Opioid addiction treatment apps found sharing sensitive data with third parties

Several widely used opioid treatment recovery apps are accessing and sharing sensitive user data with third parties, a new investigation has found.

As a result of the COVID-19 pandemic and efforts to reduce transmission in the U.S, telehealth services and apps offering opioid addiction treatment have surged in popularity. This rise of app-based services comes as addiction treatment facilities face budget cuts and closures, which has seen both investor and government interest turn to telehealth as a tool to combat the growing addiction crisis.

While people accessing these services may have a reasonable expectation of privacy of their healthcare data, a new report from ExpressVPN’s Digital Security Lab, compiled in conjunction with the Opioid Policy Institute and the Defensive Lab Agency, found that some of these apps collect and share sensitive information with third parties, raising questions about their privacy and security practices.

The report studied 10 opioid treatment apps available on Android: Bicycle Health, Boulder Care, Confidant Health. DynamiCare Health, Kaden Health, Loosid, Pear Reset-O, PursueCare, Sober Grid, and Workit Health. These apps have been installed at least 180,000 times, and have received more than $300 million in funding from investment groups and the federal government.

Despite the vast reach and sensitive nature of these services, the research found that the majority of the apps accessed unique identifiers about the user’s device and, in some cases, shared that data with third parties.

Of the 10 apps studied, seven access the Android Advertising ID (AAID), a user-generated identifier that can be linked to other information to provide insights into identifiable individuals. Five of the apps also access the devices’ phone number; three access the device’s unique IMEI and IMSI numbers, which can also be used to uniquely identify a person’s device; and two access a users’ list of installed apps, which the researchers say can be used to build a “fingerprint” of a user to track their activities.

Many of the apps examined are also obtaining location information in some form, which when correlated with these unique identifiers, strengthens the capability for surveilling an individual person, as well as their daily habits, behaviors, and who they interact with. One of the methods the apps are doing this is through Bluetooth; seven of the apps request permission to make Bluetooth connections, which the researchers say is particularly worrying due to the fact this can be used to track users in real-world locations.

“Bluetooth can do what I call proximity tracking, so if you’re in the grocery store, it knows how long you’re in a certain aisle, or how close you are to someone else,” Sean O’Brien, principal researcher at ExpressVPN’s Digital Security Lab who led the investigation, told TechCrunch. “Bluetooth is an area that I’m pretty concerned about.”

Another major area of concern is the use of tracker SDKs in these apps, which O’Brien previously warned about in a recent investigation that revealed that hundreds of Android apps were sending granular user location data to X-Mode, a data broker known to sell location data to U.S. military contractors, and now banned from both Apple and Google’s app stores. SDKs, or software development kits, are bundles of code that are included with apps to make them work properly, such as collecting location data. Often, SDKs are provided for free in exchange for sending back the data that the apps collect.

“Confidentiality continues to be one of the major concerns that people cite for not entering treatment… existing privacy laws are totally not up to speed.” Jacqueline Seitz, Legal Action Center

While the researchers keen to point out that it does not categorize all usage of trackers as malicious, particularly as many developers may not even be aware of their existence within their apps, they discovered a high prevalence of tracker SDKs in seven out of the 10 apps that revealed potential data-sharing activity. Some SDKs are designed specifically to collect and aggregate user data; this is true even where the SDK’s core functionality is concerned.

But the researchers explain that an app, which provides navigation to a recovery center, for example, may also be tracking a user’s movements throughout the day and sending that data back to the app’s developers and third parties.

In the case of Kaden Health, Stripe — which is used for payment services within the app — can read the list of installed apps on a user’s phone, their location, phone number, and carrier name, as well as their AAID, IP address, IMEI, IMSI, and SIM serial number.

“An entity as large as Stripe having an app share that information directly is pretty alarming. It’s worrisome to me because I know that information could be very useful for law enforcement,” O’Brien tells TechCrunch. “I also worry that people having information about who has been in treatment will eventually make its way into decisions about health insurance and people getting jobs.”

The data-sharing practices of these apps are likely a consequence of these services being developed in an environment of unclear U.S. federal guidance regarding the handling and disclosure of patient information, the researchers say, though O’Brien tells TechCrunch that the actions could be in breach of 42 CFR Part 2, a law that outlines strong controls over disclosure of patient information related to treatment for addiction.

