Last summer, Samsung launched the Galaxy Book S, its first laptop powered by the Qualcomm Snapdragon 8cx processor. Samsung is back with the Galaxy Book S, only this time it’s powered by the Intel Lakefield chipset. This is essentially the same laptop as before, but now it has the shiny “Intel Inside” sticker. The Galaxy Book S is also the first laptop to use Intel’s Lakefield generation.
Lakefield is the first “hybrid” CPU from Intel. That means it combines the company’s Atom and Core CPU cores into a single unit. This is something we commonly see in ARM chips on smartphones, which offers high-performance and low-power cores to maximize efficiency. There’s a lot more going on, but the gist is this should help the new Galaxy Book S compete with the Snapdragon model in terms of battery life.
Samsung doesn’t give a ton of details about the CPU, other than “Intel Core processor with Intel Hybrid Technology.” The other big detail is LTE connectivity, which is also something the ARM model has. Other specifications include Intel UHD Graphics, 8GB of LPDDR4x RAM, and 256GB or 512GB of eUFS storage. There is also a microSD card slot for up to 1TB of extra storage.
The Galaxy Book S has a 13.3-inch FHD LCD display with touchscreen capabilities. There are 2 USB-C ports, a headphone jack, fingerprint scanner, quad stereo speakers with Dolby Atmos, and a 1MP camera. The battery is 42Wh and it has WiFi 6 and Bluetooth 5.0. Samsung ships the device with Windows 10 Home or Pro.
We don’t know how much the Intel Galaxy Book S will cost or when it will launch, but it will be available in Mercury Gray and Earthy Gold colors.
Galaxy Book S
OS
Windows 10 Home / Pro
Display
13.3″ FHD TFT LCD Display with Touch Screen Panel
Dimension
305.2 x 203.2 x 6.2 ~ 11.8 mm
Weight
950g
CPU
Intel Core processor with Intel Hybrid Technology
Graphic
Intel UHD Graphics
Memory
8GB RAM (LPDDR4x)
Storage
256/512GB eUFS, MicroSD slot (up to 1TB)
Camera
1MP
Battery
42Wh (typical)
Connectivity
Wi-Fi 6 (Gig+) 802.11 ax 2×2, LTE (Cat 16), Bluetooth v 5.0
Samsung has been designing its own Exynos chipsets for several years now. The Korean smartphone maker normally uses both Qualcomm Snapdragon and Exynos processors for their flagship and upper mid-range devices, but they usually use their own in-house Exynos chips for their budget smartphones. Samsung has recently (and quietly) published a product page for a new entry in their Exynos lineup of processors: the Exynos 850.
This Exynos 850 processor can already be found in the recently-announced Samsung Galaxy A21s, a smartphone on the lower-end of Samsung’s Galaxy A lineup. Thus, we already expected this processor to be geared towards decidedly-budget smartphones. According to the specifications listed on the product page, the Exynos 850 has an octa-core CPU comprised of two clusters of ARM Cortex-A55 cores which are clocked at up to 2.0GHz. The SoC also features ARM’s Mali-G52 GPU. It also supports LPDDR4X RAM, eMMC 5.1 storage, Cat.7 LTE, Full HD+ (1080p) display panels, and more. The chipset is fabricated using Samsung’s fairly modern 8nm LPP process.
For imaging, the Exynos 850 apparently supports up to 1080p60 video recording, 21.7MP image processing from a single camera or 16MP + 5MP from dual cameras (presumably with ZSL), and encoding in HEVC/h.265.
As we said before, the Galaxy A21s is the first smartphone to sport this processor, and we know it has a 48MP quad rear camera setup, an HD+ Infinity-O panel, up to 6GB of RAM, and up to 64GB of storage, so we already knew those are things this processor supports. It is possible that we’ll see this SoC on other Samsung budget Android smartphones soon. Budget smartphones are improving at a surprising rate, and we can thank the incredible competition in markets like India and China for that.
It’s 10:00 PM. Do you know where your Activities are? There’s a new vulnerability that can be exploited on millions of Android devices, and it’s a pretty nasty one, too. In a nutshell, this design flaw allows an attacker to present their own Activity (page) on top of another app’s, potentially confusing the user into giving away their private data. The vulnerability has been dubbed StrandHogg 2.0 and was recently disclosed by Promon, a Norwegian security firm.
