Tech With Viral: April 2020

Thursday, 30 April 2020

Apple’s Q2 earnings show flat year-over-year revenue growth due to pandemic

Apple delivered a rough Q2 earnings report Thursday, besting investor expectations but showing a significant growth slowdown as the coronavirus pandemic deeply impacted the company’s business with year-over-year declines in iPhone, iPad and Mac sales.

Apple’s stock was largely unchanged in after-hours trading.

The company shared that in Q2 it earned $58.30 billion in revenue, better than the $54.54 billion investors were expecting. The figure represents 1% year-over-year revenue growth for the company.

In February, the company issued an update to its Q2 guidance, saying that it did not expect to meet its earlier estimates due to fallout driven by the COVID-19 pandemic. The company did not update its previous guidance, which said they expected to earn between $63 billion to $67 billion in Q2. Apple notably did not offer guidance for Q3 in this release.

In terms of earnings per share, the company delivered $2.55 compared to the $2.26 investors had expected. Apple also shared that they were increasing their share buyback program by $50 billion and would be hiking dividends by 6%.

Apple saw year-over-year declines in its iPhone, iPad and Mac categories, only showing gains in Services and its “Wearables, Home and Accessories” category. Hardware as a whole was down year-over-year. The company posted $28.96 billion in net iPhone sales compared to $31.05 billion in Q2 2019.

After a very rough March, most big tech stocks have been roaring back into growth in April. Apple is in a more difficult position than other ad-driven businesses given the global complexity of its hardware supply chain.

“We are proud of our Apple teams around the world and how resilient our business and financial performance has been during these challenging times,” Apple CFO Luca Maestri said in a statement accompanying the release.

from Apple – TechCrunch https://ift.tt/2SoFPOd

Smartphone shipments dropped 13% globally, and COVID-19 is to blame

We knew it was going to be bad — but not necessarily “lowest level since 2013” bad. As Apple was busy reporting its earnings, Canalys just dropped some of its own figures — and they’re not pretty. After two quarters of much-needed growing, the global smartphone market just took a big hit. And you no doubt already know who the culprit is.

The mobile industry joins countless others that have taken a massive hit due to the COVID-19 pandemic, with shipments dropping 13% from this time last year. Here’s a graph for those of you who are visual learners:

Analyst Ben Stanton used the word “crushed” to describe the novel coronavirus’s impact on the mobile market. “In February, when the coronavirus was centered on China, vendors were mainly concerned about how to build enough smartphones to meet global demand,” he writes. “But in March, the situation flipped on its head. Smartphone manufacturing has now recovered, but as half the world entered lockdown, sales plummeted.”

First it was impact on the global supply chain, which is centered in Asia, along with a drop in demand among consumers in China. As Europe, the U.S. and other locations continue to live under shelter in place order, demand in those markets has taken a significant hit. People are stuck inside and many have lost jobs — it’s not really the ideal time to consider shelling out $1,000+ for what still seems a luxury for many.

Samsung regained the top spot, while still losing significant numbers. Both it and the number two company, Huawei, were down 17% for the quarter. Apple, at number three, dropped 8%. Chinese manufacturers Xiaomi and Vivo saw some gains, at 9- and 3%, respectively.

There are bound to be rough times ahead as well. Per Stanton, “Most smartphone companies expect Q2 to represent the peak of the coronavirus’ impact.” Apple noted the uncertainty of its own earnings by opting not to issue guidance for next quarter.

from Apple – TechCrunch https://ift.tt/3c4tG9f

iPhone sales are down, ahead of uncertain times for the industry

Stop me if you’ve heard this one before: Apple device sales have taken a hit, but the company’s services are doing swell. The iPhone, the longtime cornerstone of the company’s hardware portfolio hit $28.96 billion in revenue for Q2, down from $31.1 billion from this time last year. The iPad and Mac lines saw drops for the quarter, as well.

The company had already sounded the alarm bells for a weakened demand, due to the growing threat of COVID-19. Way back in February, Apple noted that the coming pandemic was set to both impact the global supply chain and weaken demand in China. “All of our stores in China and many of our partner stores have been closed. Additionally, stores that are open have been operating at reduced hours and with very low customer traffic,” it said at the time.

Apple’s Q2 earnings show flat year-over-year revenue growth due to pandemic

While aspects of life have returned to normal in China, the virus has subsequently taken a huge hit to much of the rest of the world, including Apple’s home in the U.S., which continues to lead the world in COVID-19 cases.

Unsurprisingly, CEO Tim Cook struck a consolatory note in a press release, in spite of the company’s decision not to offer third-quarter guidance. “Despite COVID-19’s unprecedented global impact, we’re proud to report that Apple grew for the quarter, driven by an all-time record in services and a quarterly record for wearables,” he writes.

Wearables were, indeed, up. The category, which also includes home and accessory products like the HomePod, was up to $6.3 billion from $5.1 billion. The category continues to be a success on the strength of the Apple Watch and AirPods lines. Services, too, continue to grow steadily, up to $13.3 billion from $11.5 billion. That category seems to be a reasonably safe bet, as users turn to offerings like Apple Music and Apple TV+ during the on-going stay at home period.

The next iPhone could be delayed a month, as pandemic wears on

The future for smartphones continues to be a rocky one, going forward. The company recently introduced the SE in a bid to appeal to consumers put off by $1,000+ price tags. And Apple’s certainly not alone there. The entire industry has taken a hit in recent years, well before the arrival of the novel coronavirus.

