The OnePlus 8 has been in the news recently for its camera, but not in the way you might expect. People discovered that the OnePlus 8 Pro’s camera could use the Photochrom filter to see through certain things, including thin clothing. OnePlus made the decision to disable the feature and rework it. But that’s just one part of the OnePlus 8 series’ camera capability, and the company is continuing to work on it.
Last week, the folks at OnePlus had an online Open Ears Forum about the OnePlus 8’s camera technology. During the meeting, some new features for the OnePlus 8 series were floated to users for feedback. Those features haven’t been revealed yet, but the company has shared some actions they will be taking based on feedback:
Continue improving white balance consistency across all lenses
Reduce the haloing seen on some HDR portrait shots
Improve UX for AE lock
Add more color filters and bring them to portrait mode
Show visual cue when tripod mode is triggered
Keep optimizing post-processing strategy
These things seem like pretty basic camera functions, but they’re also things that generally can always use improvement in smartphone cameras. White balance consistency across lenses is especially important in the day and age of multi-camera devices. The visual cue for tripod mode is also a welcomed addition as there’s no way to manually enable it.
We have no idea when these changes will come to the OnePlus 8 series. We’ll keep an eye out for these changes in a future OxygenOS update.
Thanks for XDA Senior Member Some_Random_Username for the tip!
Last summer, Samsung launched the Galaxy Book S, its first laptop powered by the Qualcomm Snapdragon 8cx processor. Samsung is back with the Galaxy Book S, only this time it’s powered by the Intel Lakefield chipset. This is essentially the same laptop as before, but now it has the shiny “Intel Inside” sticker. The Galaxy Book S is also the first laptop to use Intel’s Lakefield generation.
Lakefield is the first “hybrid” CPU from Intel. That means it combines the company’s Atom and Core CPU cores into a single unit. This is something we commonly see in ARM chips on smartphones, which offers high-performance and low-power cores to maximize efficiency. There’s a lot more going on, but the gist is this should help the new Galaxy Book S compete with the Snapdragon model in terms of battery life.
Samsung doesn’t give a ton of details about the CPU, other than “Intel Core processor with Intel Hybrid Technology.” The other big detail is LTE connectivity, which is also something the ARM model has. Other specifications include Intel UHD Graphics, 8GB of LPDDR4x RAM, and 256GB or 512GB of eUFS storage. There is also a microSD card slot for up to 1TB of extra storage.
The Galaxy Book S has a 13.3-inch FHD LCD display with touchscreen capabilities. There are 2 USB-C ports, a headphone jack, fingerprint scanner, quad stereo speakers with Dolby Atmos, and a 1MP camera. The battery is 42Wh and it has WiFi 6 and Bluetooth 5.0. Samsung ships the device with Windows 10 Home or Pro.
We don’t know how much the Intel Galaxy Book S will cost or when it will launch, but it will be available in Mercury Gray and Earthy Gold colors.
Galaxy Book S
OS
Windows 10 Home / Pro
Display
13.3″ FHD TFT LCD Display with Touch Screen Panel
Dimension
305.2 x 203.2 x 6.2 ~ 11.8 mm
Weight
950g
CPU
Intel Core processor with Intel Hybrid Technology
Graphic
Intel UHD Graphics
Memory
8GB RAM (LPDDR4x)
Storage
256/512GB eUFS, MicroSD slot (up to 1TB)
Camera
1MP
Battery
42Wh (typical)
Connectivity
Wi-Fi 6 (Gig+) 802.11 ax 2×2, LTE (Cat 16), Bluetooth v 5.0
Samsung has been designing its own Exynos chipsets for several years now. The Korean smartphone maker normally uses both Qualcomm Snapdragon and Exynos processors for their flagship and upper mid-range devices, but they usually use their own in-house Exynos chips for their budget smartphones. Samsung has recently (and quietly) published a product page for a new entry in their Exynos lineup of processors: the Exynos 850.
