Google's human-sounding AI software that makes calls for you is coming to Pixel smartphones next month in select markets, like New York, Atlanta, Phoenix, and the San Francisco Bay Area. Google Duplex, as it is called, will be a feature of Google Assistant and, for now, will only be able to call restaurants without online booking systems, which are already supported by the assistant. Wired reports: A Google spokesperson told WIRED that the company now has a policy to always have the bot disclose its true nature when making calls. Duplex still retains the human-like voice and "ums," "ahs," and "umm-hmms" that struck some as spooky, though. Nick Fox, the executive who leads product and design for Google search and the company's assistant, says those interjections are necessary to make Duplex calls shorter and smoother. "The person on the other end shouldn't be thinking about how do I adjust my behavior, I should be able to do what I normally do and the system adapts to that," he says.

Fox, the Google exec leading the project, pitches Duplex as a win-win. Google users will be freed from having to make phone calls to plan their outings; restaurants without online booking systems will gain new customers. "Those businesses lose out because people say 'Unless I can book this online I'm not going to book,'" he says. Some people closer to the restaurant business worry that Duplex might make calling restaurants too easy for Google users. Gwyneth Borden, executive director of the Golden Gate Restaurant Association, a trade group for Bay Area restaurants, says people may use the technology to book multiple reservations and then flake out, or call restaurants over and over. Restaurants can opt out of receiving Duplex calls by speaking up during a call from Duplex, or through the website where businesses can manage listing information shown in Google's search and maps services. When calls go awry -- Fox says the "overwhelming majority" work out fine -- the software will alert an operator in a Google call center who takes over.

"Linux runs the world, right? So we want to make sure that things are secure," says Linux kernel maintainer Greg Kroah-Hartman. When asked in a new video interview which bug makes them most angry, he first replies "the whole Spectre/Meltdown problem. What made us so mad, in a way, is we were fixing a bug in somebody else's layer!" One also interesting thing about the whole Spectre/Meltdown is the complexity of that black box of a CPU is much much larger than it used to be. Right? Because they're doing -- in order to eke out all the performance and all the new things like that, you have to do extra-special tricks and things like that. And they have been, and sometimes those tricks come back to bite you in the butt. And they have, in this case. So we have to work around that.
But a companion article on Linux.com notes that "Intel has changed its approach in light of these events. 'They are reworking on how they approach security bugs and how they work with the community because they know they did it wrong,' Kroah-Hartman said." (And the article adds that "for those who want to build a career in kernel space, security is a good place to get started...")

Kroah-Hartman points out in the video interview that "we're doing more and more testing, more and more builds," noting "This infrastructure we have is catching things at an earlier stage -- because it's there -- which is awesome to see." But security issues can persist thanks to outside vendors beyond their control. Linux.com reports: Hardening the kernel is not enough, vendors have to enable the new features and take advantage of them. That's not happening. Kroah-Hartman releases a stable kernel every week, and companies pick one to support for a longer period so that device manufacturers can take advantage of it. However, Kroah-Hartman has observed that, aside from the Google Pixel, most Android phones don't include the additional hardening features, meaning all those phones are vulnerable. "People need to enable this stuff," he said.

"I went out and bought all the top of the line phones based on kernel 4.4 to see which one actually updated. I found only one company that updated their kernel," he said. "I'm working through the whole supply chain trying to solve that problem because it's a tough problem. There are many different groups involved -- the SoC manufacturers, the carriers, and so on. The point is that they have to push the kernel that we create out to people."
"The good news," according to Linux.com, "is that unlike with consumer electronics, the big vendors like Red Hat and SUSE keep the kernel updated even in the enterprise environment. Modern systems with containers, pods, and virtualization make this even easier. It's effortless to update and reboot with no downtime."

Not everyone is pleased to hear that President Trump has the power to use communications systems in case of an emergency. According to CNET, three New York residents recently filed a lawsuit against President Trump and William Long, administrator of the Federal Emergency Management Agency, to halt FEMA's new Presidential Alert messaging system.

The lawsuit reads in part: "Plaintiffs are American citizens who do not wish to receive text messages, or messages of any kind, on any topic or subject, from defendant Trump. [Trump's] rise to power was facilitated by weaponized disinformation that he broadcast into the public information sphere via Twitter in addition to traditional mass media." From the report: Presidential Alerts are similar to Amber or other emergency alerts on your phone -- you hear a loud noise comes along with vibration. The messages come from the Integrated Public Alert and Warning System (IPAWS), which attempts to send the alert to every cell phone within the U.S. operating on a network run by a carrier opting into the Wireless Emergency Alert system. IPAWS is used in the event of natural disasters, acts of terrorism or other disasters or threats to public safety. The plaintiffs' main complaint is that Presidential Alerts are compulsory -- there's no way to opt-out of receiving them. They argue that under civil rights law, government cannot use cellular devices to compel listening, "trespass into and hijack" devices without a warrant or individual consent.

