The Guardian tells the story of "a viral sensation in the global underworld," the high-security An0m phones, which launched with "a grassroots marketing campaign, identifying so-called influencers — 'well-known crime figures who wield significant power and influence over other criminal associates', according to a US indictment — within criminal subcultures." An0m could not be bought in a shop or on a website. You had to first know a guy. Then you had to be prepared to pay the astronomical cost: $1,700 for the handset, with a $1,250 annual subscription, an astonishing price for a phone that was unable to make phone calls or browse the internet.

Almost 10,000 users around the world had agreed to pay, not for the phone so much as for a specific application installed on it. Opening the phone's calculator allowed users to enter a sum that functioned as a kind of numeric open sesame to launch a secret messaging application. The people selling the phone claimed that An0m was the most secure messaging service in the world. Not only was every message encrypted so that it could not be read by a digital eavesdropper, it could be received only by another An0m phone user, forming a closed loop system entirely separate from the information speedways along which most text messages travel. Moreover, An0m could not be downloaded from any of the usual app stores. The only way to access it was to buy a phone with the software preinstalled...

[U]sers could set an option to wipe the phone's data if the device went offline for a specified amount of time. Users could also set especially sensitive messages to self-erase after opening, and could record and send voice memos in which the phone would automatically disguise the speaker's voice. An0m was marketed and sold not so much to the security conscious as the security paranoid...

An0m was not, however, a secure phone app at all. Every single message sent on the app since its launch in 2018 — 19.37m of them — had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices.

On 7 June 2021, more than 800 arrests were made around the world....
Law enforcement agencies ultimately saw An0m as a creative workaround for unbreakable encryption, according to the Guardian. "Why debate tech companies on privacy issues through costly legal battles if you can simply trick criminals into using your own monitored network?"

The Guradian's story was shared by jd (Slashdot user #1,658), who sees an ethical question. "As the article notes, what's to stop a tyrant doing the same against rivals or innocent protestors?"

"A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores," reports the Record: In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to prevent detection. ValdikSS, who set up a local 2G base station in order to intercept the phones' communications, said the devices also secretly notified a remote internet server when they were activated for the first time, even if the phones had no internet browser...

All the remote servers that received this activity were located in China, ValdikSS said, where all the devices were also manufactured before being re-sold on Russian online stores as low-budget alternatives to more popular push-button phone offerings, such as those from Nokia.
But who's responsible, the article ultimately asks. The third party supplying the firmware? The parties shipping the phones? The vendors selling the phone without detecting its malware? Or the government agencies lacking a mechanism for collecting reports of malware...

Long-time Slashdot reader Nkwe shares an article about AT&T's "Flying COW" drones — their Cell (tower) On Wings drone technology that's helped restore cellphone service after Hurricane Ida and other natural disasters.

"The device is a cell site situated on a drone engineered to beam wireless LTE coverage across an area of up to 40 square miles." The weather-resistant drone can withstand extreme conditions, and its thermal imaging can help search and rescue teams find people in buildings, tree cover, and thick smoke... The drone has the potential to hover over 300 feet and is connected by a tether attached to the ground.

When someone texts, calls, or uses data, the signal is sent to the drone and transferred through the tether to a router. The router pushes information through a satellite, into the cloud, and finally into the AT&T network. The tether also provides constant power to the Flying COW via a fiber, giving the drone unlimited flight time.

Its flying capabilities allow it to soar 500% higher than a terrestrial Cell-on-Wheels mast, expanding how far the signal reaches, though more drones can be added to widen the coverage area. The drone is small and versatile, making it easy to set up, deploy, and move during rapidly changing conditions, like firefighters chasing a wildfire.

"T-Mobile CEO Mike Sievert published an open apology to customers Friday after hackers stole more than 50 million users' personal data, including their Social Security numbers and driver's license information," reports NBC News: "The last two weeks have been humbling for all of us at T-Mobile," he wrote. "To say we are disappointed and frustrated that this happened is an understatement."

The incident is the fourth known breach at T-Mobile since 2018, and by far the largest. The full count of how many customers had their data stolen is unclear, but the company said last week it had identified more than 53 million affected customers, most of them on subscription plans. It also included an unspecified number of "prospective" users who are not T-Mobile customers...

