Whether you’re an Android or iOS user, there’s a good chance you look at user reviews and ratings before you decide whether to download an app to your device. In hopes of making those more useful for everyone, Google plans to make two tweaks to the Play Store.

Starting in November, the ratings you see will be based on where you live. So, for example, if your device is registered to Japan, you will first see what other Japanese users think of the app you’re about to download. Then, sometime early next year, Google plans to further tweak Play Store ratings to better reflect the device you’re using, be that a phone, tablet, foldable, Chromebook or smartwatch. “This will give users a better impression of the experience that they can expect for the device they’re using,” the company says of the change.

In part, Google is making these tweaks to help developers. It wants to avoid a situation where ratings in one area impact the global perception of an app. This can happen in cases where a bug only affects one localized version of the software. Of course, that compartmentalization means you can learn of those same bugs before you download an app.

Around 38 million records from north of a thousand web apps that use Microsoft's Power Apps platform were left exposed online, according to researchers. The records are said to have included data from COVID-19 contact tracing efforts, vaccine registrations and employee databases, such as home addresses, phone numbers, social security numbers and vaccination status.

Data from some large companies and institutions was exposed in the incident, according to Wired, including American Airlines, Ford, the Indiana Department of Health and New York City public schools. The vulnerability has mostly been resolved.

Researchers from security company Upguard started looking into the issue in May. They found data from many Power Apps that was supposed to be private was available for anyone to access if they knew where to look. 

The Power Apps service aims to make it easy for customers to make their own web and mobile apps. It offers application programming interfaces (APIs) for developers to use with the data they collect. However, Upguard found that using those APIs makes the data obtained through Power Apps public by default, and manual reconfiguration was required to keep the information private.

Upguard says it sent a vulnerability report to the Microsoft Security Resource Center on June 24th, including links to Power Apps accounts on which sensitive data was exposed and steps to identify APIs that enabled anonymous access to data. Researchers worked with Microsoft to clarify how to reproduce the issue. However, an Microsoft analyst told the firm on June 29th that the case was closed and they “determined that this behavior is considered to be by design.”

Upguard then started notifying some of the affected companies and organizations, which moved to lock down their data. It raised an abuse report with Microsoft on July 15th. By July 19th, the company says that most of the data from the Power Apps in question, including the most sensitive information, had been made private. Engadget has contacted Microsoft for comment.

Earlier this month, Microsoft said Power Apps will keep data private by default when developers harness the APIs. In addition, it released a tool for developers to check their Power Apps settings.

There's no indication as yet that any of the exposed data has been compromised. Among the most sensitive information that was left in the open were 332,000 email addresses and Microsoft employee IDs that are used for payroll, according to Upguard. The company also says that more than 39,000 records from portals related to Microsoft Mixed Reality were exposed, including users' names and email addresses.

The incident underscores the fact that a misconfiguration, no matter how seemingly minor, could lead to serious data breaches. That doesn't appear to be the case here, thankfully. Still, it goes to show that developers should probably triple check their settings, especially when plugging in an API they haven't designed themselves.

Part of WhatsApp's end-to-end encryption scheme is a requirement for users to set up the service with a phone as the "main" device for an account. The company announced in July that it was working on next-generation encryption that would enable a true multi-device connection without requiring a connection to a smartphone. As part of that, it sounds like WhatsApp is planning a fully native iPad app fro the first time.

AppleInsider noticed a few tweets this weekend from the WABetaInfo account, an unofficial source of details about upcoming WhatsApp features. The account says that as part of the upcoming multi-device beta, both the iPad and Android tablets would be able to be used as "linked devices" to a WhatsApp account for the first time. A follow-up tweet claims that it'll be a native app (rather than a web app) and that it'll work "independently" (as in it'll run if your smartphone is offline). 

There's no word on when this app and integration will arrive; the WABetaInfo account says it's under development and will be released in a "future update." But if you already have the WhatsApp for iOS beta, you'll get access to the iPad version as well. On the one hand, plenty of people who've been using WhatsApp for years have likely gotten used to the app not being available on tablets — but multi-device support seems like the perfect time to make WhatsApp work on more devices.

