permission Archives

Winsage

June 13, 2025

Microsoft has started testing its AI agent in the Windows 11 Settings app.

Microsoft has integrated its AI agent into the Windows 11 Settings app, allowing users to express their needs conversationally. The AI can suggest solutions and implement fixes with user permission, aiming to enhance the user experience by making troubleshooting more intuitive and accessible.

Winsage

June 13, 2025

Announcing Windows 11 Insider Preview Build 26200.5651 (Dev Channel)

Windows 11 Insider Preview Build 26200.5651 (KB5060818) has been released to the Dev Channel, introducing new features and improvements. 1. New Agent in Settings: An AI-powered agent helps users find and adjust settings by understanding user intent and automating tasks. Currently available for Snapdragon-powered Copilot+ PCs, with support for AMD and Intel devices coming soon. English is the primary display language requirement. 2. Recall Export Experience for EEA: Windows Insiders in the European Economic Area can export Recall snapshots with a unique export code, which is encrypted and requires Windows Hello authentication. Users can reset Recall if the export code is lost. 3. Bigger Clock in Notification Center: A new option to display a larger clock with seconds in the notification center is being rolled out, which can be activated in Settings. 4. Recall Changes: Users can now reset Recall and its data, with a new maximum storage duration for snapshots set to 90 days by default. 5. Click to Do Enhancements: New actions allow users to send text or images to Microsoft 365 Copilot and communicate via Microsoft Teams directly from recognized email addresses. 6. File Explorer Updates: Dividers have been added to the context menu for improved organization. 7. Voice Access Language Support: Support for Chinese and Japanese languages has been reintroduced in voice access. 8. Windows Share Options: New sharing options for OneDrive files are available when right-clicking to share. 9. Settings Search Box: The search box in Settings has been repositioned for better usability. 10. Fixes: Various fixes have been implemented for Recall, File Explorer, Start Menu, Settings, and other areas. 11. Known Issues: Issues include inaccurate build version display post-PC reset, non-functional reset options, and problems with Xbox Controllers via Bluetooth. 12. Reminders: Updates are rolled out gradually, and features may evolve or be removed before final release.

Tech Optimizer

June 11, 2025

EDB Postgres® AI Unlocks Rapid GenAI App Delivery for the Enterprise with NVIDIA, at GTC Paris 2025

EnterpriseDB (EDB) has introduced an integration of its EDB Postgres AI platform with NVIDIA NIM microservices, enabling enterprises to easily create and deploy generative AI chatbots and applications with minimal coding. Research from EDB shows that only 13% of global enterprises have implemented comprehensive agentic AI applications, primarily due to fragmented infrastructure and integration challenges. EDB Postgres AI utilizes NVIDIA NeMo Retriever for processing multimodal enterprise data and supports a catalog of NVIDIA NIM microservices to enhance AI model capabilities. The platform is designed for secure and scalable development of agentic AI and operates natively within Kubernetes. EDB Postgres AI is characterized as the first open, enterprise-grade sovereign data and AI platform built on Postgres, integrating transactional, analytical, and AI workloads, with features such as security, compliance, and high availability.

AppWizard

June 10, 2025

Minecraft Multiplayer – How To Play With Friends

In Minecraft, players can join friends' worlds through Realms or dedicated servers. For Bedrock edition, players can directly join a friend's world by ensuring both are online and connected as friends. The steps to join a friend's Bedrock world include launching the game, navigating to "Friends," and selecting the host's name under "Joinable Friends." To invite friends to your own Bedrock world, you need to enable "Multiplayer" in the world settings and send invites after starting the game. Local multiplayer on Bedrock allows split-screen mode or LAN connections. For split-screen, player one joins a world and adds a second controller. For LAN play, all devices must be on the same internet, and the host must enable "Visible to LAN players." Players can then select the LAN world to join. To join a Minecraft Realm, players must launch the game, navigate to "Realms," and select the desired Realm. A Realm will only appear if the player owns it or has received an invitation. Inviting friends to a Realm differs between editions; in Java, players manage the Realm and add friends using their gamertags, while in Bedrock, invitations can be sent via Minecraft.net. To add friends in Bedrock, players search for their friend's Microsoft gamertag. Java edition does not have a friends list, so players can only join the same server or invite friends to a Realm using their gamertag. To join a server, players need the server address, launch Minecraft, select "Multiplayer," and enter the address. For Bedrock, the server port is typically 19132. Troubleshooting tips include ensuring the Microsoft account is signed in, verifying multiplayer permissions, updating the game, and confirming that both players are on the same version of Minecraft.