It is unclear why T-Mobile was storing customers' driver's license information and Social Security numbers without encrypting them in a way that would make it difficult or impossible for hackers to see them even if they stole them. Jackie Singh, a cybersecurity consultant, said it was irresponsible on the part of T-Mobile, especially for hard-to-change sensitive personal data like Social Security numbers.

"It is frankly bizarre to learn that in this day and age, a major telco continues to store critical customer data in plain text," she said. "Offering two years of credit monitoring services doesn't change the fact that harm was done to their customer base."
NBC says they spoke to the person identified as the perpetrator by the Wall Street Journal, who told them last week that he'd planned to sell the information on more than 100 million users for a hefty profit.

Meanwhile, T-Mobile's CEO now says they're alerting affected users and have set up a hub for victim services. Beneath the words "NOTICE OF DATA BREACH," it adds the tagline "Keeping you safe from cybersecurity threats. What you need to know and how we're protecting you."

Passengers escaped an Alaska Airlines jet via emergency slides on Monday night after a malfunctioning smartphone filled the cabin with smoke. The Register reports: The pilot ordered the evacuation of flight 751 from New Orleans to Seattle after someone's cellphone started to spit out sparks and smoke just after landing. As the aircraft was still waiting on the tarmac at Seattle-Tacoma International Airport for a gate, the slides were deployed and all 129 passengers and six crew made it out. The errant mobile was also stuffed in a bag to curb its compact conflagration. Two people, we're told, were taken to hospital.

"The crew acted swiftly using fire extinguishers and a battery containment bag to stop the phone from smoking," a spokesperson for Alaska Airlines told The Register. "Crew members deployed the evacuation slides due to hazy conditions inside the cabin. Two guests were treated at a local area hospital." Airport officials, meanwhile, said "only minor scrapes and bruises were reported." It's unknown which device malfunctioned on this flight, but it makes us think back to the Galaxy Note 7 fiasco of 2016 that prompted Samsung to formally recall the smartphone after nearly 100 reports of them catching fire and spewing noxious black smoke. The Note 7 was also banned from aircraft in the United States under an emergency order.

If you plan on unlocking the bootloader to root your Galaxy Z Flip 3 or Galaxy Z Fold 3 -- Samsung's two newest foldabes announced earlier this month, you should know that the Korean OEM will disable the cameras. Technically, this has only been confirmed for the Galaxy Z Fold 3, but the Galaxy Z Flip 3 likely has similar restrictions. XDA Developers reports: According to XDA Senior Members [...], the final confirmation screen during the bootloader unlock process on the Galaxy Z Fold 3 mentions that the operation will cause the camera to be disabled. Upon booting up with an unlocked bootloader, the stock camera app indeed fails to operate, and all camera-related functions cease to function, meaning that you can't use facial recognition either. Anything that uses any of the cameras will time out after a while and give errors or just remain dark, including third-party camera apps.

It is not clear why Samsung chose the way on which Sony walked in the past, but the actual problem lies in the fact that many will probably overlook the warning and unlock the bootloader without knowing about this new restriction. Re-locking the bootloader does make the camera work again, which indicates that it's more of a software-level obstacle. With root access, it could be possible to detect and modify the responsible parameters sent by the bootloader to the OS to bypass this restriction. However, according to ianmacd, Magisk in its default state isn't enough to circumvent the barrier.

"According to addiction expert Dr Anna Lembke, our smartphones are making us dopamine junkies," reports the Guardian, "with each swipe, like and tweet feeding our habit..." As the chief of Stanford University's dual diagnosis addiction clinic (which caters to people with more than one disorder), Lembke has spent the past 25-plus years treating patients addicted to everything from heroin, gambling and sex to video games, Botox and ice baths... Her new book, Dopamine Nation, emphasises that we are now all addicts to a degree. She calls the smartphone the "modern-day hypodermic needle": we turn to it for quick hits, seeking attention, validation and distraction with each swipe, like and tweet. Since the turn of the millennium, behavioural (as opposed to substance) addictions have soared. Every spare second is an opportunity to be stimulated... "We're seeing a huge explosion in the numbers of people struggling with minor addictions," says Lembke.

