redmi 9C launch with big batteries, notched displays, and new MediaTek processors appeared first on xda-developers.

from xda-developers https://ift.tt/3iflV3K
via IFTTT

SafetyNet’s dreaded hardware attestation is rolling out, making it much harder for Magisk to hide root

Back in March, a few users with Magisk installed noticed that their devices were failing SafetyNet attestation. This news was troubling to the community at XDA because it means that many crucial banking/financial apps and popular games like Pokémon Go and Fate/Grand Order were refusing to run on rooted devices. For some time, it seemed as if the tightened restrictions in SafetyNet were pulled back, only to roll out again for a handful of users in the last few weeks. However, Google quietly confirmed in early May that they testing hardware-backed attestation for SafetyNet responses, which is what made Magisk unable to hide the bootloader unlocking status back in March. If this change widely rolls out, it will mean that users will have to choose between having access to root/custom ROMs/kernels/etc. or their preferred banking apps and games. One of the biggest appeals of Android for power users could soon be gone.

To recap this series of events, we should first talk about SafetyNet itself. SafetyNet is a set of APIs in Google Play Services. The SafetyNet Attestation API is one of those APIs, and it can be called by third-party applications to check if the software environment of the device has been tampered with in any way. The API checks for various things like signs of superuser binaries, the bootloader unlock status, and more. When you root a device with Magisk, it “[creates] an isolated ‘safe environment’ for the [SafetyNet] detection process, and it goes through Google’s API to create a legit SafetyNet result that does not reflect the real status of the device,” per XDA Senior Recognized Developer topjohnwu. This allows the user to root their phone while ensuring that the API always returns “false” for any bootloader unlocking checks. This method of bypassing SafetyNet’s bootloader unlocking detection has been working out for Magisk for the last few years, but that’s only because Google has held off on verifying the integrity of the boot image using hardware attestation. In March, it seemed like Google was finally starting to employ hardware attestation in SafetyNet to verify the boot image, but we never got an official statement from Google confirming the change and only a few users were affected. As spotted by XDA Senior Member Displax, however, Google confirmed on May 5, 2020, that SafetyNet Attestation API responses from some devices now include hardware-backed checks.

On the Google Group for “SafetyNet API Clients,” Google detailed a new feature for the Attestation API: evaluationType. The JSON Web Signature (JWS) response from some devices will have a field named “evaluationType” that “will provide developers with insight into the types of signals/measurements that have contributed to each individual SafetyNet Attestation API response.” One of the supported tokens in this field is “HARDWARE_BACKED” which indicates that the API “[used] the available hardware-backed security features of the remote device (e.g. hardware-backed key attestation) to influence [its] evaluation.” Google says that they are “currently evaluating and adjusting the eligibility criteria for devices where we will rely on hardware-backed security features.” What this means is that, on some devices, Google Play Services is now using hardware-backed attestation to detect that the device’s software hasn’t been tampered with. Google has not officially documented this change outside of the announcement in the Google Group, so some developers that use SafetyNet may not be aware of this change (and thus aren’t yet checking for the “HARDWARE_BACKED” field in JWS responses.) However, for those apps that are checking for this field, there’s now no way to hide root access from them, provided your device is part of the test that Google is running.

According to topjohnwu, hardware-backed attestation means that Google Play Services now “[sends] an unmodified keystore certificate to SafetyNet servers, [verifies] its legitimacy, and [checks] certificate extension data to know whether your device [has] verified boot enabled (bootloader status).” Since the private keys from which the keystore certificates are derived from are backed by the phone’s isolated secure environment, retrieving them would involve defeating the security of the phone’s Trusted Execution Environment (TEE) or dedicated hardware security module (HSM). If one were somehow able to leak a private key, the keys would quickly be revoked once Google found out. Google and other companies offer hundreds of thousands of dollars in rewards for any critical security vulnerabilities in TEEs, so it’s incredibly unlikely for this to be a potential avenue to bypass bootloader unlocking detection anyways.

Another potential way that Magisk could continue to spoof the bootloader unlocking status is by modifying SafetyNet’s client-side code to always use the BASIC evaluation. As topjohnwu notes, though, this would require injecting custom code into Google Play Services via a hooking framework like the Xposed Framework. This is not only difficult to do because Google Play Services is highly obfuscated but it’s also impossible to hide as “some memory space analysis will reveal code manipulation very easily.” Furthermore, this would also only work if Google’s servers continue to accept BASIC evaluations and if HARDWARE_BACKED evaluations are not enforced on devices that support them. (SafetyNet responses “[come] from Google servers and are signed with Google’s private key,” according to topjohnwu, so the actual responses can’t be spoofed.)

