Google Wallet on Android is finally getting ready for your digital driver's license and other US state IDs. Google says the feature is rolling out this month, and it will slowly start bringing states online this year. From a report: Of course, your state has to be one of the few that actually supports digital IDs. Google says Maryland residents can use the feature right now and that "in the coming months, residents of Arizona, Colorado and Georgia will join them." The road to digital driver's license support has been a long one, with the "Identity Credential API" landing in Android 11 back in 2020. Since then it has technically been possible for states to make their own ID app.

Now Google Wallet, Google's re-re-reboot of its payment app, is providing a first-party way to store an ID on your phone. Some parts of the Identity Credential API landed in Google Play Services (Google's version-agnostic brick of APIs), so Wallet supports digital IDs going back to Android 8.0, which covers about 90 percent of Android devices. Maryland has supported Digital IDs on iOS for a while, which gives us an idea of how this will work. An NFC transfer is enough to beam your credentials to someone, where you can just tap against a special NFC ID terminal and confirm the transfer with your fingerprint. Wallet has an NFC option, along with a "Show code" option that will show the traditional driver's license barcode.

Apple is denying claims made by Russia's Federal Security Service (FSB) that it cooperated with American spies to surveil Russian iPhone users. From a report: In a statement, the company said it has "never worked with any government to insert a backdoor into any apple product and never will."

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. From a report: The delivery of the message exploits a vulnerability that leads to code execution without requiring any user interaction, leading to the download of additional malicious from the attackers' server. Subsequently, the message and attachment are wiped from the device. At the same time, the payload stays behind, running with root privileges to collect system and user information and execute commands sent by the attackers.

Kaspersky says the campaign started in 2019 and reports the attacks are still ongoing. The cybersecurity firm has named the campaign "Operation Triangulation" and is inviting anyone who knows more about it to share information. [...] In a statement coinciding with Kaspersky's report, Russia's FSB intelligence and security agency claims that Apple deliberately provided the NSA with a backdoor it can use to infect iPhones in the country with spyware. The FSB alleges that it has discovered malware infections on thousands of Apple iPhones belonging to officials within the Russian government and staff from the embassies of Israel, China, and several NATO member nations in Russia. Despite the seriousness of the allegations, the FSB has provided no proof of its claims.

Researchers from Cisco's Talos security team have uncovered detailed information about Predator, a sophisticated spyware sold to governments worldwide, which can secretly record voice calls, collect data from apps like Signal and WhatsApp, and hide or disable apps on mobile devices. Ars Technica reports: An analysis Talos published on Thursday provides the most detailed look yet at Predator, a piece of advanced spyware that can be used against Android and iOS mobile devices. Predator is developed by Cytrox, a company that Citizen Lab has said is part of an alliance called Intellexa, "a marketing label for a range of mercenary surveillance vendors that emerged in 2019." Other companies belonging to the consortium include Nexa Technologies (formerly Amesys), WiSpear/Passitora Ltd., and Senpai. Last year, researchers with Google's Threat Analysis Group, which tracks cyberattacks carried out or funded by nation-states, reported that Predator had bundled five separate zero-day exploits in a single package and sold it to various government-backed actors. These buyers went on to use the package in three distinct campaigns. The researchers said Predator worked closely with a component known as Alien, which "lives inside multiple privileged processes and receives commands from Predator." The commands included recording audio, adding digital certificates, and hiding apps. [...]

According to Talos, the backbone of the malware consists of Predator and Alien. Contrary to previous understandings, Alien is more than a mere loader of Predator. Rather, it actively implements the low-level capabilities that Predator needs to surveil its victims. "New analysis from Talos uncovered the inner workings of PREDATOR and the mechanisms it uses to communicate with the other spyware component deployed along with it known as 'ALIEN,'" Thursday's post stated. "Both components work together to bypass traditional security features on the Android operating system. Our findings reveal the extent of the interweaving of capabilities between PREDATOR and ALIEN, providing proof that ALIEN is much more than just a loader for PREDATOR as previously thought to be." In the sample Talos analyzed, Alien took hold of targeted devices by exploiting five vulnerabilities -- CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003, CVE-2021-1048 -- the first four of which affected Google Chrome, and the last Linux and Android. [...] The deep dive will likely help engineers build better defenses to detect the Predator spyware and prevent it from working as designed. Talos researchers were unable to obtain Predator versions developed for iOS devices.

An anonymous reader quotes a report from Ars Technica: Amid a plethora of game trailers, Sony dedicated a single minute of its more-than-an-hour-long PlayStation Showcase livestream on Wednesday to reveal two new hardware products. The most buzzworthy of these is surely Project Q -- that's the internal name, as the final name is still pending. Whatever it is called in the future, Project Q confirms a long-standing rumor: It's a new PlayStation handheld.

