Tag: Bug

Categories
Mobile Syrup

Weird Pixel 7 series camera bug won’t save zoom photos

Google’s Pixel phones have a bit of a reputation for being buggy, though the Pixel 7 and 7 Pro have been less buggy than their predecessors. Less buggy doesn’t mean no bugs at all, however.

The latest bug plaguing Pixel 7 series devices is a bit of a head-scratcher: the phones won’t save close-up pictures captured in low light with the flash on at zoom levels between 2-5x. If that sounds oddly specific, well, you’re right.

Reddit user ‘u/MintySkyhawk‘ posted a video of the bug in action (via Android Police). MintySkyhawk was trying to take close-up pictures of his PC internals with a Pixel 7 Pro’s 5x periscope lens and noticed the photos weren’t being saved to his phone.

Another user responded that they were able to replicate the issue, and Android Police says it could replicate the problem on both a Pixel 7 and 7 Pro, including on one running Android 13 QPR2 and Android 14 DP2. In my testing, I couldn’t reliably replicate the bug on my Pixel 7, but it did happen to me a few times.

Based on details shared on Reddit, it seems the bug is related to the Google Camera app and, more specifically, likely a glitch with the app’s HDR. Outside of the specific circumstances listed above, Pixel 7 and 7 Pro devices seem to be taking photos just fine. My tests, as well as Android Police’s testing, used Google Camera version 8.7.250.494820638.44.

Hopefully, Google will get around to fixing this particular bug sooner rather than later. It’s a real strange one, though, so it might take a while to get it fixed. In the meantime, I guess avoid taking zoom pictures with the flash on, and when you do, always check to make sure it saves.

Source: Reddit Via: Android Police

Categories
Mobile Syrup

November security patch fixes Pixel lock screen bypass bug

Google’s November 2022 security patch dropped for Pixel phones a few days ago, and, if you haven’t already updated your Pixel phone, you should. The update includes a fix for a security flaw that could allow someone to bypass the phone’s lock screen using a SIM card.

David Schütz discovered the issue and detailed it in a blog post and video. While the post is well worth a read if you’re interested in this kind of thing, the short version is that someone with physical access to a Pixel device could bypass lock screen protections, including the fingerprint and PIN, and gain access to the phone.

To do so, all an attacker would need to do is swap the SIM card in the phone. In the video, Schütz shows himself swapping a SIM card into a locked Pixel 6, which then asks for the SIM PIN. After entering that wrong three times, the Pixel asks for a personal unblocking key (PUK), which is used to reset a SIM PIN if a user forgets it. However, in the case of Pixel phones, after entering the PUK and typing in a new SIM PIN, the phone unlocks.

Put another way, an attacker would only need a SIM card with a SIM PIN a PUK code that they know to gain access to any Pixel smartphone. The November 2022 security patch, which is now available for the Pixel 4a and newer, fixes the problem.

Frustratingly, Schütz reported the security flaw to Android’s Vulnerability Rewards Program in the middle of 2022, but Google didn’t do anything until September after some in-person prodding. Still, Schütz got a $70,000 USD reward (about $93,703 CAD), which is a good chunk of change for spotting the flaw.

Source: Schütz Via: 9to5Google

Categories
Mobile Syrup

iOS 16 causes issues with Cinematic Mode videos in Final Cut Pro, iMovie

Apple’s latest software update for iPhones, iOS 16, brought quite a few bugs with it. Some have been fixed, while others have only just been discovered. Most recently, iOS users uncovered a bug with ‘Cinematic Mode’ that breaks support with iMovie and Final Cut Pro.

9to5Mac spotted reports on Apple’s support forums and on Reddit about the issue. Both of Apple’s video editors show errors when attempting to open Cinematic Mode video recorded on devices running iOS 16.

“It seems that iOS 16 broke this feature in FCP, which will show a “The cinematic effect cannot be activated” error (and according to other users the latest iOS 16.1 and macOS Ventura betas also don’t resolve the issue),” wrote ‘Ulmi‘ on Apple’s support forum.

As noted by 9to5, it seems Apple hasn’t acknowledged the issue yet, and there doesn’t appear to be a fix on the horizon. Worse, with Apple not planning to roll out macOS Ventura until October, it’s possible there could be a wait before the company updates its apps to fix the problem. That said, if the issue is on the iOS side, an update there might resolve the issue.