This Exynos 850 processor can already be found in the recently-announced Samsung Galaxy A21s, a smartphone on the lower-end of Samsung’s Galaxy A lineup. Thus, we already expected this processor to be geared towards decidedly-budget smartphones. According to the specifications listed on the product page, the Exynos 850 has an octa-core CPU comprised of two clusters of ARM Cortex-A55 cores which are clocked at up to 2.0GHz. The SoC also features ARM’s Mali-G52 GPU. It also supports LPDDR4X RAM, eMMC 5.1 storage, Cat.7 LTE, Full HD+ (1080p) display panels, and more. The chipset is fabricated using Samsung’s fairly modern 8nm LPP process.
For imaging, the Exynos 850 apparently supports up to 1080p60 video recording, 21.7MP image processing from a single camera or 16MP + 5MP from dual cameras (presumably with ZSL), and encoding in HEVC/h.265.
As we said before, the Galaxy A21s is the first smartphone to sport this processor, and we know it has a 48MP quad rear camera setup, an HD+ Infinity-O panel, up to 6GB of RAM, and up to 64GB of storage, so we already knew those are things this processor supports. It is possible that we’ll see this SoC on other Samsung budget Android smartphones soon. Budget smartphones are improving at a surprising rate, and we can thank the incredible competition in markets like India and China for that.
It’s 10:00 PM. Do you know where your Activities are? There’s a new vulnerability that can be exploited on millions of Android devices, and it’s a pretty nasty one, too. In a nutshell, this design flaw allows an attacker to present their own Activity (page) on top of another app’s, potentially confusing the user into giving away their private data. The vulnerability has been dubbed StrandHogg 2.0 and was recently disclosed by Promon, a Norwegian security firm.
The StrandHogg 2.0 vulnerability theoretically affects all Android devices running Android versions as old as Honeycomb (3.0) and up to Android 9 Pie (9.0). Based on the latest Android version distribution statistics, that means that approximately 91.8% of all Android devices are vulnerable to StrandHogg 2.0. The vulnerability was assigned CVE-2020-0096 and was given a severity level of “critical.” It doesn’t require any special permissions to work and can function almost entirely without user interaction. All a user has to do is open an app with malicious code hidden away in it, and then they’re vulnerable to exploitation.
Promon was kind enough to send us their proof of concept app and its source code so we could best explain how the exploit works, why it matters to users, and how developers can protect their apps against it.
How It Works
Say you’re using Gmail and you click a web link. If you go to your recent apps screen, you may notice that the web page appears to be “inside” Gmail. The preview shows the website, but the app icon and name are still from Gmail. This is something that happens when an app/Activity launches another app/Activity in the same task. Now imagine that you didn’t purposely open that link. To you, it looks like it’s just part of the Gmail app. This is the behavior that StrandHogg 2.0 exploits.
We’re going to have to leave out some details here, but here’s roughly how this exploit works. For the following, let’s assume the attacker wants to get the user’s Gmail login.
The user downloads a malicious app (of course, without knowing it’s malicious) and opens it.
In the background, the app opens Gmail, puts a look-alike login Activity on top of it, and then launches another Activity.
The user opens Gmail and sees what looks like Gmail’s login screen but is actually the attacker’s phishing Activity.
The final Activity launched in step 2 can be anything that avoids suspicion. The app could fake a crash and go back to the home screen, or it could just open to its main Activity as if nothing happened. The only suspicious thing the user might see is a bunch of opening animations as all the Activities launch. The worst part: It won’t even look like Gmail was opened.
Source: Promon
Of course, an attacker can do more than just showing a fake login screen. A malicious app could present a permissions prompt instead, tricking the user into granting unwanted permissions. While requesting any special permissions like Accessibility might make the user suspicious, it’s possible to do a lot of damage with something like Storage Access.
The Technical Bits
This next section is a high-level overview of how StrandHogg 2.0 works. Promon won’t release the full details for another few months, so we can’t share exactly how this exploit is implemented. There are some technical details that we can talk about, though.
In a nutshell, StrandHogg 2.0 hijacks Android’s Context.startActivities() API method, using three Intents.
