You might have noticed some reporting a few days ago that Android 17 was rolling out in beta form, but that didn't happen. For reasons Google still has not explained, the release was canceled. Two days later, Android 17 is here for real. If you've got a recent Pixel device, you can try the latest version today, but don't expect big changes just yet—there's still a long way to go before release.

Google will probably have more to say about feature changes for Android 17 in the coming months, but this first wide release is aimed mostly at testing system and API changes. One of the biggest changes in the beta is expanded support for adaptive apps, which ensures that apps can scale to different screen sizes. That makes apps more usable on large-screen devices like tablets and foldables with multiple displays.

We first saw this last year in Android 16, but developers were permitted to opt out of support. The new adaptive app roadmap puts an end to that. Any app that targets Android 17 (API level 37) must support resizing and windowed multitasking. Apps can continue to target the older API for the time being, but Google filters apps from the Play Store if they don't keep up.

Read full article

Comments

Samsung has officially revealed when its next Galaxy Unpacked event, which is where everyone's expecting the Galaxy S26 series to be announced, will take place. But before it airs on Feb. 25 at 1 p.m. EST, the company's offering the chance to get ahead of the game by trading in your current phone for a little extra moolah. Right now, you can sign up on Samsung's website to trade in your phone for up to $900 while pre-ordering a Galaxy S26 phone (or, on the very unlikely chance the S26 isn't announced at the event, whatever is announced in its place).

How to get $900 on Samsung Galaxy S26 trade-in

That's $200 more than Samsung currently offers on trade-ins for its other phones, which top out at $700 when trading in a Galaxy S24 Ultra for a Galaxy S25 phone. And while you're signing up, you'll also get $30 to spend on accessories during (but not before or after) your pre-order. You can also choose to be entered in a $5,000 sweepstakes for general Samsung online store credit, if you'd like.

The catch? The pre-order window doesn't seem to be open quiet yet. Usually, that happens within a week of Galaxy Unpacked airing, but you can still get the process started now. Just head to Samsung's Galaxy Unpacked reservation website, enter your name and at least an email address (you can also toss in your phone number, if you'd like), and you'll be taken to the form you need. If you want to enter the sweepstakes, also check the box saying you want to enter.

From there, you can pick your current phone manufacturer and your phone model from a drop-down menu. Note that the manufacturer options include Samsung, Apple, Google, and "Other," so it seems like Samsung is willing to let you trade in phones it doesn't make, too. As for the model picker, you can pick models going back around five years for each of the manufacturer options, although if you don't see your model on the list, you can also pick "Other" here, too.

How much will Samsung give me for my phone?

I can't promise how much Samsung will give you for each specific phone model, although it stands to reason that newer and higher spec phones will earn you more. I'm also willing to wager that Samsung might give you more credit if you trade in one of its own phones, but that's just speculation. To get the full $900, I'm guessing you'll need to trade in a Galaxy S25 Ultra.

Once you've made your selection, hit Submit, then scroll down a bit and click what you're interested in getting offers from Samsung on. Make sure you at least select "Trade In," and then click Submit here, too.

And that's it for now. Samsung will now know what type of phone you have and that you're interested in a trade-in, and should email you with an appropriate trade-in offer once it's available. Again, this should happen closer to Unpacked, likely within a week of Feb 25.

What will the Galaxy S26 look like?

All in all, it's a good opportunity for a deal, but it does continue an unfortunate trend of Samsung's—asking you to pre-order a device before it's officially been revealed, and before you know its full specs list. Luckily, a number of rumors for the Galaxy S26 has made it easy to guess at what we're likely to see, including a similar look to the S25, no ultra thin S26 Edge model, a Snapdragon 8 Elite processor, and a new 10MP telephoto lens on the Ultra model. For confirmation, though, we have no choice but to wait.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Samsung’s fan editions are meant to give you most of the flagship experience without the flagship price—and the Samsung Galaxy S25 FE does just that. Right now, it’s down to $509.99 from $709.99; a price drop that, according to price tracking tools, marks its lowest price yet. That puts it well below the regular Galaxy S25 while keeping much of the same look and software.

Samsung Galaxy S25 FE 256GB Unlocked Phone (JetBlack)

$509.99 at Amazon

$709.99 Save $200.00

Get Deal

Get Deal

$509.99 at Amazon

$709.99 Save $200.00

PCMag rated it “excellent,” and after looking at what it offers, that tracks. Its 6.7-inch AMOLED screen is big, bright, and responsive, with smooth 120Hz scrolling and enough brightness to hold its own in most settings, though you might catch some glare under direct sunlight.

It includes Samsung’s full Galaxy AI feature set, the same tools found on its pricier siblings. In practice, that means features like live translation, AI photo editing, and writing help are all here. The battery’s a solid performer too, clocking in at 17 hours of video playback in PCMag’s testing. Charging’s fast enough at 45W wired, and you get wireless and reverse wireless charging (handy for earbuds) as well. On the connectivity side, it supports 5G, along with Wi‑Fi 6, Bluetooth 5.4, and NFC for contactless payments. You can use one physical SIM and one eSIM, or go fully digital with dual eSIMs.

The camera setup sticks close to its more expensive siblings with a 50MP main sensor (with OIS), a 12MP ultra-wide, and an 8MP telephoto lens offering 3x zoom. Photos are sharp from the main lens, with Samsung’s typical slightly saturated colors, and the ultra-wide and telephoto lenses are good for social media, though fine detail reportedly falls off when you zoom or crop in. Audio is decent through the stereo speakers, but you’ll want Bluetooth headphones or earbuds for better sound. There’s no headphone jack or microSD card slot, and storage is capped at 256GB—but for the price, that’s not unreasonable. If you want to be in the Samsung ecosystem and try out its newest AI features without spending $800 or more, this is one of the better deals going right now.

Last November, Google announced that it had managed to make Apple's AirDrop compatible with Quick Share on its Pixel 10 phones, allowing them to easily share photos and files with iPhones, iPads, and Macs. The feature was intuitive, and to quote my colleague Jake Peterson, it's worked so seamlessly that it was almost like Quick Share and AirDrop "were built this way from the beginning." But for other Android users, it continued to be business as usual, leading to awkward texts and emails to share files across iOS and Android. Now, though, Google confirmed it's working to bring AirDrop to other Android phones, too, including phones it doesn't make. At an event attended by Android Authority, Android Vice President of Engineering Eric Kay said, "Last year, we launched AirDrop interoperability. In 2026, we're going to be expanding it to a lot more devices."

To a degree, we kind of knew this was coming. While many Pixel only features are implemented via a special Pixel-only system component, Google added AirDrop compatibility to the Pixel 10 by upgrading Quick Share from a system level feature to a full-on app, with its own APK. That laid the groundwork for other Android phones to eventually get AirDrop compatibility of their own, since they can all use this app. For instance, Nothing CEO Carl Pei said in November that his team was "already exploring" adding AirDrop compatibility to Nothing phones, while chipmaker Qualcomm said it "can't wait" for the feature to be enabled on Snapdragon—commonly used in Samsung's Galaxy phones—in the "near future."

Now, it seems like the wait for AirDrop across the rest of Android won't be much longer. While Kay didn't give an exact timeline beyond 2026, he did say that Google is already "working with our partners to expand it into the rest of the ecosystem, and you should see some exciting announcements very soon." That's it as far as official communication goes, but I've reached out to Google for additional comment and will update if I can snag more details. In the meantime, we do have a few possible dates where we could expect the feature to be announced.

The soonest might be the next Samsung Unpacked, where the company is expected to announce the S26 lineup of phones. According to rumors, that'll take place on Feb. 25, and it's not unusual for Google to make an appearance during Unpacked to discuss new features coming to Android that the new phones can take advantage of. Alternatively, Google might save the announcement for its next Google I/O event, which would likely be sometime in May. Or it could just drop the feature online without the fanfare of an official event.

Either way, I can't wait. I take a lot of photos on my phone for this job, and while sending them from my personal iPhone to my work Mac usually isn't an issue, getting them off an Android phone I might be reviewing can be a much bigger pain. As someone who's got an Android tablet, an iPhone, a MacBook, and a Windows PC all within 5 feet of me right now, anything that helps bridge these ecosystems together is a good move in my book.

Read more of this story at Slashdot.

Android Auto users are reporting a bug that is making their cars disappear from the road—ok, not literally, but within Google Maps. On both Reddit and Google's own support forums, drivers now say their car icons are sporadically disappearing from their navigation screens while using the Google Maps app through Android Auto. Some users have discovered workarounds, but the fixes don't appear to be consistent for everyone. Here's what's happening, and what you can do to try to fix it.

Why are car icons disappearing in Google Maps in Android Auto?

The news first started popping up six days ago, on a Reddit thread where multiple users reported problems with their car icons disappearing while using the Google Maps app through Android Auto. According to these drivers, when the bug was triggered, the map would move around normally, and traffic data and navigation instructions continued to display as expected. However, the icon indicating their car's position would suddenly disappear from their screen, making it difficult to know where exactly they were in comparison to the road. That's not ideal if you're trying to judge when your next turn is coming up.

According to the thread's original poster, the issue popped up for them on the Android Auto version 16.1 release, although others mentioned the issue occurring as far back as version 15.9. The bug doesn't appear to happen all the time, but "reliably" appears when leaving Google Maps, opening another app in fullscreen, and either returning to Google Maps in fullscreen or pulling it up alongside the new app in a splitscreen view. To get their icon back, the original poster had to force quit Google Maps on their phone, but this wouldn't stop the bug from occurring again in the future. Google itself has not yet offered public comment on the issue, although I've reached out to the company and will update this post when I hear back.

How to fix Google Maps in Android Auto

If you're encountering a disappearing car icon while using Google Maps through Android Auto, there are a few fixes that have worked for community members, although whether they'll work for everyone appears to be inconsistent.

Try updating or downgrading your Android Auto version

The timing of this bug appears to line up with the Android Auto v16.1 release, which launched last week. While the bug has been reported appearing on older versions of the app, like Android Auto v15.9, it could be worth trying out another version of Android Auto to see if it clears up the issue. For instance, one user mentioned that installing Android Auto V16.0.66 fixed the issue for them. If you're on an older version, you can update to a newest one from the Android Auto listing on the Play Store. If you're on a newest version and want to try an older one, though, you'll need to uninstall your Android Auto app and manually sideload the older version using a trusted APK file. Because these can be tricky to verify, this might not be the best option for most people.