The plaintiffs are also concerned Trump might use the alerts to spread disinformation because IPAWS doesn't regulate the content of the messages. That means Trump may be free to define "act of terrorism" and "threat to public safety," and may broadcast "arbitrary, biased, irrational" messages to "hundreds of millions of people," the plaintiffs say in the lawsuit.

While LG technically announced the LG V40 ThinQ last week in Korea, it left many surprises for its October 3rd event in the U.S. We have now learned that the company's new flagship sports a total of five cameras, a 6.4-inch display, headphone jack with hi-fi Quad DAC, and Snapdragon 845 processor with 6GB of RAM. The Verge reports: [T]he V40 has a very premium price and will range between $900 and $980 from US carriers when it's released on October 18th in black or blue color options. The 6.4-inch, notched OLED panel doesn't have the same "super bright" mode you can find on the G7, with brightness topping out between 500 and 600 nits. But LG says the phone is noticeably lighter -- more than an ounce -- than both the Note and XS Max. The new three-camera setup on the back of the V40 offers a lot of versatility. It includes:

- Standard f/1.5 12-megapixel camera with 1.4um pixels that are 40 percent larger than the G7. Remember that bigger pixels are a key reason for the improved camera performance in the iPhone XS, so hopefully LG fans will see a similar uptick in quality over the G7.
- Super-wide-angle f/1.9 16MP camera with 107-degree field of view. Identical to G7.
- 12MP f/2.4 telephoto/portrait camera, which basically amounts to a 2x optical zoom compared to the regular lens. LG has added new lighting effects such as "natural, studio, contour, stage, stage mono."

With the move to three sensors, LG is also introducing two additional software features that take advantage of this system. A new "triple preview" feature will show you a live preview from all three cameras simultaneously, letting you quickly pick the right one for the shot you're trying to get without having to switch between them. And "triple shot" captures all three angles with a single press of the shutter button; it saves a GIF of the transition between them and also saves each individual shot. [...] If you're curious about battery life, the V40 has a 3,300mAh battery that LG says delivers longevity that's only around 10 percent less than the Note 9. Other specifications include an IP68 water and dust resistance, Qi wireless charging, and Android Oreo that's upgradeable to Android Pie, although there's no official timeline available yet.

At 2:18 p.m. Eastern on Wednesday, cellphones across the United States will emit the ominous ring of an emergency presidential alert. From a report: It will be the first nationwide test of a wireless emergency alert system, designed to warn people of a dire threat, like a terror attack, pandemic or natural disaster. There is no opting out, which has already prompted a lawsuit. "THIS IS A TEST of the National Wireless Emergency Alert System," it will read. "No action is needed." Two minutes later, televisions and radios will show test alerts. There is no notification plan for landlines. Officials say they believe that the wireless test will reach about 75 percent of the cellphones in the country, though they hope the number is higher. It could take up to 30 minutes for the alerts to be transmitted to all devices.

Some things that could interfere: ongoing phone calls or data transmission, a device that is turned off or out of range, and smaller cellphone providers that are not participating in the program. The test, originally planned for last month but delayed by Hurricane Florence, is the culmination of many years of work. The federal government developed a system to issue the alerts, which are scripted in coordination with numerous government agencies. They are limited to 90 characters, but will be expanded to 360 in the future. The Communications Act of 1934 gives the president the power to use communications systems in case of an emergency, and a 2006 law called for the Federal Communications Commission to work with the wireless industry to transmit such messages.

A new analysis from the Pew Research Center finds that "the share of Americans who go online, use social media or own key devices has remained stable the past two years." From the report: The share who say they have broadband internet service at home currently stands at 65% -- nearly identical to the 67% who said this in a survey conducted in summer 2015. And when it comes to desktop or laptop ownership, there has actually been a small dip in the overall numbers over the last two years -- from 78% in 2016 to 73% today. A contributing factor behind this slowing growth is that parts of the population have reached near-saturation levels of adoption of some technologies. Put simply, in some instances there just aren't many non-users left. For example, nine-in-ten or more adults younger than 50 say they go online or own a smartphone. And a similar share of those in higher-income households have laptops or desktops.

