background services Archives

Winsage

January 8, 2026

Windows can never be an immutable OS, and that might be a problem

"Immutable" operating systems are designed with a read-only core that is updated comprehensively, allowing user data and applications to exist independently from the base system, reducing risks of corruption and configuration drift. While macOS is largely immutable, Windows cannot transition to an immutable model due to its design based on mutability, which allows for continuous modification and backward compatibility. Windows 11's flexibility leads to a cumulative change model, making it increasingly difficult to troubleshoot and maintain. Microsoft has made some improvements within the mutable framework, but challenges remain, such as dependency control and application integration. Users expect seamless updates, but Windows is perceived as high-maintenance, leading to performance issues. A truly immutable version of Windows would conflict with user expectations and require significant software rewrites. Consequently, Windows is likely to remain in a hybrid state, adopting some immutable features while still facing issues related to its mutable architecture.

AppWizard

January 2, 2026

Google’s AI Android Updates Spark Phone App Glitches on Pixel Devices

The phone app within Google's ecosystem has faced significant user frustration due to recent updates that disrupt essential functions like dialing and contact management. Users report issues such as the app failing to register incoming calls and cumbersome navigation following software patches. AI features introduced to enhance user experience often misfire, raising privacy concerns. The Pixel series has experienced bugs, including one that automatically declined calls. Updates to Google's search algorithm have inadvertently affected app performance, leading to instabilities. Monthly system updates prioritize new features over rigorous testing, resulting in a bloated app with sporadic functionality. Policy changes regarding data handling complicate app interactions, making simple tasks more laborious. Google's rapid release cycle has led to volatility in app performance, with security patches sometimes introducing new bugs. The integration of third-party services has created inconsistencies, and the overall Android ecosystem suffers from misalignment between updates. Users express dissatisfaction with the prioritization of aesthetics over functionality in updates. Critics argue that Google's approach mirrors past missteps, and experts recommend proactive user measures and improved developer practices to enhance app reliability.

Winsage

December 30, 2025

These Changes Stopped Windows Updates From Wrecking My PC Performance

Windows updates can enhance system stability and performance, but they often lead to issues such as stutters and slowdowns due to the unpredictable nature of how updates affect system behavior. Microsoft's release notes do not provide comprehensive details about changes, which can include adjustments to task scheduling, background services, and driver interactions. Independent driver updates, particularly for GPUs and chipsets, can also impact performance negatively. Users have reported significant performance declines after updates, sometimes requiring hotfixes. To manage updates effectively, users can treat Windows updates as optional, be conservative with driver updates, stabilize power management settings, and ensure rollback options are available. This approach can lead to a more predictable and stable system performance.

Winsage

December 30, 2025

Microsoft’s change to Appxsvc may slow some Windows 11 PCs

Microsoft is modifying core system settings for Windows 11 versions 24H2 and 25H2 by enabling the AppX Deployment Service (Appxsvc) to launch automatically upon boot-up, transitioning from a manual trigger system. This change was confirmed in the December 2025 "Patch Tuesday" update (KB5072033) for both Windows 11 and Windows Server 2025. The Appxsvc will now remain active in the background from the moment the computer powers on, regardless of Microsoft Store access, to enhance system stability and minimize app installation failures or update glitches. Microsoft warns against manually reverting this setting, as it could lead to malfunctions in Store apps and essential services. Analysts suggest this move aligns with a strategy for updating Microsoft Store apps directly through Windows Update.

Winsage

December 22, 2025

Steam’s December Update Moves the Windows Client Fully to 64-bit

Valve's December update for the Steam client has transitioned the Windows version to a fully 64-bit application, ending partial 32-bit support. This change allows for improved performance and stability, as 64-bit applications can access greater system memory and manage larger tasks more effectively. Most Steam users on Windows, who already use a 64-bit operating system, will experience a seamless update. However, support for 32-bit Windows will continue only until January 1, 2026, after which it will cease. The update also includes enhancements such as improved reporting of suspicious messages, fixes for Big Picture Mode and Remote Play, and expanded controller support, including for Nintendo Switch 2 and GameCube controllers. Users on 64-bit Windows 10 or 11 will have the update installed automatically, while those on 32-bit systems must transition to a 64-bit version to continue using Steam after the cutoff date.