Try changing your Android Auto car icon

Multiple users in the original Reddit thread, including the original poster, pointed out that the bug only seems to affect them when using a non-default car icon. Until Google issues a fix, one solution might be to change your car icon back to the standard white arrow within a blue circle. To change your car icon in Google Maps, open the app on your phone while not connected to Android Auto. Start navigating to a location. Tap on your car icon, and swipe left or right to adjust the icon until you land on the default white arrow within a blue circle. The next time you connect your Google Maps app to Android Auto, your car's icon should be updated. Note that this isn't a guaranteed fix. One user on a Google support forum, for instance, said that their arrow icon also disappeared from Google Maps in Android Auto when returning from another app.

Avoid triggering the bug, or use an alternative navigation app

If there is one saving grace to this bug, it's that the circumstances for triggering it seem to be pretty consistent. That means you can largely avoid it if you simply don't leave the Google Maps app once you open it. But while that might be OK for short trips, it's not ideal for longer ones, where you might want to adjust a podcast or playlist during your drive. You can manually restart your Google Maps app on your phone every time the bug pops up, but not only is that annoying, it's possibly dangerous if you're in the middle of a drive.

If none of the above fixes work for you and you want to retain the ability to exit your fullscreen navigation app without losing your car icon, it might be worth putting Google Maps to bed for now and using an alternative navigation app. Google's own Waze app, for instance, works with Android Auto and does not seem to have this bug right now. Alternative navigation apps do have their own pros and cons, as Waze focuses less on comprehensive mapping and more on real-time crowdsourced traffic information when determining routes. However, it might be worth a shot. If Waze doesn't work for you, other popular navigation apps compatible with Android Auto include Sygic GPS and TomTom - Maps & Traffic (formerly TomTom AmiGo).

There is very little functional difference between iOS and Android these days. The systems could integrate quite well if it weren't for the way companies prioritize lock-in over compatibility. At least in the realm of file sharing, Google is working to fix that. After adding basic AirDrop support to Pixel 10 devices last year, the company says we can look forward to seeing it on many more phones this year.

At present, the only Android phones that can initiate an AirDrop session with Apple devices are Google's latest Pixel 10 devices. When Google announced this upgrade, it vaguely suggested that more developments would come, and it now looks like we'll see more AirDrop support soon.

According to Android Authority, Google is planning a big AirDrop expansion in 2026. During an event at the company's Taipei office, Eric Kay, Google's VP of engineering for Android, laid out the path ahead.

Read full article

Comments

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The Pixel 9 Pro is no longer the latest Pixel you can get; that's now the Pixel 10 lineup. That means you can now get Pixel 9 phones for much cheaper than ever before. Right now, the unlocked 1TB Google Pixel 9 Pro is discounted to $849 (originally $1449). That's the lowest price it has ever been on Amazon, according to price-tracking tools. For comparison, the Pixel 10 Pro with 1TB is $1,249 (originally $1,449).

Google Pixel 9 Pro, 1TB

$849.00 at Amazon

$1,449.00 Save $600.00

Shop Now

Shop Now

$849.00 at Amazon

$1,449.00 Save $600.00

SEE -2 MORE

The Pixel 9 Pro is the middle-of-the-pack option, sandwiched between the cheaper Pixel 9 and the Pixel 9 Pro Fold. The Pixel 9 Pro comes with 16GB of RAM, starts with 128GB of memory storage, a maximum 120 HZ refresh rate, and the Android 14 operating system. As Lifehacker's associate tech editor Michelle Ehrhardt explained in her review of the Pixel 9 Pro, the phone's hardware is the best Google has made so far, but its AI features had hiccups at the beginning. However, Google improved the AI features over time; I loved my time with the Pixel 9, especially using Gemini Live and all the AI features.

The battery life can last around 18 hours and 40 minutes, according to Michelle's review (with YouTube videos playing the entire time). The main camera has a 50MP shooter, a 48MP ultra-wide camera with a 123-degree field of view, and a 48MP telephoto camera with a 30x Super Res Zoom.

If you have the Pixel 8 Pro, you might not notice a huge upgrade in this version. However, if you're upgrading from an older version or doing a switch from a non-Pixel phone, the 9 Pro has a lot to love. One of my favorite things about Pixel phones is the ongoing support for many years. Older Pixels still get all of the updates and tons of AI features that make the phone feel fresh many years later, with the latest ones dropping last month. With the Pixel 9 Pro, you'll be getting a quality phone with software updates for quite a while (as long as seven years).

Starting with 2024's Galaxy S24 series, Samsung started promising seven years of software support for its new phones, following a precedent Google set with the Pixel 8. It was a surprisingly user-friendly and even environmentally conscious move, letting buyers more easily keep their phones for longer while also reducing e-waste generated from constant upgrades. Unfortunately, it didn't apply to previous models, and now we're starting to see the consequences of that.

In Samsung's February 2026 security updates (first spotted by SamMobile), the Galaxy S21, S21+, and S21 Ultra are nowhere to be seen, indicating that they've reached their end of support. The only phone from this line still listed was the S21 FE 5G, which makes sense, since it was released a year after the rest of the S21 line. That means these phones will no longer get regular monthly or quarterly security updates, although if a critical vulnerability pops up, Samsung might still issue an emergency fix.

None of this should be surprising, but it can still be confusing if you're an S21 owner. To be fair to Samsung, the company only ever pledged five years of support for the S21 series on release, and only four years of Android updates. But as far as hardware goes, your phone is probably still running just fine. The Snapdragon 888 chip powering the S21 series is snappy enough for casual use, even if it can be a bit power hungry. Do you really need to replace it, especially so soon after launch?

Can you keep using the Galaxy S21 series?

As far as browsing the internet, watching videos, and scrolling social media apps goes, your Galaxy S21 phone should still hold up well. Gaming and other more demanding tasks might suffer, but there shouldn't be anything physically wrong with your phone aside from aging. The problem comes when you start to consider safety.

Regular security updates help patch holes hackers can use to get into your data or accounts. And these days, hackers have gotten pretty smart. While you might know to avoid sketchy websites or high-risk apps, there are exploits hackers can use now that don't need any interaction from you. Sometimes, all it takes is having a Bluetooth radio in your device, or for the hacker to know your phone number.

Getting hit by one of these hacks might be rare, but it's not a good idea to leave yourself open to the possibility if you can avoid it. It's like driving in a car without a seatbelt—you probably won't get in a crash, but you'll wish you had one if you do. Upgrading to a phone getting official security updates from the manufacturer is the best way to ensure your handset has the most up-to-date safety, but if you can't, there are a few steps you can take to protect yourself.

Install Google Play System Updates to enhance security on an unsupported phone

Getting over-the-air updates directly from your phone's manufacturer is the best way to stay safe while using your phone, but they're not the only way to get security updates. Starting with Android 10, which the Galaxy S21 series does fall under, Google's Project Mainline began delivering partial security updates via Google Play System Updates.

These won't close all vulnerabilities, but they do allow Google to patch holes in media codecs and components, permissions, and a few other features hackers like to exploit, even on devices that no longer get official manufacturer support. "With Project Mainline, we can deliver faster security fixes for critical security bugs," the company said in a blog post. "For example, by modularizing media components, which accounts for nearly 40% of recently patched vulnerabilities."

Project Mainline can't fix everything, especially problems related to your specific device, but if you do find that your phone is out of date, it's worth ensuring your Google Play System Updates are updated to the most recent version until you can find a new one. How to check this will differ from device to device, but you'll generally find these updates under Settings > System > Software updates. Here, you'll see a date showing which Google Play system update your phone is running. These should normally update manually every month, but if the date looks a little old, you can simply tap it to search for a fresh update and download it.

When you should upgrade your Samsung phone

Ideally, you should take the end of software support as a sign to upgrade to a new phone, even if it appears to be working fine. But I get any hesitation you might be feeling. I'm still on Windows 10, which is facing its own security update issues, even though my device still works perfectly for everything I want from it. I'm glad to see companies catching on with extended security updates, so hopefully this will become less of an issue in the future. Tech timelines move fast, but a five-year upgrade cycle feels a lot more wasteful than even a seven-year one.

For now, though, keep in mind that any Samsung phone released before 2024 is going to face an end-of-life sooner than you might think, so it's time to start planning for it accordingly. The company might have moved on to seven years of updates now, but that promise doesn't apply retroactively. So Galaxy S22 owners, it's time to start thinking about what you'll do with your own devices next year.

Read more of this story at Slashdot.

Chromebooks debuted 16 years ago with the limited release of Google's Cr-48, an unassuming compact laptop that was provided free to select users. From there, Chromebooks became one of the most popular budget computing options and a common fixture in schools and businesses. According to some newly uncovered court documents, Google's shift to Android PCs means Chromebooks have an expiration date in 2034.

The documents were filed as part of Google's long-running search antitrust case, which began in 2020 and reached a verdict in 2024. While Google is still seeking to have the guilty verdict overturned, it has escaped most of the remedies that government prosecutors requested. According to The Verge, the company's plans for Chromebooks and the upcoming Android-based Aluminium came up in filings from the remedy phase of the trial.

As Google moves toward releasing Aluminium, it sought to keep the upcoming machines above the fray and retain the Chrome browser (which it did). In Judge Amit Mehta's final order, devices running ChromeOS or a ChromeOS successor are excluded. To get there, Google had to provide a little more detail on its plans.

Read full article

Comments

It's been more than a year since the Galaxy S25, Galaxy S25 Plus, and Galaxy S25 Ultra were unveiled, which means we're overdue some new flagship phones from Samsung. While nothing has been officially revealed about the Galaxy S26, a number of leaks and rumors that have appeared online, providing a pretty good idea of what to expect.

With the caveat that none of this is confirmed (though this information all comes from well-known tipsters with decent track records when it comes to future Samsung products), here's everything the rumors are telling us right now. We'll know how much of it is spot-on once the devices are announced—perhaps as soon as the end of this month.

What rumors say about the Samsung Galaxy S26 series' launch date and pricing

Samsung unveiled the Galaxy S25 phones on Wednesday, Jan. 22, 2025, and they then went on sale on Friday, Feb. 7. We're already into February 2026, and there's still no word about the Galaxy S26 series, so for whatever reason, Samsung hasn't been able to stick to the same schedule that it used last year for its flagship phones' launch.

Still, we should see these handsets appear before we're too much further into 2026. According to information obtained by the team at Dealabs, Samsung is planning to hold a launch event on Wednesday, Feb. 25—which would align with the day of the week that Samsung usually likes to hold its Unpacked events.

This Tweet is currently unavailable. It might be loading or has been removed.

