portrait picture

TIMO ZIMMERMANN

balancing software engineering & infosec

Buying an Android phone is hard

posted on Friday 10th of May 2019 in

I like iOS. I do not think this is a secret. But leading the iOS and Android team at Nurx means I also have to be proficient when it comes to Android. While I trust my engineers and our design team to make the right calls, there are situations were some input from me is required or a pair of fresh eyes help with feature exploration and planning. My last Linux based mobile device – except some test devices – was a Sharp Zaurus, so it was definitely time to get my hands on a recent Android phone and make it my daily driver to get a better understanding of the platform, the applications and what differentiates excellent applications from the other 99% in the Play Store.

My test devices are usually on the lower end. I think all Android engineers I have worked with own a relatively recent and powerful device. And since most of what I did in the past was some light testing of the applications I settled with the lower end device class to make sure the app is still running nicely on CPU and memory constrained devices. My current test device is a Huawei Y6 (2018) and let me tell you, this thing is garbage. The plastic is clearly above the screen and you can feel pressing the display in when using it. The stock OS lags when doing nearly anything. There are third party apps I cannot uninstall but surely do not want on my device. It is basically a manifestation of everything that can be bad about a phone.

So when I set out to get my phone I started with a very simple requirements list.

Initially I thought that those are reasonable things to ask for. Oh was I wrong.

Comparing phones is hard. Especially because the software is a big unknown. You can find some that have only small customisations and a few that run stock Android. While you can look at CPU specs you never know how much of it will actually be required to run the 10 bloatware and spyware services shipped by the manufacturer or how bad the custom UI is actually treating the phones resources.

And do not get me started on the CPUs itself. After some research it looked like the Snapdragon 845 is powering last years devices while the Snapdragon 855 is powering the new flagships. But wait, a wild Kirin 980 appears. With a variety of cores and clock speeds. While you can look at benchmarks that tell you how the CPU itself performs compared to another one, it does not give you the smallest hint how well the device overall will perform.

Looking at Samsung, Huawei, Xiaomi – it is still a dev device, so budget is a concern – and others I did not find a clear answer which device would check all boxes. From what I can tell OnePlus comes the closest to what I would expect at a sensible price point. Talking to some friends who primarily work with Android I got a variety of recommendations, but one was included in nearly all conversations: Google Pixel 3. Funnily I was offered a brand new one for the same I would be paying for a OnePlus, so I settled for the Pixel 3 XL.

What bothers me is that this was not a conscious decision. It was an opportunity that showed up and I know it will check above boxes. Would the other phones? Who knows. I can only watch so much tech reviews on YouTube that ignore the interesting parts like haptics.

Now compare this to buying an iPhone.

Obviously not everything is perfect and there will always be reasons why people do not like an iPhone. Some of those might be hardware related, some might dislike iOS and others simple do not like Apple. All good reasons to not get an iPhone. But what if you decide you want one?

Apple extended their device line up making it a bit harder to find exactly the phone you are looking for and forcing you to think about the tradeoffs and advantages. Remember the iPhone 6 / 7 era? Decide on the form factor. Done. Want to save money? Get the previous generation model.

Apple provides a few more options today. But all of them check the very simple requirements list and you cannot make a horrible mistake buying any of those – especially as a consumer. Android on the other hand provides a variety of,… let us call it experiences… depending on the brand you choose. And the model. And the spec of the model. And the year it was build in.

It is hardly possible to blame Android, the operating system, for the fragmentation and what manufactures did to it. I am glad they picked a free, decently supported operating system instead of trying to build their own. WebOS showed where this leads to – I am sorry my dear WebOS fans, but obviously not to a working mobile OS with longterm viability. The real problem here are the manufacturers who introduce all the problems outlined above. There only seem to be two to three brands that actually apply common sense, the rest just makes sure the whole ecosystems reputation suffers.


Beats Studio 3

posted on Thursday 4th of April 2019 in

When it comes to headphones there are exactly two things I really like – Sennheiser and AirPods. Sennheiser headphones served me well for as long as I can remember and the AirPods with the W1 chip provide some comfort switching between devices I do not want to miss anymore. I still decided to give the Beats Studio 3 a try since I am hearing more and more good things about them and it seemed like Apple stepped up and tried making headphones out of the low quality fashion brand.

