Archives

Software

Google launches the final beta of Android 11

With the launch of Android 11 getting closer, Google today launched the third and final beta of its mobile operating system ahead of its general availability. Google had previously delayed the beta program by about a month because of the coronavirus pandemic.

Image Credits: Google

Since Android 11 had already reached platform stability with Beta 2, most of the changes here are fixes and optimizations. As a Google spokesperson noted, “this beta is focused on helping developers put the finishing touches on their apps as they prepare for Android 11, including the official API 30 SDK and build tools for Android Studio.”

The one exception is some updates to the Exposure Notification System contact tracing API, which users can now use without turning on device location settings. Exposure Notification is an exception here, as all other Android apps need to have location settings on (and user permission to access it) to perform the kind of Bluetooth scanning Google is using for this API.

Otherwise, though, there are no surprises here, given that this has already been a pretty lengthy preview cycle. Mostly, Google really wants developers to make sure their apps are ready for the new version, which includes quite a few changes.

If you are brave enough, you can get the latest beta over the air as part of the Android Beta program. It’s available for Pixel 2, 3, 3a, 4 and (soon) 4a users.

Twitter says Android security bug gave access to direct messages

Twitter says a security bug may have exposed the direct messages of Android app users, but said that there was no evidence that the vulnerability was ever exploited.

The bug could have allowed a malicious Android app running on the same device to siphon off a user’s direct messages stored in the Twitter app by bypassing Android’s in-built data permissions.

Twitter said, however, that the bug only worked on Android 8 (Oreo) and Android 9 (Pie), and has since been fixed.

A Twitter spokesperson told TechCrunch that the bug was reported by a security researcher through Twitter’s bug bounty platform, HackerOne, a “few weeks ago” and was investigated and fixed.

“Since then, we have been working to keep accounts secure,” said the spokesperson. “Now that the issue has been fixed, we’re letting people know.” Twitter said it waited to let its users know in order to prevent someone from learning about the issue and taking advantage of it before it was fixed — a common approach to reporting security flaws.

The notice sent to affected Twitter users. (Image: TechCrunch)

Twitter said about 4% of users are still running a vulnerable version of Twitter for Android, and will be notified to update the app as soon as possible. Many users began noticing in-app pop-ups notifying them of the issue.

News of the security issue comes just weeks after the company was hit by a hacker, who gained access to an internal “admin” tool, which along with two other accomplices hijacked high-profile Twitter accounts to spread a cryptocurrency scam that promised to “double your money.” The hack and subsequent scam netted over $100,000 in scammed funds.

The Justice Department charged three people — including one minor — allegedly responsible for the incident.

Microsoft launches Open Service Mesh

Microsoft today announced the launch of a new open-source service mesh based on the Envoy proxy. The Open Service Mesh is meant to be a reference implementation of the Service Mesh Interface (SMI) spec, a standard interface for service meshes on Kubernetes that has the backing of most of the players in this ecosystem.

The company plans to donate Open Service Mesh to the Cloud Native Computing Foundation (CNCF) to ensure that it is community-led and has open governance.

“SMI is really resonating with folks and so we really thought that there was room in the ecosystem for a reference implementation of SMI where the mesh technology was first and foremost implementing those SMI APIs and making it the best possible SMI experience for customers,” Microsoft partner program manager (and CNCF board member) Gabe Monroy told me.

Image Credits: Microsoft

He also added that, because SMI provides the lowest common denominator API design, Open Service Mesh gives users the ability to “bail out” to raw Envoy if they need some more advanced features. This “no cliffs” design, Monroy noted, is core to the philosophy behind Open Service Mesh.

As for its feature set, SMI handles all of the standard service mesh features you’d expect, including securing communications between services using mTLS, managing access control policies, service monitoring and more.

Image Credits: Microsoft

There are plenty of other service mesh technologies in the market today, though. So why would Microsoft launch this?

“What our customers have been telling us is that solutions that are out there today, Istio being a good example, are extremely complex,” he said. “It’s not just me saying this. We see the data in the AKS support queue of customers who are trying to use this stuff — and they’re struggling right here. This is just hard technology to use, hard technology to build at scale. And so the solutions that were out there all had something that wasn’t quite right and we really felt like something lighter weight and something with more of an SMI focus was what was going to hit the sweet spot for the customers that are dabbling in this technology today.”

Monroy also noted that Open Service Mesh can sit alongside other solutions like Linkerd, for example.

A lot of pundits expected Google to also donate its Istio service mesh to the CNCF. That move didn’t materialize. “It’s funny. A lot of people are very focused on the governance aspect of this,” he said. “I think when people over-focus on that, you lose sight of how are customers doing with this technology. And the truth is that customers are not having a great time with Istio in the wild today. I think even folks who are deep in that community will acknowledge that and that’s really the reason why we’re not interested in contributing to that ecosystem at the moment.”