That date has been repeated by veteran leaker Evan Blass, so it looks as certain as anything can be without any official confirmation. There will then be a short preorder period before the phones actually go on sale, as usual, and the Galaxy S26 series is being tipped to start shipping on Wednesday, March 11.

As for pricing, it would seem that these Galaxy S26 handsets are going to cost you as much as their Galaxy S25 counterparts did when they first came out. Several sources, including reports from South Korean media, predict the following starting prices: $799 for the Galaxy S26, $999 for the Galaxy S26 Plus, and $1,299 for the Galaxy S26 Ultra.

What rumors say about the Samsung Galaxy S26 series' design

The three models we're expecting—the standard model, the Plus model, and the Ultra model—match up with what Samsung has done in previous years, including 2025. It's possible that we'll see a more affordable FE (Fan Edition) version of the Galaxy S26 later in the year—the Samsung Galaxy S25 FE launched in September 2025.

What we're probably not going to see is a Samsung Galaxy S26 Edge. The Galaxy S25 Edge, the thinnest Galaxy phone to date, broke cover in May 2025, measuring just 5.8mm front to back. However, multiple sources (including the well-respected Jukan) suggest that sluggish sales have led to the model being dropped this year. (It seems demand is weak for the iPhone Air as well.)

The rear camera design from the Galaxy Z Fold 7 is set to be used on the Galaxy S26. Credit: Samsung

When it comes to the designs of these phones, we're not expecting much to change at all. Android Headlines has posted renders for the 6.3-inch Galaxy S26, the 6.7-inch Galaxy S26 Plus, and the 6.9-inch Galaxy S26 Ultra: That's a slight increase in screen size (from 6.2 inches) for the standard model compared to the Galaxy S25, but the other two look like they'll have the same sized displays as their predecessors.

The only real change in terms of aesthetics is a pill-shaped camera island on the back. This was missing on the Galaxy S25 series, but did show up on the Samsung Galaxy Z Fold 7. Multiple colors have been rumored, in part through wallpaper leaks: They include gray, peach, purple, light blue, black, and silver for the standard model, and black, white, silver shadow, sky blue, cobalt violet, and pink gold for the Ultra model.

What rumors say about the Samsung Galaxy S26 series' specs and features

The Samsung Galaxy S26 phones will come with the standard processor speed bump: As reported by SamMobile, it looks as though the handsets are going to be fitted with a mix of the Snapdragon 8 Elite Gen 5 from Qualcomm, and Samsung's own Exynos 2600 processor, depending on region. If previous years are any indication, all the handsets sold in the US will have Snapdragon CPUs inside.

Don't expect massive leaps forward in terms of cameras: According to The Elec in South Korea, the Galaxy S26 cameras will match those on the Galaxy S25 (50MP main, 12MP ultrawide, and 10MP 3x telephoto), as Samsung tries to keep costs down. However, the Ultra model may get treated to a new 10MP telephoto camera.

The Galaxy S25 series launch. Credit: Samsung

There may be better news when it comes to battery capacity, though this is only one of the contributors to battery life. As Wccftech reports, the Galaxy S26 is rumored to be getting a 4,300mAh battery, compared to the 4,000mAh battery of its predecessor—and the other two models are apparently getting similar bumps as well.

It seems as though this will be the year that Samsung adds MagSafe-style accessory snapping on top of wireless charging to its flagship Galaxy phones. WinFuture has managed to obtain details of some of the official magnetic cases that are apparently coming our way, together with the phones themselves.

The Samsung Galaxy S25 Ultra. Credit: Lifehacker

There is one feature that Samsung has officially teased, and that's a "new layer of privacy" for Galaxy phone screens. When this privacy feature is enabled, it will be much harder for anyone but you to see what's on your display—cutting down the risks of 'shoulder surfers' getting a glance at passwords, PIN codes, or other sensitive information.

Overall then, it seems we'll be getting rather modest upgrades from Samsung this time around, in terms of both the hardware design and the internal specs. On the software side there are several new features to look forward to with One UI 8.5, including improved security and sharing tools, and yet more AI functionality.

It took Android devicemakers a very long time to commit to long-term update support. Samsung and Google have only recently decided to offer seven years of updates for their flagship Android devices, but a decade ago, you were lucky to get more than one or two updates on even the most expensive Android phones and tablets. How is it, then, that an Android-powered set-top box from 2015 is still going strong?

Nvidia released the first Shield Android TV in 2015, and according to the company's senior VP of hardware engineering, Andrew Bell, supporting these devices has been a labor of love. And the team at Nvidia still loves the Shield. Bell assures us that Nvidia has never given up, even when it looked like support for the Shield was waning, and it doesn't plan to stop any time soon.

The soul of Shield

Gaming has been central to Nvidia since its start, and that focus gave rise to the Shield. "Pretty much everybody who worked at Nvidia in the early days really wanted to make a game console," said Bell, who has worked at the company for 25 years.

Read full article

Comments

To avoid a court proceeding, Google has agreed to a $135 million class-action settlement over its data collection practices with Android. News of the settlement was first reported by Reuters. Upon approval by a judge, the settlement could see Android users in the U.S. getting up to $100 each, provided they qualify.

The settlement was filed in San Jose, California on Tuesday evening, and focused on claims that Google collected unnecessary cellular data from customers even when Google apps were closed, location-sharing was disabled, and screens were locked. The lawsuit alleges that Google collected the data with the intent of "conversion," a legal term that in this case would likely mean using the captured data for product development and targeted advertising.

Google denied any wrongdoing, but as part of the settlement, agreed to not transfer data during Android set-up without consent from the user. The company will also initiate new toggles within Android to stop further cellular data transfers, and disclose any data transfers in its Google Play terms of service.

According to Glen Summers, a lawyer for the plaintiffs, the $135 million payout is the largest ever in a conversion case. While the settlement is still awaiting approval from a judge, given Summers' comments, it's likely the plaintiffs will accept it. Here's how to determine if you can claim your slice of that pie.

Who is eligible for a payment in the Android settlement?

Google's settlement covers a fairly wide swath of users: anyone who has used an "Android-powered mobile device" since Nov 12, 2017. However, there appear to be a few caveats. Specifically, because the class-action applies to cellular data, it's unlikely to apply to users of any wifi-only devices, like many Android tablets.

How much you can get in the Android settlement

Payments for the class-action settlement cap out at $100 per class member, although it's unclear whether all users can expect to get that much. Reuters states that lawyers for the class-action may seek up to roughly 30% of the settlement in legal fees, and while there aren't any official numbers on how many Android users there are in the U.S., estimates from third-party firms place the count at roughly 40% of the mobile market overall. As such, $135 million might be spread pretty thin across all eligible class members.

When payments could go out

An initial trial date for the case was originally scheduled for Aug. 5, although the judge could approve the settlement prior to then. Class-action settlements can take anywhere from a few weeks to a few months to be approved, in order to ensure the settlement is fair to all class members and doesn't show any signs of collusion.

How you'll know when a payment has been sent

The methods of contacting eligible class members varies from case to case. In some instances, payment is automatic. However, in many cases, a website is set up where users must file a claim, and physical mail and emails are sent out with PIN numbers and IDs to ensure as many class members know about their eligibility as possible. The company offering the settlement is often involved in sending out these notices, so if you believe you're affected, keep an eye out for an email or physical letter from Google, as well as for a settlement website to be set up.

If you believe you're eligible but don't receive any communication, there will also usually be an email address you can contact. This email address will usually be specific to the case, and while it hasn't been revealed yet, it might be worth reaching out to Google Support if you're worried about missing any deadlines.

Other current Google settlements you may qualify for

Google's data collection settlement isn't its only big class action payout as of late. The company also recently agreed to pay $68 million in another settlement involving Google Assistant after an accusation that it listened in on users without their consent. Google also denied wrongdoing in this instance.

If approved, the settlement will apply to anyone who had at least one device with Google Assistant pre-installed on it as early as 2016. Those who purchased the device will receive anywhere from $18 to $56, while those who lived in a household with one of these devices in it could earn $2 to $10. Steps for receiving your money will likely be similar to those in the Android data collection case.

Phones are valuable targets. If someone can steal your device, especially if they know how to break into it, they have access to a huge amount of your sensitive data. As such, good security features can mean the difference between losing that data, or protecting it entirely—even if your phone is long gone. Google has a number of anti-theft features baked in Android, appropriately called "Theft Protection Features." While the company isn't announcing a slate of new features today, it did announced new updates to its existing Android Theft Protection features in a post on the company's Security Blog Tuesday. Here's what's new:

Google's updated Theft Protection Features for Android

First, the company announced updates to authentication safeguards, which apply to all Android devices running Android 16 or newer. That includes a new dedicated toggle in settings for Failed Authentication Lock, which automatically locks your screen after someone tries to guess your password too many times. Now, you can choose whether or not to keep this feature on right from settings.

Google is also increasing the amount of time your phone locks up after too many failed passcode attempts, which reduces the chance for someone to break into your phone. I wouldn't have thought of this, but Google notes that it has included protections against children that try to break into your phone, by not counting identical passcode attempts against this retry limit. And while it isn't new, Google highlighted that since late 2025, all features and apps that use Android Biometric Prompt now work with Identity Check, which prevents unauthorized users from changing sensitive settings without a successful biometric authentication—meaning a face or fingerprint scan.

The company also announced enhancements to features that are available to devices running at least Android 10. First is an update to Remote Lock, which lets you lock up your phone from a web browser if it is stolen or goes missing. Now, you can set up a security question as part of the unlocking procedure. Even if someone knows your credentials, they'd need to know the answer to your security challenge before they could unlock your device. Tip: If you make the answer something nonsensical, you'll be even more protected (e.g., What is your mother's maiden name? h7r_t*2#). Just be sure to file that answer somewhere safe, like a password manager.

Users in Brazil also have two new security settings enabled by default. The first is Theft Detection Lock, which can detect when your device has been snatched out of your hand in a likely theft situation. The second is Remote Lock, so users in Brazil can take advantage of the above benefits without having to set anything up first—other than the option security challenge question, of course.

These updates might not be revolutionary, but they should help boost your Android's security a bit—and prevent your kids from locking you out of your phone for the day.

A recent Google Pixel feature is reportedly turning on the microphone when it's not supposed to, and Google's finally acknowledged that there's a bug. Reports started as early as last September and gained traction last week, and now, Google has removed the feature on some older phones.

Called "Take a Message," the buggy feature was released last year and is supposed to automatically transcribe voicemails as they're coming in, as well as detect and mark spam calls. Unfortunately, according to reports from multiple users on Reddit (as initially spotted by 9to5Google), the feature has started turning on the microphone while taking voicemails, allowing whoever is leaving you a voicemail to hear you. Audio leaks are bad in any circumstance, but they must feel especially nasty if you're trying to pretend you're not there.

