Google's Android has now broken that.

On the web, we used to use:

<input type="file" accept="image/jpeg">

That opened the phone's photo picker and let the use upload a geotagged photo. But a while ago Google deliberately broke that.

Instead, we were encourage to use the file picker:

<input type="file">

That opened the default file manager. This had the unfortunate side-effect of allowing the user to upload any file, rather than just photos. But it did allow the EXIF metadata through unmolested. Then Google broke that as well.

Using a "Progressive Web App" doesn't work either.

So, can users transfer their photos via Bluetooth or QuickShare? No. That's now broken as well.

You can't even directly share via email without the location being stripped away.

Literally the only way to get a photo with geolocation intact is to plug in a USB cable, copy the photo to your computer, and then upload it via a desktop web browser?

Why?!?!?

Because Google run an anticompetitive monopoly on their dominant mobile operating system.

Privacy.

There's a worry that users don't know they're taking photos with geolocation enabled. If you post a cute picture of your kid / jewellery / pint then there's a risk that a ne’er-do-well could find your exact location.

Most social media services are sensible and strip the location automatically. If you try to send a geotagged photo to Facebook / Mastodon / BlueSky / WhatsApp / etc, they default to not showing the location. You can add it in manually if you want, but anyone downloading your photo won't see the geotag.

And, you know, I get it. Google doesn't want the headline "Stalkers found me, kidnapped my baby, and stole my wedding ring - how a little known Android feature puts you in danger!"

But it is just so tiresome that Google never consults their community. There was no advance notice of this change that I could find. Just a bunch of frustrated users in my inbox blaming me for breaking something.

I don't know what the answer is. Perhaps a pop up saying "This website wants to see the location of your photos. Yes / No / Always / Never"? People get tired of constant prompts and the wording will never be clear enough for most users.

It looks like the only option available will be to develop a native Android app (and an iOS one?!) with all the cost, effort, and admin that entails. Android apps have a special permission for accessing geolocation in images.

If anyone has a working way to let Android web-browsers access the full geolocation EXIF metadata of photos uploaded on the web, please drop a comment in the box.

In the meantime, please leave a +1 on this HTML Spec comment.

The good folks at Epomaker want me to see the error of my ways and have sent me a couple of devices to review. Today I'm trying out the TH87 and it is surprisingly lovely!

Blinken lights!

Here's a quick video showing some of the effects.

Is this necessary? No! But it is jolly good fun. Probably a bit distracting - especially if you're in a dark space or a crowded office - but rather pleasing nevertheless. Switching between the effects means remembering the correct key combo - there's no way to do it programatically, you just have to cycle through them all.

Linux Compatibility

The TH87 comes with a USB-C to A cable. Personally, I'd've preferred straight C-C, but this does the job. Flick the switch at the back to USB mode, plug it in, and Linux instantly detected it. No drivers to configure.

Rather cheekily, lsusb shows it as 05ac:0250 Apple, Inc. Aluminium Keyboard (ISO) - there's another switch for changing between Mac and PC mode. That doesn't change how the keyboard presents itself; just the keycodes it sends.

Oddly, there was this warning in dmesg:

apple 0003:05AC:0250.0010: Fn key not found (Apple Wireless Keyboard clone?), disabling Fn key handling

However, the function keys worked and I was able to control screen brightness etc using Fn and the F1-12 keys.

There's also a Bluetooth option. Again, Linux use was a breeze - although you'll have to remember what the pairing combo is and which device it is paired to.

There's also a 2.4GHz option. Hidden under one of the feet is a little USB-A receiver. Again, pairing is simple - just plug it in and flick the switch.

As expected, it also plays well with Android. The Bluetooth connection worked as did USB-OTG. Of course, quite why you'd want a giant heavy keyboard paired to your tiny phone is an exercise left to the reader.

Clunk Click Every Trip

So let's talk about noise. This keyboard is noisier than some of my other typing surfaces, but not aggressively so. Apparently it is "pre-lubricated" and has some noise suppression. The travel on the switches is excellent, they aren't stiff, and the whole contraption is sturdy.

It was easy to remove the caps with the enclosed tool. I didn't bother trying to extract a switch because I'm afraid of buggering it up.

Other Things

Battery life is excellent - as you'd expect from a 10,000 mAh unit. It recommends charging by attaching to a computer and warns a regular charger might damage it. But, frankly, it seemed to cope just fine.

There's no software for customising the colours or functionality. Apparently lots of mechanical keyboards run an Open Source firmware - but this appears to be proprietary. There is some question about whether Epomaker comply with the GPL when it comes to the QMK source. They appear to have some source code available but it is hard to tell whether it exists for this specific model. I've contacted them for clarification.

There's a lot of technobabble on the website. Apparently it uses "5-Layer Sound Optimizing Design with PORON Sandwich Foam, IXPE Switch Pad, Sound Enhancement Pad, EPDM Switch Socket Pad, and Silicone Bottom". I've no ideas what it means, but it appears important to some people.

There's no number-pad, which is a bit of a shame. However the keyboard has a proper UK layout and is reasonably compact. Although at 1Kg it is almost as heavy as my laptop!

Cost

I have no internal benchmark for something like this. It's around £60 from AliExpress or £80 on Amazon UK depending on whether you have pleased The Algorithm. That seems pretty reasonable for a hefty keyboard with lots of customisability.

If you want ALL THE LIGHTS and value the ability to hot-swap various keys and switches, I think this is a nifty bit of kit.

It is, as far as I can tell, unregulated by any financial institution. Nevertheless, it performs a "Know Your Customer" (KYC) check on all new account in order to prevent fraud. To do this, it uses the Ukranian KYCaid platform.

So far, so standard. But there's a small problem with how they both integrate.

I installed Chimoney's Android app and attempted to go through KYCaid's verification process. For some reason it hit me with this error message.

Well, I'd better click that email and report the problem.

Oh, that's odd. What happens if I click the protected link?

Huh! I guess I've been taken to Cloudflare's website. What happens if I click on the links on their page?

Looks like I can now visit any site on the web. If Cloudflare has a link to it, I can go there. For example, GitHub.

Why is this a problem?