The device will be focused on streaming; Sony says it will allow users to stream any non-VR game from a local PlayStation 5 console using Remote Play over Wi-Fi. In fact, it won't be able to play games on its own; it's all about the streaming functionality. As for Project Q's specs, it has an 8-inch HD screen and "all the buttons and features of the DualSense wireless controller." Release dates and pricing for these haven't been announced [...]. Ars notes that Sony has been offering Remote Play for a while on other devices. "You can sync a DualSense controller with your macOS, Windows, iOS, or Android device and stream your games over Wi-Fi or the Internet, though the latter is laden with latency challenges."

In addition to Project Q, Sony also announced plans to launch Bluetooth earbuds that can simultaneously connect to a PlayStation console, mobile device, and PCs, similar to AirPods.

Apple is planning a new interface for iPhones that shows information such as calendar appointments, the weather and notifications in the style of a smart-home display, part of a flurry of new features coming in its iOS 17 software update. From a report: The view will appear when an iPhone is locked and positioned horizontally, operating similarly to dedicated displays offered by Alphabet's Google and Amazon.com, according to people familiar with the project. The idea is to make iPhones more useful when they're, for example, lying on a person's desk or nightstand. The move is part of a broader push to embed live information in more parts of the company's software -- an approach that also includes the Apple Watch's interface. The new view is one of several changes planned for iOS 17, codenamed Dawn, which will be released to consumers later in 2023. Apple plans to unveil the software alongside its mixed-reality headset at the Worldwide Developers Conference on June 5.

Apple on Tuesday announced a new multiyear, multibillion-dollar agreement with Broadcom, a leading U.S. technology and advanced manufacturing company. From a report: Through this collaboration, Broadcom will develop 5G radio frequency components -- including FBAR filters -- and cutting-edge wireless connectivity components. The FBAR filters will be designed and built in several key American manufacturing and technology hubs, including Fort Collins, Colorado, where Broadcom has a major facility.

"We're thrilled to make commitments that harness the ingenuity, creativity, and innovative spirit of American manufacturing," said Tim Cook, Apple's CEO. "All of Apple's products depend on technology engineered and built here in the United States, and we'll continue to deepen our investments in the U.S. economy because we have an unshakable belief in America's future."

Apple already helps support more than 1,100 jobs in Broadcom's Fort Collins FBAR filter manufacturing facility, and the partnership will enable Broadcom to continue to invest in critical automation projects and upskilling with technicians and engineers. Across the country, Apple supports more than 2.7 million jobs through direct employment, developer jobs in the thriving iOS app economy, and spending with more than 9,000 U.S. suppliers and manufacturers of all sizes in all 50 states across dozens of sectors.

An anonymous reader quotes a report from ZDNet: Bluesky Social, the popular new beta social network, is taking a big open-source step forward. On May 15th, 2023, it open-sourced the codebase for its Bluesky Social app on GitHub. This fits well with its plans. From the start, its owner, BlueSky Public Benefit LLC, a public benefit corporation, was building an "open and decentralized" social network.

Unlike Twitter, which is still tripping over its own open source feet, Bluesky client code is for anyone who wants to work on improving the code or use it as the basis for their own social network. Twitter's recommendation code, on the other hand, is essentially unusable. The Bluesky code, licensed under the MIT License, can be used now. Indeed, while it's been out for only about 24 hours, it's already been forked 88 times and has earned over 1,300 GitHub Stars.

While it's specifically the Bluesky Social app's codebase, it's also a resource for AT Protocol programmers. This protocol supports a decentralized social network. Its features include connecting with anyone on a server that supports AT Protocol; controlling how users see the world via an open algorithm market; and enabling users to change hosts without losing their content, followers, or identity. The code itself is written in React Native. This is an open-source, user-interface JavaScript software framework. It's used primarily to build applications that run on both iOS and Android devices.

An official ChatGPT app is now available for iOS, with an Android version coming "soon." It can be downloaded from the App Store here. The Verge reports: The app is free to use, syncs chat history with the web, and features voice input, supported by OpenAI's open-source speech recognition model Whisper. The app works on both iPhones and iPads and can be downloaded from the App Store. OpenAI says it's rolling out the app in the US first and will expand to other countries "in the coming weeks."

OpenAI didn't previously hint that a mobile app was coming, but it makes sense given the incredible popularity of ChatGPT. The AI chatbot launched last November but rocketed in use. Some outside estimates suggest the app attracted 100 million users by January this year, though OpenAI has never confirmed these figures.

