Attackers can slip malicious code into many Android apps via open Wi-Fi

A vulnerability mostly affecting older versions of Google's Android operating system may make it possible for attackers to execute malicious code on end-user smartphones that use a wide variety of apps, researchers said.

The weakness resides in a widely used programming interface known as WebView, which allows developers to embed Web-based content into apps used for banking, entertainment, and other purposes. Many apps available on the official Google Play market don't properly secure the connection between the WebView component on a phone and the Web content being downloaded, researchers from UK-based MWR Labs recently warned. That makes it possible for attackers who are on the same open Wi-Fi network as a vulnerable user to hijack the connection and inject malicious code that can be executed by the phone.

"The lowest impact attack would be downloading contents of the SD card and the exploited application's data directory," the researchers wrote in an advisory published earlier this week. "However, depending on the device that was exploited this could extend to obtaining root privileges, retrieving other sensitive user data from the device or causing the user monetary loss."

Researchers from several other security firms said they are also aware of the weakness, which can affect apps that run on Android versions 4.1 and earlier and don't make proper use of the secure sockets layer (SSL) encryption protocol. Elad Shapira, a researcher with antivirus provider AVG recently demonstrated how an app that has already been given permission to access SMS capabilities (a common setting with many legitimate apps) could be hijacked by malicious JavaScript code that sends expensive text messages to premium services.

Google representatives declined to comment for this story.

Cross-device attacks

Einar Otto Stangvik, a security consultant with Indev.no, said he has identified Android banking apps used in Norway that are also open to remote-code attacks that make users more susceptible to phishing attacks. He theorized that attackers might exploit the weakness by planting malware on a target's PC that hijacks a smartphone when both devices are connected to the same network.

"I am confident that we'll soon see many more cross-device attacks, where a compromised computer starts targeting cell phones on the internal network," he wrote in an e-mail to Ars. "That is what makes the JavaScript interface leak scary, along with the amount of poor uses of SSL, or worse still: no SSL at all."

The vulnerability stems from JavaScript-based programming interfaces exposed in many Android apps. The interfaces are the code equivalent of a highly restricted bridge that links sensitive parts of Android's Dalvik virtual machine to the Web. If the interface isn't fully contained inside an SSL connection, it's possible for hackers to mimic the legitimate website and, in effect, gain unauthorized access to the bridge. From there, an attacker can inject malicious JavaScript into the app. MWR Labs researchers reverse engineered the 100 most popular apps on Google Play and found 62 of them that are "potentially vulnerable" to the exploit. Potentially vulnerable apps as defined by the researchers were those apps that were developed using libraries or programming interfaces known to expose unprotected JavaScript commands to a variety of third-party ad networks under many but not all circumstances.

The reports of the weak apps come almost a year after two academic reports uncovered wide-ranging deficiencies in the cryptographic protections in smartphone software. One found that Android apps used by as many as 185 million people contained holes that leaked login credentials and other sensitive data even though they were supposed to be protected by SSL. The other revealed a variety of apps running on Android and PCs that were fooled by fraudulent SSL certificates. It's possible that similar defects could fail to protect code exposed in WebView objects even when developers think they're properly contained inside an SSL channel.

The good news

While the vulnerability is potentially serious, there are several limitations that minimize the damage attackers can do when exploiting vulnerable apps. Chief among them is the fact that Android's permissions and sandboxing mechanisms prevent most Android apps from installing other apps without explicit permission from the end user. That will probably prevent the technique from being used to install malicious apps in most cases. As a backup, the "Verify Apps" setting available in all versions of Android could also be updated to stop malicious installations should attackers find a way to bypass the permissions and sandbox protections.

What's more, Tim Wyatt, director of security engineering at smartphone security provider Lookout, said some researchers may be exaggerating the threat of attackers obtaining root privileges unless they can exploit a second, unknown vulnerability in Android's permissions and sandbox protections.

Another mitigating factor: beginning with version 4.2 of Android, Google added new security enhancements that among other things introduced something called the @JavascriptInterface annotation. The function makes it easier for a developer to restrict the methods that can be called on a scriptable object. Unfortunately, it requires the developer to take explicit action to do so. If the developer fails to heed that advice, the app will remain vulnerable.

