Headlines

5 days ago

Best Android apps for learning a language in 2018

5

Learning a new language doesn't have to happen in a classroom.

A new year means new resolutions, and for some folks, that means sitting down and deciding to learn a new language. After all, in a world that is becoming increasingly multicultural, being multilingual is a handy skill. If you've been trying to figure out if there's a good app that will let you learn while commuting or at home, then we've got good news for you.

We've collected the best language learning apps on Android for you right here!

Learn languages: Rosetta Stone

Rosetta Stone

Rosetta Stone is already well known as a great way to begin learning a new language, but you may not have realized that it was available on your phone. With access to 28 different languages, a slow and steady pace that is great for building up your confidence, and optional live tutoring, there is a reason that Rosetta Stone is king when it comes to language learning apps. Whether you're aiming to learn for fun, or you want to become fluent, this is a great place to start. This program will let you learn how to speak, write, and read in a new language, with an emphasis on building confidence in pronunciation and the ability to sync progress across your desktop and mobile devices.

When it comes to language apps, Rosetta Stone may already be the first software you think of. There's a good reason for that too. For years Rosetta Stone has dominated language learning on PC and its mobile version is just as solid. While getting access to the full program is a bit pricey, if you're motivated to really learn a new language it's worth the hit to your wallet in the long run.

Jill Duffy of PCMag gave it high marks for a foundation in a new language.

"Rosetta Stone is a wonderful, polished, and technically competent language-learning program, especially for beginners who are looking to build a foundation of knowledge on their own time."

While Rosetta Stone does have it's limitations, for those without a background in the language they're trying to learn, this is the most solid all-around program. While it can be repetitive, that's to make sure that your new vocabulary sticks in your brain. At higher levels, you'll also be able to read to the program while it listens to your pronunciation. Additionally, it employs games like bingo to help your association between individual words and their meanings.

One of the biggest perks to Rosetta Stone is how they introduce everything. Immersion is the key to learning with Rosetta Stone, combined with deductive reasoning. At time you'll need to guess a new word, but it's made easier by giving you choices of other words that you've already learned.

Download: Rosetta Stone(Subscription required)

Duolingo

Duolingo

While price isn't an option for some people, if you're looking for the best way to begin learning a new language on a budget then Duolingo is definitely the best bet. This free app has access to over 20 different languages to learn from Vietnamese and Irish to Spanish and German. Unlike most other programs, Duolingo employs XP and leaderboards so that you can learn with your friends and turns language into a game to be played.

Each language is a little bit different, and the more popular languages do have access to far more module lessons. Each one starts out the same though. You'll deal with the basics before moving on to phrases and language-specific lessons. The leaderboards will show you which friends on Facebook use the app and will let you compete against each other. By completing modules you'll also earn EXP and Lingots which you can use to purchase extra modules. If you're learning with friends, you can also start clubs which allows you to turn learning a language into a group activity.

Duolingo makes learning a language fun, and with its social aspects, it's easy to learn a language with friends. Absolutely free, you never need to pay a penny in order to learn everything it has to offer. It even also allows people coming back to a language to test past the basics and jump right back into learning new content.

Download: Duolingo(Free)

Babbel

Babbel

If you're looking for a solid middle of the road option for learning a new language, then Babbel ought to be your go to. It offers a subscription for access to the full catalog, but it isn't nearly as expensive as picking up a copy of Rosetta Stone. Each language is made up of a variety of courses from beginning vocabulary to grammar and writing in the language you are learning.

Each lesson must be downloaded to your phone, but they only take a moment or two and then you can properly jump in. Those lessons are also fairly short, making them easy to rock through when you're sitting on the train during your commute. There are currently 14 languages in the Babbel arsenal, from Spanish to Brazilian Portuguese.

Babbel offers an affordable middle of the road option for learning a new language. There are 14 different languages available, with plenty of courses to get you working towards fluency in a new language. Each language must be downloaded as a different app, which can be a bit bulky if you download more than one at a time but this does make it easier to stick with a language once you get started.

Download: Babbel(Subscription required after free trial)

Questions?

Whether you're looking for a free option that will let you learn in your free time, or you're willing to go all in and pay for a subscription, you've got options when it comes to learning a new language. Unlike days past, you won't need to head into a classroom because everything that you need is right on your phone! Is your favorite language learning app on our list? Is there another app that we ought to add? Let us know in the comments below!

Updated January 2018: We've updated this post with new features for the best language learning apps on Android!

Read more and comment

 
6 days ago

LG Pay will reportedly launch in the U.S. in June

73

LG's payment solution supports NFC and MST transactions.

If you live in the United States, you have no shortage of mobile payment services to choose from. Most all Android phones have access to Android Pay (er, Google Pay), certain Samsung devices can use Samsung Pay, iPhones offer Apple Pay, and you better not forget the likes of Garmin Pay and Fitbit Pay on fitness trackers.

LG launched LG Pay in South Korea back in June of 2017, and now according to a report from Yonhap, the company will be expanding it to the United States a year later this coming June.

It's said that LG Pay will first be available on the G7 and V40, and following this, LG will extend its availability to its mid-range lineup. LG Pay can be used for making payments via NFC, but similar to Samsung Pay, it also features Wireless Magnetic Communication tech to complete transactions at older MST terminals.

We understand the urge to moan and groan about having yet another payment service to keep up with, but the ability to pay with your phone at stores even if they don't accept NFC is still exciting. This is obviously something Samsung's been doing since the Galaxy S6, but if more phones can offer similar functionality, the better.

The LG G7 is currently expected to launch in the U.S. in either March or April, so assuming Yonhap's reporting is accurate, the G7 (or whatever it ends up being called) will be without LG Pay for a few weeks following its debut.

LG G7 (2018 flagship) rumor roundup: Everything you need to know

Read more and comment

 
6 days ago

Best Android apps for building better habits in 2018

3

New year, new habits, new you.

Trying to build yourself better habits isn't always an easy process. It's easy to forget or lose motivation halfway to your goals. Of course that's unless you've got a decent app in your pocket that makes it easier to remind yourself to stick to that resolution. If you aren't sure what apps will work, have no fear. We've done the work for you.