In a study published in Science Advances, researchers in Drexel's College of Engineering describe a method for spraying invisibly thin antennas, made from a type of two-dimensional, metallic material called MXene, that perform as well as those being used in mobile devices, wireless routers and portable transducers. Phys.Org reports: The researchers, from the College's Department of Materials Science and Engineering, report that the MXene titanium carbide can be dissolved in water to create an ink or paint. The exceptional conductivity of the material enables it to transmit and direct radio waves, even when it's applied in a very thin coating. Preserving transmission quality in a form this thin is significant because it would allow antennas to easily be embedded -- literally, sprayed on -- in a wide variety of objects and surfaces without adding additional weight or circuitry or requiring a certain level of rigidity.

Initial testing of the sprayed antennas suggest that they can perform with the same range of quality as current antennas, which are made from familiar metals, like gold, silver, copper and aluminum, but are much thicker than MXene antennas. Making antennas smaller and lighter has long been a goal of materials scientists and electrical engineers, so this discovery is a sizable step forward both in terms of reducing their footprint as well as broadening their application.

Xiaomi, the world's fourth largest smartphone maker, was caught by a Reddit user for placing ads in the settings menu of its smartphones. The ads reportedly show up in Xiaomi's MIUI apps, including the music app and settings menu (MIUI is the name of Xiaomi's skinned version of Android). The Verge reports: When The Verge reached out to Xiaomi for confirmation on this matter, the company responded with the following statement, while also clarifying that it only applies to its devices running MIUI and not its Android One phones: "Advertising has been and will continue to be an integral part of Xiaomi's Internet services, a key component of the company's business model. At the same time, we will uphold user experience by offering options to turn off the ads and by constantly improving our approach towards advertising, including adjusting where and when ads appear. Our philosophy is that ads should be unobtrusive, and users always have the option of receiving fewer recommendations."

Hkibtimes tipped us off to some interesting news from TechCrunch: The Bay Area may be the center of the global technology industry, but that hasn't stopped one wealthy enclave from protecting itself from the future. The city council of Mill Valley, a small town located just a few miles north of San Francisco, voted unanimously late last week to effectively block deployments of small-cell 5G wireless towers in the city's residential areas. Through an urgency ordinance, which allows the city council to immediately enact regulations that affect the health and safety of the community, the restrictions and prohibitions will be put into force immediately for all future applications to site 5G telecommunications equipment in the city. Applications for commercial districts are permitted under the passed ordinance....

According to the city, it received 145 pieces of correspondence from citizens voicing opposition to the technology, compared to just five letters in support of it -- a ratio of 29 to 1. While that may not sound like much, the city's population is roughly 14,000, indicating that about 1% of the population had voiced an opinion on the matter. Blocks on 5G deployments are nothing new for Marin County, where other cities including San Anselmo and Ross have passed similar ordinances designed to thwart 5G expansion efforts over health concerns... The telecom industry has long vociferously denied a link between antennas and health outcomes, although California's Department of Public Health has issued warnings about potential health effects of personal cell phone antennas. Reduced radiation emissions from 5G antennas compared to 4G antennas would presumably further reduce any health effects of this technology.
The article concludes that restrictions like Mill Valley's "will make it nearly impossible to deploy 5G in a timely manner."

According to a new report from First Orion, nearly half of the mobile phone calls received in the U.S. next year will be scams. "The percentage of scam calls in U.S. mobile traffic increased from 3.7 percent last year to 29.2 percent this year, and it's predicted to rise to 44.6 percent in 2019, First Orion said in a press release Wednesday," reports CNET. From the report: The most popular method scammers use to try to get people to pick up the phone is called "neighborhood spoofing," where they disguise their numbers with a local prefix so people presume the calls are safe to pick up, First Onion said. Third-party call blocking apps may help protect consumers from known scam numbers, but they can't tell if a scammer hijacks someone's number and uses it for scam calls. "Scammers relentlessly inundate mobile phones with increasingly convincing and scary calls," said Gavin Macomber, senior vice president of marketing at First Orion, in an email statement. "Solving a problem of this magnitude requires a comprehensive, in-network carrier solution that dives deeper than third-party applications ever could by detecting and eliminating unwanted and malicious calls before they reach your phone."

