For the company that rules search, Google complicated the Android app launch of Peacock, a streaming service from Comcast‘s NBCUniversal, Wednesday, when the Google Play Store failed to show the app in search results for much of the app’s launch day.
Android’s Peacock app published overnight in the Google Play Store as planned, and it was available to download if you had a link to find it. But the app wasn’t returned in Play Store searches for terms like “Peacock” or “Peacock TV” until Wednesday afternoon
The Google Play Store snafu complicated a major promotion Peacock struck with Google, allowing anyone who subscribed to Peacock’s paid, premium tier through a Google platform like Android to unlock an extended free trial.
CNET TVs, Streaming and Audio
Get CNET’s comprehensive coverage of home entertainment tech delivered to your inbox.
Spokeswomen for both Peacock and Google confirmed that the Peacock app published to the Google Play Store overnight.
“We do not have control over when platforms release and surface the app to their users, but the app is now live,” Peacock’s spokeswoman said. “We have a large marketing and promotional plan with Google, which you will see across Google platforms starting today.”
The Google spokeswoman later Wednesday confirmed that the Peacock app had started appearing in search results.
In rival Apple’s App Store, the Peacock app for Apple streaming devices like the iPhone was being heavy promotion. Peacock is the top ad when you opened the App Store in the Today tab Wednesday morning, and it’s getting top billing as a world premiere in the App Store’s App tab too.
Competing with the likes of Netflix, Disney Plus and HBO Max, Peacock is the last big new service to roll out in the so-called streaming wars, when a flood of services spilled out from tech and media giants over a roughly seven-month period. More than just jockeying between megacorporations, these battles could not only determine who shapes the future of television but also how many services you’ll have to use — and, often, pay for — to watch your favorite shows. In the case of Peacock, it means even traditional TV networks and cable companies like Comcast are placing big bets that they’ll never be able to turn the tide of cord-cutting.
Peacock launched Wednesday with an always-free tier that lets you sample about two-thirds of its library of shows and movies with advertising, as well as a seven-day free trial for its premium tiers. Peacock Premium, which unlocks the full catalog, is $5 a month or $50 a year with advertising, or you can upgrade to an ad-free version for $10 a month or $100 a year.
Now playing: Watch this:
Watch every Peacock originals trailer coming to streaming
Sketchy Android apps that spy on users and steal data have been a nagging presence inside Google’s Play Store for a while now, despite the search giant’s best efforts to rid its app marketplace of bad actors.
It’s basically led to a giant game of whack-a-mole, with the latest apps to be clobbered by Google and pulled from the app store being a batch of 25 malicious apps discovered by a French cybersecurity firm.
The apps could have stolen users’ Facebook credentials, and they racked up more than 2 million downloads.
Consider this your umpteenth reminder that for as much as Google keeps improving or promising it’s improved the company’s proprietary app marketplace, sketchy app developers will never stop coming and never stop trying to sneak into the Google Play Store — past all the company’s defenses — to put its apps into the mix and awaiting your download. Which we saw yet another example of in recent days, with the revelation that Google has booted another batch of Android apps from the store, this time 25 apps caught in a position to steal users’ Facebook login data.
Evina, a French cybersecurity firm, disclosed this news in recent weeks, with its report that a single threat group developed the batch of apps that were made to look like everything from wallpaper and flashlight apps to mobile games. However, all the apps had the same goal, as Evina explains in its report of the fraud.
The apps included:
One thing to note is that when Google pulled the apps from the Play Store after Evina shared its findings, the search giant also disables the apps on the user’s end — in addition to notifying the user via the Play Store’s Play Protect service.
According to Evina, it informed Google about the apps in late May. Google investigated and took action in June, though some of the apps have been live in the Play Store since at least 2019. Cumulatively, according to the French firm, these apps garnered more than 2 million downloads.
There have been a smattering of instances like this one in recent months, such as the malware-laden group of two dozen apps (including calendar, weather, and camera functionality) that Google had to kick out of the Play Store back in February after they were found to request all sorts of potentially nefarious permissions (but not before racking up about 382 million downloads).
Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.
Welcome to the roundup of the best new Android applications that went live in the Play Store or were spotted by us in the previous week or so. Today I have a new control center app that mimics the look of iOS, a free video messaging app, and a COVID contact tracing app. So without further ado, here are all of the new and notable Android apps released on the Play Store in the last week.
Please wait for this page to load in full in order to see the widgets, which include ratings and pricing info.
Looking for the previous roundup editions? Find them here.