We've got the best habit building apps on Android for you right here!

Google Calendar

When it comes to trying to build a new habit, one of the most difficult parts can just be remembering to try and fit it into your schedule every day. If you're trying to figure out how to fit in time at the gym each day, or where to cram in 20 minutes for yoga when your schedule already seems fit to burst, then your salvation may come from an unlikely place: Google Calendar.

You can add recurring events to your calendar and tell it roughly what time of day you want to do it, then the app will automatically find a place to fit it into your schedule. If you swear by Google Calendar already, then you'll be able to rest easy when you get an alert telling you it's time for that new habit you're trying to work into your routine that you aren't missing something else important.

Download: Google Calendar (Free)

Habitica

Trying to motivate yourself into building new or better habits isn't always as easy as you'd hope it might be. One way humans do make progress is by making and hitting goals, and that's where Habitica comes in, trying to gamify habit making. You'll make an avatar, fulfill a variety of tasks, and level up as you go.

When you get started, you'll input the tasks and goals that you have for yourself, including those new habits you want to build. It literally turns the dreaded task of building a habit into something that is fun and that you want to check in on.

Download: Habitica (Free)

Loop Habit Tracker

For some people, the best way to build new habits is by tracking behavior and monitoring it as the days go by. If that's what you're looking for in an app, then Loop Habit Tracker is the one to take a peek at.

You're able to load up all of the habits that you want to keep an eye on, and then check in each day to see your streaks grow as you build those habits. Once you've started to build a patter, you'll get access to some awesome analytics that let you see where you're succeeding and where you're failing. This app is open source, 100% free, and perfect for the folks who like to track their habits as they build them.

Download: Habit Tracker (Free)

Are you keeping track?

Whether you're trying to break bad habits you already have or you're trying to make new strides by building better habits, there is an app out there that can help you get the job done. From calendars to habit trackers, you've got options when it comes to getting some help in making positive changes in the New Year. Are you using an app to keep to New Year's resolutions or make new habits? Let us know about it in the comments below!

Read more and comment

 
6 days ago

Unknown Sources: Everything you need to know!

5

The Unknown Sources setting isn't the mystery — or the demon — it's made out to be if you know a little bit about it.

To install apps that you downloaded from somewhere besides the "official" app store from Google or the company that made your phone, you need to enable the "allow unknown sources" setting. There has always been a bit of confusion about what it is exactly and how things work. We're going to remedy that and talk through everything you need to know about unknown sources. Don't worry, it's gonna be fine.

What are 'Unknown Sources'?

No, not people who leak government stuff to the press. The Android kind of unknown sources. It's a scary label for a simple thing: a source for apps you want to install that is not trusted.

Unknown = not vetted directly by Google.

When we see the word "trusted" used this way, it means a little more than it usually would. In this case, trust means the same as it does for a web certificate and everyone involved on all sides will vouch for the source. Google says you can trust Google Play and Samsung Apps (for example) because they don't require you to enable the installation of unknown (not in the circle of trust) sources to install apps from either. Samsung feels the same way and so does your carrier.

In short, a trusted source is one that the company you gave your money to, the company who built it, and the company who wrote the software all have vouched for.

Why is there even a setting for this?

Half the people reading this will think that no company should allow us to install apps they do not trust. The other half will think that nobody should be telling me what apps I can and can't install. Having a setting in place is the only real solution.

It's not really a good idea to just let any app from any place get installed on your phone. When you block app installs from places not in that trusted circle, random drive-by downloads can't happen. Full stop. It's insanely difficult to find an exploit that can force you to install an app you don't want. It should be, because that sort of trickery is never done for a good reason. Going one step further and just outright blocking the darn things is the type of over-the-top phone security Google loves.

And Google doesn't claim that apps from other places are a bad thing. It has a whole page that tells app devs how to go about offering apps without putting them in the Play Store. All Google has to say about the Unknown Sources setting is:

User opt-in for apps from unknown sources

Android protects users from inadvertent download and install of apps from locations other than Google Play (which is trusted). It blocks such installs until the user opts in to Unknown sources in Settings > Security on their device. Users need to make this configuration change before they download your apps to their devices.

Note that some network providers don't allow users to install applications from unknown sources.

Google is cool with developers doing it and cool with you downloading and installing them. But they make sure you opt in for it before you do.

Are unknown sources a bad thing?

Nope. But enabling the setting for no good reason or leaving it on all the time is.

The internet is a big place. There are plenty of places to get apps that are as trustworthy as Google or Samsung or LG or any other company with their own on-device app store. You just need to do a tiny bit of poking around to make sure a place is trustworthy before you grab an app from it.

The Unknown Sources setting is like the stove: turn it off when you're done using it.

Reading this article is a good start. Read other Android websites, too. We're not afraid to tell you when you can trust something or some place. Here are two places I trust as much as anything from Google: Amazon and F-Droid. I use them both and am not afraid to tell you to use them if they have something you want. And everyone else here would say the same thing. In essence, Android Central trusts Amazon and F-Droid and thinks you can, too. But because of Google's definition of trust, in this case, they can't. Knowing that both Amazon and the folks running F-Droid scan all their files and are diligent about how they are distributing them isn't enough for Google because they need to do those things themselves before they trust a source.

What is a bad habit is leaving the unknown sources box checked if you don't need to. If an app you installed will run with the setting disabled, disable it until you need it again. If an app won't run without it enabled, find out why before you install it.

You're still protected

Google wants to scan every single app you install right before you install it. It will ask you to let it do so and to let it do it in the future the first time you try. At Google I/O, we were told that Google scans 50 billion apps per day to ferret out any with malware, including the ones you are installing. And this doesn't depend on having the latest version of Android. Every single phone with access to Google Play running Android 4 or higher has these protections built in through Google's Play Services feature. While no type of scanning is going to be 100% foolproof, chances are someone else has installed that app before you and Google has looked at it, and they will look harder if it does anything fishy. Or has a hidden ability to do anything fishy.

Fifty. Billion. Every day. That's a helluva lot of apps.

