Google Play

Mobile games now account for 33% of installs, 10% of time and 74% of consumer spend

Posted by | Android, android apps, App Annie, app stores, app-store, Apps, games, Gaming, Google Play, iOS, iOS apps, Mobile | No Comments

Mobile gaming continues to hold its own, accounting for 10% of the time users spend in apps — a percentage that has remained steady over the years, even though our time in apps overall has grown by 50% over the past two years. In addition, games are continuing to grow their share of consumer spend, notes App Annie in a new research report out this week, timed with E3.

Thanks to growth in hyper-casual and cross-platform gaming in particular, mobile games are on track to reach 60% market share in consumer spend in 2019.

The new report looks at how much time users spend gaming versus using other apps, monetization and regional highlights within the gaming market, among other things.

Despite accounting for a sizable portion of users’ time, games don’t lead the other categories, App Annie says.

Instead, social and communications apps account for half (50%) of the time users spent globally in apps in 2018, followed by video players and editors at 15%, then games at 10%.

In the U.S., users generally have eight games installed per device; globally, we play an average of two to five games per month.

The number of total hours spent on games continues to grow roughly 10% year-over-year, as well, thanks to existing gamers increasing their time in games and from a broadening user base, including a large number of mobile app newcomers from emerging markets.

This has also contributed to a widening age range for gamers.

Today, the majority of time spent in gaming is by those aged 25 and older. In many cases, these players may not even classify themselves as “gamers,” App Annie noted.

While games may not lead the categories in terms of time spent, they do account for a large number of mobile downloads and the majority of consumer spending on mobile.

One-third of all worldwide downloads are games across iOS, Google Play and third-party app stores.

Last year, 1.6+ million games launched on Google Play and 1.1+ million arrived on iOS.

On Android, 74 cents of every dollar is spent on games, with 95% of those purchases coming as in-app purchases, not paid downloads. App Annie didn’t have figures for iOS.

Google Play is known for having more downloads than iOS, but continues to trail on consumer spend. In 2018, Google Play grabbed a 72% share of worldwide downloads, compared with 28% on iOS. Meanwhile, Google Play only saw 36% of consumer spend versus 64% on iOS.

One particular type of gaming jumped out in the new report: racing games.

Consumer spend in this subcategory of gaming grew 7.9 times as fast as the overall mobile gaming market. Adventure games did well, too, growing roughly five times the rate of games in general. Music games and board games were also popular.

Of course, gaming expands beyond mobile. But it’s surprising to see how large a share of the broader market can be attributed to mobile gaming.

According to App Annie, mobile gaming is larger than all other channels, including home game consoles, handheld consoles and computers (Mac and PC). It’s also 20% larger than all these other categories combined — a shift from only a few years ago, attributed to the growth in the mobile consumer base, which allows mobile gaming to reach more people.

Cross-platform gaming is a key gaming trend today, thanks to titles like PUBG and Fortnite in particular, which were among the most downloaded games across several markets last year.

Meanwhile, hyper-casual games are appealing to those who don’t think of themselves as gamers, which has helped to broaden the market further.

App Annie is predicting the next big surge will come from AR gaming, with Harry Potter: Wizards Unite expected to bring Pokémon Go-like frenzy back to AR, bringing the new title $100 million in its first 30 days. The game is currently in beta testing in select markets, with plans for a 2019 release.

In terms of regions, China’s impact on gaming tends to be outsized, but its growth last year was limited due to the game license regulations. This forced publishers to look outside the country for growth — particularly in markets like North America and Japan, App Annie said.

Meanwhile, India, Brazil, Russia and Indonesia lead the emerging markets with regard to game
downloads, but established markets of the U.S. and China remain strong players in terms of sheer numbers.

With the continued steady growth in consumer spend and the stable time spent in games, App Annie states the monetization potential for games is growing. In 2018, there were 1,900 games that made more than $5 million, up from 1,200 in 2016. In addition, consumer spend in many key markets is still growing too — like the 105% growth in two years in China, for example, and the 45% growth in the U.S.

The full report delves into other regions as well as game publishers’ user acquisition strategies. It’s available for download here.

Powered by WPeMatico

Aptoide, a Play Store rival, cries antitrust foul over Google hiding its app

Posted by | Android, antitrust, app-store, Apps, aptoide, China, competition, Developer, Europe, european commission, european union, Google, Google Play, huawei, online marketplaces, operating systems, play store, Portugal, TC | No Comments

As US regulators gear up to launch another antitrust probe of Google’s business, an alternative Android app store is dialling up its long time complaint of anti-competitive behavior against the search and smartphone OS giant.

Portugal-based Aptoide is launching a campaign website to press its case and call for Google to “Play Fair” — accusing Mountain View of squeezing consumer choice by “preventing users from freely choosing their preferred app store”.

Aptoide filed its first EU antitrust complaint against Google all the way back in 2014, joining a bunch of other complainants crying foul over how Google was operating Android.

And while the European Commission did eventually step in, slapping Google with a $5BN penalty for antitrust abuses last summer after a multi-year investigation, rivals continue to complain the Android maker still isn’t playing fair.

In the case of Aptoide, the alternative Android app store says Google has damaged its ability to compete by unjustifiably flagging its app as insecure.

