Google debuts new digital wellbeing ‘experiments’ like a notification mailbox, unlock clock & even a paper phone

Following the introduction of its digital wellbeing tools for Android at Google’s I/O developer conference last year, the company has since expanded the feature set to include new options like Focus mode and better parental controls for families with children. Now, Google is trying something new. The company today introduced a set of “experimental” apps designed to help users be better aware of their device use and reduce their screen time.

The apps, which are a part of a new Digital Wellbeing Experiments platform, are very different from your standard screen time controls. They’re open-sourced projects designed to kickstart out-of-the-box thinking, but not necessarily must-have tools.

One experiment, Unlock Clock, simply shows you how often you unlock your phone.

Screen Shot 2019 10 23 at 6.08.37 PM

Another, We Flip, lets a group of friends or a family disconnect from technology altogether by flipping a big switch. And if anyone unlocks their phone, the session ends for everyone — almost like making screen time a competitive family sport.

Desert Island and Morph, meanwhile, take an app-centric approach to screen time reduction. The former requires you to go a day with only your most essential apps, while the latter helps you stay focused by giving you the right apps at the right time of day.

Screen Shot 2019 10 23 at 6.29.32 PM

That idea had been popular in years past with Android launchers, like Cover, EverythingMe, and Aviate, for example. In those cases, different homescreen configurations and widgets would appear based on what time of day it was and what you were doing. However, the idea of smartphones that personalized themselves to our needs never really took off — perhaps because these same experiences could never transition to iOS where Apple’s restrictions limited how much customization could be done.

The Post Box experiment is one of the more intriguing creations — it offers to hold your notifications until whatever time suits you.

Notification spam is now arguably one of the worst side effects of becoming a smartphone user. It’s so bad, in fact, that both Apple and Google have had to redesign ways for users to reassert control at the OS level.

Earlier this year, Apple CEO Tim Cook even said that he has gutted his iPhone’s notifications, touting the iOS feature to do so as some sort of miraculous invention — when in reality it was Apple’s flawed design of the notification system to begin with that allowed developers to continually interrupt us with their irrelevant pings.

A mailbox-style system — like this new Google experiment provides — was another obvious choice, but one that wouldn’t have allowed an app ecosystem to blossom.

Then there is the most whimsical experiment of them all, Paper Phone.

This app will print you a custom booklet of the critical information you need that day, including favorite contacts, maps, meetings, tasks, weather info, and more.

paper phone

You can then take a short break from your device, without giving up access to your must-have information. It’s like time-traveling for those of us old enough to remember life before smartphones, and a small gift of freedom for those who have never been without.

Google says this new Digital Wellbeing Experiments platform is open for contributions from any designers and developers who want to share their ideas for a more balanced relationship with technology.

“We hope these experiments inspire developers and designers to keep digital wellbeing top of mind when building technology. The more people that get involved, the more we can all learn how to build better technology for everyone,” said Google.

Interested contributors can download the “Hack Pack” and open source code available on the site to get started.

The experiments only run on Android and are offered for download on the Play Store.

While the new experiments are less about fixing existing Google products and more about playing around with new ideas, Google has several other screen time/wellbeing initiatives underway, including its Android native wellbeing features, YouTube’s ‘take a break’ reminders and other screen time controls, Google Assistant’s wind-down routines, Gmail automations like auto-reply and send later, Google Family Link and more.


Android – TechCrunch

Google’s Pixel 4 smartphone will have motion control and face unlock

Google’s Pixel 4 is coming out later this year, and it’s getting the long reveal treatment thanks to a decision this year from Google to go ahead and spill some of the beans early, rather than saving everything for one big final unveiling closer to availability. A new video posted by Google today about the forthcoming Pixel 4 (which likely won’t actually be available until fall) shows off some features new to this generation: Motion control and face unlock.