Apple and other companies were expected to get a boost from the arrival of 5G, though everything is currently up in the air, due to the pandemic. That reportedly also includes the arrival of a 5G iPhone, which is said to have potentially been pushed back a month over supply chain issues.

from iPhone – TechCrunch https://ift.tt/3aRLKlh

iPhone sales are down, ahead of uncertain times for the industry

Apple’s Q2 earnings show flat year-over-year revenue growth due to pandemic

The next iPhone could be delayed a month, as pandemic wears on

from Apple – TechCrunch https://ift.tt/3aRLKlh

Apple will make it easier to unlock your iPhone while wearing a face mask

Face ID was a great idea — until large swathes of the world were forced to wear face masks, rendering it largely useless.

Apple has apparently heard our pain.

Users are reporting a subtle new feature in the latest developer version of iOS 13.5 that will make it easier to unlock your iPhone without having to take off your protective face mask.

Videos shared on Twitter by Robert Petersen and Guilherme Rambo show that Apple devices with Face ID will jump to the backup passcode-entry screen if it detects a mask. That’s not only helpful if you’re unlocking your phone dozens of times a day — which we all do — but it’s also helping to keep people safe by not forcing users to take off their masks, potentially exposing themselves to the virus.

Apple’s new Face ID unlock feature in iOS 13.5 beta (Source: Guilherme Rambo)

It’s not known if this feature will land in the final version of the software update. But one feature that will be included for sure is a new contact tracing API, built by Apple and Google in partnership, which lets national health authorities build apps that can help users privately and anonymously find out if they’ve been exposed to someone with coronavirus.

iOS 13.5 is expected to land in the coming weeks.

from iPhone – TechCrunch https://ift.tt/3cXO1wF

Daily Crunch: Apple and Google begin releasing their exposure notification API

Apple and Google ask for developer feedback on their contact tracing efforts, Facebook sees a “significant reduction” in ads and Microsoft makes life easier for IT managers.

Here’s your Daily Crunch for April 30, 2020.

1. Apple and Google release first seed of COVID-19 exposure notification API for contact tracing app developers

This is a developer-focused release, and it’s a seed of the API in development, with the primary intent of collecting feedback from developers who will be using the API to create new contact tracing and notification apps on behalf of public health agencies.

Apple and Google first announced the combined API and eventual system-level contact tracing feature on April 10, and intend to release the first version of the API publicly in mid-May, with system-level integration to follow in the coming months. The tech is designed to be privacy-preserving, ensuring that contact IDs are rotating and randomized, and never tied to an individual’s specific identifying information.

2. Facebook stock spikes despite ‘significant reduction’ in demand for ads

While Facebook’s ad revenues in Q1 increased by 17% year-over-year growth, Facebook used its earnings announcement to hedge expectations for Q2. In its release, the company said it saw “a significant reduction in the demand for advertising, as well as a related decline in the pricing of our ads, over the last three weeks of the first quarter of 2020.”

3. Microsoft makes it easier to get started with Windows Virtual Desktops

Microsoft announced a slew of updates to various parts of its Microsoft 365 ecosystem. The thrust is to make life easier for the IT admins that help provision and manage corporate Windows — and Mac — machines, something that’s even more important as many companies try to adapt to a new work-from-home environment.

4. Twitter Q1: sales up 3% to $808M as it swings to a loss on COVID-19, mDAUS hit record 166M

None of this should come as a surprise. Twitter announced more than a month ago that it was removing its own financial guidance because of the instability of its business due to COVID-19, noting only that it would be lower than expected.

5. Freada Kapor Klein warns of ‘vulture capitalists’ during pandemic

“We have seen a lot of VCs acting incredibly badly in the last couple of weeks — taking advantage of startups that are in a precarious position,” Kapor Capital’s Fraeda Kapor Klein told us. (Extra Crunch membership required.)

6. Here’s what NASA’s Mars helicopter will look like when it makes history with the first extraterrestrial powered flight

NASA’s Jet Propulsion Laboratory created a trailer of sorts to show you approximately what the flight will look like, sometime after the Mars 2020 mission’s targeted February 18, 2021 arrival date.

7. With fresh support from its billionaire backers, Pivot Bio is ushering in a farming revolution

Pivot uses genetically edited microbes to replicate the work that naturally occurring bacteria had done for millions of years to fix nitrogen in the soil.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

from Apple – TechCrunch https://ift.tt/2zLzTIL

Apple exec Cynthia Hogan joins Biden’s VP vetting team

Joe Biden’s campaign this morning announced that it has chosen a team to vet potential running mates for the presumptive Democratic presidential nominee. The four-person committee three high-profile Democratic politicians: Senator Chris Dodd, Congresswoman Lisa Blunt and Eric Garcetti, the mayor of Los Angeles, who has been in the spotlight recently, as his city has grappled with the COVID-19 pandemic.

Also on the list is Cynthia Hogan, who has been Apple’s Vice President for Public Policy and Government Affairs since May 2016. “Cynthia’s intellect and judgment have consistently distinguished her as a uniquely talented professional and we’re lucky to have her join the team at Apple,” Apple’s Lisa Jackson said when she joined.