MASTG-KNOW-0018: WebViews

One of the most important things to do when testing WebViews is to make sure that only trusted content can be loaded in it. Any newly loaded page could be potentially malicious, try to exploit any WebView bindings or try to phish the user. Unless you're developing a browser app, usually you'd like to restrict the pages being loaded to the domain of your app. A good practice is to prevent the user from even having the chance to input any URLs inside WebViews (which is the default on Android) nor navigate outside the trusted domains. Even when navigating on trusted domains there's still the risk that the user might encounter and click on other links to untrustworthy content

Emphasis added

A company's app is its sacred space. It shouldn't let anyone penetrate its inner sanctum because it has no control over what that 3rd party shows its customers.

There's nothing stopping an external service displaying a message like "To continue, please transfer 0.1 Bitcon to …"

(Of course, if your KYC provider - or their CDN - decides to turn evil then you probably have bigger problems!)

There are some other problems. It has long been known that people can use in-app browsers to circumvent restrictions. Some in-app browsers have insecure configurations which can be used for exploits. These sorts of "accidentally open" browsers are often considered to be a security vulnerability.

The Fix

Ideally, an Android app like this wouldn't use a web view. It should use a KYC provider's API rather than giving them wholesale control of the user experience.

But, suppose you do need a webview. What's the recommendation?

Boring old URl validation using Android's shouldOverrideUrlLoading() method.

Essentially, your app restricts what can be seen in the webview and rejects anything else.

Risk

Look, this is pretty low risk. A user would have to take several deliberate steps to find themselves in a place of danger.

Ultimately, it is "Code Smell" - part of the app is giving off a noxious whiff. That's something you cannot afford to have on a money transfer app. If this simple security fix wasn't implemented, what other horrors are lurking in the source code?

Contacting the company

There was no security.txt contact - nor anything on their website about reporting security bugs. I reached out to the CEO by email, but didn't hear back.

In desperation, I went on to Discord and asked in their support channel for help.

Unfortunately, that email address didn't exist.

I also tried contacting KYCaid, but they seemed unable or unwilling to help - and redirected me back to Chimoney.

As it has been over two month since I sent them video of this bug, I'm performing a responsible disclosure to make people aware of the problem.

Are you allowed to run whatever computer program you want on the hardware you own? This is a question where freedom, practicality, and reality all collide into a mess.

Google has recently announced that Android users will only be able to install apps which have been digitally signed by developers who have registered their name and other legal details with Google. To many people, this signals the death of "sideloading" - the ability to install apps which don't originate on the official store⁰.

I'm a fully paid-up member of the Cory Doctorow fanclub. Back in 2011, he gave a speech called "The Coming War on General Computation". In it, he rails against the idea that our computers could become traitorous; serving the needs of someone other than their owner. Do we want to live in a future where our computers refuse to obey our commands? No! Neither law nor technology should conspire to reduce our freedom to compute.

There are, I think, two small cracks in that argument.

The first is that a user has no right to run anyone else's code, if the code owner doesn't want to make it available to them. Consider a bank which has an app. When customers are scammed, the bank is often liable. The bank wants to reduce its liability so it says "you can't run our app on a rooted phone".

Is that fair? Probably not. Rooting allows a user to fully control and customise their device. But rooting also allows malware to intercept communications, send commands, and perform unwanted actions. I think the bank has the right to say "your machine is too risky - we don't want our code to run on it."

The same is true of video games with strong "anti-cheat" protection. It is disruptive to other players - and to the business model - if untrustworthy clients can disrupt the game. Again, it probably isn't fair to ban users who run on permissive software, but it is a rational choice by the manufacturer. And, yet again, I think software authors probably should be able to restrict things which cause them harm.

So, from their point of view it is pragmatic to insist that their software can only be loaded from a trustworthy location.

But that's not the only thing Google is proposing. Let's look at their announcement:

We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.

Back in the early days of Android, you could just install any app and it would run, no questions asked. That was a touchingly naïve approach to security - extremely easy to use but left users vulnerable.

A few years later, Android changed to show user the permissions an app was requesting. Here's a genuine screenshot from an app which I tried to sideload in 2013:

No rational user would install a purported battery app with that scary list of permissions, right? Wrong!

We know that users don't read and they especially don't read security warnings.

There is no UI tweak you can do to prevent users bypassing these scary warnings. There is no amount of education you can provide to reliably make people stop and think.

Here's the story of a bank literally telling a man he was being scammed and he still proceeded to transfer funds to a fraudster.

It emerged that, in this case, Lloyds had done a really good job of not only spotting the potential fraud but alerting James to it. The bank blocked a number of transactions, it spoke to James on the phone to warn him and even called him into a branch to speak to him face-to-face.

Here's another one where a victim deliberately lied to their bank even after acknowledging that they had been told it was a scam.

Android now requires you to deliberately turn on the ability to side-load. It will give you prompts and warnings, force you to take specific actions, give you pop-ups and all sorts of confirmation steps.

And people still click on.

Let's go back to Google announcement. This change isn't being rolled out worldwide immediately. They say:

This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators.

…

September 2026: These requirements go into effect in Brazil, Indonesia, Singapore, and Thailand. At this point, any app installed on a certified Android device in these regions must be registered by a verified developer.

The police in Singapore have a page warning about the prevalence of these scams. They describe how victims are tricked or coerced into turning off all their phone's security features.

Similarly, there are estimates that Brazil lost US$54 billion to scams in 2024 (albeit not all through apps).

There are anecdotal reports from Indonesia which show how easily people fall for these fake apps.

Thailand is also under an ongoing onslaught of malicious apps with some apps raking in huge amounts of money.

It is absolutely rational that government, police, and civic society groups want to find ways to stop these scams.

Google is afraid that if Android's reputation is tarnished as the "Scam OS" then users will move to more secure devices.

Financial institutions might stop providing functionality to Android devices as a way to protect their customers. Which would lead to those users seeking alternate phones.

Society as a whole wants to protect vulnerable people. We all bear the cost of dealing with criminal activity like this.

Given that sideloaded Android apps are clearly a massive vector for fraud, it obviously behoves Google to find a way to secure their platform as much as possible.

And Yet…

This is quite obviously a bullshit powerplay by Google to ensnare the commons. Not content with closing down parts of the Android Open Source Project, stuffing more and more vital software behind its proprietary services, and freezing out small manufacturers - now it wants the name and shoe-size of every developer!

Fuck that!

I want to use my phone to run the code that I write. I want to run my friends' code. I want to play with cool open source projects by people in far-away lands.