“Since Summer 2018, Google Play Protect flags Aptoide as a harmful app, hiding it in users’ Android devices and requesting them to uninstall it. This results in a potential decrease of unique Aptoide users of 20%. Google Play Protect is Google’s built-in malware protection for Android, but we believe the way it works damages users’ rights,” it writes on the site, where it highlights what it claims are Google’s anti-competitive behaviors, and asks users to report experiences of the app being flagged.

Aptoide says Google has engaged in multiple behaviors that make it harder for it to gain or keep users — thereby undermining its ability to compete with Google’s own Play Store.

“In 2018, we had 222 million yearly active users. Last month (May’19), we had 56 million unique MAU,” co-founder and CEO Paulo Trezentos tells TechCrunch. “We estimate that the Google Play removal and flagging had cause the loss of 15% to 20% of our user base since June’18.”

(The estimate of how many users Aptoide has lost was performed using Google SafetyNet API which he says allows it to query the classification of an app.)

“Fortunately we have been able to compensate that with new users and new partnerships but it is a barrier to a faster growth,” he adds.

“The googleplayfair.com site hopes to bring visibility to this situation and help other start ups that may be under the same circumstances.”

Among the anti-competitive behaviors Aptoide accuses Google of engaging in are flagging and suspending its app from users’ phones — without their permission and “without a valid reason”.

“It hides Aptoide. User cannot see Aptoide icon and cannot launch. Even if they go to ‘settings’ and say they trust Aptoide, Aptoide installations are blocked,” he says. “If it looks violent, it’s because it’s a really aggressive move and impactful.”

Here’s the notification Aptoide users are shown when trying to override Google’s suspension of Aptoide at the package manager level:

Even if an Aptoide user overrides the warning — by clicking ‘keep app (unsafe)’ — Trezentos says the app still won’t work because Google blocks Aptoide from installing apps.

“The user has to go to Play Protect settings (discover it it’s not easy) and turn off Play protect for all apps.”

He argues there is no justification for Aptoide’s alternative app store being treated in this way.

“Aptoide is considered safe both by security researchers [citing a paper by Japanese security researchers] and by Virus Total (a company owned by Google),” says Trezentos, adding: “Google is removing Aptoide from users phone only due to anticompetitive practices. Doesn’t want anyone else as distribution channel in Android.”

On the website Aptoide has launched to raise awareness and inform users and other startups about how Google treats its app, it makes the claim that its store is “proven… 100% secure” — writing:

We would like to be treated in a fair way: Play Protect should not flag Aptoide as a harmful app and should not ask users to uninstall it since it’s proven that it’s 100% secure. Restricting options for users goes against the nature of the Android open source project [ref10]. Moreover, Google’s ongoing abusive behaviour due to it’s dominant position results in the lack of freedom of choice for users and developers.We would like to keep allowing users and developers to discover and distribute apps in the store of their choice. A healthy competitive market and a variety of options are what we all need to keep providing the best products.

Trezentos stands by the “100% secure” claim when we query it.

“We think that we have a safer approach. We call it  ‘security by design’: We don’t consider all apps secure in the same way. Each app has a badge depending on the reputation of the developer: Trusted, Unknown, Warning, Critical,” he says.

“We are almost 100% sure that apps with a trusted badge are safe. But new apps from new developers, [carry] more risk in spite of all the technology we have developed to detect it. They keep the badge ‘unknown‘ until the community vote it as trusted. This can take some weeks, it can take some months.”

“Of course, if our anti-malware systems detect problems, we classify it as ‘critical’ and the users don’t see it at all,” he adds.

Almost 100% secure then. But if Google’s counter claim to justify choking off access to Aptoide is that the app “can download potentially harmful apps” the same can very well be said of its Play Store. And Google certainly isn’t encouraging Android users to pause that.

On the competition front, Aptoide presents a clear challenge to Google’s Android revenues because it offers developers a more attractive revenue split — taking just 19%, rather than the 30% cut Google takes off of Play Store wares. (Aptoide couches the latter as “Google’s abusive conditions”.)

So if Android users can be persuaded to switch from Play to Aptoide, developers stand to gain — and arguably users too, as app costs would be lower.

While, on the flip side, Google faces its 30% cut being circumvented. Or else it could be forced to reduce how much it takes from developers to give them a greater incentive to stock its shelves with great apps.

As with any app store business, Aptoide’s store of course requires scale to function. And it’s exactly that scale which Google’s behavior has negatively impacted since it began flagging the app as insecure a year ago, in June 2018, squeezing the rival’s user-base by up to a fifth, as Aptoide tells it.

Trezentos says Google’s flagging of its app store affects all markets and “continues to this day” — despite a legal ruling in its favor last fall, when a court in Portugal ordered Google to stop removing Aptoide without users’ permission.

“Google is ignoring the injunction result and is disregarding the national court. No company, independently of the size, should be above court decisions. But it seems that is the case with Google,” he says.

“Our legal team believe that the decision applies to 82 countries but we are pursuing first the total compliance with the decision in Portugal. From there, we will seek the extension to other jurisdictions.”

“We tried to contact Google several times, via Google Play Protect feedback form and directly through LinkedIn, and we’ve not had any feedback from Google. No reasons were presented. No explanation, although we are talking about hiding Aptoide in millions of users’ phones,” he adds.

