Enlarge / Never put a GriftHorse on your phone. (credit: John Lamparsky | Getty Images)

Google has taken increasingly sophisticated steps to keep malicious apps out of Google Play. But a new round of takedowns involving about 200 apps and more than 10 million potential victims shows that this longtime problem remains far from solved—and in this case, potentially cost users hundreds of millions of dollars.

Researchers from the mobile security firm Zimperium say the massive scamming campaign has plagued Android since November 2020. As is often the case, the attackers were able to sneak benign-looking apps like "Handy Translator Pro," "Heart Rate and Pulse Tracker," and “Bus - Metrolis 2021” into Google Play as fronts for something more sinister. After downloading one of the malicious apps, a victim would receive a flood of notifications, five an hour, that prompted them to "confirm" their phone number to claim a prize. The “prize” claim page loaded through an in-app browser, a common technique for keeping malicious indicators out of the code of the app itself. Once a user entered their digits, the attackers signed them up for a monthly recurring charge of about $42 through the premium SMS services feature of wireless bills. It's a mechanism that normally lets you pay for digital services or, say, send money to a charity via text message. In this case, it went directly to crooks.

The techniques are common in malicious Play Store apps, and premium SMS fraud in particular is a notorious issue. But the researchers say it's significant that attackers were able to string these known approaches together in a way that was still extremely effective—and in staggering numbers—even as Google has continuously improved its Android security and Play Store defenses.

• 

  On the back, you get a single giant camera, a time-of-flight sensor, and an LED flash. That's it. [credit: Sharp ]

Is filling the back of a smartphone with several small camera lenses really the best camera solution? Sharp is bucking the multi-camera trend with the Aquos R6 , a phone with—get this—a single massive camera on the back. Sharp is skipping all the wide-angle zoom lenses out there and going with a giant 1-inch camera sensor instead. This is either the single biggest smartphone camera sensor ever or it's tied for the largest ever, depending on how you categorize 2014's Panasonic Lumix CM1 , which isn't so much a "phone" as it is a point-and-shoot camera that runs Android and can make phone calls.

Sharp is not talking about its camera sensor supplier, but there's a good chance the part is from fellow Japanese company Sony, which has had a 1-inch "IMX800" sensor circulating around the rumor mill for some time. Sony is the leading smartphone camera sensor manufacturer, so don't be surprised to see a few more 1-inch sensor phones this year. The rest of the specs look pretty good, too. The phone comes with Android 11, a Snapdragon 888 SoC, 12GB of RAM, 128GB of storage, a 5000 mAh battery, a microSD slot, a headphone jack, and a USB-C port.

The display is a Sharp-made OLED with a whopping 240 Hz refresh rate. Sharp has made 240 Hz displays before, but it says this one is the "world's first" display to have a dynamic refresh rate that goes from 1 Hz to 240 Hz, depending on the content.

Enlarge / Sadly the Shoreline Amphitheatre will be empty this year. Google I/O is online-only. (credit: picture alliance / Getty Images)

Google I/O 2021 is actually happening this year. But due to a certain worldwide pandemic, it will be all online instead of outside in the sun of Mountain View. Google skipped the 2020 edition entirely, but the company is finally ready to deliver its first ever virtual Google I/O. For us onlookers, that means we're officially entering unknown territory.

Google I/O starts Tuesday, May 18 at 1 pm EDT, when Google/Alphabet CEO Sundar Pichai will take the stage and presumably show off what Google has been working on all year. We've been prepping for the show ourselves, and the shift to an all-virtual event hasn't lessened the amount of tea leaves to read. We're expecting to see quite a few things over the next week.

Well, first, let's talk about what we're probably not going to see: the Pixel 5a. At Google I/O 2019 , we saw the launch of the Pixel 3a in May of that year. But with I/O 2020 canceled, the Pixel 4a didn't hit the market until much later in the following year, on August 20, 2020. Normally we would call the launch timeframe for the 5a a toss up between mirroring the 3a or 4a launch dates, but Google has already set us straight. Back in April, the company said the Pixel 5a would be "announced in line with when last year’s a-series phone was introduced." So that's August, not May, and not at Google I/O.

• 

  Renders of the Pixel 6. Get a load of that camera bar. [credit: Jon Prosser ]

The Pixel 6 promises to be a landmark device for Google, as it is expected to mark the debut of the Google-developed "Whitechapel" SoC , instead of the Qualcomm chips the search giant has shipped in all of its previous devices. To go along with the revamped insides, it appears the outside is seeing some major design changes, too—if the newest leak is to be believed.

This first look at the Pixel 6 design comes to us from YouTuber Jon Prosser. Prosser claims he was sent live, hands-on images of the device, and while he isn't sharing the actual images, he teamed up with a render artist to depict the device based on those images.

Prosser's track record when it comes to Google leaks is not the greatest. Just last month he claimed the Pixel 5a was " canceled ," but that assertion was publicly shot down by Google. This leak has a bit more believability to it, as it was also backed up by Android Police's Max Weinbach, though he says the colors aren't accurate.