Hackers tied to Russia’s GRU targeted the US grid for years

A powerline tower in a grassy field.

For all the nation-state hacker groups that have targeted the United States power grid—and even successfully breached American electric utilities—only the Russian military intelligence group known as Sandworm has been brazen enough to trigger actual blackouts, shutting the lights off in Ukraine in 2015 and 2016. Now one grid-focused security firm is warning that a group with ties to Sandworm’s uniquely dangerous hackers has also been actively targeting the US energy system for years.

On Wednesday, industrial cybersecurity firm Dragos published its annual report on the state of industrial control systems security, which names four new foreign hacker groups focused on those critical infrastructure systems. Three of those newly named groups have targeted industrial control systems in the US, according to Dragos. But most noteworthy, perhaps, is a group that Dragos calls Kamacite, which the security firm describes as having worked in cooperation with the GRU’s Sandworm. Kamacite has in the past served as Sandworm’s “access” team, the Dragos researchers write, focused on gaining a foothold in a target network before handing off that access to a different group of Sandworm hackers, who have then sometimes carried out disruptive effects. Dragos says Kamacite has repeatedly targeted US electric utilities, oil and gas, and other industrial firms since as early as 2017.

“They are continuously operating against US electric entities to try to maintain some semblance of persistence” inside their IT networks, says Dragos vice president of threat intelligence and former NSA analyst Sergio Caltagirone. In a handful of cases over those four years, Caltagirone says, the group’s attempts to breach those US targets’ networks have been successful, leading to access to those utilities that’s been intermittent, if not quite persistent.

Caltagirone says Dragos has only confirmed successful Kamacite breaches of US networks prior, however, and has never seen those intrusions in the US lead to disruptive payloads. But because Kamacite’s history includes working as part of Sandworm’s operations that triggered blackouts in Ukraine not once, but twice—turning off the power to a quarter million Ukrainians in late 2015 and then to a fraction of the capital of Kyiv in late 2016—its targeting of the US grid should raise alarms. “If you see Kamacite in an industrial network or targeting industrial entities, you clearly can’t be confident they’re just gathering information. You have to assume something else follows,” Caltagirone says. “Kamacite is dangerous to industrial control facilities because when they attack them, they have a connection to entities who know how to do destructive operations.”

Dragos ties Kamacite to electric grid intrusions not just in the US, but also to European targets well beyond the well-publicized attacks in Ukraine. That includes a hacking campaign against Germany’s electric sector in 2017. Caltagirone adds that there have been “a couple of successful intrusions between 2017 and 2018 by Kamacite of industrial environments in Western Europe.”

Dragos warns that Kamacite’s main intrusion tools have been spear-phishing emails with malware payloads and brute-forcing the cloud-based logins of Microsoft services like Office 365 and Active Directory as well as virtual private networks. Once the group gains an initial foothold, it exploits valid user accounts to maintain access and has used the credential-stealing tool Mimikatz to spread further into victims’ networks.

“One group gets in, the other… knows what to do”

Kamacite’s relationship to the hackers known as Sandworm—which has been identified by the NSA and US Justice Department as Unit 74455 of the GRU—isn’t exactly clear. Threat intelligence companies’ attempts to define distinct hacker groups within shadowy intelligence agencies like the GRU have always been murky. By naming Kamacite as a distinct group, Dragos is seeking to break down Sandworm’s activities differently from others who have publicly reported on it, separating Kamacite as an access-focused team from another Sandworm-related group it calls Electrum. Dragos describes Electrum as an “effects” team, responsible for destructive payloads like the malware known as Crash Override or Industroyer, which triggered the 2016 Kyiv blackout and may have been intended to disable safety systems and destroy grid equipment.

Together, in other words, the groups Dragos call Kamacite and Electrum make up what other researchers and government agencies collectively call Sandworm. “One group gets in, the other group knows what to do when they get in,” says Caltagirone. “And when they operate separately, which we also watch them do, we clearly see that neither is very good at the other’s job.”