Jacqueline Seitz, a senior staff attorney for health privacy at Legal Action Center, however, said this 40-year-old law hasn’t yet been updated to recognize apps.

“Confidentiality continues to be one of the major concerns that people cite for not entering treatment,” Seitz told TechCrunch. “While 42 CFR Part 2 recognizes the very sensitive nature of substance use disorder treatment, it doesn’t mention apps at all. Existing privacy laws are totally not up to speed.

“It would be great to see some leadership from the tech community to establish some basic standards and recognize that they’re collecting super-sensitive information so that patients aren’t left in the middle of a health crisis trying to navigate privacy policies,” said Seitz.

Another likely reason for these practices is a lack of security and data privacy staff, according to Jonathan Stoltman, director at Opioid Policy Institute, which contributed to the research. “If you look at a hospital’s website, you’ll see a chief information officer, a chief privacy officer, or a chief security officer that’s in charge of physical security and data security,” he tells TechCrunch. “None of these startups have that.”

“There’s no way you’re thinking about privacy if you’re collecting the AAID, and almost all of these apps are doing that from the get-go,” Stoltman added.

Google is aware of ExpressVPN’s findings but has yet to comment. However, the report has been released as the tech giant prepares to start limiting developer access to the Android Advertising ID, mirroring Apple’s recent efforts to enable users to opt out of ad tracking.

While ExpressVPN is keen to make patients aware that these apps may violate expectations of privacy, it also stresses the central role that addiction treatment and recovery apps may play in the lives of those with opioid addiction. It recommends that if you or a family member used one of these services and find the disclosure of this data to be problematic, contact the Office of Civil Rights through Health and Human Services to file a formal complaint.

“The bottom line is this is a general problem with the app economy, and we’re watching telehealth become part of that, so we need to be very careful and cautious,” said O’Brien. “There needs to be disclosure, users need to be aware, and they need to demand better.”

Recovery from addiction is possible. For help, please call the free and confidential treatment referral hotline (1-800-662-HELP) or visit findtreatment.gov.

Read more:

• Location broker X-Mode continues to track users despite app store bans
• The truth about SDK integrations and their impact on developers
• Apple tells app developers to disclose or remove screen recording code – TechCrunch
• Google removes three Android apps for children over data collection violations

from Apple – TechCrunch https://ift.tt/3wrUgSS

Raylo nabs $11.5M to get more mobile users to lease and reuse

UK-based smartphone subscription startup Raylo has tucked $11.5 million in Series A funding into its top pocket, led by Octopus Ventures.

The equity round follows a debt raise last year — and brings Raylo’s total raised since being founded back in 2019 to $40M (in equity and debt). Its roster of investors to date also includes the Macquarie Group, Guy Johnson of Carphone Warehouse and the co-founders of Funding Circle.

The new funding will be used to charge up a subscription smartphone play that nudges consumers never to own their own mobile device — but just pay a monthly fee to lease a new or refurbished SIM-free device instead.

Raylo says it’s seen 10x YoY growth of customers and revenues, and plans to plough the Series A into accelerating its growth in the UK — including by doubling its headcount and further developing its tech. And while it suggests it’s entertaining the idea of a future global rollout it remains firmly UK focused for now.

Back Market raises $335M for its refurbished device marketplace, now valued at $3.2B

Consumers opting to get the latest smartphone hardware through Raylo will pay a lower cost than the full RRP for a device since they won’t actually own the hardware at the end of the contract.

Environmental considerations aside, that may be an increasingly important consideration, given the inflating price of premium handsets like the top-of-the-range iPhone which has broken $1,000 for a few years now.

Plus the fact that most consumers simply won’t shell out so much for a handset. Leasing and returning offers an alternative way for people to get to use such expensive high-end devices.

With Raylo, the leased mobile is typically returned after the end of the 12 or 24-month contract — with the returned device refurbished for reuse via a second (or third) leased life with another user.

End of life devices are recycled (by partners), per Raylo. So it’s touting a circular model that promotes sustainability via device usage longevity vs the more typical upgrade scenario, via a carrier, where a consumer may just toss their old unused handset into a drawer, wasting its further potential utility.

Albeit, many people do pass on old devices to other family members or even sell or trade them in. But Raylo claims there are an estimated 125M smartphones in unused ‘hibernation’ across the UK. So, the suggestion is, plenty of smartphone users don’t bother ensure their old handset gets a second life.