In the meanwhile, some users are working around the problem by editing the clips on their iPhones and then sharing the videos to their Macs over AirDrop.

Apple first released Cinematic Mode alongside the iPhone 13 line last year. You can learn more about the feature here.

Source: Apple support, Reddit Via: 9to5Mac

Categories
Mobile Syrup

Google Wallet tap to pay not working due to bugged security prompt

Some people have run into issues tapping their Android phones to pay at stores due to an odd Google Wallet issue. Those encountering the issue receive a pop-up noting that their device “doesn’t meet security requirements,” warning that the phone “may be rooted or running uncertified software.”

Complaints have emerged on Reddit from users with Google Pixel and Samsung Galaxy smartphones, but the people encountering the issue don’t have rooted or modified phones. Worse, common solutions like clearing the Play Store’s app cache don’t seem to make a difference.

Security check pop-up | Credit: u/Norci

However, Android Police suggests the problem could be related to a change to Android’s security check process. Google Wallet typically performs a device check using the ‘SafetyNet Attestation API’ when users try to make a payment. That check looks for things that could make transmitting card information extra risky, such as unlocked bootloaders. Phones that fail the check see the above pop-up.

Android Police explains that Google is in the process of replacing the SafetyNet Attestation API with a new API dubbed ‘Play Integrity.’ The switch is supposed to happen in 2024, but Google has forged ahead with its own apps — for example, Google Wallet.

The publication suggests the switch to Play Integrity could be connected to the new wave of failed safety checks for people with smartphones that shouldn’t fail the checks. Android Police points to RSA Security’s SecurID Authenticator app, which recently faced the same problem after the 4.1.5 update last week.

RSA explained in a community forum bulletin that it switched from SafetyNet to Play Integrity for SecurID security checks, and then the app started detecting a rooted state and prevented people from using the app. After working with Google on the issue, RSA pushed version 4.1.6 out over the weekend with a fix for the issue.

That said, it’s not clear whether the Play Integrity check is behind the Google Wallet problem. An Android Police employee has a Galaxy S22 Ultra with the old Google Pay app that is also impacted by the issue, so it’s possible something else is going on. Moreover, Google appears to have switched Wallet to Play Integrity in August, so it’s odd that it’d be causing a problem now.

Regardless, the problem seems to have a wide enough spread that Google will hopefully push out a fix sooner rather than later.

Source: Reddit, (2), (3), Via: Android Police

Categories
Mobile Syrup

iPhone 14, 14 Pro having iMessage, FaceTime issues after set up

Apple warned that those setting up new iPhone 14 or 14 Pro devices may have issues setting up iMessage and FaceTime.

Per an Apple support document spotted by 9to5Mac:

“iMessage and FaceTime might not complete activation on iPhone 14 and iPhone 14 Pro. Update to the latest version of iOS to address the issue.”

Apple goes on to explain that after setting up a new iPhone 14 or 14 Pro, some people may not receive iMessages or FaceTime calls, conversations in messages might show up as two separate threads, and recipients might see your messages coming from the wrong account (such as your email address if you had selected your phone number).

Oh, and most devastating of all: some people might see a green message bubble instead of a blue one. An unfortunate side effect of relying on iMessage for high-quality texting is that when iMessage breaks, you end up falling back to SMS (the green bubbles), a years-old standard that has not kept up with modern messaging expectations. Tim Cook seems to think the solution to green bubble problems is buying an iPhone, but apparently, that doesn’t include the newest iPhones.

Before you panic over having to send a green bubble like the Android plebs, you should know that Apple has fixed the problem with iOS version 16.0.1, which dropped yesterday. iOS 16.0.1 includes a few bug fixes for the new iPhones, including an issue photos may appear soft when zooming in landscape.

The update should fix iMessage and FaceTime activation issues, getting you back into the blue bubble crew. Most iPhones should prompt you to install the new software during setup, but if that doesn’t happen, you can download the update afterwards by going to Settings > General > Software Update.

If you still have issues after updating, Apple suggests making sure your iPhone is connected to a cellular network and then heading into Settings > Messages > Send & Receive and selecting the phone number you want to use with the Messages app.

