Tech With Viral

Friday, 19 June 2020

French court slaps down Google’s appeal against $57M GDPR fine

France’s top court for administrative law has dismissed Google’s appeal against a $57M fine issued by the data watchdog last year for not making it clear enough to Android users how it processes their personal information.

The State Council issued the decision today, affirming the data watchdog CNIL’s earlier finding that Google did not provide “sufficiently clear” information to Android users — which in turn meant it had not legally obtained their consent to use their data for targeted ads.

“Google’s request has been rejected,” a spokesperson for the Conseil D’Etat confirmed to TechCrunch via email.

“The Council of State confirms the CNIL’s assessment that information relating to targeting advertising is not presented in a sufficiently clear and distinct manner for the consent of the user to be validly collected,” the court also writes in a press release [translated with Google Translate] on its website.

It found the size of the fine to be proportionate — given the severity and ongoing nature of the violations.

Importantly, the court also affirmed the jurisdiction of France’s national watchdog to regulate Google — at least on the date when this penalty was issued (January 2019).

The CNIL’s multimillion dollar fine against Google remains the largest to date against a tech giant under Europe’s flagship General Data Protection Regulation (GDPR) — lending the case a certain symbolic value, for those concerned about whether the regulation is functioning as intended vs platform power.

While the size of the fine is still relative peanuts vs Google’s parent entity Alphabet’s global revenue, changes the tech giant may have to make to how it harvests user data could be far more impactful to its ad-targeting bottom line.

Under European law, for consent to be a valid legal basis for processing personal data it must be informed, specific and freely given. Or, to put it another way, consent cannot be strained.

In this case French judges concluded Google had not provided clear enough information for consent to be lawfully obtained.

It also objected to a pre-ticked checkbox — which it said does not meet the requirements of the GDPR.

So, tl;dr, the CNIL’s decision has been entirely vindicated.

Reached for comment on the court’s dismissal of its appeal, a Google spokeswoman sent us this statement:

People expect to understand and control how their data is used, and we’ve invested in industry-leading tools that help them do both. This case was not about whether consent is needed for personalised advertising, but about how exactly it should be obtained. In light of this decision, we will now review what changes we need to make.

GDPR came into force in 2018, updating long standing European data protection rules and opening up the possibility of supersized fines of up to 4% of global annual turnover.

However actions against big tech have largely stalled, with scores of complaints being funnelled through Ireland’s Data Protection Commission — on account of a one-stop-shop mechanism in the regulation — causing a major backlog of cases. The Irish DPC has yet to issue decisions on any cross border complaints, though it has said its first ones are imminent — on complaints involving Twitter and Facebook.

Ireland’s data watchdog is also continuing to investigate a number of complaints against Google, following a change Google announced to the legal jurisdiction of where it processes European users’ data — moving them to Google Ireland Limited, based in Dublin, which it said applied from January 22, 2019 — with ongoing investigations by the Irish DPC into a long running complaint related to how Google handles location data and another major probe of its adtech, to name two.

On the GDPR one-stop shop mechanism — and, indirectly, the wider problematic issue of ‘forum shopping’ and European data protection regulation — the French State Council writes: “Google believed that the Irish data protection authority was solely competent to control its activities in the European Union, the control of data processing being the responsibility of the authority of the country where the main establishment of the data controller is located, according to a ‘one-stop-shop’ principle instituted by the GDPR. The Council of State notes however that at the date of the sanction, the Irish subsidiary of Google had no power of control over the other European subsidiaries nor any decision-making power over the data processing, the company Google LLC located in the United States with this power alone.”

In its own statement responding to the court’s decision, the CNIL also notes its view that GDPR’s one-stop-shop mechanism was not applicable in this case — writing that: “It did so by applying the new European framework as interpreted by all the European authorities in the guidelines of the European Data Protection Committee.”

Privacy NGO noyb — one of the privacy campaign groups which lodged the original ‘forced consent’ complaint against Google, all the way back in May 2018 — welcomed the court’s decision on all fronts, including the jurisdiction point.

Commenting in a statement, noyb’s honorary chairman, Max Schrems, said: “It is very important that companies like Google cannot simply declare themselves to be ‘Irish’ to escape the oversight by the privacy regulators.”

A key question is whether CNIL — or another (non-Irish) EU DPA — will be found to be competent to sanction Google in future, following it’s shift to naming Google Ireland as their data processor.