Raylo reckons each of its subscription leased device can be used by a total of three customers over 6-7 years – which, if achieved, would mean a lifespan that it says is almost 2x longer than the UK average (of 2.31 years).

To further the longevity goal, all the phones it supplies come with a free case and screen protector.

Users also need to weigh up whether they want to shell out for insurance too, though, since they need to make sure they don’t damage the leased handset or risk having to shell out for expensive repairs or a non-return fee. (Raylo sells its own flavor of device insurance to users as an optional extra which slightly bumps up the monthly cost.)

Raylo competes with carriers’ own device subscription plans, of course. But again the claim is it’s cheaper to lease its way — although that’s as it should be since the consumer doesn’t own the hardware at the end of the contract (so won’t automatically have anything of value they could sell or trade in elsewhere).

If a user doesn’t want (or fails) to return a device at the end of the contract they have to pay a non-return fee — which varies depending on the handset hardware and how long they’ve been paying for it. But the fee can stretch to over £600 at the premium end — after 12 months of use of a Samsung Galaxy S21 Ultra 5G with 512GB of storage or an iPhone 12 Pro Max, for example.

While consumers that want to continue using the same device rather than upgrading after their contract ends can opt to continue paying their usual monthly fees — with payments continuing up to a maximum of 36 months, after which the non-return fee drops to a token £1.

All Raylo’s leased devices come with a 24 month warranty, under which it says it will freely repair faults not related to user damage or accidents, or else supply a replacement device if the handset can’t be fixed.

Commenting on Raylo’s Series A in a statement, Tosin Agbabiaka, early-stage fintech investor at Octopus Ventures, said: “The subscription economy is rapidly transforming the way we access products and services — yet the smartphone, an individual’s most valuable device, is still locked behind a bundled, ownership-based model. This means most people are trapped in a buy-and-dispose cycle, with a steep financial and environmental costs.

“Raylo solves these problems by offering access to premium consumer devices at lower, subscription-based prices, helping to widen access to the latest technology. By repurposing its devices at the end of their cycle, Raylo is also the sustainable choice in this market and has built a product loved by its customers — the opportunity here is massive, and we believe that [co-founders] Karl [Gilbert], Richard [Fulton], and Jinden [Badesha] have the vision and depth of expertise to transform the way we all access our devices.”

A number of refurbished electronics businesses have been attracting investor attention in Europe in recent years where lawmakers are also considering right to repair legislation.

Recent fundings in the space include a $335M round for French refurbished device marketplace startup Back Market; a $71m round for Berlin-based Grover‘s subscription electronics business; and a $40.6M round for Finland-based Swappie, which refurbishes and sells secondhand iPhones, to name a few.

European lawmakers propose a ‘right to repair’ for mobiles and laptops

Fairphone’s new flagship, the 3+, costs just €70 as a modular upgrade

Refurbished electronics startup Refurbed raises $17M round, led by Evli Growth Partners

from iPhone – TechCrunch https://ift.tt/3hoCBXO

Kill the standard privacy notice

Leif-Nissen Lundbæk Contributor

Leif-Nissen Lundbæk is the co-founder and CEO of Xayn. He specializes in privacy-preserving AI.

Privacy is a word on everyone’s mind nowadays — even Big Tech is getting in on it. Most recently, Apple joined the user privacy movement with its App Tracking Transparency feature, a cornerstone of the iOS 14.5 software update. Earlier this year, Tim Cook even mentioned privacy in the same breath as the climate crisis and labeled it one of the top issues of the 21st century.

Apple’s solution is a strong move in the right direction and sends a powerful message, but is it enough? Ostensibly, it relies on users to get informed about how apps track them and, if they wish to, regulate or turn off the tracking. In the words of Soviet satirists Ilf and Petrov, “The cause of helping the drowning is in the drowning’s own hands.” It’s a system that, historically speaking, has not produced great results.

Today’s online consumer is drowning indeed — in the deluge of privacy policies, cookie pop-ups, and various web and app tracking permissions. New regulations just pile more privacy disclosures on, and businesses are mostly happy to oblige. They pass the information burden to the end user, whose only rational move is to accept blindly because reading through the heaps of information does not make sense rationally, economically or subjectively. To save that overburdened consumer, we have only one option: We have to kill the standard privacy notice.