Since Android 7 Nougat, Google has required that all devices have an isolated secure environment, meaning this change to how SafetyNet verifies bootloader unlocking will affect most devices that are out there. Since older devices without an isolated secure environment obviously can’t perform hardware-backed attestation, Magisk will still be able to hide root access on those devices. But if this change rolls out widely, everyone else will have to make a hard choice between root access and banking apps.

Unfortunately, there are probably a lot of apps out there that use SafetyNet checks when they don’t actually need to. One example cited by topjohnwu is the official McDonald’s app, which seemingly refuses to run on a bootloader unlocked device. On Twitter, topjohnwu calls out apps that overuse the API as creating a hostile environment for power users. XDA Recognized Developer Quinny899 joins in with an anecdote about how his team considered using SafetyNet to check the device security status. They ultimately decided not to go through with it since his team’s app encrypts all the sensitive data it works with. SafetyNet, he argues, should not be used in lieu of proper security and data handling practices, especially when considering the possibility of superuser exploits.

I advocate @AndroidDev to restrict hardware-backed SafetyNet evaluation to “real” security sensitive apps. Developers should go through an application process to qualify this level of API access. It is ridiculous for McDonalds to refuse to run on a bootloader unlocked device.

— John Wu (@topjohnwu) June 29, 2020

For more information on how the new SafetyNet change affects Magisk, check out topjohnwu’s excellent FAQ on Twitter. If you just want to check if your device is part of Google’s new SafetyNet test, then you can follow this guide by XDA Senior Member Displax.

The post SafetyNet’s dreaded hardware attestation is rolling out, making it much harder for Magisk to hide root appeared first on xda-developers.

from xda-developers https://ift.tt/3dRmkpG
via IFTTT

MediaTek Helio G35 and G25 chipsets unveiled for gaming on a budget

Adding on to its list of gaming-focused Helio G series chipsets, Taiwanese chipmaker MediaTek has now unveiled the budget-friendly Helio G35 and Helio G25. The new budget chips come just a month after the company unveiled the mid-range Helio G85, which is an octa-core processor that’s built on a 12nm process. Much like the Helio G85, both the Helio G25 and Helio G35 are fabricated on a 12nm manufacturing process.

Out of the two new chips, the entry-level MediaTek Helio G25 features 8x ARM Cortex A-53 CPU cores clocked at 2.0GHz and an Imagination PowerVR GE8320 GPU clocked at up to 650MHz. The G25 is capable of running displays at 1600×720 resolution at 60Hz. On the other hand, the MediaTek Helio G35 features 8x ARM Cortex A-53 CPU cores clocked at 2.3GHz, and an Imagination PowerVR GE8320 GPU clocked at up to 680MHz. The G35 is capable of running displays at 2400×1080 resolution at 60Hz.

In the camera department, the Helio G25 supports dual 13MP+8MP cameras or a single 21MP camera with Zero Shutter Lag, while the G35 supports dual 13MP+13MP cameras or a single 25MP camera with Zero Shutter Lag. Both the Helio G25 and Helio G35 support MediaTek’s HyperEngine technology, which boasts of dynamic allocation of CPU, GPU, and memory while factoring in power, thermal, and gameplay requirements, to offer smooth gaming performance on budget devices, enhance power efficiency and facilitate low-latency connections. The new chipsets support up to 6GB LPDDR4x RAM at 1600MHz frequency, eMMC 5.1 storage, Dual 4G VoLTE, LTE Cat. 7 DL/Cat.13 UL, Wi-Fi 5 (b/g/n/ac), and Bluetooth 5.0.

---

Source: MediaTek

The post MediaTek Helio G35 and G25 chipsets unveiled for gaming on a budget appeared first on xda-developers.

from xda-developers https://ift.tt/2ZlkcBc
via IFTTT

DiscoverKiller is an Xposed Module that replaces the Google Discover feed with whatever you want

The default launcher app on Google’s Pixel lineup and many other smartphones running close-to-stock versions of Android offers a handy integration with Google Discover. As the successor to Google Feed, Discover’s launcher integration allows users to swipe to the left of their default home screen and conveniently access the latest news stories, video recommendations, and more. This feature has been adopted by notable skinned versions of Android as well, such as ASUS’ ZenUI, Xiaomi’s MIUI, and OnePlus’ OxygenOS. However, some users have lashed out at Google for showing clickbaity content in Discover while also showing advertisements in feeds.