Google, Apple, Samsung, and every other company takes the integrity of their app store very seriously. Nothing makes them look worse than me telling you about bad apps that slipped through, so they do everything they can to keep it from happening. In this case, that benefit rolls over to apps you installed from elsewhere. Win all around!

Why don't companies just put their apps in Google's Play Store?

That's a question with a big, convoluted answer that no two people will agree on. Let's just say that Google places some restrictions on ways developers can make money. Not everyone is willing to accept those restrictions.

Of course, test apps and beta apps and project apps are better off being hosted locally and set to whoever needs them. But for big production ready apps, not everyone wants to use Google Play.

How do I turn Unknown Sources on?

  1. Open the device settings. Look for a gear icon in the notification shade near the top left corner and tap on it.
  2. Scroll down to the Security section and tap to open it.
  3. Scroll down to the entry labeled Unknown sources and read the subtext because you should always read any and all subtext in a "security" section of settings.
  4. Read the pop-up box that tells you Google isn't responsible if you install apps from places they do not explicitly trust and click OK to enable the setting.

You disable the setting the exact same way. Toggle the switch off and installation is once again blocked for apps downloaded outside of trusted app stores.

So should I enable the setting?

If you want to install an app that you trust — you know the source and are sure they aren't pulling a fast one and that the app is exactly as the developers have written it, then you can enable it when you need it.

There are a lot of different ways to define trust, but we think that word of mouth is one of the best ones. Your friends, people in forums and comments, and your favorite Android blog can tell you whether or not they think you should trust a thing or place, and whoever is saying it should be willing to tell you why.

Most importantly, you don't have to worry about temporarily enabling Unknown Sources if you trust a place that has an app you want to install.

I trust Amazon because it vets every app in its store and it is a popular source. That means if an app slips through, it will get caught quickly. I trust F-Droid because every app it offers has the full source code available and provides a checksum to make sure you're downloading a verified copy that it compiled itself. Not everyone wants the source code. You don't necessarily have to know either of these things because someone else has looked into it and the information is available. You should still do any personal vetting that you need to feel comfortable, but generally, a site that's not trustworthy is going to be talked about even more.

Do a little bit of homework and you're golden. Just be sure to turn the setting back off once you're done installing your apps.

Wrapping it up

This is a simple breakdown to make sure everyone can understand what's going on when asked to enable the Unknown Sources setting or when you see people warning against it. There are other more nerdy things like signing keys and heuristic scanning that could be talked about, but we feel that will muddy the water a little. If you're the type of person interested in the minutiae, the Android Developers site has plenty of information about how Google Play works and what else Google does to make it safe. It's great reading if you're inclined.

For everyone else, just know that the Unknown Sources setting isn't really a mystery or anything to be afraid of if you need it. And when you don't make sure it's turned off.

Stay safe!

Updated January 2018: With all the security worries lately, we've refreshed this piece to help you protect your devices and data.

Read more and comment

 
6 days ago

Do you use stock SMS apps?

63

The pros of going third-party.

There are a lot of benefits to using Android, and one of them is the sheer amount of customization that you have over your UI, default applications, etc. The Google Play Store is filled with third-party SMS apps to replace the one that comes preinstalled on your phone by default, and while some of them aren't that great, there are a lot of excellent ones to choose from.

We've previously talked about our top picks for the best of these apps, but some of our forum users recently approached this conversation a bit differently by talking about the main reasons they choose to ditch stock texting apps in the first place.

Here are some of the top answers.

*/
mysamsungs7e 01-08-2018 11:52 PM “

for the reason that we like Android: variety.

Reply
*/
cwbcpa 01-09-2018 06:44 AM “

Choice is a good thing. Don't like stock, choose something else. You like stock, stick with it. If an app is good and you find it useful, don't whine about kicking a couple bucks to a developer. They put work in and if they don't get paid for that work, they won't develop better apps.

Reply
*/
Almeuit 01-09-2018 12:24 AM “

Different colors.. fonts.. etc. Also some functionality. Such as I have it set to use MMS if it's over 160 characters.. therefore long SMS messages don't get split up by carriers since it'll send as a file with MMS. I also like the quick reply function and the customization to how notifications work with Textra over stock. To me that's worth the little I dished out for the app. I paid a few...

Reply
*/
103Softail 01-09-2018 02:03 AM “

Total customisation from colours to sounds. Get a long sms.....no problem with textra - but on sammy default I must tap the first part of sms to take me to the next page which shows the full sms???? Weird! Only thing with textra is that I can't read my sms on my gear S3 whereas sammy can. As for the cost of buying apps you're only paying for someone's time & effort so a couple of $ or even a few...

Reply

Now, we'd like to hear from you – Do you use stock SMS apps? Why or why not?

Join the conversation in the forums!

Read more and comment

 
6 days ago

Everything you need to know about sideloading apps for your Gear VR

Sideloading apps onto your phone is easy and lets you access apps you can't get on the Google Play Store.

Samsung's Gear VR is one of the most accessible forms of virtual reality available today because it runs right off of your Samsung phone. Initially, there are plenty of apps that you can download from the Oculus Store, or the Google Play Store. However, if you've found an app that you want to try that isn't on the Google Play Store, or you want to check out some of the more adult apps out there, you'll need to sideload those apps on your phone.

Don't panic if you have no clue what sideloading is. We've got all the details that you'll need. Just keep scrolling and we'll explain everything.

Read more and comment

 
6 days ago

Lead Google Duo engineer teases group calls, web app, and more

11

Group calls in Duo might finally be a thing.

Although it still isn't quite as popular as Apple FaceTime, Google Duo has quickly become one of the best video/audio calling apps around. Google's pushed out regular updates to the app since its debut less than two years ago, and Duo's lead engineer recently teased a few upcoming features we could see later in the year.

On January 9, Justin Uberti posted a Tweet promoting Duo video calls on Google's new Smart Displays and said it was "time to kick off our 2018 Google Duo roadmap." One user then replied asking Uberti if there was a chance Duo would get a web app, support for Chrome OS, group calls, and improved audio quality.

Uberti's response?

It's possible that all of these are things in the works for Duo, but then again, there's a chance that Uberti and his team are only working on one or two of these things. Support for group calls is what I'd like to see the most, but you won't find me complaining if all these things are added throughout 2018.