“Our point in court it’s simple: Google is using the control at operating system level to block competitors at the services level (app store, in this case). As Google has a dominant position, that’s not legal. Court [in Portugal] confirmed and order Google to stop. Google didn’t obey.”

Aptoide has not filed an antitrust complaint against Google in the US — focusing its legal efforts on that front on local submissions to the European Commission.

But Trezentos says it’s “willing to cooperate with US authorities and provide factual data that shows that Google has acted with anti-competitive behaviour” (although he says no one has come knocking to request such collaboration yet.)

In Europe, the Commission’s 2018 antitrust decision was focused on Android licensing terms — which led to Google tweaking the terms it offers Android OEMs selling in Europe last fall.

Despite some changes rivals continue to complain that its changes do not go far enough to create a level playing field for competition.

There has also not been any relief for Aptoide from the record breaking antitrust enforcement. On the contrary Google appears to have dug in against this competitive threat.

“The remedies are positive but the scope is very limited to OEM partnerships,” says Trezentos of the EC’s 2018 Android antitrust decision. “We proposed additionally that Google would be obliged to give the same access privileges over the operating system to credible competitors.”

We’ve reached out to the Commission for comment on Aptoide’s complaint.

While it’s at least technically possible for an OEM to offer an Android device in Europe which includes key Google services (like search and maps) but preloads an alternative app store, rather than Google Play, it would be a brave device maker indeed to go against the consumer grain and not give smartphone buyers the mainstream store they expect.

So, as yet, there’s little high level regulatory relief to help Aptoide. And it may take a higher court than a Portuguese national court to force Google to listen.

But with US authorities fast dialling up their scrutiny of Mountain View, Aptoide may find a new audience for its complaint.

“The increased awareness to Google practices is reaching the regulators,” Trezentos agrees, adding: “Those practices harm competition and in the end are bad for developers and mobile users.”

We reached out to Google with questions about its treatment of Aptoide’s rival app store — but at the time of writing the company had not responded with any comment. 

There have also been some recent rumors that Aptoide is in talks to supply its alternative app store for Huawei devices — in light of the US/China trade uncertainties, and the executive order barring US companies from doing business with the Chinese tech giant, which have led to reports that Google intends to withdraw key Android services like Play from the company.

But Trezentos pours cold water on these rumors, suggesting there has been no change of cadence in its discussions with Huawei.

“We work with three of top six mobile OEMs in the world. Huawei is not one of them yet,” he tells us. “Our Shengzhen office had been in conversations for some months and they are testing our APIs. This process has not been accelerated or delayed by the recent news.”

Powered by WPeMatico

Apple restricts ads and third-party trackers in iPhone apps for kids

Posted by | Android, app-store, Apple, Apps, computing, Google Play, iOS, iPhone, iTunes, privacy, smartphones, WWDC 2019 | No Comments

Apple has told developers to stop including third-party trackers in apps designed for kids — or they face having their apps pulled from the app store.

The tech giant quietly updated its guidelines for apps that are submitted to the app store’s kids category following the keynote address at its annual developer conference on Monday.

“Apps in the kids category may not include third-party advertising or analytics,” the new guidelines say. Previously, the guidelines only restricted behavioral advertising tracking.

Apple also currently prohibits apps in the kids category from including links that point outside the app or contain in-app purchasing.

Apple has come under fire for its recent marketing campaign claiming “what happens on your iPhone stays on your iPhone,”  which critics say is misleading. All too often apps include ads or tracking code that allows app makers to collect information about the device, including its location and other data, and send it back to base so companies can better target its users with ads, learn more about how you use the app, and more.

Just last week, the Washington Post found over 5,400 app trackers were uploading data from an iPhone over a single week — even at night when the phone owner was asleep.

As a TechCrunch investigation earlier this year found, some apps use so-called session replay technology, a kind of analytics software that records the screen when an app is open. Apps built by Expedia, Hollister and Hotels.com were found in violation of Apple’s rules and developers were told to remove the code.

Apple follows in the footsteps of Google, which last week set out new policies around kids’ apps available for Android through Google Play. The move came following a complaint by the Federal Trade Commission filed by close to two-dozen consumer advocacy groups, which accused the mobile giant of not ensuring app compliance with federal children’s privacy laws.

Now with Apple’s new restrictions, at least kids have a fighting chance of keeping their iPhone data private.

Powered by WPeMatico

Google Play cracks down on marijuana apps, loot boxes and more

Posted by | Apps, developers, Google, Google Play, kids apps, loot boxes, marijuana, Mobile, play store, policies, regulation | No Comments

On Wednesday, Google rolled out new policies around kids’ apps on Google Play following an FTC complaint claiming a lack of attention to apps’ compliance with children’s privacy laws, and other rules around content. However, kids’ apps weren’t the only area being addressed this week. As it turns out, Google also cracked down on loot boxes and marijuana apps, while also expanding sections detailing prohibitions around hate speech, sexual content and counterfeit goods, among other things.

The two more notable changes include a crackdown on “loot boxes” and a ban on apps that offer marijuana delivery — while the service providers’ apps can remain, the actual ordering process has to take place outside of the app itself, Google said.

Specifically, Google will no longer allow apps offering the ability to order marijuana through an in-app shopping cart, those that assist users in the delivery or pickup of marijuana or those that facilitate the sale of THC products.