On the wider ruling, Schrems added: “This decision requires substantial improvements by Google. Their privacy policy now really needs to make it crystal clear what they do with users’ data. Users must also get an option to agree to only some parts of what Google does with their data and refuse other things.”

French digital rights group, La Quadrature du Net — which had filed a related complaint against Google, feeding the CNIL’s investigation — also declared victory today, noting it’s the first sanction in a number of GDPR complaints it has lodged against tech giants on behalf of 12,000 citizens.

Nouvelle victoire !

Le @Conseil_Etat valide intégralement, en la reprenant à son compte, la sanction de 50 millions d'€ contre Google prononcée en janvier 2019 par la CNIL.https://t.co/6gJRL5ZM3r

— La Quadrature du Net (@laquadrature) June 19, 2020

“The rest of the complaints against Google, Facebook, Apple and Microsoft are still under investigation in Ireland. In any case, this is what his authority promises us,” it adds in another tweet.

from Android – TechCrunch https://ift.tt/3dekvCz
via IFTTT

Oracle’s BlueKai tracks you across the web. That data spilled online

Have you ever wondered why online ads appear for things that you were just thinking about?

There’s no big conspiracy. Ad tech can be creepily accurate.

Tech giant Oracle is one of a few companies in Silicon Valley that has near-perfected the art of tracking people across the internet. The company has spent a decade and billions of dollars buying startups to build its very own panopticon of users’ web browsing data.

One of those startups, BlueKai, which Oracle bought for a little over $400 million in 2014, is barely known outside marketing circles, but it amassed one of the largest banks of web tracking data outside of the federal government.

BlueKai uses website cookies and other tracking tech to follow you around the web. By knowing which websites you visit and which emails you open, marketers can use this vast amount of tracking data to infer as much about you as possible — your income, education, political views, and interests to name a few — in order to target you with ads that should match your apparent tastes. If you click, the advertisers make money.

But for a time, that web tracking data was spilling out onto the open internet because a server was left unsecured and without a password, exposing billions of records for anyone to find.

Security researcher Anurag Sen found the database and reported his finding to Oracle through an intermediary — Roi Carthy, chief executive at cybersecurity firm Hudson Rock and former TechCrunch reporter.

TechCrunch reviewed the data and found names, home addresses, email addresses and other identifiable data in the database. The data also revealed sensitive users’ web browsing activity — from purchases to newsletter unsubscribes.

“There’s really no telling how revealing some of this data can be,” said Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation, told TechCrunch.

“Oracle is aware of the report made by Roi Carthy of Hudson Rock related to certain BlueKai records potentially exposed on the Internet,” said Oracle spokesperson Deborah Hellinger. “While the initial information provided by the researcher did not contain enough information to identify an affected system, Oracle’s investigation has subsequently determined that two companies did not properly configure their services. Oracle has taken additional measures to avoid a reoccurrence of this issue.”

Oracle did not name the companies or say what those additional measures were, and declined to answer our questions or comment further.

But the sheer size of the exposed database makes this one of the largest security lapses this year.

The more it knows

BlueKai relies on vacuuming up a never-ending supply of data from a variety of sources to understand trends to deliver the most precise ads to a person’s interests.

Marketers can either tap into Oracle’s enormous bank of data, which it pulls in from credit agencies, analytics firms, and other sources of consumer data including billions of daily location data points, in order to target their ads. Or marketers can upload their own data obtained directly from consumers, such as the information you hand over when you register an account on a website or when you sign up for a company’s newsletter.

But BlueKai also uses more covert tactics like allowing websites to embed invisible pixel-sized images to collect information about you as soon as you open the page — hardware, operating system, browser and any information about the network connection.

This data — known as a web browser’s “user agent” — may not seem sensitive, but when fused together it can create a unique “fingerprint” of a person’s device, which can be used to track that person as they browse the internet.

BlueKai can also tie your mobile web browsing habits to your desktop activity, allowing it to follow you across the internet no matter which device you use.

Say a marketer wants to run a campaign trying to sell a new car model. In BlueKai’s case, it already has a category of “car enthusiasts” — and many other, more specific categories — that the marketer can use to target with ads. Anyone who’s visited a car maker’s website or a blog that includes a BlueKai tracking pixel might be categorized as a “car enthusiast.” Over time that person will be siloed into different categories under a profile that learns as much about you to target you with those ads.