When WIRED reached out to other threat-intelligence firms including FireEye and CrowdStrike, none could confirm seeing a Sandworm-related intrusion campaign targeting US utilities as reported by Dragos. But FireEye has previously confirmed seeing a widespread US-targeted intrusion campaign tied to another GRU group known as APT28 or Fancy Bear, which WIRED revealed last year after obtaining an FBI notification email sent to targets of that campaign. Dragos pointed out at the time that the APT28 campaign shared command-and-control infrastructure with another intrusion attempt that had targeted a US “energy entity” in 2019, according to an advisory from the US Department of Energy. Given that APT28 and Sandworm have worked hand-in-hand in the past, Dragos now pins that 2019 energy-sector targeting on Kamacite as part of its larger multiyear US-targeted hacking spree.

Vanadinite and Talonite

Dragos’ report goes on to name two other new groups targeting US industrial control systems. The first, which it calls Vanadinite, appears to be have connections to the broad group of Chinese hackers known as Winnti. Dragos blames Vanadinite for attacks that used the ransomware known as ColdLock to disrupt Taiwanese victim organizations, including state-owned energy firms. But it also points to Vanadinite targeting energy, manufacturing, and transportation targets around the world, including in Europe, North America, and Australia, in some cases by exploiting vulnerabilities in VPNs.

The second newly named group, which Dragos calls Talonite, appears to have targeted North American electric utilities, too, using malware-laced spear-phishing emails. It ties that targeting to previous phishing attempts using malware known as Lookback identified by Proofpoint in 2019. Yet another group Dragos has dubbed Stibnite has targeted Azerbaijani electric utilities and wind farms using phishing websites and malicious email attachments, but it has not hit the US to the security firm’s knowledge.

While none among the ever-growing list of hacker groups targeting industrial control systems around the world appears to have used those control systems to trigger actual disruptive effects in 2020, Dragos warns that the sheer number of those groups represents a disturbing trend. Caltagirone points to a rare but relatively crude intrusion targeting a small water treatment plant in Oldsmar, Florida earlier this month, in which a still-unidentified hacker attempted to vastly increase the levels of caustic lye in the 15,000-person city’s water. Given the lack of protections on those sorts of small infrastructure targets, a group like Kamacite, Caltagirone argues, could easily trigger widespread, harmful effects even without the industrial-control-system expertise of a partner group like Electrum.

That means the rise in even relatively unskilled groups poses a real threat, Caltagirone says. The number of groups targeting industrial control systems has been continually growing, he adds, ever since Stuxnet showed at the beginning of the last decade that industrial hacking with physical effects is possible. “A lot of groups are appearing, and there are not a lot going away,” says Caltagirone. “In three to four years, I feel like we’re going to reach a peak, and it will be an absolute catastrophe.”

This story originally appeared on wired.com.

Berkshire Hathaway saw Apple holdings grow despite stock sale

Berkshire Hathaway’s annual letter to shareholders has praised Apple, using the iPhone maker as a demonstration of how share repurchases can be a good thing for investors.

Every year, Warren Buffett’s Berkshire Hathaway writes a letter to shareholders, outlining its investments and events over the previous 12 months. In the 2020 letter released on Saturday, the investment firm wrote at length about its ownership in Apple.

The company is known for its major investments over the years, and counts Apple as one of its most valuable assets. While the top asset to the firm is its property and casualty insurance operation, Apple isn’t far behind.

“Our second and third most valuable assets – it’s pretty much a toss-up at this point – are Berkshire’s 100% ownership of BNSF, America’s largest railroad measured by freight volume, and our 5.4% ownership of Apple,” the firm writes.

Berkshire Hathaway is eager to repurchase shares, in that its own shares “should be repurchased at simply any price.” To prove its point, the company uses its investment in Apple to demonstrate the power of repurchases.