This isn’t a huge surprise — Apple already bans apps that allow for the sale of marijuana, tobacco or other controlled substances in a similar fashion. On iOS, apps like Eaze and Weedmaps are allowed, but they don’t offer an ordering function. That’s the same policy Google is now applying on Google Play.

This is a complex subject for Google, Apple and other app marketplace providers to tackle. Though some states have legalized the sale of marijuana, the laws vary. And it’s still illegal according to the federal government. Opting out of playing middleman here is probably the right step for app marketplace platforms.

That said, we understand Google has no intention of outright banning marijuana ordering and delivery apps.

The company knows they’re popular and wants them to stay. It’s even giving them a grace period of 30 days to make changes, and is working with the affected app developers to ensure they’ll remain accessible.

“These apps simply need to move the shopping cart flow outside of the app itself to be compliant with this new policy,” a spokesperson explained. “We’ve been in contact with many of the developers and are working with them to answer any technical questions and help them implement the changes without customer disruption.”

Another big change impacts loot boxes — a form of gambling popular among gamers. Essentially, people pay a fee to receive a random selection of in-game items, some of which may be rare or valuable. Loot boxes have been heavily criticized for a variety of reasons, including their negative effect on gameplay and how they’re often marketed to children.

Last week, a new Senate bill was introduced with bipartisan support that would prohibit the sale of loot boxes to children, and fine those in violation.

Google Play hasn’t gone so far as to ban loot boxes entirely, but instead says games have to now disclose the odds of getting each item.

In addition to these changes, Google rolled out a handful of more minor updates, detailed on its Developer Policy Center website. 

Here, Google says it has expanded the definition of what it considers sexual content to include a variety of new examples, like illustrations of sexual poses, content depicting sexual aids and fetishes and depictions of nudity that wouldn’t be appropriate in a public context. It also added “content that is lewd or profane,” according to Android Police, which compared the old and new versions of the policy.

Definitions that are somewhat “open to interpretation” is something that Apple commonly uses to gain better editorial control over its own App Store. By adding a ban of “lewd or profane” content, Google can opt to reject apps that aren’t covered by other examples.

Google also expanded its list of examples around hate speech to include: “compilations of assertions intended to prove that a protected group is inhuman, inferior or worthy of being hated;” “apps that contain theories about a protected group possessing negative characteristics (e.g. malicious, corrupt, evil, etc.), or explicitly or implicitly claims the group is a threat;” and “content or speech trying to encourage others to believe that people should be hated or discriminated against because they are a member of a protected group.”

Additional changes include an update to the Intellectual Property policy that more clearly prohibits the sale or promotion for sale of counterfeit goods within an app; a clarification of the User Generated Content policy to explicitly prohibit monetization features that encourage objectionable behavior by users; and an update to the Gambling policy, with more examples.

A Google spokesperson says the company regularly updates its Play Store developer policies in accordance with best practices and legal regulations around the world. However, the most recent set of changes err on the side of getting ahead of increased regulation — not only in terms of kids’ apps and data privacy, but also other areas now under legal scrutiny, like loot boxes and marijuana sales.

Powered by WPeMatico

Following FTC complaint, Google rolls out new policies around kids’ apps on Google Play

Posted by | Android, android apps, Apps, children, families, FTC, Google, Google Play, kids, Mobile | No Comments

Google announced this morning a new set of developer policies aimed at providing additional protections for children and families seeking kid-friendly apps on Google Play. The new policies require that developers ensure their apps are meeting all the necessary policy and regulatory requirements for apps that target children in terms of their content, ads and how they handle personally identifiable information.

For starters, developers are being asked to consider whether children are a part of their target audience — and, if they’re not, developers must ensure their app doesn’t unintentionally appeal to them. Google says it will now also double-check an app’s marketing to confirm this is the case and ask for changes, as needed.

Apps that do target children have to meet the policy requirements concerning content and handling of personally identifiable information. This shouldn’t be news to developers playing by the rules, as Google has had policies around “kid-safe” apps for years as part of its “Designed for Families” program, and countries have their own regulations to follow when it comes to collecting children’s data.

In addition, developers whose apps are targeting children must only serve ads from an ads network that has certified compliance with Google’s families policies.

To enforce these policies at scale, Google is now requiring all developers to complete the new target audience and content section of the Google Play Console. Here, they will have to specify more details about their app. If they say that children are targeted, they’ll be directed to the appropriate policies.

Google will use this information, alongside its review of the app’s marketing materials, in order to categorize apps and apply policies across three target groups: children, children and older users, and older users. (And because the definition of “children” may vary by country, developers will need to determine what age-based restrictions apply in the countries where their app is listed.)

Developers must comply with the process of filling out the information on Google Play and come into compliance with the updated policies by September 1, 2019.

The company says it’s committed to providing “a safe, positive environment” for kids and families, which is why it’s announcing these changes.

However, the changes are more likely inspired by an FTC complaint filed in December, in which a coalition of 22 consumer and public health advocacy groups, led by Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD), asked for an investigation of kids’ apps on Google Play.

The organizations claimed that Google was not verifying apps and games featured in the Family section of Google Play for compliance with U.S. children’s privacy law COPPA.

