That has got to be one of the most easily gamed metrics that there ever has been.
"Make sure you use this website that costs the company money frequently"
I wonder how it will play out when the costs of using an AI service are no longer subsidised by venture capital? (For example Uber is just as expensive as normal taxis now.)
"Woven by Toyota will also join the potential collaboration as Toyota’s strategic enabler, contributing its strengths in advanced software and mobility innovation."
Pretty neat.
One tip it took me a while to realize is that after you tap on a country, the compass rose (now the same color as the country) can be used to rotate it.
But why do countries rotate to the left as you drag them north and rotate to the right as you drag them south?
I think part of that is an illusion, since for something bowing upwards, the usualy anchor point of top left seems rotated clockwise.
But there is still a real rotation - look at wyoming or colorado for a perfect rectangle. My guess is the div element isn't quite centered - perhaps too much padding on the right edge, causing the center point to be off to the right. So when it bows you get the rotation bias
> "Apps were automatically taking screenshots of themselves and sending them to third parties. In one case, the app took video of the screen activity and sent that information to a third party.”
> Out of over 17,000 Android apps examined, more than 9,000 had potential permissions to take screenshots. And a number of apps were found to actively be doing so, taking screenshots and sending them to third-party sources.
Which permission is that, and how do you detect which apps are doing that and stop them?
There is a permission to record the screen. It requires user consent and there's an icon in the status bar while it's being used. It's impossible to use this covertly.
What I believe the article is speaking about, is an app taking screenshots of its own windows. This is obviously possible and obviously requires no permissions whatsoever. Just make a screen-sized bitmap and do
If you're going to exploit a privilege escalation vulnerability from your app, why not just grab the most interesting parts of the /data partition while you're at it?
Sure why not. I wasn't implying that a zero day that allows surreptitiously recording the phone screen is the only shitty thing that can be done with your phone with a zero day.
Also, it is possible for a zero day to break specific privileges (like screen record without notification) rather than root.
I think you missed the point GP was making. I believe they meant the vector might come from that kind of SDK. Not that someone who had a zero day to allow surreptitiously recording phone screens would use it for that purpose.
I followed the links to the study they referenced, and it says:
> Unlike the camera and audio APIs, the APIs for taking screenshots and recording video of the screen are not protected by any permission
However they also talk about doing static analysis on 9,100 out of the 17,260 apps, to determine (amongst other things) “whether media APIs are actually referenced in the app’s code”.
They then talk about doing a dynamic analysis to see which apps actually call the APIs (rather than just link to a library that might call it, but the app never calls that function the library).
The soundbite is bad, it shouldn’t say “had potential permissions to take screenshots”, it should just say “had the potential to take screenshots”
I doubt there's a specific "ability to send surreptitious screen shots to developer" permission. It must be a combination of permissions: one for making network connections, another for capturing the screen without making it obvious to the user, etc.
For apps that want to send their own screens to third parties, there's no permission needed or possible. The app is drawing the content to the screen. It knows what the content is.
If you're trying to track user information (notifications, actual timezone/language, battery level, VPN usage, etc) you can use screenshots of the current screen and open keyboard. You can also see stuff from other apps if the user is using split screen modes or has chat bubbles open. Apps can otherwise only access the data they render.
The research talks about thousands of apps but I do wonder how many of these are apps people use every day and how many are Chinese clones of freemium games and other shitware with a fraction of daily users. All we know from public app store data is the number of "downloads" and even that is distributed as a range. I doubt these 19000 apps were found by doing a survey on what people actually had on their phones.
Probably not, but all the information can be obtained via system APIs. There's no shortage of "system info" apps that show all manner of information about your phone (including battery level and network status), and don't require any special permission prompts.
When it's a developer tool we call it RUM or real user monitoring. It's super useful for solving bugs, but obviously the potential for abuse or user hostile activity is super high.
... and is this permission to take screenshots of anything else you are doing on your phone at any time, or is it permission to take screenshots while you have that app open?
Yes, they have a nice storage bin right behind where you put the optional tablet mount, but the only option I've seen for that bin is a speaker kit. I don't want a tablet mount or speakers in the bin. I want the left side of the bin (above the controls) to be a double DIN mount.
Commenters in another thread were suggesting that the OTA updates would be via their phone app. Which opens the possibility of simply not connecting your phone to it, one hopes.
Of course, we are talking about a car that doesn't exist yet. Who knows what the facts will be once it does.
> Where did Andrej say it was "the future of software engineering"? He very clearly described vibe coding as an entertaining way to hack on throwaway weekend projects.
... And then a few weeks later, my boss' boss scolded the team for not having heard of the term, and told us to learn and use vibe coding because it's the future.
Capable of printing to-scale? No. But I've printed a fair number of USGS 7.5min quads on a standard Brother laser printer. I print them double-sided, with the top half of the map on one side and the bottom half on the other[1]. They fit that way at about 1/2 scale, which is still eminently usable. Perfect for day hikes and other light recreation. And guaranteed not to break when you sit on it in a Ziploc in a back pocket.
Sure, use your phone with offline maps as your primary, but a printed backup map doesn't require anything special or expensive.
[1] With an overlap strip that is printed on both sides, thanks to plakativ[2].
Sad to say, I can vouch for this.
reply