Google starts pulling unvetted Android apps that access call logs and SMS messages

Google is removing apps from Google Play that request permission to access call logs and SMS text message data but haven’t been manually vetted by Google staff.

The search and mobile giant said it is part of a move to cut down on apps that have access to sensitive calling and texting data.

Google said in October that Android apps will no longer be allowed to use the legacy permissions as part of a wider push for developers to use newer, more secure and privacy minded APIs. Many apps request access to call logs and texting data to verify two-factor authentication codes, for social sharing, or to replace the phone dialer. But Google acknowledged that this level of access can and has been abused by developers who misuse the permissions to gather sensitive data — or mishandle it altogether.

“Our new policy is designed to ensure that apps asking for these permissions need full and ongoing access to the sensitive data in order to accomplish the app’s primary use case, and that users will understand why this data would be required for the app to function,” wrote Paul Bankhead, Google’s director of product management for Google Play.

Any developer wanting to retain the ability to ask a user’s permission for calling and texting data has to fill out a permissions declaration.

Google will review the app and why it needs to retain access, and will weigh in several considerations, including why the developer is requesting access, the user benefit of the feature that’s requesting access, and the risks associated with having access to call and texting data.

Bankhead conceded that under the new policy, some use cases will “no longer be allowed,” rendering some apps obsolete.

So far, tens of thousands of developers have already submitted new versions of their apps either removing the need to access call and texting permissions, Google said, or have submitted a permissions declaration.

Developers with a submitted declaration have until March 9 to receive approval or remove the permissions. In the meantime, Google has a full list of permitted use cases for the call log and text message permissions, as well as alternatives.

The last two years alone has seen several high profile cases of Android apps or other services leaking or exposing call and text data. In late 2017, popular Android keyboard ai.type exposed a massive database of 31 million users, including 374 million phone numbers.

Another huge database exposed millions of call logs and SMS text messages

from Android – TechCrunch https://tcrn.ch/2ASigEJ
via IFTTT

Privacy campaigner Schrems slaps Amazon, Apple, Netflix, others with GDPR data access complaints

European privacy campaigner Max Schrems has filed a fresh batch of strategic complaints at tech giants, including Amazon, Apple, Netflix, Spotify and YouTube.

The complaints, filed via his non-profit privacy and digital rights organization, noyb, relate to how the services respond to data access requests, per regional data protection rules.

Article 15 of Europe’s General Data Protection Regulation (GDPR) provides for a right of access by the data subject to information held on them.

The complaints contend tech firms are structurally violating this right — having built automated systems to respond to data access requests which, after being tested by noyb, failed to provide the user with all the relevant information they are legally entitled to.

noyb tested eight companies in all, in eight different countries in Europe, and says it found none of the services provided a satisfactory response. It’s filed formal complaints with the Austrian Data Protection Authority against the eight, which also include music and podcast platform SoundCloud; sports streaming service DAZN; and video on-demand platform Flimmit.

The complaints have been filed on behalf of ten users, per Article 80 of the GDPR which enables data subjects to be represented by a non-profit association such as noyb.

Here’s its breakdown of the responses its tests received — including the maximum potential penalty each could be on the hook for if the complaints are stood up:

Two of the companies, DAZN and SoundCloud, failed to respond at all, according to noyb. While the rest responded with only partial data.

noyb points out that in addition to getting raw data users have the right to know the sources, recipients and purposes for which their information is being processed. But only Flimmit and Netflix provided any background information (though again still not full data) in response to the test requests.

“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” said Schrems in a statement. “In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”

We’ve reached out to the companies for comment on the complaints.

Last May, immediately after Europe’s new privacy regulation came into force, noyb lodged its first series of strategic complaints — targeted at what it dubbed “forced consent”, arguing that Facebook, Instagram, WhatsApp and Google’s Android OS do not give users a free choice to consent to processing their data for ad targeting, as consenting is required to use the service.

Investigations by a number of data protection authorities into those complaints remain ongoing.

from Apple – TechCrunch https://tcrn.ch/2FyCNSQ

Momo, Vietnam’s top payment app, lands big Series C investment led by Warburg Pincus

Fintech in Southeast Asia continues to pique the attention of global investors. Alibaba, Tencent and others have jumped into the region and deployed hundreds of millions of dollars, and now Warburg Pincus is joining them. The U.S-headquartered PE firm has led a Series C investment in Vietnam’s Momo, which claims to be the country’s largest mobile wallet company with 10 million downloads.

Momo already has some big-name investors; Standard Chartered led a $28 million round in 2016 while Goldman Sachs invested $5.7 million back in 2013.