I remember The Day Google Deleted Me - we cannot have these lumbering monsters gatekeeping what we do on our machines.

Back in the days when I was a BlackBerry developer, we had to wait ages for RIM's code-signing server to become available. I'm pretty sure the same problem affected Symbian - if Nokia was down that day, you couldn't release any code.

Going back to their statement:

To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer.

This is a lie. I can only distribute a sideloaded app if Google doesn't nuke my account. If I piss off someone there, or they click the wrong button, or they change the requirements so I'm no longer eligible - my content disappears.

They promise that Android will still be open to student and hobbyist developers - but would you believe anything those monkey-punchers say? Oh, and what a fricking insult to call a legion of Open Source developers "hobbyists"!

I hate it.

I also don't see how this is going to help. I guess if scammers all use the same ID, then it'll be easy for Android to super-nuke all the scam apps.

Perhaps when you install a sideloaded app you'll see "This app was made by John Smith - not a company. Here's his photo. Got any complaints? Call his number."

But what's going to happen is that people will get their IDs stolen, or be induced to register as a developer and then sign some malware. They'll also be victims.

So What's The Solution?

I've tried to be pragmatic, but there's something of a dilemma here.

0. Users should be free to run whatever code they like.
1. Vulnerable members of society should be protected from scams.

Do we accept that a megacorporation should keep everyone safe at the expense of a few pesky nerds wanting to run some janky code?

Do we say that the right to run free software is more important than granny being protected from scammers?

Do we pour billions into educating users not to click "yes" to every prompt they see?

Do we try and build a super-secure Operating System which, somehow, gives users complete freedom without exposing them to risk?

Do we hope that Google won't suddenly start extorting developers, users, and society as a whole?

Do we chase down and punish everyone who releases a scam app?

Do we stick an AI on every phone to detect scam apps and refuse to run them if they're dodgy?

I don't know the answers to any of these questions and - if I'm honest - I don't like asking them.

There used to be a built-in settings tile on stock Android, and some manufacturers still have it, but Google's Pixels don't.

So here's how to make a (fairly) quick shortcut to swap between data SIMs.

First, get the brilliant open source Activity Manager app. It exposes all of the internal activities available in your apps. This lets you create a deep-link shortcut into a specific part of an app.

In Activity Manager, find the Settings app and tap on it.

Search or scroll down to "MobileNetworkListActivity".

Tap the vertical ellipse and then "Create Shortcut".

That will place an icon on your home screen. Tapping the icon will take you directly to your SIM settings. At the bottom is the option to choose your data SIM. Tap it to change your data SIM.

It isn't quite a one-tap solution, but the shortcut is a lot easier than remembering exactly which sub-menu you need to find.

First of all, Google is lying. It does meet security standards and it is not rooted. I get that I have no right to run someone else's software in an environment they don't like, but this is just misinformation. 3rd party OSes are often more secure that a stock OS which has been left to rot by an unresponsive manufacturer.

Anyway, here's how you can use contactless payments on Graphene.

Prerequisites

I'm going to tell you what I did. If you found another way, leave a comment or write your own blog post.

I'm using the latest version of Graphene (2025062000) with Play Services installed. The app is running in my main profile. None of the advanced app protection has been toggled for the app. NFC is on.

You will have to agree to Curve's privacy policy. And the privacy policy of your credit card. Look, if you're using Graphene, you're probably overly privacy sensitive. If you're concerned about The Man™ knowing that you used your card to buy a breakfast beer and then sharing that with 958 trusted partners, just use cash instead.

Install Curve

Here's a referral link to install Curve - join and you get £10. Or, you can install directly from the Play Store.

You'll need to create an account and pass KYC / AML checks. Curve are regulated by the FCA so you should feel safe giving your details to them.

Add a card

Curve is a virtual card provider. So add your existing Visa or MasterCard to the app (no Amex). When you spend on Curve, you're actually spending on the underlying card you've added. Curve promise cheaper foreign exchange fees and a few other perks. But what we're really interested in is NFC payments.

Set up Curve Pay

On your app's dashboard, you should see a banner saying "Curve Pay is good to go!". If not, head into your account and set it up there.

If it has all set up, you should see a welcome tutorial explaining how contactless works.

Set your default wallet

On your phone, go to Settings → Connected devices → Connection Preferences → NFC → Contactless Payments.

Or, search your settings for Pay.

Select your default wallet app - in this case, Curve.

Pay for something

You need to make sure NFC is turned on before you can use NFC payments. I know that sounds obvious, but I forgot to do it the first time and got very confused.

Go to a local shop, pick up something, hand it to the merchant, wave your phone over the payment terminal like you are a technowizard from the future.

Enjoy eating whatever you paid for!

That's it!

Once you're done, you can turn of NFC if you're paranoid.

Apparently, Curve also works with Garmin Smart Watches - but I don't have one to test out.

If you've found this blog post useful, I'd be grateful if you signed up with my referral link for Curve.

After some back-and-forth with the manufacturer, they agreed to send me their Android SDK and documentation. Sadly, the PDF they sent me was riddled with errors and the software library is also a bit dodgy. So, with the help of Edward Toroshchyn and a hefty amount of automated boiler-plate, I managed to get it working.

The full code is open source, but here's a quick walk-through of the important bits.

First, the AAR library needs to be imported into the project. Place it in app/libs and then include it in the Gradle build file:

dependencies {
    implementation(files("libs/badge_nfc_api-release.aar"))
}

The key to getting it working is in the Android permissions. It needs Bluetooth, NFC, and location. So the manifest has to contain:

<uses-permission android:name="android.permission.BLUETOOTH"/>
<uses-permission android:name="android.permission.BLUETOOTH_ADMIN"/>
<uses-permission android:name="android.permission.BLUETOOTH_SCAN"/>
<uses-permission android:name="android.permission.BLUETOOTH_CONNECT"/>
<uses-permission android:name="android.permission.NFC"/>
<uses-permission android:name="android.permission.NFC_TRANSACTION_EVENT"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>

The following imports are needed from the Android Archive library:

import cn.manytag.badge_nfc_api.manager.BadgeWriteManager
import cn.manytag.badge_nfc_api.manager.OnNFCReaderCallback
import cn.manytag.badge_nfc_api.manager.OnBluetoothCallBack
import cn.manytag.badge_nfc_api.manager.OnSendImageCallback