They also said many so-called “kids” apps exhibited bad behaviors — like showing ads that are difficult to exit or showing those that require viewing in order to continue the current game. Some apps pressured kids into making in-app purchases, and others were found serving ads for alcohol and gambling. And others, still, were found to model harmful behavior or contain graphic, sexualized images, the groups warned regulators.

The time when violations like these can slip through the cracks is long past, thanks to increased regulatory oversight across the online industry by way of laws like the EU’s GDPR, which focuses on data protection and privacy. The FTC is also more keen to act, as needed — it even recently doled out a record fine for TikTok for violating COPPA. 

The target audience and content section are live today in the Google Play Console, along with documentation on the new policies, a developer guide and online training. In addition, Google says it has increased its staffing and improved its communications for the Google Play app review and appeals processes in order to help developers get timely decisions and understand any changes they’re directed to make.

Update, 5/29/19, 4:30 PM ET:

Following Google’s announcement, the Campaign for a Commercial-Free Childhood (CCFC), which led the FTC complaint, issued a statement in response.

“It’s great that our coalition’s advocacy has awoken to Google to the massive issues with kids apps in the Play Store,” said CCFC Director Josh Golin. “Unfortunately, there’s not a lot of substance to these changes and it’s concerning that Google remains intent on outsourcing responsibility for compliance to developers rather than taking real steps to enforce its own policies.”

“Furthermore, if Google is serious about cracking down on developers that elide their legal responsibilities by pretending their apps aren’t child-directed, they should start by looking in the mirror. YouTube violates COPPA at a massive scale every day and Google’s laughable defense is that the site is only intended for 13 and up,” he added.

Powered by WPeMatico

A cryptocurrency stealing app found on Google Play was downloaded over a thousand times

Posted by | app-store, apple wallet, Apps, computing, cryptocurrency, e-commerce, Google Play, iPhone, Mobile, mobile app, online marketplaces, operating systems, Security | No Comments

Researchers have found two apps masquerading as cryptocurrency apps on Android’s app store, Google Play.

One of them was largely a dud. The second was designed to steal cryptocurrency, the researchers said.

Security firm ESET said one of the two fake Android apps impersonated Trezor, a hardware cryptocurrency wallet. The good news is that the app couldn’t be used to steal cryptocurrency stored by Trezor. But the researchers found the app was connected to a second Android app that could have been used to scam funds out of unsuspecting victims.

Lukas Stefanko, a security researcher at ESET — who has a long history of finding dodgy Android apps — said the fake Trezor app “appeared trustworthy at first glance” but was using a fake developer name to impersonate the company.

The fake app was designed to trick users into turning over a victim’s login credentials. Uploaded to Google Play on May 1, the app quickly ranked as the second-most popular search result when searching for “Trezor” behind the legitimate app, said Stefanko. Users on Reddit also found the fake app and reported it as recently as two weeks ago.

According to Stefanko, the server where user credentials were sent was linked to a website linked to another fake wallet, purportedly to store cryptocurrency, and also listed on Google Play since February 25.

“The app claims it lets its users create wallets for various cryptocurrencies,” said Stefanko. “However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we’ve named wallet address scams in our previous research into cryptocurrency-targeting malware.”

Both apps were collectively downloaded more than a thousand times. After ESET contacted Google, the apps were pulled offline the next day.

Read more:

Powered by WPeMatico

Trump’s Huawei ban also causing tech shocks in Europe

Posted by | Android, China, Europe, european commission, finland, Google, Google Play, Government, huawei, Jolla, Mobile, Nokia, play store, Qwant, Sami Pienimäki, search engine, smartphone, smartphones, stmicroelectronics, Trade war, trump, United States | No Comments

The escalating U.S.-China trade war that’s seen Chinese tech giant Huawei slapped on a U.S. trade blacklist is causing ripples of shock across Europe too, as restrictions imposed on U.S. companies hit regional suppliers concerned they could face U.S. restrictions if they don’t ditch Huawei.

Reuters reports shares fell sharply today in three European chipmakers — Infineon Technologies, AMS and STMicroelectronics — after reports suggested some already had, or were about to, halt shipments to Huawei following the executive order barring U.S. firms from trading with the Chinese tech giant.

The interconnectedness of high-tech supply chains coupled with U.S. dominance of the sector and Huawei’s strong regional position as a supplier of cellular, IT and network kit in Europe suddenly makes political risk a fast-accelerating threat for EU technology companies, large and small.

On the small side is French startup Qwant, which competes with Google by offering a pro-privacy search engine. In recent months it has been hoping to leverage a European antitrust decision against Google  Android last year to get smartphones to market in Europe that preload its search engine, not Google’s.

Huawei was its intended first major partner for such devices. Though, prior to recent trade war developments, it was already facing difficulties related to price incentives Google included in reworked EU Android licensing terms.

Still, the U.S.-China trade war threatens to throw a far more existential spanner in European Commission efforts to reset the competitive planning field for smartphone services — certainly if Google’s response to Huawei’s blacklisting is to torch its supply of almost all Android-related services, per Reuters.

A key aim of the EU antitrust decision was intended to support the unbundling of popular Google services from Android so that device makers can try selling combinations that aren’t entirely Google-flavored — while still being able to offer enough “Google” to excite consumers (such as preloading the Play Store but with a different search and browser bundle instead of the usual Google + Chrome combo).