The size of this new round isn’t being disclosed, but Pham Thanh Duc, CEO of M-Service — the parent company of Momo — said it is a record deal for an e-commerce or fintech startup in Vietnam. A lot of the biggest deals in Vietnam have been undisclosed, but one of the largest from last year was a $50 million-odd investment in e-commerce company Tiki from China’s JD.com which gives an indication of the size. The deal might even be as high as $100 million, that’s according to a Deal Street Asia report, although Pham declined to comment on the figure.

M-Service was founded over a decade ago, Momo is its take on digital payments in Vietnam, a market of nearly 100 million people, one-quarter of whom are aged under 25.

Momo started out offering digital payment via an e-wallet app. It has since expanded into utility bill payments and mobile top-up, as well as areas like movie tickets, airline flights and payment for goods and services at 100,000 payment points nationwide, including popular chains. The service recently began offering bill payment for loans, and Pham said it is developing a credit scoring system that will allow it to introduce financial services to users in partnership with financial institutions.

The playbook, he said, is very much based upon the success of Alibaba’s Alipay and Tencent’s WeChat Pay services in China, which went from payments to loans and investing and more.

While both of those Chinese internet giants have stepped into Southeast Asia with fintech investments in markets like Indonesia, Thailand and the Philippines, neither has entered Vietnam at this point. Pham said Momo has an ongoing dialogue with Alibaba, but there’s been no investment. Since neither Alibaba nor its fintech affiliate Ant Financial has an operating presence in Vietnam, he said the relationship is “just conversations” at this point. That’s certainly a pairing that is worth keeping an eye on as Alibaba aims to enlarge its presence in Southeast Asia, which — with a cumulative population of 600 million people, growing middle classes and rising internet access — is seen as a growth opportunity by Chinese tech companies.

Partner-wise, Momo works with the likes of Facebook and Google to provide payment for their services and it will soon begin working with Apple, Pham revealed.

While other businesses may be looking region-wide, Momo is not entertaining new market expansions at this point.

“For the next two to three years, we are still very focused on the domestic market,” Pham told TechCrunch in an interview. “There’s no short-term plan to expand to other countries [and] our main effort is focused on user base expansion in Vietnam.”

But, Pham said, he does expect that overseas players will enter Vietnam.

Grab Pay and GoPay [from ride-hailing duo Grab and Go-Jek) will come soon and even Alipay, but I think that for the last five years we have been the number one e-wallet provider,” he said. “We care much about competitors because we are leading the market… other players have had to imitate our model.”

Estimating that nearest-competitor ZaloPay, from Vietnam’s top chat app Zalo, may have around “one-tenth” of the user base Momo, Pham explained that he believes his company is around 12-18 months ahead of the competitor.

This new investment — which was led by a Warburg Pincus affiliate in Vietnam and closed last year — is aimed at fortifying that lead and grabbing a much larger slice of the Vietnamese population, which is tipped to rocket past 100 million by 2025.

from Apple – TechCrunch https://tcrn.ch/2HkhpTb

Twitter bug revealed some Android users’ private tweets

Twitter accidentally revealed some users’ “protected” (aka, private) tweets, the company disclosed this afternoon. The “Protect your Tweets” setting typically allows people to use Twitter in a non-public fashion. These users get to approve who can follow them and who can view their content. For some Android users over a period of several years, that may not have been the case – their tweets were actually made public as a result  of this bug.

The company says that the issue impacted Twitter for Android users who made certain account changes while the “Protect your Tweets” option was turned on.

For example, if the user had changed their account email address, the “Protect your Tweets” setting was disabled.

We’ve become aware of and fixed an issue where the “Protect your Tweets” setting was disabled on Twitter for Android. Those affected have been alerted and we’ve turned the setting back on for them. More here: https://t.co/0qM5B1S393

— Twitter Support (@TwitterSupport) January 17, 2019

Twitter tells TechCrunch that’s just one example of an account change that could have prompted the issue. We asked for other examples, but the company declined share any specifics.

What’s fairly shocking is how long this issue has been happening.

Twitter says that users may have been impacted by the problem if they made these accounts changes between November 3, 2014, and January 14, 2019 – the day the bug was fixed. 

The company has now informed those who were affected by the issue, and has re-enabled the “Protect your Tweets” setting if it had been disabled on those accounts. But Twitter says it’s making a public announcement because it “can’t confirm every account that may have been impacted.” (!!!)

The company explains to us it was only able to notify those people where it was able to confirm the account was impacted, but says it doesn’t have a complete list of impacted accounts. For that reason, it’s unable to offer an estimate of how many Twitter for Android users were affected in total.

This is a sizable mistake on Twitter’s part, as it essentially made content that users had explicitly indicated they wanted private available to the public. It’s unclear at this time if the issue will result in a GDPR violation and fine, as a result.

The one bright spot is that some of the impacted users may have noticed their account had become public because they would have received alerts – like notifications that people were following them without their direct consent. That could have prompted the user to re-enable the “protect tweets” setting on their own. But they may have chalked up the issue to user error or a small glitch, not realizing it was a system-wide bug.