The first Intent is the one that launches, in our example’s case, Gmail. It’s flagged with Intent.FLAG_ACTIVITY_NEW_TASK.
The second Intent is the malicious one. In our example, it’s for the look-alike login Activity. This Intent has no flags.
The third Intent is the distraction. It makes sure the user isn’t suspicious of Gmail just randomly opening instead of the app they tapped (i.e. the one launching the attack). It’s flagged with Intent.FLAG_ACTIVITY_NEW_TASK.
All of these Intents are then passed in an array to the startActivities() method.
The second Intent’s lack of flags is the key here. By doing so, we’ve basically just replicated the Gmail example from above. The task is technically Gmail’s, but the topmost Activity is the attacker’s. When the user then clicks Gmail’s home screen icon, the attacker’s Activity displays instead of Gmail’s.
Proof of Concept
With the information that Promon sent us, we were able to replicate their proof of concept. Here’s a screen recording from a Samsung Galaxy Note8 running Android 9 Pie showing it in action.
Mitigation Techniques and Issues
Now, simply replicating the above in code won’t actually work. It’s not a complete example, and there are a few other things that an attacker has to do to make it work, which we can’t share. But they’re not particularly hard to guess on your own, and that’s part of what makes this attack so dangerous. StrandHogg 2.0 is a relatively easy exploit to implement, and difficult to mitigate.
Mitigation can’t just involve blacklisting all apps that use startActivities(), since there are plenty of legitimate uses for it. It’s also really difficult to automate a detection algorithm for it. Malicious developers can employ all sorts of tricks to make their implementation of StrandHogg 2.0 effectively invisible to services like Google Play Protect. StrandHogg 1.0 required the attacker to add an attribute in the malicious app’s AndroidManifest.xml, which was relatively easy to detect. StrandHogg 2.0, on the other hand, functions entirely in Java/Kotlin.
Taking into account obfuscation, reflection, and even just different coding styles, it seems impractical to automatically properly detect an app making use of this exploit. What’s more is that if a user is the subject of a StrandHogg 2.0 attack, they may not even know. If you open Gmail and you see its login screen, you might just think your session expired and enter your login details without a second thought.
When we contacted Google for a response, a spokesperson offered the following statement:
“We appreciate the work of the researchers, and have released a fix for the issue they identified. Additionally, Google Play Protect detects and blocks malicious apps, including ones using this technique.”
This sounds good, and hopefully it has at least some effect against StrandHogg 2.0 attacks. It’s worth noting, though, that Google Play Protect did not detect our proof of concept app as malicious, even after performing a manual scan.
Promon says that they “have not observed any real-life malware utilizing the StrandHogg 2.0 vulnerability,” but there’s no guarantee that this is the first time the exploit has been discovered. For that reason, Promon recommends that developers go ahead and protect their apps by setting their launcher Activity’s launchMode flag to either singleTask or singleInstance. Either of these flags will prevent task injection, which is what StrandHogg 2.0 relies on. However, having your Activity use one of these flags can cause issues with certain app flows, so it’s not always desirable.
Promon is also promoting its own “In-App Protection by Promon SHIELD” product which sounds like a library that app developers can implement to monitor the tasks in your app’s process to check for irregular insertions. Because there’s no truly effective developer or user mitigation strategy, it’s pretty important that manufacturers implement the patch to fix this ASAP.
Thankfully, Promon followed responsible disclosure guidelines before making this exploit public (and it’s still not fully public—Promon is waiting 90 days before fully disclosing how StrandHogg 2.0 works). Google has since backported patches for this exploit to Android 8.0 Oreo, Android 8.1 Oreo, and Android 9 Pie with the May 2020 Android Security Patch Level (SPL). Users on Android 10 and above aren’t vulnerable, though we’re not entirely sure why that’s the case. It likely has something to do with Android 10’s new restrictions concerning launching Activities and how Google integrated that into the task stack. Promon says that “on Android 10 the attack is entirely ineffective, and the activities are split into different tasks and into separate task stacks according to adb shell dumpsys activity activities.”