Of these features, which one would you like to see added to Duo?

Allo and Duo Head of Product leaves Google for Facebook

Read more and comment

 
1 week ago

How to Enable 2-Step Verification in Gmail

40
Google Authenticator

Using two-factor verification makes sure that you — and only you — have access to your Google account.

In light of the recent security issues surrounding Meltdown and Spectre, we refreshed this content in January 2018.

Security breaches happen. This one saw 273.3 million email accounts — including Gmail accounts — compromised. This is why we strongly recommend enabling two-step verification (or two-step authentication, as it's also known) for your Google account.

This process will put a stop to anyone's efforts to access anything — including Gmail and all other Google services — that uses your Google account credentials when logging in because you need more than a password to verify that you are the account owner.

What is two-step verification?

Two-step verification adds an extra layer of security to your account. Think in terms of withdrawing cash from an ATM — you must insert your card and enter a personal identification number. In the case of a Google account, with two-step verification enabled, you must enter a password and a code that is sent to your phone by call or text, or through an authenticator app on your phone.

Although it will now require extra steps to access your Google account, two-step verification is invaluable. Using two methods to authenticate who you effectively doubles your account security, and makes sure you're only able to log in if you have both the right password and a valid authentication token. It is still recommended to change your current Google password if you haven't already. Without further ado, let's enable two-step verification.

Use Google's simple two-step authentication

Google has it's own very simple two-step verification system. It's something the company debuted in mid-2017 and the setup is simple — Google will send a verification code to the phone number registered with your account, and once you reply with the code you're enrolled.

Then, whenever you need to sign into your Google account on a new device you'll get a notification on your phone. Tap it and you are good to go. it couldn't be more simple, and it's easy to switch phones or numbers in your Google account settings via any web browser if you lose your phone or change your number.

If you'd rather use the more traditional way, read on!

How to enable two-step verification in the Google Authenticator app

You can use "traditional" two-factor authentication with your Google account, where you get a code through a message or an authenticator app. Here's what you need to do.

  1. Launch your web browser from your computer desktop.
  2. Type g.co/2sv into the address bar.

    Double-click on your browser. Type g.co/2v into the address bar.

  3. Type in your password.
  4. Click on Sign In.

    Type in your password. Click on Sign In.

  5. Click Off under 2-Step Verification.
  6. Click Turn On.

    Click on Off. Click on Turn On.

  7. Type in your password.
  8. Click on Sign In.

    Type in your password. Click on Sign In.

  9. Click on the flag drop-down menu and select your country.
  10. Type in your phone number.

    Click on the flag menu and click on your country. Type in your phone number.

  11. Select either Text message or Phone call.
  12. Click on Try It. You will receive a text message or phone call containing your code.

    Select either text message or phone call. Click on Try It.

  13. Type in the code you received on your phone.
  14. Click on Next.

    Type in the code you received on your phone. Click on Next.

  15. Click Turn On.

    Click on Turn On.

Now you have two-factor verification enabled for your Google account. Next, let's have a look how to enable the Google Authenticator app on your phone to make things even more secure and convenient.

How to prepare your account for the Google Authenticator app on Android

Click on this link from your computer to get started.

  1. Click on Next
  2. Click on Switch to app.

    Click on Next. Click on Switch to app.

  3. Click on Android.
  4. Click Continue. You will now see a barcode on your computer screen. Keep this barcode on your screen and continue with the steps below.

    Click on Android. Click on Continue.

  5. Tap the Play Store on the Home screen of your Android phone.
  6. Type in Google Authenticator in the search bar.
  7. Tap the Search button.

    Tap the Play Store. Type in Google Authenticator. Tap the Search button.

  8. Tap the Google Authenticator app. It's the result by Google Inc.
  9. Tap the Install button.
  10. Tap the Accept button.

    Tap the Google Authenticator app. Tap the Install button. Tap the Accept button.

  11. Tap the Open button when the download is complete.
  12. Tap on Begin Setup.
  13. Tap on Scan a barcode.

    The the Open button. Tap Begin Setup. Tap on Scan a barcode.

  14. Scan the barcode visible on your computer screen.
  15. Tap on Open browser.
  16. Tap on OK.

    Scan the barcode. Tap on Open browser. Tap on OK.

Now, instead of getting a text or voice message with a verification code, you will use a unique code in the Google Authenticator app every time you log in to your Google account on any device. This code changes every 30 seconds, and when you use it, it has to match the current code that Google is expecting for that time window. Anyone attempting to access your account who doesn't have your phone in their hands will not receive the code and will thus be unable to log in. Safety first, everyone!

Conclusion

Even though your Google account might have been spared this time, there is no telling when another hack or leak can occur. Any service that offers two-step verification should be taken advantage of, as it essentially puts a firm stop to unverified access attempts. Stay safe!

Read more and comment

 
1 week ago

Allo and Duo Head of Product leaves Google for Facebook

30

Amit Fulay is no longer leading the Allo and Duo charge.

If you're a frequent user of Google's Allo and/or Duo, there's a good chance you're familiar with Amit Fulay. Fulay has been serving as the Head of Product for Real-Time Communications at Google since back in 2010, and along with the more recent Allo and Duo, Fulay also played a big part in creating Hangouts.

However, Fulay's time at Google has come to an end. On his Twitter account, Fulay said that today, January 8, 2018, is his first official day working at Facebook. His Twitter bio has been changed to indicate that he's now "Product @ Facebook", but it's unclear what his exact position within the company is.

Here's Fulay's full message:

Although they may not be Google's most popular services, I personally love using Allo and Duo. Google's yet to say who will be filling Amit Fulay's shoes, and it'll be interesting to see how these two platforms grow and possibly change throughout the year.

Facebook's M virtual assistant is being shut down on January 19

Read more and comment

 
1 week ago

Meltdown Hack and Spectre Bug: How it affects Android & Chrome Users

11

The information you need to know so you can stay safe.

You might have heard that the sky has fallen and the security apocalypse has happened because of two new attacks named Meltdown and Spectre. If you work in IT or any other area of large-scale computer infrastructure, you probably feel like it has, too, and are already looking forward to your 2018 vacation days.

