Open source YouTube client “NewPipe” adds Android TV support and a YouTube Music parser

The open-source YouTube client on Android — NewPipe — is a great alternative to the YouTube app for those of you who don’t have Google Play Services on your phone. The client doesn’t use YouTube APIs and simply parses the YouTube website to extract data and play the videos you want, without any restrictions or ads. Due to the way NewPipe works, it also circumvents any limitations that Google might add to the YouTube app. For instance, YouTube recently restricted the quality of videos on smartphones to 480p in India following the nationwide lockdown imposed in the country in response to the COVID-19 outbreak. But users could easily overcome this restriction by using NewPipe instead.

Now, in a bid to make the client even more useful for users, the developers behind NewPipe are rolling out a major update that brings support for Android TV, adds a YouTube Music parser, and more. According to a recent blog post from the developers, NewPipe version 0.19.3 is now rolling out to users and it brings the following noteworthy changes:

Android TV support

While you could already run previous versions of NewPipe on an Android TV, the client didn’t officially support the platform. Due to this, the client had some issues that made it practically unusable. With the latest update, the developers have addressed all such issues and you can now use NewPipe on your Android TV without facing any annoying bugs.

Following the update, you’ll be able to scroll through long video descriptions, focus on any element on the screen, use the native keyboard instead of an on-screen one, seek videos however you like, and face no annoying ripple effects. To try out NewPipe on your Android TV, you can download the APK from the GitHub link below and sideload it on your TV.

YouTube Music parser

With the latest update, NewPipe also gets the ability to natively parse the YouTube Music library and allow users to easily search for music. To search for YouTube Music content on the client, you can tap on the filter button in the search UI and select either Songs, Videos, Albums, or Playlists to see search results from YouTube Music.

Along with the aforementioned changes, NewPipe v0.19.3 also brings a ton of improvements and bug fixes to the client. Here’s the complete changelog for the latest update:

• New
  • Search on YouTube Music
  • Basic Android TV support
• Improved
  • Improved checking for new version
  • Avoid unnecessary changes to the upload date of saved streams
  • Save and restore playback parameters into/from preferences
  • Show message when content isn’t supported yet instead of crashing
  • Improved size handling of the drawer header title
  • Improved popup player resize with pinch gestures
  • Enqueue streams on long press on background and popup buttons in channel
  • Added the ability to remove all watched videos from a local playlist
• Fixed
  • Fixed visibility of group sort button in the subscriptions fragment
  • Fixed detection of network related exceptions
  • Fixed age restricted content setting not working
  • Fixed certain kinds of reCAPTCHAs
  • Fixed crash when opening bookmarks while playlist is null
  • Fixed escaping in JSON created by the crash reported by using nanojson instead of org.json
• Development
  • Added Checkstyle to build scripts & code style improvements
  • Fixed F-Droid build by ensuring the debug apk file name is used only in debug builds
  • Force UTF-8 encoding for Gradle

Download NewPipe (v0.19.3) from GitHub

---

Source: NewPipe blog

The post Open source YouTube client “NewPipe” adds Android TV support and a YouTube Music parser appeared first on xda-developers.

from xda-developers https://ift.tt/35w9HO4
via IFTTT

This is likely the Lenovo Legion gaming smartphone with a 144Hz display, 90W charging, and side pop-up camera

Lenovo’s self-branded smartphones may not be nearly as popular as the company’s Motorola-branded devices, but the brand still has fans in Asian countries like India and China. In an effort to capitalize on the company’s existing popularity with gamers, Lenovo is preparing to launch its first-ever Android gaming smartphone under its Legion Gaming brand. The Lenovo Legion gaming phone has been on our radar for over 4 months now, but we’re now ready to share all of the details we’ve uncovered about the device. Thanks to a trusted source, we have obtained multiple unreleased teaser videos that showcase the likely design of the upcoming Legion gaming phone, and we also have a detailed set of specifications to go along with these teasers.

