How do you know this? Do you have a link to a source that says it?

From a friend that works at a big bank. I don’t want to dox then so I can’t really say which one.

I don’t disagree with this. Maybe I should get a phone that runs it.

In fact, I would argue that the safest distribution channel is F Droid and not Play Store.

I agree with this too! I don’t think I’ve seen any other app stores (on any platform) focus on reproducible builds.

giving access to your account only via SINGLE password and only asking for SMS OTP when transaction is done

This was a problem with US and Australian banks too. It’s still an issue in Australia, but some of the major banks in the USA have moved to sending 2FA requests to their mobile app, and either allowing OAuth or app-specific passwords to allow other services to get data from your bank account.

I mean, both things can be true? I know banks are pushing on Google to improve Android security, to avoid malicious apps with root access from messing with banking apps.

The fact is that a rooted phone can definitely be less secure if the user doesn’t 100% know what they’re doing, in the same way that always logging in as root on a Linux system can be.

There’s a standard way to describe search engines, including the correct URL to use to perform searches, in a machine readable way (https://developer.mozilla.org/en-US/docs/Web/XML/Guides/OpenSearch), so I’m surprised that I haven’t seen any launchers that use that metadata. It’s how web browsers detect search engines. A launcher could let you type the domain/URL for your search engine and pull the OpenSource XML to configure it.

The error doesn’t pop up just because you have a VPN connected. It pops up when it can’t actually communicate with the car. All it’s doing is adding some extra text to the error message if a VPN is connected.

Wireless Android Auto communicates to your car using Wi-Fi Direct. Something is preventing your phone from communicating with the car. Sometimes it’s an improperly configured VPN.

Does your Wireguard route all traffic through the tunnel, or only traffic for particular IPs? If it works fine when your VPN is off, that means it’s an issue with your VPN configuration. The Android TV version of Wireguard lets you select just specific apps to route over the VPN - does the Android phone version support that?

For what it’s worth, I use Tailscale and haven’t seen this error.

I wonder if this will work with MVNOs too. I’m on US Mobile (who are excellent) on Verizon’s network.

What are you trying to protect against? Having a separate burner phone just for Target feels like overkill to me. If you’re worried about Target spying then why not just go into the store to buy things, and pay in cash?

Can anyone explain what is happening in Android a

It’s using Firebase Cloud Messaging which is a Google service

Are there Android app permissions associated with this, that I can revoke?

You can revoke notification permissions for an app, but then you won’t get notifications of course.

There is a setting in the app permissions that is typically enabled by default to allow the app to run in the background.

That’s not how notifications work though. Most apps on Android use Firebase Cloud Messaging for notifications. Your phone has a constant connection to a Google server, and all notifications come in via that connection. The phone receives the notification and tells the relevant app.

Some apps have their own connection (for example, email apps will often connect directly to an email server and use IMAP IDLE) but it’s not very common.

Did you comment on the correct post? Not sure how this comment is related to Anandtech shutting down.

F-Droid is great. My understanding is that apps on F-Droid have to be free (as in freedom), and they build most apps from source so the builds are verifiable - they’ll exactly match the source code in the repo. It’s not just a developer uploading a random APK that might be completely different from the code in the repo.

Oh my job? I scroll TikTok all day looking for morons posting crimes they do online and tagging them to be forwarded to local police departments.

I have no doubt that some police departments actually do this. You can gather a lot of intelligence from public posts by people that aren’t very intelligent.

I’ve seen policy bodycam videos on YouTube where the police knew where to find a criminal with a warrant because they were on TikTok or a similar site, bragging about some crime they committed, and tagged the location.

For email, FastMail and MXRoute are good.

MXRoute needs you to have your own domain, but they let you create unlimited accounts at that domain. You’re just limited by total disk space. Sometimes they have good Black Friday deals.

I’d strongly suggest you use your own domain. It means you can easily change provider again in the future while still using the same email address. Get a domain for your surname and give accounts to your family :)

Google stopped being a technology business a long time ago; pragmatically nowadays it’s simply an advertisement company that dabbles on tech

They’ve primarily been an ad company ever since they acquired DoubleClick in 2008.

I live in Silicon Valley and this is a standard thing here. Companies measure your success as an employee based on “impact”. Launching a new thing that tens or hundreds of millions of people like and use is big impact. Deleting old code to reduce the overall complexity of the system is also seen as having a lot of impact - old code has potential security risks, privacy / data storage risks, may require legacy frameworks that aren’t supported any more, etc.

However, maintaining an existing system isn’t always seen as impactful, unless it’s a major system or needs some large bug fixes for issues that affect a significant number of users, or that affect paid customers.

Sometimes, apps are built by a small team (say 1-4 people) during a hackathon. Eventually, that team has to move on to other work, and nobody else wants to pick up maintenance of the system they built. This is usually the reason why smaller products die.

You also need to keep in mind that if you’re using a free service, you’re not the customer. The customer is whoever is paying for the service on your behalf - for example, advertisers, paid users, etc. Generally, time spent improving the app will be spent on improving the experience for paid users rather than free ones. New features in systems like Gmail, Google Drive, etc mostly get built because paid users ask for them. This also means that apps that don’t drive revenue (like Google Reader, etc) have very light staffing.

I use Audiobookshelf for audiobooks, but apparently it supports Podcasts too. I haven’t tried that feature yet.

It’s a self-hosted system that you run on your own server.

It’s more likely than you think!