The D.C.-based executive’s experience with politics — and Biden specifically — dates back well before that. Prior to reentering the corporate world, Hogan served as Biden’s Chief Counsel — first during his time in the Senate and then as Vice President. Hogan also spent two years as the Vice President of Public Policy for the NFL.

“Selecting a vice presidential candidate is one of the most important decisions in a presidential campaign and no one knows this more than Joe Biden,” campaign manager Jen O’Malley Dillon wrote in a statement issued today. “These four co-chairs reflect the strength and diversity of our party, and will provide tremendous insight and expertise to what will be a rigorous selection and vetting process.”

Choosing a running mate is never an easy task, though the 2020 campaign is particularly fraught. Biden’s team will help the candidate choose between a more progressive pick to cater to the left-leaning wing of a frayed Democratic Party or a more conservative choice to cater to GOP voters dismayed by Trump’s polarizing presidency.

Biden has previously said he plans to chose a woman as a running mate — a decision he is expected to reveal as early as July. Plenty of names have been floated, included former presidential candidates Kamala Harris, Amy Klobuchar and Elizabeth Warren, as well as other prominent Democratic politicians including Stacey Abrams.

from Apple – TechCrunch https://ift.tt/3f64DUX

Wednesday, 29 April 2020

Meet EventBot, a new Android malware that steals banking passwords and two-factor codes

Security researchers are sounding the alarm over a newly discovered Android malware that targets banking apps and cryptocurrency wallets.

The malware, which researchers at security firm Cybereason recently discovered and called EventBot, masquerades as a legitimate Android app — like Adobe Flash or Microsoft Word for Android — which abuses Android’s in-built accessibility features to obtain deep access to the device’s operating system.

Once installed — either by an unsuspecting user or by a malicious person with access to a victim’s phone — the EventBot-infected fake app quietly siphons off passwords for more than 200 banking and cryptocurrency apps — including PayPal, Coinbase, CapitalOne and HSBC — and intercepts and two-factor authentication text message codes.

With a victim’s password and two-factor code, the hackers can break into bank accounts, apps and wallets, and steal a victim’s funds.

“The developer behind Eventbot has invested a lot of time and resources into creating the code, and the level of sophistication and capabilities is really high,” Assaf Dahan, head of threat research at Cybereason, told TechCrunch.

The malware quietly records every tap and key press, and can read notifications from other installed apps, giving the hackers a window into what’s happening on a victim’s device.

Over time, the malware siphons off banking and cryptocurrency app passwords back to the hackers’ server.

The researchers said that EventBot remains a work in progress. Over a period of several weeks since its discovery in March, the researchers saw the malware iteratively update every few days to include new malicious features. At one point the malware’s creators improved the encryption scheme it uses to communicate with the hackers’ server, and included a new feature that can grab a user’s device lock code, likely to allow the malware to grant itself higher privileges to the victim’s device like payments and system settings.

But while the researchers are stumped as to who is behind the campaign, their research suggests the malware is brand new.

“Thus far, we haven’t observed clear cases of copy-paste or code reuse from other malware and it seems to have been written from scratch,” said Dahan.

Android malware is not new, but it’s on the rise. Hackers and malware operators have increasingly targeted mobile users because many device owners have their banking apps, social media, and other sensitive services on their device. Google has improved Android security in recent years by screening apps in its app store and proactively blocking third-party apps to cut down on malware — with mixed results. Many malicious apps have evaded Google’s detection.

Cybereason said it has not yet seen EventBot on Android’s app store or in active use in malware campaigns, limiting the exposure to potential victims — for now.

But the researchers said users should avoid untrusted apps from third-party sites and stores, many of which don’t screen their apps for malware.

Millions downloaded dozens of Android apps from Google Play that were infected with adware

from Android – TechCrunch https://ift.tt/3aOYaKP
via IFTTT

TikTok tops 2 billion downloads

TikTok, the widely popular video sharing app developed by one of the world’s most valued startups (ByteDance), continues to grow rapidly despite suspicion from the U.S. as more people look for ways to keep themselves entertained amid the coronavirus pandemic.

The global app and its Chinese version, called Douyin, have amassed over 2 billion downloads on Google Play Store and Apple’s App Store, mobile insight firm Sensor Tower said Wednesday.

TikTok is the first app after Facebook’s marquee app, WhatsApp, Instagram and Messenger to break past the 2 billion downloads figure since January 1 of 2014, a Sensor Tower official told TechCrunch. (Sensor Tower began its app analysis on that date.)

A number of apps from Google, the developer of Android, including Gmail and YouTube, have amassed over 5 billion downloads, but they ship pre-installed on most Android smartphones and tables.

TikTok’s 2 billion download milestone, a key metric to assess an app’s growth, comes five months after it surpassed 1.5 billion downloads.

In the quarter that ended on March 31, TikTok was downloaded 315 million times, surpassing its previous best of 205.7 million downloads in Q4 2018. Facebook’s WhatsApp, the second most popular app by volume of downloads, amassed nearly 250 million downloads in Q1 this year, Sensor Tower told TechCrunch.

As the app gains popularity, it is also clocking more revenue. Users have spent about $456.7 million on TikTok to date, up from $175 million five months ago. Much of this spending — about 72.3% — has happened in China. Users in the United States have spent about $86.5 million on the app, making the nation the second most important market for TikTok from the revenue standpoint.