The library needs to be initialised with:

val state = BadgeWriteManager.getInstance().init(this)

When the phone reads the NFC tag, it gets a bunch of information:

BadgeWriteManager.getInstance().setOnNFCReaderCallback(object : OnNFCReaderCallback {
    override fun onReaderMessage(i: Int, tag: Tag) {
        if (i == 0) {
            BadgeWriteManager.getInstance().readNFC(tag)
        }
    }

    //  Get the data from the badge
    override fun onReaderType(tag: Tag, isodep: IsoDep, i: Int, type: String, size: String, color: String) {
        if (i == 0) {
            nfcData = """
                NFC Tag Detected!!!
                Tag: $tag
                IsoDep: $isodep
                Type: $type
                Size: $size
                Color: $color
            """.trimIndent()
            colorFromNFC = color
            tagObject = tag
            isoDepObject = isodep
            badgeType = type
            badgeSize = size
        }
    }
})

The color is most important right now. It says whether the badge is black and white, or black and white and red, or black and white and red and yellow.

After picking an image from the filesystem, it needs to be dithered into the correct colour format:

processedBitmap = originalBitmap?.let { bitmap ->
    colorFromNFC?.let { color ->
        BadgeWriteManager.getInstance().processImage(bitmap, color)
    }
}

Finally, the processed image needs to be converted to bytes and then sent to the badge via Bluetooth:

if (processedBitmap != null && badgeType != null && badgeSize != null && colorFromNFC != null) {
    val imgData = BadgeWriteManager.getInstance().getImageData(processedBitmap!!, colorFromNFC!!)

    BadgeWriteManager.getInstance().sentImageResource(
        tagObject!!, isoDepObject!!, imgData, badgeType!!, badgeSize!!, colorFromNFC!!
    )
}

I realise this is a bit "draw the rest of the owl" but that should be enough to get you started on building an app which can communicate with these badges.

The app I've built isn't the prettiest in the world but at least it works. It scans a badge, gets its info, picks an image, dithers it, then sends it to the badge.

You can play with the code on CodeBerg.

But now, under pressure from Apple's incredible Find My network, Google has started rolling out a similar service to modern Android phones. In theory it should be much better; Android has a higher market share than iOS in most parts of the world I'm interested in visiting. But Apple's monoculture means they can quickly roll out the network to a much higher range of devices than Google.

The Pebblebee "Universal" range works with both Apple and Android's networks. But, crucially, not at the same time. You can reset the device and swap it between your iPhone and Galaxy - but it won't connect to both networks simultaneously.

Hey, remember when Google and Apple collaborated so that Covid tracing apps were interoperable no matter the device? Good times, man! But, y'know, this is just for protecting property, not life. So we'll give them a pass…

This is what the Pebblebee Clip looks like.

It's a fairly unobtrusive small disk. Clip it to a thing with the included clip, hide it in the lining, glue it to a device. The logo is a clickable button which is used for pairing the device, resetting, and checking the battery.

It also comes with a ridiculously short USB-C-to-C cable which can only be used for charging.

Dump it and grab a longer cable from your big box of cables. Total e-Waste, shouldn't have been included.

When you tell the app to make the PebbleBee identify itself, you're rewarded with this display of loud beeps and disco lasers.

The lights are bright and the sound is piercing - especially considering its size. It fits neatly in a hand and is small enough to tuck away in a pocket.

But what's it like to use?

Pros

• USB-C rechargable. No more faffing about trying to find a new battery. No e-Waste. No worrying if it'll last an entire trip. Shove it into to any USB power source and you're good to go.
• Loud beeper. One of the main reasons I got this was that it (reportedly) has the loudest speaker on the market. I can't compare it to others but it is certainly good enough for hearing in a crowded train carriage.
• Lights. The sides light up - handy for giving you a visual cue as to where it is.
• Small, light, and includes a keyring connector.
• You can share trackers between accounts. My wife and I each have a suitcase. We don't just want to know where our own bag is - we both want to know where both bags are.

Cons

The downsides of the device are minimal - depending on your use case.

• Not waterproof. Certainly water resistant - but the USB-C socket is an ingress point for fluids.
• No Ultra Wide Band. That means you don't get a precise direction when looking for something - just the distance. UWB isn't supported on Google's "Find My Device" network right now, so this isn't a great loss.
• No wireless charging.
• Cost. Even in bulk, with a discount, they were £25 each.

Security

Anyone who finds your tracker can factory reset it. I can't help but feel there should be a way to prevent that. But, to be honest, if a thief has found your token they can just throw it away or destroy it.

Firmware updates aren't available in the Google Find My app. So you'll need to use Pebblebee's own app.

The USB-C port is for power only. They don't show up as a device when connected to a computer.

Testing

I wasn't able to connect to the PebbleBee using GrapheneOS - one of the downsides of using a hyper-secure version of Android.

I used a separate phone, but couldn't get the device to pair. I kept getting this message:

I had to go to Setting → Google → Devices → Scan for nearby devices. Only then could I add it to Find My Device.

The FMD service lets you share devices with another Google account. Perfect for families and loved ones! When I tried to use it, I got this error message on the GrapheneOS phone.

That's probably a GrapheneOS issue. But it is dissapointing these sorts of things aren't standardised and baked into the OS.

In terms of tracking - a bit crap. In Gatwick airport - a pretty busy destination - they stayed tracked for a bit after we dropped off our bags. But in less busy destinations, they never pinged the network. They claim a 150m range which ought to several times better than an AirTag. But without a critical mass of Android users opted-in to the network, it is pointless.

Privacy

I'm a bit of a privacy nut. There's no doubt that these can be used to stalk people - but the Find My app is supposed to alert you if it detect a tag following you.

Is having Google and Apple know where all your stuff is a good thing? Well, probably not. But if it is a choice between seeing where a thief has taken my laptop bag and a multinational knowing what train I took, I guess I'm surprisingly OK with it.

Yes, it is a Devil's Bargain. Location is useful for surveillance (be it advertising or police) but it is also useful for personal security. It isn't nice living in a Panopticon but it also isn't nice to lose your expensive possessions.

Verdict

From a tech point of view - they sort of work! BLE is now an established technology and is well supported on all modern phones. Google's "Find My" app is basic, but works at tracking your devices when they're near you. The device is loud, bright, and is quickly recharged.