Still, while the weakness can largely be prevented in Android 4.2, users are protected only if developers of each app follow best practices. Additionally, the vast majority of users remain locked into carrier contracts that prevent them from upgrading. That means it's up to app developers to follow best practices such as limiting the functionality exposed in JavaScript and securing communications channels for any WebView-exposing scriptable objects using SSL or its sister protocol, known as transport layer security (TLS). And as the MWR Labs researchers discovered, many widely used apps can't be trusted to practice those common-sense guidelines.

"Exploiting this would require getting access to an exposed JavaScript object, and so in most cases, that would require hijacking content delivered by a server," Tim Wyatt of Lookout told Ars. "It is therefore pretty critical that developers using JavaScript callbacks secure the delivery channels properly (e.g. using TLS with a proper certificate chain to prevent man-in-the-middle attacks)."

Ads will soon land on Gmail’s Android app, as teardown reveals ad support

Gmail for Android got updated a few days back to include a cleaner design for its conversation view and a number of tweaks such as checkmarks for you to select multiple messages.

What Google did not reveal, apparently, is that the Gmail Android app update now supports ads, according to an APK teardown by Android Police.

Android Police notes that a whole new library called ‘ads’ has been added to the app, and the references to ads within the APK hint that users can save ads that they like as messages.

Gmail on Web already shows ads, and it is no surprise that Google will be trying to do the same for its mobile apps soon, though being careful that they don’t intrude on user experience is obviously a key concern.

Top Android Apps for eReading

I’ve had my tablet, which I’ve named Walter (I name all my electronics, don’t you?), for about three months now, and I’m still exploring the overwhelming world of the top Android apps. I think I’ve installed and uninstalled a good few hundred apps by now! I’m very fickle, if it doesn’t wow me in about 40 seconds, I move on to an app that does. Since I spend half my life reading, I wanted to find some awesome Android apps for eBooks. Check out a few of my favorites so far!

Top Android Apps for Reading eBooks, Blogs, and News

Amazon Kindle – I already have a Kindle, so I wasn’t really sure what benefit having it on my tablet would provide me. After using it a few times, though, I kind of like it better in some ways. First, it’s backlit, so it’s a little easier to read in less-than-ideal lighting. Second, it’s a little more intuitive when it comes to resizing the text. I can just drag with my finger until the page is just right. You can customize just about every aspect of your reading. Change the back-lighting, font size and even the background color.

NOOK – If you’re more of a Barnes and Noble fan, then I suggest grabbing the NOOK app. Many users consider it one of the top Android apps for eBooks and say it’s even better than the Kindle app. The app comes loaded with a few free eBooks to get you started, and lending a book to a friend is easy with the trademarked LendMe feature. Like the Kindle app, you can completely customize your reading experience with a few taps.

Kobo- Kobo is pretty awesome because they often have amazing deals on eBooks, but what makes their app stand out is the trademarked Reading Life feature. You can track your reading habits, earn little awards for reading (which makes it GREAT for kids!), and check in with friends to see what they think of certain books. If you’re looking for a social reading experience, Kobo is definitely one of the top Android apps (possibly even the absolute top, but I haven’t tried every app out there yet to make that decision) for that.

Storia – Back around Thanksgiving, I did a post on the new Storia app from Scholastic Books. I didn’t have the tablet then, so I was using the PC version. Now that I have Walter, I can let Jacob use the tablet to check out all the cool offerings from the Android app. With features like Read-to-Me eBooks that offer a stimulating auditory experience to fun activities that stretch the story after its done, Storia is perfect for families with young children.

GoodReads – While you can’t actually read eBooks with the GoodReads app, it’s definitely one of the top Android apps for those who love books in general. I actually like the app better than the actual website. It’s so easy to flip through recommended reading and add what I want to my list. I can spend hours just swiping in that feature. You can also use a barcode scanner to scan all your books onto your virtual shelves. I haven’t tried that yet, because once I start I’ll be lost for days in my bins, boxes, and shelves.

Pulse News – One of the great things about having Walter is that I can keep up with the news I care about and all my favorite blogs through the Pulse News app. I’ve tried a few different apps, and while at first I was a huge fan of Flipboard, it kept going all wonky (not updating, not flipping right, etc) after a few days. Pulse News was actually the first Android app I downloaded for this purpose, and I ended up going back to it after a few weeks.

