The Android Runtime (ART) is responsible for literally running applications on the OS and has been updated via Google Play system updates since Android 12. Google today shared the latest on ART and upcoming enhancements. 

ART is the engine behind the Android operating system (OS). It provides the runtime and core APIs that all apps and most OS services rely on. Both Java and Kotlin are compiled down to bytecode executed by ART.

ART updates result in faster app startup times, execution speed, improved memory usage, and more efficient bytecode compilation, as well as security fixes. With the latest ART 13 update, runtime and compiler optimizations resulted in app startup time “improvements of up to 30% on some devices.”

Behind the scenes, “ART is the same for all devices” and:

The ART APEX module is a complex piece of software with an order of magnitude more APIs than any other APEX module. It also backs a quarter of the developer APIs available in the Android SDK. In addition, ART has a compiler that aims to make the most of the underlying hardware by generating chipset-specific instructions, such as Arm SVE.

The testing process for Android Runtime updates involves “compiling over 18 million APKs and running app compatibility tests, and startup, performance, and memory benchmarks on a variety of Android devices that replicate the diversity of our ecosystem as closely as possible.” There’s then a very gradual rollout process.

Google also notes developer improvements with every update “like OpenJDK improvements and compiler optimisations that benefit both Java and Kotlin,” with ART 13 resulting in the “fastest-ever adoption of a new OpenJDK [11] release on Android devices.”

ART 14 is rolling out “in the coming months” with “new compiler and runtime optimizations that Strengthen performance while reducing code size,” as well as OpenJDK 17. Additionally:

Recently, for Android 14, we refactored the interface between the Package Manager, the service that determines how to install and update apps, and ART. This moves the OS boundary from the ART dex2oat command line to a well-defined interface that enables future optimizations, such as finer-grained control over the compilation mode.

ART updates via Google Play system updates are available on Android 12 and newer. Google today mentioned that these updates will “soon” be available for Android Go.

FTC: We use income earning auto affiliate links. More.

OpenAI, the company behind the ChatGPT generative AI chatbot, has launched the ChatGPT Android app in the United States (US), India, Bangladesh, and Brazil. It said that it plans to roll it out to additional countries over the next week but didn’t say which ones.

The announcement by the company seems accurate as Neowin has tried to download the app in the United Kingdom (UK) and it is still only letting us register an interest, but no genuine download is available yet.

It’s not clear why the company is rolling out ChatGPT for Android in a staggered approach like this. It could be to prevent a flood of traffic from people coming to check out the new app or it could just be going for a cautious rollout so that it can fix any bugs discovered in the real world.

ChatGPT is already available as an app on iOS and OpenAI did a staggered rollout with that launch too, starting in the US and expanding over the next several weeks. We could see a similar timeframe for the launch on Android.

The main benefit of using the ChatGPT app over the web interface is that it will be a native experience. This could make it a bit faster and fit in with Android’s design language.

Other than that, users will still be stuck using GPT-3.5 or GPT-4 depending on whether they’re a subscriber or not, and all the other limitations, such as the 2021 cut-off, will still be present.

Interestingly, this is not the first native Android app that gives you access to GPT-3.5. The question-and-answer company, Quora, also has a service called Poe which allows you to interact with a bunch of different chatbots, including GPT-3.5 Turbo.

If you’re desperate to use ChatGPT on your phone outside of the four launch countries, then downloading Poe may be a good stopgap while you wait.

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research.

At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric, a security firm based in Amsterdam. Aleksandr Eremin, a senior malware analyst at the company, told KrebsOnSecurity they recently encountered a number of mobile banking trojans abusing a bug present in all Android OS versions that involves corrupting components of an app so that its new evil bits will be ignored as invalid by popular mobile security scanning tools, while the app as a whole gets accepted as valid by Android OS and successfully installed.

“There is malware that is patching the .apk file [the app installation file], so that the platform is still treating it as valid and runs all the malicious actions it’s designed to do, while at the same time a lot of tools designed to unpack and decompile these apps fail to process the code,” Eremin explained.

Eremin said ThreatFabric has seen this malware obfuscation method used a few times in the past, but in April 2023 it started finding many more variants of known mobile malware families leveraging it for stealth. The company has since attributed this increase to a semi-automated malware-as-a-service offering in the cybercrime underground that will obfuscate or “crypt” malicious mobile apps for a fee.

Eremin said Google flagged their initial May 9, 2023 report as “high” severity. More recently, Google awarded them a $5,000 bug bounty, even though it did not technically classify their finding as a security vulnerability.