(Sources: DaVooda, Filborg/Getty Images; Oracle BlueKai)

The technology is far from perfect. Harvard Business Review found earlier this year that the information collected by data brokers, such as Oracle, can vary wildly in quality.

But some of these platforms have proven alarmingly accurate.

In 2012, Target mailed maternity coupons to a high school student after an in-house analytics system figured out she was pregnant — before she had even told her parents — because of the data it collected from her web browsing.

Some might argue that’s precisely what these systems are designed to do.

Jonathan Mayer, a science professor at Princeton University, told TechCrunch that BlueKai is one of the leading systems for linking data.

“If you have the browser send an email address and a tracking cookie at the same time, that’s what you need to build that link,” he said.

The end goal: the more BlueKai collects, the more it can infer about you, making it easier to target you with ads that might entice you to that magic money-making click.

But marketers can’t just log in to BlueKai and download reams of personal information from its servers, one marketing professional told TechCrunch. The data is sanitized and masked so that marketers never see names, addresses or any other personal data.

As Mayer explained: BlueKai collects personal data; it doesn’t share it with marketers.

‘No telling how revealing’

Behind the scenes, BlueKai continuously ingests and matches as much raw personal data as it can against each person’s profile, constantly enriching that profile data to make sure it’s up to date and relevant.

But it was that raw data spilling out of the exposed database.

TechCrunch found records containing details of private purchases. One record detailed how a German man, whose name we’re withholding, used a prepaid debit card to place a €10 bet on an esports betting site on April 19. The record also contained the man’s address, phone number and email address.

Another record revealed how one of the largest investment holding companies in Turkey used BlueKai to track users on its website. The record detailed how one person, who lives in Istanbul, ordered $899 worth of furniture online from a homeware store. We know because the record contained all of these details, including the buyer’s name, email address and the direct web address for the buyer’s order, no login needed.

We also reviewed a record detailing how one person unsubscribed from an email newsletter run by an electronics consumer, sent to his iCloud address. The record showed that the person may have been interested in a specific model of car dash-cam. We can even tell based on his user agent that his iPhone was out of date and needed a software update.

The more BlueKai collects, the more it can infer about you, making it easier to target you with ads that might entice you to that magic money-making click.

The data went back for months, according to Sen, who discovered the database. Some logs dated back to August 2019, he said.

“Fine-grained records of people’s web-browsing habits can reveal hobbies, political affiliation, income bracket, health conditions, sexual preferences, and — as evident here — gambling habits,” said the EFF’s Cyphers. “As we live more of our lives online, this kind of data accounts for a larger and larger portion of how we spend our time.”

Oracle declined to say if it informed those whose data was exposed about the security lapse. The company also declined to say if it had warned U.S. or international regulators of the incident.

Under California state law, companies like Oracle are required to publicly disclose data security incidents, but Oracle has not to date declared the lapse. When reached, a spokesperson for California’s attorney general’s office declined to say if Oracle had informed the office of the incident.

Under Europe’s General Data Protection Regulation, companies can face fines of up to 4% of their global annual turnover for flouting data protection and disclosure rules.

Trackers, trackers everywhere

BlueKai is everywhere — even when you can’t see it.

One estimate says BlueKai tracks over 1% of all web traffic — an unfathomable amount of daily data collection — and tracks some of the world’s biggest websites: Amazon, ESPN, Forbes, Glassdoor, Healthline, Levi’s, MSN.com, Rotten Tomatoes, and The New York Times. Even this very article has a BlueKai tracker because our parent company, Verizon Media, is a BlueKai partner.

But BlueKai is not alone. Nearly every website you visit contains some form of invisible tracking code that watches you as you traverse the internet.

As invasive as it is that invisible trackers are feeding your web browsing data to a gigantic database in the cloud, it’s that very same data that has kept the internet largely free for so long.

To stay free, websites use advertising to generate revenue. The more targeted the advertising, the better the revenue is supposed to be.

While the majority of web users are not naive enough to think that internet tracking does not exist, few outside marketing circles understand how much data is collected and what is done with it.

Take the Equifax data breach in 2017, which brought scathing criticism from lawmakers after it collected millions of consumers’ data without their explicit consent. Equifax, like BlueKai, relies on consumers skipping over the lengthy privacy policies that govern how websites track them.