I was planning to write about this for some time and now Linus published a review of four premium consumer headphones, so I thought it is a good time to join the discussion, especially because I disagree with his statement about the bad sound quality.

Testing the Studio 3 was actually not a totally random decision, I had to send in my Sennheiser PXC 550 in for service to fix an issue with the Bluetooth connectivity. The service itself was as good as you would imagine – it took roughly five days after sending Sennheiser my headphones to have a brand new version of the PXC 550 delivered to me. I did not know how long this would take though and I really like the comfort of the W1 chip when switching between the four devices I use on a regular basis, so the Beats Studio 3 seemed like a good fit.

When it comes to headphones the use case should be the driving factor for your choice, not some random recommendation from someone on the Internet who uses them for something totally different. Currently I have three headphones:

While I enjoy listening to music I cannot really tell the difference between $300 and $3000 headphones. I can tell you if I like what I hear, if bass or heights are missing and I can compare the same track across headphones, but I surely do not have the highest or most refined standards.

The Beats Studio 3 caught my attention for a very simple fact: over ear, active noise cancellation and a W1 chip? That sounds like a combination of everything I love about the Sennheiser and the AirPods.

The unboxing experience, documentation and accessories are as you would expect when you are used to Apple products. The first thing you will notice when used to other headphones is that the Beats 3 are taking up a lot more space when folded than travel ready headphones from other brands.

Overall the headphones are not that comfortable to wear. They cover my ears, but I feel some pressure on the edges, they are simply not big enough. The PXC 550 are only slightly bigger, which is just enough to be comfortable. Another thing I noticed is that my ears are getting very warm wearing the Beats to the point where it feels uncomfortable and a bit sweaty. I usually wear headphones for 3-4 hours when in meetings and they became uncomfortable after 30-40 minutes, where I can get through a whole day with the PXC 550.

The build quality is also not what I would have expected from an Apple product. You hear a lot of squeaking noises when handling the headphones, surely not something you would associate with a premium product.

One of the most common critiques I hear is the lack of bass. The Beats are actually decently neutral headphones you can use to listen to music and talk to people without questions if the product was designed to suppress any frequency above 1kHz. Just because you expect far too much bass does not mean the latest version has to deliver on the mistakes made in the past. Overall I liked them for listening to music, this was actually a pleasant surprise.

For some reason the W1 chip does not seem to work the way it does in AirPods. Simply selecting the Beats from the audio selection screen did not always work. Sometimes they did not connect, sometimes they lost the connection and sometimes they simply did not show up. I never ran into those problems with the AirPods. It feels like this might have been a problem specifically with the ones I had, I cannot imagine Apple messing up their own chip that badly.

The active noise cancellation was actually fine. I could not hear my dog barking downstairs or my wife vacuuming the room next to my office when it was active. I can imagine it falling a bit behind on a plane since a vacuum right outside my office was still hearable.

So would I recommend getting the Beats Studio 3? It depends. If you can test them and they fit around your ears and you think they are comfortable to wear they are surely a decent choice. If you do not care for the W1 functionality I would get the PXC 550 or the Sony. Better ANC, in my opinion a better sounds quality and easier to transport.


Thoughts on Apples ‘It’s Show Time’ event

posted on Wednesday 27th of March 2019 in ,

I actually liked the concept of the event: Focus on new announcements instead of telling me again that you managed to put a new CPU in one or two of your systems which therefore are now 0.5% faster making them the fastest $x you ever built. It seems though like the idea of getting the unspectacular updates out of the way goes against the expectations of some people – years of conditioning did a great job there. While I heard “I had no idea they updated their lineup” a few times, I actually know two people who were waiting for the keynote with buying a new laptop since they wanted the most recent model.

Two of the announcements – Apple Card and News+ – actually made me go “Oh nice, but will it ever come to Germany? Maybe 2030…”. So, without further ado, my two cents on the event:

Apple Card sounds like a pretty nice thing looking at the German credit card market. Cash back? Fancy new concept. Low interest rate? Well, I don’t really care, I pay off my card at the end of the month, but okay, might come in handy some day. No data on the card? Nice! Finally being able to use my card in a US restaurant without thinking about all the things less honest people than my always nice and professional waiters and waitresses would do with this opportunity? Yes please. (And do not get me started on bars…)

I am not that excited about the UI to be honest. Other companies already solved this pretty well and I do not believe it is a differentiating factor.