If you have a phone that support it, they're a reasonable device. At £25 each, they are optimistically priced. Especially given the coverage issues.

And that's the crux of the issue. As of yet, the network simply isn't as expansive as the Apple version. Apple have the ability to push out a service to millions of users, Google don't. While there are more Android users (certainly in my part of the world) there isn't a mechanism to bootstrap this network.

Back in the day when Google was ambitious, they would have stuck sensors all around the country or ran a massive campaign encouraging people to get involved or launched a cool API or given out a million trackers as freebies. But Google is now a timid and cautious shadow of its former self. Everyone in tech half-expects the Find My Device network to join the Google Graveyard like so many other interesting projects.

So, for now, these are great if you're within a few hundred metres of them. And they're barely adequate under any other circumstances.

Nowadays, thieves are not only snatching phones, but forcing their owners to transfer money to the thieves. This is not an isolated incident¹.

How can you protect yourself from such a situation²?

Broadly speaking, there are four ways to protect your sensitive apps. Relying on the regular lockscreen, hiding the apps, using a Private Space, or placing the apps in different profile. Let's look at the advantages and disadvantages of each approach.

Regular Lockscreen

Android's lockscreen controls are pretty good - if you turn them on.

Perhaps you have a super-long and complicated password. Maybe a 10 digit PIN that only you know. Biometrics like facial recognition and fingerprints are reasonably strong and fairly convenient.

But that relies on your phone being locked when it is snatched. If you're using your phone when it is taken from you, the lockscreen might detect it and lock automatically, but you need a modern device and to have specifically enabled the setting.

If a thief has shoulder-surfed your 4 digit PIN, that will be enough to let them enter your phone.

But here we are concerned with someone threatening you. Basically, if someone has a knife pointed at you, you're probably going to unlock the phone for them³. So, let's assume we want to protect our banking apps from someone who has access to your unlocked device.

Launcher Hiding

Some Android phones let you hide apps. When an attacker is scrolling through the list of installed apps, they won't be able to see any apps which are hidden.

This, I think, is a reasonable way to hide your banking apps. You can show the thug that there aren't any installed. That may or may not be enough to mollify them. They might still nick your device, but you won't be forced to transfer your savings elsewhere.

This, of course, presents a problem for the regular user. How do you launch your apps if you can't find them? Most launchers will let you type in the name of the app to find it - the app is merely hidden from the default list.

So an attacker would have to try typing "HSBC" or "Barclays" or "Chase" or a dozen different names until they find your app. Will they be angry if you've lied to them? Is that a risk you want to take?

Some launchers will let you change the name and icon of your sensitive apps. You can rename "Midland Bank" to "Calculator" and change its icon. Not every launcher supports this sort of hiding though. It also places a cognitive load on you that you need to remember what you've hidden your apps as. Will you remember than Bank 1 is calendar and Bank 2 is Bumble?

Private Space

Android 15 has introduced the concept of a Private Space. It is like a digital lock-box for your apps. If someone has your unlocked phone, they need to pass through authentication in order to use apps which are locked.

There are two main drawbacks with this approach.

Firstly, locked apps don't run in the background. That means you won't get alerts from them. If you rely on push notifications to tell you if someone is using your card fraudulently, this could be a problem.

Secondly, the Private Space shows up at the bottom of your app list like this:

So an attacker can easily see it and demand that you open it up. You can set the Private Space to be hidden. But then you're in the same position as above - typing in "private space" will show it in your launcher.

Work Profile

Android has the concept of "Work Profiles". They're designed to segregate your work apps and your personal apps. Your work admin can wipe your work profile without touching your personal stuff, and you can't copy confidential emails to your personal area. Nifty!

If you don't have work apps on your phone, you can use an app like Shelter to make your own Work Profile.

You can stick your banking apps in the Work Profile and have them locked away from prying eyes.

The Work Profile button is more subtle than the Private Space.

But it still has the disadvantage that, once locked, the apps are suspended and won't receive any alerts.

Secondary Profile

Finally, modern versions of Android support multiple profiles. They're generally designed so that multiple people can use your device - but there's nothing stopping you from putting your banking apps in there.

The immediate advantages of multi-user profiles are:

• The profile can be protected by a separate password.
• The profile switcher is generally more subtle than the Work Profile switcher or Private Space toggle.
• Apps can run in the background while in a separate profile.

The disadvantage is that, because it is a completely separate profile, you'll need to sign in again using your Google account in order to install apps from the Play store. If you use a password manager and MFA app, you may need to install them in both your main and secondary profile.

Because the apps can run in the background, there may be some (minor) impact on battery life - you're effectively running Google's Notifications Service twice.

If you are being held at knifepoint and a notification from your bank comes through - you may find it socially awkward to explain.

Which is right for me?

It is complicated. I think I can distil it down to the following:

• If you need alerts from your banking apps - put them in a secondary profile.
• There are some reports of banking apps not working in secondary profiles - if yours don't work in a profile then hiding apps is your best defence.
• If you're not using Work Mode and don't need alerts - put them in Work Mode.
• If you're using Work Mode and don't need alerts - put them in a Private Space and set the space to be hidden.

Remember, you can't fling technical solutions at social problems and expect them to solve everything. In general, crime in England and Wales is at its lowest level but certain crimes, like phone theft, are on the rise. Despite all the technology thrown at the problem, people are still walking around holding machines worth hundreds of pounds. Each of those machines is a gateway to potentially thousands of pounds. Phones and banking apps are incredibly lucrative targets.

The aim of this exercise isn't to solve the problem of crime. It isn't even to make you a less attractive target. It is to allow you to hand over your phone safe in the knowledge that your banking apps are somewhat protected from miscreants while still being useful to you.

If you have any tips on how to keep banking apps hidden, please leave a comment.

Back in 2013, Google created the "Noto" project. Its aim? To include "all the world's languages". They wanted to banish "tofu" - the little white blocks □ which indicate a missing character - hence the name "No Tofu" / "Noto".

There was great flurry and excitement which has, thankfully, been sustained over the years. Noto continues to churn out regular updates to their fonts. Android began to use Noto but, for some unknown reason, it only rarely uses the latest versions. This means whole swathes of modern characters are missing from Android.

