Year: 2019

Uber has fixed a bug that allowed access to the secret developer tokens of any app that integrated with the ridesharing service, according to the security researchers who discovered the flaw.

In a blog post, Anand Prakash and Manisha Sangwan explained that a vulnerable developer endpoint on Uber’s back-end systems — since locked down — was mistakenly spitting back client secrets and server tokens for apps authorized by the Uber account owner.

Client secrets and server tokens are considered highly sensitive bits of information for developers, as they allow apps to communicate with Uber’s servers. For its part, Uber warns developers to “never share” the keys with anyone.

Prakash, founder of Bangalore-based AppSecure, told TechCrunch that the bug was “very easy” to exploit, and could have allowed an attacker to obtain trip receipts and invoices. But he didn’t test how far the access could have gone as he immediately reported the bug to Uber.

Uber took a month to fix the bug, according to the disclosure timeline, and was considered serious enough to email developers last week warning of the possible exposure.

“At this time, we have no indication that the issue was exploited, but suggest reviewing your application’s practices out of an abundance of caution,” Uber’s email to developers said. “We have mitigated the issue by restricting the information returned to the name and id of the authorized applications.”

Uber did not respond to a request for comment. If that changes, we’ll update.

Prakash was paid $5,000 in Uber’s bug bounty for reporting the bug, and currently ranks in the top five submitters on Uber’s bug bounty.

The security researcher is no stranger to Uber’s bug bounty. Two years ago, he found and successfully exploited a bug that allowed him to receive free trips in both the U.S. and his native India.

Hole punches aside, Wireless Powershare is the S10 line’s marquee feature. Samsung’s new flagship isn’t the first handset with the feature — the Huawei Mate 20 Pro beat it to it by a few months — but it’s a cool new addition, none the less.

And perhaps more importantly, Samsung’s beat Apple to the punch here. From the looks of it, Cupertino has been having all manner of difficulty bringing wireless tech to market — just look at the MIA AirPower charger.

The feature relies on the S10’s large battery to charge of other device. So, say, when you’re out on the town and a friend is teetering on the brink of phone death, you just swipe down into the settings, enable Wireless Power Share, and you can save the day by placing the handsets back to back.

The new feature should be compatible with all phones that charge via the Qi standard. They also work with Samsung’s new Galaxy Buds, which beat the AirPods to the punch with a wireless charging case.

Of course, one of the phone needs to be face down for this to work, and wireless charging is slower than plugged in, but a cool feature nonetheless. It’s one one that should come in handy for frequent travels. That’s one fewer device you have to plug in to charge overnight.

You’ve got to hand it to Samsung. The company sure threw a LOT at us during today’s Unpacked event — five phones (including the foldable), earbuds, a fitness track and the Galaxy Watch Active, the company’s latest smartwatch.

The biggest news on the watch front finds the company embracing user health, much like the rest of the industry. The device features blood pressure tracking. The company hasn’t released a lot of details about how that will work, only noted that the feature was designed in conjunction with UCSF researcher. It will be downloadable for users starting March 15.

There’s also improved stress tracking, which promises to ” keep your stress levels in check,” using breathing exercises and guided course. Fitness tracking now automatically detects workouts as well, including runs, bike rides, rowing and the elliptical. 

The design language looks minimal, a nice direction the company has taken on recent generations, featuring a simple, round case. Naturally, it can also charge wirelessly on the rear of the new S10.

The watch sports a 1.1 inch display covered in Gorilla Glass 3. It runs Tizen (like the rest of Samsung’s watches) and sports 4GB of RAM a 239mAh battery.

The watch launches March 8, priced at $200. Samsung will also kick in a free charging pad for those who pre-order the wearable starting tomorrow. It comes in silver, black, rose gold and green.

Reports of the headphone jack’s death are greatly exaggerated. Or more accurately, premature. All of the latest versions of Samsung’s Galaxy phones are equipped with a 3.5mm port, bucking the trend set by Apple and followed by Google. While the headphone jack might eventually die, right now, in 2019, it’s alive and could be a major selling point for the four versions of the Samsung Galaxy S10.

Apple ditched the 3.5mm jack back in 2016 with the introduction of the iPhone 7 and some of us still haven’t gotten over it. The port has been around for generations. The 3.5mm audio jack is universal and handy, allowing someone to grab a set of headphones, any headphones costing between $10 and $1,000, and connect it to their phone. But alas, Apple removed the port from the iPhone and several manufacturers including Google followed. But not Samsung.

While the rest of the industry turned its back on the 3.5mm jack, Samsung kept including it on its latest smartphones and started using it as an advertised feature. What was once standard to every phone, became a selling point for Samsung. This isn’t the first time Samsung bucked trends and kept around legacy features to entice buyers.

Smartphones used to have expandable memory, but as flash storage size increases, manufacturers stopped including MicroSD card slots on its phones. Not Samsung. Expandable memory remains an option in the S10 announced today.

There’s a reason Samsung is the top smartphone maker in the world: It listens to its customers and clearly its customers want the versatility of a 3.5mm headphone jack. I do.

