Google Play

Android users’ security and privacy at risk from shadowy ecosystem of pre-installed software, study warns

Posted by | Adtech, Advertising Tech, Android, Apps, Facebook, Google, Google Play, Google Play Store, Mobile, pre-installed software, privacy, Security, trackers | No Comments

A large-scale independent study of pre-installed Android apps has cast a critical spotlight on the privacy and security risks that preloaded software poses to users of the Google developed mobile platform.

The researchers behind the paper, which has been published in preliminary form ahead of a future presentation at the IEEE Symposium on Security and Privacy, unearthed a complex ecosystem of players with a primary focus on advertising and “data-driven services” — which they argue the average Android user is unlikely to be unaware of (while also likely lacking the ability to uninstall/evade the baked in software’s privileged access to data and resources themselves).

The study, which was carried out by researchers at the Universidad Carlos III de Madrid (UC3M) and the IMDEA Networks Institute, in collaboration with the International Computer Science Institute (ICSI) at Berkeley (USA) and Stony Brook University of New York (US), encompassed more than 82,000 pre-installed Android apps across more than 1,700 devices manufactured by 214 brands, according to the IMDEA institute.

“The study shows, on the one hand, that the permission model on the Android operating system and its apps allow a large number of actors to track and obtain personal user information,” it writes. “At the same time, it reveals that the end user is not aware of these actors in the Android terminals or of the implications that this practice could have on their privacy.  Furthermore, the presence of this privileged software in the system makes it difficult to eliminate it if one is not an expert user.”

An example of a well-known app that can come pre-installed on certain Android devices is Facebook .

Earlier this year the social network giant was revealed to have inked an unknown number of agreements with device makers to preload its app. And while the company has claimed these pre-installs are just placeholders — unless or until a user chooses to actively engage with and download the Facebook app, Android users essentially have to take those claims on trust with no ability to verify the company’s claims (short of finding a friendly security researcher to conduct a traffic analysis) nor remove the app from their device themselves. Facebook pre-loads can only be disabled, not deleted entirely.

The company’s preloads also sometimes include a handful of other Facebook-branded system apps which are even less visible on the device and whose function is even more opaque.

Facebook previously confirmed to TechCrunch there’s no ability for Android users to delete any of its preloaded Facebook system apps either.

Facebook uses Android system apps to ensure people have the best possible user experience including reliably receiving notifications and having the latest version of our apps. These system apps only support the Facebook family of apps and products, are designed to be off by default until a person starts using a Facebook app, and can always be disabled,” a Facebook spokesperson told us earlier this month.

But the social network is just one of scores of companies involved in a sprawling, opaque and seemingly interlinked data gathering and trading ecosystem that Android supports and which the researchers set out to shine a light into.

In all 1,200 developers were identified behind the pre-installed software they found in the data-set they examined, as well as more than 11,000 third party libraries (SDKs). Many of the preloaded apps were found to display what the researchers dub potentially dangerous or undesired behavior.

The data-set underpinning their analysis was collected via crowd-sourcing methods — using a purpose-built app (called Firmware Scanner), and pulling data from the Lumen Privacy Monitor app. The latter provided the researchers with visibility on mobile traffic flow — via anonymized network flow metadata obtained from its users. 

They also crawled the Google Play Store to compare their findings on pre-installed apps with publicly available apps — and found that just 9% of the package names in their dataset were publicly indexed on Play. 

Another concerning finding relates to permissions. In addition to standard permissions defined in Android (i.e. which can be controlled by the user) the researchers say they identified more than 4,845 owner or “personalized” permissions by different actors in the manufacture and distribution of devices.

So that means they found systematic user permissions workarounds being enabled by scores of commercial deals cut in a non-transparency data-driven background Android software ecosystem.

“This type of permission allows the apps advertised on Google Play to evade Android’s permission model to access user data without requiring their consent upon installation of a new app,” writes the IMDEA.