You can see all the fonts included in the Android Open Source Project. If you want to download them all, run: git clone https://android.googlesource.com/platform/external/noto-fonts

Open up the fonts in your favourite editor, and you'll see just how outdated they are.

For example, Gujarati is stuck on 2013's version (1.03) despite v2.106 being released in 2023

It's a similar story for the technical symbols block - Android is stuck on v1.09 despite a decade of advances.

A few, like Hentaigana were only created recently - and so are on the latest version. But the majority are woefully outdated.

Perhaps that's just a lack of love for AOSP? Not at all. I downloaded the latest beta version of Android 15 and went through all the fonts it included. They're exactly the same⁰.

How bad is it?

I decided to compare all the recently published Noto fonts and those available in AOSP.

I downloaded all the most recent Noto fonts from GitHub. It does take some time for fonts to be tested on phones so, in the spirit of fairness, I grabbed the 2024-01-01 release.

Here's what I found.

Of the 224 non-Emoji fonts in Noto, AOSP only has about 140. About a third are simply missing.

Of the fonts included with Android 15, how many were updated within the last 2 years? Ten. Not a typo.

Despite a regular publishing cadence from another Google project, Android is ignoring the vast majority of updates.

This means Android is missing entire languages, has severely outdated fonts in others, and - most importantly - doesn't include the Unicode Power Symbol.

Noto is a great effort - but Android is failing to keep up.

What now?

I've raised a bug on the AOSP bug tracker¹. And I've published this ranty blog post. If you work for Google, or an Android manufacturer, please give the Android team a nudge and get them to update.

Ideally, Project Treble would allow for these fonts to be updated, so even older versions of Android could benefit from them.

Full List of Fonts, Dates, and Versions

I've generated this based on the 2024-01-01 release of Noto and the AOSP source code from 2024-09-13. I've placed the dates next to each other for ease of comparrison. Empty cells means the font doesn't exist in that release.

I've tried to transcribe all the data accurately. Corrections very much welcome.

Code

This Python code will get all the TTF fonts in a directory, and its sub-directories, and then print a Markdown table of name, version, and copyright date.

import os
import glob

filelist = glob.glob('**/*.ttf', recursive=True)

for file in sorted(filelist):
        filename = os.fsdecode(file)
        if filename.endswith(".ttf"):
                font = ttLib.TTFont(filename)
                ttf_name      = font["name"].getDebugName(1)
                ttf_style     = font["name"].getDebugName(2)
                ttf_version   = font["name"].getDebugName(5).split()[1].split(";")[0]
                ttf_copyright = font["name"].getDebugName(0).split()[1].split("-")[-1]
                print ( f"| {ttf_name} {ttf_style} | {ttf_version} | {ttf_copyright} |")

On the desktop version, it's simple to block scripts. Click the plugin icon, then click the disable scripts button.

But on mobile it's a little more complicated. Here's how to do it on the Android version of Firefox.

Install Firefox. Then open it and install the uBlock Origin extension for Android.

In Firefox, press the ⋮ button and press "Settings":

Press "Extensions":

In the list of Extensions is uBlock. Guess what? Press it!

Press "Settings"

Finally! You come to a page with lots of complex options. I recommend putting your device in landscape mode. Along the top, scroll to "My Rules":

The "My Rules" allows you great power over your uBlock.

To block all JavaScript on example.com, type in this line:

no-scripting: example.com true

Then hit the save button.

You have now disabled JS from running on that specific site. Enjoy!

I started using the latest Google version of Android on their Pixel 8 Pro. I say "their" because it never really felt like the device was mine. Google kept popping up and asking me to do things which were clearly in their interest; not mine. There was very little way to remove Google's features. I was beholden to them. Forget that noise! I flashed GrapheneOS and regained some control.

But there are still some things missing from the modern Android experience. Things which I'm sure used to exist on earlier versions, but have since been scrapped or severely restricted.

Here's what they stole from us.

Customised Fonts

I can't remember which version of Android I first had which let me change the font to Comic Sans. But that ability doesn't exist any more - not without rooting your phone and severely monkeying with its internals.

Google's Noto font is, sadly, abandonware. Aside from new Emoji, Google show no interest in putting a modern font stack into Android. So we're left with a fairly dull and incomplete corporate font.

Button Swapping

Android originally had the back button on the right of the screen. Then, in Google's infinite wisdom, it was swapped to the left. Why? Fuck your muscle-memory, I guess?

Nevertheless, Android used to let you swap the order of the on-screen keys. This is not a particularly challenging software requirement - yet seems beyond modern Android.

Call Recording

Google is indecisive on whether call recording should be allowed. It is legal in most parts of the world, and used to be well supported by Android.

Nowadays you have to flash a ROM to get this basic functionality back.

SIP Built-in.

You used to be able to add VoIP / SIP calls to Android for free! But the latest version doesn't let you do that any more.

Custom Ringtones and Vibration Patterns

I'm sure that I used to be able to set a different vibration pattern for different sorts of alerts. But I can't find that functionality anywhere these days. Same for different alert tones for different people.

Task switcher clear-all button

If I want to close all my open apps, I have to go to task switcher then scroll all the way across. It was handy when there was a "close all" button at the bottom of the screen.

Data SIM switcher

I have multiple SIMs. They can both receive calls and texts, but only one can be used for data. There used to be a button I could press to flip between the two. Now I have to go into the settings, and fiddle with a bunch of options. Annoying!

And the rest

What software do you miss the most from old versions of Android?

Recently, I treated myself to an upgrade - a Pixel 8 Pro. The biggest, fastest, fattest, AI-stuffed Android phone yet. It's pretty good! The camera is excellent, the heat-sensor is crap⁰, the battery is gorgeous, the weight is annoying. Google's software was too needy, so I replaced it with GrapheneOS.

But, as much as I like the device, there are some hardware things which I think would improve it. No, I'm not talking about a headphone jack! I'm talking about useful things¹.

More precise input

The early Androids - and most BlackBerrys - had either a rollerball or touch pad just below the screen.

It made it so much easier to do precise selection. Yeah yeah, I know you can slide along the spacebar to move a cursor, but it just isn't the same.

I get that a rollerball gunks up pretty quickly - but a touchpad or optical joystick would be lovely. Perhaps it could go on the...