“This was a unique situation in which the reported issue was not classified as a vulnerability and did not impact the Android Open Source Project (AOSP), but did result in an update to our malware detection mechanisms for apps that might try to abuse this issue,” Google said in a written statement.

Google also acknowledged that some of the tools it makes available to developers — including APK Analyzer — currently fail to parse such malicious applications and treat them as invalid, while still allowing them to be installed on user devices.

“We are investigating possible fixes for developer tools and plan to update our documentation accordingly,” Google’s statement continued.

Image: ThreatFabric.

According to ThreatFabric, there are a few telltale signs that app analyzers can look for that may indicate a malicious app is abusing the weakness to masquerade as benign. For starters, they found that apps modified in this way have Android Manifest files that contain newer timestamps than the rest of the files in the software package.

More critically, the Manifest file itself will be changed so that the number of “strings” — plain text in the code, such as comments — specified as present in the app does match the genuine number of strings in the software.

One of the mobile malware families known to be abusing this obfuscation method has been dubbed Anatsa, which is a sophisticated Android-based banking trojan that typically is disguised as a harmless application for managing files. Last month, ThreatFabric detailed how the crooks behind Anatsa will purchase older, abandoned file managing apps, or create their own and let the apps build up a considerable user base before updating them with malicious components.

ThreatFabric says Anatsa poses as PDF viewers and other file managing applications because these types of apps already have advanced permissions to remove or modify other files on the host device. The company estimates the people behind Anatsa have delivered more than 30,000 installations of their banking trojan via ongoing Google Play Store malware campaigns.

Google has come under fire in recent months for failing to more proactively police its Play Store for malicious apps, or for once-legitimate applications that later go rogue. This May 2023 story from Ars Technica about a formerly benign screen recording app that turned malicious after garnering 50,000 users notes that Google doesn’t comment when malware is discovered on its platform, beyond thanking the outside researchers who found it and saying the company removes malware as soon as it learns of it.

“The company has never explained what causes its own researchers and automated scanning process to miss malicious apps discovered by outsiders,” Ars’ Dan Goodin wrote. “Google has also been reluctant to actively notify Play users once it learns they were infected by apps promoted and made available by its own service.”

The Ars story mentions one potentially positive change by Google of late: A preventive measure available in Android versions 11 and higher that implements “app hibernation,” which puts apps that have been dormant into a hibernation state that removes their previously granted runtime permissions.

Android users who want some AI-infused help can now snag the official ChatGPT app for their phones and tablets. Following news on Friday that OpenAI's ChatGPT app would arrive for Android this week, the program landed in the Google Play store today, free to use just like the iOS edition.

In a tweet, OpenAI confirmed the app's Android debut, noting that it's available for download in the U.S., India, Bangladesh, and Brazil with plans to expand to other countries over the next week.

Also: How to use ChatGPT: Everything you need to know

With this new release, ChatGPT is now accessible on iPhones, iPads, and Android devices as well as on the website. The experience is similar across all those platforms, though the Android app sprinkles in a couple of bonus features just like the iOS flavor.

In the app, you can type your request and then ask follow-up questions to pursue the same topic. Otherwise, simply tap the + icon at the top to start a new chat.

You're also able to speak your request. Just tap the microphone icon in the Message field, dictate your question or request, and then tap the circle when you're done. Your speech is transcribed into text for you to submit.

The app keeps track of all your chats on the website and across your mobile devices. To access a previous chat, just tap the hamburger icon at the top and select History. You're able to browse through your past chats or search for a specific one by keyword. Tap any chat to display it.

With a chat on the screen, tap the three-dot icon at the right and you can delete it or rename it.

Like the website and iOS version, the Android app is geared toward both free ChatGPT users and those with a paid ChatGPT Plus subscription. At the top of the screen, subscribers just tap GPT-3.5 or GPT-4 depending on which mode they want to use. GPT-4 offers several advantages over its predecessor, including better training, longer memory, and greater multi-language proficiency.

From the Android app's hamburger icon, you can access the Settings menu where you're able to export your chat data into a viewable HTML file, clear your chat history, and even delete your account. You can also change the color scheme, switch the default language, and access help information.

Also: The 10 best ChatGPT plugins right now

The popularity of AI has led to a slew of third-party apps both for iOS and Android, most of them powered by OpenAI's ChatGPT model. However, many of them are freemium apps. That means you get a limited number of chats for free and then have to shell out money for a subscription if you want more. OpenAI's official mobile apps are fully free, so you can keep chatting throughout the day without having to cough up more cash.