But coming back to the “low interest rate” promise. Let us take a look at the marketing page. 13.24% to 24.24%.

I know Apple is in the market for premium, but maybe let us talk about the definition of “low”, because this is simply ridiculous. I can easily name three banks which are in the 6-7% range. No late fees? Sure, additional interest only accumulates towards your balance. I am sorry, but this is what I expect from the finance industry I left a decade ago. And guess what – this is exactly what it is.

Apple is not a bank, and as such they are patterning up with Goldman Sachs. A typical bank showing their standard TOS. I honestly expected more from Apple.

Apple News+ looks like something I would immediately subscribe to if I could. I like some of the magazines shown, I am sure my wife also finds one or two she would like to read and the price point is okay. I actually tried reading GQ on the iPad once. A horrible experience, and I simply assume Apple News+ would fix this.

I get why they are targeting US, Canada and later UK first. What I do not understand is why I cannot buy an Apple News+ subscription for the US region today. I do not particularly care about content tailored to Germany or Europe. Even when the service is available in Germany I am not sure if I would not prefer content from another region.

(One of the things people regularly suggest is switching the AppStore region to US. With family sharing and all the little inconveniences people had in the past I will surely not try to ruin my day that way.)

Apple TV Channels and TV Plus. Well, there was an announcement, I can tell that much. I do not particularly care about channels. I honestly do not think it will ever come to Germany anyway, we have a bit of a different concept over here how TVs work and I do not see US publishers licensing their content for other markets. And if it would I already have Netflix and a free Amazon Prime subscription – which is nice for Grand Tour and… well, that is it. (My wife thinks there’s more to Prime than just Grand Tour, so I guess there’s that.)

Plus on the other hand might become really interesting. Netflix is doing a very good job with their own productions and it seems like Apple has some potential talent there. Past reports suggest that Tim Cook is pushing for family friendly content, a demographic I am not really falling into even if I enjoy the occasional Pixar movie.

Apple Arcade will be interesting. I think it is no secret that I condemn micro transactions and all the “buy 1/7th of a game now and the rest via in app purchase”. I do not game a lot on my iOS devices or the AppleTV, partly because the input is horrible for the games I like – looking at you Final Fantasy 7. And there are games with very good critiques where I am not sure if I will enjoy them – hey Stardew Valley.

While the input will likely not change, especially considering what a dead end MFI controllers are, I might start exploring games a bit more if there would be a nice bundle offering like “Apple Entertainment package” that includes all services making it a matter of a dollar or two to get Arcade.

I heard a few times that people have a hard time with the concept that channels will come to other streaming devices which are a lot cheaper than an Apple TV. I think it makes a lot of sense. You do not buy an Apple TV because you want an Apple TV. You buy one because you have an iPhone, maybe an iPad, a MacBook or iMac and you want all your devices to work nicely together. Maybe you want a HomeKit central without leaving one of your iOS devices at home.

If you really only are only in the market for streaming content you might go for the lowest cost hardware anyway. But this means you would not be able to throw money at Apple TV Plus if they did not bring the app to other devices. And the more devices we see, the higher the potential revenue is, the more likely we will see some great content being produced – I am always okay with great content.

I actually hope that this also forces them to invest more in the integration between devices. With todays iOS update I can finally ask Siri to play a movie on my Apple TV. Remind me how long Alexa could do this already with a Firestick. Integration is one of the big selling points why you can ask people to spend three to four times as much on your streaming box compared to alternatives, but it actually has to be a clear differentiating factor.

Overall I liked the announcements, but I have the slight suspicion that it will be a long time before I can get my hands on Apple Card and News+.


Equipped to spy

posted on Wednesday 20th of February 2019 in ,

Some very eventful days, especially when you are in for some good, old privacy drama. First we had news about Singapore Airlines having cameras in their on board entertainment systems and now microphones in Nest smoke detectors. Thanks to the last few years the conclusion that companies are equipping their hardware to gather more information about you is not far fetched. Especially if one of them is basically designed around gathering as much information as possible about everyone.