XDA Recognized Developer Quinny899 has now come up with an interesting mod to “replace the Google Discover page of your home screen with whatever you want”. Dubbed as DiscoverKiller, the mod is presented in the form of an Xposed module. When enabled, the module can seamlessly substitute the Discover page with the Google Assistant ‘Updates’ screen or virtually any other third-party app, depending on how you customize it.

The Discover section is powered by the Google app, thus the module directly hooks into it instead of the launcher. This design allows DiscoverKiller to be compatible with any third-party launcher capable of showing the Google Discover feed without additional configurations. The module also offers a swipe-right-to-close option in case you choose to display the ‘Updates’ screen in place of the Discover page.

As a mandatory prerequisite for using this module, you need to install EdXposed with Riru Core after rooting your device using Magisk. Note that the initial version of DiscoverKiller is not verified by TaiChi. You can download the precompiled APK of the module from its XDA thread (linked below), while the source code is available on the developer’s GitHub profile.

DiscoverKiller Xposed Module — XDA Download and Discussion Thread

The post DiscoverKiller is an Xposed Module that replaces the Google Discover feed with whatever you want appeared first on xda-developers.

from xda-developers https://ift.tt/2ZnVeRJ
via IFTTT

Windows File Recovery is a new tool from Microsoft that may help you restore deleted files

Nothing is as frustrating as losing valuable information from your hard drive which can happen due to human error or hardware failure. There may still be a chance to recover some of those files, though, since a lot of file deletions involve deleting the file index until that block of storage is overwritten. Just a simple “delete” command in Windows, for example, is not enough to irrevocably make files unrecoverable. To do that, you need to securely wipe the drive by either writing a bunch of zeroes or other data to it over several iterations or physically destroy the drive. The point is is that if you’ve accidentally lost some of your valuable files, there is still a chance you can restore them. Microsoft just made that slightly easier to do with the release of the Windows File Recovery tool.

Windows File Recovery is available as a free app in Microsoft Store. Though, it’s not an app in the common sense of the term since it’s a command-line tool. Although it uses a CLI interface, it is still very newbie-friendly. After launching the tool, you have options to target files you want to recover by name, paths, or extensions. Microsoft says Windows File Recovery can recover data not only from the hard drive installed on your computer but from external storage, too. This means you can use the tool on USB drives, memory cards, external SSDs, and other storage devices, though Microsoft recommends using Signature Mode for recovering files from external storage. There are also Default and Segment modes for recovering files from NTFS-formatted drives. As of now, the tool supports drives formatted in NTFS, FAT, exFAT, and ReFS file systems and various file extensions such as PNGs, PDFs, MP3 and MP4s, and many more.

You can find more information about how to use the tool, what it’ll work on, and what files it can recover from Microsoft’s support page. You can download Windows File Recovery for free from the Microsoft Store linked below. Just make sure that you’re running Windows 10 2004 or later to install the app.

Windows File Recovery (Free, Microsoft Store) →

---

Via: Neowin

The post Windows File Recovery is a new tool from Microsoft that may help you restore deleted files appeared first on xda-developers.

from xda-developers https://ift.tt/38cbJUQ
via IFTTT

Google Chrome’s media controls can soon be popped out into a floating overlay

Google has been working on revamped media controls for Chrome for a while now, and they recently went live in the Stable version earlier this year. The global media controls allow you to manage whatever media is playing right from the toolbar instead of navigating away from your current tab to the tab/window that’s playing the media. Soon, it looks like those media controls will get even handier.

Recently, a feature request for the global media controls was picked up and added to the Chromium code. The request simply states: “Add ability to drag a notification out of the dialog.” This would make it possible to detach the controls from the toolbar and put them anywhere on the screen. The request goes on to explain: “We want the user to be able to click and drag a notification out of the media dialog and into an always-on-top overlay.”

Credits: Chrome Story

The second part of the description is key as it will allow the controls to stay on top. This is important because otherwise, you would have to keep opening the global media controls every time you wanted to control media playback since the controls lose focus when you click away right now. The code for this feature has already been added to Chrome, and there will be a flag that will soon be able to enable this feature on the Canary channel. The flag can be found at chrome://flags/#global-media-controls. 

If you’re someone that keeps a lot of tabs open (which most of us probably are), Chrome’s media controls are a real time saver. Having the shortcut in the toolbar means you never have to worry about which tab is playing media. Putting the controls in a floating window saves you from that extra click. Is it a huge deal? Maybe not, but it’s a nice option. We look forward to seeing the feature rollout.