The StrandHogg 2.0 vulnerability theoretically affects all Android devices running Android versions as old as Honeycomb (3.0) and up to Android 9 Pie (9.0). Based on the latest Android version distribution statistics, that means that approximately 91.8% of all Android devices are vulnerable to StrandHogg 2.0. The vulnerability was assigned CVE-2020-0096 and was given a severity level of “critical.” It doesn’t require any special permissions to work and can function almost entirely without user interaction. All a user has to do is open an app with malicious code hidden away in it, and then they’re vulnerable to exploitation.
Promon was kind enough to send us their proof of concept app and its source code so we could best explain how the exploit works, why it matters to users, and how developers can protect their apps against it.
How It Works
Say you’re using Gmail and you click a web link. If you go to your recent apps screen, you may notice that the web page appears to be “inside” Gmail. The preview shows the website, but the app icon and name are still from Gmail. This is something that happens when an app/Activity launches another app/Activity in the same task. Now imagine that you didn’t purposely open that link. To you, it looks like it’s just part of the Gmail app. This is the behavior that StrandHogg 2.0 exploits.
We’re going to have to leave out some details here, but here’s roughly how this exploit works. For the following, let’s assume the attacker wants to get the user’s Gmail login.
The user downloads a malicious app (of course, without knowing it’s malicious) and opens it.
In the background, the app opens Gmail, puts a look-alike login Activity on top of it, and then launches another Activity.
The user opens Gmail and sees what looks like Gmail’s login screen but is actually the attacker’s phishing Activity.
The final Activity launched in step 2 can be anything that avoids suspicion. The app could fake a crash and go back to the home screen, or it could just open to its main Activity as if nothing happened. The only suspicious thing the user might see is a bunch of opening animations as all the Activities launch. The worst part: It won’t even look like Gmail was opened.
Source: Promon
Of course, an attacker can do more than just showing a fake login screen. A malicious app could present a permissions prompt instead, tricking the user into granting unwanted permissions. While requesting any special permissions like Accessibility might make the user suspicious, it’s possible to do a lot of damage with something like Storage Access.
The Technical Bits
This next section is a high-level overview of how StrandHogg 2.0 works. Promon won’t release the full details for another few months, so we can’t share exactly how this exploit is implemented. There are some technical details that we can talk about, though.
In a nutshell, StrandHogg 2.0 hijacks Android’s Context.startActivities() API method, using three Intents.
The first Intent is the one that launches, in our example’s case, Gmail. It’s flagged with Intent.FLAG_ACTIVITY_NEW_TASK.
The second Intent is the malicious one. In our example, it’s for the look-alike login Activity. This Intent has no flags.
The third Intent is the distraction. It makes sure the user isn’t suspicious of Gmail just randomly opening instead of the app they tapped (i.e. the one launching the attack). It’s flagged with Intent.FLAG_ACTIVITY_NEW_TASK.
All of these Intents are then passed in an array to the startActivities() method.
The second Intent’s lack of flags is the key here. By doing so, we’ve basically just replicated the Gmail example from above. The task is technically Gmail’s, but the topmost Activity is the attacker’s. When the user then clicks Gmail’s home screen icon, the attacker’s Activity displays instead of Gmail’s.
Proof of Concept
With the information that Promon sent us, we were able to replicate their proof of concept. Here’s a screen recording from a Samsung Galaxy Note8 running Android 9 Pie showing it in action.
Mitigation Techniques and Issues
Now, simply replicating the above in code won’t actually work. It’s not a complete example, and there are a few other things that an attacker has to do to make it work, which we can’t share. But they’re not particularly hard to guess on your own, and that’s part of what makes this attack so dangerous. StrandHogg 2.0 is a relatively easy exploit to implement, and difficult to mitigate.
Mitigation can’t just involve blacklisting all apps that use startActivities(), since there are plenty of legitimate uses for it. It’s also really difficult to automate a detection algorithm for it. Malicious developers can employ all sorts of tricks to make their implementation of StrandHogg 2.0 effectively invisible to services like Google Play Protect. StrandHogg 1.0 required the attacker to add an attribute in the malicious app’s AndroidManifest.xml, which was relatively easy to detect. StrandHogg 2.0, on the other hand, functions entirely in Java/Kotlin.