Singapore Airlines was pretty quick to comment on this and state that the cameras are not in use, that there are no plans for them to be used and that they were simply part of what they bought.

Singapore Airlines replied that it was indeed a camera, embedded into the seat back by the original equipment manufacturers of the plane, but said the cameras had been disabled on its aircraft and “there are no plans to develop any features” using them.

https://www.cnet.com/news/airplane-seat-cameras-could-be-your-new-spy-in-the-sky/

And obviously Google was also pretty quick to explain that they never intended to keep this a secret from their customers.

“The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” the person said. “That was an error on our part.”

https://www.businessinsider.de/nest-microphone-was-never-supposed-to-be-a-secret-2019-2?r=US&IR=T

Now the company doing evil telling you they are actually not, so all is good, right? Okay, enough cynicism. Let us ignore the obvious conclusion that there was malicious intent.

Looking at both incidents leaves some room for doubt about the intention to spy on everyone. Now assume a “regular user”, someone who is exposed to IoT devices, maybe even uses them, but has no motivation to learn anything. How should a regular user know if there is a risk for their privacy?

Singapore Airlines bought something and it happened to have a camera. So they deactivated it, why would they need one on board of a plane anyway, right? They surely did not go out of their way ordering a custom made system without a camera at a way higher cost, disabling the existing one is easier.

And Nest could use the microphone to record shattering glass to detect a break in. But they never got to the part where they developed the feature, maybe because the acquisition came along. And not documenting unused hardware is not a big deal anyone would have an eye on, right?

I do not think we have to discuss the long term feasibility of deactivating hardware via software. There have been more than enough examples that show what garbage security features in network connected devices are.

If we trust both statements, both companies paid for components they did never intend to use. How feasible it would be to skip adding them depends on many factors – it could have been more economic to keep them in the design and assemble them.

The really important thing is that both companies are big enough to just change it if they would see the existence of the components as problematic. And they decided having a camera and a microphone in a place where they are not needed is not something to be concerned about.

In an age where companies are notoriously bad at securing their little toy devices they want to put everywhere and where most of them lost all trust from privacy concerned people this is simply a bad stance to take. On top of that some of those companies business model boils down to “gather as much information as you can and sell it to whoever pays for it”.

Not having regular users being able to tell anymore if a company is trying to setup yet another device next to your TV to spy on you or if an honest mistake was made is a real problem. And there seems to be no sufficient backlash to instil the mindset of thinking about privacy in companies – enterprises and startups alike – product teams. And if an honest mistake happened the paranoia is already there hitting the wrong company and people.

I am not saying those two incidents were mistakes. I am also not saying Singapore Airlines and Google were working on yet another way to spy on people. But what I can say for sure is that every single little incident which can have some potential impact on privacy will become a bigger deal in the future. There could be two potential, worrisome outcomes – regular users will get more concerned with every device, leading us to some diesel punk inspired future. Or worse, people start ignoring all of this, leading to the dystopian future some people predict.

The third option is finally starting to design privacy as a first class feature in every single product. No matter if hardware or software. If companies finally step up and take responsibility not only for what they individually did, but also how the larger industry messed up over the past years we might have a chance to recover some of the lost trust. But to get there and to instil this mindset of privacy first we need people pointing out every single small incident – and make it a big deal.


We all win

posted on Sunday 17th of February 2019 in

I know I am a bit late with this, but not watching the Super Bowl means I also miss all the commercials and have to wait for them to show up through another channel. The one that really caught my eye was the one from Microsoft. Having played a lot with people with disabilities during my active World of Warcraft time I got a little insight into the challenges some games and some input methods provide.

Especially with games and gaming becoming more and more relevant, for a lot of different reasons varying from person to person, I really appreciate Microsoft stepping up and trying to address some of those challenges.

With IT having some place and relevance to my life since the 90s I have seen Microsoft do a lot of things and the larger community reacting to it. There was a lot of shady things going on deserving all the critique and sneer Microsoft received for it. But looking at all the change since Satya took over time I have hope for Microsoft.

Surely not everything is great. There are still very questionable things going on in some parts of MS. I think I only have to say Candy Crush to trigger some people. But looking across all departments of the company you can see change. Positive change I hope they will try to make in all of their departments. And “we all win” surely is this kind of change where they do something directly addressing (potential) users trying to improve their life.