Android Auto is best-known as a way to access your phone through a car's dashboard — this lets you easily access Google Maps, music apps and data without needing to use your phone. But for years now, Google has also offered an Android Auto experience directly on a phone, for people who don't have a compatible dashboard unit. More recently, Google has also been working on an "Assistant driving mode" (pictured above) that arrived earlier this year after a few delays. Now that Google Assistant driving mode is finished, though, the company will stop offering the old Android Auto experience on phones running Android 12.

A statement from Google shared with 9to5Google confirms this plan. Google Assistant driving mode is our next evolution of the mobile driving experience," the statement reads. "For the people who use Android Auto in supported vehicles, that experience isn’t going away. For those who use the on phone experience (Android Auto mobile app), they will be transitioned to Google Assistant driving mode. Starting with Android 12, Google Assistant driving mode will be the built-in mobile driving experience. We have no further details to share at this time."

Before Google confirmed this change, some Pixel owners running Android 12 received a notification when trying to run the Android Auto app on their phones. It said that Android Auto was now "only available for car screens" and recommended that they try the Google Assistant driving experience instead. Given that the new Google Assistant experience will clearly be the focus going forward, switching over probably isn't a big deal for most people. But if you don't upgrade your phone to Android 12, you'll be able to keep running the Android Auto app, at least for the time being.

At its annual Duocon conference on Friday, Duolingo announced several updates for the language-learning app. Among them is a family plan, which gives up to six people access to Duolingo Plus with a single subscription.

The plan includes benefits like unlimited hearts (so you can keep learning for longer after making mistakes) and an option to keep your lesson streak going if you happen to miss a day. Subscribers won't see any ads in the app either. New features include a hub where you can review all of your mistakes and a more advanced Legendary Level to put your language skills to the test.

The family plan costs around $120 per year, but there's no monthly payment option. The standard plan is $80 per year or $13/month. You can add accounts on shared devices with ease and follow your family members to see their progress. 

In addition, Duolingo is hoping to make it easier for users to learn languages with non-Latin based alphabets, such as Japanese, Korean, Russian, Greek, Arabic and Hindi. The company says it has built new kinds of exercises to help folks get to grips with the character-based languages.

Meanwhile, five more languages are coming to the app soon: Haitian Creole, Zulu, Xhosa, Tagalog and Maori. Duolingo worked with South African organization Nal'ibali on the Zulu and Xhosa courses. 

“For years, we’ve been working to elevate the status of South African languages by creating and distributing high-quality stories for children," Nal’ibali COO Katie Huston said in a statement. "Partnering with Duolingo to create these courses is another step towards elevating and protecting our local languages, and sharing them with new audiences around the world."

Duolingo is also working on an app that teaches elementary-level math. The app will harness the same tech the company uses for language learning and it should emerge next year. On top of that, Duolingo is upgrading the BirdBrain AI learning system. It says the AI will create personalized lessons at the correct difficulty level.

Conducting an APK teardown of the latest version of the Peloton Android app, 9to5Google found evidence the company is preparing the software to support a rowing machine in the near future. The outlet found various code snippets that mentioned a device codenamed "Caesar" and "Mazu." The latter is a reference to a Chinese sea goddess. Like the company's stationary bike, it appears the rowing machine will include a "scenic rides" feature that will showcase waterways from around the globe. And if you want to just row, that will be an option too.

Another set of snippets reference the four positions of a proper rowing technique. "This is the drive position of your stroke," the app explains. "Sit tall on the rower with your arms straight and your back upright. Your knees should be just above the ankles." Digging deeper into the updated software, 9to5 also found code suggesting the app will track metrics like your average and max stroke rates.

A rowing machine is something Peloton has been rumored to be working for a while now, with a recent job listing mentioning the device. We've reached out to Pelton for confirmation, but we'll note here what we say with all APK teardowns: the fact there's code pointing to a new hardware release doesn't mean a company will follow through on that work or that a launch is imminent. 