The top-line conclusion of the study is that the supply chain around Android’s open source model is characterized by a lack of transparency — which in turn has enabled an ecosystem to grow unchecked and get established that’s rife with potentially harmful behaviors and even backdoored access to sensitive data, all without most Android users’ consent or awareness. (On the latter front the researchers carried out a small-scale survey of consent forms of some Android phones to examine user awareness.)

tl;dr the phrase ‘if it’s free you’re the product’ is a too trite cherry atop a staggeringly large yet entirely submerged data-gobbling iceberg. (Not least because Android smartphones don’t tend to be entirely free.)

“Potential partnerships and deals — made behind closed doors between stakeholders — may have made user data a commodity before users purchase their devices or decide to install software of their own,” the researchers warn. “Unfortunately, due to a lack of central authority or trust system to allow verification and attribution of the self-signed certificates that are used to sign apps, and due to a lack of any mechanism to identify the purpose and legitimacy of many of these apps and custom permissions, it is difficult to attribute unwanted and harmful app behaviors to the party or parties responsible. This has broader negative implications for accountability and liability in this ecosystem as a whole.”

The researchers go on to make a series of recommendations intended to address the lack of transparency and accountability in the Android ecosystem — including suggesting the introduction and use of certificates signed by globally-trusted certificate authorities, or a certificate transparency repository “dedicated to providing details and attribution for certificates used to sign various Android apps, including pre-installed apps, even if self-signed”.

They also suggest Android devices should be required to document all pre-installed apps, plus their purpose, and name the entity responsible for each piece of software — and do so in a manner that is “accessible and understandable to users”.

“[Android] users are not clearly informed about third-party software that is installed on their devices, including third-party tracking and advertising services embedded in many pre-installed apps, the types of data they collect from them, the capabilities and the amount of control they have on their devices, and the partnerships that allow information to be shared and control to be given to various other companies through custom permissions, backdoors, and side-channels. This necessitates a new form of privacy policy suitable for preinstalled apps to be defined and enforced to ensure that private information is at least communicated to the user in a clear and accessible way, accompanied by mechanisms to enable users to make informed decisions about how or whether to use such devices without having to root their devices,” they argue, calling for overhaul of what’s long been a moribund T&Cs system, from a consumer rights point of view.

In conclusion they couch the study as merely scratching the surface of “a much larger problem”, saying their hope for the work is to bring more attention to the pre-installed Android software ecosystem and encourage more critical examination of its impact on users’ privacy and security.

They also write that they intend to continue to work on improving the tools used to gather the data-set, as well as saying their plan is to “gradually” make the data-set itself available to the research community and regulators to encourage others to dive in.  

Google has responded to the paper with the following statement — attributed to a spokesperson:

We appreciate the work of the researchers and have been in contact with them regarding concerns we have about their methodology. Modern smartphones include system software designed by their manufacturers to ensure their devices run properly and meet user expectations. The researchers’ methodology is unable to differentiate pre-installed system software — such as diallers, app stores and diagnostic tools–from malicious software that has accessed the device at a later time, making it difficult to draw clear conclusions. We work with our OEM partners to help them ensure the quality and security of all apps they decide to pre-install on devices, and provide tools and infrastructure to our partners to help them scan their software for behavior that violates our standards for privacy and security. We also provide our partners with clear policies regarding the safety of pre-installed apps, and regularly give them information about potentially dangerous pre-loads we’ve identified.
This report was updated with comment from Google

Powered by WPeMatico

New Android adware found in 200 apps on Google Play

Posted by | Android, app developer, app-store, Google Play, google search, malware, Security, simulation | No Comments

Security researchers have found a new kind of mobile adware hidden in hundreds of Android apps, and downloaded more than 150 million times from Google Play.

The malware masquerading as an ad-serving platform, dubbed SimBad by researchers at security firm Check Point, infected more than 200 apps which, likely unbeknownst to the app developer, would open a backdoor to install additional malware as a way to outsmart Google’s app store scanning. Once installed, the downloaded malware also removes the app icon and persists in the background, loading each time the device boots up.

Once the malware retrieves its instructions from the command and control server, the malware runs through lists of web addresses in the background, serving ads to generate fraudulent revenue.