Source: Apple Via: 9to5Mac

Categories
Mobile Syrup

Google rolling out fix for bug that prevented checking for new Play system updates

Last week, Android users were left confused after the ability to manually check for Google Play system updates mysteriously vanished from devices. Now, the option is coming back, thanks to a Google Play Store update.

As spotted by Twitter user Hiren Vasani and elevated by Esper’s senior technical editor, Mishaal Rahman (via Android Police), the Play Store update ‘31.9.20-21’ fixes the issue and restores the missing menu that lets people check for Play System updates.

If you’re a little confused by all this talk of Play-related updates, here’s the skinny: Google offers Play system updates as a way to push new features or tweaks to Android and Google services without a full-on software update, whereas the Google Play Store update is, well, just an update to Google’s app store. The two are, of course, linked, but Play system updates are part of Google’s ongoing effort to split features off from Android to make it easier to update them without releasing a whole new Android build.

Anyway, to get back the ability to check for Play system updates, you’ll need to update the Google Play Store. To do that, open the Play Store > Tap your profile picture in the top-right corner > Settings > About > Update Play Store (under the Play Store version towards the bottom of the menu).

At the time of writing, the Play Store on a Pixel 6 and Pixel 6a that I tested was still on version 31.9.13-21, and tapping the update option surfaced a pop-up saying the Play Store was up-to-date. Both devices still can’t check for Play system updates, unsurprisingly.

Unfortunately, this will likely be the case for many users for a bit. Google tends to roll out updates slowly. If you’re not seeing the Play Store update now, it should arrive in the next few days. Once that happens, you should be able to check for Play System updates, like the recent August update that doesn’t appear to have rolled out widely yet.

Source: Mishaal Rahman (Twitter) Via: Android Police

Categories
Mobile Syrup

Google Play system updates menu vanishes for some Android users

The ability to check for Google Play system updates has vanished for several Android devices from various manufacturers.

As spotted by 9to5Google, devices from Google, Samsung, Nothing, Xiaomi, Nokia, and Motorola have all lost the ability to check for these updates. It’s worth noting that Google Play system updates are separate from Android updates and exist as yet another way for Google to push new software and features to Android devices.

Previously, users could open the Settings app and navigate to Security > Google Play system update to view details about the current version and check if a new update is available. We actually detailed this process last week when outlining the new features available in the August 2022 Play system update.

Now, however, tapping the ‘Google Play system update’ option in the Security menu doesn’t do anything. It doesn’t open the update page, there’s no longer a ‘Check for update’ button; it’s just gone. It’s not clear if this is related to a bug, or if Google intentionally changed the behaviour.

Either is possible — on the bug side, I recall downloading the August Play system update to my Pixel 6a on the 19th after publishing MobileSyrup‘s coverage of what’s new in the update. However, my Pixel 6a says it’s still on the July update and tapping the Play system update doesn’t do anything. Similarly, a Pixel 6 I tested doesn’t let you click the Play system update option either. It’s also on the July update, but I don’t recall manually triggering the August update on it. It’s possible something in the August update caused this, but with both these phones listing the July update as the current one, I’m not sure.

9to5Google posits that Google changed the behaviour only to show the update page when there’s a new update. While possible, I wonder why the phones still show the July update when the August update is available and supposedly installed on my device.

Whatever the reason, it seems a little weird that the only way to manually trigger a Play system update suddenly vanished. Hopefully, Google provides some information about what’s going on.

Source: 9to5Google

Categories
Mobile Syrup

Samsung Phone app security flaw could allow hackers to reset your phone

LONDON, UK – FEBRUARY 20, 2020: Samsung tech brand leterring logo in Harrods shopping mall.

Samsung phones with software dating back to Android 9 are vulnerable to a newly discovered security flaw that could allow hackers to reset phones, make phone calls, install apps, and more.

Mobile security and privacy company Kryptowire uncovered the flaw and reported it to Samsung earlier this year.

Android Police notes that Samsung delivered a patch for the flaw with the February 2022 security update. The update has already arrived on almost all recent Samsung phones, including down to the Galaxy S9. In other words, make sure your Samsung phone is fully updated to protect yourself from the security flaw.

According to details from Kryptowire, the security vulnerability exists within Samsung’s pre-installed phone app. The app ships on all Samsung handsets, although apparently the a Galaxy S8 running Android 8 wasn’t vulnerable to the attack — Kryptowire says that this requires more investigation, however.