Rear finger-print sensor

The technology behind the in-screen fingerprint sensor is magical. It works brilliantly. But I rather liked my One Plus 5T's rear sensor. It didn't blast my face with light, and I found it more natural to use when picking up the phone.

But, even better, the rear sensor acted as an input! When I stroked down on it, the notification shade appeared. Stroking up dismissed it. I'd love to have a rear-input like that again. I'd like more inputs in general!

Physical Buttons

In the future, cars will be ditching touchscreens in favour of physical buttons. Perhaps Android will do the same?

This is the HTC Dream - the original Android. And it is perfection.

Wouldn't it be nice to have physical buttons for home and back, rather than trying to remember what swipe actions to take? OK, perhaps a modern phone doesn't need this many buttons - but there are still some things where switches are useful. For example...

Silence Slider

Both the iPhone and several Android devices have a dedicated "silence" switch.

It was so handy. There's a comfort about being able to reach into your pocket while sat and the theatre and know that your phone is on silent. No unlocking and fiddling with on-screen menus. One flick and you're good.

But, with most modern Android, you have to peer at the screen to know what's going on. I kinda miss...

Status LED for power and messages

Back in the day, every Android phone had a multi-colour LED. It would show red when your battery needed charging. It would pulse when being charged. It would flash green if you had an SMS. With a glance you knew what your phone was doing.

AMOLED hasn't really lived up to its promise. There's no single-pixel flashing away on screen to let me know if I have a message. Instead, I have to pick up my phone to get the entire screen to activate. What a waste of battery life!

NFC on the top.

My new phone has NFC right in the middle of the back of the phone. That's a bit awkward for placing on a tap-to-pay terminal on the bus. My previous phone had the NFC right at the top.

It is doubly annoying for me as I wear an NFC ring. And the damn thing keeps triggering my phone!

I realise this is an extremely niche problem!

Keyboard

The last Android phone I had with a keyboard was a complete disaster. Maybe I'm kidding myself that a full tactile QWERTY experience is necessary?

But look how pretty!

Infrared Camera

Remember how I said the thermal sensor was shite? I've reviewed a couple of Thermal cameras for Android.

They're expensive - but certainly useful. Both for finding hotspots in your home and for seeing who is sweaty. OK, it isn't the most compelling bit of hardware. But if you're going to put a sensor on a phone, at least make it useful!

3D Screens and Haptic Screens

Years ago, I tried an LG phone with a 3D screen. No glasses! It used the same sort of technology as the Nintendo 3DS.

OK, it wasn't the highest resolution and you had to sit at a precise angle. But it was interesting tech!

Similarly, I once played with the Senseg haptic screen. It used weird electrostatic tech to make the texture of the screen change. It is almost impossible to describe and, if I didn't have this video, I might believe I dreamed it.

There are phones with built in laser projectors which, while fun, aren't that compelling to me.

What else is missing?

What do you remember from the early Androids that you think is missing now? Which crazy innovations need to make a comeback? Which Shenzhen-special already has all these features?

Google used to have some beautiful logos for its apps. Each had a distinct shape, style, and colour. Then, someone decided that they all needed a consistent visual language. And this mess was born.

*sigh* I get it. I really do. Brand is a thing. Users often use visual heuristics to identify similar groups. Having each team go wild on an icon design doesn't always reflect the professionalism and consistency that you want to project. The logos aren't awful - but I find them a little boring. Not the worst sin in the world. Though that's only half the problem.

In Google's Android, they've decided that - for consistency - all icons must be firmly encased in a white circle. It makes everything look clean, consistent, friendly, and...

...oh.

I apologise for getting old. My visual acuity isn't what it once was. When I'm staring at my phone, with its screen caked in fingerprint grease, on a juddering bus, after a long day at work, all I want is a quick way to identify the app I want to use.

Like most people, my brain has evolved to take mental shortcuts. It looks for a distinct shape and colour to identify things. I simply can't do that with modern Android's adaptive icons. They all look like white circles with a splodge of colour in the middle.

A few years ago, I wrote about fixing Android's circular icons. Sadly, I don't have the skill to produce my own icon pack. But using the open source Iconeration I was able to manually set my icons to be beautifully inconsistent.

With a glance, I can immediately see which is which. Do I care that they're not all aligned perfectly? Nope!

I've got a high-resolution screen, I want high-resolution artwork. Look at that Firefox icon! It is gorgeous! It isn't a pale, flat, blob - it has texture and uniqueness.

Phones used to be wild and unique - now they're all boring black rectangles. User Interfaces used to reflect the aspirations of their designers - now they're just a bland corporate mediocrity.

I hope, one day soon, the fashion pendulum will swing back and interfaces can become interesting again. Until that day, I'll use Iconeration to make my phone easier and more delightful for me.

Then, I remembered my ancient GSM knowledge. All mobile networks need an APN - Access Point Name - in order to connect to data services. Tucked at the bottom of the SIM settings screen is the "Access point names" option. I tapped on it, and got this unfriendly error message:

THIS IS A LIE! What it really means is that the phone doesn't have an APN listed for this specific SIM.

If you click on the + button in the top corner, you'll get to a screen where you can add your APN details manually. You'll need to get these from your mobile operator. But that's not quite all! In order to save the APN, you need to tap the ⋮ button and select "Save":

But that's not all! Once you return to the APN settings page, you will need to tap the APN to activate it.

Once I did that, my eSIM happily connected to data services.

Before starting, I booted the Google OS to install the latest firmware and an eSIM. After a few days of enduring Google's naggy software, I was ready to commit to installing something better.

I tried using the Web Installer. It managed to flash some of the partitions and then failed with:

Failed to execute 'claimInterface' on 'USBDevice'

So I used the CLI instructions which were comprehensive. Worth re-reading them a few times to make sure you understand what needs doing. I (foolishly) assumed my fastboot didn't need updating. Tsk!

And then... it just worked!

Well, almost. The device saw the previously installed eSIM, but wouldn't connect to its network. I manually removed it, reloaded it. Still nothing. So I manually chose the network and that seemed to fix it. No idea if that's a problem with the network, the eSIM, or something else.

Bugs

As soon as I booted, my network provider sent me a text. I opened up the default messaging app and saw this error:

This is a known problem but it makes for a crappy user-experience. There's no way to update the app in Graphene - you need to manually install your preferred SMS app.

In similar UX fails, I tried to add the clock widget to my home screen. This is what I saw.

