operating systems

The consumer version of BBM is shutting down on May 31

Posted by | Android, apple-app-store, BBM, BlackBerry, computing, emtek, encryption, Google Play Store, imessage, Instant Messaging, messaging apps, Messenger, microsoft windows, Mobile, operating systems, private, research-in-motion, smartphone, smartphones, SMS, technology, WhatsApp, Windows Live Messenger | No Comments

It might be time to move on from BBM. The consumer version of the BlackBerry Messenger will shut down on May 31. Emtek, the Indonesia-based company that partnered with BlackBerry in 2016, just announced the closure. It’s important to note, BBM will still exist and BlackBerry today revealed a plan to open its enterprise-version of BBM to general consumers.

Starting today, BBM Enterprise will be available through the Google Play Store and eventually from the Apple App Store. The service will be free for one year and after that, $2.49 for six months of service. This version of the software, like the consumer version, still features group chats, voice and video calls and the ability to edit and retract messages.

As explained by BlackBerry, BBMe features end-to-end encryption:

BBMe can be downloaded on any device that uses Android, iOS, Windows or MAC operating systems. The sender and recipient each have unique public/private encryption and signing keys. These keys are generated on the device by a FIPS 140-2 certified cryptographic library and are not controlled by BlackBerry. Each message uses a new symmetric key for message encryption. Additionally, TLS encryption between the device and BlackBerry’s infrastructure protects BBMe messages from eavesdropping or manipulation.

BBM is one of the oldest smartphone messaging services. Research in Motion, BlackBerry’s original name, released the messenger in 2005. It quickly became a selling point for BlackBerry devices. BBM wasn’t perfect and occasionally crashed, but it was a robust, feature-filled messaging app when most of the world was still using SMS. Eventually, with the downfall of RIM and eventually BlackBerry, BBM fell behind iMessage, WhatsApp and other independent messaging platforms. Emtek’s partnership with BlackBerry was supposed to bring the service into the current age, but some say the consumer version ended up bloated with games, channels and ads. BlackBerry’s BBMe lacks a lot of those extra features, so consumers might find it a better platform for communicating.

Powered by WPeMatico

Alibaba will let you find restaurants and order food with voice in a car

Posted by | alibaba, alibaba group, alipay, Android, Asia, automotive, AutoNavi, Baidu, Beijing, China, Emerging-Technologies, in-car apps, online marketplaces, operating system, operating systems, order food, shanghai, taobao, Tencent, Transportation | No Comments

Competition in the Chinese internet has for years been about who controls your mobile apps. These days, giants are increasingly turning to offline scenarios, including what’s going on behind the dashboard in your car.

On Tuesday, Alibaba announced at the annual Shanghai Auto Show that it’s developing apps for connected cars that will let drivers find restaurants, queue up and make reservations at restaurants, order food and eventually complete a plethora of other tasks using voice, motion or touch control. Third-party developers are invited to make their in-car apps, which will run on Alibaba’s operating system AliOS.

Rather than working as standalone apps, these in-car services come in the form of “mini apps,” which are smaller than regular ones in exchange for faster access and smaller file sizes, in Alibaba’s all-in-one digital wallet Alipay . Alibaba has other so-called “super apps” in its ecosystem, such as marketplace Taobao and navigation service AutoNavi, but the payments solution clearly makes more economic sense if Alibaba wants people to spend more while sitting in a four-wheeler.

There’s no timeline for when Alibaba will officially roll out in-car mini apps, but it’s already planning for a launch, a company spokesperson told TechCrunch.

Making lite apps has been a popular strategy for China’s internet giants operating super apps that host outside apps, or “mini-apps”; that way users rarely need to leave their ecosystems. These lite apps are known to be easier and cheaper to build than a native app, although developers have to make concessions, like giving their hosts a certain level of access to user data and obeying rules as they would with Apple’s App Store. For in-car services, Alibaba says there will be “specific review criteria for safety and control” tailored to the auto industry.

alios cars alibaba

Photo source: Alibaba

Alibaba’s move is indicative of a heightened competition to control the operating system in next-gen connected cars. For those who wonder whether the e-commerce behemoth will make its own cars given it has aggressively infiltrated the physical space, like opening its own supermarket chain Hema, the company’s solution to vehicles appears to be on the software front, at least for now.

In 2017, Alibaba rebranded its operating system with a deep focus to put AliOS into car partners. To achieve this goal, Alibaba also set up a joint venture called Banma Network with state-owned automaker SAIC Motor and Dongfeng Peugeot Citroen, which is the French car company’s China venture, that would hawk and integrate AliOS-powered solutions with car clients. As of last August, 700,000 AliOS-powered SAIC vehicles had been sold.

Alibaba competitors Tencent and Baidu have also driven into the auto field, although through slightly different routes. Baidu began by betting on autonomous driving and built an Android-like developer platform for car manufacturers. While the futuristic plan is far from bearing significant commercial fruit, it has gained a strong foothold in self-driving with the most mileage driven in Beijing, a pivotal hub to test autonomous cars. Tencent’s car initiatives seem more nebulous. Like Baidu, it’s testing self-driving and like Alibaba, it’s partnered with industry veterans to make cars, but it’s unclear where the advantage lies for the social media and gaming giant in the auto space.