In late December of 2019, Lenovo created a new account called “Legion Gaming Phone” on Chinese social media platform Weibo. Over a month and a half later, Lenovo officially teased the first smartphone under its Legion gaming brand. The company uploaded a poster announcing that this upcoming smartphone will be powered by the Snapdragon 865, Qualcomm’s highest-end SoC for mobile devices. Next, on March 3rd, Chen Jin, General Manager of Lenovo China Mobile, teased that the Legion gaming smartphone will feature a “disruptive new architecture” in order to solve two pain points faced by mobile gamers: different surface temperatures on the left and right sides and reduced charging speeds when gaming. The teasers slowed down for a few weeks as much of the world went into lockdown due to COVID-19.

Early last month, Lenovo ramped up its marketing for the device by uploading a poster that teases 90W fast wired charging on the Legion gaming phone. There was a lot of skepticism initially about whether the Legion phone actually charges at 90W, but Lenovo has since clarified that they aren’t playing a numbers game here. Furthermore, Lenovo’s 90W fast charging system will be “standard for all systems,” according to the company on Weibo, hinting that there will be more than one first-generation Legion smartphone model. More recently, Lenovo shared a render suggesting the Legion gaming phone has a notch-less display, and they also uploaded a video revealing that there will be a second USB Type-C port on the side so users can charge the phone while they hold the device horizontally.

Apart from official teasers, there have been a few noteworthy leaks of the Lenovo Legion gaming phone. First, back in March, an image of what seems to be Lenovo’s Legion gaming phone bundle was published by a blogger on Weibo. This bundle includes the phone itself but also a pair of gamepads, true wireless earbuds, and a protective case. We couldn’t really see the phone all that well in this leak, though. One week later, the technology blog of the Indian shopping website Pricebaba published images of what they believed to be the Lenovo Legion gaming phone. Those images were taken from the Chinese Patent Office, though we’re now certain that those images do not reflect the phone’s actual design.

In fact, here’s what the Lenovo Legion gaming phone will likely look like, based on screenshots we captured from multiple official marketing videos.

The two screenshots above are from a promotional video teasing the phone’s ultra-fast 90W wired charging. The floating light particles are from when a race car dissipates, revealing the Lenovo Legion as the “engine.” The streams of light following the phone in the second image end up entering the two USB Type-C charging ports: one on the bottom and another on the side. The caption “90W dual Type-C fast charge, 30 minutes to 100%” can be read at this time, confirming the phone will support this staggeringly fast charging speed. In a separate video, Lenovo reveals that the Legion gaming phone has a 5000mAh dual-cell battery design, which is what makes this ultra-fast charging speed possible. However, it isn’t clear from these videos whether or not you’ll reach the fastest 90W charging speed only when charging from the bottom USB-C port.

On the bottom of the device, you’ll find the SIM card tray alongside the primary USB-C charging and data port. On the top, there’s a microphone hole. I didn’t see a 3.5mm headphone jack anywhere on this device, which is disappointing considering the Lenovo Z6 Pro had one. The Y-shape area underneath the LED flash in the middle on the rear likely lights up for that “gamer aesthetic” that this phone is oozing. The dual rear cameras are located near the center of the device; the cameras are placed considerably lower on the body of the Lenovo Legion than they are on other smartphones, but this could be to retain the symmetrical appearance of the back cover. Speaking of which, the back cover looks like a smooth metal with a 3D texture, possibly either polycarbonate or aluminum. Near the middle-left (middle-top when viewing the phone horizontally), there’s the “LEGION” logo on top of a compartment that seemingly pops-up—but more on that later. The “LEGION” logo matches Lenovo’s official Legion Gaming logo, and the “Stylish Outside” and “Savage Inside” texts are part of Legion Gaming’s slogan.

In the separate video, Lenovo teases several other key features of the Legion gaming smartphone. First, the video shows visuals that demonstrate the phone’s “uEngine,” its symmetrical dual X-axis linear vibration motor. The video then goes on to tease the phone’s cooling and audio features, but the terms they use are heavy on marketing jargon, so they were difficult for us to translate. The video seems to say that the phone has a “3D cooling tower structure” with “dual heat pipe partitions” for “long-lasting cooling.” It also shows captions detailing the phone’s “positive stereo sound” from its “full symmetrical 65mm dual speakers”, “dual 0.6mm amp speaker system”, and “1.4cc large sound cavity.” The two speakers are located on the top and bottom bezel on the front.