Media outlets first heard rumors of this mother-of-all-exploits in late 2017, and recent reports were wildly speculative and finally forced companies like Microsoft, Amazon, and Google (whose Project Zero team discovered the whole thing) to respond with details. Those details have made for an interesting read if you're interested in this sort of thing.

But for everyone else, no matter what phone or computer you use, a lot of what you're reading or hearing might sound like it's in a different language. That's because it is, and unless you're fluent in cyber-geek-security-techno-speak you might have to run it through a translator of some sort.

Good news! You found that translator, and here's what you need to know about Meltdown and Spectre, and what you need to do about it.

What they are

Meltdown and Spectre are two different things, but since they were revealed at the same time and both deal with microprocessor architecture at the hardware level, they are being talked about together. The phone you're using right now is almost certainly affected by the Spectre exploit, but nobody has found a way to use it — yet.

The processor inside your phone determines how vulnerable it is to these types of exploits, but it's safer to assume that they all affect you if you're unsure. And since they aren't exploiting a bug and instead are using a process that's supposed to happen, there's no easy fix without a software update.

Look at the phone in your hands; it's vulnerable to some of these attacks.

Computers (this includes phones and other tiny computers, too) rely on what's called memory isolation for security between applications. Not the memory that is used to store data over the long term, but the memory used by hardware and software while everything is working in real time. Processes store data separately from other processes, so no other process knows where or when it gets written or read.

The apps and services running on your phone all want the processor to do some work and are constantly giving it a list of things they need to be computed. The processor doesn't do these tasks in the order they are received — that would mean some parts of the CPU are idle and waiting for other parts to finish, so step two could be done after step one is finished. Instead, the processor can move ahead to step three or step four and do them ahead of time. This is called out-of-order-execution and all modern CPUs work this way.

Meltdown and Spectre aren't exploiting a bug — they attack the way a processor computes data.

Because a CPU is faster than any software could be, it also does a bit of guessing. Speculative execution is when the CPU performs a calculation it wasn't yet asked to do based on previous calculations it was asked to perform. Part of optimizing software for better CPU performance is following a few rules and instructions. This means most of the time there is a normal workflow that will be followed and a CPU can skip ahead to have data ready when software asks for it. And because they are so fast, if the data wasn't needed after all, it gets tossed aside. This is still faster than waiting for the request to perform a calculation.

This speculative execution is what allows both Meltdown and Spectre to access data they would otherwise not be able to get at, though they do it in different ways.

Meltdown

Intel processors, Apple's newer A series processors, and other ARM SoCs using the new A75 core (for now that's just the Qualcomm Snapdragon 845) are vulnerable to the Meltdown exploit.

Meltdown leverages what's called a "privilege escalation flaw" that gives an application access to kernel memory. This means any code that can get access to this area of memory — where the communication between the kernel and the CPU happens — essentially has access to everything it needs to execute any code on the system. When you can run any code, you have access to all data.

Spectre

Spectre affects almost every modern processor, including the one on your phone.

Spectre doesn't need to find a way to execute code on your computer because it can "trick" the processor into executing instructions for it, then granting access to the data from other applications. This means an exploit could see what other apps are doing and read the data they have stored. The way a CPU processes instructions out of order in branches are where Spectre attacks.

Both Meltdown and Spectre are able to expose data that should be sandboxed. They do this at the hardware level, so your operating system doesn't make you immune — Apple, Google, Microsoft, and all sorts of open-source Unix and Linux operating systems are equally affected.

Because of a technique that is known as dynamic scheduling that allows data to be read as it's computing instead of it needing to be stored first, there is plenty of sensitive information in RAM for an attack to read. If you're interested in this sort of thing, the whitepapers published by the Graz University of Technology are fascinating reads. But you don't need to read or understand them to protect yourself.

Am I affected?

Yes. At least, you were. Basically, everyone was affected until companies started patching their software against these attacks.

The software that needs updating is in the operating system, so that means you need a patch from Apple, Google, or Microsoft. (If you use a computer that runs Linux and aren't into infosec, you've got the patch already, too. Use your software updater to install it or ask a friend who is into infosec to walk you through updating your kernel). The awesome news is that Apple, Google, and Microsoft have patches either already deployed or on their way in the immediate future for supported versions.

The specifics

  • Intel processors since 1995 except for the Itanium and pre-2013 ATOM platform are affected by both Meltdown and Spectre.
  • All modern AMD processors are affected by the Spectre attack. AMD PRO and AMD FX (the AMD 9600 R7 and AMD FX-8320 were used as proof-of-concept) CPUs in a non-standard configuration (kernel BPF JIT enabled) are affected by Meltdown. It's expected that a similar attack against side-channel memory reading is possible against all 64-bit CPUs including AMD processors.
  • ARM processors with Cortex R7, R8, A8, A9, A15, A17, A57, A72, A73, and A75 cores are suspectable to Spectre attacks. Processors with Cortex A75 (the Snapdragon 845) cores are vulnerable to Meltdown attacks. It's expected that chips using variants of these cores, like Qualcomm's Snapdragon line or Samsung's Exynos line, will also have similar or the same vulnerabilities. Qualcomm is working directly with ARM, and has this statement on the issues:

Qualcomm Technologies, Inc. is aware of the security research on industry-wide processor vulnerabilities that have been reported. Providing technologies that support robust security and privacy is a priority for Qualcomm, and as such, we have been working with Arm and others to assess impact and develop mitigations for our customers. We are actively incorporating and deploying mitigations against the vulnerabilities for our impacted products, and we continue to work to strengthen them as possible. We are in the process of deploying these mitigations to our customers and encourage people to update their devices when patches become available.

  • NVIDIA has determined that these exploits (or other similar exploits that may arise) do not affect GPU computing, so their hardware is mostly immune. They will be working with other companies to update device drivers to help mitigate any CPU performance issues, and they are evaluating their ARM-based SoCs (Tegra).

  • Webkit, the people behind the browser rendering engine of Safari and the forerunner to Google's Blink engine, have an excellent breakdown of exactly how these attacks can affect their code. Much of it would apply to any interpreter or compiler and it's an amazing read. See how they are working to fix it and keep it from happening the next time.