AppWizard

June 4, 2025

Meta Pixel halts Android localhost tracking after disclosure

Security researchers have found that Meta and Yandex used native Android applications to access localhost ports, allowing them to link web browsing data with user identities and bypass privacy protections. Following these findings, Meta stopped its data transmission to localhost and removed much of the tracking code to comply with Google Play policies. A report from researchers at IMDEA Networks, Radboud University, and KU Leuven detailed how apps like Facebook and Instagram collected web cookie data via the loopback interface. This method allowed the companies to associate browsing sessions with user identities, undermining privacy measures. Meta's tracking process involved the Meta Pixel script, which transmitted cookies to native apps through various protocols. Meta began using this technique in September 2024 but ceased these practices by June 3rd, 2025. Yandex's localhost tracking dates back to 2017, and while they did not respond to inquiries, browser vendors have implemented mitigations against these practices. Proposed solutions include a new permission for local network access to prevent such tracking in the future.

AppWizard

June 3, 2025

Facebook, Yandex Apps Secretly Track Users Via Hidden Ports, Research Claims

Recent findings from IMDEA Networks Institute indicate that Facebook and Instagram apps have been tracking Android users' web browsing activities without consent, bypassing privacy controls and functioning even in incognito mode. This tracking affects millions of websites using Meta's tracking code. Yandex has employed similar tracking techniques since 2017, creating a cross-platform surveillance network. The tracking exploits Android’s permission system by establishing background services that listen on network ports, allowing the apps to capture browsing data and associate it with users' accounts. Meta's pixel is present on about 5.8 million websites, while Yandex Metrica is on around 3 million sites, potentially impacting billions of users. Approximately 78% of sites with Meta’s pixel and 84% of Yandex's sites attempted localhost communications without user consent. This tracking method operates at the operating system level, unaffected by cookie clearing, incognito modes, or privacy settings. Researchers have demonstrated that malicious apps could exploit this technique to gather users' browsing histories. Many website operators were unaware of these localhost communications, leading to confusion and complaints. In response, major browser vendors are implementing measures to block these tracking methods. Meta ceased this tracking on June 3rd, coinciding with the research's public release. The research highlights a significant security gap in mobile platforms regarding localhost communications, emphasizing the need for stricter policies and vetting processes.

AppWizard

June 3, 2025

This Android loophole could have let your apps spy on your web browsing

Meta and Yandex have exploited a loophole in the Android operating system, allowing them to link web browsing data with app identities, bypassing privacy measures like incognito mode. This was revealed by researchers from the Local Mess project, who found that tracking scripts (Meta Pixel and Yandex Metrica) embedded in millions of websites transmit data from web browsers to apps such as Facebook, Instagram, and Yandex Maps through local network connections. Meta began using this technique in late 2024, while Yandex has been doing so since 2017. The loophole allows browser data to be sent to localhost, enabling apps to access it without user notification. In response, Meta has paused the feature and is working with Google to address the issue, which Google acknowledges violates Play Store policies. Some browsers are blocking this tracking, but researchers warn that solutions may be temporary without stricter restrictions on app access to local ports. The study indicates that most sites using these trackers start data collection immediately upon visiting, often before consent is requested. To prevent this tracking, users are advised to uninstall the affected applications.

AppWizard

June 3, 2025

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Recent developments in browser technology have raised concerns about user privacy and data tracking by companies like Meta and Yandex. In response, several Android browsers are enhancing user privacy by blocking abusive JavaScript linked to web trackers. DuckDuckGo has implemented measures to block domains and IP addresses associated with trackers, preventing the transmission of identifiers to Meta and restricting access to Yandex Metrica. Following feedback, DuckDuckGo's developers updated their blacklist to include missing addresses. The Brave browser uses extensive blocklists to prevent identifier sharing and blocks requests to localhost without user consent. Vivaldi forwards identifiers to local Android ports by default but allows users to adjust settings to block trackers. Researchers warn that these solutions may not be foolproof and emphasize the ongoing challenge of maintaining effective blocklists. Chrome and most other Chromium-based browsers execute JavaScript as intended by Meta and Yandex, while Firefox has faced challenges with SDP munging and has not yet announced plans to address this behavior.

AppWizard

June 2, 2025

Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection

Significant vulnerabilities have been identified in pre-installed applications on Ulefone and Krüger&Matz Android smartphones, disclosed on May 30, 2025. Three vulnerabilities affect these devices, including CVE-2024-13915, which targets the com.pri.factorytest application, allowing unauthorized factory resets. CVE-2024-13916 and CVE-2024-13917 affect the com.pri.applock application on Krüger&Matz smartphones, enabling malicious apps to extract user PIN codes and inject arbitrary intents. These vulnerabilities stem from improper export of Android application components, allowing malicious applications to bypass Android’s permission model. Users are advised to check for updates and consider disabling vulnerable applications.

AppWizard

May 29, 2025

How to Manage App Permissions on your Android phone

Users can manage app permissions on Android devices by following these steps: 1. Open phone settings and select "Security and privacy." 2. Choose "Permission manager." 3. Tap "Start" on the intro screen. 4. Select a permission type to revoke or grant. 5. Tap the app to change its permission. 6. Deny permission by selecting "Don't allow" if the app already has access. While managing permissions is important, some apps require specific permissions to function properly, so users should be informed about the permissions they grant.