Check Point provided a list of the apps, which Google pulled from Google Play following a disclosure by the security researchers. The list can be found here. Google’s removal from the app store does not delete the app from users’ devices.

The top 10 downloaded games amount to 55 million downloads alone:

  • Snow Heavy Excavator Simulator (10,000,000 downloads)
  • Hoverboard Racing (5,000,000 downloads)
  • Real Tractor Farming Simulator (5,000,000 downloads)
  • Ambulance Rescue Driving (5,000,000 downloads)
  • Heavy Mountain Bus Simulator 2018 (5,000,000 downloads)
  • Fire Truck Emergency Driver (5,000,000 downloads)
  • Farming Tractor Real Harvest Simulator (5,000,000 downloads)
  • Car Parking Challenge (5,000,000 downloads)
  • Speed Boat Jet Ski Racing (5,000,000 downloads)
  • Water Surfing Car Stunt (5,000,000 downloads)

Some of the games, mostly simulation games — hence the malware’s name — date back on Google Play to March 2017, said Aviran Hazum, mobile threat intelligence team leader at Check Point, in an email to TechCrunch.

Hazum said the malware might be an adware for now, but has the potential to evolve into a larger threat.

A Google spokesperson, when reached, did not provide comment. The search giant typically doesn’t discuss app removals, largely because it’s an issue that keeps occurring. It’s far from the first time Google was forced to remove apps from its supposedly vetted app store. But time and again, the company had to react to dozens of bad apps that slip through its scanning efforts.

Google’s official figures put the number of apps it removed last year at about 700,000.

Powered by WPeMatico

Google gives Android developers new tools to make money from users who won’t pay

Posted by | Android, android apps, app stores, Apps, developers, Google, Google Play, monetization, revenue, TC | No Comments

Google today is introducing a new way for Android developers to generate revenue from their mobile applications. And no, it’s not subscription-related. Instead, the company is launching a new monetization option for apps called “Rewarded Products.” This will allow non-paying app users to contribute to an app’s revenue stream by sacrificing their time, but not their money. The first product will be rewarded video, where users can opt to watch a video ad in exchange for in-game currency, virtual goods or other benefits.

The feature may make developers happy, but it remains to be seen how users react. Reception will depend on how the videos are introduced in the app.

Even in Google’s example of the rewarded product in action — meant to showcase a best-design practice, one would think — the video interrupts gameplay between levels with a full-screen takeover. This is not a scenario users would respond well to unless this was presented as the only way to play a popular, previously paid-only game for free, perhaps.Rewarded video has worked for some apps where users have come to expect a free product. That could include free-to-play games or other services where subscribing is an option, not a requirement.

For example, Pandora’s music streaming service was free and ad-supported for years, as it was radio-only. After it introduced tiers offering on-demand streaming to compete with Spotify, it rolled out a rewarded video product — so to speak — of its own. Today, Pandora listeners can choose to watch a video ad to access on-demand music for a session as an alternative to paying a monthly subscription.

Android app developers, of course, are already using advertisements to supplement, or as a means of, monetization, but this launch creates an official Google Play “product.” This makes implementation easier on developers and gives Google a way to compete with third parties offering something similar.

Rewarded products can be added to any app using the Google Play Billing Library or AIDL interface with only a few additional API calls, the company says. It won’t require an SDK.

The launch comes at a time when Apple has been seeing success with subscriptions, which it has fully embraced, pushed and sometimes even let run amok. Subscriptions are now one of the biggest factors, outside of games, in app store revenue growth.

But Android users, historically, have been more averse to paying for apps than those on iOS. Apple’s store has even seen nearly double that of Google Play in terms of revenue — despite having far fewer downloads. That means Android developers will not be able to tap into the subscription craze at the same scale as their iOS counterparts. And it means cross-platform developers may further prioritize building for iOS, as a result.

Rewarded products offer those developers an alternative path to monetization on a platform where that’s often been more difficult, outside of running ads.

Google says the rewarded video product is launching into open beta, and is available in the Play Console for developers.