In plain English, this means that unless you're still using a very old phone, tablet, or computer, you should consider yourself vulnerable without an update to the operating system. Here's what we know so far on that front:

  • Google has patched Android against both Spectre and Meltdown attacks with the December 2017 and January 2018 patches.
  • Google has patched Chromebooks using the 3.18 and 4.4 versions of the kernel in December 2017 with OS 63. Devices with other versions of the kernel (look here to find yours) will be patched soon. In plain English: The Toshiba Chromebook, the Acer C720, Dell Chromebook 13, and the Chromebook Pixels from 2013 and 2015 (and some names you've probably never heard of) aren't patched yet but will be soon. Most Chromeboxes, Chromebases, and Chromebits are not patched but will be soon.
  • For Chrome OS devices that aren't patched, a new security feature called Site Isolation will mitigate any issues from these attacks.
  • Microsoft has patched both exploits as of January 2018.
  • Apple has patched macOS and iOS against Meltdown starting with the December update. The first round of Spectre updates were pushed out in early January. Check out iMore for everything you need to know about these CPU flaws and how they affect your Mac, iPad, and iPhone.
  • Patches have been sent to all supported versions of the Linux kernel, and Operating Systems like Ubuntu or Red Hat can be updated through the software update application.

For Android specifics, the Nexus 5X, Nexus 6P, Pixel, Pixel XL, Pixel 2, and Pixel 2 XL have been patched and you should see an update soon if you haven't already received it. You can also manually update these devices if you like. The Android Open Source project (the code used to build the OS for every Android phone) has also been patched and third-party distributions like LineageOS can be updated.

How to manually update your Pixel or Nexus

Samsung, LG, Motorola, and other Android vendors (companies who make phones and tablets and TVs) will patch their products with the January 2018 update. Some, like the Note 8 or Galaxy S8, will see that before others, but Google has made the patch available for all devices. We expect to see more news from all partners to let us know what to expect and when.

What can I do?

If you have a product that's vulnerable, it's easy to get caught up in the hype, but you shouldn't. Both Spectre and Meltdown don't "just happen" and depend on you installing malware of some sort that leverages them. Following a few safe practices will keep you immune to either exploit on any computer hardware.

  • Only install software that you trust from a place you trust. This is a good idea always, but especially if you're waiting for a patch.
  • Secure your devices with a good lock screen and encryption. This does more than just keep another person out, as applications can't do anything while your phone is locked without your permission.
  • Read and understand the permissions on everything you run or install on your phone. Don't be afraid to ask for help here!
  • Use a web browser that blocks malware. We can recommend Chrome or Firefox, and other browsers may also protect you against web-based malware. Ask the people who make and distribute them if you're unsure. The web browser that came with your phone may not be the best option here, especially if you have an older model. Edge and Safari are also trusted for Windows or MacOS and iOS devices.
  • Do not open links on social media, in an email, or in any message from someone you do not know. Even if they are from people you know, make sure you trust your web browser before you click or tap. This goes double for redirect links that mask a site URL. We use those sort of links pretty often and chances are a lot of online media you read does, too. Be careful.
  • Don't be stupid. You know what this means to you. Trust your judgment and err on the side of caution.

The good news is that the way these side channel exploits are patched is not going to bring the huge slowdowns that were hyped before any updates were released. That's just how the web works, and if you read about how your phone or computer was going to be 30% slower after any fix was applied, it was because sensationalism sells. Users who are running updated software (and have been during testing) just aren't seeing it.

The patch doesn't have the performance impact some claimed it would bring, and that's a great thing.

This all came about because these attacks measure precise time intervals and the initial patches change or disable the precision of some timing sources through software. Less precise means slower when you're computing and the impact was exaggerated to be a lot bigger than it is. Even the slight performance decreases that are a result of the patches are being mitigated by other companies and we see NVIDIA updating the way their GPUs crunch numbers or Mozilla working on the way they calculate data to make it even faster. Your phone won't be any slower on the January 2018 patch and neither will your computer unless it's very old, at least not in any noticeable way.

Stop worrying about it and instead make sure to do everything you can to keep your data safe.

What to take away from it all

Security scares always have some sort of real impact. Nobody has seen any instances of Meltdown or Spectre being used in the wild, and because most devices that we use every day are updated or will be very soon, reports will probably stay this way. But this doesn't mean they should be ignored.

Take security threats like this seriously but don't fall for all the hype; be informed!

These side channel exploits had the potential to be that big, serious game-changing event people worry about when it comes to cybersecurity. Any exploit that affects hardware is serious, and when it attacks something done on purpose instead of a bug it becomes even more serious. Thankfully, researchers and developers were able to catch, contain, and patch Meltdown and Spectre before any widespread use happened.

What's really important here is that you get the right information so you know what to do every time you hear about a new cyberthreat that wants all of your digital stuff. There's usually a rational way to mitigate any serious effects once you dig past all the headlines.

Stay safe!

Read more and comment

 
1 week ago

Facebook's M virtual assistant is being shut down on January 19

5

Two years later, Facebook's pulling the plug on M.

Back in 2015, Facebook announced its own virtual assistant by the name of "M." M was different from the likes of Siri and Alexa due to the fact that it was regularly monitored by a group of humans to help grow the platform, and because of this, M could do things book reservations, order gifts, and more. The assistant was only ever made available to a small group of people in California, and on January 19, 2018, Facebook will be shutting it down.

In a statement that the company issued, Facebook said:

We launched this project to learn what people needed and expected of an assistant, and we learned a lot. We're taking these useful insights to power other AI projects at Facebook. We continue to be very pleased with the performance of M suggestions in Messenger, powered by our learnings from this experiment.

As mentioned above, M Suggestions that was released for all users in the United States last April will live on. M Suggestions isn't as powerful as the full M assistant, but it can be used in Messenger conversations to suggest stickers that you can use, create calendar appointments, etc.

M showed signs of real potential, and while it might be disappointing to some users to see it die, we're anxiously awaiting to see how Facebook uses this tech with future products and services.

Until then, rest in peace, M.