---

Source 1: Chromium Gerrit | Source 2: Bug Tracker | Via: Chrome Story

The post Google Chrome’s media controls can soon be popped out into a floating overlay appeared first on xda-developers.

from xda-developers https://ift.tt/2ZjpPjf
via IFTTT

Breaking: India bans 59 Chinese apps including TikTok, Mi Community, and Clash of Kings

The Government of India’s Ministry of Electronics and IT has just issued a press release announcing the ban of 59 apps that are “prejudicial to [the] sovereignty and integrity of India, defence of India, security of state and public order.” The list of banned apps includes TikTok among others. As of today, here is the list of 59 Chinese apps that will be banned in India:

List of 59 Chinese-made apps now banned in India

1. TikTok
2. Shareit
3. Kwai
4. UC Browser
5. Baidu map
6. Shein
7. Clash of Kings
8. DU battery saver
9. Helo
10. Likee
11. YouCam makeup
12. Mi Community
13. CM Browers
14. Virus Cleaner
15. APUS Browser
16. ROMWE
17. Club Factory
18. Newsdog
19. Beutry Plus
20. WeChat
21. UC News
22. QQ Mail
23. Weibo
24. Xender
25. QQ Music
26. QQ Newsfeed
27. Bigo Live
28. SelfieCity
29. Mail Master
30. Parallel Space
31. Mi Video Call – Xiaomi
32. WeSync
33. ES File Explorer
34. Viva Video – QU Video Inc
35. Meitu
36. Vigo Video
37. New Video Status
38. DU Recorder
39. Vault- Hide
40. Cache Cleaner DU App studio
41. DU Cleaner
42. DU Browser
43. Hago Play With New Friends
44. Cam Scanner
45. Clean Master – Cheetah Mobile
46. Wonder Camera
47. Photo Wonder
48. QQ Player
49. We Meet
50. Sweet Selfie
51. Baidu Translate
52. Vmate
53. QQ International
54. QQ Security Center
55. QQ Launcher
56. U Video
57. V fly Status Video
58. Mobile Legends
59. DU Privacy

Many notable apps are on this list. First of all, there’s TikTok, the video-sharing social media platform that has seen a surge in popularity since the beginning of the coronavirus pandemic. Then there are multiple apps from Xiaomi, including Mi Community and Mi Video Call. Popular utility apps like Parallel Space, Xender, Shareit, and Cam Scanner are also mentioned. China’s Twitter alternative, Weibo, will also be banned. The incredibly popular “Clash of Kings” mobile game will also be banned in India. We’ve seen controversies arise around several of these applications in the past, most notably TikTok, Cam Scanner, and all the DU mobile apps, but to see a targeted ban like this from a major government is something we never quite expected.

The Government of India “has decided to disallow the usage of [these apps], used in both mobile and non-mobile Internet enabled devices.” This means that Indian users will not be able to access these apps and services through either the mobile app or through a website sometime after today, though it’s unclear if the government will force app stores to delist these apps on mobile app stores on top of blocking these services on an ISP-level.

India is citing section 69A of the Information Technology Act in its decision to ban these 59 mobile apps. Section 69A of the IT Act reads as follows:

69A. Power to issue directions for blocking for public access of any information through any computer resource.–

1. Where the Central Government or any of its officers specially authorised by it in this behalf is satisfied that it is necessary or expedient so to do, in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the Government or intermediary to block for access by the public or cause to be blocked for access by the public any information generated, transmitted, received, stored or hosted in any computer resource.

2. The procedure and safeguards subject to which such blocking for access by the public may be carried out, shall be such as may be prescribed.

3. The intermediary who fails to comply with the direction issued under sub-section (1) shall be punished with an imprisonment for a term which may extend to seven years and also be liable to fine.

The Ministry of Electronics and IT notes “raging concerns on aspects relating to data security and safeguarding the privacy of 130 crore Indians” as a contributing factor in its decision. The ministry “has received many complaints from various sources including several reports about misuse of some mobile apps available on Android and iOS platforms for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India.” Because of “the compilation of [this] data, its mining and profiling by elements hostile to national security and defence of India,” the Ministry of Electronics and IT considers this matter “of very deep and immediate concern which requires emergency measures.” Tensions between India and China have been escalating this month over border disputes which led to a major Chinese smartphone maker canceling its live online product launch and spurring consumers to voluntarily boycott Chinese-made apps and products. Today’s announcement is the latest escalation that has spilled over into the realm of smartphone technology.

We will keep an eye out on this news to see if the ban list is expanded, shrunk, or dismissed entirely in the coming days.

The post Breaking: India bans 59 Chinese apps including TikTok, Mi Community, and Clash of Kings appeared first on xda-developers.

from xda-developers https://ift.tt/2ZlBb6d
via IFTTT