What’s perhaps most interesting about this device, at least in my opinion, is how it deals with the placement of its front-facing camera. There’s no notch or hole-punch cutout on the display of the Lenovo Legion phone. Instead, there’s a pop-up camera…but it seems to be located on the side of the phone. Most other smartphones with pop-up cameras have them appear on top of the phone. Lenovo is going with a very unique approach here, and I’m not really sure how to react to this front-camera mechanism. It could turn out to be a really awful placement or it could end up being genuinely useful like the ASUS ZenFone 6‘s swivel camera.

Lastly, our source also provided us with a list of some of the specifications for the device. We don’t know everything yet, but we do know enough to say the Lenovo Legion gaming phone is packing top-tier hardware. First of all, the phone’s model name is L79031 and its code-name is “moba,” which likely refers to the multiplayer online battle arena video game genre. The first-generation Legion is powered by the Qualcomm Snapdragon 865 and will have UFS 3.0 internal storage and LPDDR5 RAM. We don’t know the exact storage or RAM capacities. Next, the Legion should have a 144Hz refresh rate flat display (though we don’t know if it’s LCD or OLED) at FHD+ resolution (2340×1080) and with a 270Hz touch sampling rate. The phone runs Android 10 with Lenovo’s ZUI 12 customizations on top, which Lenovo will likely market as “Legion OS” for this device. Lastly, the phone has dual rear cameras (64MP + 16MP wide-angle) and a single front-facing camera (20MP).

When I first saw these renders, I was skeptical about their accuracy. They seem a bit outlandish when it comes to smartphone design—maybe I’ve fallen victim to another one of Lenovo’s design tricks? Although I’m still not 100% convinced the actual Lenovo Legion will look like the phone in these renders, I am very sure that the videos I obtained are official marketing videos. Lenovo may be exaggerating a bit about the phone’s bezels—as some smartphone companies tend to do in their marketing renders—but the overall design shown here will likely reflect the actual phone’s design.

The post This is likely the Lenovo Legion gaming smartphone with a 144Hz display, 90W charging, and side pop-up camera appeared first on xda-developers.

from xda-developers https://ift.tt/3fgZppw
via IFTTT

Verizon’s OnePlus 8 can’t use cases made for T-Mobile and Unlocked models

After being announced in early April, the OnePlus 8 (review) went up for sale last week in the US. Verizon and T-Mobile are two of the places where you can purchase the phone, and we knew the models sold by these carriers were not the same. However, it turns out the two devices are even more different than we thought.

The Verizon OnePlus 8 is the only model in the series that supports mmWave 5G. This is what allows the device to support Verizon’s Ultrawide Band network. OnePlus had to place the mmWave antennas on the sides of the Verizon model, which meant moving the volume buttons slightly. You probably wouldn’t notice this if the different models were placed side by side, but it’s enough to make cases not fit correctly.

This issue was first spotted by Reddit user bud-ho. After purchasing several cases, they realized the volume button placement is different on the two OnePlus 8 models. As you can see in the image above, the volume buttons on the cases clearly do not line up. The case on the left is for the T-Mobile/unlocked variant and the case on the right (flipped for comparison sake) is for the Verizon variant.

OnePlus 8 Forums ||| OnePlus 8 Pro Forums

It’s unfortunate that users will have to be extra careful when buying a case for the OnePlus 8. If you own the T-Mobile/unlocked or Verizon models, make sure you take note of this when searching for a case. 5G has apparently brought back the days of carriers receiving different hardware for the same products.