If your device manufacturer is still providing security updates (you can read more about how the security patch process works here), you should pester them for an update as soon as possible. Otherwise, you’ll just need to be careful about which apps you download and run (although you should be doing that anyway).
For more details and use-cases of StrandHogg 2.0, check out the official announcement on Promon’s website. For custom ROM developers, you can find the relevant AOSP commits for preventing StrandHogg 2.0 attacks here and here.
Disclosure Timeline
Here is the disclosure timeline that Promon shared in its StandHogg 2.0 document:
Dec 4, 2019 – Reported issue to Google
Dec 4, 2019 – Shared a PoC «malicious app» and video with Google
Dec 4, 2019 – Google confirmed receiving the report
Dec 9, 2019 – Google set the severity of the finding as «Critical»
Dec 9, 2019 – Google confirms that they are able to reproduce the issue
Feb 14, 2020 – We inform Google the 90-day disclosure is nearing in the beginning of March, and ask for status on their side
Feb 14, 2020 – Google responds that April is the soonest they can roll out a fix
Feb 14, 2020 – We inform Google we are working on mitigations
Feb 14, 2020 – Google responds. They are working on remediations, and ask if we can share what mitigations we are recommending
Feb 17, 2020 – We inform Google that we can hold back the disclosure until April. We request the CVE number
Feb 17, 2020 – We share our mitigation strategies, as well as how we envisage a platform mitigation
Mar 23, 2020 – Google responds with the CVE ID (CVE-2020-0096)
Mar 23, 2020 – Google responds that general availability of the fix for Android will be available in May
Mar 23, 2020 – Google asks if we will consider delaying disclosure to May
Mar 27, 2020 – We respond that we will delay disclosure until May
Apr 22, 2020 – Google informs us that the May Security Bulletin is scheduled to contain a patch for the vulnerability
Citra, the most popular Nintendo 3DS emulator, was officially released for Android onto the Google Play Store last week, and its performance has been at the forefront of the conversation. I’m sure anybody who saw its release wondered whether they could play their favorite Nintendo 3DS games on their Android smartphone or tablet, so I’ve spent the past few days playing games on various different devices powered by multiple different SoCs to see what kind of performance you can expect to get from your device.
I tested the following popular Nintendo 3DS games:
…and the results were rather mixed. I tested each of these 3DS games with the unofficial Citra MMJ version as well as the official Citra 3DS emulator that was just released on the Google Play Store. Some of the results were surprising. Note that all of these tests were done with audio stretching disabled as I found that it had a pretty significant performance hit for little benefit when enabled. Keep in mind that different GPU driver versions may also affect performance, and so one device with a particular chipset may not perform the same as another device with the same chipset.
Nintendo 3DS emulation using the official Citra for Android port. Left to right: OnePlus 8 Pro, OnePlus 6, Realme 6 Pro.
Note: You can legally acquire 3DS ROMs for your smartphone by dumping and decrypting your own Nintendo 3DS games. For this, you will need a hacked Nintendo 3DS and a legally purchased copy of the 3DS game that you want to play.
Current performance issues with Nintendo 3DS emulation via Citra for Android (and potential fixes)
Before going into detail of the performance of the aforementioned Nintendo 3DS games on various Android smartphones, it’s worth mentioning that currently, the Citra 3DS emulator port for Android does not support a shader cache. A shader cache is simply a cache of files that keeps track of compiled shaders that are shown in-game, and having one greatly reduces CPU and GPU load. When new shaders are encountered in Citra, they are then compiled and aren’t saved to the storage. This means that they can’t be cached, and instead must be recompiled once encountered every time. This is why currently, Citra on Android can be quite stuttery when playing some 3DS games. Citra on PC supports a shader cache, and it’s quite common for users to want to download a precompiled shader cache to avoid slowly and painstakingly generating their own. Also, I found that disabling audio stretching helped performance a little bit.