A notice that goes unnoticed

Studies show that online consumers often struggle with standard-form notices. A majority of online users expect that if a company has published a document with the title “privacy notice” or “privacy policy” on its website, then it will not collect, analyze or share their personal information with third parties. At the same time, a similar majority of consumers have serious concerns about being tracked and targeted for intrusive advertising.

Online businesses and major platforms gear their privacy notices and other relevant data disclosures toward obtaining consent, not toward educating and explaining.

It’s a privacy double whammy. To get on the platform, users have to accept the privacy notice. By accepting it, they allow tracking and intrusive ads. If they actually read the privacy notice before accepting, that costs them valuable time and can be challenging and frustrating. If Facebook’s privacy policy is as hard to comprehend as German philosopher Immanuel Kant’s “Critique of Pure Reason,” we have a problem. In the end, the option to decline is merely a formality; not accepting the privacy policy means not getting access to the platform.

So, what use is the privacy notice in its current form? For companies, on the one hand, it legitimizes their data-processing practices. It’s usually a document created by lawyers, for lawyers without thinking one second about the interests of the real users. Safe in the knowledge that nobody reads such disclosures, some businesses not only deliberately fail to make the text understandable, they pack it with all kinds of silly or refreshingly honest content.

One company even claimed its users’ immortal souls and their right to eternal life. For consumers, on the other hand, the obligatory checkmark next to the privacy notice can be a nuisance — or it can lull them into a false sense of data security.

On the unlikely occasion that a privacy notice is so blatantly disagreeable that it pushes users away from one platform and toward an alternative, this is often not a real solution, either. Monetizing data has become the dominant business model online, and personal data ultimately flows toward the same Big Tech giants. Even if you’re not directly on their platforms, many of the platforms you are on work with Big Tech through plugins, buttons, cookies and the like. Resistance seems futile.

Building customer-first relationships in a privacy-first world is critical

A regulatory framework from another time

If companies are deliberately producing opaque privacy notices that nobody reads, maybe lawmakers and regulators could intervene and help improve users’ data privacy? Historically, this has not been the case. In pre-digital times, lawmakers were responsible for a multitude of pre-contractual disclosure mandates that resulted in the heaps of paperwork that accompany leasing an apartment, buying a car, opening a bank account or taking out a mortgage.

When it comes to the digital realm, legislation has been reactive, not proactive, and it lags behind technological development considerably. It took the EU about two decades of Google and one decade of Facebook to come up with the General Data Protection Regulation, a comprehensive piece of legislation that still does not rein in rampant data collection practices. This is just a symptom of a larger problem: Today’s politicians and legislators do not understand the internet. How do you regulate something if you don’t know how it works?

Many lawmakers on both sides of the Atlantic often do not understand how tech companies operate and how they make their money with user data — or pretend not to understand for various reasons. Instead of tackling the issue themselves, legislators ask companies to inform the users directly, in whatever “clear and comprehensible” language they see fit. It’s part laissez-faire, part “I don’t care.”

Thanks to this attitude, we are fighting 21st-century challenges — such as online data privacy, profiling and digital identity theft — with the legal logic of Ancient Rome: consent. Not to knock Roman law, but Marcus Aurelius never had to read the iTunes Privacy Policy in full.

Online businesses and major platforms, therefore, gear their privacy notices and other relevant data disclosures toward obtaining consent, not toward educating and explaining. It keeps the data flowing and it makes for great PR when the opportunity for a token privacy gesture appears. Still, a growing number of users are waking up to the setup. It is time for a change.

A call to companies to do the right thing

We have seen that it’s difficult for users to understand all the “legalese,” and they have nowhere to go even if they did. We have also noted lawmakers’ inadequate knowledge and motivation to regulate tech properly. It is up to digital businesses themselves to act, now that growing numbers of online users are stating their discontent and frustration. If data privacy is one of our time’s greatest challenges, it requires concerted action. Just like countries around the world pledged to lower their carbon emissions, enterprises must also band together and commit to protecting their users’ privacy.

So, here’s a plea to tech companies large and small: Kill your standard privacy notices! Don’t write texts that almost no user understands to protect yourselves against potential legal claims so that you can continue collecting private user data. Instead, use privacy notices that are addressed to your users and that everybody can understand.

And don’t stop there — don’t only talk the talk but walk the walk: Develop products that do not rely on the collection and processing of personal data. Return to the internet’s open-source, protocol roots, and deliver value to your community, not to Big Tech and their advertisers. It is possible, it is profitable and it is rewarding.