Apple has registered a wordmark for "xrOS" in New Zealand, the first time the company has indirectly revealed both the name of the operating system for its upcoming headset and the official font and styling that accompanies it. From a report: Spotted by Parker Ortolani, the xrOS wordmark registered with the New Zealand Intellectual Property Office shows that Apple will use its San Francisco typeface in xrOS marketing, just as it does for macOS, iOS, watchOS, and tvOS. "xrOS" is meant to stand for "extended reality." Extended reality represents both the augmented and virtual reality functions the headset will support. The name was already confirmed by internal Apple sources last year via Bloomberg, and Apple has also been trademarking xrOS in several countries through a hidden shell company.

An anonymous reader quotes a report from TechCrunch: Google [on Wednesday] released MusicLM, a new experimental AI tool that can turn text descriptions into music. Available in the AI Test Kitchen app on the web, Android or iOS, MusicLM lets users type in a prompt like "soulful jazz for a dinner party" or "create an industrial techno sound that is hypnotic" and have the tool create several versions of the song. Users can specify instruments like "electronic" or "classical," as well as the "vibe, mood, or emotion" they're aiming for, as they refine their MusicLM-generated creations.

When Google previewed MusicLM in an academic paper in January, it said that it had "no immediate plans" to release it. The coauthors of the paper noted the many ethical challenges posed by a system like MusicLM, including a tendency to incorporate copyrighted material from training data into the generated songs. But in the intervening months, Google says it's been working with musicians and hosting workshops to "see how [the] technology can empower the creative process." One of the outcomes? The version of MusicLM in AI Test Kitchen won't generate music with specific artists or vocals. Make of that what you will. It seems unlikely, in any case, that the broader challenges around generative music will be easily remedied. You can sign up to try MusicLM here.

Apple failed to revive a long-running copyright lawsuit against cybersecurity firm Corellium over its software that simulates the iPhone's iOS operating systems, letting security researchers to identify flaws in the software. From a report: The US Court of Appeals for the Eleventh Circuit on Monday ruled that Corellium's CORSEC simulator is protected by copyright law's fair use doctrine, which allows the duplication of copyrighted work under certain circumstances. Apple argued that Corellium's software was "wholesale copying and reproduction" of iOS and served as a market substitute for its own security research products. Corellium countered that its copying of Apple's computer code and app icons was only for the purposes of security research and was sufficiently "transformative" under the fair use standard. The three-judge panel largely agreed with Corellium, finding that CORSEC "furthers scientific progress by allowing security research into important operating systems" and that iOS "is functional operating software that falls outside copyright's core."

Apple and Google said on Tuesday that they were working together to prevent lost item trackers like Apple's AirTag from being used to track people without their permission. From a report: The companies came together to draft a new industry standard that will add the ability to alert victims to unwanted trackers in Android and iOS, the companies said. Apple's AirTag is intended to help people find lost items such as keys by displaying an item's nearly real-time location inside an iPhone app. But there have been many reports about the $30 coin-sized device being used to stalk people since it went on sale in 2021. In response, Apple previously built detection features into iPhones that allow users to detect unfamiliar AirTags in the user's area. Tuesday's announcement suggests that Android phones will also soon gain the ability to warn their users if they are being tracked by an AirTag.

Apple promised faster turnaround times for security patches with iOS 16 and macOS Ventura, and it's now delivering on that claim. From a report: The company has released its first Rapid Security Response updates for devices running iOS 16.4.1, iPadOS 16.4.1 and macOS 13.3.1. They're available through Software Update as usual, but are small downloads that don't require much time to install. MacRumors says the fix is deploying over the course of 48 hours, so don't be surprised if you have to wait a short while.

Apple has revealed App Store metrics in Europe in response to the European Digital Services Act. From the legal compliance post: iOS App Store: 101 million
iPadOS App Store: 23 million
macOS App Store: 6 million
tvOS App Store: 1 million
watchOS App Store: under 1 million
Apple Books: under 1 million
Podcasts paid subscriptions: under 1 million

WhatsApp users are no longer restricted to using their account on just a single phone. Today, the Meta-owned messaging service is announcing that its multi-device feature -- which previously allowed you to access and send messages from additional Android tablets, browsers, or computers alongside your primary phone -- is expanding to support additional smartphones. From a report: "One WhatsApp account, now across multiple phones" is how the service describes the feature, which it says is rolling out to everyone in the coming weeks. Setting up a secondary phone to use with your WhatsApp account happens after doing a fresh install of the app. Except, rather than entering your phone number during setup and logging in as usual, you instead tap a new "link to existing account" option. This will generate a QR code to be scanned by your primary WhatsApp phone via the "link a device" option in settings. The new feature works across both iOS and Android devices. WhatsApp is pitching the feature as a useful tool for small businesses that might want multiple employees to be able to send and receive messages from the same business number via different phones.