That has consequences. Although we have endless founts of fun at our fingertips, "the data shows we're less and less happy," she says. Global depression rates have been climbing significantly in the past 30 years and, according to a World Happiness Report, people in high-income countries have become more unhappy over the past decade or so. We've forgotten how to be alone with our thoughts. We're forever "interrupting ourselves", as Lembke puts it, for a quick digital hit, meaning we rarely concentrate on taxing tasks for long or get into a creative flow. For many, the pandemic has exacerbated dependence on social media and other digital vices, as well as alcohol and drugs.

Addiction is a spectrum disorder: it's not as simple as being an addict or not being an addict. It's deemed worthy of clinical care when it "significantly interferes" with someone's life and ability to function, but when it comes to minor digital attachments, the effect is pernicious. "It gets into philosophical questions: how is the time I'm spending on my phone in subtle ways affecting my ability to be a good parent, spouse or friend?" says Lembke. "I do believe there is a cost — one that I don't think we fully recognise because it's hard to [see it] when you're in it...."

"It's very different from how life used to be, when we had to tolerate a lot more distress," says Lembke. "We're losing our capacity to delay gratification, solve problems and deal with frustration and pain in its many different forms."
The solution, according to the article, is dopamine fasts — "the longer, the better...to reset our brain's pathways and gain perspective on how our dependency affects us," eventually attaining the lost art of moderation.

In a 2015 video, PCMag's lead mobile analyst Sascha Segan showed off "One of the coolest phones at this year's CES."

He's now written an article titled "How I Got Suckered by an (Alleged) $10M Phone Scam. The biggest mobile-phone mystery of the 2010s is finally coming to an ignominious end, as yesterday the U.S. attorney for Utah charged Chad Sayers, founder of entirely notional mobile phone firm Saygus, with conducting a $10 million fraud scheme. Saygus "had" a series of "phones" from 2009-2016 that existed as prototypes that the company took on trade shows and to press tours. There was never any real evidence of production runs. The U.S. Attorney now claims Sayers and associated took $10 million in investor money and lived on it without ever really planning to release a product. (I learned this via David Ruddock....)

The phone kept just...not happening. Sayers' genius was that he produced just enough prototypes to show off and kept them in a constant state of pre-sale... "DEFENDANT failed to disclose that device certification with Verizon expired in 2013 and was never renewed," the Department of Justice notes. A new version of the phone then popped up again in 2015, this one supposedly covered in Kevlar with 320GB of storage. Sayers flogged that prototype until early 2016, at which point he said it was coming "next month."

The Department of Justice says: "Between April 7, 2015 and January 10, 2017, DEFENDANT made at least 26 public statements on Twitter that its phone would be shipping 'this month,' 'this week,' or was otherwise launching, when in fact, it has never launched...."

Sayers kept going on press tours and buying expensive trade-show booths with prototypes of phones that would never hit the market, drumming up enough gullible mainstream press coverage (myself included) to presumably attract a continual stream of investors with his claim of being the next big thing.

"What seemed like a small update has, for some, turned into a huge headache," reports ZDNet: Over on Apple's support forum, there are several threads from users complaining that iOS 14.7.1 broke their iPhones, causing a "no service" problem where users are unable to connect to cell service. Ther">e are similar threads on Apple's developer forums as well.

While there doesn't seem to be a pattern to which phones are affected, I've seen reports of everything from the iPhone 6 to iPhone 12 affected, and the cause is clear — upgrading to iOS 14.7.1.
"Users are saying that restarting the phone, removing the SIM, and even resetting network settings didn't help," according to 9to5Mac (in an article shared by long-time Slashdot reader antdude).

Forbes reports the bug appears to happen when you lose your cellular connection and switch to WiFi calling, "so those living in areas with good reception may never see it. Of course, this scenario also helps to mask the scale of iPhones which might be affected." If you haven't upgraded to iOS 14.7.1 yet, this potentially crippling flaw could (understandably) put you off upgrading. The problem is that the release also contains a critical fix for a new zero-day security flaw...