“We began buying Apple stock late in 2016 and by early July 2018, owned slightly more than one billion Apple shares (split-adjusted,)” the firm starts. “When we finished our purchases in mid-2018, Berkshire’s general account owned 5.2% of Apple.”

The cost for the stake was $36 billion, the letter reveals, with it enjoying regular dividends averaging at about $775 million annually. It also scored an additional $11 billion by selling a “small portion” in 2020.

“Despite that sale – voila! – Berkshire now owns 5.4% of Apple,” the piece continues. “That increase was costless to us, coming about because Apple has continuously repurchased its shares, thereby substantially shrinking the number it now has outstanding.”

It is a practice Apple is likely to continue for quite some time. On February 8, Apple issued $14 billion in bonds, which it said would go towards stock buybacks among other purposes.

For Berkshire Hathaway’s investors, the investment firm’s own repurchasing of shares over 2.5 years has improved their standing. “You now indirectly own a full 10% more of Apple’s assets and future earnings than you did in July 2018,” the letter boasts.

“The math of repurchases grinds away slowly, but can be powerful over time,” Berkshire suggests. “The process offers a simple way for investors to own an ever-expanding portion of exceptional businesses.”

According to the letter, Berkshire Hathaway owned over 907 million shares in Apple as of December 31, 2020, at a cost of $31 billion. On that date, the market value for those shares was $120.4 billion.

MobileFrame Celebrates 20 Year Anniversary Milestone in No-Code Mobile Computing | News

LOS GATOS, Calif., Feb. 28, 2021 /PRNewswire-PRWeb/ — MobileFrame, creators of the only entirely code-free mobile application development platform, is celebrating our 20th anniversary this month and we couldn’t be more excited about the future. In 2001, MobileFrame’s founder & CEO Lonny Oswalt set out with a vision to provide the best-in-class application development platform in the enterprise mobility market.

We’ve addressed all aspects of enterprise mobility with our innovative platform along with our ready to run solution suites for Field Service, Environmental, Health & Safety, Delivery, Field Sales, Asset Management and COVID Health Screening. We’re extremely proud of the solutions we’ve delivered over the past two decades.

These past twenty years of refinement and customer driven enhancements has led to the most comprehensive no-code, multi-experience mobile development platform in existence. The capabilities in MobileFrame’s configurable software make it easier to develop and manage cross-platform apps to digitally transform even the most complex enterprise. Our unlimited point and click configurability allows mobilization of any backend system, enabling digital transformation across multiple departments on one fully integrated platform.

We have incredible integration technology, a complete enterprise data mapping engine, highly scalable sync with data compression, our own mobile device management solution, built-in proprietary instant messaging and military-grade encryption embedded end to end. MobileFrame’s patented Invisible Two Factor Authentication is also built-in to provide even more security for our customers. MobileFrame is installed in some of the largest mobile projects in the world and can be deployed in all languages simultaneously (fully Unicode-double byte compliant).

“This is an incredible milestone for our company and the past 20 years of serving our customers with an entirely new code-free technology category has been incredibly rewarding. We’ve achieved this success through the hard work and dedication of our team members and our culture of excellence that exists throughout the entire organization. Most importantly, I recognize that we could not have reached this milestone without you, our customers and partners. To thank you for your support, we’ve put together a special offer that provides up to $40K in cost savings”; Lonny Oswalt, MobileFrame Founder and CEO.

Free App Program – Get up to 40 hours of Professional Services for FREE

Our Free App Program provides eligible customers with an opportunity for our team to develop your next app at a tremendous savings. Choose one of the apps in our library and we’ll modify it to suit your needs. Visit https://www.mobileframe.com/free-app to see a complete list of apps that are available to you. These pre-built app(s) can be used as a great starting point. The Free App Program also provides up to 40 hours of Professional Services time to modify applications to meet your needs. More details and eligibility can be found here.

We look forward to the next 20 years of continuing to lead the industry in delivering 1st class mobile solutions for the enterprise.

