LightBlog

mardi 30 juin 2020

Download: Xiaomi Redmi 7A receives stable beta Android 10 update with MIUI 11

Update (06/30/2020 @ 06:40 AM ET): Android 10 beta stable recovery ROM download link has been added for the Indian variant of the Redmi 7A. Scroll to the bottom for more information. The article as published on June 19, 2020, is preserved below.

The Redmi A series is intended for the entry-level Android smartphone market, and the lineup truly offers the best bang for the buck. They can easily outperform the Android Go-powered phones from the same budget segment, thanks to the better hardware configuration. In terms of software updates, Xiaomi usually delivers one major Android version update to these phones, albeit the MIUI layer is refreshed more than once before EOL. Staying true to its reputation, the company has now rolled out the Android 10 update for the Redmi 7A.

Redmi 7A XDA Forums

The Snapdragon 439-powered Redmi 7A was launched back in 2019 with an exceptionally low ₹5,799 ($85) price tag for the base (2GB RAM/16GB storage) version. The factory-installed operating system was MIUI 10 on top of Android 9 Pie. Although Xiaomi managed to deliver the MIUI 11 update in a fairly quick manner, they didn’t upgrade the underlying Android layer at that time.

Redmi 7A XDA Review – Great Phone, Even Greater Pricing

The wait is finally over, as the long-anticipated Android 10 update has now landed on the Redmi 7A. At the time of reporting, the OTA is available on the European variant of the phone, but it is technically possible to cross-flash it on other regional models. The version number of the new build, which is still based on MIUI 11, is V11.0.1.0.QCMEUXM, and it bumps the Android security patch level (SPL) to May 2020. Other regions should get their updates soon.

Download MIUI V11.0.1.0.QCMEUXM for the Redmi 7A (code-name: “pine”)

It is worth mentioning that the aforementioned build is considered as “stable beta” at the time of publishing. As a result, users need an “authorized Mi Account” (with beta tester privileges) to sideload the above package. The restriction can be bypassed by flashing the recovery ROM using a custom recovery like TWRP. Once Xiaomi greenlights the build to be stable enough, they will flip a server-side switch to remove the Mi Account verification requirement. The same download file will then be installable on the phone without needing a beta tester Account. But as of right now, you can either flash it through TWRP, or arrange for an authorized Mi Account with beta tester privileges.


Update: Redmi 7A units in India are also receiving Android 10 update

The Indian variant of the Redmi 7A is now getting its Android 10 update with the May 2020 security patches in the “stable beta” form. The build number is V11.0.1.0.QCMINXM. You can download the relevant recovery ROM by clicking on this link.

The post Download: Xiaomi Redmi 7A receives stable beta Android 10 update with MIUI 11 appeared first on xda-developers.



from xda-developers https://ift.tt/2UWXiPi
via IFTTT

Samsung rolls out the July 2020 security update to the Galaxy S10, Galaxy Z Flip, and Galaxy A50

Samsung recently pushed out the July 2020 security patches to its flagship Galaxy S20 series. This early security patch release was possible since Google notifies Android Partners about the Android framework and Linux kernel issues listed in a particular Android Security Bulletin (ASB) at least 30 days before the public release. Now three more devices from the Korean OEM’s portfolio – the Galaxy S10, the Galaxy Z Flip, and the Galaxy A50 – have picked up new updates with the July 2020 patchset.

Galaxy S10

As reported by SamMobile, the July 2020 security update for the Exynos-powered Galaxy S10 lineup (model number SM-G97xF) with the firmware version G97xFXXS7CTF3 is now rolling out in several European countries. Judging from the version number, the new build doesn’t carry any significant new feature except the obvious bump in the Android security patch level (SPL). The company is expected to release the equivalent update for the Snapdragon Galaxy S10 variants in the coming weeks.

XDA Forums: Galaxy S10e || Galaxy S10 || Galaxy S10 Plus

Galaxy Z Flip

The global version of the Galaxy Z Flip (model number SM-F700F) is now receiving the July 2020 security patch update in a bunch of regions. This new build is tagged as F700FXXS2ATF3 and comes in at about 210MB in size. Just like the case of the Galaxy S10 series, it is a typical security maintenance release.

Galaxy Z Flip XDA Forums

Galaxy A50

Lastly, we have the mid-range Galaxy A50. It’s good to see that the early availability of security updates is not limited to Samsung’s flagship phones only. At the time of writing this article, the SM-A505FN variant of the Galaxy A50 has received the new build with the version number A505FNXXU5BTF5. The OTA is currently rolling out in the TPH region, which is Samsung’s code for Portugal. We can’t spot the exact changelog, but the pattern of the build number indicates that the update bundles a handful of new features along with the July 2020 patches.