Pocket- I’ve been using Pocket for my PC since the days when it was called Read it Later. I use it constantly throughout the day to keep track of websites I want to go back to when I have more time. Now, with the app, I can sync my Pocket account across both my PC and my tablet. There are a lot of top Android apps for saving web pages, but I’m so enamored with this one that I really haven’t tried the others for more than a few minutes.

Gmail For Android Updated With Card-Style Layout

Google’s Gmail application for Android is being updated today with a new design which will bring Google’s now preferred “card style” user interface to the Conversation View within the app. 

This layout, which Google popularized through its Google Now search application, has become the new go-to design paradigm at Google, arriving across other Google products and services, including Google Drive, the new Google Wallet apps, Maps, Google+ and elsewhere.

It mimics the idea of using index cards, and fits somewhere between minimalism and skeuomorphism, as Fast Company’s recent deep dive into Google’s design process explained.

In Gmail, cards will be used to better highlight multi-person, threaded messages in the app’s “Conversation view,” allowing for a “new, cleaner design,” states the company in a post on Google+ this afternoon.

In addition, the app will include other design tweaks, like checkmarks for multiple message selection which makes it easier to see which emails you’re about to move, delete or archive en masse. And the app will alert you in your inbox if account sync is turned off for some reason, to help keep you from missing messages.

Though some users are already seeing an app update in Google Play, not everyone is seeing the updated design just yet. The rollout is a staged one, so your mileage may vary, as they say.

News of the updated Gmail app comes on the heels of some serious issues which affected Gmail’s delivery times for an entire day on Monday. Even now, it seems the damage to the Gmail brand continues – many people have called me today, for example, saying, “oh, I thought I’d dial you since I just don’t trust Gmail right now.” That may be why now is a time for a little good news from Gmail… well, good news if you actually like the card-style layout, that is.

iMessage for Android app reminds us all to watch what we install

                    

As much as Apple and Google would like to try and claim otherwise, malicious apps or apps that could be easily exploited do make their way to the App Store and the Google Play Store. Just like anything else with a screen, it is very important to be aware of what you click and read popup boxes when they appear.

Just like every other computer system out there, you are as safe as you choose to be on mobile devices. Google and Apple do what they can to limit your exposure to the worst of what could exist in their respective app stores, but there’s still plenty of other apps that either walk the line between good and evil or are simply destined to get your in trouble eventually.

Recently the Google Play Store was home to an app that promised to bring Apple’s iMessage service to Android. It was made by a third party and had a few reviews that claimed parts of the service actually worked. It didn’t take long for the app to be pulled from the Google Play Store for obvious reasons, but the excitement that followed the appearance of this not-quite-iMessage on the Google Play Store is cause enough to really evaluate how and why you install apps on your smartphone and tablet.

The iMessage app that showed up on the Google Play Store didn’t appear to be intentionally malicious. The developer had figured out a clever way to basically redirect the messages through a Chinese hosted server that was hiding the source of the messages. The app was buggy and sometimes messages would only travel one way, but the dev made it clear that this was a work in progress.

The biggest problem with this kind of workaround is the lack of control. All of your messages and the messages sent by others to you were being sent through a server maintained by some random guy. He doesn’t work for Apple, and you know absolutely nothing about the kind of security he has or anything about the setup. Essentially, there’s no way to know what was really going on behind the scenes. Even if you assume he had the best of intentions, using iMessage Chat for Android was an all around bad idea.

               

Most of the time it’s much easier to tell when an app is a bad idea. A lot of things get pushed to the Google Play Store (and Apple’s App Store) just to see who they can ensnare before it gets pulled. The Halo 3 App that turned out to be a chess game and the dozens of BlackBerry Messenger apps that showed up on the Play Store alongside their recent failed launch are just a pair of examples that happen all the time on both platforms. These apps exist explicitly to be malicious and grab as much information from users as possible before the app gets removed by the maintainer of whichever app store they are targeting. Either way, there’s some pretty clear ways to avoid this kind of thing.

The best thing you can do to keep yourself safe is pay attention to what apps install. Every Play Store app specifically shows you what that software requests access to when it is installed on your device. If you’re installing a video game that wants access to your contacts list or your call and message history, for example, there’s a problem. These are all plainly spelled out before you install an app for Android.