Taking into account obfuscation, reflection, and even just different coding styles, it seems impractical to automatically properly detect an app making use of this exploit. What’s more is that if a user is the subject of a StrandHogg 2.0 attack, they may not even know. If you open Gmail and you see its login screen, you might just think your session expired and enter your login details without a second thought.
When we contacted Google for a response, a spokesperson offered the following statement:
“We appreciate the work of the researchers, and have released a fix for the issue they identified. Additionally, Google Play Protect detects and blocks malicious apps, including ones using this technique.”
This sounds good, and hopefully it has at least some effect against StrandHogg 2.0 attacks. It’s worth noting, though, that Google Play Protect did not detect our proof of concept app as malicious, even after performing a manual scan.
Promon says that they “have not observed any real-life malware utilizing the StrandHogg 2.0 vulnerability,” but there’s no guarantee that this is the first time the exploit has been discovered. For that reason, Promon recommends that developers go ahead and protect their apps by setting their launcher Activity’s launchMode flag to either singleTask or singleInstance. Either of these flags will prevent task injection, which is what StrandHogg 2.0 relies on. However, having your Activity use one of these flags can cause issues with certain app flows, so it’s not always desirable.
Promon is also promoting its own “In-App Protection by Promon SHIELD” product which sounds like a library that app developers can implement to monitor the tasks in your app’s process to check for irregular insertions. Because there’s no truly effective developer or user mitigation strategy, it’s pretty important that manufacturers implement the patch to fix this ASAP.
Thankfully, Promon followed responsible disclosure guidelines before making this exploit public (and it’s still not fully public—Promon is waiting 90 days before fully disclosing how StrandHogg 2.0 works). Google has since backported patches for this exploit to Android 8.0 Oreo, Android 8.1 Oreo, and Android 9 Pie with the May 2020 Android Security Patch Level (SPL). Users on Android 10 and above aren’t vulnerable, though we’re not entirely sure why that’s the case. It likely has something to do with Android 10’s new restrictions concerning launching Activities and how Google integrated that into the task stack. Promon says that “on Android 10 the attack is entirely ineffective, and the activities are split into different tasks and into separate task stacks according to adb shell dumpsys activity activities.”
If your device manufacturer is still providing security updates (you can read more about how the security patch process works here), you should pester them for an update as soon as possible. Otherwise, you’ll just need to be careful about which apps you download and run (although you should be doing that anyway).
For more details and use-cases of StrandHogg 2.0, check out the official announcement on Promon’s website. For custom ROM developers, you can find the relevant AOSP commits for preventing StrandHogg 2.0 attacks here and here.
Disclosure Timeline
Here is the disclosure timeline that Promon shared in its StandHogg 2.0 document:
Dec 4, 2019 – Reported issue to Google
Dec 4, 2019 – Shared a PoC «malicious app» and video with Google
Dec 4, 2019 – Google confirmed receiving the report
Dec 9, 2019 – Google set the severity of the finding as «Critical»
Dec 9, 2019 – Google confirms that they are able to reproduce the issue
Feb 14, 2020 – We inform Google the 90-day disclosure is nearing in the beginning of March, and ask for status on their side
Feb 14, 2020 – Google responds that April is the soonest they can roll out a fix
Feb 14, 2020 – We inform Google we are working on mitigations
Feb 14, 2020 – Google responds. They are working on remediations, and ask if we can share what mitigations we are recommending
Feb 17, 2020 – We inform Google that we can hold back the disclosure until April. We request the CVE number
Feb 17, 2020 – We share our mitigation strategies, as well as how we envisage a platform mitigation
Mar 23, 2020 – Google responds with the CVE ID (CVE-2020-0096)
Mar 23, 2020 – Google responds that general availability of the fix for Android will be available in May
Mar 23, 2020 – Google asks if we will consider delaying disclosure to May
Mar 27, 2020 – We respond that we will delay disclosure until May
Apr 22, 2020 – Google informs us that the May Security Bulletin is scheduled to contain a patch for the vulnerability
Citra, the most popular Nintendo 3DS emulator, was officially released for Android onto the Google Play Store last week, and its performance has been at the forefront of the conversation. I’m sure anybody who saw its release wondered whether they could play their favorite Nintendo 3DS games on their Android smartphone or tablet, so I’ve spent the past few days playing games on various different devices powered by multiple different SoCs to see what kind of performance you can expect to get from your device.