Yet if Google intends to limit Huawei’s access to such key services, there’s little chance of that.

(In a statement responding to the Reuters report Google suggested it’s still deciding how to proceed, with a spokesperson writing: “We are complying with the order and reviewing the implications. For users of our services, Google Play and the security protections from Google Play Protect will continue to function on existing Huawei devices.”)

Going on Google’s initial response, Qwant co-founder and CEO Eric Léandri told us he thinks Google has overreacted — even as he dubbed the U.S.-China trade war “world war III — economical war but it’s a world war for sure.”

“I really need to see exactly what President Trump has said about Huawei and how to work with them. Because I think maybe Google has overreacted. Because I haven’t [interpreted it] that way so I’m very surprised,” he told TechCrunch.

“If Huawei can be [blacklisted] what about the others?,” he added. “Because I would say 60% of the cell phone sales in Europe today are coming from China. Huawei or ZTE, OnePlus and the others — they are all under the same kind of risk.

“Even some of our European brands who are very small like Nokia… all of them are made in China, usually with partnership with these big cell phone manufacturers. So that means several things but one thing that I’m sure is we should not rely on one OS. It would be difficult to explain how the Play Store is not as important as the search in Android.”

Léandri also questioned whether Google’s response to the blacklisting will include instructing Huawei not to even use its search engine — a move that could impact its share of the smartphone search market.

“At the end of the day there is just one thing I can say because I’m just a search engine and a European one — I haven’t seen Google asking to not be by default in Huawei as search engine. If they can be in the Huawei by default as a search engine so I presume that everyone else can be there.”

Léandri said Qwant will be watching to see what Huawei’s next steps will be — such as whether it will decide to try offering devices with its own store baked in in Europe.

And indeed how China will react.

“We have to understand the result politically, globally, the European consequences. The European attitude. It’s not only American and China — the rest of the world exists,” he said.

“I have plan b, plan c, plan d, plan f. To be clear we are a startup — so we can have tonnes of plans, The only thing is right now is it’s too enormous.

“I know that they are the two giants in the tech field… but the rest of the world have some words today and let’s see how the European Commission will react, my government will react and some of us will react because it’s not only a small commercial problem right now. It’s a real political power demonstration and it’s global so I will not be more — I am nobody in all this. I do my job and I do my job well and I will use the maximum opportunity that I can find on the market.”

We’ve reached out to the Commission to ask how it intends to respond to escalating risks for European tech firms as Trump’s trade war steps up.

Also today, Reuters reports that the German Economy Minister is examining the impact of U.S. sanctions against Huawei on local companies.

But while a startup like Qwant waits to see what the next few months will bring — and how the landscape of the smartphone market might radically reconfigure in the face of sharply spiking political risk, a different European startup is hoping to catch some uplift: Finland-based Jolla steers development of a made-in-Europe Android alternative, called Sailfish OS.

It’s a very tiny player in a Google-dominated smartphone world. Yet could be positioned to make gains amid U.S. and Chinese tech clashes — which in turn risk making major platform pieces feel a whole lot less stable.

A made-in-Europe non-Google-led OS might gain more ground among risk averse governments and enterprises — as a sensible hedge against Trump-fueled global uncertainty.

“Sailfish OS, as a non-American, open-source based, secure mobile OS platform, is naturally an interesting option for different players — currently the interest is stronger among corporate and governmental customers and partners, as our product offering is clearly focused on this segment,” says Jolla co-founder and CEO Sami Pienimäki .

“Overall, there definitely has been increased interest towards Sailfish OS as a mobile OS platform in different parts of the world, partly triggered by the on-going political activity in many locations. We have also had clearly more discussions with e.g. Chinese device manufacturers, and Jolla has also recently started new corporate and governmental customer projects in Europe.”

Powered by WPeMatico

Google says its app store will continue to work for existing Huawei smartphone owners

Posted by | Android, Apps, Asia, China, Developer, Gadgets, Google, Google Play, Google Play Store, huawei, Security | No Comments

Google said today that existing users of Huawei Android devices can continue to use Google Play app store, offering some relief to tens of millions of users worldwide even as it remains unclear if the Chinese tech giant will be able to use the fully-functioning version of Android in its future phones.

Existing Huawei phone users will also be able to enjoy security protections delivered through Google Play Protect, the company said in a statement to TechCrunch. Google Play Protect is a built-in malware detector that uses machine learning to detect and weed out rogue apps. Google did not specify whether Huawei devices will receive future Android updates.

The statement comes after Reuters reported on Sunday that Google is suspending some businesses with Huawei, the world’s second largest smartphone maker that shipped over 200 million handsets last year. The report claimed, a point not addressed by Google, that future Android devices from Huawei will not run Google Mobile Services, a host of services offered by Google including Google Play Store, and email client Gmail. A Huawei spokesperson said the company is looking into the situation but has nothing to share beyond this.

For Huawei users’ questions regarding our steps to comply w/ the recent US government actions: We assure you while we are complying with all US gov’t requirements, services like Google Play & security from Google Play Protect will keep functioning on your existing Huawei device.

— Android (@Android) May 20, 2019

 

It’s a major setback for Huawei, which unless resolved in the next few weeks, could significantly disrupt its phone business outside of China. The top Android phone vendor, which is already grappling with controversy over security concerns, will have to rethink its software strategy for future phones if there is no resolution. Dearth — or delay in delivery — of future Android updates would also hurt the company’s reputation among its customers around the globe.