The first baby monitor with Alexa is coming in February for $229

Read more and comment

 
1 week ago

Watch your neighbors' security camera feed with Streety

9

A modern take on the neighborhood watch.

*/ /*-->*/

Over the past couple years, there's been a surge in smart home security systems. The likes of Nest and Ring have been leading this charge, and now Vivint is releasing something unique (and possibly unsettling) with Streety.

Streety is a free mobile app that you'll be able to download to your phone this spring, and it'll allow you to view live feeds and video clips of smart security cameras throughout your entire neighborhood. Anyone in the United States and Canada will be able to use the app to view video feeds that are being shared to Streety, and whether or not you own a smart camera made by Vivint or another company, you'll have to choose if you want your video clips shared to your Streety network before people can view them.

With Streety, Vivint is hoping that people will use the app for monitoring activity in neighborhoods, sharing video clips to solve any incidents that happen, and even watching a neighbor's home while they're away on vacation.

To help ensure that Streety is being used legitimately, Streety neighborhood boundaries are limited to a radius of 300 yards and a verification process from a third party will confirm that user identities match addresses they're paired with.

Speaking about Streety, Vivint Vice President and General Manager of Cameras said:

As cameras are one of the fastest-growing product segments in the smart home industry, neighbors often ask each other if cameras captured something around their home or on the street. Streety makes it easy for neighbors to request and share video so they can take better action, faster.

If you own a smart camera, does Streety sound like something you'd be interested in using?

Ring adds Beams to its 'Ring of Security' as Ring Alarm set to ship this spring

Read more and comment

 
1 week ago

Best music widgets for Android

3

A good widget can make or break a home screen.

Widgets at their best should feel like they've always been a part of your home screen. They mesh with your wallpaper, they pop amongst your app icons, and the controls are easy to see and use. The problem with this idea is that, well, most music widgets suck. They're either a harsh white that cover up wallpapers, or they're too tiny to see your music information easily, or they're just ugly. Thankfully, third-party apps are here to pick up the slack and turn it into a beautiful banner of musical magic.

Here are the best ones.

Read more and comment

 
1 week ago

How to make a fitness app part of your daily routine

36

Technology is transforming fitness.

It used to be that fitness apps were primarily used to count calories, and check in after workouts. That's no longer the case. There are dozens of fantastic apps out there, and they cater to what you are specifically looking for. Whether you're always looking for a new fun app to help motivate you along, or you've never been inclined to look into them at all, fitness apps can help make your average day healthier.

Keeping fit is easier than ever

Most of us get some amount of exercise every day, just by living our lives. We walk around, in some cases all day long. Plenty of fitness apps will track this and let you know what your activity level is like each day, including the number of steps taken and calories burned based off of your height and weight. There are apps which do this without ever even needing to be opened after you initially set them up.

Fitness doesn't have to be a chore, at least not with these apps.

If you're just starting a fitness routine, there are apps that can help build workout plans, count calories, give you videos so you can workout at home and much more. It might seem a little strange at first to have an app tracking your fitness level. By integrating these apps into your day you can see how active you already are, without ever having to hit the gym. That isn't to say that all fitness apps are made for that purpose. They've branched out, and the abundance of choice lets you determine what you need out of a fitness app.

More: 4 interactive apps that will keep you entertained

If you're looking for something that turns fitness into a game there is Zombies, Run! The Walk, or even Pokémon Go. Charity Miles donates money to a charity of your choice for the distance you run. Fitness doesn't have to be a chore, at least not with these apps. They take what you're already doing, and put a spin on it to make it fun and encourage you to do more.

Assistants can help

When it comes to working out, maybe you need to fit things in right in the middle of a busy day. If you have a Google Home, a Samsung phone with Bixby and Samsung Health, or an Amazon Alexa your digital assistants can be of help.

That's because each different Assistant can launch a workout for you. With Samsung devices, you can build a workout plan right from inside of Samsung Health, whether that be drinking more water or training for a 5K program. Alexa has workout based skills that you can enable, and Google Home can talk to several workout programs. This means that you can trigger a quick workout just by talking to your connected device, making it easy to fit in some activity even when you only have a few short minutes to spare.

One size fits all fitness is a thing of the past

Even if you aren't particularly fitness-minded, integrating an app into your life can be a benefit. With unobtrusive tracking apps, you can see your daily activity levels. While that might not seem like much if you're a city dweller you could be walking miles every day without ever realizing it. These apps can help with your health as well, outlining when you have more energy for activity, or what your stamina is like. Some games even have fitness benefits that are purely accidental, like Ingress where walking around to capture portals is a game mechanic. Apps like Aqualert can even help to make sure you're drinking enough water. Fitness apps are no longer just for the people who live and breathe getting and staying in shape. They're built now to be friendly to everyone no matter what your level of motivation might be.

With the ways that fitness apps have diversified, there really is something out there for absolutely everyone.

These aren't the apps from years ago which were tailored for a specific type of person to use. Rather, they have spread their influence and tried to find new niches for people who might not usually use a fitness app. The analytics and data can be fantastic if you're a fan of graphs and charts, but even better is the fact that using these apps can actually help you to live a healthier life. We only get one body, so why not treat it right with the help of technology?

Questions?

It doesn't matter what your activity level is like on a day to day basis. Everyone can benefit from having a fitness app in their life. It can be something small like simply tracking your activity levels, or detailed down to your caloric intake and workout intensity. No matter where you sit on the fitness spectrum, there is an app for you. So are you using any of these apps, or is there a fitness app that you stand by already? Tell us all about it in the comments!

January 2018: We've updated this post with information about using the Assistant on your phone to help make fitness a part of your daily routine!

Read more and comment

 
1 week ago

HTC Edge Launcher can now be triggered from the lock screen

3

HTC's making your squeezes more productive.

After launching Edge Sense on the U11, HTC followed this up with Edge Launcher on the U11+. Edge Launcher allows you to squeeze the sides of your U11 handset to get a calendar and array of apps, contacts, and quick settings right at your fingertips, and it's a nice alternative to squeezing your phone for one particular application.

HTC recently updated its Edge Launcher app on the Play Store, and there are a couple big improvements that make Edge Launcher even more useful.