I tested the following popular Nintendo 3DS games:
…and the results were rather mixed. I tested each of these 3DS games with the unofficial Citra MMJ version as well as the official Citra 3DS emulator that was just released on the Google Play Store. Some of the results were surprising. Note that all of these tests were done with audio stretching disabled as I found that it had a pretty significant performance hit for little benefit when enabled. Keep in mind that different GPU driver versions may also affect performance, and so one device with a particular chipset may not perform the same as another device with the same chipset.
Nintendo 3DS emulation using the official Citra for Android port. Left to right: OnePlus 8 Pro, OnePlus 6, Realme 6 Pro.
Note: You can legally acquire 3DS ROMs for your smartphone by dumping and decrypting your own Nintendo 3DS games. For this, you will need a hacked Nintendo 3DS and a legally purchased copy of the 3DS game that you want to play.
Current performance issues with Nintendo 3DS emulation via Citra for Android (and potential fixes)
Before going into detail of the performance of the aforementioned Nintendo 3DS games on various Android smartphones, it’s worth mentioning that currently, the Citra 3DS emulator port for Android does not support a shader cache. A shader cache is simply a cache of files that keeps track of compiled shaders that are shown in-game, and having one greatly reduces CPU and GPU load. When new shaders are encountered in Citra, they are then compiled and aren’t saved to the storage. This means that they can’t be cached, and instead must be recompiled once encountered every time. This is why currently, Citra on Android can be quite stuttery when playing some 3DS games. Citra on PC supports a shader cache, and it’s quite common for users to want to download a precompiled shader cache to avoid slowly and painstakingly generating their own. Also, I found that disabling audio stretching helped performance a little bit.
Nintendo 3DS Emulation Performance – Qualcomm Snapdragon 865, 855, 845, 720G, and Kirin 980
Qualcomm Snapdragon 865
Animal Crossing: New Leaf – OnePlus 8 Pro
Official Citra
Mostly 60 FPS
Drops frames frequently, particularly when shaking trees to drop fruit
Audio hangs for a second or so often, and when audio hangs, the game hangs for a second too
MMJ/Unofficial Citra
30 FPS to 45 FPS with occasional spikes to 60 FPS
No audio hangs
More consistent experience overall, though slower
Attempting to sell items will freeze the game, which does not happen on the official Citra build
Mario Kart 7 – OnePlus 8 Pro
Runs perfectly at 60 FPS
Occasional audio cues cause slight stuttering
No difference in performance between Official and MMJ build
Pokemon X/Y – OnePlus 8 Pro
Not a very intensive game, runs perfectly at 30 FPS (this game runs at 30 FPS in the overworld)
Battles run perfectly
Audio sounds great, music is in AAC format and can now be decoded
No difference in performance between Official and MMJ build
Note: The flickering as seen in the above video only occurred when I was screen recording.
The Legend of Zelda: A Link Between Worlds – OPPO Find X2 Pro/OnePlus 8 Pro
Runs perfectly, no slowdowns
Audio is great
Occasional stutters in combat
Cutscenes work
No difference in performance between Official and MMJ build
Fire Emblem Fates – OPPO Find X2 Pro
Some slowdowns when entering combat
Some audio stuttering in battles
Audio works great
Cutscenes work
The game mostly runs at full speed, which it didn’t on the MMJ build
Qualcomm Snapdragon 855
Animal Crossing: New Leaf – OPPO Reno 10x Zoom
Official Citra
Runs nearly flawlessly
Very few stutters
Virtually no audio lag
MMJ/Unofficial Citra
Anywhere from 30 to 60 FPS, though mostly towards the higher-end
Very few stutters
Virtually no audio lag
Attempting to sell items will freeze the game, which does not happen on the official Citra build
Mario Kart 7 – OPPO Reno 10x Zoom/OnePlus 7 Pro
Runs nearly flawlessly
Pretty much no audio lag
Pretty much no stutters
No performance difference between Official and MMJ build
Pokemon X/Y – OPPO Reno 10x Zoom
Not a very intensive game, runs perfectly at 30 FPS (this game runs at 30 FPS in the overworld)
Battles run perfectly
Audio sounds great, music is in AAC format and can now be decoded
No difference in performance between Official and MMJ build