Mi Control Center: Notifications and Quick Actions
If you’ve ever wanted to mimic the iOS Control Center, then Mi Control Center is precisely what you’re looking for. As you can see, this app accurately copies the layout of the iOS Control Center, as well as the swipes you’d expect to use on iOS. This means you can swipe from the top right of your screen to pull up your device settings, and you can swipe from the top left to pull up your notifications. Easy peasy.
JioMeet is a free video-conferencing application that’s being developed in India. Seeing that Zoom has drastically risen in popularity thanks to the coronavirus, it makes sense that competitors would be trying to undercut the king. In comes JioMeet, a completely free video conferencing app, and since its UI is designed similarly to Zoom, moving from Zoom to JioMeet should make for a smooth transition.
SwissCovid is one of the first large-scale apps to take advantage of Google’s contact tracing, and it was recently released to the public of Switzerland, if you happen to live there and would like to try it out. While it’s easy to understand why such an app requires location tracking despite making no use of GPS, it would appear some users are upset with the app’s permissions, since Google Services requires users to provide access to their location data to use this app.
Monetization: free / no ads / no IAPs
CloudMare: Cloudflare Manager
Just as you would expect, CloudMare is a Cloudflare management app, and it’s a free release that forgoes advertisements and in-app purchases, which is nice to see. Through this app you’ll be able to search and manage DNS records, view analytics, toggle page rules, manage SSL settings, manage caching controls, manage network settings, choose from a dark or light theme, and you can expect support for API tokens and email with an API key.
Monetization: free / no ads / no IAPs
Microsoft MyHub is a Microsoft employee app, and so us regular folks won’t be able to use it. Luckily, hundreds of thousands of people work for the company, so I’m sure there’s more than a few of you out there that may want to check this app out. So if you’d like to explore a one-stop-shop for all of your Microsoft employee benefits, perks, and events, Microsoft MyHub is the app you’re looking for.
Monetization: free / no ads / no IAPs
NotificationHistory – Recent Message Saver
NotificationHistory is just that, an app that saves all of your notifications in one place, with the added benefit of being able to read your notifications through this app so that you can leave people on read inside of Whatsapp or similar messaging apps. So if you’re the sort that loves to keep people guessing as to whether you’ve read your messages, then NotificationHistory can assuredly help you maintain the cloak of your mysterious yet infuriating behavior.
Monetization: free / contains ads / no IAPs
AniWeather is a new weather app that offers a pleasant UI. Clearly, this app’s dev is going for the more artful approach, and I can appreciate that. I mean, who wants to look at an ugly weather app? More or less, you can expect the typical features found in the majority of weather apps, such as hourly forecasts, real-feal temps, as well as location-based forecasts. So while this is a newer release that’s still a work in progress, it already looks nice, though that orange background with white text has got to go.
Monetization: free / no ads / IAPs $1.99 apiece
FilmBox is billed as a negative film scanner, so if you have piles of slides or reels of negatives, FilmBox is here to help. Having recently priced a few different physical slide scanners myself, it’s nice to see that apps are filling the void for those that don’t want to plunk down such a big chunk of change. So if you’d like to preserve all of your old photos without breaking the bank, FilmBox is a competent choice.
Monetization: free / no ads / IAPs from $0.99 – $19.99
Wondery – Premium Podcast App, Immersive Stories
Wondery is labeled as a premium podcast app, and much of its content is centered around immersive story-based podcasts. This inclusion of high-quality content means the app requires a subscription ($4.99 /month), though you can check it out for free during a trial period, to see if it’s worth it. While I’m not so sure subscription-based podcast apps will find a lot of success, this subscription trend does not appear to be slowing anytime soon.
Monetization: free / no ads / IAPs from $4.99 – $34.99
Locals.com is a social media app that ideally provides direct access to creators and their communities, which sounds more like an advertising app, really. But hey, who cares about the blurred lines between self-promotion and social content when there’s a newfangled social media app to explore. I suppose what’s unique about this release is that it’s supposed to be free of censorship, thanks to its subscription model, though I find this claim hard to believe in the lens of our current times.
Monetization: free / no ads / IAPs from $7.99 – $42.99
Security is a Xiaomi release, and much like every other manufacturer’s security app, you can secure your device with ease. Things like an app lock, the amount of your data usage, and security scans are all present within this release. More or less, Security should be a pre-installed app for most Xiaomi users, and really, the company only uploaded the listing to the Play Store so that it can easily update the app without having to worry about carriers.
Monetization: free / contains ads / no IAPs
OnStar Guardian is a smartphone app for your entire family if you’re an OnStar subscriber. No longer will you have to rely on the built-in options in your car, and so OnStar will be accessible to any subscriber with an Android device. So if you’d like to receive Mobile Crash Responses, Roadside Assistance, and support for emergency services through OnStar, you can now do so through the OnStar Guardian app.