Who’s funding privacy tech?

from Apple – TechCrunch https://ift.tt/3dNzI0J

Nothing founder Carl Pei on Ear 1 and building a hardware startup from scratch

On July 27, hardware maker Nothing will debut its first product, wireless earbuds dubbed Ear 1. Despite releasing almost no tangible information about the product, the company has managed to generate substantial buzz around the launch — especially for an entry into the already-crowded wireless earbud market.

The hype, however, is real — and somewhat understandable. Nothing founder Carl Pei has a good track record in the industry — he was just 24 when he co-founded OnePlus in 2013. The company has done a canny job capitalizing on heightened expectations, meting out information about the product like pieces in a puzzle.

We spoke to Pei ahead of the upcoming launch to get some insight into Ear 1 and the story behind Nothing.

TC: I know there was a timing delay with the launch. Was that related to COVID-19 and supply chain issues?

CP: Actually, it was due to our design. Maybe you’ve seen the concept image of this transparent design. It turns out there’s a reason why there aren’t many transparent consumer tech products out there. It’s really, really hard to make it high quality. You need to ensure that everything inside looks just as good as the outside. So that’s where the team has been iterating, [but] you probably wouldn’t notice the differences between each iteration.

It could be getting the right magnets — as magnets are usually designed to go inside of a product and not be seen by the consumer — to figuring out the best type of gluing. You never have to solve that problem if you have a non-transparent product, but what kind of glue will keep the industrial design intact? I think the main issue has been getting the design ready. And we’re super, super close. Hopefully, it will be a product that people are really excited about when we launch.

So, there were no major supply chain issues?

Not for this product category. With true wireless earbuds, I think we’re pretty fine. No major issues. I mean, we had the issue that we started from zero — so no team and no partners. But step by step, we finally got here.

That seems to imply that you’re at least thinking ahead towards the other products. Have you already started developing them?

We have a lot of products in the pipeline. Earlier this year, we did a community crowdfunding round where we allocated $1.5 million to our community. That got bought up really quickly. But as part of that funding round, we had a deck with some of the products in development. Our products are code-named as Pokemon, so there are a lot of Pokemon on that slide [Editor’s note: The Ear 1 was “Aipom.”]. We have multiple categories that we’re looking at, but we haven’t really announced what those are.

Why were earbuds the right first step?

I think this market is really screaming for differentiation. If you look at true wireless today, I think after Apple came out with the AirPods, the entire market kind of followed. Everybody wears different clothes. This is something we wear for a large part of the day. Why wouldn’t people want different designs?

We’re working with Teenage Engineering — they’re super, super strong designers. I think true wireless is a place where we can really leverage that strength. Also, from a more rational business perspective, wireless earbuds is a super-fast growing product category. I think we’re going to reach 300 million units shipped worldwide this year for this category. And your first product category should be one with good business potential.

“Screaming for differentiation” is an interesting way to put it. When you look at AirPods and the rest of the industry, are aesthetics what the market primarily lacks? Is it features or is it purely stylistic?

If we take a take a step back and think about it from a consumer perspective, we feel like, as a whole, consumer tech is quite, quite boring. Kids used to want to become engineers and astronauts and all that. But if you look at what kids want to become today, they want to be TikTokers or YouTubers. Maybe it’s because technology isn’t as inspiring as before. We talked to consumers, and they don’t care as much as a couple of years ago either. If you look at what what brands are doing in their communication, it’s all about features and specs.

from Apple – TechCrunch https://ift.tt/3ymb5Qu

macOS Monterey’s public beta is live

Yesterday Apple unleashed a whole bunch of new public betas on the world: iOS 15, iPadOS 15 and watchOS 8. Today the company is back with another big software puzzle piece announced at WWDC in June.

Following three weeks of developer beta, the public beta version of macOS 12.0 Monterey is now live for download (i.e. has begun a rollout that often takes a little time to make its way to everyone).

Apple just released the first iOS 15 beta to everyone

Any beta version of an operating system comes with the usual caveats/caution against downloading it on your primary machine, but at very least, this ought to be sufficiently more stable than what first rolled out to developers in June. Listen, I’m not going to tell you how to live your life.