In any case, consumers have little choice but to accept the terms. Be tracked or leave the site. That’s the trade-off with a free internet.

But there are dangers with collecting web-tracking data on millions of people.

“Whenever databases like this exist, there’s always a risk the data will end up in the wrong hands and in a position to hurt someone,” said Cyphers.

Cyphers said the data, if in the hands of someone malicious, could contribute to identity theft, phishing or stalking.

“It also makes a valuable target for law enforcement and government agencies who want to piggyback on the data gathering that Oracle already does,” he said.

Even when the data stays where it’s intended, Cyphers said these vast databases enable “manipulative advertising for things like political issues or exploitative services, and it allows marketers to tailor their messages to specific vulnerable populations,” he said.

“Everyone has different things they want to keep private, and different people they want to keep them private from,” said Cyphers. “When companies collect raw web browsing or purchase data, thousands of little details about real people’s lives get scooped up along the way.”

“Each one of those little details has the potential to put somebody at risk,” he said.

Send tips securely over Signal and WhatsApp to +1 646-755-8849.

from iPhone – TechCrunch https://ift.tt/3dinbiP

It’s not just about e-mail, stupid

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines.

Your humble Equity team is pretty tired but in good spirits, as there was a lot to talk about this week. But, first, three things to start us off:

First: Read this piece from TechCrunch’s Megan Rose Dickey about Juneteenth and tech companies. This podcast is going out on Juneteenth, so before you hit play, please take a minute to learn more about the day and its significance.
Second: Danny and Arman from the TechCrunch team have finally launched TechCrunch List, a huge effort to determine which investors are really willing to write early checks. You can find out more here.
Third: Equity is now on Twitter. Follow us here or understand that you are not cool.

All that said, here’s what we talked about on the show:

Epic Games is looking to raise a huge stack of cash (Bloomberg, VentureBeat) at a new, higher valuation. We were curious about how its lower-cut store could help it gain inroads with developers big and small. That part of the chat, the take-rate of the Fortnite parent company on the work of others was very cogent to the other main topic of the day:
Apple vs. DHH. So Hey launched this week, and the new spin on email quickly overshadowed its product launch by getting into a spat with Apple about whether it needs to add the ability to sign up for the paid service on iOS, thus giving Apple a cut of its revenue. DHH and crew do not agree. Apple is under fire for anti-competitive practices at home and abroad — of varying intensity, and from different sources — making this all the more spicy.
Upgrade raises $40 million for its credit-focused neobank.
Degreed raises $32 million for its upskilling platform.
And, at the end, our take on the current health of the startup market. There have been a sheaf of reports lately about what is going on in startup land. We gave our take.

And that’s that. Have a lovely weekend and catch up on some sleep.

Equity drops every Friday at 6:00 am PT, so subscribe to us on Apple Podcasts, Overcast, Spotify and all the casts.

from Apple – TechCrunch https://ift.tt/2N9gqoM

How Reliance Jio Platforms became India’s biggest telecom network

It’s raised $5.7 billion from Facebook. It’s taken $1.5 billion from KKR, another $1.5 billion from Vista Equity Partners, $1.5 billion from Saudi Arabia’s Public Investment Fund, $1.35 billion from Silver Lake, $1.2 billion from Mubadala, $870 million from General Atlantic, $750 million from Abu Dhabi Investment Authority, $600 million from TPG, and $250 million from L Catterton.

And it’s done all that in just nine weeks.

India’s Reliance Jio Platforms is the world’s most ambitious tech company. Founder Mukesh Ambani has made it his dream to provide every Indian with access to affordable and comprehensive telecommunications services, and Jio has so far proven successful, attracting nearly 400 million subscribers in just a few years.

The unparalleled growth of Reliance Jio Platforms, a subsidiary of India’s most-valued firm (Reliance Industries), has shocked rivals and spooked foreign tech companies such as Google and Amazon, both of which are now reportedly eyeing a slice of one of the world’s largest telecom markets.

What can we learn from Reliance Jio Platforms’s growth? What does the future hold for Jio and for India’s tech startup ecosystem in general?

Through a series of reports, Extra Crunch is going to investigate those questions. We previously profiled Mukesh Ambani himself, and in today’s installment, we are going to look at how Reliance Jio went from a telco upstart to the dominant tech company in four years.

