In this blog you can visit new technology latest news about advance technology viral news latest andriod phones and much more visit this blog for more updates daily thanks
On the last day of 2020, New York City’s Metro Transit Authority announced that it has finished its roll out of contactless payment systems. With the addition of a final stop in Brooklyn, every MTA subway station and bus in the five boroughs now sports the OMNY “Tap and Go” system.
We got an early demo of the Grand Central terminals when the project rollout began last May. The system involves a major infrastructure overhaul as the transit authority looks beyond the iconic Metro Card to mobile payment systems from vendors like Apple, Google, Samsung and Fitbit – allowing users to use smartphones and smartwatches to swipe their way through the turn style.
The MTA had expected to finish the project by October – though COVID-19 put the kibosh on those plans along with so much else. The goal was pushed back to December, and it appears it’s been met with no time to spare.
Join us for a major announcement about the rollout of OMNY, our state-of-the-art payment system that will replace MetroCard completely in 2023.
MetroCards are sticking around for the time being – though the MTA expects they will be phased out at some point in 2023. Part of the transition involves the arrival of the OMNY Card, which use the new technology but function similarly to MetroCard. A reduced far version of the card is set to arrive for riders who qualify at some point in 2021. The new readers are also coming to the Metro-North and Long Island Rail Road systems.
Apple faces a major setback in one of its legal fights, VMware sues a former executive and Google tests a new short-form video feature. This is your Daily Crunch for December 29, 2020.
The big story: Judge dismisses Apple copyright claims against Corellium
Apple filed a lawsuit last year against Corellium, a company that allows security researchers to create virtualized iOS devices in the browser in order to discover potential security flaws.
Apple argued that Corellium’s product both infringes its copyright and, by circumventing built-in authentications and security checks, violates the Digital Millennium Copyright Act. Today, Judge Rodney Smith dismissed Apple’s copyright claims and wrote that “Corellium has met its burden of establishing fair use.”
Smith did not rule on Apple’s DMCA claims, so this legal battle isn’t over.
The tech giants
VMware files suit against former exec for moving to rival company — The company is claiming that former COO Rajiv Ramaswami had inside knowledge of the key plans at VMware and that he should have told the company that he was interviewing for a job at a rival organization.
Streaming services face their real test in 2021 — While media/telecom executives and Wall Street investors have been willing to make big investments for a streaming-centric future, they’ll expect to see actual profits soon.
(Extra Crunch is our membership program, which aims to democratize information about startups. You can sign up here for a holiday deal good through January 3. Read more about the deal here.)
The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.
Back in August of last year Apple filed a lawsuit against the virtualization software company Corellium, arguing that the product infringed its copyright and later adding claims that Corellium’s product violates the DMCA.
While the DMCA claims will still need to be settled in court, a judge in Florida has tossed out Apple’s copyright claims.
So what is Corellium? To over simplify it, Corellium allows security researchers to spin up a virtualized ARM device (including iOS devices) in a browser and take a deep look under the hood to discover potential security bugs. As I wrote last year:
Corellium could allow, for example, a security researcher to quickly fire up a simulated iPhone and hunt for potential bugs. If one is discovered, they can quickly load up prior versions of iOS to see how long this bug has been around. If a bug “bricks” the virtual iOS device and renders it unusable, it’s a matter of just booting up a new one rather than obtaining a whole new phone. Virtualized devices can be paused, giving researchers a detailed look at its precise state at any given moment.
Having reviewed the evidence, the Court does not find a lack of good faith and fair dealing. Further, weighing all the necessary factors, the Court finds that Corellium has met its burden of establishing fair use. Thus, its use of iOS in connection with the Corellium Product is permissible. On these grounds, Corellium’s Motion for Summary Judgment is granted on Apple’s copyright claim.
Smith cites Corellium’s ability to do things like “(1) see and halt running processes; (2) modify the kernel; (3) use CoreTrace, a tool to view system calls; (4) use an app browser and a file browser; and (5) take live snapshots” as proof that the product is “not merely a repackaged version of iOS” and should be considered fair use.
Smith also notes repeatedly that this legal action comes after Apple considered acquiring Corellium.
Between January 2018 and the summer of 2018, the parties engaged in discussions regarding Apple’s potential acquisition of Corellium. During this time, the parties met in-person and telephonically. Corellium explained to Apple the technology behind the Corellium Product and how it works, and discussed Corellium’s business and intention to commercialize the Corellium Product.
And:
If Apple had acquired the Corellium Product, the product would have been used internally for testing and validation (that is, for verifying any system weaknesses and functioning of devices).
While this decision swipes away the copyright claims (potential appeals aside), there was no such swift judgement on the DMCA claims. Apple argues that Corellium is working around built-in authentications and security checks, whereas Corellium argues that such things are implemented at a hardware level and the firmware they’re dealing with (the iOS IPSW files) are “left unencrypted, unprotected, unlocked, and out in the open for the public to access, copy, edit, distribute, perform, and display.”
Tesla will begin its operations in India “early” 2021, a top Indian minister said on Monday, a day after the tech carmaker said it was confident it would enter the world’s second most populated market next year.
The American car company will begin operations with sales in early 2021 and then “maybe” look at assembling and manufacturing of cars in the country, India’s transport minister Nitin Gadkari told newspaper Indian Express. How early? Definitely not next month, Musk tweeted over the weekend.
Tesla, which broke ground in early 2019 on a $5 billion factory in China — its first outside of the U.S.. — has for years expressed interest in expanding to India. But in a 2018 tweet, Tesla chief executive Elon Musk shared that “some government regulations” in India had emerged as a roadblock.
Like elsewhere in the world, Musk has amassed tens of millions of fans in India. A handful of people paid the token amount of $1,000 to pre-order the Model 3 in 2016. Musk later blamed the local regulations for the delay in bringing the cars to customers in India.