The Legend of Zelda: A Link Between Worlds – OPPO Reno 10x Zoom
Runs nearly flawlessly
Pretty much no audio lag
Occasional stutters in combat
No performance difference between Official and MMJ build
Qualcomm Snapdragon 845
Animal Crossing: New Leaf – OnePlus 6
Official Citra
Mostly 50-60 FPS
Drops frames very frequently, particularly when shaking trees to drop fruit, but also in many other situations too
Audio hangs for a second or so often, and when audio hangs, the game hangs for a second too
MMJ/Unofficial Citra
Around 30-60 FPS, sticking somewhere around 45 FPS for most of the time
Drops frames less frequently
Audio stutters occasionally
Mario Kart 7 – OnePlus 6
Stuttering when navigating menus
50-60 FPS in races, though fluctuates wildly and sometimes dips as low as 30 FPS
Occasional audio stutters
Pokemon X/Y – OnePlus 6
Not a very intensive game, runs perfectly at 30 FPS (this game runs at 30 FPS in the overworld)
Battles run perfectly
Audio sounds great, music is in AAC format and can now be decoded
No difference in performance between Official and MMJ build
The Legend of Zelda: A Link Between Worlds – OnePlus 6
Consistent in the 40-60 FPS range
Lots of stutters in combat
Marginally better performance in the MMJ build over the Official build
Qualcomm Snapdragon 720G
Animal Crossing: New Leaf – Realme 6 Pro
Official Citra
Mostly 50-60 FPS
Drops frames occasionally, particularly when shaking trees to drop fruit, but also in many other situations too
Audio hangs for a second or so often, and when audio hangs, the game hangs for a second too
MMJ and Official build more or less perform the same here
Pokemon X/Y – Realme 6 Pro
Runs mostly perfectly at 30 FPS, though occasionally dips in performance
Battles run perfectly
Audio sounds great, music is in AAC format and can now be decoded, minimal stuttering
No difference in performance between Official and MMJ build
The Legend of Zelda: A Link Between Worlds – OnePlus 6
Consistent in the 40-60 FPS range
Lots of stutters in combat
Marginally better performance in the MMJ build over the Official build
Kirin 980
The Honor 20 Pro with its HiSilicon Kirin 980 was unable to run any of the Nintendo 3DS games that I tested at any playable framerate. The official and unofficial Citra 3DS emulators don’t really support devices with non-Snapdragon chipsets due to driver issues, and as such, this means that Samsung smartphones with Exynos processors will also likely face issues playing any of the 3DS games listed here.
Conclusion – Nintendo 3DS Emulation is very viable (for most flagships)
Oddly enough, I found the best performance to be not with the Qualcomm Snapdragon 865 but rather with the Qualcomm Snapdragon 855. It’s possible that Citra was developed primarily on Qualcomm Snapdragon 855 devices as the Qualcomm Snapdragon 865 is a relatively recent release, but this is only speculation on my part. The Snapdragon 855 found in both the OnePlus 7T Pro and the OPPO Reno 10x Zoom handled pretty much all Nintendo 3DS games I threw at it perfectly, which greatly impressed me, and the games themselves were very much playable. The Qualcomm Snapdragon 720G also fared incredibly well, with more or less identical results to the Snapdragon 845.
Improvise, adapt, and overcome seems to be the motto for Huawei since the company was placed on an Entity List by the U.S. Commerce Department last year. The company has developed its own alternatives to Google Mobile Services and the Play Store, re-released older devices with Google Mobile Services, and has even partnered with third-party service provides to offer features that previously relied on popular Google apps. Now, in a bid to offer a YouTube-like experience on its devices, Huawei has partnered with Dailymotion to show video content in the Huawei Video app.
To do so, Huawei has integrated Dailymotion’s video player in the Huawei Video app which will allow users to search for and play Dailymotion videos from within the app. In a statement regarding the partnership, Dailymotion’s Chief Content Officer, Stéphane Godin, was quoted saying, “Thanks to all our premium partners, Dailymotion is able to distribute a large amount of videos and playlists to third-party publishers. We are proud to collaborate with Huawei to make all of our content catalog reach new premium audiences.”