India’s richest man built a telecom operator everyone wants a piece of

The birth of a new empire

Months after India’s richest man, Mukesh Ambani, launched his telecom network Reliance Jio, Sunil Mittal of Airtel — his chief rival — was struggling in public to contain his frustration.

That Ambani would try to win over subscribers by offering them free voice calling wasn’t a surprise, Mittal said at the World Economic Forum in January 2017. But making voice calls and the bulk of 4G mobile data completely free for seven months clearly “meant that they have not gotten the attention they wanted,” he said, hopeful the local regulator would soon intervene.

This wasn’t the first time Ambani and Mittal were competing directly against each other: in 2002, Ambani had launched a telecommunications company and sought to win the market by distributing free handsets.

In India, carrier lock-in is not popular as people prefer pay-as-you-go voice and data plans. But luckily for Mittal in their first go around, Ambani’s journey was cut short due to a family feud with his brother — read more about that here.

from Apple – TechCrunch https://ift.tt/2ARGXEr

Thursday, 18 June 2020

Daily Crunch: Twitter rolls out audio tweets

Twitter tries to make audio tweets a thing, the U.K. backtracks on its contact-tracing app and Apple’s App Store revenue share is at the center of a new controversy.

Here’s your Daily Crunch for June 18, 2020.

1. Twitter begins rolling out audio tweets on iOS

Twitter is rolling out audio tweets, which do exactly what you’d expect — allow users to share thoughts in audio form. The feature will only be available to some iOS users for now, though the company says all iOS users should have access “in the coming weeks.” (No word on an Android or web rollout yet.)

This feature potentially allows for much longer thoughts than a 280-character tweet. Individual audio clips will be limited to 140 seconds, but if you exceed the limit, a new tweet will be threaded beneath the original.

2. UK gives up on centralized coronavirus contacts-tracing app — switches to testing model backed by Apple and Google

The U.K.’s move to abandon the centralized approach and adopt a decentralized model is hardly surprising, but the time it’s taken the government to arrive at the obvious conclusion does raise some major questions over its competence at handling technology projects.

3. Apple doubles down on its right to profit from other businesses

Apple this week is getting publicly dragged for digging in its heels over its right to take a cut of subscription-based transactions that flow through its App Store. This is not a new complaint, but one that came to a head this week over Apple’s decision to reject app updates from Basecamp’s newly launched subscription-based email app called Hey.

4. Payfone raises $100M for its mobile phone-based digital verification and ID platform

Payfone has built a platform to identify and verify people using data (but not personal data) gleaned from your mobile phone. CEO Rodger Desai said the plan for the funding is to build more machine learning into the company’s algorithms, expand to 35 more geographies and to make strategic acquisitions to expand its technology stack.

5. Superhuman’s Rahul Vohra says recession is the ‘perfect time’ to be aggressive for well-capitalized startups

We had an extensive conversation with Vohra as part of Extra Crunch Live, also covering why the email app still has more than 275,000 people on its wait list. (Extra Crunch membership required.)

6. Stockwell, the AI-vending machine startup formerly known as Bodega, is shutting down July 1

Founded in 2017 by ex-Googlers, the AI vending machine startup formerly known as Bodega first raised blood pressures — people hated how it was referenced and poorly “disrupted” mom-and-pop shops in one fell swoop — and then raised a lot of money. But ultimately, it was no match for COVID-19 and how it reshaped our lifestyles.

7. Apply for the Startup Battlefield

With TechCrunch Disrupt going virtual, this is your chance to get featured in front of our largest audience ever. The post says you’ve only got 72 hours left, but the clock has been ticking since then — the deadline is 11:59pm Pacific tomorrow, June 19. So get on it!

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

from Android – TechCrunch https://ift.tt/3hGb1nf
via IFTTT

Interview: Apple’s Schiller says position on Hey app is unchanged and no rules changes are imminent

In a brief call today about Basecamp’s Hey email app from the iOS App Store, Apple’s Phil Schiller told me that there would currently be no changes to its rules that would allow the app to continue to be offered.

“Sitting here today, there’s not any changes to the rules that we are considering,” Schiller said. “There are many things that they could do to make the app work within the rules that we have. We would love for them to do that.”

The call came after several days of public scrutiny of Apple’s handling of the Hey app. After an initial approval, the developers at Basecamp, including two of its founders, David Heinemeier Hansson and Jason Fried, took to Twitter to note that an update had been repeatedly rejected, with the core of the argument being that they were not offering an in-app purchase for the full service in addition to offering it on the Hey website.