An anonymous reader quotes a report from 9to5Google: Google's ambitions in the car led to Android Auto being redesigned a couple of years ago, mostly to positive feedback. However, the version of Android Auto on phone screens was meant to shut down at the time and has been on life support ever since. Now, that version has stopped working for some users. The aptly named "Android Auto for Phone Screens" was launched in 2019 as Google was forced to delay Google Assistant Driving Mode. That feature, which finally started rolling out in 2020, continued into earlier this year, and has expanded since, was supposed to replace the experience on phone screens. At the time, Google called this app a "stopgap" for users who needed an in-car experience but lacked a vehicle compatible with Android Auto.

In speaking with Google, we are able to confirm that Android Auto for Phone Screens is, indeed, shutting down with the release of Android 12. The experience will not be available for users on Android 12, but still on older versions of the OS. Google says that Assistant Driving Mode will be "the built-in mobile driving experience" on Android 12. Google's full statement follows: "Google Assistant driving mode is our next evolution of the mobile driving experience. For the people who use Android Auto in supported vehicles, that experience isn't going away. For those who use the on phone experience (Android Auto mobile app), they will be transitioned to Google Assistant driving mode. Starting with Android 12, Google Assistant driving mode will be the built-in mobile driving experience. We have no further details to share at this time."

Google's next midrange smartphone is the Pixel 5a, featuring a slightly bigger display than last year's Pixel 4a, a considerably larger battery and IP67 water and dust resistance. It's priced at $449, which is $100 more than the Pixel 4a, and is expected to be the last Google phone to include a charger in the box (sorry Pixel 6 fans). Ars Technica reports: Part of the reason for the price increase is that the Pixel 5a is a bigger phone, with a 6.34-inch display and 73.7 mm width compared to the Pixel 4a's 5.8-inch display and 69.4 mm width. Another big change is the addition of IP67 dust and water resistance, which means the phone should survive submersion in 3 feet of water (1 meter) for 30 minutes. As with the Pixel 5, the Pixel 5a's body is metal coated in plastic instead of the pure plastic body of the Pixel 4a. We didn't see the appeal of this construction in the Pixel 5, but the new phone is presumably stronger now.

As usual, we're getting a no-frills design that takes care of the basics. On the front, there's a slim-bezel OLED display and a hole-punch camera in the top right, while there are two cameras (main and wide-angle) and a capacitive fingerprint reader on the back. Specs include a Snapdragon 765G (that's a 7 nm chip with two Cortex A76 cores and six Cortex A55 cores), 6GB of RAM, 128GB of storage, and the biggest battery of any Pixel: 4680 mAh. The main camera is 12.2 MP and looks like the same Sony IMX363 sensor that Google has used for the past four years. There's a 16 MP wide-angle and an 8 MP front camera. Oh yeah, the headphone jack is sticking around for at least one more year. If there's a disappointment with the Pixel 5a, it's the 60 Hz display, which is looking pretty slow in a world where 90 Hz and 120 Hz are often the norm. Another important note is that the Pixel 5a will get three years of major updates and three years of security updates. It's currently available for preorder now and starts shipping on August 26.

An anonymous reader shares an excerpt from Wired, written by Lauren Goode: Samsung's newest foldables are even more impressive than the folding models that came before them. (The company first started shipping foldable phones in 2019, after years of development.) And yet, folding phones are still the 3D TVs of the smartphone world: birthed with the intention of swiveling your head toward a product at a time when the market for that product has softened. They're technically complicated. They're expensive. And their usability depends a whole lot on the way content is displayed on them, which means manufacturers could nail all the tech specs and still must wait on software makers (or entertainment companies) to create stuff to fill these space-age screens. All this does not bode well for the future of foldable phones, though some analysts are more optimistic.

Back in the early 2010's, global TV shipments started slipping, as developed markets became saturated with flat-screen TVs. And as prices for LCD TVs sank, so did profits. So TV manufacturers like Sony, LG, and Samsung began hyping the next expensive upgrade: 3D televisions. We tech journalists marched around the annual CES in 3D glasses, hoping to catch a glimpse of a 3D TV that would change our minds about this gimmicky technology. We grew mildly nauseous. We waited for more content. Five years later, 3D TV was dead. At the end of the last decade, WIRED's Brian Barrett summed up the great 3D TV pitch as "what happens when smart people run out of ideas, the last gasp before aspiration gives way to commoditization."