OnePlus CEO Carl Pei confirmed to TechRadar that the OnePlus 6T won't have a headphone jack. Instead, it will feature a larger battery that will be "substantial enough for users to realize." From the report: Our first line of questioning was obvious. Why? Why ditch the jack? Why ditch it now? For Pei, it's about timing, and creating the best smartphone experience. "When we started OnePlus, we set out to make the best possible smartphone, but making a great phone doesn't mean putting every component available into the device," he said. "You've got to make decisions that optimize the user experience, and understand that at times things that provide user value can also add friction. "We also had to think about the negative side [of removing the headphone jack] for our users. We found 59% of our community already owned wireless headphones earlier this year - and that was before we launched our Bullets Wireless headphones. "If we were to do that [remove the jack] two years ago, the percentage [of wireless headphones owners] would have been much lower and it would have caused a lot of friction for our users."

Pei went on to explain that there are user benefits to the removal of the port, which should bring some comfort to OnePlus fans already pouring one out for the headphone jack. "By removing the jack we've freed up more space, allowing us to put more new technology into the product," he said. "One of the big things is something our users have asked us for, improved battery life." Pei wouldn't be drawn on what the "new technology" will be, but we already know the OnePlus 6T will feature an in-display fingerprint scanner, which will eat up some of the space left by the exiting jack. Pei did mention they will include an adapter in the box to allow users to use wired headphone.

Three years ago, Apple introduced 3D Touch for the iPhone 6s and 6s Plus, a pressure-sensitive feature that uses capacitive sensors integrated into the smartphone's display to sense three degrees of pressure in a user's touch and respond differently based on the amount of pressure exerted. It's a neat idea as it has allowed users to interact with the user interface in a completely new way. Now, with the release of the new iPhone XR, Apple seems to be on the way to phasing it out. The Verge reports: While both the new iPhone XS and XS Max include 3D Touch, Apple has chosen not to include the feature on the iPhone XR. Yes, that phone is cheaper, and Apple had to strip out some features, but 3D Touch has been included on iPhones in that price range since it was introduced not too long ago, so this feels less like necessary cost savings and more like planned omission. There have always been a few core problems with 3D Touch. For one, its use often amounted to the right click of a mouse, which is funny coming from the company that famously refused to put a dedicated right button on its mice or trackpads. And selecting from those right click options was rarely faster or a substantially more useful way of getting something done than just tapping the button and manually navigating to where you needed to go. People also didn't know the feature was there. The iPhone did little to train users on 3D Touch. And even the people who knew it was there had no way to tell which icons supported it without just 3D pressing everything to see what happened.

Apple isn't entirely removing the concept of 3D Touch from the iPhone XR. Instead, the phone will include something Apple is calling Haptic Touch, which will make a click when you activate a button's secondary feature by pressing and holding it. But that replacement underscores just how useless 3D Touch has really become: it's not more than a very, very fancy long press. That's something phones have always been capable of. And despite the name, I've found long press features to be faster and easier to use than their 3D Touch equivalent. Instagram, for instance, lets you preview photos with a 3D Touch on the iPhone or a long press on Android. I find the Android version to be simpler and quicker. Here's what Apple's marketing leader, Phil Schiller, had to say about the feature back in 2015 when it was first introduced: "'Engineering-wise, the hardware to build a display that does what [3D Touch] does is unbelievably hard,' says Schiller. 'And we're going to waste a whole year of engineering -- really, two -- at a tremendous amount of cost and investment in manufacturing if it doesn't do something that [people] are going to use. If it's just a demo feature and a month later nobody is really using it, this is a huge waste of engineering talent.'"

The new iPhone XS and iPhone XS Max will use eSIM technology to allow users to use two phone lines on a single device. You could have a work or personal number, or an American and Canadian number if you travel across the border frequently. The reprogrammable SIM card is "soldered onto the iPhone's motherboard directly," and measures just 6 millimeters by 5 millimeters," reports Ars Technica, citing GSMArena.com. From the report: These handsets will have a new "dual SIM dual standby" option, one of which will be a nano SIM. In other words, they will have two distinct phone numbers. (Chinese models will have two SIM slots instead of the eSIM option.) Since their debut in 1991, traditional, physical SIM cards have decreased dramatically in size. eSIMs have already been around for nearly a year, since they were introduced into the Apple Watch and Google Pixel 2, among other devices.