“We are complying with the order and reviewing the implications,” a company spokesperson said in a statement.

The two tech companies find themselves in this awkward situation as a result of the latest development in the ongoing U.S-China trade war. Huawei and 70 of its affiliates have been put on an “entity list” by the U.S. Commerce Department over national security concerns, requiring local giants such as Google and Intel to take approval from the government before conducting business with the Chinese firm.

Huawei may have already foreseen this. A company executive revealed recently that Huawei had built its own Android-based operating system in case a future event prevented it from using existing systems. Per Reuters, Huawei can also continue to use AOSP, the open source Android operating system that ships stripped off Google Mobile Services. And on paper, it can also probably have an app store of its own. But convincing enough stakeholders to make their apps available on Huawei’s store and continually push updates could prove incredibly challenging.

Powered by WPeMatico

Android users’ security and privacy at risk from shadowy ecosystem of pre-installed software, study warns

Posted by | Adtech, Advertising Tech, Android, Apps, Facebook, Google, Google Play, Google Play Store, Mobile, pre-installed software, privacy, Security, trackers | No Comments

A large-scale independent study of pre-installed Android apps has cast a critical spotlight on the privacy and security risks that preloaded software poses to users of the Google developed mobile platform.

The researchers behind the paper, which has been published in preliminary form ahead of a future presentation at the IEEE Symposium on Security and Privacy, unearthed a complex ecosystem of players with a primary focus on advertising and “data-driven services” — which they argue the average Android user is unlikely to be unaware of (while also likely lacking the ability to uninstall/evade the baked in software’s privileged access to data and resources themselves).

The study, which was carried out by researchers at the Universidad Carlos III de Madrid (UC3M) and the IMDEA Networks Institute, in collaboration with the International Computer Science Institute (ICSI) at Berkeley (USA) and Stony Brook University of New York (US), encompassed more than 82,000 pre-installed Android apps across more than 1,700 devices manufactured by 214 brands, according to the IMDEA institute.

“The study shows, on the one hand, that the permission model on the Android operating system and its apps allow a large number of actors to track and obtain personal user information,” it writes. “At the same time, it reveals that the end user is not aware of these actors in the Android terminals or of the implications that this practice could have on their privacy.  Furthermore, the presence of this privileged software in the system makes it difficult to eliminate it if one is not an expert user.”

An example of a well-known app that can come pre-installed on certain Android devices is Facebook .

Earlier this year the social network giant was revealed to have inked an unknown number of agreements with device makers to preload its app. And while the company has claimed these pre-installs are just placeholders — unless or until a user chooses to actively engage with and download the Facebook app, Android users essentially have to take those claims on trust with no ability to verify the company’s claims (short of finding a friendly security researcher to conduct a traffic analysis) nor remove the app from their device themselves. Facebook pre-loads can only be disabled, not deleted entirely.

The company’s preloads also sometimes include a handful of other Facebook-branded system apps which are even less visible on the device and whose function is even more opaque.

Facebook previously confirmed to TechCrunch there’s no ability for Android users to delete any of its preloaded Facebook system apps either.

Facebook uses Android system apps to ensure people have the best possible user experience including reliably receiving notifications and having the latest version of our apps. These system apps only support the Facebook family of apps and products, are designed to be off by default until a person starts using a Facebook app, and can always be disabled,” a Facebook spokesperson told us earlier this month.

But the social network is just one of scores of companies involved in a sprawling, opaque and seemingly interlinked data gathering and trading ecosystem that Android supports and which the researchers set out to shine a light into.

In all 1,200 developers were identified behind the pre-installed software they found in the data-set they examined, as well as more than 11,000 third party libraries (SDKs). Many of the preloaded apps were found to display what the researchers dub potentially dangerous or undesired behavior.

The data-set underpinning their analysis was collected via crowd-sourcing methods — using a purpose-built app (called Firmware Scanner), and pulling data from the Lumen Privacy Monitor app. The latter provided the researchers with visibility on mobile traffic flow — via anonymized network flow metadata obtained from its users. 

They also crawled the Google Play Store to compare their findings on pre-installed apps with publicly available apps — and found that just 9% of the package names in their dataset were publicly indexed on Play. 

Another concerning finding relates to permissions. In addition to standard permissions defined in Android (i.e. which can be controlled by the user) the researchers say they identified more than 4,845 owner or “personalized” permissions by different actors in the manufacture and distribution of devices.

So that means they found systematic user permissions workarounds being enabled by scores of commercial deals cut in a non-transparency data-driven background Android software ecosystem.

“This type of permission allows the apps advertised on Google Play to evade Android’s permission model to access user data without requiring their consent upon installation of a new app,” writes the IMDEA.

The top-line conclusion of the study is that the supply chain around Android’s open source model is characterized by a lack of transparency — which in turn has enabled an ecosystem to grow unchecked and get established that’s rife with potentially harmful behaviors and even backdoored access to sensitive data, all without most Android users’ consent or awareness. (On the latter front the researchers carried out a small-scale survey of consent forms of some Android phones to examine user awareness.)

tl;dr the phrase ‘if it’s free you’re the product’ is a too trite cherry atop a staggeringly large yet entirely submerged data-gobbling iceberg. (Not least because Android smartphones don’t tend to be entirely free.)

