The technical write-up for CVE-2023-45779 has been published by Tom Hebb of Meta's Red Team X, revealing that several Android OEMs such as ASUS, Fairphone, Lenovo, Microsoft, Nokia, Nothing, and Vivo, were signing some of their APEX modules with the test keys publicly available in AOSP.

This would have allowed a user or attacker (with shell privileges) to forge an APEX update to "gain near-total control over [the device]."

This issue was fixed by most affected OEMs with the December 2023 security patch, though, and it's quite hard to exploit by actual attackers - still, the issue reveals deficiencies in the Compatibility Test Suite (CTS) and AOSP documentation that are being resolved in response.

Google says they've added a test to their Build Test Suite (BTS) to warn of vulnerable APEXes and that changes to CTS are coming (but the latter won't be public until Android 15's release).

2024 may be the year of Bluetooth LE Audio as we see many new products release with support for it.

To prepare for this, Google's working on an audio sharing page in Android 15 that makes it easier to start or connect to Auracast streams!

Google is making it easier to transition your online accounts to passkeys. Google Password Manager on Pixel devices (Pixel 5a and later, including Pixel Tablet) is rolling out a passkey upgrade experience that helps you discover which of your accounts support passkeys and then helps you upgrade with "just a few taps."

This is available now on the aforementioned Pixel devices but will be coming to "other platforms" in the future. Currently this works with Adobe, Best Buy, DocuSign, eBay, Kayak, Money Forward, Nintendo, PayPal, Uber, and Yahoo! Japan but will be coming soon to TikTok as well.

Samsung is rolling out an update to its Quick Share app on Galaxy devices that adds support for Google's Nearby protocol, which will allow for other Android devices with Nearby Share (soon to itself be renamed Quick Share) to appear in Samsung's Quick Share service.

This updated version of Quick Share is already preloaded on the Galaxy S24 series, but it's now rolling out to older Galaxy devices. However, users who have received the update report that sharing with Nearby Share-enabled devices doesn't actually work yet despite what the changelog says. Also, Google's Nearby Share still appears as an option in the share sheet, but this should be disabled like on the Galaxy S24 series once Samsung's Quick Share update widely rolls out and the new functionality goes live.

The update also increases the upload limit per file when creating QR codes and using share to contacts (from 3GB --> 5GB).

Image credits: @gepetto888

This is the best evidence yet that Amazon is shifting Fire TV away from AOSP: An Amazon job posting for a SDE asks the candidate to "implement and deliver features on the Fire TV client codebase as it transitions from FOS/Android to native/Rust and React Native."

Great find by Elias Saba over on AFTVnews. Last year, Janko Roettgers reported on his newsletter called Lowpass that Amazon is ditching AOSP for an in-house operating system code-named Vega.

Developers can now show users a full-screen prompt to get them to update their app, in case they're running an outdated or broken version.

This feature is available if you're enrolled in Play App Signing and distributing your app as an Android App Bundle. Prompts can be narrowed down to users on a selected app version, by country/region, or by Android version. If the full-screen prompt is dismissed, it will be shown again on the next cold start of the app.

This feature is available through the Google Play Console by going to the Releases overview or App Bundle Explorer page and clicking Recovery tools > Prompt users to update.

More details on Google's blog post.

Circle to Search is now rolling out to the Pixel 8 and Pixel 8 Pro!

You won't get a notice that it's there, so just check by performing the gesture. Lots of Pixel 8 users on Reddit are reporting that it's working for them now.

The PC apps for Samsung's Quick Share and Google's Nearby Share are reportedly going to be "integrated" by Q3 of 2024, according to a Samsung Quick Share platform manager.

Also:

* Samsung says their rollout of the latest version of Quick Share to Galaxy devices will be completed by tomorrow. You'll need these 4 APKs:

Quick Share: v13.6.11.7
Quick Share Connection: v1.5.2.30
Quick Share Agent: v3.5.19.23 (T OS), v3.5.14.38 (Q/R/S OS)
Wi-Fi Direct: v3.4.14.35 (Q/R OS)

* Google's rollout of Quick Share on other Android devices is scheduled for between 2/2 - 2/16, though as I first reported last night, this rollout has already begun. Once this rollout is complete, the Nearby Share button will disappear on Samsung devices.

Google's Quick Share rebrand also brings with it a new feature: the ability to select targets directly from the share sheet!

Full details in this article on Android Police.

If you have a Pixel phone and have been unable to access your files after updating to the January 2024 Google Play System Update, Google has shared a fix.

1) Download and set up ADB on your PC (there are many tutorials online for this).

2) Connect your phone to your PC and run the following ADB commands:

adb uninstall com.google.android.media.swcodec

adb uninstall com.google.android.media

3) Reboot your phone.

Google says that this issue is more prevalent in devices with multiple user accounts and/or work profiles and that they working on a fix for the root cause of this issue. Google's temporary solution today involves uninstalling updates to the Media and Medic Codecs Mainline modules.

Last week, I learned from a source that Google halted the January 2024 GPSU because they discovered that the DCLA Mainline module was inadvertently rolling back to the factory installed version for some users, causing mismatched dependency issues with other DCLA-enabled modules. It looks like both Media and Medic Codecs are DCLA-enabled modules, and this mismatch caused them to misbehave and resulted in the storage access-related issues that some users have been facing.

For a more detailed step-by-step guide, see Google's post on the Pixel community forums.

I've been using Android's Circle to Search on the Galaxy S24 for over two weeks now, but I JUST learned that you can move the search bar and zoom in!

How did we all miss this? Video available in this Android Police article.

The OnePlus 12 joins Google's Pixel lineup and Samsung's Galaxy S24 series in supporting Android 14's Ultra HDR format! This means HDR photos you capture from the OnePlus 12 can be shown properly on both SDR and HDR displays.

Full details on what this means are available over on Android Police.

Wish more Android apps would go edge-to-edge, ie. take up 100% of your screen? Google has heard you, because they're working on adding a config in Android 15 that forces apps to go edge-to-edge by default!

Full details in this Android Authority article.