“Maybe I’m misinformed, but I was told that 30% of parts must be locally sourced and the supply doesn’t yet exist in India to support that,” he tweeted in 2017.
Instead of putting down $1000 in reserving the Tesla Model 3 in 2016, I should have invested in $TSLA stock. My money would be worth 10x more today.
And by the looks of it 30x (price of the car) by the time it launches in India. Sigh.
New Delhi, which has claimed to abolish more than a 1,000 “archaic laws” in recent years, has previously acknowledged the pain points expressed by Musk. In the past three years, India has proposed billions of dollars in incentive to car companies to switch to electric alternatives and accelerate innovation and manufacturing of batteries in a bid to reduce its spendings on oil and curb air pollution.
Indian ride-hailing firm Ola, acquired Amsterdam-based Etergo earlier this year, said this month that it plans to invest about $327 million to set up “the world’s largest scooter factory” in the Southern Indian state of Tamil Nadu, which it said will be able to create 10,000 new jobs and have an initial capacity to produce 2 million electric vehicles in a year.
Earlier this year, a proposal drafted by Indian Prime Minister Narendra Modi-backed think tank Niti Aayog said the country could slash its spendings on oil import by as much as $40 billion in the next 10 years if electric vehicles were to be widely adopted.
Gadkari told the Indian newspaper that he is hopeful that India will emerge as the No. 1 manufacturing hub for auto in five years.
This was going to be the year of 5G. It was going to be the year the next-generation wireless technology helped reverse some troubling macro trends for the industry — or at the very least helped stem the bleeding some.
But the best laid plans, and all that. With about a week left in the year, I think it’s pretty safe to say that 2020 didn’t wind up the way the vast majority of us had hoped. It’s a list that certainly includes the lion’s share of smartphone makers. Look no further than a recent report published by Gartner to answer the question of just how bad 2020 was for smartphone sales.
It was so bad that a 5.7% global decline year-over-year for the third quarter constituted good news. In a normal year, that wouldn’t qualify as good news for too many industries outside of wax cylinder and asbestos sales. But there are few standards by which 2020 was a normal year, so now we’ll take some respite in the fact that a 5.7% drop was a considerably less pronounced drop than the ~20% we saw in Qs 1 and 2.
Some context before we get into the whys here. A thing that’s important to note up front is that mobile wasn’t one of those industries where everything was smooth sailing before everything got upended by a pandemic. In 2019 I wrote a not insignificant number of stories with headlines like “Smartphone sales expected to drop 2.5% globally this year” and “Smartphone sales declined again in Q2, surprising no one.” And even those stories were a continuation of trends from a year prior.
The reasons for the decline should be pretty familiar by now. For one thing, premium handsets got expensive, routinely topping out over $1,000. Related to that, phones have gotten good. Good news for consumers doesn’t necessarily translate to good news for manufacturers here, as upgrade cycles have slowed significantly from their traditional every two years (also an artifact of the carrier subscription model). Couple that with economic hardships, and you’ve got a recipe for slowed growth.
This March, I wrote an article titled “5G devices were less than 1% of US smartphone purchases in 2019.” There was, perhaps, a certain level of cognitive dissonance there, after many years of 5G hype. There are myriad factors at play here. First, there just weren’t a ton of different 5G models available in the States by year’s end. Second, network rollout was far from complete. And, of course, there was no 5G iPhone.
I concluded that piece by noting:
Of course, it remains to be seen how COVID-19 will impact sales. It seems safe to assume that, like every aspect of our lives, there will be a notable impact on the number of people buying expensive smartphones. Certainly things like smartphone purchases tend to lessen in importance in the face of something like a global pandemic.
In hindsight, the answer is “a lot.” I’ll be the first to admit that when I wrote those words on March 12, I had absolutely no notion of how bad it was about to get and how long it would last (hello month nine of lockdown). In the earliest days, the big issue globally was on the supply side. Asia (China specifically) was the first place to get hit and the epicenter of manufacturing buckled accordingly. Both China and its manufacturing were remarkably fast to get back online.
In the intervening months, demand has taken a massive hit. Once again, there are a number of reasons for this. For starters, people aren’t leaving their homes as much — and for that reason, the money they’ve allotted to electronics purchases has gone toward things like PCs, as they’ve shifted to a remote work set-up. The other big issue here is simple economics. So many people are out of work and so much has become uncertain that smartphones have once again been elevated to a kind of luxury status.
There are, however, reasons to be hopeful. It seems likely that 5G will eventually help right things — though it’s hard to say when. Likely much of that depends on how soon we’re able to return to “normal” in 2021. But for now, there’s some positive to be seen in early iPhone sales. After Apple went all in on 5G this year, the new handset (perhaps unsurprisingly) topped sales for all other 5G handsets for the month of October, according to analysts.
The company will offer a more complete picture (including the ever-important holiday sales) as part of its earnings report next month. For now, at least, it seems that thing are finally heading in the right direction. That trend will, hopefully, continue as the new year sees a number of Android launches.
Perhaps 2021 will be the year of 5G — because 2020 sure wasn’t.
Ahead of the turning of the New Year, many people are wishing they could do something about the environment. Now, a UK startup hopes to make our environmental impact more personal.
Yayzy has now launched an iOS app (but Android is coming) which literally links to your bank account to work out the environmental impact of what you buy. It uses payment data via Open Banking standards to automatically calculate the carbon footprint of each purchase a user makes, giving them a picture of their total monthly carbon emissions. This makes the carbon footprint calculated more accurate and bespoke to the individual, allowing them to immediately connect their spending to its impact on the planet.