For starters, Edge Launcher can now be triggered from the lock screen. You've previously had to unlock your phone before you could use Edge Launcher, but now you can squeeze at any time to bring it up.

Along with this, HTC has also added new shortcuts for Battery Saver, Auto Rotate, and Wi-Fi Hotspot, in addition to now letting you customize the order of which these appear on Edge Launcher.

This new version of Edge Launcher is available on the Play Store now, and you can grab it by tapping the button at the top of this article.

HTC U11

Amazon Sprint HTC

img { width: 100%; height: auto; } .devicebox ul { display: table; margin: 0 0 10px; width: 100%; } .devicebox ul li { background: #f7f7f7; margin: 2px 0; padding: 4px 15px; } .devicebox ul li:hover { background: #fff; } .devicebox ul li:before { display: none; } .devicebox p ~ p { line-height: 1.25; } .devicebox p:first-of-type + p { padding: 15px; } .devicebox a.buy-link { border-radius: 5px; display: inline-block; font: 14px/31px "Proxima Nova Extrabld",Helvetica,Arial,sans-serif; text-align: center; } .devicebox a.buy-link, .devicebox a.buy-link:link, .devicebox a.buy-link:active, .devicebox a.buy-link:visited { background: #37B5D7; color: #FFF; } .devicebox a.buy-link:hover { background: #2694B2; text-decoration: none; } .devicebox a.buy-link:before { content: "\e61e"; font: 40px/0 "ac_iconset" !important; margin: 0 3px 0 -8px; vertical-align: middle; } @media all and (min-width: 1025px), all and (max-width: 800px) and (min-width: 660px) { /* div:not(.columns-3) excludes help menu content */ .article-body-wrap > div:not(.columns-3) > *:first-child:not(.sticky-wrapper) .devicebox { padding: 20px 0 25px; } .article-body-wrap > div:not(.columns-3) > *:first-child:not(.sticky-wrapper) .devicebox .video { float: left; margin: 0 30px 0 0; width: calc(100% - 375px); } .article-body-wrap > div:not(.columns-3) > *:first-child:not(.sticky-wrapper) .devicebox h3 + p { bottom: 37px; display: block; overflow: hidden; position: absolute; top: 60px; width: calc(100% - 375px); } .article-body-wrap > div:not(.columns-3) > *:first-child:not(.sticky-wrapper) .devicebox p img, .article-body-wrap > div:not(.columns-3) > *:first-child:not(.sticky-wrapper) .devicebox p > img { position: absolute; top: 50%; transform: translateY(-50%); } .article-body-wrap > div:not(.columns-3) > *:first-child:not(.sticky-wrapper) .devicebox p:nth-child(n+3), .article-body-wrap > div:not(.columns-3) > *:first-child:not(.sticky-wrapper) .devicebox ul { box-sizing: border-box; margin-left: calc(100% - 345px); width: 340px; } .article-body-wrap > div:not(.columns-3) > *:first-child:not(.sticky-wrapper) .devicebox p.list-head { margin-top: -5px; } } @media all and (max-width: 1024px) and (min-width: 801px), all and (max-width: 660px) { .devicebox h3 { text-align: center; } .devicebox ul, .devicebox p { display: block; } } @media all and (max-width: 800px) and (min-width: 660px) { .devicebox { padding: 20px 0 25px; } .devicebox .video { float: left; margin: 0 30px 0 0; width: calc(100% - 375px); } .devicebox h3 + p { bottom: 37px; display: block; overflow: hidden; position: absolute; top: 60px; width: calc(100% - 375px); } .devicebox p img, .devicebox p > img { position: absolute; top: 50%; transform: translateY(-50%); } .devicebox p:nth-child(n+3), .devicebox ul { box-sizing: border-box; margin-left: calc(100% - 345px); width: 340px; } .devicebox p.list-head { margin-top: -5px; } } @media all and (min-width: 1025px), all and (max-width: 800px) and (min-width: 661px), all and (max-width: 500px) { /* 2x buy buttons */ .devicebox a.buy-link { width: calc(50% - 2.5px); margin: 0 5px 5px 0; } .devicebox a.buy-link:nth-of-type(even) { margin: 0 0 5px 0; } .devicebox a.buy-link:last-of-type:nth-of-type(odd) { width: 100%; } } @media all and (max-width: 1024px) and (min-width: 801px), all and (max-width: 659px) and (min-width: 501px) { /* 3x buy buttons */ .devicebox a.buy-link { width: calc(100%/3 - 10px/3); margin: 0 5px 5px 0; } .devicebox a.buy-link:nth-of-type(3n):not(:nth-last-of-type(2)) { margin: 0 0 5px 0; } .devicebox a.buy-link:only-child { width: 100%; margin: 0 0 5px 0; } .devicebox a.buy-link:nth-last-of-type(2):nth-of-type(3n+1), .devicebox a.buy-link:nth-last-of-type(2):nth-of-type(3n+1) ~ a.buy-link, .devicebox a.buy-link:nth-last-of-type(4):nth-of-type(3n+1), .devicebox a.buy-link:nth-last-of-type(4):nth-of-type(3n+1) ~ a.buy-link { width: calc(50% - 2.5px); } .devicebox a.buy-link:nth-last-of-type(2):nth-of-type(3n+1) ~ a.buy-link, .devicebox a.buy-link:nth-last-of-type(4):nth-of-type(3n+1) ~ a.buy-link:nth-last-of-type(odd) { margin: 0 0 5px 0; } } @media all and (max-width: 800px) { .devicebox { margin: 0 0 30px; max-width: none; width: auto; } } @media all and (max-width: 500px) { .devicebox { margin: 0 0 30px; max-width: none; width: auto; } .devicebox a.buy-link:before { display: none; } } .page-admin .devicebox {max-width: 350px;} .page-admin .devicebox .video_iframe {position: relative; height: 0; padding-bottom: 56.9%;} .page-admin .devicebox .video_iframe iframe {width: 100%; height: 100%; position: absolute;} /*-->*/ /*-->*/ /*-->*/

Read more and comment

 
Show More Headlines

Pages