“We recognize and appreciate the trust you place in us, and are committed to earning that trust every day,” wrote Twitter in a statement. “We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”

The company says it believes the issue is now fully resolved.

from Android – TechCrunch https://tcrn.ch/2SVMAFn
via IFTTT

Spotify launches Car View on Android to make using its app less dangerous behind the wheel

Spotify is making it easier to use its streaming app in the car, when the phone is connected to the vehicle over Bluetooth. The company today confirmed the launch of a new feature called “Car View,” which is a simplified version of the service’s Now Playing screen that includes larger fonts, bigger buttons, and no distractions from album art. In Car View, you’re only shown the track title and artist, so you can read the screen with just a glance.

The site 9to5Google was the first to spot the feature’s appearance in Spotify’s settings. However, some users have had the option for weeks in what had appeared to be a slow rollout or possibly a test, pre-launch.

Spotify this morning formally announced the launch of Car View in a post to its Community Forums.

The company says the feature is currently available only on Android devices, and only when the device is connected over Bluetooth.

When the phone connects, Car View is automatically enabled when your music or podcast starts playing.

Above: Car View in action; credit: 9to5Google

While Spotify already offers several in-car experiences through integrations with other apps like Google Maps, Waze, as well as through Android Auto, using the music app while behind the wheel has been very distracting and difficult.

I’ve personally found Spotify so dangerous to navigate while in the car, that I just won’t use it unless I set it up to stream before I drive. Or, in some cases, I’ll hand the phone to a passenger to control instead.

Given the difficulty with Spotify in the car, Car View’s lack of support for those who use the app over an AUX cable is a little disappointing.There’s no good reason why users should not be allowed to manually enable Car View from the Settings, if they choose. After all, it’s just a change to the user interface of a single view – and it’s been built!

Of course, manually toggling Car View on might not feel as seamless as the Bluetooth experience, but a feature like this could prevent accidents caused by people fiddling with their phone in the car. Hopefully, Spotify will make Car View more broadly accessible in time.

According to Spotify, once Car View is enabled, you can access your Library, tap to Browse, or use Search. While listening, you can use the seek bar to skip to another part of the song.

In the case that a passenger is controlling the music on your phone, they can temporarily disable Car View by way of the three dots menu. And if, for some reason, you don’t want to use Car View, the feature can be disabled in the Settings. (But keep it on, OK?)

Spotify also noted Car View supports landscape view, and will arrive on iOS in the future. It didn’t offer a time frame.

Car View officially launched on Android this week, and is now rolling out globally to all users.

 

from Android – TechCrunch https://tcrn.ch/2Hj0Pmm
via IFTTT

IBM and Vodafone form cloud, 5G and AI business venture and ink $550M service deal

IBM is one of the world’s biggest system integrators, but to get closer to where enterprises are actually doing their work, it’s been inking partnerships with companies that build devices and run the networks enterprises are using for their IT, and today comes the latest development on that front.

IBM is announcing a new venture with mobile carrier Vodafone, in a deal that will comes in two parts. First, IBM will supply Vodafone’s B2B unit Vodafone Business with managed services in the areas of cloud and hosting. And second, the two will together work on building and delivering solutions in areas like AI, cloud, 5G, IoT and software defined networking to enterprise customers.

The latter part of the deal appears to be a classic JV that will see both sides bringing something to the table — employees from both companies will be moving into a separate office together very soon that will essentially be “neutral” territory. The former part, meanwhile, will see Vodafone paying IBM some $550 million in an eight-year agreement.

That price tag alone is a strong indicator that this deal is a big one for both companies.

The agreement follows along the lines of what IBM inked with Apple several years ago, where the two would work together to develop enterprise solutions that would have been more challenging to do on their own.

Indeed, while IBM does provide systems integration services, it hasn’t moved as deeply into mobile-specific solutions for businesses, even as its other operational units — doing research and other work in AI, cloud, quantum computing and other areas — are making strong headway on specific projects, some of which involve mobile technology. Now that it’s nearly in full possession of RedHat — which it is in the process of buying for $34 billion, a deal that’s now received the approval of RedHat’s shareholders — it will also have open source cloud computing to add to that.

What the Vodafone deal will tap is taking more of those cutting-edge developments that IBM has built and worked on in specific projects, and productise them for a wider audience of businesses and other organisations, which might already be Vodafone customers.

“To deliver multi-cloud strategies in the real world, enterprises need to invest at many levels, ranging from cloud connectivity to cloud governance and management. This new venture between Vodafone and IBM addresses the ‘full stack’ of real-world multi-cloud concerns with a powerful combination of capabilities that should enable customers to deliver multi-cloud strategies in all layers of their organizations,” noted Carla Arend, senior program director for European software at IDC.