Affected users have have found that while the caller can hear the audio from the person receiving the voicemail, there's no indication on the receiver's end that their audio can be heard, aside from the green microphone indicator possibly turning on.

The issue has been reported affecting Pixel devices ranging from the Pixel 4 to the Pixel 10, and on a recent support page, Google's finally acknowledging it. However, the company's action might not be enough, depending on how cautious you want to be.

According to Community Manager Siri Tejaswini, the company has "investigated this issue," and has confirmed it "affects a very small subset of Pixel 4 and 5 devices under very specific and rare circumstances." The post doesn't go any further on the how and why of the diagnosis, but says that Google is now disabling Take a Message and "next-gen Call Screen features" on these devices.

Next-gen Call Screen is a separate feature that allows Google's AI to ask a caller their name and the purpose of their call before taking a message. No bugs have been reported for it, but Google says it's disabling both features out of "an abundance of caution."

While this should prevent the issue from popping up for users with those phones, it's a bit of a heavy-handed fix. I've reached out to Google to check if Take a Message is only being removed temporarily while the company fixes the bug, or if it will now be permanently gone. In the meantime, Tejaswini does say that Pixel 4 and 5 owners will still be able to use manual and automatic Call Screening, which provide basic protection against spam. The post also suggests that affected users can rely on any call screening features provided by their cellular carriers.

How to disable Take a Message on your Pixel phone

While it's encouraging that Google is taking action on the Take a Message bug, the company only seems to be acknowledging it for Pixel 4 and Pixel 5 models, at least for now. I've asked Google whether owners of other Pixel models should be worried, as user reports seem split on this. Still, because some have mentioned an issue with even the most up-to-date Pixel phone, if you want to practice your own abundance of caution, it might be worth disabling Take a Message on your device, regardless of its model number.

To do this, open your Phone app, then tap the three-lined menu icon at the top-left of the page. Navigate to Settings > Call Assist > Take a Message, and toggle the feature off.

Read more of this story at Slashdot.

If you're going to go with Android rather than an iPhone for your smartphone, then Google Pixel and Samsung Galaxy handsets are the two most high-profile options you've got. There are other Android phones worth considering—from the likes of OnePlus and Nothing, for example—but Google and Samsung are the most well-known.

While the fundamental operating system on Pixel and Galaxy phones is the same, there are numerous differences between these two flavors of Android. They're not all obvious, though, unless you spend every day with these handsets, and that can make it tricky to decide whether you're better off going with Google or Samsung.

As it happens, I use Pixel and Galaxy phones every day, more or less—not because tech journalists are particularly wealthy, but because we have to write a lot of reviews, news stories, and how-to guides for our jobs. Here's what I've learned along the way, and how you can choose between Pixel phones and Galaxy phones.

Customization and clutter

In the old days we used to talk about "stock" Android on Google's Nexus or Pixel phones, but that doesn't really exist any more: Even Google puts its own twists and tweaks on the Android Open Source Project (AOSP) that every Android manufacturer has access to. Samsung adds even more on top of the AOSP foundation, and markets its own take on Android as One UI.

There's no doubt that One UI on Galaxy phones is busier and more complex than Android on Pixel phones—which can either be a positive or a negative, depending on how you like your mobile software. Samsung offers more settings, customizations, and configurations than Google, so One UI is going to appeal to power users.

Samsung's One UI gives you a lot of customization options. Credit: Lifehacker

Galaxy phones offer more in the way of theming options, for example, which completely transform the look of the software—though Pixels have caught up to some extent with features like icon theming in recent updates. You can do more on the lock screen with Samsung phones too, tweaking frames, widgets, and effects as needed.

Google takes a simpler approach to the user interface—which you could praise as uncluttered or criticize as basic, depending on your perspective and taste. The Pixel version of Android has gotten a bit more polished over time, and has borrowed a few tricks from Samsung, but it's still not as customizable overall.

Apps and ecosystem

With Pixel phones, Google's apps are front and center. On a Galaxy phone, you get all of Google's key apps, and all of Samsung's equivalents, installed by default: So again, Galaxy phones are the more cluttered of the two. There's nothing wrong with Samsung's apps for photos, calendars, contacts, web browsing, and so on, but it's likely that most of the time you're going to prefer the Google option.

That might change depending on what else you own: If you have a Galaxy Watch strapped to your wrist, then Samsung Health becomes far more useful and interesting. If you've gone for a Pixel Watch, then you're going to prefer the Google-owned Fitbit. As with most tech purchases these days, from TVs to smart speakers to laptops, you'll need to consider what else you own from Google or Samsung.

Pixels offer easier access to Google's many and varied apps. Credit: Lifehacker

Google does keep some features as exclusives for Pixel phones, though they often trickle out to the wider Android ecosystem over time. At the moment, they include Call Screen (for putting a barrier between you and spam calls), the real-time Scam Detection feature, Pixel Screenshots for analyzing your screengrabs, a Now Playing widget for the home screen, and photo features such as Night Sight.

In some cases, Samsung has counterparts for those Pixel exclusives, and it has a few exclusives of its own that you don't get with Pixel phones. There's also the suite of Good Lock modules that take phone customization and tweaking to the next level: You can set different volume levels for different apps, design your own themes, and take more control over your home screen, for example.

Hardware differences and updates

I don't want to talk too much about hardware differences, because these change regularly with each passing year (or even every six months), but there's no doubt that hardware design comes into play when you're choosing a smartphone—and broadly speaking, I think most people will agree that Samsung's phones are more sleek and stylish.

Aesthetics are subjective, but the Samsung Galaxy series look closer to the polish and refinement of the iPhones, whereas Google takes a more simplified and industrial approach to its Pixels: Look at that chunky rear camera bar for example (which to be fair does help when a phone is laid flat).

Handsets like the Galaxy S25 are easy on the eye. Credit: Samsung

Performance is difficult to gauge, but it's fair to say that the Snapdragon (and even Exynos) chipsets that Samsung uses have a better reputation than the Tensor CPUs that Google puts in its Pixel phones. That said, there's an argument to be made that Google wins on camera lens quality, which is something the Galaxy series hasn't really moved the needle much on in recent years.

What's indisputable is that Android updates roll out to Google phones several months before Samsung phones: Samsung needs time to adapt the AOSP code for its own One UI release, and so if you want to get the latest Android features before anyone else, the Pixel series is your best bet.

My personal preferences

If I'm buying a new Android phone for myself, I'll still usually go with a Google Pixel. The software interface is a little more rudimentary, but I don't mind that, and I use so many Google apps so regularly—Gmail, Google Chat, Google Maps, Google Keep—that I want the most friction-free and seamless access to them possible. I don't want or need a bunch of Samsung apps too.

That's not to say Galaxy phones don't have their appeal, and I like tinkering around with some of the extra features and hacks you don't get with Pixels—like the secret wifi menu, for example, or the built-in easy mode. Ultimately, though, Pixels feel more intuitive and easier to use for me, and I absolutely want to be first in the queue for Android updates.

The Pixel 10 Pro Fold showing off Google's distinctive design language. Credit: Google

Admittedly, part of this is down to familiarity. I've been using Google phones more regularly for across a longer span of time than Samsung phones, and I'm used to them and the way they work—if you're a seasoned Galaxy phone owner, then the benefits of a Pixel probably won't have as much appeal, considering you're going to have to get used to a different set of options and menus.

There's so much visual stuff you can customize in Android Auto. But Android Auto's capabilities go beyond aesthetics and the apps that pop up when you turn on the car. There's a hidden shortcut switch you can enable to run an action in the car that's programmed on your phone. No matter what car you're driving, if it has Android Auto, the shortcut is there.

This is the Custom Assistant Shortcut, and it's been part of Android Auto since early 2021. The feature is worth revisiting now that Gemini is slowly rolling out to replace the legacy Google Assistant on Android Auto. Gemini's natural language processing enables it to handle more complex routines, so you're not just programming a rote command you could have otherwise said out loud. The Custom Assistant Shortcut is labeled a "secret" feature because it's camouflaged beneath a main text label in the Android Auto settings menu. I didn't even think to look for it until I stumbled across the trick on an Android blog, but once you find it, it only takes a minute to set up.

Credit: Florence Ion/Lifehacker

There are several ways to configure the Custom Assistant Shortcut. For example, if you rely on the latest episode of a podcast to carry you through the morning commute, you could set up a shortcut to play the most recent episode via an app that plays well with Gemini, like Spotify or YouTube Music. I prefer to use the Custom Assistant Shortcut for a simpler sequence of actions: finding the nearest branded gas station, no matter where I am in my journey. I programmed the shortcut with the command "Navigate to the nearest [branded gas station]." This begins driving directions to the fuel station I specified, where I can count on adequate lighting and decent bathrooms. It's easier than pawing through the Google Maps app on the Android Auto screen, then looking for the sub-menu option that shows fuel stops, and then sorting through every single option within five miles when you select it. This version of the shortcut is also super helpful on road trips, especially solo ones.

Credit: Florence Ion/Lifehacker

If you're into home automation, this shortcut gets even more powerful. You can program a Google Home Routine so that a phrase triggers a domino effect of actions. Imagine a routine that prepares for your arrival by opening the garage door, disarming the security system, and turning on the lights before you've ever pulled into the driveway.

How to build the Custom Assistant shortcut in Android Auto

You don't need to be in your car to set up the Custom Assistant Action. On your phone, navigate to your Android Auto settings, then scroll down and tap on Customize launcher. Under the main heading, tap the smaller text that says Add a shortcut to the launcher. Select an Assistant action.

Credit: Florence Ion/Lifehacker

From here, the most robust option is to write out a specific command. Something like "Navigate Home," or "Play the latest episode of [podcast title] on [media player]."

Credit: Florence Ion/Lifehacker

Test out your Custom Assistant Shortcut

You can take the shortcut for a spin in your car before hitting the road. The ability to test the command will pop up when you connect your phone to the car. You'll see your new shortcut appear in the app drawer as a standard app icon. It will have a small Gemini asterisk in the corner to distinguish it from native apps (it may still show the legacy Assistant icon in your phone's settings).

The "Test Command" button is on the same page where you set up the Custom Assistant Shortcut. Tap it, and you'll know your shortcut is working if the signature rainbow Gemini glow pulses at the bottom of the screen. If not, try adjusting the wording of your command and continue testing until it's a go.