About MobileFrame

MobileFrame is the only code-free mobile application development platform that enables customers to deploy and manage sophisticated native, web or hybrid applications across iOS, Android and Windows based operating systems. Powered by MobileFrame’s code free “write once, deploy anywhere” mobile platform approach, enterprises can design, build, configure, test and manage custom apps across the enterprise from a single platform with no coding required. Every feature required for a successful enterprise class deployment is built-in, including mobile application development, mobile device management, military grade security, advanced data compression/synchronization, enterprise middleware data mapping, project administration and GPS tracking. MobileFrame also provides a suite of ready-to-run apps for every industry that can be easily tailored to meet any requirement.

To learn more about MobileFrame’s mobile application development platform, please visit http://www.mobileframe.com/mobile-app-development-platform/. Or follow us on Facebook, Twitter & LinkedIn. 101 Blossom Hill Road, Los Gatos, CA 95032 | (408) 885-1200 | [email protected]

Media Contact

T. Andrew Oswalt, MobileFrame, 408-885-1200, [email protected]

SOURCE MobileFrame

Apple helps Encircle expand its support for LGBTQ+ youth and their families

By any measure, Encircle’s model has worked — more than 10,000 guests visit each Encircle home every year. With counseling services, music nights, community service projects, and other bonding activities, Encircle has been a crucial lifeline to young people facing isolation or depression.

Luckily for the Toelupes, Encircle opened a house in Provo in 2017, just 20 minutes from their home. And while there were some local resources for young LGBTQ+ people, few had such a profound impact on their family and neighbors across Utah County. 

When the Toelupes first told their daughter about Encircle, Khristian was on her mission in the Philippines. When she returned home, she found a support system unlike anything she could’ve imagined — and a community that accepted and supported her for who she is. 

“I was just bawling,” Khristian says. “I thought, ‘Wow, I didn’t think that I could feel all this love at once.’ Every time that I go to Encircle it’s time that I can actually breathe. I can just be — without having to worry about opinions or my own safety.”

Encircle’s mission is not only to serve families but also be a great neighbor and community member. The nonprofit has helped foster a deeper understanding and appreciation for a diversity of experiences and identities. According to Micah, it isn’t uncommon for students to drive hours at a time just to spend a little while at an Encircle house.

“Encircle had this snowball effect,” Micah says. “I started going and it saved my life, and then my counselors at my school found out about it. It was saving other kids’ lives. The Friendship Circles grew from two people in the first group to 20 kids in the room.” 

Not everyone who visits has the support of their family, but Encircle’s focus on welcoming everyone has made it a lifeline for LGBTQ+ youth with a range of experiences. Savannah Harman interned at Encircle’s Salt Lake City house, where Friendship Circles and other community-building activities helped her find supportive friends from all walks of life. 

“I found a lovely chosen family,” Savannah says. “Because Encircle is family oriented, it allows space for you even if you don’t bring your family. You will find your family there.” 

Scoped storage tutorial for Android Studio

scoped storage tutorial

From Android 10 onward, Google changed the way that storage is handled. This became mandatory for all apps targeting Android 11 and above. The changes were implemented with privacy in mind, preventing users from being forced to grant access to every file on their device. This scoped storage tutorial will tell you what you need to know.

Scoped storage tutorial: The cliff-notes version

With scoped storage, users will need to grant permission any time an app attempts to access a file it didn’t create. Developers are also encouraged to place files in specific folders, thereby reducing the amount of clutter and disorganization. Any files outside of those folders will be deleted once an app is removed.

See also: A guide to Android app development in 5 easy steps

Scoped storage is granted by default and is based on the type of file being stored (these are organized as “collections”). Apps are only given access to the types of storage they actually use.

In practice, this means that devs no longer need to use the WRITE_EXTERNAL_STORAGE permission, as this has no effect on an app’s access to storage. Certain things get easier, others get a lot more complicated.  Read the rest of this scoped storage tutorial to find out what you need to know.