Craig Chapple, a strategist at Sensor Tower, said that not all the downloads are as organic as TikTok, which launched outside of China in 2017 and has engaged in a “large user acquisition campaign.” But he attributed some of the surge in downloads to the COVID-19 outbreak that has driven more people than ever to look for new apps.

India, TikTok’s largest international market, accounts for 30.3% of the app’s downloads, according to Sensor Tower. The app has been downloaded 611 million times in the world’s second largest internet market.

From a platform’s standpoint, 75.5% of all of TikTok’s downloads have occurred through Google Play Store. But the vast majority of spending has come from users on Apple’s ecosystem ($435.3 million of $456 million).

from Android – TechCrunch https://ift.tt/3d2pWoq
via IFTTT

TikTok tops 2 billion downloads

TikTok, the widely popular video sharing app developed by one of the world’s most valued startup (ByteDance), continues to grow rapidly despite suspicion from the U.S. as more people look for ways to keep themselves entertained amid the coronavirus pandemic.

The global app and its Chinese version, called Douyin, have amassed over 2 billion downloads on Google Play Store and Apple’s App Store, mobile insight firm SensorTower said Wednesday.

TikTok is the first app after Facebook’s marquee app, WhatsApp, Instagram, and Messenger to break past the 2 billion downloads figure since January 1 of 2014, a SensorTower official told TechCrunch. (SensorTower began its app analysis on that date.)

A number of apps from Google, the developer of Android, including Gmail and YouTube have amassed over 5 billion downloads, but they ship pre-installed on most Android smartphones and tables.

TikTok’s 2 billion download milestone, a key metric to assuage an app’s growth, comes five months after it surpassed 1.5 billion downloads.

As the app gains popularity, it is also clocking more revenue. Users have spent about $456.7 million on TikTok to date, up from $175 million five months ago. Much of these spends — about 72.3% — has happened in China. Users in the United States have spent about $86.5 million on the app, making the nation the second most important market for TikTok from revenue standpoint.

Craig Chapple, a strategist at SensorTower, said that not all the downloads are organic as TikTok, which launched outside of China in 2017, has engaged in a “large user acquisition campaign.” But he attributed some of the surge in downloads to the COVID-19 outbreak that has driven more people than ever to look for new apps.

India, TikTok’s largest international market, accounts for the app’s 30.3% downloads, according to SensorTower. The app has been downloaded 611 million times in the world’s second largest internet market.

From a platform’s stand point, 75.5% of all of TikTok’s downloads have occurred through Google Play Store. But the vast majority of spendings have come from users on Apple’s ecosystem ($435.3 million of $456 million).

from Apple – TechCrunch https://ift.tt/3d2pWoq

Apple will make it easier to unlock your iPhone while wearing a face mask

Face ID was a great idea — until large swathes of the world were forced to wear face masks, rendering it largely useless.

Apple has apparently heard our pain.

Users are reporting a subtle new feature in the latest developer version of iOS 13.5 that will make it easier to unlock your iPhone without having to take off your protective face mask.

Apple’s new Face ID unlock feature in iOS 13.5 beta (Source: Guilherme Rambo)

iOS 13.5 is expected to land in the coming weeks.

from Apple – TechCrunch https://ift.tt/3cXO1wF

Apple and Google release first seed of COVID-19 exposure notification API for contact tracing app developers

Apple and Google have released the very first version of their exposure notification API, which they previously called the contact tracing API. This is a developer-focused release, and is a seed of the API in development with the primary intent of collecting feedback from developers who will be using the API to create new contract tracing and notification apps on behalf of public health agencies.

Last week, Apple CEO Tim Cook told EU Commissioner Thierry Breton that the API would be arriving shortly, and this version is indeed now available – albeit to a specific and limited group that includes select developers working on behalf of public health authorities globally, according to the companies. This is a test release that’s intended to provide the opportunity for development and feedback in advance of the API’s public release in mid-May, at which time developers will be able to use the software feature on devices with publicly available apps released through the iOS and Google software stores, respectively.

Apple and Google say they will be providing additional details this coming Friday about the API and its release, including sample code to show how it operates in practice. Both are intent on providing updates to the documentation as they become available, and in adding access to new developers throughout testing, though this will be gated because the companies are limiting access to this API to authorized public health authorities only.

Already, Apple and Google have made available documents that describe the specification in detail on its respective developer websites, and it provided an update with improvements to the tech’s functioning, including in terms of its protection of user privacy, and the ease with which developers can deploy it within their apps, as discussed during a press call last week.

This update includes an added ability for health authorities to define and calcite an exposure risk level for individuals based on their own criteria, since that varies organization to organization. This will be variable based on approximate distance of an individual to a confirmed exposed COVID-19 patient, as well as the duration of that exposure. Developers can customize notification messaging based on their defined exposure levels to ensure alerts correspond correctly to calculated risk.