Yayzy has secured £900,000 in backing from Antler Venture Capital, Seedrs (a crowdfunding round) and the CoreAngels Impact Fund. As the user sees what the carbon footprint is of their purchase, they can choose to offset it right then and there on the app via the carbon offsetter Ecosphere Plus. In the app, users can also find tips to reduce their carbon footprint, eco-friendly retailers near them or insights into lifestyle choices that have the highest environmental impact.
Their competitors are people like CoGo, a real-time Carbon Footprint tracker, and and Doconomy and the soon to launch Tred.
But Yayzy is taking a different approach. It brings together all of a user’s spending and shows them item by item as they spend, what the carbon footprint of that spend is. So far – it claims – its competitors don’t do that.
Yaysy app
This can be done ad hoc, item by item, or by signing up to a monthly subscription to either carbon offsetting projects or the user’s own unique climate portfolio. This portfolio would bundle multiple projects together for a more ‘holistic’ impact. Yayzy says all of these projects have been carefully selected based on strict criteria, and also advance the UN Sustainable development goals.
For its underlying carbon data, Yayzy is using Vital Metrics https://ift.tt/38nP8Fe
as used by Google, Microsoft and both the UK and US governments, among others.
Mankaran Ahluwalia, cofounder and CEO of Yayzy said in a statement: “While emissions have gradually risen as lockdown eases, YAYZY wants to put us all in the driver’s seat to control our own environmental impact… It is clear from a plethora of surveys that the majority of people want to address climate change before it is too late, but that a huge intention/action gap blocks much of it. Our solution with Yayzy is to make environmental impact ‘up close and personal’ and the action to tackle it super easy, all via your phone.”
Ahluwalia, was as a technology analyst with Infosys and built a lending platform for alternate credit. Cofounder Cristian Dan, CTO, previously built a discounts platform and cofounder Pedro Cabrero, CFO was in equity sales and trading for UBS and Citigroup, and co-founded the a leading online pharmacy in Mexico.
from Android – TechCrunch https://ift.tt/2LX8Wrv
via IFTTT
Tesla stock’s miraculously bizarre 2020 might have a gone different way had Apple’s Tim Cook agreed to a meeting in recent years, or so says Elon Musk.
Reacting to Reuters’ recent news that Apple has not abandoned its electric car program and is still pursuing plans to build a physical vehicle, Musk tweeted that in “the darkest days” of scaling Model 3 production, he reached out to Apple CEO Tim Cook and raised the possibility of the Cupertino company acquiring Tesla. Musk says that Cook refused to take the meeting.
TechCrunch has reached out to Apple for comment.
During the darkest days of the Model 3 program, I reached out to Tim Cook to discuss the possibility of Apple acquiring Tesla (for 1/10 of our current value). He refused to take the meeting.
Musk’s short tweet did not clarify exactly when this timeline was, though given public information about Tesla’s Model 3 production, it was likely between 2017 and 2019. In regards to Musk’s proposed sales price, 1/10th of Tesla’s current market capitalization is about $60 billion, which isn’t too far from the stock’s public value last year before it reached stratospheric heights in recent months.
Though Tesla is now worth more than $600 billion on the public markets after joining the S&P 500 this week, most Wall Street analysts seem perplexed by the stock’s recent growth which has been owed to young and first-time investors rallying behind Tesla’s products and its CEO.
The two-year-old Glance, which is part of advertising giant InMobi Group, said on Tuesday that it has raised $145 million in a new financing round from Google and existing investor Mithril Partners. The new round values Glance at over $1 billion, a person familiar with the matter said, making the startup a unicorn.
Glance uses AI to offer personalized experience to its users. The service replaces the otherwise empty lock screen with locally relevant news, stories, and casual games. Late last year, InMobi acquired Roposo, a Gurgaon-headquartered startup, that has enabled it to introduce short-form videos on the platform. Google is also investing in Roposo, a startup that Glance acquired last year. Roposo is a short video platform with over 33 million monthly active users. These users spend about 20 minutes consuming content across multiple genres in more than 10 languages on the app everyday.
Glance ships pre-installed on several smartphone models. The subsidiary maintains tie-ups with nearly every top Android smartphone vendor including Xiaomi, the top player in India, and Samsung. The service has amassed over 115 million daily active users.
“Glance is a great example of innovation solving for mobile-first and mobile-only consumption, serving content across many of India’s local languages,” said Caesar Sengupta, VP, Google, in a statement. “Still too many Indians have trouble finding content to read or services they can use confidently, in their own language. And this significantly limits the value of the internet for them, particularly at a time like this when the internet is the lifeline of so many people. This investment underlines our strong belief in working with India’s innovative startups and work towards the shared goal of building a truly inclusive digital economy that will benefit everyone.”
Naveen Tewari, founder and chief executive of Glance and InMobi Group, said the investment will pave the way for “deeper partnership between Google and Glance across product development, infrastructure, and global market expansion.” The startup plans to deploy the fresh capital to expand in the U.S.
Investment in DailyHunt
Google said on Tuesday that it is also investing in VerSe Innovation, the parent firm of Indian startup DailyHunt. Across its apps including DailyHunt and short-video platform Josh, DailyHunt claims to serve over 300 million users news and entertainment content in 14 Indian languages. The startup said it has completed a round of over $100 million from Google, Microsoft, and AlphaWave among other investors and this new round values it at over $1 billion, making it a unicorn.
DailyHunt — which is co-run by Umang Bedi, former Facebook India head — plans to deploy the fresh capital to scale Josh app, the augmentation of local language content offerings, the development of content creator ecosystem, innovation in AI and ML and the growth of its truly “made-in-Bharat-for-Bharat short-video platform,” it said.
Josh and Roposo are among over a dozen apps in India that are attempting to fill the void New Delhi created after banning TikTok in late June in the country.
