authentication

AppWizard
July 2, 2026
The anticipated App Lock feature is absent in the latest Android 17 stable release, despite earlier Canary builds suggesting its inclusion. Recent findings in the Android 17 QPR1 Beta 6 indicate that Google is still developing the feature, which will allow users to lock multiple applications simultaneously through the Settings app, improving upon the previous method of securing apps one at a time. Additionally, Google is exploring a feature that restricts app access to biometric authentication only, disabling the traditional PIN-unlock option. Although App Lock is not present in the current beta, ongoing development suggests it may be introduced in the future.
AppWizard
June 28, 2026
Playing Windows games on Android has become feasible due to Winlator and open-source technologies like Wine, Box64, and DXVK. User-friendly applications such as GameHub and GameNative have emerged, enhancing mobile gaming experiences to rival dedicated handheld consoles. A major challenge was the reliance on the x86 Windows Steam client, which was resource-intensive on mobile devices. GameNative 1.0 introduced an experimental feature that eliminates the need for the desktop Steam client by using Valve's native Android libraries, improving the gaming experience significantly. Valve released Steamworks SDK version 1.63 in November 2025, which included native ARM64 libraries for Android, allowing for essential Steam functionalities without a translation layer. GameNative integrated these libraries, replacing the desktop client with a more efficient "bionic" Steam client that operates without a user interface, streamlining DRM and matchmaking processes. GameNative now supports Steam Guard TOTP sign-in, enabling smooth authentication and access to the user's Steam library. It downloads games natively, supports cloud saves, and is compatible with most single-player games with Steam DRM. The application boasts a high compatibility rate, with 221 out of 241 games in one user's library showing as compatible. GameNative 1.0 has improved performance with a Vulkan renderer and reworked controller stack. Despite its success, GameNative is not yet available on the Play Store, with nearly a million users sideloading the application. Developers aim to create a Play Store version that complies with Google's policies for easier installation.
Tech Optimizer
June 23, 2026
Meta has suspended its employee-tracking program after an internal security review revealed excessive accessibility to sensitive data collected from staff laptops. The program, part of the Model Capability Initiative (MCI), aimed to gather detailed information on employee interactions with work devices, including mouse movements, click locations, keystrokes, and screen content. Concerns arose regarding the privacy and security of the collected data, which included AI prompts, transcriptions, private conversations, and performance-related information. The initiative faced backlash, particularly after an engineer criticized "laptop surveillance," leading to a petition for its termination. The monitoring software was deployed on US workers’ laptops without an opt-out option, capturing comprehensive behavioral datasets. The situation highlighted significant legal and regulatory challenges, as well as the risks associated with managing sensitive data. Access controls, data minimization, and retention policies are critical to mitigate potential breaches.
Tech Optimizer
June 23, 2026
A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.
Search