Nintendo 3DS Emulation Performance – Qualcomm Snapdragon 865, 855, 845, 720G, and Kirin 980
Qualcomm Snapdragon 865
Animal Crossing: New Leaf – OnePlus 8 Pro
Official Citra
Mostly 60 FPS
Drops frames frequently, particularly when shaking trees to drop fruit
Audio hangs for a second or so often, and when audio hangs, the game hangs for a second too
MMJ/Unofficial Citra
30 FPS to 45 FPS with occasional spikes to 60 FPS
No audio hangs
More consistent experience overall, though slower
Attempting to sell items will freeze the game, which does not happen on the official Citra build
Mario Kart 7 – OnePlus 8 Pro
Runs perfectly at 60 FPS
Occasional audio cues cause slight stuttering
No difference in performance between Official and MMJ build
Pokemon X/Y – OnePlus 8 Pro
Not a very intensive game, runs perfectly at 30 FPS (this game runs at 30 FPS in the overworld)
Battles run perfectly
Audio sounds great, music is in AAC format and can now be decoded
No difference in performance between Official and MMJ build
Note: The flickering as seen in the above video only occurred when I was screen recording.
The Legend of Zelda: A Link Between Worlds – OPPO Find X2 Pro/OnePlus 8 Pro
Runs perfectly, no slowdowns
Audio is great
Occasional stutters in combat
Cutscenes work
No difference in performance between Official and MMJ build
Fire Emblem Fates – OPPO Find X2 Pro
Some slowdowns when entering combat
Some audio stuttering in battles
Audio works great
Cutscenes work
The game mostly runs at full speed, which it didn’t on the MMJ build
Qualcomm Snapdragon 855
Animal Crossing: New Leaf – OPPO Reno 10x Zoom
Official Citra
Runs nearly flawlessly
Very few stutters
Virtually no audio lag
MMJ/Unofficial Citra
Anywhere from 30 to 60 FPS, though mostly towards the higher-end
Very few stutters
Virtually no audio lag
Attempting to sell items will freeze the game, which does not happen on the official Citra build
Mario Kart 7 – OPPO Reno 10x Zoom/OnePlus 7 Pro
Runs nearly flawlessly
Pretty much no audio lag
Pretty much no stutters
No performance difference between Official and MMJ build
Pokemon X/Y – OPPO Reno 10x Zoom
Not a very intensive game, runs perfectly at 30 FPS (this game runs at 30 FPS in the overworld)
Battles run perfectly
Audio sounds great, music is in AAC format and can now be decoded
No difference in performance between Official and MMJ build
The Legend of Zelda: A Link Between Worlds – OPPO Reno 10x Zoom
Runs nearly flawlessly
Pretty much no audio lag
Occasional stutters in combat
No performance difference between Official and MMJ build
Qualcomm Snapdragon 845
Animal Crossing: New Leaf – OnePlus 6
Official Citra
Mostly 50-60 FPS
Drops frames very frequently, particularly when shaking trees to drop fruit, but also in many other situations too
Audio hangs for a second or so often, and when audio hangs, the game hangs for a second too
MMJ/Unofficial Citra
Around 30-60 FPS, sticking somewhere around 45 FPS for most of the time
Drops frames less frequently
Audio stutters occasionally
Mario Kart 7 – OnePlus 6
Stuttering when navigating menus
50-60 FPS in races, though fluctuates wildly and sometimes dips as low as 30 FPS
Occasional audio stutters
Pokemon X/Y – OnePlus 6
Not a very intensive game, runs perfectly at 30 FPS (this game runs at 30 FPS in the overworld)
Battles run perfectly
Audio sounds great, music is in AAC format and can now be decoded
No difference in performance between Official and MMJ build
The Legend of Zelda: A Link Between Worlds – OnePlus 6
Consistent in the 40-60 FPS range
Lots of stutters in combat
Marginally better performance in the MMJ build over the Official build
Qualcomm Snapdragon 720G
Animal Crossing: New Leaf – Realme 6 Pro
Official Citra
Mostly 50-60 FPS
Drops frames occasionally, particularly when shaking trees to drop fruit, but also in many other situations too
Audio hangs for a second or so often, and when audio hangs, the game hangs for a second too
MMJ and Official build more or less perform the same here
Pokemon X/Y – Realme 6 Pro
Runs mostly perfectly at 30 FPS, though occasionally dips in performance
Battles run perfectly
Audio sounds great, music is in AAC format and can now be decoded, minimal stuttering
No difference in performance between Official and MMJ build
The Legend of Zelda: A Link Between Worlds – OnePlus 6
Consistent in the 40-60 FPS range
Lots of stutters in combat
Marginally better performance in the MMJ build over the Official build
Kirin 980
The Honor 20 Pro with its HiSilicon Kirin 980 was unable to run any of the Nintendo 3DS games that I tested at any playable framerate. The official and unofficial Citra 3DS emulators don’t really support devices with non-Snapdragon chipsets due to driver issues, and as such, this means that Samsung smartphones with Exynos processors will also likely face issues playing any of the 3DS games listed here.