Moreover, Kyrptowire was able to confirm the Galaxy S21 Ultra, Galaxy S10+, and Galaxy A10e were impacted but specified the list wasn’t exhaustive. Instead, it’s intended to show that “a range of Android versions, models, and builds are verified to be vulnerable.”

Samsung’s phone app has privileged access to some underlying system features. Due to the flaw, it’s possible for other apps to hijack those privileges. Kryptowire says that apps that manage to hijack those privileges and take advantage of the flaw can factory reset your phone, make phone calls, install and uninstall apps, undermine HTTPS connections to websites, and more — Kryptowire says those are just limited examples of the potential.

Once again, the best thing Samsung phone owners can do is make sure they’re updated to the most recent software. The February 2022 security patch includes a fix for this flaw.

Image credit: Shutterstock

Source: Kryptowire Via: Android Police

Categories
Mobile Syrup

iOS 15.4 update will ask users to opt out of Siri recordings again

When iOS 15.4 drops later this year, users may see a prompt asking them if they want to help improve Siri by letting Apple review recordings after the update. The prompt’s re-emergence is the result of a bug that re-enabled the saving of Siri recordings for many users in iOS 15.

As explained by ZDNet, Apple found a bug in iOS 15 that turned on the setting to save Siri recordings for customers. After discovering the bug, Apple turned off the feature for several users in iOS 15.2 and deleted the erroneous recording. Apple explained the problem in a statement to ZDNet:

“With iOS 15.2, we turned off the Improve Siri & Dictation setting for many Siri users while we fixed a bug introduced with iOS 15. This bug inadvertently enabled the setting for a small portion of devices. Since identifying the bug, we stopped reviewing and are deleting audio received from all affected devices.”

That’s why the upcoming iOS 15.4 update will ask some users if they want to let Apple save Siri recordings again. While annoying that some users will need to adjust that setting again — Apple clearly has the ability to disable Siri recordings by default since it applied that in iOS 15.2 for impacted users — at least it will confirm for users whether they were hit with the bug.

iOS 15.4 is currently in beta and will likely roll out to users in the coming weeks.

Source: ZDNet

Categories
Mobile Syrup

Bug affecting Safari on macOS, all iOS browsers, could reveal browsing history

Apple prepared a fix for a WebKit bug that could reveal users’ recent browsing history and possibly their identity. However, it’s not clear when the tech giant will release updates with the fix.

According to MacRumors, a WebKit commit (typically refers to a revision made to code) on GitHub fixes a bug. However, Apple has not said when users could expect macOS, iOS or iPadOS updates to arrive with the fix. A January 14th blog post from FingerprintJS noted that the bug was reported to Apple on November 28th, 2021.

MacRumors previously reported about the bug on January 16th, which involves a JavaScript API called IndexedDB, a commonly-used tool for storing data on people’s computers. Specifically, the bug exists in the way WebKit — the open-source engine powering Apple’s Safari browser — implemented IndexedDB.

In short, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites. Put another way, a website can access a list of other websites you’ve visited (even from different tabs or windows) if they’ve stored data using this API. Typically, browsers apply same-origin policy to IndexedDB to prevent sites from accessing anything outside of their own IndexedDB database.

Moreover, sometimes websites include unique user-specific identifiers in IndexedDB database names. MacRumors pointed to YouTube as an example, which creates databases that include users’ authenticated Google User ID in the name. Malicious actors could use this identifier to fetch personal information about users through Google APIs, such as their profile picture or name.

The WebKit bug affects Safari on macOS Monterey, iOS 15 and iPadOS 15. On iOS and iPadOS, Apple also forces third-party browsers to use the WebKit engine — that means browsers like Chrome and Edge running on iOS/iPadOS 15 are also affected. However, the bug doesn’t affect older versions of macOS, or iOS and iPadOS 14.

Ultimately, that means iOS and iPadOS users can’t really do anything to protect themselves from the bug beyond installing the software patch whenever Apple makes it available. For macOS users, however, switching to another browser would work.

Those interested in learning more about the bug should check out a deep-dive on it from FingerprintJS.

Source: MacRumors, (2), FingerprintJS