Monetization: free / no ads / no IAPs
Know A Worthy New App? Let Us Know!
If you have an application in mind for the next issue of the roundup, feel free to send us an email and let us know.
Important: there are 2 requirements in order for the app to be considered, listed below.
the app’s launch date has to be no longer than 2 weeks ago
it has to be original, ground-breaking, well-reviewed, interesting, fun, etc – the cream of the crop
Now, if and only if the above requirements have been satisfied, fire up an email to this address: [email protected].
1 sponsored placement per week is available (your app would be featured at the top and marked as sponsored) – please contact us for details.
If you’re interested in running free and open-source Android applications, then you’ve probably heard of F-Droid. While its limited catalog of apps makes it far from an actual alternative to the Google Play Store, F-Droid is the only app source out there that contains nothing but open-source Android apps. Every single app published on F-Droid’s official repository has to be completely open-source, meaning they can’t include any closed-source components. With Google’s recent requirement for developers to shift to Play Billing Library v3, developers with open-source projects on F-Droid are facing a problem. Per XDA Recognized Developer M66B, the developer of NetGuard and FairEmail, developers who publish apps on both Google Play and F-Droid will need to start building a separate version of their app without the Play Billing Library.
Google Play Billing Library version lifecycle. Source: Google.
So why is this happening? As it turns out, Google stopped uploading the source code for its Play Billing Library after version 2.0.3. There have been 4 versions since 2.0.3 that are, thus, closed-source. This has not been a problem until now since apps could use the older Play Billing Library v2 just fine, but since Google will soon require developers who publish apps on Google Play to move to v3 (still closed-source), that’s where we start to run into problems.
There is no free software method for Play Store purchases: Developers need to use Google’s libraries in order to allow users to make purchases through Google Play. Developers shouldn’t have too much of an issue building a version of their app with the Play Billing Library for Google Play and a version of their app without the Play Billing Library for F-Droid since Gradle allows product flavors with different source code sets, though. However, this change will be a bit inconvenient for users downloading apps from F-Droid as they won’t be able to use Google Play for purchases. If you don’t have the Google Play Store, then this may not be much of a problem for you since you likely don’t use Google Play billing anyway. If you use F-Droid as merely an alternative app provider, then the apps that will be affected by this change are probably also available on the Google Play Store.
Images from leaked developer documentation have just given us our best look yet at Android 11’s new power button menu. The menu can include a series of new smart home shortcuts called “Quick Controls,” which can control everything from smart lights to locks and thermostats, alongside payment options and the standard “Power off” and “Restart” buttons. The images were tweeted out by Mishaal Rahman from XDA-Developers, who credits Twitter user @deletescape as the source of the leaked documents containing the images.
We’ve known about these shortcuts since at least March when XDA-Developers reported on their existence, but these latest screenshots give us a better idea of how the overall menu will look. The existing “Power off,” “Restart,” “Screenshot,” and “Emergency” buttons have been relocated to the top of the screen above a shortcut to Google Pay, similar to the one that was added to the Google Pixel back in March.
Another image shows that live camera feeds can be shown here, though I bet it will only refresh very very slowly (or on demand whenever the Controls populates.)
The bulk of the screen, however, is taken up with these smart home controls. Android Police reports that tapping each of them will reportedly toggle the corresponding smart home gadget on or off, and long presses will either give you more options or take you directly to the relevant smart home app. As Rahman notes, one of the images shows that a smart home camera feed could even be embedded directly into this menu.
Google was due to officially unveil Android 11 on June 3rd, but it decided to delay the announcement over the weekend. It’s currently unclear when the event will be rescheduled.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
NBCUniversal’s Peacock launches today: Here’s what you need to know
Acquired by Google in 2014, Firebase is a mobile platform that helps users to develop apps quickly and securely. Think of it as the app production platform of choice for vast numbers of developers, taking advantage of the cloud-hosted real-time database that enables easy storage and syncing of data between users. It makes cross-platform collaboration a breeze, brings serverless app development to the masses, and is strong on user-based security.
If that is, developers configure everything securely in the first place. New research from Comparitech suggests that common misconfigurations of Google Firebase databases are exposing sensitive information, including passwords, telephone numbers, and chat messages, to anyone who wants to look. Here’s what you need to know.