“Potential partnerships and deals — made behind closed doors between stakeholders — may have made user data a commodity before users purchase their devices or decide to install software of their own,” the researchers warn. “Unfortunately, due to a lack of central authority or trust system to allow verification and attribution of the self-signed certificates that are used to sign apps, and due to a lack of any mechanism to identify the purpose and legitimacy of many of these apps and custom permissions, it is difficult to attribute unwanted and harmful app behaviors to the party or parties responsible. This has broader negative implications for accountability and liability in this ecosystem as a whole.”

The researchers go on to make a series of recommendations intended to address the lack of transparency and accountability in the Android ecosystem — including suggesting the introduction and use of certificates signed by globally-trusted certificate authorities, or a certificate transparency repository “dedicated to providing details and attribution for certificates used to sign various Android apps, including pre-installed apps, even if self-signed”.

They also suggest Android devices should be required to document all pre-installed apps, plus their purpose, and name the entity responsible for each piece of software — and do so in a manner that is “accessible and understandable to users”.

“[Android] users are not clearly informed about third-party software that is installed on their devices, including third-party tracking and advertising services embedded in many pre-installed apps, the types of data they collect from them, the capabilities and the amount of control they have on their devices, and the partnerships that allow information to be shared and control to be given to various other companies through custom permissions, backdoors, and side-channels. This necessitates a new form of privacy policy suitable for preinstalled apps to be defined and enforced to ensure that private information is at least communicated to the user in a clear and accessible way, accompanied by mechanisms to enable users to make informed decisions about how or whether to use such devices without having to root their devices,” they argue, calling for overhaul of what’s long been a moribund T&Cs system, from a consumer rights point of view.

In conclusion they couch the study as merely scratching the surface of “a much larger problem”, saying their hope for the work is to bring more attention to the pre-installed Android software ecosystem and encourage more critical examination of its impact on users’ privacy and security.

They also write that they intend to continue to work on improving the tools used to gather the data-set, as well as saying their plan is to “gradually” make the data-set itself available to the research community and regulators to encourage others to dive in.  

Google has responded to the paper with the following statement — attributed to a spokesperson:

We appreciate the work of the researchers and have been in contact with them regarding concerns we have about their methodology. Modern smartphones include system software designed by their manufacturers to ensure their devices run properly and meet user expectations. The researchers’ methodology is unable to differentiate pre-installed system software — such as diallers, app stores and diagnostic tools–from malicious software that has accessed the device at a later time, making it difficult to draw clear conclusions. We work with our OEM partners to help them ensure the quality and security of all apps they decide to pre-install on devices, and provide tools and infrastructure to our partners to help them scan their software for behavior that violates our standards for privacy and security. We also provide our partners with clear policies regarding the safety of pre-installed apps, and regularly give them information about potentially dangerous pre-loads we’ve identified.
This report was updated with comment from Google

Powered by WPeMatico

New Android adware found in 200 apps on Google Play

Posted by | Android, app developer, app-store, Google Play, google search, malware, Security, simulation | No Comments

Security researchers have found a new kind of mobile adware hidden in hundreds of Android apps, and downloaded more than 150 million times from Google Play.

The malware masquerading as an ad-serving platform, dubbed SimBad by researchers at security firm Check Point, infected more than 200 apps which, likely unbeknownst to the app developer, would open a backdoor to install additional malware as a way to outsmart Google’s app store scanning. Once installed, the downloaded malware also removes the app icon and persists in the background, loading each time the device boots up.

Once the malware retrieves its instructions from the command and control server, the malware runs through lists of web addresses in the background, serving ads to generate fraudulent revenue.

Check Point provided a list of the apps, which Google pulled from Google Play following a disclosure by the security researchers. The list can be found here. Google’s removal from the app store does not delete the app from users’ devices.

The top 10 downloaded games amount to 55 million downloads alone:

  • Snow Heavy Excavator Simulator (10,000,000 downloads)
  • Hoverboard Racing (5,000,000 downloads)
  • Real Tractor Farming Simulator (5,000,000 downloads)
  • Ambulance Rescue Driving (5,000,000 downloads)
  • Heavy Mountain Bus Simulator 2018 (5,000,000 downloads)
  • Fire Truck Emergency Driver (5,000,000 downloads)
  • Farming Tractor Real Harvest Simulator (5,000,000 downloads)
  • Car Parking Challenge (5,000,000 downloads)
  • Speed Boat Jet Ski Racing (5,000,000 downloads)
  • Water Surfing Car Stunt (5,000,000 downloads)

Some of the games, mostly simulation games — hence the malware’s name — date back on Google Play to March 2017, said Aviran Hazum, mobile threat intelligence team leader at Check Point, in an email to TechCrunch.

Hazum said the malware might be an adware for now, but has the potential to evolve into a larger threat.

A Google spokesperson, when reached, did not provide comment. The search giant typically doesn’t discuss app removals, largely because it’s an issue that keeps occurring. It’s far from the first time Google was forced to remove apps from its supposedly vetted app store. But time and again, the company had to react to dozens of bad apps that slip through its scanning efforts.

Google’s official figures put the number of apps it removed last year at about 700,000.

Powered by WPeMatico