cross-posted from: https://lazysoci.al/post/26355008

• F-Droid.
• Google Play Store.
• OpenApk.

Notifications in Chrome are a useful feature to keep up with updates from your favorite sites. However, we know that some notifications may be spammy or even deceptive. We’ve received reports of notifications diverting you to download suspicious software, tricking you into sharing personal information or asking you to make purchases on potentially fraudulent online store fronts.

To defend against these threats, Chrome is launching warnings of unwanted notifications on Android. This new feature uses on-device machine learning to detect and warn you about potentially deceptive or spammy notifications, giving you an extra level of control over the information displayed on your device.

When a notification is flagged by Chrome, you’ll see the name of the site sending the notification, a message warning that the contents of the notification are potentially deceptive or spammy, and the option to either unsubscribe from the site or see the flagged content..

cross-posted from: https://lemmy.world/post/29361462

TL;DR

• Android’s long-awaited Battery Health menu has arrived in Android 16 Beta 3, but only for the Pixel 9 series and the Pixel 8a.
• Google has confirmed that older Pixels, including the not-so-old Pixel 8 and Pixel 8 Pro, will not receive this feature.
• The decision is due to unspecified “product limitations,” leaving aging device users without means for native battery diagnostics.

The zero-day, tracked as CVE-2025-27363, resides in the System component and stems from a memory handling bug in FreeType — an open-source library widely used for font rendering. The flaw allows for local code execution without requiring additional privileges or user interaction. According to Facebook’s security team, which first disclosed details about the vulnerability in March 2025, attackers can exploit the issue through malformed TrueType GX or variable font files, leading to heap buffer overflows and potentially arbitrary code execution. While the vulnerability was fixed in FreeType 2.13.0 over two years ago, older versions remain embedded in many Android builds and third-party software, making the risk of exploitation significant.

Google has acknowledged signs of limited, targeted exploitation of CVE-2025-27363 in the wild, reinforcing the urgency for users and OEMs to apply the update. Devices patched with the 2025-05-05 security level will receive a fix for this vulnerability, along with all other patches from earlier levels.

Beyond the zero-day, the May 2025 bulletin addresses over 40 high-severity vulnerabilities affecting Android components such as the Framework, System, kernel, and key third-party hardware modules from Arm, MediaTek, Qualcomm, and Imagination Technologies.

Android device manufacturers are expected to incorporate these fixes into their firmware. Devices running Android 10 and later will receive some of these patches through Google Play system updates, covering components like the Wi-Fi stack, Permission Controller, and Documents UI. However, it is recommended that users of older models move to a newer device running Android version 13 or later. For some models, third-party Android distributions like GrapheneOS and LineageOS exist, which might provide security in aging devices.

Desktop Archive.

• Google is working on an Intrusion Detection system for Android, according to a teardown of the Play Services app.
• The system will collect a log of your device/network activities that can be accessed if you notice suspicious activity across your account or devices.
• Google’s code suggests this log is end-to-end encrypted and can only be accessed with your Google account password and device authentication.