While Apple may have released Siri before Google Assistant and Amazon Alexa, in many ways its voice-activated assistant is the least advanced of the three. A lot of that has to do with the amount of data and training digital assistants need to understand different languages, dialects and speech patterns. In an effort to improve its digital assistant, Apple recently launched a study to collect speech data and feedback with the help of an app called Siri Speech Study.

“The Siri Speech Study app allows participants to send certain data to Apple for product improvement, as detailed in the informed consent form,” the company says in a listing spotted by TechCrunch. The software is available in the US, Canada, Germany, France, Hong Kong, India, Ireland, Italy, Japan, Mexico, New Zealand and Taiwan. According to data from analytics firm Sensor Tower, Apple uploaded Siri Speech Study to the App Store on August 9th, and recently updated the software on August 18th.

Apple isn’t being exactly secretive about the app, but nor is it advertising its existence either. You can’t find the software by searching for it, nor is it listed as one of the apps published by Apple. Similarly, you can’t join the study simply by installing the software on your phone; you need an invite from Apple to participate. We've reached out to Apple for more information on the app. 

Notably, the app allows those involved to choose what Siri requests they send to the company. That's an important point. In 2019, The Guardian published a report that detailed an Apple program where third-party contractors listened to anonymized Siri recordings to analyze the assistant’s responses. A whistleblower told the outlet there had been “countless instances” where graders listened to private conversations, including some that involved criminal dealings and sexual encounters. Apple subsequently moved the program in-house, and switched to opt-in transcripts.

Facebook's introducing new tools to help people in Afghanistan lock down their accounts’ privacy settings. The “one-click” tool will activate privacy settings for timeline posts, and prevent profile photos from being downloaded or shared, Facebook’s Head of Security Policy Nathaniel Gleicher said in a statement.

The feature will encourage users to "limit what unknown people can see," according to screenshots shared by Gleicher. The tool won’t be available on Instagram, but the photo sharing app is pushing “pop-up alerts” that will explain ways to lock down those accounts as well.

Facebook

Gleicher added that the company is also temporarily hiding friends lists of accounts in the country, and he encouraged people with Facebook friends in Afghanistan to change privacy settings for their friends list as well. “We’re working closely with our counterparts in industry, civil society and government to provide whatever support we can to help protect people,” he said. “And we've stood up a special operations center to respond to new threats as they emerge.”

Starting today, some Facebook users in the US will see Reels, Instagram’s take on TikTok-like short-form videos, appear throughout the company's main app, the social media giant told The Verge. If Facebook enrolls you in the test, you’ll see the clips appear nestled in the News Feed and within Groups. The experiment is an expansion to an existing one Facebook is running in Canada, India and Mexico.

In addition to watching Reels on the platform, you can record them directly from the Facebook app. Moreover, much like with Stories, Instagram users can cross-post the clips to Facebook. The company told The Verge the test is in part a response to the popularity of the format, with interest in the clips growing "especially quickly."

Whatever you think of them, it’s safe to say short-form videos are here to stay, and Facebook isn’t the only company intent on integrating the format into its mainline app. Just last month, YouTube rolled out tools for creating Shorts to users in 100 countries and started paying out creators from the $100 million fund it created to support the format.

Twitter is working to make Spaces more discoverable. On Wednesday, the company announced an update to its API v2 that will allow developers to search for live and scheduled Spaces using criteria like user IDs and keywords. “With the Spaces lookup and Spaces search endpoints, we hope to enable developers to build tools and solutions that help people on (and off) Twitter find interesting and relevant Spaces more easily,” the company said in a blog post.

As The Verge points out, it sounds like the new API functionality won’t allow third-party apps to let you host and listen to Spaces outside of the main app, but what will do is help make the audio rooms easier to find. After opening up the app to more of its users in May, Twitter has been quick to iterate on the app, adding features like support for co-hosting and voice manipulation. Clearly the company sees Spaces as an important part of its future.