If you peer carefully, you'll see an analogue and digital clock. I hadn't switched to dark mode or anything like that - this is the default experience.

I wanted to see how long I could go before installing Google Play Services. The answer was... five minutes. I tried to log in to my password manager using a WebAuthN token and it wouldn't work. The default Vanadium browser can't handle them. Again, this is a known problem - but it does slightly undermine the attraction of Graphene. I'm privacy conscious and want as little Google in my life as possible. I'm security conscious and want to use MFA everywhere. Pick one.

Partway through the day, I got this internal error:

I was happily browsing the web with no connectivity issues. So I'm not sure what caused that.

It's annoying that Graphene doesn't support LineageOS's bottom-button changes. I have a decade of muscle-memory saying back is on the right. There's no way to change it, so I've swapped to gesture navigation.

The icon size on the stock launcher are far too small. On a massive screen like the 8 Pro they are tiny. So I've installed NeoLauncher which is a lot more customisable.

The only other (non-essential) thing missing is the ability to use Cast to screen share a device. There's a button in the UI, but it does nothing.

Setting up a work-profile required a little bit of a work-around, but seems to have worked. Hurrah for forum threads detailing the various tricks you need.

A software update allowed DisplayPort via USB-C. I plugged the 8 Pro into my USB-C hub, it detected the ethernet, keyboard, mouse, and display - graphics came through fine. Although there's no way to rotate an external screen - so you're stuck with landscape orientation. My HDMI adapters showed as detected via a little icon - but no video came out.

The Graphene camera's interface isn't as good as GCam and it is missing a bunch of options. Installing the stock Pixel camera worked - and there are lots of hacky derivatives.

Other than that, it has been pretty good so far. My banking apps work, call recording works, 5G and Bluetooth works, eSIM and regular SIM works. There have been a few odd things where apps have complained that they can't work and then suddenly sprang to life - but that might just be Android.

The only big thing Graphene is missing is Google Pay / Wallet. It is so convenient using tap to pay - but getting rid of the rest of the incessant Google bloat is worth the sacrifice.

Overall, I'm happy with the decision to nuke the original Google software. I know they say they'll support the device for 7 years - but I literally have no reason to trust them. Maybe I'm being naïve trusting a group of random hackers to produce a more secure OS - but I'd rather that than further entanglement with an organisation which has repeatedly shown contempt for its customers and users.

Which was why I was annoyed when this popped up in-app one day:

I emailed them asking why they were doing this. The reply I got back was underwhelming:

Thank you for contacting us about your access to the TfL Go App. The app is only compatible with normal iOS and Android software. Any jailbreaks or modifications to software will prevent you from using the app.

If this was a hyper-secure banking app then I would accept that limitation of General Purpose Computation. But it's literally just a mapping app.

How To Fix

Version 1.43 seems to be the latest version which works without ROM detection.

Warning! Installing apps from 3rd party app stores can expose you to malware. Think carefully before you do this. If you want to make sure the APK you've downloaded in genuine, do the following:

• Download version 1.43 of APK and save it somewhere.
• Install the APK on your device.
• Immediately go to the Play store and update it to the latest version.
• If it can't be updated:
  • The cryptographic signatures won't match. This usually means the APK has been compromised.
  • You should uninstall the untrustworthy app and, if paranoid, factory reset your phone.
• If it can be updated:
  • the APK is genuine. Uninstall the update and reinstall the APK.
• In the Play Store, untick "Enable auto-update". You won't get an incompatible version installed.
  

Several of the people who live in my phone use artistic black and white headshots. They look very cool. But my Android phone shows their image with inverted colours - so they look like pure shite.

Here's what my very real human girlfriend looks like when I ring her to go for brunch:

Come the evening, my phone switches to Dark Mode™ - so this is what she looks like when I ring her for a late-night booty call:

What's causing this? And is it expected behaviour?

I'm running com.android.contacts version 1.7.34 which appears to be the latest version of the AOSP contacts app. It's bundled with LineageOS.

Demo

If you're not lucky enough to be dating Marylin Monroe, here's a demo image for you to try:

Is this expected behaviour?

Based on some quick tests, it appears that the contacts app will invert some monochrome images when it thinks there's "too much" bright white in the image.

Interestingly, the contacts list doesn't invert avatars when in Dark Mode.

And... I don't know if I want this to happen. I guess that most people who use Dark Mode want to avoid blinding bright white light searing into their precious eyeballs. But, presumably, they don't want the photos of their friends inverted into a weird artefact-ridden mess?

So, before I get lost in Google's Kafka-esque bug reporting process - do you think this is expected or desirable behaviour?

I know that, from right to left, it is showing me my battery percentage, WiFi strength, and that I'm using work mode. But what's the weird circle?

ZOOM! ENHANCE!

Well, that's not much help, is it!

Buried in the Android Automotive documentation is some information on how to "Customize Status Bar System Icons". It helpfully says:

Most resources for items displayed in the Status bar are provided in the following directory: /platform/frameworks/base/packages/SystemUI/res/drawable

OK! That gives us something to work on.

Let's pop along to Lineage's GitHub repo to look in that directory. There are 650 icons in there (!) so I downloaded them all (!!).

Of course, Google can't do anything standardised like use SVG. It uses its own magical Android Vector Drawable format. You can individually convert the files to SVG online or in bulk on the command line.

After a bit of flicking through, I found this:

Which is from ic_statusbar_firewall.xml

This is a fairly new icon, introduced in March 2023. It appears in the status bar when an app tries to access the network but "allow network access" is turned off.

Many years ago, I got a "Pressy". It was a little dongle which fitted into your phone's headphone jack. It had a single button on the top. It came with an app so when you tapped the button the app would do something. For example, tap once to open email, double-tap to switch to flight mode, etc.

Most modern phones eschew headphone ports. They let water in, are fragile, and a cheap DAC produces worse sound quality than Bluetooth⁰.

So would it be possible to have a USB-C component which does something similar?

Technically, yes!

• There are USB-C keyboard which plug directly into phones.
• For a couple of quid, you can get mini keyboards with a custom amount of keys
• I can find a single button PTT USB-C device albeit with a ridiculously long cable.
• The Yubikey 5C nano has the right form factor and comes with a (pre-programmed) single button.

I don't have the skills to solder one of these devices myself. So, who makes one?