The current experience of the Hey app as a user downloading it from the App Store is that it does nothing. It is an app that requires you to subscribe to the Hey service on the web before it becomes useful.

“You download the app and it doesn’t work, that’s not what we want on the store,” says Schiller. This, he says, is why Apple requires in-app purchases to offer the same purchasing functionality as they would have elsewhere.

To be clear, this is against the App Store rules for most apps. The exceptions here are apps that are viewed as “readers” that only display external content of certain types, like music, books and movies — and apps that only offer bulk pricing options that are paid for by institutions or corporations rather than the end user.

Schiller is clear on our call that Hey does not fit these rules.

“We didn’t extend these exceptions to all software,” he notes about the “reader” type apps — examples of which include Netflix. “Email is not and has never been an exception included in this rule.”

In fact, Hey’s Mac App was rejected for the exact behavior for which the iOS app is being targeted. Schiller says that the iOS app’s original version was approved in error, and should never have shipped to the store.

The questions, then, really center around whether this should be the case, rather than is there some sort of arcane vision of the current App Store rules that would allow the Hey app to continue to be on the store.

I asked Schiller if this meant Apple felt entitled to a portion of the revenue of every business that had an app, regardless of whether that business was an iOS-first.

“I get why there’s a question here,” he says. “But that’s not what we’re doing.”

Schiller says that there are a number of decisions about how to charge customers that Basecamp could have made to make the app acceptable under current rules. He lists several, including charging different prices in the app and on the web, and offering a free version with additional functions.

But, he says, if you’re going to charge for it and it is a digital service, then Apple wants developers to use the in-app purchase mechanic and Apple payment system to ensure that users have a good experience in the app and that the payment system is secured.

One way that Hey could have gone, Schiller says, is to offer a free or paid version of the app with basic email reading features on the App Store, then separately offered an upgraded email service that worked with the Hey app on iOS on its own website. Schiller gives one more example: an RSS app that reads any feed, but also reads an upgraded feed that could be charged for on a separate site. In both cases, the apps would have functionality when downloaded on the store.

Other options are more familiar to many users, which includes a completely free app with an upsell that is also an in-app purchase.

Unfortunately, of course, the current rules would prevent Hey from advertising or even mentioning any upgraded service, and that would have to be marketed through off-app channels.

The ongoing debate around the issue is summed up well by Sarah Perez on TechCrunch yesterday and I encourage you to read that if you’re not up to date. And just today a story in the Times landed about Facebook’s gaming app having been rejected for rules five times. All of this brewing a perfect storm in advance of Apple’s WWDC conference aimed at developers and nearly day and date with the launch of an EU antitrust investigation.

I’ve been thinking hard about it myself, as someone who covers Apple extensively and has often been witness to the behind-the-scenes anxiety that developers have about whether Apple will reject an app from one moment to the next because of a personal interpretation of the App Store rules.

I think that, for me, it boils down to some simple observations. The fact is that Hey violates app store rules. Which means that the question is not “how can we contort those rules or squint enough to justify it” but instead “should those be the rules”?

As far as to why Apple would look at a situation like this and not see an obvious minefield, I believe that it internally thinks that it is doing the right and just thing. It built the platform, it deserves to profit from that platform which does contribute enormous economic impact to both digital and physical sectors. And there are indisputable security and privacy benefits to Apple controlling the payments platform.

And for those that would say “but surely it sees the optics!” I think that those people often underestimate the power of scale. Apple approves some 100,000 apps every week and the vast majority of rejections are for minor issues quickly fixed. That kind of scale can often bend perception on behalf of an organization and its guiding forces, because they see a vast calm sea with a few breakers — where the media is focused on the breakers alone.

Here’s how I feel about that, though, and where the blind spots may lie here.

There may be (and my back channel, and other people’s back channels, indicate that there is) a large ground swell of resentment and irritation with the App Store that goes un-expressed because people are afraid and need it to survive.
Sometimes the source of the criticism matters — Hansson may be annoying and vociferous and take a worst-motivations stance in his public comms, but change and self examination do not always originate with people who we consider to be our friends or allies. And it is twice as hard to apply the change that comes from people who are angry and seemingly unkind — but maybe right.

