(credit: Dsimic )

A developer's cryptographic signing key is one of the major linchpins of Android security. Any time Android updates an app, the signing key of the old app on your phone needs to match the key of the update you're installing. The matching keys ensure the update actually comes from the company that originally made your app and isn't some malicious hijacking plot. If a developer's signing key got leaked, anyone could distribute malicious app updates and Android would happily install them, thinking they are legit.

On Android, the app-updating process isn't just for apps downloaded from an app store, you can also update bundled-in system apps made by Google, your device manufacturer, and any other bundled apps. While downloaded apps have a strict set of permissions and controls, bundled-in Android system apps have access to much more powerful and invasive permissions and aren't subject to the usual Play Store limitations (this is why Facebook always pays to be a bundled app). If a third-party developer ever lost their signing key, it would be bad. If an Android OEM ever lost their system app signing key, it would be really, really bad.

Guess what has happened! Łukasz Siewierski, a member of Google's Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware. The post is just a list of the keys, but running each one through APKMirror or Google's VirusTotal site will put names to some of the compromised keys: Samsung , LG , and Mediatek are the heavy hitters on the list of leaked keys, along with some smaller OEMs like Revoview and Szroco, which makes Walmart's Onn tablets .

Enlarge (credit: Nathan Howard / Stringer | Getty Images News )

For years, researchers have suggested that algorithms feeding users content aren't the cause of online echo chambers, but are more likely due to users actively seeking out content that aligns with their beliefs. This week, New York University researchers for the Center for Social Media and Politics showed results from a YouTube experiment that just happened to be conducted right when election fraud claims were raised in fall 2020. They say their results provide an important caveat to prior research by showing evidence that in 2020, YouTube's algorithm was responsible for "disproportionately" recommending election fraud content to users more "skeptical of the election's legitimacy to begin with."

A coauthor of the study, Vanderbilt University political scientist James Bisbee told The Verge that even though participants were recommended a low number of election denial videos—a maximum of 12 videos out of hundreds participants clicked on—the algorithm generated three times as many to people predisposed to buy into the conspiracy than it to people who did not. "The more susceptible you are to these types of narratives about the election... the more you would be recommended content about that narrative," Bisbee said.

YouTube spokesperson Elena Hernandez told Ars that Bisbee's team's report "doesn't accurately represent how our systems work." Hernandez says, "YouTube doesn't allow or recommend videos that advance false claims that widespread fraud, errors, or glitches occurred in the 2020 US presidential election" and YouTube's "most viewed and recommended videos and channels related to elections are from authoritative sources, like news channels."

(credit: Apple)

Both members of our favorite mobile duopoly, Google and Apple, recently announced plans to cull outdated apps in their respective app stores. Last month, both companies decided any app that hadn't been updated in two years would be removed. Early in April, Google announced a two-year cutoff plan that would kick-in in November, and later in the month, Apple started emailing developers , giving them 30 days' notice to update or be removed. It's hard to know what culling two-year-old apps will look like, so exactly how many apps are we talking about?

CNET has data from the analyst firm Pixalate, which says the two-year cutoff would remove 869,000 apps from Google Play and around 650,000 from the App Store. That's about a third of each store's current total app selection. Those numbers would have Google Play changing from 2.6 million apps to 1.7 million apps and the App Store from 1.95 million apps to 1.3 million.

That Google number is an estimate since Google officially said the cutoff point is two years. Apple has not publicly specified a cutoff point. The company has only personally emailed developers, saying it is removing apps that have "not been updated in a significant amount of time," but some developers have pegged this date as two years.