Plus Apple goes all in on Arcade, I/O sessions show what Google has cooking this year, Outlook.com was hacked, and a whole lot more. Here’s your Monday roundup of the biggest stories from the weekend.

Google Location Data is Helping Police Find Witnesses and Suspects

Over the weekend, the New York Times broke a fascinating story about how police are using location data kept by Google to find both witnesses and suspects related to cases that they’re having a hard time cracking. The report is both revealing and absolutely terrifying.

While we can all understand how this data is helpful and shows promise for catching the bad guy, it also raises the question of what happens when they target the wrong guy. One such story was highlighted by the NYT, where a man was arrested for murder, but subsequently released a week later when they realized that he didn’t do it. It’s great that they figured it out so quickly, but it could’ve just as easily gone the other way and taken months to catch the real criminal.

Here’s how it works: Google keeps track of precise device location, which it stores in a database called Sensorvault. If police are having a difficult time finding witnesses or pinning down a suspect, it can request all device information for a given area where a crime is committed. Google provides device info—completely anonymized initially—allowing police to track devices to pinpoint better potential suspects (or, in some cases, witnesses who may not have come forward). Once it has a better idea of the devices it may be after, it formally requests full information from Google.

At that point, Google gives up all the goods: usernames, emails, phone number, real name, the works. If the person is actually guilty, this is great! If not, well, I’m less enthusiastic.

This report shines a bright light on the potential downsides of allowing Google to track your device all the time—and make no mistake here, this is very much a Google problem. When asked about a similar program, Apple stated that “did not have the ability to perform those searches.”

According to Google, only the data from users who have opted into Location History tracking is kept in Sensorvault. That said, the Associated Press recently found that Google was still tracking users even after they disabled Location History, so take that for what it’s worth.

While there’s still plenty more to discuss on this topic, I’ll stop here for the sake of brevity. I encourage everyone to read the New York Time’s report, as it’s highly revealing.

 Apple News: Apple Bets Big on Arcade

Plus, Apple is going to war with Qualcomm.

According to a new report from The Financial Times (paywall), Apple is spending more than $500 million to get its recently-announced Arcade service up and running. That’s some serious money. [via 9to5Mac] Apple and Qualcomm go to war in court starting this week, and it’s going to be ugly. [The Verge]

While the Qualcomm thing is interesting enough in its own right, it’s a messy situation that is likely going to be long, drawn-out, and honestly (for now at least) kind of boring. So let’s talk about this game thing instead!

You’d be forgiven for forgetting about Apple Arcade, which was announced at its event late last month. It’s Apple’s take on gaming, which will allow users to pay a single price (which has yet to be announced) to access a play “over 100” new, original, and exclusive games on the company’s hardware. That includes Mac, iPhone, and Apple TV.

It was largely overshadowed by things like News+, the new TV app, and TV+, but it’s still clearly a big deal to Apple. The fact that the company is pouring millions of dollars into the service is pretty telling. Still, that’s the most information we’ve gotten about the service outside of Apple’s event itself…which still isn’t very much.

To be more specific, however, the numbers are pretty incredible: according to The Financial Times’ report, Apple is spending “several million” on each of the 100 titles destined for Arcade. It goes on to say that Apple is offering a little something extra to developers that will make their game exclusive to Arcade, though it doesn’t specify what this extra incentive is.

According to 9to5Mac, citing its own sources, all Arcade games will be “mobile exclusive,” meaning that they won’t be available on other mobile platforms (read: Android). Developers will, however, be able to offer the titles on PS4, Xbox, and Switch. The latter option there is curious because Switch games are often likened to mobile titles; in fact, Fortnite makes Switch players play against mobile players because it feels they’re at too much of a disadvantage to play against other consoles.

But I digress. Apple Arcade sounds interesting and given how much Apple is willing to spend on it, pretty promising. We’ll be looking forward to getting more detailed info about the cost and model from Apple as the launch timeframe of “this fall” gets closer.

Google News: Google’s New App for Indoor Location Tracking

Plus I/O sessions, Linux apps on Chrome OS 75 get USB support, a new Chromebook shows up with a fingerprint scanner, YouTube is using “quality watch time” as a new metric for videos success, and more.