Powered by WPeMatico

Google introduces educational app Bolo to improve children’s literacy in India

Posted by | Android, android apps, Apps, Education, Google, Google Play, india, Pratham Education Foundation, reading, Speech Recognition, text-to-speech | No Comments

Google is expanding its suite of apps designed for the Indian market with today’s launch of a new language-learning app aimed at children, called Bolo. The app, which is aimed at elementary school-aged students, leverages technology like Google’s speech recognition and text-to-speech to help kids learn to read in both Hindi and English.

To do so, Bolo offers a catalog of 50 stories in Hindi and 40 in English, sourced from Storyweaver.org.in. The company says it plans to partner with other organizations in the future to expand the story selection.

Included in the app is a reading buddy, “Diya,” who encourages and corrects the child when they read aloud. As kids read, Diya can listen and respond with feedback. (Google notes all personal information remains on-device to protect kids’ privacy.) Diya can also read the text to the child and explain the meaning of English words. As children progress in the app, they’ll be presented with word games that win them in-app rewards and badges to motivate them.

The app works offline — a necessity in large parts of India — where internet access is not always available. Bolo can be used by multiple children, as well, and will adjust itself to their own reading levels.

Google says it had been trialing Bolo across 200 villages in Uttar Pradesh, India, with the help of nonprofit ASER Centre. During testing, it found that 64 percent of children who used the app showed an improvement in reading proficiency in three months’ time.

To run the pilot, 920 children were given the app and 600 were in a control group without the app, Google says.

In addition to improving their proficiency, more students in the group with the app (39 percent) reached the highest level of ASER’s reading assessment than those without it (28 percent), and parents also reported improvements in their children’s reading abilities.

Illiteracy remains a problem in India. The country has one of the largest illiterate populations in the world, where only 74 percent are able to read, according to a study by ASER Centre a few years back. It found then that more than half of students in fifth grade in rural state schools could not read second-grade textbooks in 2014. By 2018, that figure hadn’t changed much — still, only about half can read at a second-grade level, ASER now reports.

While Google today highlights its philanthropic efforts in education, it’s worth noting that Google’s interest in helping improve India’s literacy metrics benefits its bottom line, too. As the country continues to come online to become one of the largest internet markets in the world, literate users capable of using Google’s products like Search, Ads, Gmail and others are of increased importance to Google’s business.

Already, Google has shipped a number of applications designed specifically for Indian internet users, like data-friendly versions of YouTube, Search and other popular services, like payments app Tez (now rebranded Google Pay), a food delivery service, a neighborhood and communities networking app, a blogging app and more.

Today, Bolo is launching across India as an open beta, while Google will continue to work with its nonprofit partners — including Pratham Education Foundation, Room to Read, Saajha and Kaivalya Education Foundation — a Piramal Initiative — to bring the app to more children.

Bolo is available now on the Google Play Store in India, and works on Android smartphones running Android 4.4 (Kit Kat) and higher. The app is currently optimized for native Hindi speakers.

Powered by WPeMatico

Google starts pulling unvetted Android apps that access call logs and SMS messages

Posted by | Android, Apps, computing, Google, Google Play, google search, Mobile, privacy, product management, Security, smartphones, SMS | No Comments

Google is removing apps from Google Play that request permission to access call logs and SMS text message data but haven’t been manually vetted by Google staff.

The search and mobile giant said it is part of a move to cut down on apps that have access to sensitive calling and texting data.

Google said in October that Android apps will no longer be allowed to use the legacy permissions as part of a wider push for developers to use newer, more secure and privacy minded APIs. Many apps request access to call logs and texting data to verify two-factor authentication codes, for social sharing, or to replace the phone dialer. But Google acknowledged that this level of access can and has been abused by developers who misuse the permissions to gather sensitive data — or mishandle it altogether.

“Our new policy is designed to ensure that apps asking for these permissions need full and ongoing access to the sensitive data in order to accomplish the app’s primary use case, and that users will understand why this data would be required for the app to function,” wrote Paul Bankhead, Google’s director of product management for Google Play.

Any developer wanting to retain the ability to ask a user’s permission for calling and texting data has to fill out a permissions declaration.