Accessing app-specific storage

Apps need no special permissions to access scoped storage and there are no changes in the way that you save to internal storage. However, there are a few things to consider when using app-specific storage, which we will cover in this scoped storage tutorial.

app specific storage

Credit: Edgar Cervantes / Android Authority

There are two app-specific locations in external storage which should primarily be used when internal storage is insufficient. These are designated for the app’s persistent files and cached files, respectively.

To access these locations, the app must first verify that the storage is available (availability is guaranteed for internal storage). Query the volume’s state using Environment.getExternalStorageStage(). If MEDIA_MOUNTED is returned, you can read and write files to external storage.

Next, you will need to choose a physical storage location. This may mean choosing between internal memory vs an SD card, for example. Call ContextCompat.getExternalFilesDir(). The first element in the returned array is considered to be the “primary” external storage option, and this should be used in the majority of cases.

To access app-specific files from external storage, call getExternalFilesDir().

There are a number of ready-defined directories intended to aid with logical storage of files. These include:


Use these or pass “null” if you want to access the root domain for the app-specific directory.

To add app-specific files to the cache in external storage, use externalCacheDir. To remove them, use delete().

Accessing other files

Finally, to bring this scoped storage tutorial to a close, we must consider how we access and write files that are shared across the system.

Apps must choose between “app-specific storage” or “shared storage.” The latter is used when you want to share files with other apps, such as images or documents. Developers that wish to access files outside their app-specific directory should use the MANGE_EXTERNAL_STORAGE permission. You can also use the ACTION_MANAGE_ALL_FILES_ACCESS_PERMISSION intent action to send users the settings page where they can enable access for your app.

MANAGE_EXTERNAL_STORAGE grants access to the contents of the MediaStore.Files table, the root directory of the USB OTG drive and SD card, and all internal directories (except sdcard/Android and its subdirectories). This restriction includes the app-specific directories of other apps, as these are located in sdcard/Android/data.

Write file to external storage

We can no longer use File APIs to directly access files. Instead, we must use the Storage Access Framework for selecting files and folders, and URI’s for media files. To access a photo, for example, we must now use URIs rather than MediaStore.Images.Media.DATA. This was already the recommended practice, but is now mandatory.

See also: Introduction to the Google Play Console for developers

For accessing simple files with the Storage Access Framework, there are three main actions:


These are fairly self-explanatory. For displaying images, we would first get the ID of the image with MediaStore.Images.Media._ID and then build the Uri with ContentUris.withAppendedID. This is a significantly lengthier process than it used to be and certainly increases the learning-curve for what could be a relatively simple process.

That wraps up this scoped storage tutorial! What do you think of scoped storage? Is it a necessary security update, or a frustrating hurdle for developers?

For more developer news, features, and tutorials from Android Authority, don’t miss signing up for the monthly newsletter below!

Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10

Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10

Rockwell Automation

Hardware that is widely used to control equipment in factories and other industrial settings can be remotely commandeered by exploiting a newly disclosed vulnerability that has a severity score of 10 out of 10.

The vulnerability is found in programmable logic controllers from Rockwell Automation that are marketed under the Logix brand. These devices, which range from the size of a small toaster to a large bread box or even bigger, help control equipment and processes on assembly lines and in other manufacturing environments. Engineers program the PLCs using Rockwell software called Studio 5000 Logix Designer.

On Thursday, the US Cybersecurity & Infrastructure Security Administration warned of a critical vulnerability that could allow hackers to remotely connect to Logix controllers and from there alter their configuration or application code. The vulnerability requires a low skill level to be exploited, CISA said.

The vulnerability, which is tracked as CVE-2021-22681, is the result of the Studio 5000 Logix Designer software making it possible for hackers to extract a secret encryption key. This key is hard-coded into both Logix controllers and engineering stations and verifies communication between the two devices. A hacker who obtained the key could then mimic an engineering workstation and manipulate PLC code or configurations that directly impact a manufacturing process.