---

Via: PhoneArena

The post Verizon’s OnePlus 8 can’t use cases made for T-Mobile and Unlocked models appeared first on xda-developers.

from xda-developers https://ift.tt/3ftToGe
via IFTTT

Huawei may launch a P30 Pro “New Edition” with Google apps onboard

This is probably not a secret to anyone reading this by now, but the United States government has been making Huawei’s smartphone business hurt. Because the U.S. Commerce Department placed Huawei and its subsidiaries on the country’s Entity List, U.S.-based companies can no longer export products to the Chinese technology giant. As it turns out, those export restrictions include software, so one of the immediate side effects of this trade ban is that many new Huawei and Honor smartphones cannot ship with Google Mobile Services (GMS) pre-installed, which includes the Google Play Store and Google Play Services. Both the Huawei Mate 30 series and the Huawei P40 series, Huawei’s late 2019 and early 2020 flagship devices, don’t ship with Google apps as a result. However, Huawei has found some clever ways around this trade ban, one of which involves tweaking an existing, already-certified model and then re-releasing it to the market. That’s exactly what appears to be happening now as the company seems to be preparing to launch the Huawei P30 Pro New Edition.

The evidence for this “New Edition” model comes from Huawei’s consumer page in Germany (via DigitalTrends), where we can see a mention of a Huawei P30 Pro “New Edition” in the terms of a promotion. Huawei previously launched a P30 Lite New Edition with Google Mobile Services onboard and that phone was pretty much just a rehashed Huawei P30 Lite. If we make an assumption based on that, then this P30 Pro New Edition should have few differences from the current P30 Pro. We don’t know what those differences will actually be, though, since the only piece of evidence pointing to its existence is this text.

Now, to understand why Huawei would re-launch the P30 Pro, you have to understand that although Huawei can’t get GMS certification for new phone models, the certifications are still valid for existing models. Thus, so long as the changes that Huawei makes to an existing model allow it to run the exact same software release that Google already certified, then Huawei can re-release and rebrand their existing phones as many times as they like. This is actually pretty flexible for them, too. So long as they don’t try to ship a new SoC, they can add a bunch of upgrades such as more RAM, more storage, and different cameras. They can even change up the color and finish of the device to make the design seem fresh.

While Huawei can release new phones with HMS and AppGallery in place of Google Play Services and the Google Play Store, it’s advantageous for them to release new phones with Google apps for as long as possible. A big part of the Android experience for international users is based on compatibility with Google apps, as a bunch of apps rely on Google Play Services to work properly and many app developers have yet to bring their apps to Huawei’s app ecosystem.

Based on what we’ve just stated, the Huawei P30 Pro New Edition will almost certainly have a HiSilicon Kirin 980 SoC since that’ll allow it to retain the original P30 Pro’s GMS certification. Huawei could include better cameras (which would be a feat considering how the P30 Pro already performs), more RAM, more storage, and maybe even an updated design. They’ll even likely be able to offer Android updates with Google Mobile Services intact as they managed to do with the existing P30 Pro. However, because they can’t upgrade the SoC, they won’t be able to offer new connectivity and camera features that the jump to the Kirin 990 would have provided. Back with the Huawei P30 Lite New Edition, we didn’t see a lot of changes, so preparing yourself for a surprise here probably isn’t wise.

Huawei P30 Pro Forums

The post Huawei may launch a P30 Pro “New Edition” with Google apps onboard appeared first on xda-developers.

from xda-developers https://ift.tt/3dkHWuF
via IFTTT

Samsung brings the May 2020 security update to the Galaxy S10, Galaxy Z Flip, and Galaxy A50

Google rolled out the May 2020 security patches today, but Samsung had already rolled out the patches for this month to the Galaxy S20, Galaxy Fold, and the Galaxy Note 10 lineup. The company has now added three more devices to that roster, as the foldable Galaxy Z Flip and the entire Galaxy S10 family are now receiving new updates with the May 2020 patches. The inclusion of the mid-range Samsung Galaxy A50, however, is even more interesting.

Galaxy Z Flip

First up, we have the Galaxy Z Flip, which is one of the few Samsung devices to ship with factory-installed One UI 2.1. The newest software version, F700FXXS1ATD9, is meant for the global variant of the foldable phone (model number SM-F700F) and brings no new features except an updated Android security patch level (SPL). The OTA is currently available in several European countries.