Apple and Google first announced the combined API and eventual system-level contact tracing feature on April 10, and intend to release the first version of the API publicly in mid-May, with the system-level integration to follow in the coming months. The tech is designed to be privacy-preserving, ensuring that contact IDs are rotating and randomized, and never tied to an individual’s specific identifying information.

from Android – TechCrunch https://ift.tt/3bMFlt6
via IFTTT

Apple and Google release first seed of COVID-19 exposure notification API for contact tracing app developers

Apple and Google first announced the combined API and eventual system-level contact tracing feature on April 10, and intend to release the first version of the API publicly in mid-May, with the system-level integration to follow in the coming months. The tech is designed to be privacy-preserving, ensuring that contact IDs are rotating and randomized, and never tied to an individual’s specific identifying information.

from Apple – TechCrunch https://ift.tt/3bMFlt6

When regulation presents a (rare) opportunity

Bradley Tusk Contributor

Bradley Tusk is the founder and CEO of Tusk Ventures.

Fairphone teams up with /e/OS on a box-fresh ‘deGoogled’ handset

The makers of the world’s most ethical smartphone, the Fairphone 3, have teamed up for a version of the device with even less big tech on board.

The Netherlands-based device maker has partnered with France’s /e/OS to offer a ‘de-Googled’ version of its latest handset, running an Android AOSP fork out of the box that’s itself built atop a fork of CyanogenMod (remember them?) — called LineageOS (via Engadget).

“The deGoogled Fairphone 3 is most likely the first privacy conscious and sustainable phone,” runs the blurb on /e/OS’ website. “It combines a phone that cares for people and planet and an OS and apps that care for your privacy.”

A pithy explainer of its “privacy by design ecosystem” — and the point of “Android without Google” — further notes: “We have removed many pieces of code that send your personal data to remote servers without your consent. We don’t scan your data in your phone or in your cloud space, and we don’t track your location hundred times a day or collect what you’re doing with your apps.”

When the Fairphone 3 launched last September it came with Android 9 preloaded. But the company touted a post-launch update that would make it easy for buyers to wipe Google services off their slate and install the Android Open Source Project, which it recommended for advanced users.

The new /e/OS flavor offers a third OS option.

Per Engadget, Fairphone said it polled members of its community asking which alternative OS to offer and /e/OS got more votes than a number of others. The company also highlighted /e/OS’ privacy by design as a factor in the choice, lauding how it shuts down “unwanted data flows”, meaning users have more control over what their phone is doing.

The e/OS flavor of the Fairphone 3 ships from May 6, priced at just under €480 — a €30 premium on the Googley flavor of Android you get on the standard Fairphone 3.

Existing owners of Fairphone’s third gen handset can manually install /e/OS gratis via an installer on its website.

When the Fairphone 3 launched last year the company told us only around 5% of Fairphone users opt to go full open source — which suggests the /e/OS Fairphone 3 will be a niche choice for even these discerning buyers.

Can Fairphone 3 scale ethical consumer electronics?

from Android – TechCrunch https://ift.tt/35hoH2e
via IFTTT

UK privacy and security experts warn over coronavirus app mission creep

A number of UK computer security and privacy experts have signed an open letter raising transparency and mission creep concerns about the national approach to develop a coronavirus contacts tracing app.

The letter, signed by 177 academics, follows a similar letter earlier this month signed by around 300 academics from across the world, who urged caution over the use of such tech tools and called for governments that choose to deploy digital contacts tracing to use privacy-preserving techniques and systems.

“We urge that the health benefits of a digital solution be analysed in depth by specialists from all relevant academic disciplines, and sufficiently proven to be of value to justify the dangers involved,” the UK academics write now, directing their attention at NHSX, the digital arm of the National Health Service which has been working on building a digital contacts tracing app since early March.

“It has been reported that NHSX is discussing an approach which records centrally the de-anonymised ID of someone who is infected and also the IDs of all those with whom the infected person has been in contact. This facility would enable (via mission creep) a form of surveillance.”

Yesterday the NHSX’s CEO, Matthew Gould, was giving evidence to the UK parliament’s Science and Technology committee. He defended the approach it’s taking — claiming the forthcoming app uses only “a measure of centralization”, and arguing that it’s a “false dichotomy” to say decentralized is privacy secure and centralized isn’t.

He went on to describe a couple of scenarios he suggested show why centralizing the data is necessary in the NHSX’s view. But in the letter the UK academics cast doubt on the validity of the central claim, writing that “we have seen conflicting advice from different groups about how much data the public health teams need“.

“We hold that the usual data protection principles should apply: collect the minimum data necessary to achieve the objective of the application,” they continue. “We hold it is vital that if you are to build the necessary trust in the application the level of data being collected is justified publicly by the public health teams demonstrating why this is truly necessary rather than simply the easiest way, or a ‘nice to have’, given the dangers involved and invasive nature of the technology.”

Europe has seen fierce debate in recent weeks over the choice of app architecture for government-backed coronavirus contacts tracing apps — with different coalitions forming to back decentralized and centralized approaches and some governments pressuring Apple over backing the opposing horse with a cross-platform API for national coronavirus contacts tracing apps it’s developing with Android-maker Google.

Most of the national apps in the works in the region are being designed to use Bluetooth proximity as a proxy for calculating infection risk — with smartphone users’ devices swapping pseudonymized identifiers when near each other. However privacy experts are concerned that centralized stores of IDs risk creating systems of state surveillance as the data could be re-identified by the authority controlling the server.

Alternative decentralized systems have been proposed, using a p2p system with IDs stored locally. Infection risk is also calculated on device, with a relay server used only to push notifications out to devices — meaning social graph data is not systematically exposed.