I know: TVs and mobile phones are different beasts. Mobile phones have fundamentally altered the way we live. Billions of handsets have been sold. But about four years ago, global smartphone sales slowed. By 2019, consumers were holding on to their phones for a few extra months before splurging on an upgrade. As smartphones became more secure and reliable, running on desktop-grade chip systems and featuring cameras good enough to decimate the digital camera market, each new iteration of a phone seemed, well, iterative. Enter foldable displays, which are either a desperate gimmick or a genuine leap forward, depending on whom you ask. Or, like 3D TVs, maybe they're both.

Foldables were also supposed to be the ultimate on-the-go device, for road warriors and jet-setters and productivity gurus who want to "stay in the flow" at all times. As I've written before, it's not exactly the best time to beta test this concept, while some of our movements are limited. The context for foldables has changed in the short time since they became commercially available. Of course, that context could always change again. Foldables may be the next frontier in phones, or in tablets, or laptops, or all of the above. They could become commonplace, assumed, as boring as a solid inflexible brick. Maybe we'll manage our decentralized bank accounts on a creaky screen as we shoot into sub-orbital space. Or maybe we'll stare into the screens, two parts fused into one, and hope that the future is something more than this. The biggest argument for foldables not being 3D TVs, as mentioned by research manager for IDC, Jitesh Ubrani, is the potential utility of foldables.

"Most people in the industry, and even many consumers, believe that ultimately there is just going to be one device you use, you know?" Ubrani says. "And this device will have the ability to function as a phone, as a PC, as a tablet. So where foldables can really drive the technology is by replacing three devices with one."

Slashdot reader nickwinlund77 quotes Wired: Location data sharing from wireless carriers has been a major privacy issue in recent years... Carriers remain perennially hungry to know as much about you as they can. Now, researchers are proposing a simple plan to limit how much bulk location data they can get from cell towers.

Much of the third-party location data industry is fueled by apps that gain permission to access your GPS information, but the location data that carriers can collect from cell towers has often provided an alternative pipeline. For years it's seemed like little could be done about this leakage, because cutting off access to this data would likely require the sort of systemic upgrades that carriers are loath to make.

At the Usenix security conference on Thursday, though, network security researchers Paul Schmitt of Princeton University and Barath Raghavan of the University of Southern California are presenting a scheme called Pretty Good Phone Privacy that can mask wireless users' locations from carriers with a simple software upgrade that any carrier can adopt—no tectonic infrastructure shifts required... The researchers propose installing portals on every device — using an app or operating system function — that run regular checks with a billing server to confirm that a user is in good standing. The system would hand out digital tokens that don't identify the specific device but simply indicate whether the attached wireless account is paid up.

Slashdot reader lightbox32 shared this report from Motherboard: T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn't mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers.

The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.
Mashable points out that "it's entirely possible that the seller is misrepresenting the scope of the breach and/or the contents of the information they claim to be selling.

"T-Mobile likely isn't going to say anything until there's a clearer sense of the risks its customers are actually facing."

"Developers are once again publicly highlighting instances in which Apple has failed to keep scam apps off of the app store," reports Ars Technica: The apps in question charge users unusual fees and siphon revenue from legitimate or higher-quality apps. While Apple has previously come under fire for failing to block apps like these from being published, developers complained this week that Apple was actually actively promoting some of these apps...

Apple continues to play whack-a-mole with these apps, but various developers have both publicly and privately complained that the company takes too long. One developer we exchanged emails with claimed that, when they discovered a scam app that stole assets from their own legitimate app and which was clearly designed to siphon users from the real app, Apple took 10 days to remove the app, while Google only took "1-2 days" on the Android side. The app was allowed back on Apple's App Store once the stolen assets were removed. During the long waiting period, the developer of the legitimate app lost a significant amount of users and revenue, while the developer of the illegitimate app profited.