Things to note about Custom Assistant Shortcut in Android Auto

These actions are tied to your Google account on your phone, so if you hop into another car with Android Auto, the button will follow you to the display. Remember that Gemini requires a stable data connection to process those requests. If you're driving through a cellular "dead zone," the shortcut might hang, which is annoying while driving. If the shortcut is hard to find in the app drawer, remember you can return to the Customize Launcher menu in the phone's settings and reorder the shortcuts so they're at the top of the drawer.

We may earn a commission from links on this page.

At the start of December, Samsung announced its first triple-folding phone, which opens not just once, but twice, unfurling into a massive 10-inch display. It's not the first triple-folding phone to hit the market, but since Huawei is technically banned from operating in the U.S., it's the first planned to officially arrive Stateside. Now the phone, called the Samsung Galaxy Z TriFold, finally has an official release date. But it also has an official price, and it's eye-watering.

Folding phones have historically been pretty expensive, but with a retail price of $2,900, the Galaxy Z TriFold is nearly $1,000 more expensive that the company's current folding flagship, the Samsung Galaxy Z Fold 7. Granted, being able to fold it out to a 10-inch display is kind of like stuffing a laptop in your pocket, but then, you can get an actual laptop (a really good one!) for less than half the cost.

If the idea of laying down more than three grand after tax isn't deterring you, the Samsung Galaxy Z TriFold goes on sale on Jan. 30, and can be bought either online or in-person at one of Samsung's Experience Stores, with seven locations across California, Minnesota, New York, and Texas. If you happen to have a physical store near you, it might be worth checking in on their stock—Samsung won't be taking preorders for this phone, and despite the high price, it sold out within minutes during its South Korean launch.

While Samsung does sell a 1TB model overseas, the base model will be all U.S. customers can buy at launch. This version of the TriFold comes in black and offers 512GB of storage. It's decked out with a high resolution 2,160 x 1,584 inner display, a 2520 x 1,080 outer display, the top-of-the-line Snapdragon 8 Elite chip, 16GB of RAM, and a powerful 200MP main camera (although the other lenses aren't as powerful as those found on non-folding phones). And yes, the screens are both AMOLED with a 120Hz refresh rate.

The novelty might be worth it for some, and I suppose if you buy the TriFold instead of a phone and a tablet separately, that could help justify the price. Still, you can get a non-folding Samsung Galaxy S25 Ultra for $1,050 right now, add an iPad Pro for $899, and still save $1,000 over the cost of this new gadget.

If you're on the fence, the aforementioned Samsung Experience stores do offer demos of the TriFold so you can try before you buy, although the sparse selection of locations means that won't be an option for many.

More affordable folding phones than the Samsung Galaxy Z Trifold

Pretty much every folding phone on the market right now is expensive, but if you must have a folding phone but you can't justify the cost of a triple-folding model, there are other, cheaper options available.

The most obvious alternative is the Samsung Galaxy Z Fold 7, which is still pricey at its $2,000 retail price, though you can pay less if you can score a deal or special promotion. It'll net you most of the same specs as the TriFold, although the inner screen maxes out at 8-inches instead of 10-inches. It's still not a bad deal, since those extra two inches would come at $450 a pop. Currently, I've managed to track down an Amazon deal selling them for $1,600, although supply is limited.

If you're stuck paying full price, you might instead prefer the Pixel 10 Pro Fold, which starts at $1,800. That'll also give you an 8-inch inner screen, although Google's Tensor chips have a history of not being quite as strong as the Snapdragon chips that come with the Galaxy series, and the main camera is a far cry below the 200MP one found on both the Z Fold 7 and the TriFold.

There are also flip phones, although these aren't really a replacement for folding phones. Instead of opening horizontally for a larger screen, they open vertically to reveal a standard phone-sized screen. In that way, they're better for portability than they are for extra features, but they are a lot cheaper—the most recent Motorola Razr is currently on sale for $400 (MSRP $700), while the Samsung Galaxy Z Flip 7 is on sale for $900 (MSRP $1,100).

Finally, you might consider waiting for the rumored iPhone Fold, which is expected to come out later this year. Initial rumors put the price somewhere between $2,100 to $2,500, and while price definitely includes the Apple Tax, it's still much cheaper than the TriFold.

WhatsApp is going through a rough patch. Some users would argue it has been ever since Meta acquired the once widely trusted messaging platform. User sentiment has shifted from “trusted default messenger” to a grudgingly necessary Meta product.

Privacy-aware users still see WhatsApp as one of the more secure mass-market messaging platforms if you lock down its settings. Even then, many remain uneasy about Meta’s broader ecosystem, and wish all their contacts would switch to a more secure platform.

Back to current affairs, which will only reinforce that sentiment.

Google’s Project Zero has just disclosed a WhatsApp vulnerability where a malicious media file, sent into a newly created group chat, can be automatically downloaded and used as an attack vector.

The bug affects WhatsApp on Android and involves zero‑click media downloads in group chats. You can be attacked simply by being added to a group and having a malicious file sent to you.

According to Project Zero, the attack is most likely to be used in targeted campaigns, since the attacker needs to know or guess at least one contact. While focused, it is relatively easy to repeat once an attacker has a likely target list.

And to put a cherry on top for WhatsApp’s competitors, a potentially even more serious concern for the popular messaging platform, an international group of plaintiffs sued Meta Platforms, alleging the WhatsApp owner can store, analyze, and access virtually all of users’ private communications, despite WhatsApp’s end-to-end encryption claims.

How to secure WhatsApp

Reportedly, Meta pushed a server change on November 11, 2025, but Google says that only partially resolved the issue. So, Meta is working on a comprehensive fix.

Google’s advice is to disable Automatic Download or enable WhatsApp’s Advanced Privacy Mode so that media is not automatically downloaded to your phone.

And you’ll need to keep WhatsApp updated to get the latest patches, which is true for any app and for Android itself.

Turn off auto-download of media

Goal: ensure that no photos, videos, audio, or documents are pulled to the device without an explicit decision.

• Open WhatsApp on your Android device.
• Tap the three‑dot menu in the top‑right corner, then tap Settings.
• Go to Storage and data (sometimes labeled Data and storage usage).
• Under Media auto-download, you will see When using mobile data, when connected on Wi‑Fi. and when roaming.
• For each of these three entries, tap it and uncheck all media types: Photos, Audio, Videos, Documents. Then tap OK.
• Confirm that each category now shows something like “No media” under it.

Doing this directly implements Project Zero’s guidance to “disable Automatic Download” so that malicious media can’t silently land on your storage as soon as you are dropped into a hostile group.

Stop WhatsApp from saving media to your Android gallery

Even if WhatsApp still downloads some content, you can stop it from leaking into shared storage where other apps and system components see it.

• In Settings, go to Chats.
• Turn off Media visibility (or similar option such as Show media in gallery). For particularly sensitive chats, open the chat, tap the contact or group name, find Media visibility, and set it to No for that thread.

WhatsApp is a sandbox, and should contain the threat. Which means, keeping media inside WhatsApp makes it harder for a malicious file to be processed by other, possibly more vulnerable components.

Lock down who can add you to groups

The attack chain requires the attacker to add you and one of your contacts to a new group. Reducing who can do that lowers risk.

• ​In Settings, tap Privacy.
• Tap Groups.
• Change from Everyone to My contacts or ideally My contacts except… and exclude any numbers you do not fully trust.
• If you use WhatsApp for work, consider keeping group membership strictly to known contacts and approved admins.

Set up two-step verification on your WhatsApp account

Read this guide for Android and iOS to learn how to do that.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

When Apple introduced Liquid Glass to the public in June of last year, it kicked off a saga that's still ongoing. The company's toned down the effect multiple times, and in November, it added controls for tinting it. Some have even found out ways to disable Liquid Glass entirely. It's not a quagmire I'd jump into willingly, but apparently, that's exactly what Android's about to do.

According to "images of internal builds" seen by 9to5Google, Android's next update will add significant amounts of blur "across Android 17."

"Throughout the OS, you can expect a system UI that switches from solid light or dark backgrounds to a blur effect that allows you to see what's immediately behind the component you're interacting with," writes 9to5Google's Abner Li.

That sounds a lot like Liquid Glass to me, and Li further confirms that elements like the volume bar and mode switcher will be translucent, allowing you to see your wallpaper and app icons in the background.

Credit: Google

This actually isn't Google's first time experimenting with transparency effects. In Android 16 QPR1, Google already added blur to the notification and quick settings panels. What's new is that we can now expect it in other parts of the OS as well, for a more cohesive look. So if it hasn't bothered you yet, you don't need to worry about opening your phone on Android 17's release date and seeing a brand new interface.

Li also says that "Compared to Liquid Glass on iOS, Android's new look is more subtle," although some are likely to be more sensitive to it than others.

Personally, I haven't noticed the blur that's already there much, but even if you don't mind the aesthetic, the effect can be a slight drain on battery life. Luckily, even before it's been introduced across the OS at large, there's a way to turn off blur in Android.

This came in Android QPR2, specifically as a response to the new effects (although it was technically available in developer options before then). To do this, open your Settings app, and then navigate to Accessibility > Color & Motion. From there, tap on Reduce blur effects. The change will take place immediately, so you'll be able to test then and there which look you prefer.

Like other new Android features, the blur is likely to come to Pixels first, and because Google's branding it as part of its own Material 3 Expressive design language, it might not make the jump to Samsung Galaxy or other Android phones. The exception could be in Google-branded apps, although Li said "it remains to be seen" whether Google will add blur to its apps in addition to the OS.

If you're a Pixel owner, you may want to update your settings for Phone by Google. 9to5Google reports that a handful of users have experienced a bug with the Take a Message feature that records and sends audio to callers as they are leaving a voicemail.

Take a Message is a recently introduced feature for the Phone app that activates when the recipient is not available to answer (or declines the incoming call). The caller hears the following: “The person you have called is not available. Please leave a message after the tone.” If you, as the recipient, tap the Take a message notification on your device, you can see a transcript of the audio in real time and hit Answer if you want to pick up. (Take a Message will also detect spam calls and mark them with a warning.)

A few users have reported that Take a Message has activated and allowed the caller to hear the recipient's background audio as they are leaving a message. It's important to note that this is not a widespread issue, and most of the reports come from people with older Pixel devices that no longer get OS updates. According to 9to5Google, Google is investigating the reports.

Again, while this doesn't seem to be a bug affecting most Pixel users, you can disable Take a Message if you are concerned about privacy, especially with unknown callers.

How to disable Take a Message on your Pixel

Open the Phone app on your device and tap the icon in the top-left corner to open Settings. Tap Take a Message under the Call Assist section and toggle the feature off.