Galaxy Z Flip XDA Forums

Galaxy S10

The update for the Exynos-powered Galaxy S10 series is rolling out in the form of software version G97xFXXS5CTD1. As a matter of fact, the generic 5G variant (model number SM-G977B) of the Galaxy S10 has also received the May 2020 security patches via the G977BXXS4CTD1 build. Apart from bumping up the security patch level, Samsung has also incremented the bootloader version with this OTA – v5 (from v4) for the 4G models and v4 (from v3) for the 5G model – thus users can’t perform a manual downgrade after installing these builds.

XDA Forums: Galaxy S10e || Galaxy S10 || Galaxy S10 Plus

Galaxy A50

Lastly, we have the Galaxy A50, which received its Android 10 update back in March. Despite being a mid-range phone, the Galaxy A50 is guaranteed to receive monthly security updates, which means it should get the May 2020 patches before any other device in its price range. At the time of this report, the SM-A505FN variant is receiving the update (A505FNXXS4BTCA) across Europe.

Galaxy A50 XDA Forums

As always, the updates are rolling out in batches. Tools like Frija can be handy if you want to download the updated firmware packages right away from Samsung servers.

Thanks to XDA Senior Member marselcj for the screenshot!

The post Samsung brings the May 2020 security update to the Galaxy S10, Galaxy Z Flip, and Galaxy A50 appeared first on xda-developers.

from xda-developers https://ift.tt/3fikwI0
via IFTTT

Prototype Google Pixel 4 XL appears online in an unreleased gray color

Back in October, Google announced the Pixel 4 and Pixel 4 XL, their latest flagship Pixel smartphones with premium price tags. Google is selling the two phones in three different color options: Oh So Orange, Clearly White, and Just Black. Evidently, there may have been a fourth color option in development with a matte gray finish. Photos of a prototype Google Pixel 4 XL have just appeared on Chinese online shopping site Taobao, potentially giving us our first look at this unreleased color option.

Google Pixel 4 Forums ||| Google Pixel 4 XL Forums

Earlier today, Twitter user akes29 shared a photo of a Pixel 4 XL in a gray color we’ve never seen before. In a DM, he revealed that he spotted this photo on Taobao. The listing offers a Pixel 4 XL “engineering machine” with 6GB of RAM and 64GB of internal storage for 2699 Yuan, or approximately $382, which is strangely considerably cheaper than a brand new Pixel 4 XL sold in the U.S. (as of today, for $600). From the images that were shared in the listing, we can’t be 100% sure that the seller hasn’t swapped the rear cover of the device—do note, however, that this phone isn’t easy to take apart and put back together, according to repair website iFixit. Furthermore, there doesn’t appear to be any signs of damage on the phone or image manipulation, so it’s likely that the phone indeed came with a gray-colored glass back cover, as the seller claims. We are fairly certain this device is indeed the Pixel 4 XL since we’ve positively identified the IMEI using an online database, and, of course, there’s the fact that this just looks like the Pixel 4 XL. Take a look for yourself:

Other nuggets of information that we can glean from the rear include the code-name, C2, the intended carrier, Verizon, and the kind of prototype device we’re looking at, an Engineering Validation Test (EVT). In code, Google often refers to the Pixel 4 XL and Pixel 4 as “C2F2” which stands for “coral” and “flame” respectively. Interestingly, the sticker at the bottom says that “this device has not been authorized as required by the rules of the Federal Communications Commission and Industry Canada, nor has it been tested for compliance with EU regulations. This device may not be sold or leased. For internal testing and development only. Markings and packaging are not final.” It’s possible that this design was never intended for release and was only produced to get the device into the hands of testers as soon as possible.

Here are more images of the prototype Pixel 4 XL shared in the Taobao listing:

We can see that the phone runs Android 10, which isn’t surprising since Android 11 is still in developer preview stage. Another sticker can be seen on the front that says “do not remove unless authorized by hwpasafety.” This sticker seems to cover up the face unlock dot projector, face unlock flood illuminator, and one of the face unlock IR cameras.