The demise of the Apple car, the technology giant’s not-so-secret secret project, was perhaps overstated. Apple’s so-called Project Titan, which last year reduced the team by some 200 employees, is not only alive, it has plans to produce an electric passenger vehicle with “breakthrough battery technology” and automated vehicle technology by 2024, according to a report from Reuters.
It’s unclear what the vehicle will look like, who will be the manufacturing partner or if the self-driving system that Apple has been working on will be part of the car or offered as a software product to other companies. The Reuters article builds off of another report from Taiwanese media outlet Economic Daily Times, which describes Apple ramping up orders for auto parts and components from suppliers in the country. Together, the reports offer confirmation that Apple, while quiet and with a smaller team, hasn’t ditched the idea of a car after all.
Reuters sources describe this as a passenger vehicle, which would put Apple in a different category than autonomous vehicle technology companies like Waymo that are trying to commercialize robotaxi services. (Waymo has said that it is also interested in licensing its AV tech for passenger vehicles, but it’s not the company’s first priority.)
Apple’s Project Titan is led by Doug Field, who returned to the company in 2018 after a stint at electric automaker Tesla. Field, who was senior vice president of engineering at Tesla, was one of the key executives behind the launch of the Model 3. Under Field’s leadership, it appears the Apple car might square off more directly with Tesla than say Alphabet’s Waymo.
Citizen Lab researchers say they have found evidence that dozens of journalists had their iPhones silently compromised with spyware known to be used by nation states.
For more than the past year, London-based reporter Rania Dridi and at least 36 journalists, producers and executives working for the Al Jazeera news agency were targeted with a so-called “zero-click” attack that exploited a now-fixed vulnerability in Apple’s iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link.
Citizen Lab, the internet watchdog at the University of Toronto, was asked to investigate earlier this year after one of the victims, Al Jazeera investigative journalist Tamer Almisshal, suspected that his phone may have been hacked.
In a technical report out Sunday and shared with TechCrunch, the researchers say they believe the journalists’ iPhones were infected with the Pegasus spyware, developed by Israel-based NSO Group.
The researchers analyzed Almisshal’s iPhone and found it had between July and August connected to servers known to be used by NSO for delivering the Pegasus spyware. The device revealed a burst of network activity that suggests that the spyware may have been delivered silently over iMessage.
Logs from the phone show that the spyware was likely able to secretly record the microphone and phone calls, take photos using the phone’s camera, access the victim’s passwords, and track the phone’s location.
Citizen Lab analyzed the network logs of two hacked iPhones and found it could record ambient calls, take photos using the camera, and track the device’s location without the victim knowing. (Image: Citizen Lab)
Citizen Lab said the bulk of the hacks were likely carried out by at least four NSO customers, including the governments of Saudi Arabia and the United Arab Emirates, citing evidence it found in similar attacks involving Pegasus.
The researchers found evidence that two other NSO customers hacked into one and three Al Jazeera phones respectively, but that they could not attribute the attacks to a specific government.
A spokesperson for Al Jazeera, which just broadcast its reporting of the hacks, did not immediately comment.
NSO sells governments and nation states access to its Pegasus spyware as a prepackaged service by providing the infrastructure and the exploits needed to launch the spyware against the customer’s targets. But the spyware maker has repeatedly distanced itself from what its customers do and has said it does not who its customers target. Some of NSO’s known customers include authoritarian regimes like China and Russia. Saudi Arabia allegedly used the surveillance technology to spy on the communications of columnist Jamal Khashoggi shortly before his murder, which U.S. intelligence concluded was likely ordered by the kingdom’s de facto ruler, Crown Prince Mohammed bin Salman.
Citizen Lab said it also found evidence that Dridi, a journalist at Arabic television station Al Araby in London, had fallen victim to a zero-click attack. The researchers said Dridi was likely targeted by the UAE government.
In a phone call, Dridi told TechCrunch that her phone may have been targeted because of her close association to a person of interest to the UAE.
Dridi’s phone, an iPhone XS Max, was targeted for a longer period, likely between October 2019 and July 2020. The researchers found evidence that she was targeted on two separate occasions with a zero-day attack — the name of an exploit that has not been previously disclosed and that a patch is not yet available — because her phone was running the latest version of iOS both times.
“My life is not normal anymore. I don’t feel like I have a private life again,” said Dridi. “To be a journalist is not a crime,” she said.
Citizen Lab said its latest findings reveal an “accelerating trend of espionage” against journalists and news organizations, and that the growing use of zero-click exploits makes it increasingly difficult — though evidently not impossible — to detect because of the more sophisticated techniques used to infect victims’ devices while covering their tracks.
When reached on Saturday, NSO said it was unable to comment on the allegations as it had not seen the report, but declined to say when asked if Saudi Arabia or the UAE were customers or describe what processes — if any — it puts in place to prevent customers from targeting journalists.
“This is the first we are hearing of these assertions. As we have repeatedly stated, we do not have access to any information related to the identities of individuals upon whom our system is alleged to have been used to conduct surveillance. However, when we receive credible evidence of misuse, combined with the basic identifiers of the alleged targets and timeframes, we take all necessary steps in accordance with our product misuse investigation procedure to review the allegations,” said a spokesperson.
“We are unable to comment on a report we have not yet seen. We do know that CitizenLab regularly publishes reports based on inaccurate assumptions and without a full command of the facts, and this report will likely follow that theme NSO provides products that enable governmental law enforcement agencies to tackle serious organized crime and counterterrorism only, but as stated in the past, we do not operate them. Nevertheless, we are committed to ensuring our policies are adhered to, and any evidence of a breach will be taken seriously and investigated.”
Spokespeople for the Saudi and UAE governments in New York did not respond to an email requesting comment.