Google will review the app and why it needs to retain access, and will weigh in several considerations, including why the developer is requesting access, the user benefit of the feature that’s requesting access and the risks associated with having access to call and texting data.

Bankhead conceded that under the new policy, some use cases will “no longer be allowed,” rendering some apps obsolete.

So far, tens of thousands of developers have already submitted new versions of their apps either removing the need to access call and texting permissions, Google said, or have submitted a permissions declaration.

Developers with a submitted declaration have until March 9 to receive approval or remove the permissions. In the meantime, Google has a full list of permitted use cases for the call log and text message permissions, as well as alternatives.

The last two years alone has seen several high-profile cases of Android apps or other services leaking or exposing call and text data. In late 2017, popular Android keyboard ai.type exposed a massive database of 31 million users, including 374 million phone numbers.

Powered by WPeMatico

Millions of Android users tricked into downloading 85 adware apps from Google Play

Posted by | Android, Apps, Google, Google Play, online marketplaces, privacy, Security, smartphones | No Comments

Another day, another batch of bad apps in Google Play.

Researchers at security firm Trend Micro have discovered dozens of apps, including popular utilities and games, to serve a ton of deceptively displayed ads — including full-screen ads, hidden ads and ads running in the background to squeeze as much money out of unsuspecting Android users.

In all, the researchers found 85 apps pushing adware, totaling at least 9 million affected users.

One app — a universal TV remote app for Android — had more than five million users alone, despite a rash of negative reviews and complaints that ads were “hidden in the background.” Other users said there were “so many ads, [they] can’t even use it.”

The researchers tested each app and found that most shared the same or similar code, and often the apps were similarly named. At every turn, tap or click, the app would display an ad, they found. In doing so, the app generates money for the app maker.

Some of the bad adware-ridden apps found by security researchers. (Image: Trend Micro)

Adware-fueled apps might not seem as bad as other apps packed with malware or hidden functionality, such as apps that pull malicious payloads from another server after the app is installed. At scale, that can amount to thousands of fraudulent ad dollars each week. Some ads also have a tendency to be malicious, containing hidden code that tries to trick users into installing malware on their phones or computers.

Some of the affected apps include: A/C Air Conditioner Remote, Police Chase Extreme City 3D Game, Easy Universal TV Remote, Garage Door Remote Control, Prado Parking City 3D Game and more. (You can find a full list of apps here.)

Google told TechCrunch that it had removed the apps, but a spokesperson did not comment further.

We tried reaching out to the universal TV remote app creator but the registered email on the since-removed Google Play store app points to a domain that no longer exists.

Despite Google’s best efforts in scanning apps before they’re accepted into Google Play, malicious apps are one of the biggest and most common threats to Android users. Google pulled more than 700,000 malicious apps from Google Play in the past year alone, and has tried to improve its back-end to prevent malicious apps from getting into the store in the first place.

Yet the search and mobile giant continues to battle rogue and malicious apps, pulling at least 13 malicious apps in a sweep in November alone.

Powered by WPeMatico

Consumer advocacy groups call on FTC to investigate kids’ apps on Google Play

Posted by | android apps, Apps, children, coppa, family, FTC, Google, Google Play, kids, Mobile, Policy, privacy, Security | No Comments

A coalition of 22 consumer and public health advocacy groups, led by Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD), have today filed a complaint with the Federal Trade Commission asking them to investigate and sanction Google for how its Google Play Store markets apps to children. The complaint states that Google features apps designed for very young children in its Play Store’s “Family” section, many of which are violating federal children’s privacy law, exposing kids to inappropriate content and disregarding Google’s own policies by luring kids into making in-app purchases and watching ads.

Google Play ‘Family’ section

Google first introduced its “Designed for Families” program back in 2015, which gives developers of kid-friendly apps meeting certain guidelines additional visibility in the Play Store. This includes a placement in the Family section, where apps are organized by age appropriateness.

To qualify, “Family” apps must abide by specific content policies, Google’s Developer Distribution Agreement and the Designed for Families DDA Addendum. The apps also must meet the Designed for Families program requirements. Legal compliance with federal privacy laws, including COPPA (Children’s Online Privacy Protection Rule), are among the requirements.