Conclusion – Nintendo 3DS Emulation is very viable (for most flagships)
Oddly enough, I found the best performance to be not with the Qualcomm Snapdragon 865 but rather with the Qualcomm Snapdragon 855. It’s possible that Citra was developed primarily on Qualcomm Snapdragon 855 devices as the Qualcomm Snapdragon 865 is a relatively recent release, but this is only speculation on my part. The Snapdragon 855 found in both the OnePlus 7T Pro and the OPPO Reno 10x Zoom handled pretty much all Nintendo 3DS games I threw at it perfectly, which greatly impressed me, and the games themselves were very much playable. The Qualcomm Snapdragon 720G also fared incredibly well, with more or less identical results to the Snapdragon 845.
In the current financial climate, finding a secure job has become the top priority for many of us. While some industries are struggling, there are still many vacancies in IT. If you would like to break into this lucrative sector, makeThe Complete 2020 IT Certification Exam Prep Mega Bundleyour starting point. This learning library includes all the prep you need to ace nine top exams, with insight from top instructors. You canget it now for just $1,800at the XDA Developers Depot.
You don’t need an amazing academic record to land a good job in IT. However, recruiters do look for certifications. If you can pass the exams, the rewards are pretty great — AWS-certified IT professionals earn $129,868 on average.
This bundle helps you prep for nine top exams, with extensive video training. Through concise lessons, you learn about cloud computing with AWS and Microsoft Azure, and work towards Cisco networking exams. In addition the training helps you earn the all-important CompTIA Security+ certification. With lifetime access to all the courses, you can study at your own pace.
You learn from a roster of top instructors, including Scott Duffy. This certified Enterprise Architect has helped over 343,000 students, earning a rating of 4.4/5 stars on Udemy.
The Pixel 4a has been on our radar since late last year. At first, we were operating under the assumption that there would be a Pixel 4a XL. After all, every Pixel generation has included two sizes, including the Pixel 3a series. Eventually, it became clear that Google would not be launching an XL model this time around. However, that doesn’t mean they weren’t working on one.
It’s perhaps no surprise that Google started the development of the Pixel 4a series with the intention of releasing an XL model. There was a leak last month of a Pixel 4a XL replacement back cover on eBay. The part doesn’t have the typical Google “G” logo, however, indicating it’s actually from a prototype device. Now, new images of the Pixel 4a XL back panel have surfaced.
There’s nothing super notable about these images. The back cover includes the camera Pixel 4-like camera module we’ve seen on the smaller Pixel 4a. One clear difference is the number of cameras. It looks like the XL model may have actually sported dual rear cameras, compared to the single camera on the smaller model. The white cover also has an orange power button, which is typical for the Google Pixel line.
It’s interesting to think about a larger Pixel 4a XL with dual rear cameras at a slightly higher price point. Google could have positioned the 4a as the super-budget option and the 4a XL as a slightly more premium mid-range device. In the end, though, Google decided to ride with just one model.