Alas, the 3.5mm jack will not live forever. Eventually the industry will move past the analog connection once there’s a better solution. But that’s not right now. Today, in 2019, the headphone jack has a friend in Samsung.

Facebook is updating its privacy settings on Android to make it easier for users to control what location data is sent to and stored by the company.

In its announcement, Facebook acknowledged that Android users have expressed concern over the app’s ability to continuously log location data in the background. Due to Android’s all-or-nothing system of location permissions relative to iOS, the Facebook app has historically had the green light for collecting location data whether a user is actively in the app or not.

While the company stopped short of admitting the practice, Facebook for Android users who previously had location services enabled can probably assume that Facebook was extensively tracking their location even when they weren’t actively using the app. Facebook describes the choice to toggle location history on as “[allowing] Facebook to build a history of precise locations received through Location Services on your devices.”

Android users who previously allowed Facebook access to their location data will retain those settings, though they’ll receive an alert about the new location controls. For users who kept the location settings for Facebook disabled, those permissions will remain toggled off. While these changes apply only to Android users, Facebook also noted that it would send out an alert to iOS users to remind them to reevaluate their location history settings.

If your location history isn’t something you’ve thought much about before, it’s worth spending a minute to consider how comfortable you are with that depth of personal data being transmitted continuously to a company with Facebook’s privacy track record. Remember: Once that information is out of your hands, you have little to no control over what happens with it.

After weeks of leaks, Samsung still managed to save some surprises for today’s event. One of the most interesting among them is a partnership with Instagram that brings Stories directly to the camera app.

It’s an interesting partnership and mutually beneficial for both parties. For some, it could signal a kind of return to pre-loaded bloatware, but at least in the case of Instagram, the app is virtually ubiquitous for most users at this point anyway.

The mode got a brief demo on stage today — it’s pretty much what you’d expect out of the thing, bringing filters directly to the camera software and letting you upload straight to service without leaving Samsung’s default camera software.

Smartphone makers have had increasing difficult distinguishing their camera offerings in recent years. The last several generations of products like the Galaxy line, iPhone and Pixel have increasingly relied on AI/ML/software updates to set themselves apart, so these kinds of partnerships could certainly play a role in that going forward.

Samsung just announced not one, not two, but four new additions to its flagship Galaxy line: the S10e, S10, S10+, and S10 5G. Want a quick at-a-glance breakdown of how they all compare? We’ve got you covered.

Brian’s got a deeper look at the different S10 models here — but if you’d rather see the key specs side-by-side, here’s a handy chart:

Most of it is self explanatory, barring perhaps “PowerShare” — a new feature Samsung added across the S10 lineup. Whereas wireless charging lets you charge any of the phones on a compatible charging pad, PowerShare lets you use the phone as a wireless charging pad for other devices — be it another phone or, say, Samsung’s just announced Galaxy Bud headphones.

You can find all of our coverage from Samsung’s Unpacked event here.

Somewhat similar to Uber’s Express Pool option, Lyft just launched Shared Saver to help people spend less money for shared rides. But what makes Lyft’s option more attractive is that riders will never experience surge pricing.

“You’ll lock in the lowest prices, always — even when it’s busy,” Lyft wrote in a blog post today.

Shared Saver rides require customers to walk to a designated pickup location, which will be a maximum of a few blocks away, to meet your driver and co-riders. Same goes for your dropoff location.

Lyft’s long-term plan entails encouraging more people to take shared rides. Last June, Lyft updated its app to make shared rides much more visible. As of June 2018, 35 percent of Lyft rides were shared. Lyft’s goal is to hit 50 percent shared rides by 2020, Lyft VP of Government Relations Joseph Okpaku told TechCrunch at the time.

After a seemingly endless stream of leaks over the past few weeks, there was essentially zero doubt that Samsung was announcing — amongst a bunch of other things — a new pair of wireless earbuds called the “Galaxy Buds” today.

Here they are.

Samsung says the Galaxy Buds should be able to pull around 5 hours of talk time, or 6 hours of music listening time. As with most of the other headliner devices Samsung has launched in recent years, sound tuning is handled by AKG (the acoustics brand Samsung bought alongside Harman in 2017.)

The feature they’ll probably market the hardest, though, is the companion charging case. It plays friendly with the new PowerShare feature built into the just-announced Galaxy S10 line, allowing you to charge the case wirelessly by sitting it on the rear side of the phone. It looks like this:

Samsung says that case should hold around 7 additional hours of charge time, and can give the Buds about 1.5 hours worth of juice in roughly 15 minutes.

Samsung says the Galaxy Buds should cost $129.99, and should ship starting March 8th.

Story developing…

Samsung announced its most expensive phone today, but it also shared the progress it’s made so far in selling a whole lot of Galaxy smartphones.

Onstage, Samsung Electronics President DJ Koh announced that over the past decade, the company had sold more than 2 billion Galaxy devices.

The company has more than just smartphones falling beneath the galaxy brand, but this vanity stat is all about what they’ve been able to accomplish with their handset brand. The company didn’t break down the active install base of its Galaxy devices or detail a full break down of its smartphone sales.

The company shared info on a whole lot of devices today, including the Galaxy S10 and Galaxy Fold.