Although this structure does require the IDs of people who have been confirmed infected to be broadcast to other devices — meaning there’s a potential for interception and re-identification attacks at a local level.

At this stage it’s fair to say that the momentum in Europe is behind decentralized approaches for the national contacts tracing apps. Notably Germany’s government switched from previously backing a centralized approach to decentralized earlier this week, joining a number of others (including Estonia, Spain and Switzerland) — which leaves France and the UK the highest profile backers of centralized systems for now.

France is also seeing expert debate over the issue. Earlier this week a number of French academics signed a letter raising concerns about both centralized and decentralized architectures — arguing that “there should be important evidence in order to justify the risks incurred” of using any such tracking tools.

In the UK, key concerns being attached to the NHSX app are not only the risk of social graph data being centralized and reidentified by the state — but also scope/function creep.

Gould said yesterday that the app will iterate, adding that future versions could ask people to voluntarily give up more data such as their location. And while the NHSX has said use of the app will be voluntary, if multiple functions get baked in that could raise questions over the quality of the consent and whether mission creep is being used as a lever to enforce public uptake.

Another concern is that a public facing branch of the domestic spy agency, GCHQ, has also been involved in advising on the app architecture. And yesterday Gould dodged the committee’s direct questions on whether the National Cyber Security Centre (NCSC) had been involved in the decision to select a centralized architecture.

There may be more concerns on that front, too. Today the HSJ reports that health secretary Matt Hancock recently granted new powers to the UK’s intelligence agencies which mean they can require the NHS to disclose any information that relates to “the security” of the health service’s networks and information systems during the pandemic.

Such links to database-loving spooks are unlikely to quell privacy fears.

There is also concern about how involved the UK’s data watchdog has been in the detail of the app’s design process. Last week the ICO’s executive director, Simon McDougall, was reported to have told a public forum he had not seen plans for the app, although the agency put out a statement on April 24 saying it was working with NHSX “to help them ensure a high level of transparency and governance”.

Yesterday Gould also told the committee the NHSX would publish data protection impact assessments (DPIAs) for each iteration of the app, though none has yet been published.

He also said the software would be “technically” ready to launch in a few weeks’ time — but could not confirm when the code would be published for external review.

In their letter, the UK academics call on NHSX to publish a DPIA for the app “immediately”, rather than dropping it right before deployment, to allow for public debate about the implications of its use and in order that that public scrutiny can take place of the claimed security and privacy safeguards.

The academics are also calling for the unit to publicly commit to no database or databases being created that would allow de-anonymization of users of the system (other than those self reporting as infected), and which could therefore allow the data to be used for constructing users’ social graphs.

They also urge the NHSX to set out details on how the app will be phased out after the pandemic has passed — in order “to prevent mission creep”.

Asked for a commitment on the database point, an NHSX spokesman told us that’s a question for the UK’s Department of Health and Social Care and/or the NCSC — which won’t salve any privacy concerns around the governments’ wider plans for app users’ data.

We also asked when the NHSX will be publishing a DPIA for the app. At the time of writing we were still waiting for a response.

from Android – TechCrunch https://ift.tt/2SkZuyu
via IFTTT

UK privacy and security experts warn over coronavirus app mission creep

The letter, signed by around 150 academics, follows a similar letter earlier this month signed by around 300 academics from across the world, who urged caution over the use of such tech tools and called for governments that choose to deploy digital contacts tracing to use privacy-preserving techniques and systems.

In the UK, key concerns being attached to the NHSX app are not only the risk of social graph data being centralized and reidentified by the state — but also scope/function creep.

Such links to database-loving spooks are unlikely to quell privacy fears.

Yesterday Gould also told the committee the NHSX would publish data protection impact assessments (DPIAs) for each iteration of the app, though none has yet been published.

He also said the software would be “technically” ready to launch in a few weeks’ time — but could not confirm when the code would be published for external review.

They also urge the NHSX to set out details on how the app will be phased out after the pandemic has passed — in order “to prevent mission creep”.

We also asked when the NHSX will be publishing a DPIA for the app. At the time of writing we were still waiting for a response.

from Apple – TechCrunch https://ift.tt/2SkZuyu

Tuesday, 28 April 2020

Apple adds COVID-19 testing sites to Maps across the U.S., and shares more mobility data

Apple has now added COVID-19 testing sites to its Apple Maps app across the U.S., covering all 50 states and Puerto Rico. The update provide testing locations including hospitals, clinics, urgent car facilities, general practitioners, pharmacies and more, as well as dedicated COVID-19 testing sites, where tests are available. In addition, COVID-19 is now a prioritized point-of-interest option when you go to search for locations. Apple also updated its new Mobility Trends website, which provides free access to anonymized, aggregated data bout how people are getting around their cities and regions during the COVID-19 crisis.

The Maps update was reported last week, first spotted by 9to5Mac through a portal that Apple created in order to allow test site providers to provide their site location so that it could be added to the database. Now, it’s live and lives alongside other prioritized search options in Maps, which have been customized for the pandemic, and which include grocery stores, food delivery, pharmacies, hospitals and urgent care facilities.

As for the Mobility Trends site, it now includes improved regionalization, like state or province level search, depending on what terms a country uses, and it’s also been better localized, including use of a area’s local name added to search results to ensure that everyone can find what they’re looking for globally. Also, in the U.S., there are now more cities available to review.