As Apple fights legal battles to prevent third-party app stores from making their way to iOS on the basis that those alternative app stores may be less secure than Apple's own, claims from developers that scam apps are slipping through may undermine Apple's defense.

Fossbytes has an article detailing how you can check to see if your mobile device is infected with the "Pegasus" spyware. What's Pegasus you ask? It's phone-penetrating spy software developed by NSO Group and sold to governments to target journalists and activists around the world. The CEO of NSO Group says law-abiding citizens have "nothing to be afraid of," but that doesn't help us sleep any better. Here's how to check if your device has been compromised (heads up: it's a bit of a technical and lengthy process): First off, you'll need to create an encrypted backup and transfer it to either a Mac or PC. You can also do this on Linux instead, but you'll have to install libimobiledevice beforehand for that. Once the phone backup is transferred, you need to download Python 3.6 (or newer) on your system -- if you don't have it already. Here's how you can install the same for Windows, macOS, and Linux. After that, go through Amnesty's manual to install MVT correctly on your system. Installing MVT will give you new utilities (mvt-ios and mvt-android) that you can use in the Python command line. Now, let's go through the steps for detecting Pegasus on an iPhone backup using MVT.

First of all, you have to decrypt your data backup. To do that, you'll need to enter the following instruction format while replacing the placeholder text (marked with a forward slash) with your custom path: "mvt-ios decrypt-backup -p password -d /decrypted /backup". Note: Replace "/decrypted" with the directory where you want to store the decrypted backup and "/backup" with the directory where your encrypted backup is located.

Now, we will run a scan on the decrypted backup, referencing it with the latest IOCs (possible signs of Pegasus spyware), and store the result in an output folder. To do this, first, download the newest IOCs from here (use the folder with the latest timestamp). Then, enter the instruction format as given below with your custom directory path: "mvt-ios check-backup -o /output -i /pegasus.stix2 /backup". Note: Replace "/output" with the directory where you want to store the scan result, "/backup" with the path where your decrypted backup is stored, and "/pegasus.stix2" with the path where you downloaded the latest IOCs.

After the scan completion, MVT will generate JSON files in the specified output folder. If there is a JSON file with the suffix "_detected," then that means your iPhone data is most likely Pegasus-infected. However, the IOCs are regularly updated by Amnesty's team as they develop a better understanding of how Pegasus operates. So, you might want to keep running scans as the IOCs are updated to make sure there are no false positives.

LG will reportedly start selling iPhones and iPads in its South Korean stores this August -- mere months after the company quit making Android devices. Android Authority reports: According to MacRumors, the Herald Economic Daily claims LG has struck a deal with Apple to sell the iPhone and iPad in 400 stores across South Korea starting in August. LG may have to overcome some hurdles to make this happen. The company reportedly signed a "win-win" agreement with the country's National Mobile Communication Distribution Association that bars it from selling a direct competitor's phones in its stores. That deal was made in 2018, however, or well before LG signaled that it would quit making phones and tablets. LG is supposedly planning to renegotiate the agreement once it officially sells the iPhone and iPad in its shops. The deal unsurprisingly wouldn't include Macs, as systems like the MacBook Air compete directly with the Gram series and other LG computers where the iPhone and iPad are relatively safe.

An anonymous reader quotes a report from Interesting Engineering: [Researchers at the Indian Institute of Science Education and Research (IISER), Kolkata] along with those at the Indian Institute of Technology (IIT), Kharagpur decided to focus on developing something that is harder than conventional self-healing material, as reported by The Telegraph India. The researchers used a piezoelectric organic material, which converts mechanical energy to electrical energy and vice versa, to make needle-shaped crystals that aren't more than 2 mm long or 0.2 mm wide, according to the experimental results which were published in the journal Science. Due to their molecular arrangement in the specially designed crystals, a strong attractive force developed between two surfaces. Every time a fracture occurred, the attractive forces joined the pieces back again, without needing an external stimulus such as heat or others that most self-healing materials would need.

"Our self-healing material is 10 times harder than others, and it has a well-ordered internal crystalline structure, that is favored in most electronics and optical applications," lead researcher Professor Chilla Malla Reddy of IISER said. "I can imagine applications for an everyday device," said Bhanu Bhushan Khatua, a member of the team from IIT Kharagpur." Such materials could be used for mobile phone screens that will repair themselves if they fall and develop cracks."