Galaxy A50 XDA Forums

Samsung has yet to publish the details of the July 2020 security bulletin on their site. The updates are rolling out in batches, but you can skip the queue and download the new firmware packages directly from the Samsung update server using Frija.

The post Samsung rolls out the July 2020 security update to the Galaxy S10, Galaxy Z Flip, and Galaxy A50 appeared first on xda-developers.



from xda-developers https://ift.tt/2CV7phj
via IFTTT

The Realme C11 is a new budget smartphone with the MediaTek Helio G35

Following the launch of the new MediaTek Helio G25 and G35 chipsets, Xiaomi announced two new devices in the budget-friendly Redmi 9 series featuring the new SoCs. The new Redmi 9A and Redmi 9C, which were announced in Malaysia earlier today, are powered by the new chipsets and feature large 5,000mAh batteries, coupled with HD+ displays with a waterdrop-style notch. Now, Xiaomi’s biggest competitor Realme has also announced a new device, called the Realme C11, which is powered by the MediaTek Helio G35 SoC.

Realme C11: Specifications

Specifications Realme C11
Dimensions & Weight
  • 164.4 x 75.9 x 9.1 mm
  • 196g
Display
  • 6.5-inch HD+ LCD
  • 1600 x 720
SoC MediaTek Helio G35
RAM & Storage 2GB LPDDR4x + 32GB
Battery
  • 5,000mAh
  • 10W charging
Rear Cameras
  • 13MP f/2.2 primary camera
  • 2MP f/2.4 depth sensor
Front Cameras 5MP f/24
Android Version Realme UI based on Android 10

As revealed in recent teasers, the new Realme C11 is powered by MediaTek’s Helio G35 SoC and features a new design with a square camera module that resembles the recently launched Redmi 9C. According to a recent report from Malaysian tech news website Lowyat, the Realme C11 features a 6.5-inch HD+ display with a resolution of 1600×720 pixels and a waterdrop-style notch. The Helio G35 chipset is complemented by 2GB of LPDDR4x RAM and 32GB of onboard storage, which can be expanded using a microSD card.

Realme C11 specifications

In the camera department, the device features a 13MP f/2.2 primary camera on the back, coupled with a 2MP depth sensor. Over on the front, the device has a single 5MP selfie shooter. As mentioned earlier the device packs in a massive 5,000mAh battery which features support for 10W fast wired charging.

The device doesn’t feature a fingerprint scanner but it does support face unlock using the front camera. In terms of ports, the device has a micro USB port for charging and data syncing, along with a 3.5mm headphone jack. Other connectivity options include Bluetooth 5.0 and 802.11 b/g/n Wi-Fi.

Pricing and Availability

The Realme C11 has been priced at RM429 (~$100) and will be available for purchase in Malaysia starting from July 7th via Realme’s official store on Shopee. Buyers who purchase the device on the first day will also receive a free pair of Realme Buds 2. As of now, the company has released no information regarding a global launch.


Via: Lowyat

The post The Realme C11 is a new budget smartphone with the MediaTek Helio G35 appeared first on xda-developers.



from xda-developers https://ift.tt/2ZBtCZB
via IFTTT

Redmi 9A and Redmi 9C launch with big batteries, notched displays, and new MediaTek processors

Taiwanese chipmaker MediaTek just unveiled the new Helio G25 and Helio G35 chipsets for budget gaming smartphones. The new octa-core chipsets are manufactured on a 12nm fabrication process and feature 8x ARM Cortex-A53 CPU cores clocked at 2.0GHz and 2.3GHz, respectively. The chipsets are making a debut with Xiaomi’s new Redmi 9A and Redmi 9C, which have now been unveiled in Malaysia.