“Any affected Rockwell Logix controller that is exposed on the Internet is potentially vulnerable and exploitable,” said Sharon Brizinov, principal vulnerability researcher at Claroty, one of three organizations Rockwell credited with independently discovering the flaw. “To successfully exploit this vulnerability, an attacker must first obtain the secret key and have the knowledge of the cryptographic algorithm being used in the authentication process.”

Brizinov said that Claroty notified Rockwell of the vulnerability in 2019. Rockwell didn’t disclose it until Thursday. Rockwell also credited Kaspersky Lab and Soonchunhyang University researchers Eunseon Jeong, Youngho An, Junyoung Park, Insu Oh, and Kangbin Yim.

The vulnerability affects just about every Logix PLC Rockwell sells, including:

  • CompactLogix 1768
  • CompactLogix 1769
  • CompactLogix 5370
  • CompactLogix 5380
  • CompactLogix 5480
  • ControlLogix 5550
  • ControlLogix 5560
  • ControlLogix 5570
  • ControlLogix 5580
  • DriveLogix 5560
  • DriveLogix 5730
  • DriveLogix 1794-L34
  • Compact GuardLogix 5370
  • Compact GuardLogix 5380
  • GuardLogix 5570
  • GuardLogix 5580
  • SoftLogix 5800

Rockwell isn’t issuing a patch that directly addresses the problems stemming from the hard-coded key. Instead, the company is recommending that PLC users follow specific risk mitigation steps. The steps involve putting the controller mode switch into run, and if that’s not possible, following other recommendations that are specific to each PLC model.

Those steps are laid out in an advisory Rockwell is making available to customers, as well as in the above-linked CISA advisory. Rockwell and CISA also recommend PLC users follow standard security-in-depth security advice. Chief among the recommendations is ensuring that control system devices aren’t accessible from the Internet.

Security professionals universally admonish engineers to place critical industrial systems behind a firewall so they aren’t exposed to the Internet. Unfortunately, engineers struggling with high workloads and limited budgets often don’t heed the advice. The latest reminder of this came earlier this month when a municipal water treatment plant in Florida said that an intruder accessed a remote system and tried to lace drinking water with lye. Plant employees used the same TeamViewer password and didn’t put the system behind a firewall.

If Logix PLC users are segmenting industrial control networks and following other best practices, it’s likely that the risk posed by CVE-2021-22681 is minimal. And if people haven’t implemented these practices, hackers probably have easier ways to hijack the devices. That said, this vulnerability is serious enough that all Logix PLC users should pay attention to the CISA and Rockwell advisories.

Claroty has issued its own writeup here.

Apple says Developer Transition Kit must be returned by March 31

Apple in an email sent out on Friday requested developers who took part in the Universal App Quick Start Program to return the accompanying Developer Transition Kit, a custom A12Z Bionic-powered Mac mini designed to prepare app makers for Apple Silicon Macs.

According to the letter, program participants have until March 31, 2021, to return the loaned DTK to Apple.

“Now that the new MacBook Air, Mac mini, and MacBook Pro powered by the Apple M1 chip are available, you’ll need to return the Developer Transition Kit (DTK) that was loaned to you as part of the program. Please follow the instructions below to return the DTK, at no cost to you,” Apple says in a post to its dedicated Universal App Quick Start Program website.

Developer Steve Troughton-Smith, who lives in Europe, notes carrier DHL will begin to collect the devices in his region without prior warning starting March 8. That stands in contrast to U.S. protocols, which simply require developers to print out a prepaid shipping label and send the unit out via UPS.

Apple in the email reminds program members of a $500 one-time-use promo code that can be used toward the online purchase of a new M1 Mac or other Apple products. The code is not applicable to Apple Gift Cards and AppleCare+, the company says.