COPPA is designed to protect children under the age of 13 by giving parents control over what information sites and apps can collect from their kids.

Above: Google Play store showcases children’s content in its own dedicated sections

COPPA violations

But the new FTC complaint claims that Google is not verifying COPPA compliance when it accepts these apps and, as a result, many are in continual violation of the law.

“Our research revealed a surprising number of privacy violations on Android apps for children, including sharing geolocation with third parties,” said Serge Egelman, a researcher at the University of California, Berkeley, in a statement shared by the group. “Given Google’s assertion that Designed for Families apps must be COPPA compliant, it’s disappointing these violations still abound, even after Google was alerted to the scale of the problem,” he added.

TechCrunch asked the coalition if it had some idea about how many apps were in violation of COPPA, and were told the groups don’t know an exact number.

“From our survey — and more comprehensive analyses like the PET Study — it seems fairly prevalent,” Lindsey Barrett, Staff Attorney at Georgetown’s Institute for Public Representation, told us.

“The PET Study found that 73 percent of the kids apps in the Play store transmitted sensitive data over the internet, and we saw apps sending geolocation without notice and verifiable parental consent, and sending personal information unencrypted,” Barrett said. “Further, under COPPA, children’s PII cannot be used for behavioral advertising. Yet, many of the children’s apps we looked at were sending information to ad networks which say their services should not be used with children’s apps,” she added.

Other harms

The apps also engage in other bad behaviors, like regularly showing ads that are difficult to exit or showing those that require viewing in order to continue the current game, according to the complaint. Some apps pressure kids into making in-app purchases — in one example, the game characters were crying if the kids didn’t buy the locked items, it notes. Others show ads for alcohol and gambling, despite those being barred by Google’s Ad Policy.

Above: disturbing images from TabTale apps

The coalition additionally called out some apps for containing “graphic, sexualized images” like TutoTOONS “Sweet Baby Girl Daycare 4 – Babysitting Fun,” which has more than 10 million downloads. (The game has a part where kids change a baby’s diaper, wipe their diaper area, then rub powder all over the baby’s body.) Others model harmful behavior, like TabTale’s “Crazy Eye Clinic,” which teaches children to clean their eyes with a sharp instrument, and has more than one million downloads. (The game is currently not available on Google Play and its webpage is down.)

The complaint also broadly takes issue with apps that use common SDKs like those from Unity or Flurry (disclosure: Flurry and TechCrunch share a corporate parent) to collect device identifiers from the children’s apps.

“Nearly three-quarters of the apps in the Family section transmit device identifiers to third parties,” reads the complaint. “There is no way for us to know for sure what the device identifiers are used for. Since many of the apps send device identifiers to third parties that specialize in monetizing apps and/or engaging in interest-based (behavioral) advertising, it seems unlikely that this information is being used solely to support internal operations,” it says.

Above: Strawberry Shortcake Puppy Palace was called out for aggressive monetization efforts. Strawberry tells kids to buy things to keep the puppy happy — the implication is if you don’t pay, you’re making puppies sad.

The groups say that Google has been aware of all these problems for some time, but hasn’t taken adequate steps to enforce its criteria for developers. As a result, the consumer advocacy groups are urging the FTC to investigate the Play Store’s practices.

The coalition had previously asked the FTC to investigate developers of children’s apps aimed at preschoolers who were using manipulative advertising. But today’s complaint is focused on Google.

“Google (Alphabet, Inc.) has long engaged in unethical and harmful business practices, especially when it comes to children,” explained Jeff Chester, executive director of the Center for Digital Democracy. “And the Federal Trade Commission has for too long ignored this problem, placing both children and their parents at risk over their loss of privacy, and exposing them to a powerful and manipulative marketing apparatus. As one of the world’s leading providers of content for kids online, Google continues to put the enormous profits they make from kids ahead of any concern for their welfare,” Chester said.