Early leaks of the Pixel 4 XL appeared in China before the phone’s official launch, so we’re not surprised that there are still prototype devices floating around in Chinese markets. We may never find out the true story behind this prototype model, but that’s usually the case when it comes to pre-production units.

The post Prototype Google Pixel 4 XL appears online in an unreleased gray color appeared first on xda-developers.

from xda-developers https://ift.tt/3aZRN7D
via IFTTT

[Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19

Update 5 (5/4/2020 @ 3:25 PM EST): Apple and Google have shared some screenshots of the Exposure Notification API and announce that location tracking will be prohibited.

Update 4 (4/29/2020 @ 2:30 PM EST): Apple and Google have released a beta version of their Exposure Notification API for public health agencies.

Update 3 (4/24/2020 @ 3:15 PM EST): Apple and Google are renaming the Contact Tracing API to “Exposure Notification,” adds more privacy protections.

Update 2 (4/24/2020 @ 11:30 AM EST): Apple and Google’s contact tracing API will go live next week and will include most Huawei devices.

Update 1 (4/13/2020 @ 5:51 PM EST): During a conference call with reporters, Google and Apple clarified some more details about how Contact Tracing will be rolled out for users.

Due to the ongoing threat posed by SARS-CoV-2, Google and Apple have teamed up to announce a new API and Bluetooth Low Energy specification called “Contact Tracing.” The idea behind contact tracing is to inform users if they’ve recently been in contact with someone who has been positively diagnosed with COVID-19. South Korea and Taiwan have successfully “flattened the curve,” as in they’ve limited the number of new cases to fall below the capacity of their healthcare systems, by implementing widespread testing and contact tracing. According to the Associated Press, several countries in Europe including the Czech Republic, the U.K., Germany, and Italy are developing their own contact tracing tools. Apple and Google hope to empower nations and medical organizations around the world with the ability to trace the spread of the novel coronavirus, but the two companies also recognize the potential privacy concerns with this pandemic containment method. That’s why the two companies have created the new API and Bluetooth spec “with user privacy and security central to the design.”

Google and Apple published blog posts and documents that outline their goals to roll out a new API and Bluetooth LE service. Due to urgent need, both companies are tackling this problem in two stages. First, in May, both companies will release an API that “[enables] interoperability between Android and iOS devices using apps from public health authorities.” These apps will be made available for users to download on the Google Play Store and Apple App Store. On Android, the API will likely become available for apps through an update to Google Play Services. Second, in the next few months, both Google and Apple will add support for a new Bluetooth Low Energy service into Android and iOS. For iOS, this new BLE service will likely come via an OS update, while for Android, this service will likely be added as part of another update to Google Play Services. Google says that adding a Bluetooth LE Contact Tracing service “is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities.”

Once an app integrates the new API or the BLE specification has been integrated, Android and iOS users can receive notifications if they’ve recently been in contact with someone who has been diagnosed with COVID-19. Notably, the BLE solution will not require the user to have an application installed (presumably they just need Google Play Services), but if they choose to install one of the official apps, then the app can inform them on the next steps to take after they receive a notification. This will allow users to decide if they need to self-quarantine for 14 days or to seek testing and further medical intervention. Here is an example flow of what Google and Apple envision will be possible with this new Bluetooth LE service:

An overview of COVID-19 contact tracing using Bluetooth Low Energy. Source: Google/Apple.

Here is what Google says about how they designed the new Android Contact Tracing API to protect user privacy and security:

• Apps calling the API via the startContactTracing method are required to get user consent to start contact tracing. If this is the first time the API is being invoked, the user will be shown a dialog asking for permission to start tracing.
• In order to be whitelisted to use this API, apps “will be required to timestamp and cryptographically sign the set of keys before delivery to the server with the signature of an authorized medical authority.” In other words, unauthorized COVID-19 apps will not be allowed to use this API.
• If the user uninstalls the app, the stopContactTracing method “will be automatically invoked and the database and keys will be wiped from the device.”
• The user, after having confirmed a positive diagnosis of COVID-19, must grant explicit consent to upload 14 days of daily tracing keys. A dialog will be shown to the user if the app calls the startSharingDailyTracingKeys method.
• Users will be shown what date and for how long they were in contact with a potentially contagious person, down to increments of 5 minutes, but not who or where the contact occurred.