Apple’s made this data available in order to help governments, transportation authorities and cities make better sense of the impact that the ongoing pandemic is having, and potentially provide information about the effective of, and compliance rate with, efforts like broad social distancing measures and shelter-in-place orders. The data comes from info about what methods of directions users are selecting within the Maps app, but it’s worth noting that Apple’s Maps app has privacy built-in by default, so it doesn’t collect any personal information along with guidance search info.

from Apple – TechCrunch https://ift.tt/2zxoVq2

UK’s coronavirus contacts tracing app could ask users to share location data

More details have emerged about a coronavirus contacts tracing app being developed by UK authorities. NHSX CEO, Matthew Gould, said today that future versions of the app could ask users to share location data to help authorities learn more about how the virus propagates.

Gould, who heads up the digital transformation unit of the UK’s National Health Service, was giving evidence to the UK parliament’s Science & Technology Committee today.

At the same time, ongoing questions about the precise role of the UK’s domestic spy agency in key decisions about the NHSX’s choice of a centralized app architecture means privacy concerns are unlikely to go away — with Gould dodging the committee’s about GCHQ’s role.

A basic version of the NHSX’s coronavirus contacts tracing app is set to be tested in a small geographical region in the next 1-2 weeks, per Gould — who said “technically” it would be ready for a wider rollout in 2-3 weeks’ time.

Although he emphasized that any launch would need to be part of a wider government strategy which includes extensive testing and manual contacts tracing, along with a major effort to communicate to the public about the purpose and importance of the app as part of a combined response to fighting the virus.

In future versions of the app, Gould suggested users could be asked to contribute additional data — such as their location — in order to help epidemiologists identify infection hot spots, while emphasizing that such extra contributions would be voluntary.

“The app will iterate. We’ve been developing it at speed since the very start of the situation but the first version that we put out won’t have everything in it that we would like,” he said. “We’re quite keen, though, that subsequent versions should give people the opportunity to offer more data if they wish to do so.

“So, for example, it would be very useful, epidemiologically, if people were willing to offer us not just the anonymous proximity contacts but also the location of where those contacts took place — because that would allow us to know that certain places or certain sectors or whatever were a particular source of proximity contacts that subsequently became problematic.”

“If people were willing to do that — and I suspect a significant proportion of people would be willing to do that — then I think that would be very important data because that would allow us to have an important insight into how the virus was propagated,” he added.

For now, the basic version of the contacts tracing app the NHSX is devising is not being designed to track location. Instead, it will use Bluetooth as a proxy for infection risk, with phones that come into proximity swapping pseudonymized identifiers that may later be uploaded to a central server to calculate infection risk related to a person’s contacts.

Bluetooth proximity tracking is now being baked into national contacts tracing apps across Europe and elsewhere, although app architectures can vary considerably.

The UK is notable for being one of now relatively few European countries that have opted for a centralized model for coronavirus contacts tracing, after Germany switched its choice earlier this week.

France is also currently planning to use a centralized protocol. But countries including Estonia, Switzerland and Spain have said they will deploy decentralized apps — meaning infection risk calculations will be performed locally, on device, and social graph data will not be uploaded to a central authority.

Centralized approaches to coronavirus contact tracing have raised substantial privacy concerns as social graph data stored on a central server could be accessed and re-identified by the central authority controlling the server.

Apple and Google’s joint effort on a cross-platform API for national coronavirus contacts tracing apps is also being designed to work with decentralized approaches — meaning countries that want to go against the smartphone platform grain may face technically challenges such as battery drain and usability.

The committee asked Gould about the NHSX’s decision to develop its own app architecture, which means having to come up with workarounds to minimize issues such as battery drain because it won’t just be able to plug into the Apple-Google API. Yesterday the unit told the BBC how it’s planning to do this, while conceding its workaround won’t be as energy efficient as being able to use the API.

“We are co-operating very closely with a range of other countries. We’re sharing code, we’re sharing technical solutions and there’s a lot of co-operation but a really key part of how this works is not just the core Bluetooth technology — which is an important part of it — it’s the backend and how it ties in with testing, with tracing, with everything else. So a certain amount of it necessarily has to be embedded in the national approach,” said Gould, when asked why NHSX is going to the relative effort and hassle of developing its own bespoke centralized system rather than making use of protocols developed elsewhere.

“I would say we are sensibly trying to learn international best practice and share it — and we’ve shared quite a lot of the technological progress we’ve made in certain areas — but this has to embed in the wider UK strategy. So there’s an irreducible amount that has to be done nationally.”

On not aligning with Apple and Google’s decentralized approach specifically, he suggested that waiting for their system-wide contact tracing product to be released — due next month — would “slow us down quite considerably”. (During the committee hearing it was confirmed the first meeting relating to the NHSX app took place on March 7.)

While on the wider decision not to adopt a decentralized architecture for the app, Gould argued there’s a “false dichotomy” that decentralized is privacy secure and centralized isn’t. “We firmly believe that both our approach — though it has a measure of centralization in as much as your uploading the anonymized identifiers in order to run the cascades — nonetheless preserves people’s privacy in doing so,” he said.

“We don’t believe that’s a privacy endangering step. But also by doing so it allows you to see the contact graph of how this is propagating and how the contacts are working across a number of individuals, without knowing who they are, that allows you to do certain important things that you couldn’t do if it was just phone to phone propagation.”