Apple was not similarly called out because a similar analysis has not yet been done on its app marketplace, Josh Golin, executive director at CCFC told us. In Google’s case, he explained, two major studies found widespread issues with the Play Store apps for kids. One from Berkeley researchers found widespread COPPA non-compliance; the other, by University of Michigan researchers, found children’s play experience was often completely interrupted and undermined by aggressive marketing tactics.

The complaint comes at a time where there is increased scrutiny as to how tech companies are misusing and abusing consumer data and violating privacy. Kids game have already been the subject of some concern. And this morning, an NYT investigation into Facebook revealed it had shared more of users’ personal data than disclosed with major tech companies, following a year of data scandals.

The issue of data privacy is an industry-wide problem. Tech companies’ failures on this front will likely lead to increased regulation going forward.

Not all the named developers were immediately available to comment this morning. We’ll update if comments are provided. (Update: TutoToons says they removed the inappropriate content from the app after becoming aware of the complaint. They urged parents and child advocacy groups to reach out to them directly in the future.)

Google says it’s taking the complaint seriously. It has removed thousands of apps from its Designed for Families program this year, and rejects a third of applications.

“Parents want their children to be safe online and we work hard to protect them. Apps in our Designed for Families program have to comply with strict policies on content, privacy and advertising, and we take action on any policy violations that we find,” a Google spokesperson says. “We take these issues very seriously and continue to work hard to remove any content that is inappropriately aimed at children from our platform,” they added.

The full complaint is below.

 

Powered by WPeMatico

US mobile app stores had their biggest day ever on Black Friday 2018

Posted by | app-store, apple-app-store, Apps, black friday, black friday 2018, Google Play, Mobile, sensor tower | No Comments

Black Friday wasn’t just a boon for e-commerce retailers, it helped the mobile app stores break new records, too. According to a new report from Sensor Tower, the combined consumer spending across the U.S. Apple App Store and Google Play on Black Friday 2018 reached $75.9 million — a record for the most ever spent in a single day on both stores.

The App Store accounted for most of that figure, however, with U.S. consumers spending a record $52 million on Black Friday. That’s a 31.6 percent increase in spending over last year’s shopping event, when consumers then spent $39.5 million.

It’s also notably higher than Christmas 2017, when spending reached $39.8 million — typically a strong day for app purchases and in-app sales, as consumers unwrap new iPhones.

The App Store’s $52 million was more than double the $23.9 million spent on Google Play during the same time.

Sensor Tower attributes the increased spending to a variety of factors, largely driven by mobile gaming. Game makers this year got in on the Black Friday action by offering players discounts on in-app purchases and other special bundles.

On the U.S. App Store, mobile gaming accounted for 68 percent of Black Friday spending, with consumers spending $35.4 million on games. That’s a 63 percent increase from the week prior, the report notes.

Other categories saw a boost, too, including Food & Drink and Sports — both reflective of the leisure time consumers had over the holidays. Food & Drink grew 34 percent while Sports grew 49 percent, Sensor Tower found, with top apps like NYT Cooking and ESPN: Live Sports and Scores benefiting from the surge.

Though the Black Friday shopping holiday is heavily associated with the U.S. because of its ties to Thanksgiving, the sales event is making its way around the world, too.

On the mobile app stores, that meant worldwide consumer spending saw a jump this year, as well.

The firm found that $117.3 million was spent by App Store users outside the United States on Black Friday, bringing the global total to $169.3 million, up 18.4 percent from 2017. The spending outside the U.S. was up 13.9 percent year-over-year, but that’s lower than the U.S.’s year-over-year growth of 31.6 percent between Black Friday 2017 and Black Friday 2018.

Also of note: While Amazon had its biggest day ever on Cyber Monday 2018, Cyber Monday didn’t perform as well on the app stores. In the U.S., app revenue was up about 20 percent versus the previous Cyber Monday, to reach an estimated $37 million.

Powered by WPeMatico

A look at the Android Market (aka Google Play) on its 10th Anniversary

Posted by | android apps, App Annie, Apps, Google Play, Mobile | No Comments

Google Play has generated more than twice the downloads of the iOS App Store, reaching a 70 percent share of worldwide downloads in 2017, according to a new report from App Annie, released in conjunction with the 10th anniversary of the Android Market, now called Google Play. The report also examined the state of Google Play’s marketplace and the habits of Android users.