The new “Motion Sense” feature in the Pixel 4 will detect waves of your hand and translate them into software control, including skipping songs, snoozing alarms and quieting incoming phone call alerts, with more planned features to come, according to Google. It’s based on Soli, a radar-based fine motion detection technology that Google first revealed at its I/O annual developer conference in 2016. Soli can detect very fine movements, including fingers pinched together to mimic a watch-winding motion, and it got approval from the FCC in January, hinting it would finally be arriving in production devices this year.

Pixel 4 is the first shipping device to include Soli, and Google says it’ll be available in “select Pixel countries” at launch (probably due to similar approvals requirements wherever it rolls out to consumers).

Google also teased “Face unlock,” something it has supported in Android previously – but Google is doing it very differently than it has been handled on Android in the past with the Pixel 4. Once again, Soli is part of its implementation, turning on the face unlock sensors in the device as it detects your hand reaching to pick up the device. Google says this should mean that the phone will be unlocked by the time you’re ready to use it, since it does this all on the fly, and works from pretty much any authentication.

Face unlock will be supported for authorizing payments and logging into Android apps, as well, and all of the facial recognition processing done for face unlock will occur on the device – a privacy-oriented feature that’s similar to how Apple handles its own Face ID. In fact, Google will also be storing all the facial recognition data securely in its own dedicated on-device Titan M security chip, another move similar to Apple’s own approach.

Google made the Pixel 4 official and tweeted photos (or maybe photorealistic renders) of the new smartphone back in June, bucking the trend of keeping things unconfirmed until an official reveal closer to release. Based on this update, it seems likely we can expect to learn more about the new smartphone ahead of its availability, which is probably going to happen sometime around October based on past behavior.


Android – TechCrunch

Google’s Pixel 4 smartphone will have motion control and face unlock

Google’s Pixel 4 is coming out later this year, and it’s getting the long reveal treatment thanks to a decision this year from Google to go ahead and spill some of the beans early, rather than saving everything for one big final unveiling closer to availability. A new video posted by Google today about the forthcoming Pixel 4 (which likely won’t actually be available until fall) shows off some features new to this generation: Motion control and face unlock.

The new “Motion Sense” feature in the Pixel 4 will detect waves of your hand and translate them into software control, including skipping songs, snoozing alarms and quieting incoming phone call alerts, with more planned features to come, according to Google. It’s based on Soli, a radar-based fine motion detection technology that Google first revealed at its I/O annual developer conference in 2016. Soli can detect very fine movements, including fingers pinched together to mimic a watch-winding motion, and it got approval from the FCC in January, hinting it would finally be arriving in production devices this year.

Pixel 4 is the first shipping device to include Soli, and Google says it’ll be available in “select Pixel countries” at launch (probably due to similar approvals requirements wherever it rolls out to consumers).

Google also teased “Face unlock,” something it has supported in Android previously – but Google is doing it very differently than it has been handled on Android in the past with the Pixel 4. Once again, Soli is part of its implementation, turning on the face unlock sensors in the device as it detects your hand reaching to pick up the device. Google says this should mean that the phone will be unlocked by the time you’re ready to use it, since it does this all on the fly, and works from pretty much any authentication.

Face unlock will be supported for authorizing payments and logging into Android apps, as well, and all of the facial recognition processing done for face unlock will occur on the device – a privacy-oriented feature that’s similar to how Apple handles its own Face ID. In fact, Google will also be storing all the facial recognition data securely in its own dedicated on-device Titan M security chip, another move similar to Apple’s own approach.

Google made the Pixel 4 official and tweeted photos (or maybe photorealistic renders) of the new smartphone back in June, bucking the trend of keeping things unconfirmed until an official reveal closer to release. Based on this update, it seems likely we can expect to learn more about the new smartphone ahead of its availability, which is probably going to happen sometime around October based on past behavior.

Gadgets – TechCrunch

Security flaws in a popular smart home hub let hackers unlock front doors

When is a smart home not so smart? When it can be hacked.

That’s exactly what security researchers Chase Dardaman and Jason Wheeler did with one of the Zipato smart hubs. In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which when chained together could be abused to open a front door with a smart lock.