He gave the example of detecting malicious use of contacts tracing being helped by being able to acquire social graph data. “One of the ways you can do that is looking for anomalous patterns even if you don’t know who the individuals are you can see anomalous propagation which the approach we’ve taken allows,” he said. “We’re not clear that a decentralized approach allows.”

Another example he gave was a person declaring themselves symptomatic and a cascade being run to notify their contacts and then that person subsequently testing negative.

“We want to be able to release all the people that have been given an instruction to isolate previously on the basis of [the false positive person] being symptomatic. If it was done in an entirely decentalized way that becomes very difficult,” he suggested. “Because it’s all been done phone to phone you can’t go back to those individuals to say you don’t have to be locked down because your index case turned out to be negative. So we really believe there are big advantages the way we’re doing it. But we don’t believe it’s privacy endangering.”

Responding to the latter claim, Dr Michael Veale — a lecturer in digital rights and regulation at UCL who is also one of the authors of a decentalized protocol for contacts tracing, called DP-3T, that’s being adopted by a number of European governments — told us: “It is trivial to extend a decentralised system to allow individuals to upload ‘all clear’ keys too, although not something that DP-3T focussed on building in because to my knowledge, it is only the UK that wishes to allow these cascades to trigger instructions to self-isolate based on unverified self-reporting.”

In the decentralized scenario, “individuals would simply upload their identifiers again, flagging them as ‘false alarm’, they would be downloaded by everyone, and the phones of those who had been told to quarantine would notify the individual that they no longer needed to isolate”, Veale added — explaining how a ‘false alarm’ notification could indeed be sent without a government needing to centralize social graph data.

The committee also asked Gould directly whether UK spy agency, GCHQ, was involved in the decision to choose a centralized approach for the app. The BBC reported yesterday that experts from the cyber security arm of the spy agency, the National Cyber Security Centre (NCSC), had aided the effort.

At first pass Gould dodged the question. Pressed a second time he dodged a direct answer, saying only that the NCSC were “part of the discussions in which we decided to take the approach that we’ve taken”.

“[The NCSC] have, along with a number of others — the Information Commission’s Office, the National Data Guardian, the NHS — been advising us. And as the technical authority for cyber security I’m very glad to have had the NCSC’s advice,” he also said.

“We have said will will open source the software, we have said we will publish the privacy model and the security model that’s underpinning what we’re going to do,” he added. “The whole model rests on people having randomized IDs so the only point in the process at which they need to say to us who they are is when they need to order a test having become symptomatic because it’s impossible to do that otherwise.

“They will have the choice both to download the app and turn it on but also to upload the list of randomized IDs of people they’ve been in touch with. They will also have the choice at any point to delete the app and all the data that they haven’t shared with us up to that point with it. So I do believe that what we’ve done is respectful of people’s privacy but at the same time effective in terms of being able to keep people safe.”

Gould was unable to tell the committee when the app’s code will be open sourced, or even confirm it would happen before the app was made available. But he did say the unit is committed to publishing data protection impact assessments — claiming this would be done “for each iteration” of the app.

“At every stage we will do a data protection impact assessment, at every stage we’ll make sure the information commission know’s what we’re doing and is comfortable with what we’re doing so we will proceed carefully and make sure what we do is compliant,” he said.

At another point in the hearing, Lillian Edwards, a professor of law, innovation and society at Newcastle Law School who was also giving evidence, pointed out that the Information Commissioner’s Office’s executive director, Simon McDougall, told a public forum last week that the agency had not in fact seen details of the app plan.

“There has been a slight information gap there,” she suggested. “This is normally a situation with an app that is high risk stakes involving very sensitive personal data — where there is clearly a GDPR [General Data Protection Regulation] obligation to prepare a Data Protection Impact Assessment — where one might have thought that prior consultation and a formal sign off by the ICO might have been desirable.”

“But I’m very gratified to hear that a Data Protection Impact Assessment is being prepared and will be published and I think it would be very important to have a schedule on that — at least at some draft level — as obviously the technical details of the app are changing from day to day,” Edwards added.

We’ve reached out to the ICO to ask if it’s seen plans for the app or any data protection impact assessment now.

During the committee hearing, Gould was also pressed on what will happen to data sets uploaded to the central server once the app has been required. He said such data sets could be used for “research purposes”.

“There is the possibility of being able to use the data subsequently for research purposes,” he said. “We’ve said all along that the data from the app — the app will only be used for controlling the epidemic, for helping the NHS, public health and for research purposes. If we’re going to use data to ask people if we can keep their data for research purposes we will make that abundantly clear and they’ll have the choice on whether to do so.”

Gould followed up later in the session by adding that he didn’t envisage such data-sets being shared with the private sector. “This is data that will be probably under the joint data controllership of DHSC and NHS England and Improvement. I see no context in which it would be shared with the private sector,” he said, adding that UK law does already criminalize the reidentification of anonymized data.

“There are a series of protections that are in place and I would be very sorry if people started talking about sharing this data with the private sector as if it was a possibility. I don’t see it as a possibility.”

In another exchange during the session Gould told the committee the app will not include any facial recognition technology. Although he was unable to entirely rule out some role for the tech in future public health-related digital coronavirus interventions, such as related to certification of immunity.

from Apple – TechCrunch https://ift.tt/2YcsM6d