It found that, despite the large share of downloads, Google Play only accounted for 34 percent of worldwide consumer spend on apps, compared with 66 percent on the iOS App Store in 2017 — a figure that’s stayed relatively consistent for years.

Those numbers are consistent with the narrative that’s been told about the two app marketplaces for some time, as well. That is, Google has the sheer download numbers, thanks to the wide distribution of its devices — including its reach into emerging markets, thanks to low-cost smartphones. But Apple’s ecosystem is the one making more money from apps.

App Annie also found that the APAC (Asia-Pacific) region accounts for more than half of Google Play consumer spending. Japan was the largest market of all-time on this front, topping the charts with $25.1 billion dollars spent on apps and in-app purchases. It was followed by the U.S. ($19.3 billion) and South Korea ($11.2 billion).

The firm attributed some of Google Play’s success in Japan to carrier billing. This has allowed consumer spending to increase in markets like South Korea, Taiwan, Thailand and Singapore, as well, it said.

As to what consumers are spending their money on? Games, of course.

The report found that games accounted for 41 percent of downloads, but 88 percent of spend.

Outside of games, in-app subscriptions have contributed to revenue growth.

Non-game apps reached $2.7 billion in consumer spend last year, with 4 out of the top 5 apps offering a subscription model. The No. 1 app, LINE, was the exception. It was followed by subscription apps Tinder, Pandora, Netflix and HBO NOW.

In addition, App Annie examined the app usage patterns of Android users, and found they tend to have a lot of apps installed. In several markets, including the U.S. and Japan, Android users had more than 60 apps installed on their phones, and they used more than 30 apps every month.

Australia, the U.S. and South Korea led the way here, with users’ phones holding 100 or more apps.

The report also looked at the most popular games and apps of all time by both downloads and consumer spend. There weren’t many surprises on these lists, with apps like those made by Facebook dominating the top apps by downloads list, and subscription services dominating top apps by spend.

App Annie also noted Google Play has seen the release of nearly 10 million apps since its launch in 2008. Not all these remain, of course — by today’s count, there are just over 2.8 million apps live on Google Play.

 

The full report is available here.

Powered by WPeMatico

Google improves Android App Bundles and makes building Instant Apps easier

Posted by | Android, android studio, Apps, Developer, Firebase, Google, Google Play | No Comments

Google is launching a number of new features for Android app developers today that will make it easier for them to build smaller apps that download faster and to release instant apps that allow potential users to trial a new app without having to install it.

Android App Bundles, a feature that allows developers to modularize their apps and deliver features on demand, isn’t a new feature. The company announced it a while ago; there are now “thousands of app bundles” in production with an average file size reduction of 35 percent. With today’s update, Google is making some changes to how app bundles handle uncompressed native libraries that are already on a device. Those will lead to downloads that are on average 8 percent smaller and take up 16 percent less space on a device.

Talking about size, Google now lets developers upload app bundles with installed APK sizes of up to 500 megabytes, though this is currently still in early access.

In addition, App Bundles are now supported in Android Studio 3.2 stable and Unity 2018.3 beta.

While small app sizes are nice, another feature Google is announcing today will likely have a larger impact on developers and users alike. That’s because the company is making some changes to Instant Apps, a feature that allows developers to ship a small part of their apps as a trial or to show a part of the app experience when users come in from search results — and there’s no need to download the full app and go through the (slow) install procedure.

With this update, Google is now using App Bundles to let developers build their instant apps. That means they don’t have to publish both an instant app and an installable app. Instead, they can enable their App Bundles to include an instant app and publish a single app to the store. Thanks to that, there’s also no additional code to maintain.

Developers also can now build instant apps for their premium titles and publish them for their pre-registration campaigns, something that wasn’t previously an option.

Other updates for Android developers include improved crash reports that now combine real-world data from users with that from the Firebase Test Lab when Google sees those crashes under both circumstances. There also are updates to how developers can set up subscription billing for their apps and a couple of other minor changes you can read about here.

Powered by WPeMatico