About half a year ago, I wrote an article about persistent rumours I’d heard from Android ROM projects that Google was intending to discontinue the Android Open Source Project (AOSP). AOSP has been gutted by Google over the years, with the company moving more and more parts of the operating system into closed-source, non-AOSP components, like Google Play Services. While you can technically still run bare AOSP if you’re really hardcore, it’s simply unusable for 99% of smartphone users out there.

Google quickly responded to these widespread rumours, stating that “AOSP is not going away”, and a lot of people, clearly having learned nothing from human history, took this at face value and believed Google word-for-word. Since corporations can’t be trusted and lying is their favourite activity, I drew a different conclusion at the time:

This seems like a solid denial from Google, but it leaves a lot of room for Google to make a wide variety of changes to Android’s development and open source status without actually killing off AOSP entirely. Since Android is licensed under the Apache 2.0 license, Google is free to make “Pixel Android” – its own Android variant – closed source, leaving AOSP up until that point available under the Apache 2.0 license. This is reminiscent of what Oracle did with Solaris. Of course, any modifications to the Linux kernel upon which Android is built will remain open source, since the Linux kernel is licensed under the GPLv2.

If Google were indeed intending to do this, what could happen is that Google takes Android closed source from here on out, spinning off whatever remains of AOSP up until that point into a separate company or project, as potentially ordered during the antitrust case against Google in the United States. This would leave Google free to continue developing its own “Pixel Android” entirely as proprietary software – save for the Linux kernel – while leaving AOSP in the state it’s in right now outside of Google. This technically means “AOSP is not going away”, as Chau claims.

↫ Thom Holwerda at OSNews

Ever since the claim that “AOSP is not going away”, Google has taken numerous steps to further tighten the grip it has on Android, much to the detriment of both the Android Open Source Project and the various ROM makers that depend on it. Device-specific source code for Pixel devices is no longer being released, Google dabbled with developer certification even for developers outside of Google Play, and Google significantly scaled back the release of security patches to AOSP.

And now it’s early 2026, and Google is about to take the next step in the slow killing of the Android Open Source Project. On the main page of the Android Open Source Project, there’s now a new message:

Effective in 2026, to align with our trunk stable development model and ensure platform stability for the ecosystem, we will publish source code to AOSP in Q2 and Q4. For building and contributing to AOSP, we recommend utilizing android-latest-release instead of aosp-main. The android-latest-release manifest branch will always reference the most recent release pushed to AOSP.

This means that instead of four AOSP code releases every year, Google is now scaling back to just two every year. The gutting and eventual killing of AOSP has now reached the point where the open source nature of AOSP is effectively meaningless, and we’re yet a few more big steps closer to what I outlined above: eventually, Google will distance itself from AOSP entirely, focusing all of its efforts on Pixel Android alone – without any code contributions to AOSP at all. If you still think “AOSP is not going away”, you’re delusional.

OASP is already on life support, and with this latest move Google is firmly gripping the plug.

This blog is part of a series highlighting new and concerning trends we noticed over the last year. Trends matter because they almost always provide a good indication of what’s coming next.

If there’s one thing that became very clear in 2025, it’s that malware is no longer focused on Windows alone. We’ve seen some major developments, especially in campaigns targeting Android and macOS. Unfortunately, many people still don’t realize that protecting smartphones, tablets, and other connected devices is just as essential as securing their laptops.

Android

Banking Trojans on Android are not new, but their level of sophistication continues to rise. These threats continue to be a major problem in 2025, often disguising themselves as fake apps to steal credentials or stealthily take over devices. A recent wave of advanced banking Trojans, such as Herodotus, can mimic human typing behaviors to evade detection, highlighting just how refined these attacks have become. Android malware also includes adware that aggressively pushes intrusive ads through free apps, degrading both the user experience and overall security.

Several Trojans were found to use overlays, which are fake login screens appearing on top of real banking and cryptocurrency apps. They can read what’s on the screen, so when someone enters their username and password, the malware steals them.

macOS

One of the most notable developments for Mac users was the expansion of the notorious ClickFix campaign to macOS. Early in 2025, I described how criminals used fake CAPTCHA sites and a clipboard hijacker to provide instructions that led visitors ro infect their own machines with the Lumma infostealer.

ClickFix is the name researchers have since given to this type of campaign, where users are tricked into running malicious commands themselves. On macOS, this technique is being used to distribute both AMOS stealers and the Rhadamanthys infostealer.

Cross-platform

Malware developers increasingly use cross-platform languages such as Rust and Go to create malware that can run on Windows, macOS, Linux, mobile, and even Internet of Things (IoT) devices. This enables flexible targeting and expands the number of potential victims. Malware-as-a-Service (MaaS) models are on the rise, offering these tools for rent or purchase on underground markets, further professionalizing malware development and distribution.

Social engineering

iPhone users have been found to be more prone to scams and less conscious about mobile security than Android owners. That brings us to the first line of defense, which has nothing to do with the device or operating system you use: education.

Social engineering exploits human behavior, and knowing what to look out for makes you far less likely to fall for a scam.

Fake apps that turn out to be malware, malicious apps in the Play Store, sextortion, and costly romance scams all prey on basic human emotions. They either go straight for the money or deliver Trojan droppers as the first step toward infecting a device.

We’ve also seen consistent growth in Remote Access Trojan (RAT) activity, often used as an initial infection method. There’s also been a rise in finance-focused attacks, including cryptocurrency and banking-related targets, alongside widespread stealer malware driving data breaches.

What does this mean for 2026?

Taken together, these trends point to a clear shift. Cybercriminals are increasingly focusing on operating systems beyond Windows, combining advanced techniques and social engineering tailored specifically to mobile and macOS.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Android users spent 2025 walking a tighter rope than ever, with malware, data‑stealing apps, and SMS‑borne scams all climbing sharply while attackers refined their business models around mobile data and access.

Looking back, we may view 2025 as the year when one-off scams were replaced on the score charts by coordinated, well-structured, attack frameworks.

Comparing two equal six‑month periods—December 2024 through May 2025 versus June through November 2025—our data shows Android adware detections nearly doubled (90% increase), while PUP detections increased by roughly two‑thirds and malware detections by about 20%.

The strong rise in SMS-based attacks we flagged in June indicates that 2025 is the payoff year. The capabilities to steal one‑time passcodes are no longer experimental; they’re being rolled into campaigns at scale.

The shift from nuisances to serious crime

Looking at 2024 as a whole, malware and PUPs together made up almost 90% of Android detections, with malware rising to about 43% of the total and potentially unwanted programs (PUPs) to 45%, while adware slid to around 12%.

That mix tells an important story: Attackers are spending less effort on noisy annoyance apps and more on tools that can quietly harvest data, intercept messages, or open the door to full account takeover.

But that’s not because adware and PUP numbers went down.

Shahak Shalev, Head of AI and Scam Research at Malwarebytes pointed out: 

The holiday season may have just kicked off, but cybercriminals have been laying the groundwork for months for successful Android malware campaigns. In the second half of 2025, we observed a clear escalation in mobile threats. Adware volumes nearly doubled, driven by aggressive families like MobiDash, while PUP detections surged, suggesting attackers are experimenting with new delivery mechanisms. I urge everyone to stay vigilant over the holidays and not be tempted to click on sponsored ads, pop-ups or shop via social media. If an offer is too good to be true, it usually is.”  

For years, Android/Adware.MobiDash has been one of the most common unwanted apps on Android. MobiDash comes as an adware software development kit (SDK) that developers (or repackagers) bolt onto regular apps to flood users with pop‑ups after a short delay. In 2025 it still shows up in our stats month after month, with thousands of detections under the MobiDash family alone.

So, threats like MobiDash are far from gone, but they increasingly become background noise against more serious threats that now stand out.

Over that same December–May versus June–November window, adware detections nearly doubled, PUP detections rose by about 75%, and malware detections grew by roughly 20%.

In the adware group, MobiDash alone grew its monthly detection volume by more than 100% between early and late 2025, even as adware as a whole remained a minority share of Android threats. In just the last three months we measured, MobiDash activity surged by about 77%, with detections climbing steadily from September through November.

A more organized approach

Rather than relying on delivering a single threat, we found cybercriminals are chaining components like droppers, spying modules, and banking payloads into flexible toolkits that can be mixed and matched per campaign.

What makes this shift worrying is the breadth of what information stealers now collect. Beyond call logs and location, many samples are tuned to monitor messaging apps, browser activity, and financial interactions, creating detailed behavioral profiles that can be reused across multiple fraud schemes. As long as this data remains monetizable on underground markets, the incentive to keep these surveillance ecosystems running will only grow.

As the ThreatDown 2025 State of Malware report points out:

“Just like phishing emails, phishing apps trick users into handing over their usernames, passwords, and two-factor authentication codes. Stolen credentials can be sold or used by cybercriminals to steal valuable information and access restricted resources.”

Predatory finance apps like SpyLoan and Albiriox typically use social engineering (sometimes AI-supported) promising fast cash, low-interest loans, and minimal checks. Once installed, they harvest contacts, messages, and device identifiers, which can then be used for harassment, extortion, or cross‑platform identity abuse. Combined with access to SMS and notifications, that data lets operators watch victims juggle real debts, bank balances, and private conversations.

One of the clearest examples of this more organized approach is Triada, a long-lived remote access Trojan (RAT) for Android. In our December 2024 through May 2025 data, Triada appeared at relatively low but persistent levels. Its detections then more than doubled in the June–November period, with a pronounced spike late in the year.

Triada’s role is to give attackers a persistent foothold on the device: Once installed, it can help download or launch additional payloads, manipulate apps, and support on‑device fraud—exactly the kind of long‑term ‘infrastructure’ behavior that turns one‑off infections into ongoing operations.

Seeing a legacy threat like Triada ramp up in the same period as newer banking malware underlines that 2025 is when long‑standing mobile tools and fresh fraud kits start paying off for attackers at the same time.

If droppers, information stealers, and smishing are the scaffolding, banking Trojans are the cash register at the bottom of the funnel. Accessibility abuse, on‑device fraud, and live screen streaming, can make transactions happen inside the victim’s own banking session rather than on a cloned site. This approach sidesteps many defenses, such as device fingerprinting and some forms of multi-factor authentication (MFA). These shifts show up in the broader trend of our statistics, with more detections pointing to layered, end‑to‑end fraud pipelines.

Compared to the 2024 baseline, where phishing‑capable Android apps and OTP stealers together made up only a small fraction of all Android detections, the 2025 data shows their share growing by tens of percentage points in some months, especially around major fraud seasons.