Smart home technology has come under increasing scrutiny in the past year. Although convenient to some, security experts have long warned that adding an internet connection to a device increases the attack surface, making the devices less secure than their traditional counterparts. The smart home hubs that control a home’s smart devices, like water meters and even the front door lock, can be abused to allow landlords entry to a tenant’s home whenever they like.

In January, security expert Lesley Carhart wrote about her landlord’s decision to install smart locks — forcing her to look for a new home. Other renters and tenants have faced similar pressure from their landlords and even sued to retain the right to use a physical key.

Dardaman and Wheeler began looking into the ZipaMicro, a popular smart home hub developed by Croatian firm Zipato, some months ago but only released their findings once the flaws had been fixed.

The researchers found they could extract the hub’s private SSH key for “root” — the user account with the highest level of access — from the memory card on the device. Anyone with the private key could access a device without needing a password, said Wheeler.

The later discovered that the private SSH key was hardcoded in every hub sold to customers — putting every home with the same hub installed at risk.

Using that private key, the researchers downloaded a file from the device containing scrambled passwords used to access the hub. They found that the smart hub uses a “pass-the-hash” authentication system, which doesn’t require knowing the user’s plaintext password, only the scrambled version. By taking the scrambled password and passing it to the smart hub, the researchers could trick the device into thinking they were the homeowner.

All an attacker had to do was send a command tell the lock to open or close. With just a few lines of code, the researchers built a script that locked and unlocked a smart lock connected to a vulnerable smart hub.

The proof-of-concept code letting the hackers unlock a smart lock. (Image: Chase Dardaman, Jason Wheeler)

Worse, Dardaman said that any apartment building that registered one main account for all the apartments in their building would allow them to “open any door” from that same password hash.

The researchers conceded that their findings weren’t a perfect skeleton key into everyone’s homes. In order to exploit the flaws, an attacker would need to be on the same Wi-Fi network as the vulnerable smart hub. Dardaman said any hub connected directly to the internet would be remotely exploitable. The researchers found five such vulnerable devices using Shodan, a search engine for publicly available devices and databases.

Zipato says it has 112,000 devices in 20,000 households, but the exact number of vulnerable hubs isn’t known.

We asked SmartRent, a Zipato customer and one of the largest smart home automation providers, which said fewer than 5% of its apartment-owning customers were affected by the vulnerable technology. A spokesperson wouldn’t quantify the figure further. SmartRent said it had more than 20,000 installations in mid-February, just weeks before the researchers’ disclosure.

For its part, Zipato fixed the vulnerabilities within a few weeks of receiving the researchers’ disclosure.

Zipato’s chief executive Sebastian Popovic told TechCrunch that each smart hub now comes with a unique private SSH key and other security improvements. Zipato has also since discontinued the ZipaMicro hub in favor of one of its newer products.

Smart home tech isn’t likely to go away any time soon. Figures from research firm IDC estimates more than 832 million smart home devices will be sold in 2019, just as states and countries crack down on poor security in internet-connected devices.

That’s also likely to bring more scrutiny to smart home tech by hackers and security researchers alike.

“We want to show that there is a risk to this kind of tech and apartment buildings or even individual consumers need to know that these are not necessarily safer than a traditional door lock,” said Dardaman.

Gadgets – TechCrunch

Inquiry finds FBI sued Apple to unlock phone without considering all options

The Office of the Inspector General has issued its report on the circumstances surrounding the FBI’s 2016 lawsuit attempting to force Apple to unlock an iPhone as part of a criminal investigation. While it stops short of saying the FBI was untruthful in its justification of going to court, the report is unsparing of the bureaucracy and clashing political motives that ultimately undermined that justification.

The official narrative, briefly summarized, is that the FBI wanted to get into a locked iPhone allegedly used in the San Bernardino bombing in late 2015. Then-director Comey explained on February 9 that the Bureau did not have the capability to unlock the phone, and that as Apple was refusing to help voluntarily, a lawsuit would be filed compelling it to assist.