The Android app configuration error problem, by the numbers
A Comparitech security research team led by Bob Diachenko analyzed a sample of 515,735 Android apps from the Google Play store. Of these, 155,066 were using Firebase. I spoke to Diachenko, who confirmed that from the sample that was using Firebase, some 11,730 of those apps were exposing that Firebase database publicly.
Drilling down even further, 9,014 included the necessary write permissions to enable a potential attacker to modify data, including adding or deleting it, as well as merely viewing or downloading it. And talking of which, the Comparitech analysis revealed that 4,282 of the apps were leaking sensitive information.
According to the report, that exposed data included more than 7 million email addresses, and almost the same number of chat messages. Then there’s the 4.4 million usernames and 1 million passwords to consider, along with 5 million telephone numbers.
All of which are concerning enough as these are big numbers, but they must be put into some perspective. It has been estimated that more than 1.5 million apps were using the Firebase platform, across Android and iOS, in March 2020. Even if you extrapolate from the analysis numbers, as Comparitech has done to reach a total of 24,000 Android apps potentially leaking sensitive data by way of such configuration errors, that’s only 1.6% of all apps using Firebase and 0.94% of all apps available to download from Google Play itself.
The Comparitech researchers were able to discover the apps which had publicly exposed databases by first searching app resources for text strings indicative of Firebase usage. From there, appending a request to the database URL with .json enabled public databases to be accessed via the Firebase REST API for stored data. An access denied response is what the researchers wanted to get as this would indicate non-public exposure, but as the report shows, they ended up with the full database content returned way too often. The researchers then looked for sensitive information that was manually checked for false positives.
“All the accessed data was destroyed,” the researchers said, ensuring that the research was “fully compliant with white hat standards and procedures.” To reveal any write access to the databases, a PUT request was used to create a new node and then delete it.
Mitigating the configuration error risk
As with all leaky database issues that can be traced back to a configuration error, the mitigation advice sounds pretty simple: get the database configuration right the first time. Unfortunately, things are rarely as simple as they first appear.
So, sure, the mitigation advice offered up the researchers in this case of implementing the proper database rules and preventing unauthorized access from accessing sensitive data is correct. Recommending that app developers follow the “Security & Rules” guidelines as set out in Google’s Firebase documentation should be a no-brainer, but it’s not.
This has been demonstrated time and time again, with online databases of all sorts being misconfigured and leading to reports of data being leaked publicly. Indeed, earlier this year, it was reported that an astonishing 82% of security “vulnerabilities” were due to misconfiguration errors of one sort or another.
OK then, this is not a Google Firebase problem, it’s a developer problem, right?
Quite apart from the fact that playing the blame game here isn’t particularly helpful, it’s not as black and white as that either. “Anyone that does not think IT and software development isn’t an iterative process just doesn’t understand how it all works,” Ian Thornton-Trump, CISO at Cyjax says, “it’s not about the mistake it’s about how you recover from the mistake and do better.”
Security expert John Opdenakker agrees and says that what is helpful is “a secure software development lifecycle, as it embeds security in the process, and as such the much needed time for security can be planned.”
If we are to blame anyone, or rather anything, then time has to be front and center. Application security trainer and co-leader of the Open Web Application Security Project (OWASP) Scotland chapter, Sean Wright, is sure of that. “One thing I’ve seen so many times is that many developers are under constant pressure to deliver,” Wright explains, “This ultimately means they will take the shortest path to deliver.”
This means it’s not that uncommon for app developers to refer to existing examples of a technology implementation rather than the original documentation itself. “This is not an issue if the example is a correct and secure one,” Wright says, “but in many cases, this isn’t the case. Developers need to understand what it is they are doing, but given the time pressures that they are under, this is often not achievable.”
What does Google say about the Firebase misconfiguration data risk?
The Comparitech researchers made Google aware of the report findings on April 22 and received the following statement in response:
“Firebase provides a number of features that help our developers configure their deployments securely. We provide notifications to developers about potential misconfigurations in their deployments and offer recommendations for correcting them. We are reaching out to affected developers to help them address these issues.”
I have also reached out to Google, and if any further comment is forthcoming, I will update this article accordingly.
It seems that the new Chromecast Ultra may come with new branding and software. According to multiple sources close to the project, Google may launch a new streaming device that may look like the Chromecast, but it would use Android TV software instead.
It seems that Google is planning several branding changes. According to 9to5Google, Android TV would soon change its name to Google TV, and its software would come inside the next Chromecast. The new Chromecast Ultra is believed to come with a remote control. This would allow users to interact with an on-screen interface instead of having to use their phones or tablets to stream content.
This new device is also supposed to be capable of streaming games through Stadia. However, Google may also extend its Nest brand to the new device, in hopes to compete with Amazon and Roku in the streaming hardware space.