The attacks not only puts a renewed focus on the shadowy world of surveillance spyware, but also the companies having to defend against it. Apple rests much of its public image on advocating privacy for its users and building secure devices, like iPhones, designed to be hardened against the bulk of attacks. But no technology is impervious to security bugs. In 2016, Reuters reported that UAE-based cybersecurity firm DarkMatter bought a zero-click exploit to target iMessage, which they referred to as “Karma.” The exploit worked even if the user did not actively use the messaging app.
Apple told TechCrunch that it had not independently verified Citizen Lab’s findings but that the vulnerabilities used to target the reporters were fixed in iOS 14, released in September.
“At Apple, our teams work tirelessly to strengthen the security of our users’ data and devices. iOS 14 is a major leap forward in security and delivered new protections against these kinds of attacks. The attack described in the research was highly targeted by nation-states against specific individuals. We always urge customers to download the latest version of the software to protect themselves and their data,” said an Apple spokesperson.
Facebook discovered and patched the vulnerability, stopping the attack in its tracks, but said that more than 100 human rights defenders, journalists and “other members of civil society” had fallen victim.
Citizen Lab researchers say they have found evidence that dozens of journalists had their iPhones silently compromised with spyware known to be used by nation states.
For more than the past year, London-based reporter Rania Dridi and at least 36 journalists, producers and executives working for the Al Jazeera news agency were targeted with a so-called “zero-click” attack that exploited a now-fixed vulnerability in Apple’s iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link.
Citizen Lab, the internet watchdog at the University of Toronto, was asked to investigate earlier this year after one of the victims, Al Jazeera investigative journalist Tamer Almisshal, suspected that his phone may have been hacked.
In a technical report out Sunday and shared with TechCrunch, the researchers say they believe the journalists’ iPhones were infected with the Pegasus spyware, developed by Israel-based NSO Group.
The researchers analyzed Almisshal’s iPhone and found it had between July and August connected to servers known to be used by NSO for delivering the Pegasus spyware. The device revealed a burst of network activity that suggests that the spyware may have been delivered silently over iMessage.
Logs from the phone show that the spyware was likely able to secretly record the microphone and phone calls, take photos using the phone’s camera, access the victim’s passwords, and track the phone’s location.
Citizen Lab analyzed the network logs of two hacked iPhones and found it could record ambient calls, take photos using the camera, and track the device’s location without the victim knowing. (Image: Citizen Lab)
Citizen Lab said the bulk of the hacks were likely carried out by at least four NSO customers, including the governments of Saudi Arabia and the United Arab Emirates, citing evidence it found in similar attacks involving Pegasus.
The researchers found evidence that two other NSO customers hacked into one and three Al Jazeera phones respectively, but that they could not attribute the attacks to a specific government.
A spokesperson for Al Jazeera, which just broadcast its reporting of the hacks, did not immediately comment.
NSO sells governments and nation states access to its Pegasus spyware as a prepackaged service by providing the infrastructure and the exploits needed to launch the spyware against the customer’s targets. But the spyware maker has repeatedly distanced itself from what its customers do and has said it does not who its customers target. Some of NSO’s known customers include authoritarian regimes like China and Russia. Saudi Arabia allegedly used the surveillance technology to spy on the communications of columnist Jamal Khashoggi shortly before his murder, which U.S. intelligence concluded was likely ordered by the kingdom’s de facto ruler, Crown Prince Mohammed bin Salman.
Citizen Lab said it also found evidence that Dridi, a journalist at Arabic television station Al Araby in London, had fallen victim to a zero-click attack. The researchers said Dridi was likely targeted by the UAE government.
In a phone call, Dridi told TechCrunch that her phone may have been targeted because of her close association to a person of interest to the UAE.
Dridi’s phone, an iPhone XS Max, was targeted for a longer period, likely between October 2019 and July 2020. The researchers found evidence that she was targeted on two separate occasions with a zero-day attack — the name of an exploit that has not been previously disclosed and that a patch is not yet available — because her phone was running the latest version of iOS both times.
“My life is not normal anymore. I don’t feel like I have a private life again,” said Dridi. “To be a journalist is not a crime,” she said.
Citizen Lab said its latest findings reveal an “accelerating trend of espionage” against journalists and news organizations, and that the growing use of zero-click exploits makes it increasingly difficult — though evidently not impossible — to detect because of the more sophisticated techniques used to infect victims’ devices while covering their tracks.
When reached on Saturday, NSO said it was unable to comment on the allegations as it had not seen the report, but declined to say when asked if Saudi Arabia or the UAE were customers or describe what processes — if any — it puts in place to prevent customers from targeting journalists.
“This is the first we are hearing of these assertions. As we have repeatedly stated, we do not have access to any information related to the identities of individuals upon whom our system is alleged to have been used to conduct surveillance. However, when we receive credible evidence of misuse, combined with the basic identifiers of the alleged targets and timeframes, we take all necessary steps in accordance with our product misuse investigation procedure to review the allegations,” said a spokesperson.
“We are unable to comment on a report we have not yet seen. We do know that CitizenLab regularly publishes reports based on inaccurate assumptions and without a full command of the facts, and this report will likely follow that theme NSO provides products that enable governmental law enforcement agencies to tackle serious organized crime and counterterrorism only, but as stated in the past, we do not operate them. Nevertheless, we are committed to ensuring our policies are adhered to, and any evidence of a breach will be taken seriously and investigated.”
Spokespeople for the Saudi and UAE governments in New York did not respond to an email requesting comment.