Apple, on the other hand, lets the user choose when specific features are enabled after the app is installed. A popup asking if the app can have access to certain features on the phone will appear, and the user can choose to give the app access to that information or not. In either situation, it is very important to stop, read, and decide whether or not you really want to allow that app to have access to your data.

        

Before you even get to the install screen, however, you should carefully take a look its reviews. This is an important thing to do for two reasons. First, many app developers are in the habit of purchasing overly positive reviews to make their app look good on the first day. It’s important to look for the negative comments to see what they have to say. If you don’t see any negative comments, that’s the biggest red flag you can imagine.

Second, you should see what actual users think of the app — is especially important for Android users. The Google Play Store breaks up reviews into per device categories, so you can make sure people using the same Android phone or tablet as you have enjoyed the experience so far. In both cases, you will quickly find that negative comments with save you from installing potentially malicious apps on your device.

For many of us, this may seem like common sense stuff. It’s a variation of the same thing that has been true for a long time now with computers. Read before your click, understand what you are reading, and ask if you don’t understand. Don’t install something that looks shady, even if your friends tell you it is alright. Most people put deeply personal information on their smartphones, and installing an app from a third party that has access to that information is like asking a random stranger to walk into a room full of your personal information and not peek at anything you’ve left laying around. Even if it isn’t in their best interest to peek at that information, and even if they have the best of intentions, you’re still being asked to trust them to be as careful with your information as they are with their own.

You are as safe as you choose to be, plain and simple.

Twitter extends push recommendations to iPhone, Android apps

Twitter is expanding its new personalized recommendations feature to its mobile social networking applications for Apple's (NASDAQ:AAPL) iOS and Google's (NASDAQ:GOOG) Android.

Twitter supplies personalized recommendations when multiple people within the user's network follow the same account or favorite or retweet the same comment. "We built this feature based on an experimental account, @MagicRecs," explains Twitter Senior Software Engineer Venu Satuluri. "As its bio notes, @MagicRecs 'sends instant, personalized recommendations for users and content via direct message.' Over time, we've been tweaking the algorithms--based on engagement and your feedback--in order to send only the most relevant updates."

Moving forward, Twitter for Android and Twitter for iPhone users will receive recommendations via push notifications. Users may turn the notifications on or off using the Recommendations toggle in their notifications setting.

Twitter passed the 200 million monthly active user milestone in late 2012, with research firm comScore reporting that 53.6 percent of unique users access the microblogging platform via mobile device. Twitter is on pace to earn $582.8 million in global ad revenue this year, according to eMarketer; that figure includes $308 million from mobile ads, up 123.2 percent year-over-year.

Twitter filed to go public earlier this month. Analysts have previously estimated that Twitter's IPO could be valued at around $10 billion, but Wedbush Securities analyst Michael Pachter told The Washington Post that its stock was trading closer to $15 billion on private markets following the filing announcement.

Google changes Android app policy to ensure use of its in-app purchasing service

Google has updated its Google Play Developer Program Policy to ensure Android developers use its in-app purchasing service as well as including new rules on ads behavior

Google has issued changes to its Google Play Developer Program Policy for Android developers to comply with for existing or new apps. Google have included a section specifically referring to in-app purchases stating, "Developers offering virtual goods or currencies with a game downloaded from Google Play must use Google Play's in-app billing service as the method of payment." This rule also refers to virtual goods or currencies unless the payment is "primarily for physical goods or services," or "for digital content or goods...consumed outside of the application itself." There are also changes to ad policy stating that ads must not force the user to click on them or submit personal information. Developers should also limit their apps descriptions, titles, or metadata to ensure that no "irrelevant, misleading, or excessive keywords" are used. Additions have been made to Illegal Activities, Hate Speech and a new System Interference section has been added. The new section states that an app must not make changes to the user's device outside of the app without consent, it must not replace or reorder a user's interface, it must not add shortcuts/bookmarks/icons, it must not send system level notifications, and must not push a user towards removing other third-party apps. Android developers have been given 30 days to ensure that existing Android apps comply with the new rules published in the Google Play Developer Program Policy. Any newly published apps must practice all the updated content policies in order to be display in the Google Play Store. Existing apps that are not updated accordingly could be removed from the Play Store.