Image Credits: Brian Heater

I don’t always open these sorts of writeups with system compatibility, but it probably ought to be singled out for Monterey. After all, this is the first full new OS release since the company made the first Apple silicon Macs available last year. Naturally, it will be available for all of the systems sporting a first-party Apple processor.

Intel Macs are more of a grab bag, though support goes back for several years, in most cases.  A nod to Macrumors, who compiled the following list,

• iMac‌ – Late 2015 and later
• ‌iMac‌ Pro – 2017 and later
• ‌MacBook Air‌ – Early 2015 and later
• MacBook Pro – Early 2015 and later
• Mac Pro – Late 2013 and later
• Mac mini – Late 2014 and later
• MacBook – Early 2016 and later

The dates are shifted up by a year or so from the Big Sur compatibility break down, which makes some sense.

Okay, so what do you get if you bite the bullet and download today? The biggest changes come to Safari, FaceTime, along with the addition of the Universal Control feature that unifies peripherals across devices and Shortcuts, an iOS feature that will replace macOS mainstay, Automater.

Image Credits: Brian Heater

Some initial thoughts — Let’s start with Safari. The browser gets some key updates with every major macOS refresh, but this is one of the largest in recent memory. There was some concern following the keynote that the updates would only introduce confusion for many users. And certainly it’s true that people hate disruptions to their workflow – this is likely one of a handful of reasons I’ve never seriously concerned switching to Safari as a default every day browser. Change is hard, friends. Of course, change is also a necessary part of evolving. In either case, I haven’t been using Monterey intimately enough to offer something more definitive on the Safari experience.

There’s a pretty radical difference up front:

Image Credits: Brian Heater

It might not seem like much, but after so many generations of the task bar serving as the driving force, it’s admittedly a pretty bold change at the center of the browser. Your mileage will vary, of course, but the idea at the heart of it is tying the field to the individual tabs, rather than having it more of a constant presence. There’s more control of of the tabs, as well, in the form of Tab Groups, which allow you to essentially bookmark a bunch of sites together, so you can group them into things like Home and Work (assuming those ever become separate things again).

If you know anything about how Apple makes software, it shouldn’t come as any surprise that those groups get synced across devices via your Safari account. This is the kind of feature that could break either way for folks — it either means getting more organized or just creating a whole bunch of news groups of infinite tabs.

Image Credits: Apple

The additions to Facetime are a pretty welcome pandemic no-brainer. The biggest addition is a code a lot of third-parties attempted to crack over the past year, bringing the ability to stream movies and TV shows on FaceTime calls with friends, in order to watch together. Again, it’s a very pandemic-friendly product that will likely continue to have appeal, since teleconferencing certainly isn’t going anywhere.

Apple announces FaceTime updates

In addition to Apple products like TV+ and Music, it will work with a bunch of launch partners, including, Disney+, Hulu, HBO Max, NBA, Twitch, TikTok, MasterClass, ESPN+, Paramount+ and PlutoTV. The company is also opening its API to developers, because, honestly, this thing really needs YouTube and Netflix.

Image Credits: Brian Heater

Focus essentially builds on the existing Do Not Disturb feature, adding in the ability to create specific notification parameters. Apple offers some like Work and Sleep, by default, or you can create your own custom version, allowing some disturbances in and blocking others.

 

 

Image Credits: Apple

From a hardware perspective, Universal Control is probably the most interesting addition. The feature makes it possible to share wireless keyboards and mic/trackpads across compatible Macs and iPads. It’s not exactly a replacement for Sidecar, nor does it specifically build on that technology. Where Sidecar effectively turns an iPad into a second screen, Universal Control maintains the standard iPad functionality, albeit with a cursor that moves across devices. Both seem compelling for creatives and frequent travelers, but it will be interesting to see if one effectively cannibalizes the other.

Speaking of cross-device functionality, AirPlay to Mac is one of those features where you wonder why it took so long. Here you can share content from an iPhone or other Apple device directly on your big screen Mac. The computer can also serve as an Airplay speaker, casting music from that device onto the system.

Image Credits: Brian Heater

As mentioned above, the arrival of the Mac version of Shortcuts marks the beginning of the end for Automater. Apple will be keeping the app around for a while, as it gathers feedback from users. I do appreciate that change from the company’s standard policy of just ripping the band-aid off with new features. Automater was extremely versatile, but could be downright perplexing for the uninitiated. To get started, the company is offering a gallery (see: above) of shortcuts.