Welcome to the 316th edition of Android Apps Weekly. Here are the big headlines from the last week:
Android handles background apps rather well these days. Adaptive battery basically shuts down any app you don’t use. Android 11 is adding to the management with another neat feature. It not only shuts down apps you don’t use, but also revokes permissions for the app. It’s a manual setting at this time in the App Permissions section of any app, but it may become automatic eventually.
Google and Apple launched an exposure notification API to a select number of developers this week. Most of them include health organizations, professionals, and companies. The API lets developers create apps that keep track of who you come into contact with and if that person becomes ill, they can opt to allow the app to notify anyone they came into contact with. It’s a bit complicated, but it’s a nifty idea during this COVID-19 pandemic. Hit the link to learn more.
Google is joining the virtual meeting space with its Google Meet platform. The app will soon be free for use by anybody even if they don’t have a G Suite account. It should roll out to everybody in the next few weeks. This is obviously in response to Zoom and its nearly weekly meltdown when it comes to security. However, the free tier isn’t without restriction. After September, the service is limited to 60 minute meetings in the free version along with some other restrictions. We’ll see if it pulls anybody away from Zoom.
Google Stadia had a rough launch, but it’s trucking right along. The service announced some more games coming out this year, including PUBG, Star Wars Jedi: Fallen Order, Madden NFL, and FIFA. These are all excellent additions, especially Madden, FIFA, and PUBG as they account for a very large number of players on other platforms. It may be the boost Stadia needs to get off the ground.
Plex made a surprisingly good move this last week. It partnered with Crackle to bring free, ad-supported movies to its service. It gives people instant access to a whole ton of movies and TV shows as long as they don’t mind some adverts to pay for it. The service doesn’t have the biggest titles, but it has more than enough good movies to keep you busy for a while. Plex users can take advantage whenever they’re ready to do so.
Mass For the Dead
Price: Free to play
Mass For The Dead is a mobile game from Crunchyroll. It takes place in the same world as the Overlord anime. It has the same premise as well. You, the player, are trapped in a defunct MMORPG and must make the best of things. The main characters from the show all make appearances as either side characters or main characters while you go off on your own adventure. In terms of mechanics, it’s a fairly basic mobile RPG. You assemble a party, do battle with the bad guys, and advance the story with a smattering of extra events and other things to do. The game also includes auto attacking and a fast forward mode for easier grinding. It’s surprisingly decent for an anime spin-off game.
Google Pixel Buds
Google launched the official app to accompany its new Pixel Buds product. The app is fairly basic. You can see the battery charge in the left and right buds independently along with the charge case. You can also use it to turn Adaptive Sound on and off, view tutorials on gestures and use, control Google Assistant, and, the most valuable feature, the ability to ring your Pixel Buds if you lose them. The app is free to download and use. However, Google’s execution of this one has left more than one person confused and angry about it, hence the low Google Play rating.
Levelhead is a new platformer from the same developers of Crashlands. This is one entertaining little platform game. You build levels, share it with others, and play levels other people made. It’s almost like an indie version of Mario Maker. There is a campaign mode of sorts with 90 levels by the developers as well as a surprisingly good level creation process. You can even build a working calculator. The game is smooth and the mechanics are simple. It’s also free if you use Google Play Pass, which makes it one of the best games on Google Play Pass. As usual, Butterscotch Shenanigans has a hilarious trailer for the game, visible below. This is one of the best releases of 2020 so far.
TVUsage is a digital wellbeing app for Android TV owners. The app is fairly simple to use. It installs and then keeps track of your usage over three day increments. You can view your usage, set usage limits, and it even acts as a launcher of sorts. Additionally, it comes with an applock function in case you don’t want the kids to use a particular Android TV app. The app works perfectly on an Nvidia Shield TV device, but may have problems on Mi devices and Sony TVs. It’s free at least, though, so it doesn’t hurt to try it out.
Legends of Runeterra
Price: Free to play
Legend of Runeterra is a new card dueling game from Riot Games, developers of League of Legends and Teamfight Tactics. It plays a lot like other card dueling games like Hearthstone, Magic: The Gathering, and others. You assemble a deck, duel with other players, and try to be the last player standing. It includes a mix of classic card duel mechanics. For instance, you build decks around champions and that’s fairly normal. However, the champion levels up when certain conditions are met and cards can attack the same turn they are put into play, which is not normal. It’s an interesting entrant into the genre and you can learn a lot more in our guide here.
More posts about Android apps and games!
If we missed any big Android apps or games news, updates, or releases, let us know in the comments or