Here is how the new BLE Contact Detection Service will protect user privacy and security:

• The spec does not require the user’s location or any other personally identifiable information. Location-use is completely optional and is only done after the user provides explicit consent.
• Rolling Proximity Identifiers are changed every 15 minutes on average, which makes it “unlikely that user location can be tracked via Bluetooth over time.”
• Proximity identifiers retrieved from other devices “are processed exclusively on device.” This means that the “list of people you’ve been in contact with never leaves your phone.”
• It’s up to the user to decide if they want to contribute to contact tracing. Users who are diagnosed with COVID-19 must consent to sharing Diagnosis Keys with the server. There will be transparency about the user’s participation in contact tracing, and “people who test positive are not identified to other users, Google, or Apple.” In fact, this information “will only be used for contact tracing by public health authorities for COVID-19 pandemic management.”
• In case you’re wondering, the Content Detection Service should not significantly drain the battery of a device if the hardware and the OS support “Bluetooth controller duplicate filters and other [hardware] filters” to “account for large volumes of advertisers in public spaces.” Scanning is “opportunistic,” meaning it can occur within existing wake and scan window cycles, but will also occur at a minimum of every 5 minutes.

Because the new Contact Tracing specs are designed with user privacy and security in mind, it’s debatable how effective they’ll be at limiting the spread of COVID-19. According to The Verge, such opt-in, non-invasive contact tracing measures may have limited effectiveness. The issues boil down to a lack of widespread adoption by the population and a potentially large number of false-positive Bluetooth proximity events. Still, I hope this new initiative is successful. It’s rare to see Google and Apple collaborate on anything, but desperate times call for desperate measures.

Sources: Google Blog Post, Overview of COVID-19 Contact Tracing, Contact Tracing BLE Spec, Contact Tracing Cryptography Spec, Android Contact Tracing API Spec

---

Update 1: More Details

In a conference call with reporters, Google and Apple clarified some points about the upcoming Contact Tracing API (rolling out in mid-May as part of “phase 1”) and BLE Contact Detection Service (rolling out later this year as part of “phase 2”). According to TechCrunch and Axios, both the Contact Tracing API and the BLE Contact Detection Service will be available on Android devices following updates to Google Play Services—so long as the Android smartphone is running Android 6.0 Marshmallow. Users will not need to manually update their devices or even update their OS since updates to Google Play Services happen silently in the background through the Google Play Store.

Although the introduction of BLE Contact Detection Service means that users won’t need to install an application to partake in contact tracing, Google says that users will still be prompted to download a relevant public health app if a positive contact event has been detected. This will help users determine the next steps they should take. Apple notes that while data, after being processed locally on-device, may be “relayed” to servers run by public health organizations around the world, there will not be a centralized data server. This will make it difficult for any government or other malicious actor to conduct surveillance. According to Axios, countries can run their own servers or use ones from Apple and Google. To prevent people from submitting false positive diagnoses, Apple and Google are working with public health organizations on a way to confirm diagnoses.

With the confirmation that Google will bring Contact Tracing to Android devices via updates to Google Play Services, what will happen to the millions of devices without Google Mobile Services? I’m referring, of course, to the millions of devices in China and the newer smartphone releases by Huawei and Honor. According to The Verge, Google “intends to publish a framework that those companies could use to replicate the secure, anonymous tracking system developed by Google and Apple.” Thus, it’s up to third-parties to decide whether they want to use that system. Google did not confirm if its Contact Tracing framework will be open-sourced, but they did say they will offer code audits to companies that want to adopt the system.

---

Update 2: Initial Rollout, Huawei Involvement

Originally planned to go live in “mid-May,” it looks like Apple and Google’s Contact Tracing timeline has moved up. According to Thierry Breton, the European Commissioner for internal market, Phase 1 of the plan will go live on April 28th. This information was given to Mr. Breton by Apple CEO Tim Cook.