They range from basic OS tasks to things like “Make Gif,” which could could ultimately make some third-party Mac apps redundant.

 

Apple unveils macOS 12 Monterey

 

 

from Apple – TechCrunch https://ift.tt/3xc5Xyk

Months later, we’re still making sense of the Supreme Court’s API copyright ruling

Kin Lane Contributor

Kin Lane is Chief Evangelist at Postman, an API development platform with a user base of over 13 million software developers.

APIs, or application programming interfaces, make the digital world go round. Working behind the scenes to define the parameters by which software applications communicate with each other, APIs underpin every kind of app — social media, news and weather, financial, maps, video conferencing, you name it. They are critically important to virtually every enterprise organization and industry worldwide.

Given APIs’ ubiquity and importance, it’s understandable that all industry eyes were on the U.S. Supreme Court’s April 5 ruling in Google LLC v. Oracle America Inc., an 11-year-old case that addressed two core questions: Whether copyright protection extends to an API, and whether use of an API in the context of creating a new computer program constitutes fair use. Google lawyers had called it “the copyright case of the decade.”

I was one of 83 computer scientists — including five Turing Award winners and four National Medal of Technology honorees — who signed a Supreme Court amicus brief stating their opposition to the assertion that APIs are copyrightable, while also supporting Google’s right to fair use under the current legal definition.

We explained that the freedom to re-implement and extend existing APIs has been critical to technological innovation by ensuring competitors could challenge established players and advance the state of the art. “Excluding APIs from copyright protection has been essential to the development of modern computers and the Internet,” the brief said.

The Supreme Court ruling was a mixed bag that many observers are still parsing. In a 6-2 decision, justices sided with Google and its argument that the company’s copying of 11,500 lines of code from Oracle’s Java in the Android operating system was fair use. Great! At the same time, though, the court appeared to be operating under the assumption that APIs are copyrightable.

“Given the rapidly changing technological, economic and business-related circumstances, we believe we should not answer more than is necessary to resolve the parties’ dispute,” Justice Stephen Breyer wrote for the majority. “We shall assume, but purely for argument’s sake, that (the code) “falls within the definition of that which can be copyrighted.”

While it may take years to fully understand the ruling’s impact, it’s important to keep dissecting the issue now, as APIs only continue to become more essential as the pipes behind every internet-connected device and application.

The legal saga began when Google used Java APIs in developing Android. Google wrote its own implementation of the Java APIs, but in order to allow developers to write their own programs for Android, Google’s implementation used the same names, organization, and functionality as the Java APIs.

Oracle sued Google in U.S. District Court for the Northern District of California in August 2010, seven months after it closed its acquisition of Java creator Sun Microsystems, contending that Google had infringed Oracle’s copyright.

In May 2012, Judge William Alsup ruled that APIs are not subject to copyright because that would hamper innovation. Oracle appealed the ruling to the U.S. Court of Appeals, which reversed Judge Alsup in May 2014, finding that the Java APIs are copyrightable. However, he also sent the case back to the trial court to determine whether Google has a fair use defense.

A new District Court trial began in May 2016 on the fair use question. A jury found that Google’s implementation of the Java API was fair use. Oracle appealed, and the U.S. Court of Appeals in March 2018 again reversed the lower court. Google filed a petition with the Supreme Court in January 2019, receiving a hearing date in early 2020. However, lengthening the case’s torturous path through the courts even further, COVID-19 forced oral arguments to be postponed to last October. Finally, on April 5, the Supreme Court settled the matter.

Or did it?

“Supreme Court Leaves as Many Questions as It Answers in Google v. Oracle,” read a headline on law.com. The National Law Review said: “The Supreme Court sidestepped the fundamental IP issue — whether or not Oracle’s software code at the heart of the case is copyrightable.”

On one hand, I’m disappointed that the court’s ruling left even a hint of ambiguity about whether APIs are copyrightable. To be clear: APIs should be free of copyright, no ifs, ands or buts.

APIs provide structure, sequence, and organization for digital resources in the same way that a restaurant menu does for food. Imagine if Restaurant A, which serves burgers, fries, and shakes, couldn’t use the same words, as well as the ordering and organization of the words, on their menu as Restaurant B. A menu doesn’t represent a novel expression; rather, it is the ingredients, processes, and service that define a restaurant. Both burger places benefit from the shared concept of a menu and the shared knowledge among their consumers of what burgers, fries and shakes are. It is the execution of the menu that ultimately will set one restaurant apart from another.