Google recently released a new app called WifiRttScan for 802. 11mc indoor positioning. Indoor GPS is coming. Also, more precise tracking. Great. [9to5Google] The first Google I/O sessions started to show up this weekend, with Android Q, Chrome OS, Material Dark, camera, gaming, and a lot more. [9to5Google, Android Police] Linux apps on Chrome OS 75 got USB support, including debugging for Android phone. Oh hell yeah. [About Chromebooks] Speaking of Chromebooks, a new baseboard codenamed “Hatch” recently showed up in a commit with full biometric support. Bring on the Chromebooks with fingerprint scanners. [Chrome Unboxed] Starting in Chrome 75, websites will no longer be able to tell when you’re using incognito mode. Good. [Techdows] Recently, Android Police reported that a handful of HTC’s apps were removed from the Play Store. Well, they’re starting to trickle back in. Weird. [Android Police] Here’s a fun one: YouTube is starting to use a new internal metric called “quality watch time” to gauge video success, but it still isn’t sure how it’s going to work. That sounds promising. [Bloomberg] The Verge went hands-on with the upcoming Galaxy Fold. And they pretty much liked it. [The Verge]

While we’ve talked about how 802.11mc will be used for indoor tracking—indoor GPS if you will—and we’re actually pretty excited for the tech, this news hit at a pretty awkward time given the recent report from the New York Times.

Still, there’s definitely some value to precise indoor location tracking. Imagine you’re in a huge mall and looking for one particular store. You could walk around until you find it, check those huge maps that are generally hard to read anyway, or just fire up your smartphone and tell it to find the store you’re looking for. I know which one I’d pick.

But now it’s more apparent than ever there’s another side to that coin that needs to be considered: even more precise location tracking means that Google knows exactly where you are—and likely what you’re looking at!—even when you’re inside a building. The imagination can run wild with all sorts of ideas about how that particular data set will be used.

Hyper-specific ads based on something you looked at in a store? Probably. How about, considering the NYT’s piece, pegging someone for a crime because they recently shopped for items that may be associated with said crime—like bomb construction, for example. Now, while that’s highly speculative, it’s still something that has to be considered.

Just like with so many other things related to modern technology, the future for this sort of thing is both exciting and terrifying.

Microsoft News: HACKED

Things aren’t looking great for Microsoft this morning, with details of hackers compromising a support agent’s credentials to access customer email, and Internet Exploring allowing hackers to steal files both rolling in over the weekend. On the upside, Microsoft added Google, DuckDuckGo, and Yahoo as search providers in Edge Canary. Yay?

Hackers had access to Microsoft’s webmail services—Outlook. com, @msn, and @hotmail—for upwards of three months. Access was reportedly gained by using a support agent’s login credentials. More on this below. [TechCrunch, The Verge] In related news, there’s a security flaw in Internet Explorer that allows hackers to access (and take) your files. Even if you don’t use IE. Oof. [Engadget] Good news: Microsoft added more search options to Edge Canary. If you don’t like Bing as your only option, you can now set Google, DuckDuckGo, and Yahoo as your primary option. Cool. [Techdows] Here’s a look at Microsoft’s upcoming disc-less Xbox One S in all its glory. [Techradar]

With two hacks/breaches coming out, it was a pretty lousy weekend for Microsoft. According to the reports I’ve read, the email hack affected about “six percent” of users. Hackers were able to gain access to users’ email addresses, folders, subject lines, and the email addresses of users they had been corresponding with. According to Microsoft, not the actual emails themselves or the passwords for the accounts.

That particular breach occurred between January 1st and March 28th, so the door was wide open for nearly four months. That’s a pretty long time for someone to be sifting through your email. What might be more fascinating—or perhaps troubling—is how the hackers gained access to the accounts in the first place: by using a support agent’s login credentials. Oof.

Once the credentials were identified, however, access was revoked.

Of course, there’s also the IE breach, which allowed hackers to access files found on users PCs—even if they don’t use IE. This was in large part due to an unpatched exploit found in the browser everyone loves to hate, which allowed outside access when an attachment (sent through chat or email) was opened.

To make matter worse, Microsoft reportedly refused to fix the exploit, saying it would be “considered” in a future release. Perhaps the news of the breach will force Microsoft to react and release an urgent patch, but in the meantime, we encourage all users to be careful what they click on, especially when it comes to attachments.

Other News: Big Brother is Watching (According to Facebook, Anyway)

The hidden messages in Oculus controllers were originally supposed to be limited to prototype units but somehow ended up making their way into “tens of thousands” production units. And you know, typically something like this would be pretty humorous but given Facebook’s history…not so much.

There were multiple messages hidden in the controllers: The Masons Were Here, Hi iFixit! We see you!, This Space for Rent, and others. Of course, the most troubling is by far the ominous “Big Brother is Watching,” which was honestly just in poor taste, joke or not.

Nate Mitchell, the co-founder of Oculus, confirmed that these were never supposed to make it into retail units and that the messages were “inappropriate.” Agreed, Nate. Circumstantially, this was not the best move.

Alas, the little hidden won’t affect the controllers’ functionality and are still expected to ship with Quest and Rift S units later this year.