The company in early February notified members that it would soon request the return of DTK hardware. At the time, Apple said it would offer a $200 promotional code for the purchase of a 13-inch MacBook Pro, MacBook Air or Mac mini equipped with an M1 chip, but later bumped that sum up to $500 — the cost of a DTK lease — after developers expressed disapproval of the original plan. Troughton-Smith says Apple is converting the $500 figure to local currency, a move that for some equates to a more than 100 euro loss.

Fitted with an A12Z, the Mac mini was equipped with 16GB of RAM, a 512GB SSD, two USB-C ports, two USB 3.0 ports, HDMI 2.0 and Gigabit Ethernet, trappings designed to mimic the first M1 Mac computers. It came loaded with a beta version of macOS Big Sur and Xcode 12.

Digital Self-Monitoring Linked to Weight Loss for Adults – Consumer Health News

FRIDAY, Feb. 26, 2021 (HealthDay News) — Digital self-monitoring is associated with weight loss in behavioral interventions for overweight or obesity, according to a review published online Feb. 23 in Obesity.

Michele L. Patel, Ph.D., from the Stanford University School of Medicine in California, and colleagues conducted a systematic review to examine digital self-monitoring in behavioral weight loss interventions among adults with overweight or obesity. Data were included from 39 studies from 2009 to 2019.

Of the 67 interventions with digital self-monitoring, weight, diet, and physical activity were tracked in 72, 81, and 82 percent, respectively. The researchers found that the most common self-monitoring modality was websites, followed by mobile applications, wearables, electronic scales, and text messaging. Digital self-monitoring engagement rates ≥75 percent of days were seen for few interventions. In 21 of 34 comparisons, rates were higher in digital-based than paper-based arms, while rates were lower in two comparisons. Similar rates were seen for interventions with counseling and standalone interventions. In 74 percent of cases, greater digital monitoring was linked to weight loss.

“Adults with overweight or obesity should be encouraged to self-monitor frequently in order to promote weight loss,” the authors write. “Through regular self-monitoring, individuals can gain increased awareness about their eating and exercise behaviors, which allows them to track progress over time and compare that progress with prespecified goals.”

One author disclosed financial ties to the weight loss and health industries.

Abstract/Full Text

Apple celebrates Women’s History Month and International Women’s Day

Apple Maps 

Curated Guides, in collaboration with Altas Obscura, Complex, Michelin Guide, HER, and Street Art Cities, will be available on Apple Maps. Users can discover stunning statues of remarkable women, restaurants from Michelin-starred female chefs and rising stars from around the globe, must-visit businesses in Los Angeles, and street art by women artists in New York.

Apple Podcasts

Listeners can enjoy an expansive set of shows featuring powerful female voices including 2020 Noble Prize for Chemistry winner Jennifer Doudna, Grammy-record-breaking artist Billie Eilish, National Youth Poet Laureate Amanda Gorman, and Vice President Kamala Harris. Also available for discovery is a collection of shows from women-founded podcast studios, including audiochuck, Lemonada Media, and Wonder Media Network, in addition to a special edition titled “The Power of Sisterhood,” which features shows that celebrate the roles women play in society, culture, and family, and the many ways women work together to achieve positive change. 

And notably on March 1, ABC News will launch a new podcast, In Plain Sight: Lady Bird Johnson, about Claudia Alta “Lady Bird” Johnson. Told in her own words using never-before-released recordings from over 123 hours of her White House audio diaries, In Plain Sight: Lady Bird Johnson presents surprising revelations about the former first lady’s underestimated ability to navigate the power, politics, and polarization of her era — narrated in colorful, insightful, and often humorous detail — to become President Lyndon B. Johnson’s closest advisor and political partner, and one of the most influential members of his administration.

Android 12 developer preview: Everything developers need to know

Android 12 logo on Google Pixel 3 2

Credit: Jimmy Westenberg / Android Authority

Wow, is it that time of year already? It seems no time at all since Android 11 landed and yet here we are with the first developer preview of Android 12! As always, we’ll be sharing all the changes devs need to know about in this post.