When Apple unveiled the iPhone Xs and Xs Max earlier today, it said they will contain the A12 Bionic chip -- the first smartphone processor to be made using 7nm manufacturing technology. But, as IEEE Spectrum points out, Huawei made the same claim late last month when it unveiled the Kirin 980 system on a chip. From the report: Apple's new A12 Bionic is made up of four CPU cores, six GPU cores, and an 8-core "neural engine" to handle machine learning tasks. According to Apple, the neural engine can perform 5 trillion operations per second -- an eight-fold boost -- and consumes one-tenth the energy of its previous incarnation. Of the GPU cores, two are designed for performance and are 15 percent faster than their predecessors. The other four are built for efficiency, with a 50 percent improvement on that metric. The system can decide which combination of the three types of cores will run a task most efficiently.

Huawei's chip, the Kirin 980, was unveiled at the IFA 2018 in Berlin on 31 August. It packs 6.9 billion transistors onto a one-square-centimeter chip. The company says it's the first chip to use processors based on Arm's Cortex-A76, which is 75 percent more powerful and 58 percent more efficient compared to its predecessors the A73 and A75. It has 8 cores, two big, high-performance ones based on the A76, two middle-performance ones that are also A76s, and four smaller, high-efficiency cores based on a Cortex-A55 design. The system runs on a variation of Arm's big.LITTLE architecture, in which immediate, intensive workloads are handled by the big processors while sustained background tasks are the job of the little ones. Kirin 980's GPU component is called the Mali-G76, and it offers a 46 percent performance boost and a 178 percent efficiency improvement from the previous generation. The chip also has a dual-core neural processing unit that more than doubles the number of images it can recognize to 4,500 images per minute. Apple will be the first to bring the 7nm chip in volume to market, as Huawei is expected to to start shipping its Mate 20 series phone (with the 7nm chip) a month or two later. Qualcomm also announced late last month that it's begun sampling its 7nm next-gen Snapdragon SoC. As IEEE Spectrum notes, the real winner is TSMC, which is making all three processors.

A new poll of 1,141 teenagers shows that teenagers prefer to text their friends than talk in person. The findings come from Common Sense Media's 2018 Social Media, Social Life survey. Fortune reports: Only 15% of teens said Facebook was their main social media site, down from 68% in 2012. Snapchat is now the main site for 41% of teenagers, followed by Instagram at 22%. In addition, this year's survey saw texting (35%) surpass in-person (32%) as teens' favorite way to communicate with friends. In 2012, 49% preferred to communicate in person, versus 33% who preferred texting.

[M]ore teens said that social media had a positive effect on their levels of loneliness, depression, and anxiety than those who said it had a negative one, but it seems to have the opposite effect on teens who score low on the authors' social-emotional well-being scale. Of those, 70% said they sometimes feel left out when using social media, 43% feel bad if no one likes or comments on their posts, and 35% said they had been cyberbullied. They were also more likely to say that social media was "extremely" or "every" important, compared to their peers who score high on the scale.

Microsoft and Google are holding hardware events next month for the Surface computers and Pixel smartphones, respectively. According to TechCrunch, Microsoft is expected to refresh some of its existing products, like the Surface Pro and Studio, on October 2 at 4:00 PM EST in New York City. It's possible we'll see some new additions to the Surface family, but Microsoft did recently announced the Surface Go a couple weeks ago, so it will be off the list. The event tagline is "a moment of your time," which may mean a Surface Watch could be unveiled at the event.

As for Google, they're expected to announce the Pixel 3 and Pixel 3 XL, and possibly a new Pixelbook, which runs ChromeOS. The tagline for this event is "I [heart] NY," hinting at the Pixel 3 with the numeral in the heart emojicon. The event will be held at 8:00 AM PST on October 9 at Spring Studios. The Verge reports: The Pixel 3 and Pixel 3 XL are the third generation of the Google-branded Pixel line that was first introduced in 2016. In the past few weeks, hardware units of both devices have made their way into the world, giving us a very good idea of what to expect from the announcement. Both devices are expected to get some design tweaks, including a somewhat controversial large notch on the Pixel 3 XL and a glass back for wireless charging on both devices. Each of the Pixel devices will also have dual front-facing cameras and a single rear camera.

An anonymous reader quotes a report from TechCrunch: UL, the company behind the tablet and phone performance benchmark app 3DMark, has delisted new Huawei phones from its "Best Smartphone" leaderboard after AnandTech discovered the phone maker was boosting its performance to ace the app's test. The phones delisted were the P20, P20 Pro, Nova 3 and the Honor Play. "After testing the devices in our own lab and confirming that they breach our rules, we have decided to delist the affected models and remove them from our performance rankings," the company said in a statement.