The Apple / IBM deal is more than instructive in this case; it will help fuel this new venture. From what I understand, several fruits of that labor will be making their way into the IBM / Vodafone deal, too, which makes sense, considering Vodafone’s position as a mobile carrier and the iPhone making some strong headway into the business market.

“IBM has built industry-leading hybrid cloud, AI and security capabilities underpinned by deep industry expertise,” said IBM Chairman, President and CEO Ginni Rometty in a statement. “Together, IBM and Vodafone will use the power of the hybrid cloud to securely integrate critical business applications, driving business innovation – from agriculture to next- generation retail.”

“Vodafone has successfully established its cloud business to help our customers succeed in a digital world,” said Vodafone CEO Nick Read, in the statement. “This strategic venture with IBM allows us to focus on our strengths in fixed and mobile technologies, whilst leveraging IBM’s expertise in multicloud, AI and services. Through this new venture we’ll accelerate our growth and deepen engagement with our customers while driving radical simplification and efficiency in our business.”

I’ve been told that the first joint “customer engagements” are already happening with an unnamed energy company. Thinking about what kinds of services Vodafone may be providing to end users today — they will cover mobile data and voice connectivity, mobile broadband, IoT and 5G services — this first deal will involve tapping all four, with an emphasis on 5G and IoT.

from Apple – TechCrunch https://tcrn.ch/2FD3Z26

Flutterwave and Visa launch African consumer payment service GetBarter

Jake Bright Contributor

Jake Bright is a writer and author in New York City. He is co-author of The Next Africa.

More posts by this contributor

• Harley Davidson reveals more about its push into electric vehicles
• Venture capital, global expansion, blockchain and drones characterize African tech in 2018

Fintech startup Flutterwave has partnered with Visa to launch a consumer payment product for Africa called GetBarter.

The app based offering is aimed at facilitating personal and small merchant payments within countries and across Africa’s national borders. Existing Visa card holders can send and receive funds at home or internationally on GetBarter.

The product also lets non card-holders (those with accounts or mobile wallets on other platforms) create a virtual Visa card to link to the app.  A Visa spokesperson confirmed the product partnership.

GetBarter allows Flutterwave—which has scaled as a payment gateway for big companies through its Rave product—to pivot to African consumers and traders.

“Rave is B2B, this is more B2B2C since we’re reaching the consumers of our customers,” Flutterwave CEO Olugbenga Agboola—aka GB—told TechCrunch.

The app also creates a network for clients on multiple financial platforms, such as Kenyan mobile money service M-Pesa, to make transfers across payment products, national borders, and to shop online.

“The target market is pretty much everyone who has a payment need in Africa. That includes the entire customer base of M-Pesa, the entire bank customer base in Nigeria, mobile money and bank customers in Ghana—pretty much the entire continent,” Agboola said.

Flutterwave and Visa will focus on building a GetBarter user base across mobile money and bank clients in Kenya, Ghana, and South Africa, with plans to grow across the continent and reach those off the financial grid.

“In phase one we’ll pursue those who are banked. In phase-two we’ll continue toward those who are unbanked who will be able to use agents to work with GetBarter,” Agboola said.

Flutterwave and Visa will generate revenue through fees from financial institutions on cards created and on fees per transaction. A GetBarter charge for a payment in Nigeria is roughly 40 Naira, or 11 cents, according to Agboola.

With this week’s launch users can download the app for Apple and Android devices and for use on WhatsApp and USSD.

Founded in 2016, Flutterwave has positioned itself as a global B2B payments solutions platform for companies in Africa to pay other companies on the continent and abroad. It allows clients to tap its APIs and work with Flutterwave developers to customize payments applications. Existing customers include Uber, Facebook, Booking.com, and African e-commerce unicorn Jumia.com.

Flutterwave has processed 100 million transactions worth $2.6 billion since inception, according to company data.

The company has raised $20 million from investors including Greycroft, Green Visor Capital, Mastercard, and Visa.

In 2018, Flutterwave was one of several African fintech companies to announce significant VC investment and cross-border expansion—see Paga, Yoco, Cellulant, Mines.ie, and  Jumo.

Flutterwave added operations in Uganda in June and raised a $10 million Series A round in October that saw former Visa CEO Joe Saunders join its board of directors.

The company also plugged into ledger activity in 2018, becoming a payment processing partner to the Ripple and Stellar blockchain networks.

Flutterwave hasn’t yet released revenue or profitability info, according to CEO Olugbenga Agboola.

Headquartered in San Francisco, with its largest operations center in Nigeria, the startup plans to add operations centers to South Africa and Cameroon, which will also become new markets for GetBarter.

from Android – TechCrunch https://tcrn.ch/2MdZFHB
via IFTTT