The attacks not only puts a renewed focus on the shadowy world of surveillance spyware, but also the companies having to defend against it. Apple rests much of its public image on advocating privacy for its users and building secure devices, like iPhones, designed to be hardened against the bulk of attacks. But no technology is impervious to security bugs. In 2016, Reuters reported that UAE-based cybersecurity firm DarkMatter bought a zero-click exploit to target iMessage, which they referred to as “Karma.” The exploit worked even if the user did not actively use the messaging app.
Apple told TechCrunch that it had not independently verified Citizen Lab’s findings but that the vulnerabilities used to target the reporters were fixed in iOS 14, released in September.
“At Apple, our teams work tirelessly to strengthen the security of our users’ data and devices. iOS 14 is a major leap forward in security and delivered new protections against these kinds of attacks. The attack described in the research was highly targeted by nation-states against specific individuals. We always urge customers to download the latest version of the software to protect themselves and their data,” said an Apple spokesperson.
Facebook discovered and patched the vulnerability, stopping the attack in its tracks, but said that more than 100 human rights defenders, journalists and “other members of civil society” had fallen victim.
Welcome back to This Week in Apps, href="https://techcrunch.com/tag/this-week-in-apps/">the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.
The app industry is as hot as ever, with a record 204 billion downloads and $120 billion in global consumer spend in 2019. Not including third-party Chinese app stores, iOS and Android users downloaded 130 billion apps in 2020. Consumer spend also hit a record $112 billion across iOS and Android alone. In 2019, people spent three hours and 40 minutes per day using apps, rivaling TV. Due to COVID-19, time spent in apps jumped 25% year-over-year on Android.
Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus.
Top Stories
Apple launches App Store privacy labels
Image Credits: Apple
Apple this week launched its promised App Store privacy labels across all its App Stores, including iOS, iPadOS, macOS, watchOS and tvOS. The labels aim to give Apple customers an easier way to understand what sort of information an app collects across three categories: data used to track you, data linked to you and data not linked to you. Tracking, Apple explains, refers to the act of linking either user or device data collected from an app with user or device data collected from other apps, websites or even offline properties (like data aggregated from retail receipts) that’s used for targeted advertising or advertisement measurement. It can also include sharing user or device data with data brokers.
This aspect alone will expose the industry of third-party adtech and analytics SDKs (software development kits) — basically code from external vendors that developers add to their apps to boost their revenues.
Meanwhile, “data linked to you” is the personal information tied to your identity through your user account on the app, your device or other details. (You can read more about the program here.)
Axios compared how various social media and messaging apps compare as determined by the labels. Not surprisingly, it found that Facebook-owned apps collected more data than apps like Telegram, Signal and Apple’s Messages. It also found that Snap collected less data than the other major social networks.
Others noticed that Google had yet to provide any privacy label information for its biggest apps like Gmail, Googel Maps or Google Search.
Apple and Facebook fight over privacy changes
Also this week, Facebook took out full-page newspaper ads to attack Apple’s upcoming privacy-centered changes, alleging that the decision will have negative impacts on small businesses. With a forthcoming update to iOS 14, developers will have to ask users permission to use their IDFA identifiers for ad targeting purposes, and they’ll have very few characters to explain why it’s necessary. Most users, who are sick of having their data taken and resold without any personal control over that process, will likely just say “No.”
On the one hand, Facebook has much to lose as it already warned that without targeting and personalization, mobile app install campaigns brought in 50% less revenue for publishers. And the impacts to Facebook Audience Network on iOS will be even worse. But Facebook says it’s well-diversified enough so this one change won’t hurt its business as much as it will smaller ones run by “aspiring entrepreneurs.”
It also pointed out that Apple’s interests aren’t only about consumer choice. When developers make less money from the traditional targeted ads, they’ll turn to other means of generating revenues — like in-app purchases and subscriptions, benefiting Apple.
We should also point out that Apple does a lot of data gathering and targeting of its own. In your iOS Privacy Settings, when you scroll way down to the bottom of the page, then click on Apple Advertising followed by View Ad Targeting Information, you’ll find Apple’s own admissions of how it tracks you across its platform, including data from your account info (age, gender, location), and by what content you’ve downloaded on Apple Music, Apple TV, Apple Books and the App Store. It uses this data to target you with personalized ads on the App Store, in Apple News and in Stocks.
Apple, meanwhile, has presented Facebook’s tracking business as one that aims to “collect as much data as possible,” in order to “develop and monetize detailed profiles of their users,” in a “disregard to user privacy.” And while it’s true that Facebook’s network spans apps and websites, Apple is doing the same thing within its own ecosystem…of a billion iPhones and other devices. Devices where Apple’s own apps are often pre-installed and compete with third-party services in areas like books, music, TV, fitness, news and more.
Plus, Apple told developers when it launched the new App Store privacy labels this week, that developers don’t have to disclose the data collected by Apple itself. Uh, wonder why that is?
Instead, developers have to come clean about all the other ways they collect and use customer data, including if data brokers are involved.
The move of course is a big gain for consumer privacy, as it establishes a new baseline for the industry, lays bare the amount to which users are tracked and forces companies to re-establishment trust with their customers instead of sneaking behind their back to gather and sell their data. But it’s simultaneously an easy smokescreen for Apple’s own interests, and Apple should not get a pass on that aspect just because it’s also “a very good thing.” Apple wanted a bigger portion of the adtech market and to grow its subscription business and it wants to fight for consumer privacy. But it largely only highlights the latter when speaking to reporters or making public statements.
The risk of criticizing Apple for such a pro-consumer move is that it looks like a defense of Facebook. But this issue is too complex to require that you simply choose sides. There are ways that Apple can both tackle consumer privacy issues and be more upfront about its own ongoing data collection practices — and burying its data collection/ad targeting info at the very bottom of the iOS Privacy settings page is not it.