Highlights include compatible media transposing and new copy-paste features. Of course, Google has lots more changes in store for us with future releases. But this is an early sign of things to come and there’s already some interesting stuff to keep us busy!

For the full scoop, check out the post at Android Developers Blog. Here, I’ll attempt to share the cliff-notes version, and draw your attention to anything that needs your urgent attention.

We’ll be updating this page as future previews roll out, so you’ll be able to find everything you need in this one spot as you prep your app for the future of the platform.

See also: Android 12 features: Everything confirmed and rumored so far


Google is always keen to put emphasis on security and Android 12 is no different. The focus is on increasing use control and transparency. These changes have the potential to impact the way apps behave, so this is important for developers to keep in mind.

Cookie changes in WebView: Google recently made changes to Chrome that change the way cookies are handled. These changes will now be reflected in the Android WebView. The SameSite attribute will dictate whether cookie requests are limited to just that site. Cookies without that attribute will be treated as SameSite=Lax.

Restricted Netlink Mac: Netlink MAC is restricted in Android 12 regardless of targetSDK.

Safer exporting of components: The default handling of andoird:exported attribute has been altered to be more specific. Now components that declare intent filters need to explicitly declare android:exported as well.

PendingIntents to change: PendingIntents will be more secure in Android 12 and must declare a mutability flag.

User-facing changes

A few new changes to Android 12 have potential to improve the user experience.

HEVC transcoding: HEVC hardware encoders are increasingly common and provide improved quality and compression versus older codecs. While most apps should support HEVC, Android 12 now offers built in transcoding to AVC format. A one minute video filmed at 1080p, 30fps HEVC will take roughly 9 seconds to transcode on a Pixel 4. More here.

This should result in a more seamless experience for users and less work for developers. Premiere Pro, take note!

See also: Android 12 developer preview hands-on: Lots of little changes

Platform support for AVIF image format: Likewise, AVIF image support can offer better images and compression for still pictures. Android 12 brings native support for the AV1 format.

Foreground service optimizations: Foreground services are useful for running a number of tasks. Android 12 will block background services from moving into the foreground unless they target the new platform. The new expedited job in JobScheduler will benefit from elevated process priority and network access. It will run immediately even in Battery Saver and Doze modes.

Rich content from clipboard: A new unified API makes it simpler for devs to accept rich content copied from the clipboard, inserted by the keyboard, or dragged from other apps. This should be an effortless way for developers to create new use-cases for their users.

Audio-coupled haptic feedback: Android 12 brings audio-coupled haptic feedback. Strength and frequency of vibration are dictated by audio. This should offer instant improvements to the user experience in games but has other applications, too. An example given by Google is to identify callers from any app based on custom ringtones. Use HapticGenerator#isAvailable() to check whether the device supports haptic feedback.


Gestures on by default: Gestures will now be enabled by default in full-screen/immersive apps such as video viewers and eReaders. However, the feature will remain off by default when gaming.

New notifications: Notifications are getting a minor visual overhaul with new transitions and animations. Devs will be able to decorate notifications with more custom content. Get more info here. Devs are also asked to ensure that not to use “trampolines” to ensure rapid launching of apps from notification taps – these will be blocked in apps targeting Android 12 but toasts will be used to make trampolines visible in all cases.


Google says it has taken effort to ensure compatibility with older apps. As such, most user-affecting changes will be on an opt-in basis. Usefully, developers testing their apps on Android 12 will also be able to test compatibility by toggling certain changes on and off.

To get started, you can either flash Android 12 to a Pixel device, or use the system image via the Android Emulator in Android Studio.

Be sure to check back here as we update this post to reflect future previews. In the meantime, let us know what you think about these changes and how they affect your own app projects in the comments below!

For more developer news, features, and tutorials from Android Authority, don’t miss signing up for the monthly newsletter below!