Call me naive, but I do feel that there is a superset of genuine, core values that Apple does apply to its business in a way that is genuinely unique among big corporations. I’m sure some people will disagree (read: many) but I’ve seen it first-hand in covering the company and in discussions (official and personal) with many, many, many of its executives and rank and file employees over the years. Much like John Gruber I find it hard to square the circle with finding a way forward here that sets aside “we are doing what is right” for “what is the right thing to do”?

Shortly before publishing this interview, Apple provided a letter to TechCrunch that was also sent to Fried and Hey.

The letter reiterates the reasons Apple says that Hey does not comply with current App Store policy. It reads, in part:

“Thank you for being an iOS app developer. We understand that Basecamp has developed a number of apps and many subsequent versions for the App Store for many years, and that the App Store has distributed millions of these apps to iOS users. These apps do not offer in-app purchase — and, consequently, have not contributed any revenue to the App Store over the last eight years. We are happy to continue to support you in your app business and offer you the solutions to provide your services for free — so long as you follow and respect the same App Store Review Guidelines and terms that all developers must follow.”

So for now, no thawing.

Full letter follows:

Hello Jason,

We are writing to let you know the appeal results for your app, HEY Email.

The App Review Board evaluated your app and determined that the rejection was valid. Your app does not comply with the App Store Review Guidelines detailed below. As you are aware, this is the reason your Hey Email app was rejected when it was submitted to the Mac App Store on June 11, 2020.

The HEY Email app is marketed as an email app on the App Store, but when users download your app, it does not work. Users cannot use the app to access email or perform any useful function until after they go to the Basecamp website for Hey Email and purchase a license to use the HEY Email app. This violates the following App Store Review Guidelines:

Guideline 3.1.1 – Business – Payments – In-App Purchase

If you want to unlock features or functionality within your app, you must use in-app purchase. Your app requires customers to purchase content, subscriptions, or features outside of the app, but those items are not available as in-app purchases within the app as required by the App Store Review Guidelines.

Guideline 3.1.3(a) – Business – Payments – “Reader” Apps

Reader apps may allow users to access previously purchased content and content subscriptions. Your mail app is not one of the content types allowed under this guideline for “Reader” apps (specifically: magazines, newspapers, books, audio, music, video, access to professional databases, VOIP, cloud storage, or approved services such as classroom management apps). Therefore, customers must be given the option to purchase access to features or functionality in your app using in-app purchase.

Guideline 3.1.3(b) – Business – Payments – Multiplatform Services

Apps that operate services across multiple platforms may allow users to access content, subscriptions, or features they have acquired in your app on other platforms or on your website, provided those items are also available as in-app purchases within the app. Your HEY Email app does not offer access to content, subscriptions, or features as in-app purchases within the app. In fact, the app does not function as an email app or for any purpose until the user goes to the Basecamp Hey Email website to start a free trial or purchase a separate license to use the app for its intended purpose.

Next Steps

To resolve this issue, please revise your app such that it does not violate any of the App Store Review Guidelines and terms.

There are a number of ways that you could revise your app or service to adhere to the App Store Review Guidelines. Customers who have previously purchased access to content, subscriptions, or features elsewhere may continue to access these items in your app, as long as new iOS customers are given the option to purchase access using in-app purchase as required by the App Store Review Guidelines.

If you would prefer not to offer users the option of in-app purchases, you could consider having the app function as marketed — an email client that works with standard IMAP and POP email accounts, where customers can optionally configure the Hey Email service as their preferred email service provider. This would allow the app to function as an email client without requiring an additional payment to use its features and functionality. Under this approach, what you sell on your website is clearly an email service separate from the function of your app as distributed on the App Store.

We are here as a resource as you explore these or other ideas to bring the Hey Email app within compliance of the App Store Review Guidelines and terms.

Thank you for being an iOS app developer. We understand that Basecamp has developed a number of apps and many subsequent versions for the App Store for many years, and that the App Store has distributed millions of these apps to iOS users. These apps do not offer in-app purchase — and, consequently, have not contributed any revenue to the App Store over the last eight years. We are happy to continue to support you in your app business and offer you the solutions to provide your services for free — so long as you follow and respect the same App Store Review Guidelines and terms that all developers must follow.

We hope to assist you in offering the Hey Email app on the App Store.

Sincerely,

App Review Board

from Apple – TechCrunch https://ift.tt/2BmcyxU