What Android users should do now

Against this backdrop, Android users need to treat mobile security with the same seriousness as desktop and server environments. This bears repeating, as Malwarebytes research shows that people are 39% more likely to click a link on their phone than on their laptop.

 A few practical steps make a real difference:​

• Prefer official app stores, but do not trust them blindly. Scrutinize developer reputation, reviews, and install counts, especially for financial and “utility” apps that ask for sensitive permissions.​
• Be extremely cautious with permissions like SMS access, notification access, Accessibility, and “Display over other apps,” which show up again and again in infostealers, banking Trojans, and OTP-stealing campaigns.​​
• Avoid sideloading and gray‑market firmware unless absolutely necessary. When possible, choose devices with a clear update policy and apply security patches promptly.​
• Treat unexpected texts and messages—particularly those about payments, deliveries, or urgent account issues—as hostile until proven otherwise and never tap links or install apps directly from them.​​
• Run up-to-date real-time mobile security software that can detect malicious apps, block known bad links, and flag suspicious SMS activity before it turns into full account compromise.​

Mobile threats in 2025 are no longer background noise or the exclusive domain of power users and enthusiasts. For many people, the phone is now the main attack surface—and the main gateway to their money, identity, and personal life.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Researchers have analyzed a new threat campaign actively targeting Android users. The malware, named DroidLock, takes over a device and then holds it for ransom. The campaign to date has primarily targeted Spanish-speaking users, but researchers warn it could spread.

DroidLock is delivered via phishing sites that trick users into installing a malicious app pretending to be, for example, a telecom provider or other familiar brand. The app is really a dropper that installs malware able to take complete control of the device by abusing Device Admin and Accessibility Services permissions.

Once the victim grants accessibility permission, the malware starts approving additional permissions on its own. This can include access to SMS, call logs, contacts, and audio, which gives attackers more leverage in a ransom demand.

DroidLock also leverages Accessibility Services to create overlays on other apps. The overlays can capture device unlock patterns (giving the attacker full access) and also show a fake Android update screen, instructing victims not to power off or restart their devices.

DroidLock uses Virtual Network Computing (VNC) for remote access and control. With this, attackers can control the device in real time, including starting camera, muting sound, manipulating notifications, and uninstalling apps, and use overlays to capture lock patterns and app credentials. They can also deny access to the device by changing the PIN.

The researchers warn that:

“Once installed, DroidLock can wipe devices, change PINs, intercept OTPs (One-Time Passwords), and remotely control the user interface”

Unlike regular ransomware, DroidLock doesn’t encrypt files. But by blocking access and threatening to destroy everything unless a ransom is paid, it reaches the same outcome.

Urgent
Last chance
Time remaining {starts at 24 hours}
After this all files wil be deleted forever!
Your files will be permanently destroyed!
Contact us immediately at this email or lose everything forever: {email address}
Include your device ID {ID}
Payment required within 24 hours
No police, no recovery tools, no tricks
Every second counts!

How to stay safe

If this campaign turns out to be successful in Spain, we’ll undoubtedly see it emerge in other countries as well. So here are a few pointers to stay safe:

• Only install apps from official app stores and avoid installing apps promoted in links in SMS, email, or messaging apps.
• Before installing apps, verify the developer name, number of downloads, and user reviews rather than trusting a single promotional link.
• Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware.
• Scrutinize permissions. Does an app really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for accessibility, SMS, or camera access.
• Keep Android, Google Play services, and all important apps up to date to get the latest security fixes.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Android Vulnerabilities CVE-2025-48572 and CVE-2025-48633 Under Attack

7 Critical Android Vulnerabilities Also Patched

Google has made it very clear that it’s intending to bring Android to laptops and desktops, and replace Chrome OS with Android in the process. We now have a codename, and some more information about what this will look like in practice.

Over the weekend, a tipster on Telegram named Frost Core shared a link to an intriguing Google job listing for a ‘Senior Product Manager, Android, Laptop and Tablets.’ While we already know Google is bringing Android to the PC, the listing explicitly states that the role involves ‘working on a new Aluminium, Android-based, operating system.’ This effectively confirms that Aluminium is the codename for the new unified platform. The name appears to be a nod to the project’s roots: like Chromium (the open-source version of ChromeOS), Aluminium is a metal ending in ‘-ium.’ The choice of the British spelling — emphasizing the ‘Al’ prefix — likely pays homage to Android serving as the project’s foundation.”

↫ Mishaal Rahman at Android Authority

So we have the codename, and of course, what we also have is a strong focus on “AI”, which will be “at the core” of desktop Android. Further details uncovered in job openings include a focus not just on entry-level hardware, but also midrange and premium laptops and desktops, as well as Chrome OS being replaced by this new desktop Android variant. I somehow doubt existing Chrome OS devices will be updated to this new desktop Android variant, so Chrome OS will continue to exist as a product for at least quite a few years to come.

I still have a considerable amount of doubt that Google would be able to pull this off in a successful way. It’s already hard enough to get anyone to buy any laptop that isn’t running Windows or macOS, and I doubt the Android operating system has the kind of pull with consumers to make them consider switching to it on their laptops or desktops. Enthusiasts will surely eat it up – if only to try – but without any clear, massive success, this desktop Android thing runs the real risk of ending up at Google’s graveyard.

These Android laptops can be incredible products, but even if they are, I just won’t trust Google to remain interested in it.

Android Malware Deploys Fake Login Screens

Capturing Encrypted Messages

A controversy over data-gathering software secretly installed on Samsung phones has erupted again after a new accusatory post appeared on X last week.

In the post on the social media site, cybersecurity newsletter International Cyber Digest warned about a secretive application called AppCloud that Samsung had allegedly put on its phones. The software was, it said,

“unremovable Israeli spyware.”

This all harks back to May, when digital rights group SMEX published an open letter to Samsung. It accused the company of installing AppCloud on its Galaxy A and M series devices, although stopped short of calling it spyware, opting for the slightly more diplomatic “bloatware”.

The application, apparently installed on phones in West Asia and North Africa, did more than just take up storage space, though.According to SMEX, it collected sensitive information, including biometric data and IP addresses.

SMEX’s analysis says the software, developed by Israeli company ironSource, is deeply integrated into the device’s operating system. You need root access to remove it, and doing so voids the warranty.

Samsung has partnered with ironSource since 2022, carrying the its Aura toolkit for telecoms companies and device maker in more than 30 markets, including Europe. The pair expanded the partnership in November 2022—the same month that US company Unity Technologies (that makes the Unity game engine) completed its $4.4bn acquisition of ironSource. That expansion made ironSource

“Samsung’s sole partner on newly released A-series and M-series mobile devices in over 50 markets across MENA – strengthening Aura’s footprint in the region.”

SMEX’s investigation of ironSource’s products points to software called Install Core. It cites our own research of this software, which is touted as an advertising technology platform, but can install other products without the user’s permission.

AppCloud wasn’t listed on the Unity/Ironsource website this February when SMEX wrote its in-depth analysis. It still isn’t. It also doesn’t appear on the phone’s home screen. It runs quietly in the background, meaning there’s no privacy policy to read and no consent screen to click, says SMEX.

Screenshots shared online suggest AppCloud can access network connections, download files at will, and prevent phones from sleeping. However, this does highlight one important aspect of this software: While you might not be able to start it from your home screen or easily remove it, you can disable it in your application list. Be warned, though; it has a habit of popping up again after system updates, say users.

Not Samsung’s first privacy controversy

This isn’t Samsung’s first controversy around user privacy. Back in 2015, it was criticized for warning users that some smart TVs could listen to conversations and share them with third parties.

Neither is it the first time that budget phone users have had to endure pre-installed software that they might not have wanted. In 2020, we reported on malware that was pre-installed on budget phones made available via the US Lifeline program.

In fact, there have been many cases of pre-installed software on phones that are identifiable as either malware or potentially unwanted programs. In 2019, Maddie Stone, a security researcher for Google’s Project Zero, explained how this software makes its way onto phones before they reach the shelves. Sometimes, phone vendors will put malware onto their devices after being told that it’s legitimate software, she warned. This can result in botnets like Chamois, which was built on pre-installed malware purporting to be from an SDK.

One answer to this problem is to buy a higher-end phone, but you shouldn’t have to pay more to get basic privacy. Budget users should expect the same level of privacy as anyone else. We wrote a guide to removing bloatware— it’s from 2017, but the advice is still relevant.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Google has been using Rust in Android more and more for its memory safety characteristics, and the results on that front were quite positive. It turns out, however, that not only does using Rust reduce the number memory safety issues, it’s also apparently a lot faster to code in Rust than C or C++.

We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust’s impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.

↫ Jeff Vander Stoep at the Google Security Blog

When you think about it, it actually makes sense. If you have fewer errors of a certain type, you’ll spend less time fixing those issues, time which you can then spend developing new code. Of course, it’s not that simple and there’s a ton more factors to consider, but on a base level, it definitely makes sense. Spellcheck in word processors means you have to spend less time detecting and fixing spelling errors, so you have more time to spend on actually writing.

I’m sure we’ll all be very civil about this, and nobody will be weird about Rust at all.

Only a few months ago, Google announced it was going to require that all Android applications – even those installed outside of the Play Store – had to be verified. This led to a massive backlash, and it seems our protests and complaints have had effect: the company announced a change in plans today, and will, in fact, not require certification for installing applications outside of the Play Store.

Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn’t verified. We are designing this flow specifically to resist coercion, ensuring that users aren’t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months.

↫ Matthew Forsythe Director at the Android Developers Blog

While this is great news, I’m still concerned this is only temporary. Companies like Google have a tendency to announce some draconian measure to test the waters, walk it back in response to backlash, only to then reintroduce it through some sneaky backdoor a year later when nobody’s looking. Installing whatever we want on the devices we own should be a protected right, not something graciously afforded to us by our corporate overlords.

If you think this is the end of this story, you’re a fool.

Researchers at Zimperium identified Fantasy Hub, a new Android spyware developed and sold as a subscription on Russian-language cybercrime forums.

Malware-as-a-Service (MaaS) means cybercriminals rent out to malware to other criminals, complete with the infrastructure necessary to harvest and abuse stolen information. Usually, it’s up to the buyer to spread the malware, but Fantasy Hub goes a step further—it comes with full documentation, video tutorials, and a subscription model that makes it easy for even inexperienced attackers to use. Its creators provide step-by-step guides to create fake Google Play pages that imitate apps like Telegram or online banking portals, complete with realistic reviews. It’s a Remote Access Trojan (RAT) that anyone can distribute.

