Android news and developer summaries

Researchers demonstrated a critical exploit chain for the Google Pixel 10 by adapting a Dolby zero-click vulnerability and identifying a severe local privilege escalation in the new VPU driver. The VPU flaw allows arbitrary kernel read/write via improper mmap handling. While Android's triage process has improved, the research highlights the persistent critical need for more robust driver security.

scrcpy v4.0 introduces a migration to SDL3, enabling window aspect ratio locking and improved resize functionality. Key updates include a dynamic 'flex display' for virtual screens, camera torch and zoom controls, a notification icon for disconnections, and improved 'keep active' settings to prevent device sleep. Various performance, Meta Quest compatibility, and bug fixes are also included.

GrapheneOS released an update patching a critical Android VPN bypass vulnerability that leaked user IP addresses despite active lockdown protections. The flaw, caused by improper QUIC connection handling, allowed system processes to bypass VPN tunnels. While Google declined to address this as a security issue, GrapheneOS implemented a fix in its latest release alongside other security improvements.

The kv4p HT is an open source, 1-watt VHF/UHF handheld transceiver that connects to an Android phone via USB-C. It leverages the phone for power, UI, and GPS capabilities. The project includes GPL3-licensed ESP32 firmware, PCB designs, and an Android app, making it an accessible, off-grid communication solution for makers.

This web-based tool uses your smartphone's IMU sensors to measure guitar string vibrations when pressed against the instrument body. It calculates axis-specific data and magnitude to detect pitch, providing real-time frequency analysis. The application requires motion sensor permissions and functions most effectively on Android devices equipped with high-rate sampling capabilities.