Likewise, APIs are not intellectual property; they are the simply operational elements that are common, reusable, remixable, and able to be put into use in as many applications by as many developers as possible.

This pattern plays out over and over across many different sectors of our economy where APIs are being used, reused, and remixed to generate new kinds of applications, integrations or entirely new companies and products or services. Immense value is generated by the free, collective, collaborative and open evolution of APIs.

On the other hand, I’m pleased by the part of the Supreme Court ruling that widens the definition of fair use. I think that provides the scope needed to take the industry into its API future without too much friction.

I also believe the case will chill future attempts by other companies to engage in litigation over API copyright. In the end, the decade-long Google vs. Oracle case negatively affected Oracle’s image when it comes to the fast-growing API sector, and I suspect other companies will think twice before going to court.

Nevertheless, companies may want to be extra cautious about licensing their APIs using the widest possible license, applying a Creative Commons CC0 or CCY-BY to APIs built with tolls and specifications, such as Swagger, OpenAPI, and AsyncAPI.

Now that Google vs. Oracle is finally history, I feel that the API sector will remain as vibrant as ever. That’s excellent news for everybody.

from Android – TechCrunch https://ift.tt/2UjG3Kd
via IFTTT

Google update will allow digital Covid-19 vaccination cards and test results to be stored on Android devices

Google is making it possible to store digital versions of either Covid-19 test results or vaccination cards on users’ Android devices. The company on Wednesday announced it’s updating its Passes API, which will give developers at healthcare organizations, government agencies, and other organizations authorized by public health authorities the ability to create digital versions of tests and vaccination cards which can then be saved directly to the user’s device. The Passes API is typically used to store things like boarding passes, loyalty cards, gift cards, tickets and more to users’ Google Pay wallet. However, the Google Pay app in this case will not be required, Google says.

Instead, users without the Google Pay app will have the option to store the digital version of the Covid Card directly their device, where it’s accessible from a homescreen shortcut. Because Google is not retaining a copy of the card, anyone who needs to store the Covid Card on multiple devices will need to download it individually on each one from the healthcare provider or other organization’s app.

The cards themselves show the healthcare provider or organization’s logo and branding at the top, followed by the person’s name, date of birth, and other relevant information, like the vaccine manufacturer or date of shot or test. According to a support document, healthcare providers or organizations could alert users to the ability to download their card via email, text, or through a mobile website or app.

In an example photo, Google showed the Covid-19 Vaccination Card from Healthvana, a company that serves L.A. County, However, it didn’t provide any other information about which healthcare providers are interested in or planning to adopt the new technology. Reached for comment, Google says there are some other big partners and states in the pipeline, but it doesn’t have permission to share those names at this time. Over the next few weeks, some of these names will be released, we understand.

The Passes API update doesn’t mean Android users can immediately create digital versions of their Covid vaccination cards — something people have been taking pictures of as a means of backup or, unfortunately in some cases, laminating it. (That’s not advised, however, as the card is meant to be used again for recording booster shots.)

Rather, the update is about giving developers the ability to begin building tools to export the data they have in their own systems about people’s Covid tests and vaccinations to a local digital card on Android devices. To what extent these digital cards will become broadly available to end users will depend on developer adoption.

For the feature to work, the Android device needs to run Android 5 or later and it will need to be Play Protect certified, which is a licensing program that ensures the device is running real Google apps. Users will also need to set a lock screen on their device for additional security.

Google says the update will initially roll out in the U.S., followed by other countries.

The U.S. is behind other markets in making digital version of vaccination cards possible. Today, the EU’s Covid certificate, which shows an individual’s vaccination status, test results or recovery status from Covid-19, went live. The certificate (EUDCC) will be recognized by all EU members, and will aid with cross-border travel. Israel released a vaccine passport earlier this year that allows vaccinated people to show their “green pass” at places that require vaccinations. Japan aims to have vaccination passports ready by the end of July for international travel.

In the U.S., only a few states have active vaccine certification apps. Many others have either outright banned vaccine passports — which has become a politically loaded term — or are considering doing so.

Given this context, Google’s digital vaccination card is just that — a digital copy of a paper card. It’s not tied to any other government initiatives nor is it a “vaccine passport.”

from Android – TechCrunch https://ift.tt/3hnBDdf
via IFTTT