Distribution relies heavily on social engineering and phishing. Attackers use Fantasy Hub’s templates and tools to set up convincing fake app pages, tricking users into downloading the malicious software. A “dropper” option even lets buyers upload any Android app APK and get back a modified version with Fantasy Hub added.

These counterfeit apps look legitimate, and often request only a single permission: SMS access. But that permission unlocks much more. The SMS handler role bundles multiple powerful permissions: contacts, camera, and file access into a single authorization step, unlocking extensive control over the device’s messaging, contacts, and camera functions. Fantasy Hub is designed to bypass standard security checks and can remain concealed, making detection difficult for users.

What can it do?

Once installed, Fantasy Hub can steal SMS messages, call logs, contacts, photos, and videos. It can also intercept, reply to, and delete notifications. More dangerously, it can initiate live audio and video streams using the device’s camera and microphone without the user’s consent. It’s been found in imitation banking apps, displaying fake windows to harvest user credentials such as usernames, PINs, and passwords. As part of the handy pack provided by Fantasy Hub’s creators, attackers are given tools to tailor these phishing windows for almost any banking app they wish to target.

While individuals at at risk from this malware, the threat extends to organizations that use Bring Your Own Device (BYOD) policies or rely on mobile banking and work apps. A single infected phone could expose company data or communications.

How to stay protected

Fantasy Hub shows how easily cybercriminals can now buy and run complex spyware. But a few simple habits can help you stay safe:

• Stick to trusted sources. Download apps only from Google Play, Apple’s App Store, or the official provider. Your bank will never ask you to use another source.
• Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware as Android/Trojan.Spy.ACRF949851CC4.
• Scrutinize permissions. Does it really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for SMS or camera access.
• Unsolicited communications. Stay wary of messages, emails, or links urging you to “update” or install outside the official app stores.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts.

Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims’ phones—without ever physically stealing the cards.

NFC is a wireless technology that allows devices such as smartphones, payment cards, and terminals to communicate when they’re very close together. So, instead of stealing your bank card, the attackers capture NFC (Near Field Communication) activity on a mobile phone infected with the NGate malware and forward that transaction data to devices at ATMs. In NGate’s case the stolen data is sent over the network to the attackers’ servers rather than being relayed purely by radio.

NFC comes in a few “flavors.” Some produce a static code—for example, the card that opens my apartment building door. That kind of signal can easily be copied to a device like my “Flipper Zero” so I can use that to open the door. But sophisticated contactless payment cards (like your Visa or Mastercard debit and credit cards) use dynamic codes. Each time you use the NFC, your card’s chip generates a unique, one-time code (often called a cryptogram or token) that cannot be reused and is different every time.

So, that’s what makes the NGate malware more sophisticated. It doesn’t simply grab a signal from your card. The phone must be infected, and the victim must be tricked into performing a tap-to-pay or card-verification action and entering their PIN. When that happens, the app captures all the necessary NFC transaction data exchanged — not just the card number, but the fresh one-time codes and other details generated in that moment.

The malware then instantly sends all that NFC data, including the PIN, to the attacker’s device. Because the codes are freshly generated and valid only for a short time, the attacker uses them immediately to imitate your card at an ATM; the accomplice at the ATM presents the captured data using a card-emulating device such as a phone, smartwatch, or custom hardware.

But, as you can imagine, being ready at an ATM when the data comes in takes planning—and social engineering.

First, attackers need to plant the malware on the victim’s device. Typically, they send phishing emails or SMS messages to potential victims. These often claim there is a security or technical issue with their bank account, trying to induce worry or urgency. Sometimes, they follow up with a phone call, pretending to be from the bank. These messages or calls direct victims to download a fake “banking” app from a non-official source, such as a direct link instead of Google Play.

Once installed, the app app asks for permissions and leads victims through fake “card verification” steps. The goal is to get victims to act quickly and trustingly—while an accomplice waits at an ATM to cash out.

How to stay safe

NGate only works if your phone is infected and you’re tricked into initiating a tap-to-pay action on the fake banking app and entering your PIN. So the best way to stay safe from this malware is keep your phone protected and stay vigilant to social engineering:

• Stick to trusted sources. Download apps only from Google Play, Apple’s App Store, or the official provider. Your bank will never ask you to use another source.
• Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware.
• Do not engage with unsolicited callers. If someone claims to be from your bank, tell them you’ll call them back at the number you have on file.
• Ignore suspicious texts. Do not respond to or act upon unsolicited messages, no matter how harmless or urgent they seem.

Malwarebytes for Android detects these banking Trojans as Android/Trojan.Spy.NGate.C; Android/Trojan.Agent.SIB01022b454eH140; Android/Trojan.Agent.SIB01c84b1237H62; Android/Trojan.Spy.Generic.AUR9552b53bH2756 and Android/Trojan.Banker.AURf26adb59C19.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Researchers at Cyfirma have investigated Android Trojans capable of stealing sensitive data from compromised devices. The malware spreads by pretending to be trusted apps—like a news reader or even digital ID apps—tricking users into downloading it by accident.

In reality, it’s Android-targeting malware that preys on people who use banking and cryptocurrency apps. And a sneaky one. Once installed, it doesn’t announce itself in any way, but quietly works in the background to steal information such as login details and money.​

First, it checks if it’s running on a real phone or in a security test system so it can avoid detection. Then, it asks users for special permissions called “Accessibility Services,” claiming these help improve the app but actually giving the malware control over the device without the owner noticing. It also adds itself as a Device Administrator app.

With these permissions, the Trojan can read what’s on the screen, tap buttons, and fill in forms as if it were the user. It also overlays fake login screens on top of real banking and cryptocurrency apps, so when someone enters their username and password, the malware steals them.

Simply put, the Android overlay feature allows an app to appear on top of another app. Legitimate apps use overlays to show messages or alerts—like Android chat bubbles in Messenger—without leaving the current screen.

The Trojan connects to a remote command center, sending information about the phone, its location, and which banking apps are installed. At this point, attackers can send new instructions to the malware, like downloading updates to hide better or deleting traces of its activity. As soon as it runs, the Trojan also silences notifications and sounds so users don’t notice anything out of the ordinary.

The main risk is financial loss: once cybercriminals have banking credentials or cryptocurrency wallet codes, they can steal money or assets without warning. At this point in time the malware targets banking users in Southeast Asia, but its techniques could spread anywhere.

As we rely more on our phones for payments and important tasks, it’s clear that our mobile devices need the same level of protection that we expect on our laptops.

Malwarebytes for Android detects these banking Trojans as Android/Trojan.Spy.Banker.AUR9b9b491bC44.

How to stay safe

• Stick to trusted sources. Download apps—especially VPNs and streaming services—only from Google Play, Apple’s App Store, or the official provider. Never install something just because a link in a forum or message promises a shortcut.
• Check an app’s permissions. If an app asks for control over your device, your settings, Accessibility Services, or wants to install other apps, stop and ask yourself why. Does it really need those permissions to do what you expect it to do?
• Use layered, up-to-date protection. Install real-time anti-malware protection on your Android that scans for new downloads and suspicious activity. Keep both your security software and your device system updated—patches fix vulnerabilities that attackers can exploit.
• Stay informed. Follow trustworthy cybersecurity news and share important warnings with friends and family.

Indicators of compromise

File name: IdentitasKependudukanDigital.apk

SHA-256: cb25b1664a856f0c3e71a318f3e35eef8b331e047acaf8c53320439c3c23ef7c

File Name: identitaskependudukandigital.apk

SHA256:19456fbe07ae3d5dc4a493bac27921b02fc75eaa02009a27ab1c6f52d0627423

File Name: identitaskependudukandigital.apk

SHA-256: a4126a8863d4ff43f4178119336fa25c0c092d56c46c633dc73e7fc00b4d0a07

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Researchers from Google’s Project Zero discovered a medium-severity remote code execution (RCE) vulnerability that affects multiple platforms, including Android (Samsung and Pixel devices) and Windows. Remote code execution means an attacker could run programs on your device without your permission. The flaw, found in Dolby’s Unified Decoder Component (UDC) that handles audio playback, can be triggered automatically when a device receives an audio message—no tap or user action required.

The flaw affects Android devices that use Dolby audio processing (for example, Google Pixel and Samsung smartphones) and Windows systems running Dolby UDC versions 4.5–4.13. Other vendors that integrate Dolby’s decoding capabilities may also be indirectly impacted, depending on their library updates.

Tracked as CVE-2025-54957, the problem arises from the way the Dolby UDC handles “evolution data.” In the context of Dolby Digital Plus (DD+) audio streams, evolution data refers to a specialized extension block introduced in later versions of Dolby’s codecs to support additional functionality, such as higher channel counts, advanced loudness metadata, and dynamic range adjustments.

The buffer overflow occurs when the decoder parses the evolution data and miscalculates the size of incoming packets. Because this data block can vary in length, depending on the metadata or the embedded audio mode, the faulty length calculation can lead to insufficient buffer allocation. Malformed data can then overwrite adjacent memory and potentially allow remote code execution.

Buffers are areas of memory set aside to hold data. When a buffer overflow happens, it can overwrite neighboring memory areas, which may contain other data or executable code. This overwriting is not a deliberate action by the transaction or program, but an unintended consequence of the vulnerability, which could have been prevented by bounds checking.

While not every overflow carries malicious intent, the behavior of buffer overflows can be exploited. Attackers can use them to disrupt the operation of other programs, causing them to malfunction, expose secrets, or even run malicious code. In fact, buffer overflow vulnerabilities are the most common security vulnerabilities today.

The vulnerability is exploitable by sending a target a specially crafted audio file. An attacker could make a phone or PC run malicious code inside the audio-decoding process, leading to crashes or unauthorized control. It’s similar to getting a song stuck in your head so badly that you can’t think of anything else and end up dancing off a cliff.

The abuse of CVE-2025-54957 is not a purely hypothetical case. In its official October 14 security advisory, Dolby mentions that it is:

“aware of a report found with Google Pixel devices indicating that there is a possible increased risk of vulnerability if this bug is used alongside other known Pixel vulnerabilities. Other Android mobile devices could be at risk of similar vulnerabilities.”

Dolby did not reveal any details, but just looking at the September 2025 Android security updates, there are several patches that could plausibly be chained with this bug to allow a local attacker to gain an elevation of privilege (EoP).

How to stay safe

To prevent falling victim to an attack using this vulnerability, there are a few things you can do.

• Don’t open unsolicited attachments, including sound files.
• Install updates promptly. Dolby has released fixes that device makers must roll into firmware and OS updates—enable automatic updates where possible.
• Use an up-to-date real-time anti-malware solution, preferably with a web component.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.