BetaBeacon

November 17, 2025

Android 17 update to bring native game controller remapping for mobile gamers

Android is working on a new feature for Android 17 that will allow users to remap controllers at the system level, providing a native controller area in Settings. This feature will also include a "virtual gamepad" that can map physical buttons to touch regions in games that do not have native controller support. This new feature aims to provide consistency for clip-on controllers, Android handhelds, cloud gaming players, Android TV boxes, laptops, and improve accessibility for players who rely on remapping buttons for gameplay.

AppWizard

November 3, 2025

Android Apps misusing NFC and HCE to steal payment data on the rise

Researchers from Zimperium zLabs have identified over 760 Android applications exploiting Near-Field Communication (NFC) and Host Card Emulation (HCE) technologies to illegally acquire payment data. Since April 2024, there has been a significant increase in NFC relay fraud, affecting banks, payment services, and government portals globally, including Russian banks and various European financial institutions. The malware operates as paired “scanner/tapper” toolchains or standalone data collectors, exfiltrating sensitive EMV data and transmitting it to Telegram channels. Operators control these applications via command-and-control (C2) servers, allowing for fraudulent transactions with minimal user involvement. More than 70 C2 servers and numerous Telegram bots have targeted over 20 institutions worldwide, primarily focusing on Russian banks. The rise of “Tap-to-Pay” transactions has made NFC a target for cybercriminals, with harmful applications exploiting Android’s NFC permissions to steal payment data. Zimperium has provided Indicators of Compromise (IOCs) related to this campaign for safeguarding systems.

AppWizard

October 30, 2025

More Than 700 Malicious Android Apps Using NFC Relay to Exfiltrate Banking Credentials

Cybersecurity researchers at zLabs have identified over 760 malicious Android applications that exploit Near Field Communication (NFC) and Host Card Emulation (HCE) technologies to steal payment data and facilitate fraudulent transactions. Since April 2024, these applications have evolved into a coordinated global operation targeting financial institutions in countries such as Russia, Poland, the Czech Republic, Slovakia, and Brazil. The threat actors have established around 70 command-and-control servers and use Telegram bots for data exfiltration. The malicious apps impersonate about 20 legitimate entities, focusing on Russian banks and international institutions like Santander and Google Pay. They utilize various strategies to compromise payment credentials, including scanner and tapper tools, and employ simplified interfaces resembling legitimate banking portals. The malware activates a Host Card Emulation service during NFC payment events for real-time data relay. To evade detection, the threat actors use name masquerading, code obfuscation, and software packing techniques. This campaign represents a significant escalation in NFC-based financial fraud, highlighting the risks associated with NFC payment privileges.

AppWizard

October 30, 2025

Android 16 Ensures App Updates Happen Quickly

Android 16 introduces a system-level enhancement called "seamless app updates," which significantly reduces downtime during app installations. The update process is optimized to minimize the traditional freeze that occurs when an app is updated, making it nearly imperceptible to users. This is achieved through the collaboration of the Android Runtime (ART) and the Package Manager, which prepare app components in advance and delay the final switch until just before the update. Early testers report that updates that previously took several seconds now take less than 100 milliseconds. The enhancement is particularly beneficial for complex apps and allows for concurrent updating without noticeable delays. Users can continue their activities uninterrupted while updates occur in the background, and developers do not need to modify their apps to accommodate this change. Google's broader strategy aims to enhance the speed, safety, and invisibility of updates across the Android ecosystem.

AppWizard

October 2, 2025

Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro

Cybersecurity researchers have identified two Android spyware campaigns, ProSpy and ToSpy, targeting users in the United Arab Emirates by impersonating popular applications like Signal and ToTok. These malicious applications are distributed through deceptive websites and social engineering tactics, requiring manual installation from third-party sites. The ProSpy campaign, active since 2024, uses misleading sites to host compromised APK files marketed as upgrades to Signal and ToTok. The ToSpy campaign, initiated around June 30, 2022, also employs counterfeit sites to deliver malware. Both spyware variants aim to steal sensitive data, including contacts, SMS messages, and files. The ProSpy app, ToTok Pro, contains a button that redirects users to the legitimate ToTok download page, while the Signal Encryption Plugin misleads users into downloading the genuine app. Both spyware types exfiltrate data before user interaction and maintain persistence through a foreground service and Android's AlarmManager. ESET is tracking these campaigns separately due to their different delivery methods, and the identities of those behind the activities remain unknown. Users are advised to be cautious when downloading apps from unofficial sources.