Xiaomi Redmi 9A and Redmi 9C: Specifications

Specifications Redmi 9A Redmi 9C
Dimensions & Weight
  • 164.9 x 77.07 x 9.0 mm
  • 194g
  • 164.9 x 77.07 x 9.0 mm
  • 196g
Display
  • 6.53″ LCD
  • HD+, 1600 x 720 pixels
  • 6.53″ LCD
  • HD+, 1600 x 720 pixels
SoC MediaTek Helio G25 MediaTek Helio G35
RAM
  • 2GB LPDDR4x
  • 3GB LPDDR4x
  • 2GB LPDDR4x
  • 3GB LPDDR4x
  • 4GB LPDDR4x
Storage 32GB eMMC 5.1
  • 32GB eMMC5.1
  • 64GB eMMC5.1
Battery & Charging
  • 5,000 mAh
  • 10W wired fast charging
  • 5,000 mAh
  • 10W wired fast charging
Rear Camera 13MP, f/2.2
  • Primary: 13MP, f/2.2
  • Secondary: 2MP, macro, f/2.4
  • Tertiary: 2MP depth sensor, f/2.4
Front Camera 5MP, f/2.2 5MP, f/2.2
Other Features
  • Micro USB
  • 3.5mm headphone jack
  • Rear-mounted fingerprint sensor
  • Micro USB
  • 3.5mm headphone jack
Colors
  • Granite Gray
  • Peacock Green
  • Sky Blue
  • Midnight Gray
  • Sunrise Orange
  • Twilight Blue

As seen in previous leaks, the latest devices in the Xiaomi Redmi 9 series feature large 5,000mAh batteries, notched displays, and MediaTek’s new chipsets. The new Redmi 9A features a design reminiscent of older devices in the series and is powered by the MediaTek G25 chip. The device features a 6.53-inch HD+ display (1600×720 pixels) with a waterdrop style notch, up to 3GB of LPDDR4x RAM, and 32GB of eMMC 5.1 storage.

Xiaomi Redmi 9A

In the camera department, the device packs in a single 13MP f/2.2 camera on the back and a 5MP f/2.2 selfie shooter over on the front. As mentioned earlier, the device features a massive 5,000mAh battery that includes support for 10W fast charging using the included charging brick. In terms of ports, the device includes a micro USB port for charging and data syncing, along with a 3.5mm headphone jack. The device doesn’t include a fingerprint sensor, but it does support face unlock using the selfie camera.

The Redmi 9C, on the other hand, features a slightly different design with a square camera module on the back, instead of the vertically oriented camera module found on the Redmi 9A, and it’s powered by the MediaTek Helio G35 chip. The device includes the same 6.53-inch HD+ display (1600×720 pixels) with a waterdrop style notch, up to 4GB of LPDDR4x RAM, and up to 64GB of eMMC 5.1 storage.

Xiaomi Redmi 9C

In the camera department, the device features a triple camera setup on the back with a 13MP f/2.2 primary camera, a 2MP f/2.4 macro camera, and a 2MP depth sensor. Over on the front, the device features the same 5MP f/2.2 selfie shooter. Much like the Redmi 9A, the Redmi 9C features a 5,000mAh battery with support for 10W fast charging using the included charger. In terms of ports, the device features a micro USB port for charging and data syncing, along with a 3.5mm headphone jack. Unlike the Redmi 9A, the Redmi 9C does include a capacitive fingerprint scanner on the back panel.

Pricing and Availability

The Redmi 9A has been launched in Malaysia at a price of RM359 (~$84) for the 2GB+32GB variant. The device comes in three color variants — Granite Gray, Peacock Green, and Sky Blue — and will be available for purchase on Lazada and Shopee starting from July 7th. The device will also be available at all authorized Mi stores in Malaysia starting from 14th July. As of now, the company hasn’t released any information about the pricing and availability for the 3GB+32GB variant, except for the fact that it will be available in Indonesia.

Redmi_9C_and_Redmi_9A_Pricing

The 2GB+32GB variant of the Redmi 9C has been priced at RM429 (~$100) and it also comes in three color variants — Midnight Gray, Sunrise Orange, and Twilight Blue. The device will be available for purchase towards the end of July in Malaysia and, much like the Redmi 9A, the higher-end 4GB+64GB variant of the device will be launched in Indonesia.


Source: Xiaomi Malaysia Facebook (1,2)

The post Redmi 9A and Redmi 9C launch with big batteries, notched displays, and new MediaTek processors appeared first on xda-developers.



from xda-developers https://ift.tt/3iflV3K
via IFTTT

lundi 29 juin 2020

SafetyNet’s dreaded hardware attestation is rolling out, making it much harder for Magisk to hide root

Back in March, a few users with Magisk installed noticed that their devices were failing SafetyNet attestation. This news was troubling to the community at XDA because it means that many crucial banking/financial apps and popular games like Pokémon Go and Fate/Grand Order were refusing to run on rooted devices. For some time, it seemed as if the tightened restrictions in SafetyNet were pulled back, only to roll out again for a handful of users in the last few weeks. However, Google quietly confirmed in early May that they testing hardware-backed attestation for SafetyNet responses, which is what made Magisk unable to hide the bootloader unlocking status back in March. If this change widely rolls out, it will mean that users will have to choose between having access to root/custom ROMs/kernels/etc. or their preferred banking apps and games. One of the biggest appeals of Android for power users could soon be gone.