Dailymotion’s technology package will bring a white-label video player, the platform’s large volume of local and international video content via Dailymotion’s API, and a monetization solution for the content on the Huawei Video app. While Dailymotion may not be nearly as popular as YouTube when it comes to user-generated content, the platform still has a decent amount of content from prominent media groups like Le Monde, l’Equipe, BeIN SPORTS, JPI Media, Marie Claire, NBA G League, Media Prima, One India and more.
Speaking of the partnership, Huawei’s Vice President of Mobile Services, Jervis Su, said, “We’re pleased to offer our Huawei Video service so that people across the globe can easily explore thousands of videos and movies available from our partners, including Dailymotion, anywhere and anytime. We are committed to bringing more choice to consumers. We also hope it will bring some joy to all of their lives at this time.”
Smartphone gaming has evolved to become a proper use case for smartphones, to the point that we have gaming smartphones that specifically target this audience. While smartphone gaming is definitely fun and you can easily pour in hours into it, it does have drawbacks for your phone’s battery. Games require a lot of processing power to run, and an intensive gaming session can quickly chew through your battery life. And if you are someone who likes to game while you charge your phone, your phone may have to contend with a lot of poorly dissipated heat originating from both, the running of the game, and the charging of the battery. All of this heat is not good for your phone’s battery health and the overall longevity of your glass-sandwich smartphone. Sony may have worked out a good solution for this scenario, as the Sony Xperia 1 II comes with a nifty new feature that lets the phone use power directly from the charger without charging the battery.
The Sony Xperia 1 II comes with a decent 4,000 mAh battery that supports USB PD fast-charging up to 18W. It also comes with a feature called “H.S. Power Control”, where the H.S. stands for “Heat Suppression”. This feature is part of the “Game Enhancer” on the Xperia 1 II, and it can be enabled on a per-app basis.
When H.S. Power Control is enabled, you can use the Xperia 1 II running on power derived directly from the phone charger. Essentially, you can use the charger to keep the phone powered and the game running, without actually charging the battery. This is particularly useful when playing intensive games for longer periods, as such gaming sessions generate a lot of heat and use up a lot of battery. The heat is not good for your battery health in the long term, generally speaking, and the quicker discharge cycle also takes a toll on the overall battery health. With this feature enabled, you can presumably play for extended periods without worrying about the charging mechanism affecting your battery health. For gamers, this is a game changer, especially if they plan on keeping their phone around for a while.
H.S. Power Control is already available on the Sony Xperia 1 II. It is unknown if the feature will make its way to other Sony devices. The Xperia 1 II is coming to the USA for a price tag of $1,200.
Sony Xperia 1 II — Specifications and Hands-On
Specification Table
Specifications
Sony Xperia 1 II
Dimensions & Weight
165.1 x 71.1 x 7.6 mm
181.4 g
Display
6.5-inch 4K OLED
3840×1644 pixels, 643 PPI
21:9 aspect ratio
100% coverage of the DCI-P3 gamut, D65 white point
HUAWEI Developers is a platform ecosystem that integrates various services and resources for developers to develop and promote their apps, which is committed to serving the vast number of mobile terminal developers. Relying on the advantages of terminal channels, global platform services, and industry chain resources, it aims at openness and innovation in development, testing, and promotion, monetization and other aspects, to help developers create a terminal-based all-scenario innovation experience in an all-round way and reach consumers through smart terminals so as to build an open and win-win innovation ecosystem.
You can access the XDA Huawei Developers forum here. Interact with other HMS developers, find guides, and follow tutorials for beginners or more advanced developers.
HMS offers many kits to help developers build high-quality apps. Because of the availability of these kits, you can build your app quickly and at a very low cost.
Development Kits
It doesn’t stop at development. After you’ve built your app, these kits will help you grow your app userbase. Receive detailed analytics that will help you understand how people use your app.
Growth Kits
Make money off of your hard work. Use these kits to monetize your apps by implementing ads, in-app purchases, and digital wallets.
We thank Huawei for sponsoring this post. Our sponsors help us pay for the many costs associated with running XDA, including server costs, full time developers, news writers, and much more. While you might see sponsored content (which will always be labeled as such) alongside Portal content, the Portal team is in no way responsible for these posts. Sponsored content, advertising and XDA Depot are managed by a separate team entirely. XDA will never compromise its journalistic integrity by accepting money to write favorably about a company, or alter our opinions or views in any way. Our opinion cannot be bought.