New Android apps worth downloading: Google Maps update, Todoist, Terraria

One of the most useful apps out there for Android users is Google’s Maps, the navigation app that provides turn-by-turn directions and GPS capabilities for getting you where you need to be. The app just got a big, fresh update, and that’s why it leads today’s Apps Worth Downloading list. Following it is Todoist, an elegant to-do list app that lets you sync your lists in the cloud, so you can access and edit them on any device. Finally, we’ve got Terraria, a Minecraft-like adventure game in which users find materials to craft equipment, build stuff, and go on adventures.

Google Maps update (Free)

What’s it about? Google’s GPS-powered Maps app brings users useful features, such as turn-by-turn directions and the ability to find things around you, such as business and attractions.

What’s cool? Probably the feature you’ll use most with Google Maps is the one that helps you find where you’re going using your Android device’s GPS capabilities. The app provides maps of all kinds of areas, and can provide solid turn-by-turn directions, complete with voice narration, to the addresses you enter to make sure you find your way without getting lost. But it also offers other great capabilities. You can search for things like businesses in your area, or discover new restaurants and other attractions, with the app’s Explore feature, and Google also brings in Street View shots in its maps, so you can get a look at where you’re going long before you get there. With its latest update, Google Maps adds lots of improvements, like faster access to navigation and a better user interface, and improved hotel searches.

Who’s it for? For most Android users, Google Maps is essential to GPS navigation with your device.

What’s it like? Other useful navigation apps include GPS Maps & Navigation and Waze Social GPS Maps & Traffic.

Todoist (Free)

What’s it about? Create handy to-do lists that are minimal and easy to navigate with productivity app Todoist, which can by synchronized across all your devices.

What’s cool? Managing to-do lists can be tricky when you’re using multiple devices, especially if you want to update a list on the fly from your phone and see that change reflected later on your PC, or vice versa. Todoist solves the problem by syncing users’ to-do lists in the cloud, allowing you to add, subtract, tick off and expand on all your to-do list items on any device. That means your list is always synced on all your devices. You can also prioritize your tasks, add due dates and reminders, and even access your tasks in an offline mode for when you don’t have access to the Internet.

Who’s it for? If you’re looking for a simple but robust to-do list app, Todoist might be for you. Just note that several additional useful features require a “Premium” account.

What’s it like? You’ll find great to-do list capabilities in Any.DO and Task List.

Terraria (Free)

What’s it about? Mine for resources, create tools and weapons, and explore a vast world in side-scroller Terraria.

What’s cool? At the surface level, Terraria will remind a lot of players of Minecraft, but as a 2-D version. Both games have players using what they find in the world to create tools and craft new materials and equipment, in order to build houses and buildings and fight off monsters. Terraria differs from Minecraft not only in its presentation, but also in other aspects – for example, you can recruit other characters to work in your home, or head out into the world to explore and fight the game’s five bosses. There are also tons of “recipes” to discover for crafting new things, more than 75 monsters to fight, and other cool touches. Each world is dynamically generated, so every time you start a new game, it’s like starting on a fresh continent.

Who’s it for? If you’re a player who likes exploring, creating, and fighting monsters, check out Terraria.

What’s it like? You’ll also want to enter the world of Minecraft: Pocket Edition for more similar mechanics.

iPhone, Android Apps to Make Transactions Smoother and Faster

Remember when there used to be only one or two ways for customers to pay for purchases? Then we started adding things like credit cards and mobile payments and things started getting complicated, both for the customer and for the merchant.

To help solve that issue, online payment giant PayPal has released a redesigned mobile app that aims to make the process of paying with your phone much simpler and easier for everyone. 

The new app, available today for both iPhone and Android, has a dizzying array of features that take charge of the buying experience for much more than simply sending and receiving money. These include:

More payment options. With the PayPal app, of course you can make purchases with funds from your PayPal account. But you can now also use your bank account or credit card, or use the new Bill Me Later feature to open a line of credit right from your phone. And you can switch between methods of payment, so you can use a credit card at one business and your bank account at another.

Find and check in for an improved shopping experience. Not sure if nearby businesses accept PayPal payments? Use the new Shop tab to find shops or restaurants that do, and then check in at the business to open up even more options. Save time by viewing a restaurant's full menu and placing your order from your phone, and view your bill, add a tip, and pay right from your table.