Phase 1 of Contact Tracing is all about APIs. These APIs will be used by developers who are working on behalf of public health agencies, not third-party applications. The APIs will be made available through an update to Google Play Services and most devices with Android 6.0+ and Bluetooth Low Energy can support Contact Tracing.

Of course, recent Huawei and Honor devices do not have Google Play Services, but many older devices still do. TechRadar confirms that these older devices, which do not include the Huawei Mate 30, P40, Honor V30, and others, will be included in the rollout. As for the other Huawei/Honor devices, the previous article update stated that Google “intends to publish a framework that those companies could use to replicate the secure, anonymous tracking system developed by Google and Apple.”

Source 1: Les Echos | Via: TechCrunch | Source 2: TechRadar

---

Update 3: More Privacy Protections

Apple and Google are now referring to the Contact Tracing plan as “Exposure Notification,” which they say is a better description for the purpose of the tool. We also have some more information about how health authorities can fine-tune the API and the privacy protections that will be in place.

The API uses Bluetooth to detect if you’ve been in the vicinity of others who have tested positive, but that has the potential to be inaccurate (detecting people who weren’t close enough or behind a wall). The API will share the strength of the Bluetooth signal so health authorities can set their own threshold for what constitutes a “contact event.”

The API will share how many days have passed since an individual “contact event.” It will not share the precise length of time the two people were in contact. Rather, it will only share estimates of exposure time, from a minimum of 5 minutes to a maximum of 30 minutes, in increments of 5 minutes. Health authorities can use this information to alter their guidance to users based on how long ago the event was.

Bluetooth metadata will be encrypted to protect against it being used to track individuals in reverse identification attacks. This metadata includes signal strength and other information. The encryption algorithm is being changed to AES from HMAC that they were using before. AES encryption can be accelerated on many mobile devices, making the API more power-efficient.

Lastly, the keys used to trace potential contacts are now randomly generated rather than being derived every 24 hours from a “tracing key” that is permanently tied to a particular device. This gets rid of the chance that an attacker with direct access to a device can figure out how keys are generated from the tracing key, though that is very, very difficult to do already.

Source 1: Axios | Source 2: Bloomberg | Source 3: TechCrunch

---

Update 4: Beta APIs Available

Apple and Google are rolling out their Exposure Notification APIs (formerly called “Contact Tracing”) in a private beta starting today. Google is releasing the beta update through Google Play Services, so they’ll work on any Android 6.0+ device with Bluetooth Low Energy. Public health agencies can begin using these APIs in Android Studio and start testing.

The stable version of the API is still planned to be released in the coming weeks. As the two companies have consistently reiterated, this API is not intended to be used by third-party developers. It’s for public health agencies, and when work has been completed by the developers of these agencies, you will download an app from them.

Source: Bloomberg

---

Update 5: Screenshots, No Location Tracking

Apple and Google are continuing to release more information about the Exposure Notification API. First, the companies shared some guidelines that public health authorities will have to follow to have their contract tracing apps in the respective app stores. The apps are prohibited from collecting device location data, the API is limited to one app per country, and the data collected can’t be used for targeted advertising.

The API limit of one app per country is to reduce fragmentation, but Apple and Google will be flexible and work with governments in countries that may need multiple apps. For example, countries where contact tracing is done regionally or by states.

Apple and Google have also shared some mock-up screenshots of what Exposure Notification settings and apps should look like. The image above shows the new “COVID-19 Exposure Notifications” section in Google Play Services. This section shows whether it’s enabled and which apps are able to send exposure notifications. Users can launch the app from here and see how many “exposure checks” have been done in the last 14 days, delete random IDs, and turn off notifications.

Google also shared some sample screenshots (above) of what an app that uses the Exposure Notification API could look like. The source code for this app has been published on the company’s Github page if health agencies wish to use it to build apps.

Sources: VentureBeat, 9to5Google, 9to5Google

The post [Update 5: Screenshots, No Location Tracking] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19 appeared first on xda-developers.

from xda-developers https://ift.tt/2UZOXLa
via IFTTT