Twitter kills Periscope
Image Credits: Twitter
Twitter this week announced it’s shutting down its standalone livestreaming app Periscope, which it acquired in 2015. The company said the app had been “an unsustainable maintenance-mode state” for some time, and Twitter has seen its usage decline as costs went up. The app will no longer function by March 2021, but Twitter says it’s not giving up on live video. It notes that it brought most of Periscope’s core capabilities to Twitter over the years.
Users will be able to download an archive of their Periscope broadcasts and data before the app is removed and those that have been published to Twitter will continue to live on as replays.
RIP @PeriscopeCo. And congrats @kayvz and Joe on building an incredible product that showed the world what interactive live video could be. I'll never forget seeing it for the first time with you two, @jess, and @dickc. https://t.co/VbBaSp9zuw
Twitter has a history of making bad calls on its standalone apps that seemed like smart decisions at the time. The company was early to the idea that music and social could work well when tied together when it launched a standalone Twitter Music app in 2013. Years later, other companies have proven that to be true — TikTok said this week its app is driving hits, and got 70-some artists major label record deals. In 2020, over 176 songs passed 1 billion views as TikTok sounds.
Another idea Twitter killed, of course, was Vine, the app that could have been TikTok, had it lasted.
Now Twitter is killing its live video app, a project it abandoned, as everyone else is figuring out how to turn live video streams into e-commerce transactions. Today, Facebook and Instagram offer live video shopping, including in Instagram Reels, its TikTok rival. And TikTok itself launched its first big test of livestreamed video shopping in partnership with Walmart. Other big names who are investing in live video shopping include Amazon through its QVC-like Amazon Live, Alibaba through AliExpress, JD.com, Pinduoduo, WeChat and TikTok’s Chinese sister app, Douyin.
One could argue that Twitter just wants to stake out its own place and not follow the crowd, but its latest big feature was Stories, er, Fleets, a format that’s just about everywhere. And its current test product is Spaces, a rival to Clubhouse and a handful of other audio-networking startups.
Apple releases macOS Big Sur version 11.1, which allows iPhone and iPad apps without resizable windows to enter into full-screen mode on Macs with the M1 chip. HBO Max will benefit from this, as well as some mobile games.
Apple talks about how to design an App Clip URL more efficiently in new blog post. It also announced that App Clip Codes — the visual image that encodes a URL and can incorporate an NFC tag — are also now available for creation in App Store Connect or with the new command line App Clip Code Generator.
Apple launched iOS 12.5 for older phones that don’t support iOS 14. The update brings the COVID-19 exposure notification support to these older devices and other security fixes.
Google announces Android Things platform shutdown is January 5, 2021.
Services
Amazon’s AWS announced the preview of Amazon Location, a service that will allow developers to add location-based features to their web-based and mobile applications. Amazon Location is based on mapping data from Esri and HERE Technologies, and includes built-in tracking and geofencing, but not routing.
Game engine maker Unity teamed up with Snap to bring its Unity Ads supply to Snap Audience Network and bring Snap Kit to game developers. From the Unity Asset Store, game developers can use Snap Kit’s Login Kit and Creative Kit, the latter which allows users to decorate their videos with stickers or ad AR lenses. Bitmoji avatars will be integrated with Unity in early 2021.
PUBG Mobile tops the list of billion-dollar mobile games in 2020, reports Sensor Tower. Five games topped $1 billion this year, including also Honor of Kings, Pokémon GO, Coin Master and Roblox.
Amazon’s Luna cloud gaming service arrives on Android. Like the iOS version, the service works through the web browser in the U.S. It supports some Pixel, Samsung and OnePlus devices for now, with expanded device support arriving in time.
Roblox delays IPO to 2021. The company said the IPO performance of Airbnb and DoorDash, which soared on their debut leaving money on the table, made it too difficult to price shares.
A judge orders Apple to produce documentation from Tim Cook and Craig Federighi in the Epic Games/Fortnite lawsuit. The execs may also be called to testify, along with Eddy Cue, if Epic gets its way. Facebook also said this week it would aid Epic in its legal battle by providing supporting materials and documents, as a part of the discovery process.
Google’s cloud gaming service, Google Stadia, arrives on iOS. The service bypasses the App Store to instead use a web app. It works on both iPhone and iPad (iOS 14.3 is required). Most games will need a gamepad to work.
Augmented Reality
The Unity/Snap deal, mentioned above, includes an AR component. Snap’s Creative Kits allows users to share their gameplay, decorating still shots or 15-second videos with branded stickers, or attaching an AR lens that has been created with game branding to share with their Snapchat friends. These shares work to acquire new users as well, as they include referral links back to the game.
Facebook’s Messenger Kids app updates with seasonal AR effects, as well as a way for parents to play Santa to kids.
Google adds an AR Baby Yoda in its Google Search app.
Baby Yoda came over for a play date. Played with Adinasi, our 13 month old, for a bit but now he wants to see all of you! Invite him over by searching for "baby yoda" in the Google app. #googlearpic.twitter.com/vtGxygEYWX
Facebook launches a TikTok-like app, Collab, that focuses on collaborative music making. TechCrunch had the exclusive interview.
Twitter launches its voice-based Spaces social networking feature, a Clubhouse rival, into beta testing. The feature lets select Twitter testers for the time being gather in audio-only chat rooms on Twitter’s platform.
Facebook relaunches Instagram Lite app, starting with a test in India before a global rollout. The app is under 2MB in size and is faster and more responsive. But it also lacks features like Reels, Shopping and IGTV.
Dating and friend-making app Bumble confidentially files for a February 2021 IPO.
Google Photos adds 3D “Cinematic” photos feature that uses machine learning to turn 2D photos into 3D — even if the original didn’t include depth information from the camera. A virtual camera then animates a smooth panning effect for a more vivid experience.