For the Huawei case, the rules are actually a little fuzzy. Phones are permitted to adjust performance based on workload, which results in peaks or dips in performance for different apps, but they are not permitted to hard-code peaks in performance specifically for the benchmark app. Huawei reportedly claimed that the peak in performance seen during the run of the benchmark app was an intuitive jump determined by AI; however, when an unlabeled version of the benchmark test was run, the phones were unable to recognize it and, as a result, displayed lower performances. In other words, the phones aren't so smart after all.

Hikers, park rangers, and summer residents of Iceland's northernmost peninsula are seeking to keep the area free from internet service, worrying that all that comes with it "will destroy a way of life that depends on the absence of [email, news, and social media]," reports the Associated Press. "The area has long resisted cell towers, but commercial initiatives could take the decision out of Icelanders' hands and push Hornstrandir across the digital divide." From the report: Despite or because of its remoteness, Iceland ranks first on a U.N. index comparing nations by information technology use, with roughly 98 percent of the population using the internet. Among adults, 93 percent report having Facebook accounts and two-thirds are Snapchat users, according to pollster MMR. Many people who live in northwestern Iceland or visit as outdoor enthusiasts want Hornstrandir's 570 square kilometers (220 square miles), which accounts for 0.6 percent of Iceland's land mass, to be declared a "digital-free zone." The idea hasn't coalesced into a petition or formal campaign, so what it would require or prohibit hasn't been fleshed out. The last full-time resident of the rugged area moved away in 1952 -- it never was an easy place to farm -- but many descendants have turned family farmsteads into summer getaways. Northwest Iceland's representative, Halla Signy Kristjansdottir, is in favor of adding cell towers for the safety of sailors and travelers in the area. "I don't see anything romantic about lying on the ground with a broken thigh bone and no cellphone signal," Kristjansdottir said in an interview.

Uber is introducing a new safety feature called "Ride Check" that will use GPS, accelerometer, gyroscope, and other sensors inside a smartphone to detect whether there has been a vehicle crash. The Verge reports: In the event of a crash, the Uber app will automatically send a notification to a rider's phone to answer a series of questions. If they verify that there has been an accident, the rider will be prompted to call 911. Uber's team of safety operators may also reach out to ensure the rider is safe when the feature is triggered. The feature doesn't require any new permissions because it is linked to the driver's smartphone, rather than the riders. Drivers have the Uber app on more frequently than riders, who typically keep the app on in the background during trips.

Ride Check isn't just for crashes, though. The feature is also triggered if the vehicle stops for a prolonged or unusual period of time. Riders will receive a notification asking them if everything is alright, and based on their response, the app will present a series of options, including a call to 911. The ride-hail company also released a number of other features, including voice commands and an insurance hub for Uber drivers, new ways to mask addresses and phone numbers between riders and drivers, and two-factor authentication to protect a rider's account from malicious hacking.

An anonymous reader quotes a report from Motherboard: On Thursday, a group of researchers from Lancaster University posted a paper to arXiv that demonstrates how they used a smartphone's microphone and speaker system to steal the device's unlock pattern. Although the average person doesn't have to worry about getting hacked this way any time soon, the researchers are the first to demonstrate that this kind of attack is even possible. According to the researchers, their "SonarSnoop" attack decreases the number of unlock patterns an attacker must try by 70 percent and can be performed without the victim ever knowing they're being hacked. The attack begins when a user unwittingly installs a malicious application on their phone. When a user downloads the infected app, their phone begins broadcasting a sound signal that is just above the human range of hearing. This sound signal is reflected by every object around the phone, creating an echo. This echo is then recorded by the phone's microphone. By calculating the time between the emission of the sound and the return of its echo to the source, it is possible to determine the location of an object in a given space and whether that object is moving -- this is known as sonar.

The researchers were able to leverage this phenomenon to track the movement of someone's finger across a smartphone screen by analyzing the echoes recorded through the device's microphone. There are nearly 400,000 possible unlock patterns on the 3x3 swipe grid on Android phones, but prior research has demonstrated that 20 percent of people use one of 12 common patterns. While testing SonarSnoop, the researchers only focused on these dozen unlock combinations. Ten volunteers were recruited for the study and were asked to draw each of the 12 patterns five different times on a custom app. The researchers then tried a variety of sonar analysis techniques to reconstruct the password based on the acoustic signatures emitted by the phone. The best analysis technique resulted in the algorithm only having to try 3.6 out of the 12 possible patterns on average before it correctly determined the pattern.