But then, a month later, a miracle occurred: a third party had come forward with a working method to unlock the phone and the lawsuit would not be necessary after all.

Though this mooted the court proceedings, which were dropped, it only delayed the inevitable and escalating battle between tech and law enforcement — specifically the “going dark” problem of pervasive encryption. Privacy advocates saw the suit as a transparent (but abortive) attempt to set a precedent greatly expanding the extent to which tech companies would be required to help law enforcement. Apple of course fought tooth and nail.

In 2016 the OIG was contacted by Amy Hess, a former FBI Executive Assistant Director, who basically said that the process wasn’t nearly so clean as the Bureau made it out to be. In the course of its inquiries the Inspector General did find that to be the case, though although the FBI’s claims were not technically inaccurate or misleading, they also proved simply to be incorrect — and it is implied that they may have been allowed to be incorrect in order to further the “going dark” narrative.

The full report is quite readable (if you can mentally juggle the numerous acronyms) but the findings are essentially as follows.

Although Comey stated on February 9 that the FBI did not have the capability to unlock the phone and would seek legal remedy, the inquiry found that the Bureau had not exhausted all the avenues available to it, including some rather obvious ones.

Comey at a hearing in 2017.

For instance, one senior engineer was tasked with asking trusted vendors if they had anything that could help — two days after Comey already said the FBI had no options left. Not only that, but there was official friction over whether classified tools generally reserved for national security purposes should be considered for this lesser, though obviously serious, criminal case.

In the first case, it turned out that yes, a vendor did have a solution “90 percent” done, and was happy to finish it up over the next month. How could the director have said that the FBI didn’t have the resources to do this, when it had not even asked its usual outside sources for help?

In the second, it’s still unclear whether there in fact exist classified tools that could have been brought to bear on the device in question. Testimony is conflicting on this point, with some officials saying that there was a “line in the sand” drawn between classified and unclassified tools, and another saying it was just a matter of preference. Regardless, those involved were less than forthcoming even within the Bureau, and even internal leadership was left wondering if there were solutions they hadn’t considered.

Hess, who brought the initial complaint to the OIG, was primarily concerned not that there was confusion in the ranks — it’s a huge organization and communication can be difficult — but that the search for a solution was deliberately allowed to fail in order that the case could act as a precedent advantageous to the FBI and other law enforcement agencies. Comey was known to be very concerned with the “going dark” issue and would likely have pursued such a case with vigor.

So the court case, Hess implied, was the real goal, and the meetings early in 2016 were formalities, nothing more than a paper trail to back up Comey’s statements. When a solution was actually found, because an engineer had taken initiative to ask around, officials hoping for a win in court were dismayed:

She became concerned that the CEAU Chief did not seem to want to find a technical solution, and that perhaps he knew of a solution but remained silent in order to pursue his own agenda of obtaining a favorable court ruling against Apple. According to EAD Hess, the problem with the Farook iPhone encryption was the “poster child” case for the Going Dark challenge.

The CEAU Chief told the OIG that, after the outside vendor came forward, he became frustrated that the case against Apple could no longer go forward, and he vented his frustration to the ROU Chief. He acknowledged that during this conversation between the two, he expressed disappointment that the ROU Chief had engaged an outside vendor to assist with the Farook iPhone, asking the ROU Chief, “Why did you do that for?”

While this doesn’t really imply a pattern of deception, it does suggest a willingness and ability on the part of FBI leadership to manipulate the situation to its advantage. A judge saying the likes of Apple must do everything possible to unlock an iPhone, and all forward ramifications of that, would be a tremendous coup for the Bureau and a major blow to user privacy.

The OIG ultimately recommends that the FBI “improve communication and coordination” so that this type of thing doesn’t happen (and it is reportedly doing so). Ironically, if the FBI had communicated to itself a bit better, the court case likely would have continued under pretenses that only its own leadership would know were false.

Gadgets – TechCrunch