TikTok’s new guidelines strengthen policies on harassment, self-harm, violence and dangerous acts. The social app also rolled out new well-being features, like opt-in viewing screens that hide distressing content, a text-to-voice feature to make TikTok more accessible and COVID-19 vaccine info.
Halide’s developer offers a deep dive on Apple’s new ProRAW image format, which it describes as not just making RAW more powerful, but also more approachable. “ProRAW could very well change how everyone shoots and edits photos, beginners and experts alike,” a Halide blog post says. They’re not the only one singing ProRAW’s praises — Halide pointed to photographer Austin Mann’s blog post as well.
Netflix added a new audio-only mode on Android that allows users to save bandwidth and instead only listen to their program. The feature aims appeal to emerging markets users but could also serve as a way to turn Netflix into an alternative to listening to podcasts, at times.
Spotify launched on the Epic Games Store — a marketplace that’s shaping up to become a third-party app store. The two companies are both engaged with fighting Apple over its commission structure and rules on purchases.
TikTok released its first-ever U.S. music report which revealed the social app’s outsized influence on the music industry. According to the report, more than 176 different songs surpassed 1 billion video views as TikTok sounds, over 70 artists that have broken on TikTok’s platform have received major label deals, including Claire Rosinkranz, Dixie D’Amelio, Powfu, Priscilla Block and Tai Verdes, and others.
TikTok launches on TVs. The app is first available on Samsung smart TV models in Europe, but the Samsung partnership will allow it to be pre-installed going forward. The TV experience will be curated for family-friendly videos only.
Apple redesigns Shazam for iOS so it better fits with Apple Music’s design language. The app is also now available on the web. Apple recently said Shazam had over 200M MAUs across iOS and Android.
E-commerce
Image Credits: Walmart
Walmart partners with TikTok on a test of a new shoppable product that will allow TikTok users to transact within the app. The retailer will run a holiday shopping event inside TikTok, where users can shop from influencer videos. After the event, users can continue to shop from Walmart’s TikTok profile.
Shoploop, an app founded within Area 120, Google’s in-house incubator, has graduated to Google Search. The app competes with efforts in video-based shopping from Facebook, Instagram, TikTok and others. Google has now brought Shoploop’s short-form influencer videos to Google Shopping.
Discount e-commerce marketplace app Wish dropped below IPO price in its market debut. Wish opened at $22.75, below its $24 per share IPO pricing. Investors may be responding to the fact that Wish is growing slower and has a much smaller user base than top retailers, like Amazon and Walmart.
App Annie predicts U.S. users on Android will spend more than 1 billion hours in shopping apps in Q4 2020, a 50% YoY increase. Mobile sales are expected to reach $314 billion by year-end.
Security and Privacy
New mobile malware Goontact is targeting iOS and Android users in Chinese language-speaking countries, Korea and Japan. The spyware can steal contacts, SMS messages, photos and location information after a user is lured to a website hosting the spyware, which convinces them to sideload it on Android devices. On iOS, it primarily steals a phone number and contact list.
The FTC is launching an inquiry into the privacy and data collection practices of major tech firms, including Amazon, ByteDance (TikTok’s owner), YouTube, Reddit, Snap, Discord Twitter and Facebook (including WhatsApp). The companies have 45 days to comply with requests.
Reddit acquires TikTok rival Dubsmash to aid with Reddit’s video push. The company says it will integrate Dubsmash’s video creation tools into Reddit directly. Reddit had raised $20 million+ in venture funding.
MessageBird acquires real-time notifications and in-app messaging platform Pusher, based in London, for $35 million.
IntellectoKids raises $3 million from Allrise Capital and others for its edtech apps for kids aged 3 to 7 years old.
Mobile edtech startup Aceable raises $50 million to accelerate the expansion of its service for state-accredited classes.
Brainly raises $80 million for its crowdsourced homework help app now used by 350 million users.
Tap Network, a customizable rewards program used by app makers like Uber, raises $4 million.
Canadian challenger banking app Neo Financial raises $50 million CAD and expands into savings accounts.
Canvas is a new iPhone app from Occipital, the company behind RedLaster and 360 Panorama — apps that were ahead of the curve on the next frontier for iPhones. Canvas leverages the lidar scanner in the iPhone 12 Pro to create 3D scans of your home. 9to5Mac reviewed the app this week, describing the process of using Canvas as “pretty simple.” You just stand in the center of the room, then moved the photo up and down as you turn as the app overlays an AR grid on your room. The app did have some glitches with smaller rooms and alcoves. When the scan is done, you can pay a fee to have it turned into a professional CAD model for using in remodeling plans.
Gawq
Image Credits: Gawq
Gawq’snewly launched news aggregator app aims to tackle the problem of fake news and the “echo chamber” problem created by social media, where our view of the world is shaped by manipulative algorithms and personalized feeds. The app aims to present news from a range of sources, while allowing users to filter between news, opinion, paid content and more, as well as compare sources, check facts and even review the publication’s content for accuracy.
TechCrunch’s Romain Dillet looked this week at PhotoRoom, a new Android photography app that can automatically remove the background from your photo and swap it with another. The app, a YC alum, had previously been available on iOS where it competes with a variety of photo editing apps offering similar functionality.
Soosee
Soosee already operates a clever app that uses your iPhone camera to scan food labels for things you want to avoid — like dietary constraints, allergens, microplastics or antibiotics, for example. But we have to get this company a shoutout for having one of the cleanest App Store privacy labels around.
The company tweeted this in November (see below), but at the time of publication the label had been updated with exactly one item. It now collects Purchase data, under the “Data Not Linked to You” section. Good job, Soosee! Support apps like this.
We just filled in our App Store Privacy questionnaire and we’re happy with the results pic.twitter.com/SWn7513tLn
(@kevinweil) 