Many local businesses also include special offers that are redeemable through the app. When you're ready to check out, you can access your entire wallet, pay and receive a confirmation and email receipt.

Growing list of participating businesses. The new features of PayPal's redesigned app are available in more than 125 markets around the world. Not all businesses have signed on for the full features yet, of course, but more are being added.

Twitter beta app for Android sports a brand new interface, brings additional features

It looks like Twitter's native Android app is all set to get a big redesign.

A new Twitter for Android beta available to users who have signed up for Twitter's beta testing program sports a completely new design and functions a little differently from the most recent stable version of the app.

The beta app features seven swipe-able tabs instead of four, adding new tabs for Messages, Activity and Find People to the existing Home, Notifications, Trending and Me tabs. Also, worth pointing out is that these tabs are not represented by icons but with text, giving the app an even more minimalist look.

The Activity tab keeps a track of what users who you follow are reading, favouriting and retweeting, and which users they're following. The Find People tab offers friends suggestions recommending people with common interests and connections, you could follow.

The app also features a sliding pane at the left hand, that some people also call the Hamburger menu. This pane offers quick access to all the tabs and sports the user's blurred profile header image as the background. The different tabs on this menu also display the number of unread messages or notifications.

The app also offers new features like in-line media previews displaying previews of content such as images in the timeline, similar to some third-party apps. There's a new search filter button as well, which allows users to quickly refine search results choosing between filters like Photos, Videos, News, People, People you follow, and even based on location of the tweet (Nearby).

Some features such as 'mark all direct messages as read' are missing from the beta app, though. However, as this is just a test app, the final version could be different and could include the missing features.

Twitter also posted() on its blog that it tests several features with small groups of its 200 million users before determining what it releases and that it often experiments with features that may never be released to everyone who uses Twitter. It also mentions that it could selectively roll out features. It says," You may see some features that your friend doesn't see, or vice versa. This is all in service of making Twitter the best it can be."

Google™ Strikes Bizarre Licensing Deal With Nestlé® To Name Next Android™ Kit Kat

Google has apparently struck a wild licensing deal with Nestlé to use the name ‘KitKat’ for its next version of Android. Though the announcement of the name by Google’s Sundar Pichai this morning struck off an immediate wave of commentary, it seems to go deeper than just a name.

If you visit Google’s ‘about Android‘ page, you’ll see a full-on Kit Kat bar (the company uses ‘Kit Kat’, not ‘KitKat’ to describe the candy) with an Android-themed wrapper. A link to ‘see what you’ve won’ leads you to the U.S. site for Kit Kat bars. This is an extremely odd pairing for a tech company and a candy firm.

We’ve reached out to Google for more information on exactly what the deal is here and it confirmed that no money changed hands between the two companies. This is apparently a like-for-like cross-promotion deal.

The contest will place Nexus 7 vouchers and Google Play credit in participating Kit Kat bars. There will also be a few actual Android-shaped bars in some markets.

Interestingly, the link on the Android site takes you to Hershey’s site, even though Nestlé manufactures Kit Kat bars in most of the world. This stems from an old licensing deal between Hershey and Rowntree (which was acquired by Nestlé), in which Hershey maintained the ability to license the name Kit Kat in the U.S. This has led to a ton of confusion about whether Hershey or Nestlé is behind the deal.

 BBC report today quotes John Lagerling, director of Android global partnerships as saying that ”this is not a money-changing-hands kind of deal,” and that it was about doing something fun and unexpected. Lagerling also says that the previously considered Key Lime Pie was nixed because they felt that many people might not know what Key Lime Pie tastes like.

    “One of the snacks that we keep in our kitchen for late-night coding are KitKats. And someone said: ‘Hey, why don’t we call the release KitKat?’

    “We didn’t even know which company controlled the name, and we thought that [the choice] would be difficult. But then we thought well why not, and we decided to reach out to the Nestle folks.”

    Mr Lagerling said he had made a “cold call” to the switchboard of Nestle’s UK advertising agency at the end of November to propose the tie-up.

    The next day, the Swiss firm invited him to take part in a conference call. Nestle confirmed the deal just 24 hours later.

    “Very frankly, we decided within an hour to say let’s do it,” Patrice Bula, Nestle’s marketing chief told the BBC.

The obvious benefits for Google include massive exposure in convenience stores and supermarkets. While Android devices big to small will bear the Kit Kat moniker, resulting in a swath of brand recognition boosting for the candy maker.