Bluesky, the Twitter alternative backed by Twitter co-founder and CEO Jack Dorsey, has now rolled out to Android users. TechCrunch reports: The app, which promises a future of decentralized social networking and choose-your-own algorithms, initially launched to iOS users in late February and remains in a closed beta. The exclusivity is driving demand for the newer social network to some extent, but so is having Dorsey's name attached. Bluesky aims to give users algorithmic choice, letting them eventually choose from a marketplace of algorithms that let them control what they see on their own feed, instead of having it controlled by some central authority.

At launch, however, Bluesky remains a pared-down version of Twitter without many of the features that make the social network what it is today, including basic tools for tracking likes or bookmarks, editing tweets, quote-tweeting, DM's, using hashtags and more. It's also building in decentralization with its own protocol -- the AT Protocol -- instead of contributing to the existing work around ActivityPub, the protocol powering the open source Twitter alternative Mastodon and a range of other decentralized apps in the wider "Fediverse" -- the name for these interconnected servers running open software used for web publishing. That puts Bluesky on the outside of where a lot of the current activity is taking place around decentralized social networking. You can download Bluesky on the Google Play Store here.

Israeli spyware maker NSO Group deployed at least three new "zero-click" hacks against iPhones last year, finding ways to penetrate some of Apple's latest software, researchers at Citizen Lab have discovered. From a report: The attacks struck phones with iOS 15 and early versions of iOS 16 operating software, Citizen Lab said in a report Tuesday. The lab, based at the University of Toronto, shared its results with Apple, which has now fixed the flaws that NSO had been exploiting. It's the latest sign of NSO's ongoing efforts to create spyware that penetrates iPhones without users taking any actions that allow it in. Citizen Lab has detected multiple NSO hacking methods in past years while examining the phones of likely targets, including human rights workers and journalists.

While it is unsettling to civil rights groups that NSO was able to come up with multiple new means of attack, it did not surprise them. "It is their core business," said Bill Marczak, a senior researcher at Citizen Lab. "Despite Apple notifying targets, and the Commerce Department putting NSO on a blacklist, and the Israeli ministry cracking down on export licenses -- which are all good steps and raising costs -- NSO for the moment is absorbing those costs," Marczak said. Given the financial and legal fights NSO is involved in, Marczak said it was an open question how long NSO could keep finding or buying new exploits that are effective.

In addition to the company's long-rumored mixed reality headset, Apple is expected to launch new MacBooks, as well as a "major" update to the Apple Watch's watchOS software at its Worldwide Developers Conference (WWDC) in June. All told, WWDC 2023 could end up being one of Apple's "biggest product launch events ever," according to Bloomberg's Mark Gurman. The Verge reports: Let's start with the Macs. Gurman doesn't explicitly say which macOS-powered computers Apple could announce in June, but lists around half a dozen devices it currently plans to release this year or early 2024. There's an all new 15-inch MacBook Air, an updated 13-inch MacBook Air, and new 13-inch and "high-end" MacBook Pros. Meanwhile on the Mac side Apple still needs to replace its last Intel-powered device, the Mac Pro, with an Apple Silicon model, and it also reportedly has plans to refresh its all-in-one 24-inch iMac.

Bloomberg's report notes that "at least some of the new laptops" will make an appearance. The bad news is that none are likely to run Apple's next-generation M3 chips, and will instead ship with M2-era processors. Apple apparently also has a couple of new Mac Studio computers in development, but Bloomberg is less clear on when they could launch.

Over on the software side, which is WWDC's traditional focus, watchOS will reportedly receive a "major" update that includes a revamped interface. Otherwise, we could be in for a relatively quiet show on the operating system front as iOS, iPadOS, macOS, and tvOS are not expected to receive major updates this year. Gurman does say that work to allow sideloading on iOS to comply with upcoming EU legislation is ongoing.

Apple in iOS 17 will for the first time allow iPhone users to download apps hosted outside of its official App Store, according to Bloomberg's Mark Gurman. From a report: Otherwise known as sideloading, the change would allow customers to download apps without needing to use the App Store, which would mean developers wouldn't need to pay Apple's 15 to 30 percent fees. The European Union's Digital Markets Act (DMA), which went into effect on November 1, 2022, requires "gatekeeper" companies to open up their services and platforms to other companies and developers. The DMA will have a big impact on Apple's platforms, and it could result in Apple making major changes to the App Store, Messages, FaceTime, Siri, and more. Apple is planning to implement sideloading support to comply with the new European regulations by next year, according to Gurman.