To recap this series of events, we should first talk about SafetyNet itself. SafetyNet is a set of APIs in Google Play Services. The SafetyNet Attestation API is one of those APIs, and it can be called by third-party applications to check if the software environment of the device has been tampered with in any way. The API checks for various things like signs of superuser binaries, the bootloader unlock status, and more. When you root a device with Magisk, it “[creates] an isolated ‘safe environment’ for the [SafetyNet] detection process, and it goes through Google’s API to create a legit SafetyNet result that does not reflect the real status of the device,” per XDA Senior Recognized Developer topjohnwu. This allows the user to root their phone while ensuring that the API always returns “false” for any bootloader unlocking checks. This method of bypassing SafetyNet’s bootloader unlocking detection has been working out for Magisk for the last few years, but that’s only because Google has held off on verifying the integrity of the boot image using hardware attestation. In March, it seemed like Google was finally starting to employ hardware attestation in SafetyNet to verify the boot image, but we never got an official statement from Google confirming the change and only a few users were affected. As spotted by XDA Senior Member Displax, however, Google confirmed on May 5, 2020, that SafetyNet Attestation API responses from some devices now include hardware-backed checks.

On the Google Group for “SafetyNet API Clients,” Google detailed a new feature for the Attestation API: evaluationType. The JSON Web Signature (JWS) response from some devices will have a field named “evaluationType” that “will provide developers with insight into the types of signals/measurements that have contributed to each individual SafetyNet Attestation API response.” One of the supported tokens in this field is “HARDWARE_BACKED” which indicates that the API “[used] the available hardware-backed security features of the remote device (e.g. hardware-backed key attestation) to influence [its] evaluation.” Google says that they are “currently evaluating and adjusting the eligibility criteria for devices where we will rely on hardware-backed security features.” What this means is that, on some devices, Google Play Services is now using hardware-backed attestation to detect that the device’s software hasn’t been tampered with. Google has not officially documented this change outside of the announcement in the Google Group, so some developers that use SafetyNet may not be aware of this change (and thus aren’t yet checking for the “HARDWARE_BACKED” field in JWS responses.) However, for those apps that are checking for this field, there’s now no way to hide root access from them, provided your device is part of the test that Google is running.

According to topjohnwu, hardware-backed attestation means that Google Play Services now “[sends] an unmodified keystore certificate to SafetyNet servers, [verifies] its legitimacy, and [checks] certificate extension data to know whether your device [has] verified boot enabled (bootloader status).” Since the private keys from which the keystore certificates are derived from are backed by the phone’s isolated secure environment, retrieving them would involve defeating the security of the phone’s Trusted Execution Environment (TEE) or dedicated hardware security module (HSM). If one were somehow able to leak a private key, the keys would quickly be revoked once Google found out. Google and other companies offer hundreds of thousands of dollars in rewards for any critical security vulnerabilities in TEEs, so it’s incredibly unlikely for this to be a potential avenue to bypass bootloader unlocking detection anyways.

Another potential way that Magisk could continue to spoof the bootloader unlocking status is by modifying SafetyNet’s client-side code to always use the BASIC evaluation. As topjohnwu notes, though, this would require injecting custom code into Google Play Services via a hooking framework like the Xposed Framework. This is not only difficult to do because Google Play Services is highly obfuscated but it’s also impossible to hide as “some memory space analysis will reveal code manipulation very easily.” Furthermore, this would also only work if Google’s servers continue to accept BASIC evaluations and if HARDWARE_BACKED evaluations are not enforced on devices that support them. (SafetyNet responses “[come] from Google servers and are signed with Google’s private key,” according to topjohnwu, so the actual responses can’t be spoofed.)

Since Android 7 Nougat, Google has required that all devices have an isolated secure environment, meaning this change to how SafetyNet verifies bootloader unlocking will affect most devices that are out there. Since older devices without an isolated secure environment obviously can’t perform hardware-backed attestation, Magisk will still be able to hide root access on those devices. But if this change rolls out widely, everyone else will have to make a hard choice between root access and banking apps.

Unfortunately, there are probably a lot of apps out there that use SafetyNet checks when they don’t actually need to. One example cited by topjohnwu is the official McDonald’s app, which seemingly refuses to run on a bootloader unlocked device. On Twitter, topjohnwu calls out apps that overuse the API as creating a hostile environment for power users. XDA Recognized Developer Quinny899 joins in with an anecdote about how his team considered using SafetyNet to check the device security status. They ultimately decided not to go through with it since his team’s app encrypts all the sensitive data it works with. SafetyNet, he argues, should not be used in lieu of proper security and data handling practices, especially when considering the possibility of superuser exploits.