That being said, Google is a company powered by advertisers and brands. Regardless of what intentions it has to make ‘great’ products (which it does and has), its motivations regarding the balance of user privacy and profitability will always be at the forefront of discussions about Android. I’m not so sure it’s such a great idea for a company like that to be toying with this kind of cross-promotion oddity. But what do I know, I’m just a line of data in an advertiser’s targeting matrix.

Nestlé will produce over 50 million of those aforementioned Kit Kat bars with the Android mascot on them. Most Google employees apparently only learned about the news once a statue was unveiled at Google HQ. The statue? A giant Android mascot made of a Kit Kat bar.

Android Developers Can Now Use Google’s Play Store To Distribute Their Free Apps In Iran

Google today announced that Android developers can now make their free apps available in Iran, one of the few countries where app downloads through Google’s store were completely unavailable until now. Paid apps and apps that use in-app billing, Google notes, will still remain unavailable in Iran for the time being.

For developers, this move opens up an interesting new market, though given Iran’s tendency to shut down access to Google’s services, it remains to be seen how long these apps will remain available. Google and Iran, after all, have a pretty tumultuous relationship. Just this June, Google announced that it had uncovered an Iranian spy campaign that, ahead of Iran’s last election, targeted Iranian citizens through phishing emails.

YouTube also remains unavailable in Iran and the country has regularly blocked access to other Google services, including Search and Gmail (though Iranians, it seems, can get around most of these filters by using standard VPN software).

When those services are available in Iran, however, they do tend to be very popular. In 2012 when access to Gmail was cut off, Iranian legislator Hossein Garousi “threatened to summon Telecommunications Minister Reza Taqipour to parliament for questioning if it was not unblocked,” according to Reuters.

Google Confirms It Has Acquired Android Smartwatch Maker WIMM Labs

Google has confirmed it acquired WIMM Labs last year, a company that previously made an Android-powered smartwatch before shuttering operations in 2012. At the time a message on its website said it had entered into an exclusive partnership without releasing further details, but it’s now clear that partner was Google, rather than Apple as some had initially speculated. Google’s WIMM Labs acquisition was reported earlier by Gigaom.

Google is rumoured to be developing a smartwatch of its own, with patents turning up earlier this year (filed in 2011), and a report by the FT that claimed Google’s Android team was in the process of developing such a device. Google has also hinted at Android powering a range of wearable devices in the past, when CEO Larry Page let slip during a quarterly earnings call this year that Glass runs on its smartphone and tablet OS, and that Android is “pretty transportable across devices”. Google has also long had bigger ambitions for Android than just pushing it onto phones and tablets, with TV set-top boxes, in-car tech, home automation and wearables all areas where it’s actively encouraging Android to spread.

WIMM Labs started out building Android-based platforms for wearable displays, akin to Google Glass, and then created the WIMM One in 2011: a smartwatch powered by Android 2.1 that was aimed at developers as a sort of concept flagship ahead of a broader consumer launch. The WIMM One used Bluetooth and Wi-Fi 802.11b/g for connectivity, had 256 MB of RAM plus a 667MHz processor, and used a screen design that refreshed once per minute to conserve battery life. It also supported apps via a “Micro App Store” — installed and managed by users via a web-based dashboard. Android developers were offered custom APIs for adapting their software to the WIMM One’s tiny, 16-bit colour screen.

Google is not commenting further on the acquisition at this point, beyond providing confirmation that it picked up WIMM Labs in 2012. If Mountain View is building its own smartwatch it’s unlikely to beat its Android OEM partner Samsung to a launch, as the Korean company’s Galaxy Gear device is probably going to be unboxed next week in Berlin at a September 4 event. Plenty of other Android-powered smartwatches are also entering the frame via crowdfunding sites like Kickstarter, and also cropping up on the roadmaps of other Android OEMs. Meanwhile Apple’s rumoured iWatch remains elusive.

If Google isn’t building its own smartwatch hardware, acquiring WIMM Labs could be a way to help it develop a custom version of Android designed for wrist-mounted wearables, which it could then provide to OEMs the same way it currently does with Android proper. Given the amount of interest in smartwatches from OEMs big and small, that could be the better strategy for long-term platform growth.