Activations of iOS and Android devices are now evenly split in the United States, with little sign of movement toward either platform dominating over the past two years, according to data sourced by Consumer Research Intelligence Partners (CIRP). MacRumors reports: CIRP estimates that iOS and Android each had 50 percent of new smartphone activations in the year ending this quarter. iOS's share of new smartphone activations climbed from 2017 to 2020, but has now remained at its peak level for a second consecutive year. CIRP Partner and Co-Founder Josh Lowitz said that the finding is significant because for several years, Android smartphones "had a significant edge, with over 60 percent of customers opting for an Android phone in most quarters. In the past couple of years, though, iOS has closed the gap, and now splits the market with Android."

Both Android and iOS users have had a high level of loyalty historically. Android loyalty has varied very slightly, in a narrow range of 90 to 93 percent in the past four years. iOS loyalty, on the other hand, has gradually increased over the past four years, from a low of 86 percent in early 2018 to 93 percent in the most recent quarter ending in June 2021. Loyalty and tendency to switch platforms may explain some of the change in the share of new smartphone activations, where iOS has gained loyalty in a market with a limited amount of switching.

Cellphones "can be transformed into surveillance devices," writes the Guardian, reporting startling new details about which innocent people are still being surveilled (as part of a collaborative reporting project with 16 other media outlets led by the French nonprofit Forbidden Stories).

Long-time Slashdot reader shanen shared the newspaper's critique of a "privatised government surveillance industry" that's made NSO a billion-dollar company, thanks to its phone-penetrating spy software Pegaus: [NSO] insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of "legitimate criminal or terror group targets". Yet in the coming days the Guardian will be revealing the identities of many innocent people who have been identified as candidates for possible surveillance by NSO clients in a massive leak of data... The presence of their names on this list indicates the lengths to which governments may go to spy on critics, rivals and opponents.

First we reveal how journalists across the world were selected as potential targets by these clients prior to a possible hack using NSO surveillance tools. Over the coming week we will be revealing the identities of more people whose phone numbers appear in the leak. They include lawyers, human rights defenders, religious figures, academics, businesspeople, diplomats, senior government officials and heads of state. Our reporting is rooted in the public interest. We believe the public should know that NSO's technology is being abused by the governments who license and operate its spyware.

But we also believe it is in the public interest to reveal how governments look to spy on their citizens and how seemingly benign processes such as HLR lookups [which track the general locations of cellphone users] can be exploited in this environment.

It is not possible to know without forensic analysis whether the phone of someone whose number appears in the data was actually targeted by a government or whether it was successfully hacked with NSO's spyware. But when our technical partner, Amnesty International's Security Lab, conducted forensic analysis on dozens of iPhones that belonged to potential targets at the time they were selected, they found evidence of Pegasus activity in more than half.
The investigators say that potential targets included nearly 200 journalists around the world, including numerous reporters from CNN, the Associated Press, Voice of America, the New York Times, the Wall Street Journal, Bloomberg News, Le Monde in France, and even the editor of the Financial Times.

In addition, the investigators say they found evidence the Pegasus software had been installed on the phone of the fiancée of murdered Saudi journalist Jamal Khashoggi. NSO denies this to the Washington Post. But they also insist that they're simply licensing their software to clients, and their company "has no insight" into those clients' specific intelligence activities.

The Washington Post reports that Amnesty's Security Lab found evidence of Pegasus attacks on 37 of 67 smartphones from the list which they tested. But beyond that "for the remaining 30, the tests were inconclusive, in several cases because the phones had been replaced. Fifteen of the phones were Android devices, none of which showed evidence of successful infection. However, unlike iPhones, Androids do not log the kinds of information required for Amnesty's detective work."

Familiar privacy measures like strong passwords and encryption offer little help against Pegasus, which can attack phones without any warning to users. It can read anything on a device that a user can, while also stealing photos, recordings, location records, communications, passwords, call logs and social media posts. Spyware also can activate cameras and microphones for real-time surveillance.