For more information on how the new SafetyNet change affects Magisk, check out topjohnwu’s excellent FAQ on Twitter. If you just want to check if your device is part of Google’s new SafetyNet test, then you can follow this guide by XDA Senior Member Displax.

The post SafetyNet’s dreaded hardware attestation is rolling out, making it much harder for Magisk to hide root appeared first on xda-developers.



from xda-developers https://ift.tt/3dRmkpG
via IFTTT

MediaTek Helio G35 and G25 chipsets unveiled for gaming on a budget

Adding on to its list of gaming-focused Helio G series chipsets, Taiwanese chipmaker MediaTek has now unveiled the budget-friendly Helio G35 and Helio G25. The new budget chips come just a month after the company unveiled the mid-range Helio G85, which is an octa-core processor that’s built on a 12nm process. Much like the Helio G85, both the Helio G25 and Helio G35 are fabricated on a 12nm manufacturing process.

MediaTek Helio G25

Out of the two new chips, the entry-level MediaTek Helio G25 features 8x ARM Cortex A-53 CPU cores clocked at 2.0GHz and an Imagination PowerVR GE8320 GPU clocked at up to 650MHz. The G25 is capable of running displays at 1600×720 resolution at 60Hz. On the other hand, the MediaTek Helio G35 features 8x ARM Cortex A-53 CPU cores clocked at 2.3GHz, and an Imagination PowerVR GE8320 GPU clocked at up to 680MHz. The G35 is capable of running displays at 2400×1080 resolution at 60Hz.

MediaTek Helio G35

In the camera department, the Helio G25 supports dual 13MP+8MP cameras or a single 21MP camera with Zero Shutter Lag, while the G35 supports dual 13MP+13MP cameras or a single 25MP camera with Zero Shutter Lag. Both the Helio G25 and Helio G35 support MediaTek’s HyperEngine technology, which boasts of dynamic allocation of CPU, GPU, and memory while factoring in power, thermal, and gameplay requirements, to offer smooth gaming performance on budget devices, enhance power efficiency and facilitate low-latency connections. The new chipsets support up to 6GB LPDDR4x RAM at 1600MHz frequency, eMMC 5.1 storage, Dual 4G VoLTE, LTE Cat. 7 DL/Cat.13 UL, Wi-Fi 5 (b/g/n/ac), and Bluetooth 5.0.


Source: MediaTek

The post MediaTek Helio G35 and G25 chipsets unveiled for gaming on a budget appeared first on xda-developers.



from xda-developers https://ift.tt/2ZlkcBc
via IFTTT

Google Photos temporarily disables image backups from Facebook, WhatsApp, and other messaging apps by default

Last week, we discovered that Google was preparing to disable Google Photos backups for a number of social media/messaging apps. The app’s strings explicitly mentioned the COVID-19 pandemic as the reason, stating that “in an effort to conserve internet resources, backup & sync has been turned off” for messaging apps. Today, that change is officially going into effect.

The message that was previously discovered has now been officially posted in the Google Photos community forum. A notification will also be appearing to users in the Google Photos app. This means that by default, photos and videos from the affected services will no longer be backed up. Users will have to manually go into the app and select those folders to be backed up.

Google’s statement only specifically mentions “messaging apps like WhatsApp, Messages, and Kik” as apps that will be affected by this change. However, in a teardown of the latest Google Photos APK, we found all the apps that are included. Folders whose names match the following regex expression will not be backed up:

.*(Facebook|Helo|Instagram|LINE|Messages|Messenger|Snapchat|Twitter|Viber|WhatsApp).*

This means that images from Facebook, Helo, Instagram, LINE, Messages, Messenger, Snapchat, Twitter, Viber, and WhatsApp will not be backed up. Previous backups from these folders will not be affected. As mentioned, you can still go to settings in the app and enable backups manually. Go to Settings > Back up & sync > Back up device folders if you have the old or new Photos UI to make changes.

We’ve seen Google make similar changes to save bandwidth during the pandemic, so something like this isn’t unusual, though it’s a bit late considering how long it’s been since the pandemic took over our lives.


Source: Google | Via: Android Police

The post Google Photos temporarily disables image backups from Facebook, WhatsApp, and other messaging apps by default appeared first on xda-developers.



from xda-developers https://ift.tt/2NJ6LW4
via IFTTT