Powered by WPeMatico

Review: The $199 Echo Link turns the fidelity up to 11

Posted by | Amazon, Amazon Echo, amazon music unlimited, computing, echo, Echo Link, Gadgets, Google, google home, hardware, microsoft windows, operating systems, Pandora, smart speakers, Sonos, Spotify, streaming services | No Comments

The Echo Link takes streaming music and makes it sound better. Just wirelessly connect it to an Echo device and plug it into a set of nice speakers. It’s the missing link.

The Link bridges the gap between streaming music and a nice audio system. Instead of settling for the analog connection of an Echo Dot, the Echo Link serves audio over a digital connection and it makes just enough of a difference to justify the $200 price.

I plugged the Eco Link into the audio system in my office and was pleased with the results. This is the Echo device I’ve been waiting for.

In my case, the Echo Link took Spotfiy’s 320 kbps stream and opened it up. The Link creates a wider soundstage and makes the music a bit more full and expansive. The bass hits a touch harder and the highs now have a newfound crispness. Lyrics are clearer and easier to pick apart. The differences are subtle. Everything is just slightly improved over the sound quality found when using an Echo Dot’s 3.5mm output.

Don’t have a set of nice speakers? That’s okay; Amazon also just released the Echo Link Amp, which features a built-in amplifier capable of powering a set of small speakers.

Here’s the thing: I’m surprised Amazon is making the Echo Link. The device caters to what must be a small demographic of Echo owners looking to improve the quality of Pandora or Spotify when using an audio system. And yet, without support for local or streaming high-resolution audio, it’s not good enough for audiophiles. This is for wannabe audiophiles. Hey, that’s me.

Review

There are Echo’s scattered throughout my house. The devices provide a fantastic way to access music and NPR. The tiny Echo Link is perfect for the system in my office where I have a pair of Definitive Technology bookshelf speakers powered by an Onkyo receiver and amp. I have a turntable and SACD player connected to the receiver, but those are a hassle when I’m at my desk. The majority of the time I listen to Spotify through the Amazon Echo Input.

I added the Onkyo amplifier to the system last year and it made a huge difference to the quality. The music suddenly had more power. The two-channel amp pushes harder than the receiver, and resulted in audio that was more expansive and clear. And at any volume, too. I didn’t know what I was missing. That’s the trick with audio. Most of the time the audio sounds great until it suddenly sounds better. The Echo Link provided me with the same feeling of discovery.

To be clear, the $200 Echo Link does not provide a night and day difference in my audio quality. It’s a slight upgrade over the audio outputted by a $20 Echo Input — and don’t forget, an Echo device (like the $20 Echo Input) is required to make the Echo Link work.

The Echo Link provides the extra juice lacking from the Echo Input or Dot. Those less-expensive options output audio to an audio system, but only through an analog connection. The Echo Link offers a digital connection through Toslink or Digital Coax. It has analog outputs that’s powered by a DAC with a superior dynamic range and total harmonic distortion found in the Input or Dot. It’s an easy way to improve the quality of music from streaming services.

The Echo Link, and Echo Link Amp, also feature a headphone amp. It’s an interesting detail. With this jack, someone could have the Echo Link on their desk and use it to power a set of headphones without any loss of quality.

I set up a simple A/B test to spot the differences between a Link and a Dot. First, I connected the Echo Link with a Toslink connection to my receiver and an Echo Input. I also connected an Echo Dot through its 3.5mm analog connection to the receiver. I created a group in the Alexa app of the devices. This allowed each of the devices to play the same source simultaneously. Then, as needed, I was able to switch between the Dot and Link with just a touch of a button, providing an easy and quick way to test the differences.

I’ll leave it up to you to justify the cost. To me, as someone who has invested money into a quality audio system, the extra cost of the Echo Link is worth it. But to others, an Echo Dot could be enough.

It’s important to note that the Echo Link works a bit differently than other Echo devices connected to an audio system. When, say, a Dot is connected to an audio system, the internal speakers are turned off and all of the audio is sent to the system. The Echo Link doesn’t have to override the companion Echo. When an Echo Link is connected to an Echo device, the Echo still responds through its internal speakers; only music is sent to the Echo Link. For example, when the Echo is asked about the weather, the forecast is played back through the speakers in the Echo and not the audio system connected to the Echo Link. In most cases, this allows the owner to turn off the high-power speakers and still have access to voice commands on the Echo.

The Echo Link takes streaming music and instantly improves the quality. In my case, the improvements were slight but noticeable. It works with all the streaming services supported by Echo devices, but it’s important to note it does not work with Tidal’s high-res Master Audio tracks. The best the Echo Link can do is 320 kbps from Spotify or Tidal. This is a limiting factor and it’s not surprising. If the Echo Link supported Tidal’s Master Tracks, I would likely sign up for that service, and that is not in the best interest of Amazon, which hopes I sign up for Amazon Music Unlimited.

I spoke to Amazon about the Echo Link’s lack of support for Tidal Master Tracks and they indicated they’re interested in hearing how customers will use the device before committing to adding support.

The Link is interesting. Google doesn’t have anything similar in its Google Home Line. The Sonos Amp is similar, but with a built-in amplifier, it’s a closer competitor to the Echo Link Amp. Several high-end audio companies sell components that can stream audio over digital connections, yet none are as easy to use or as inexpensive as the Echo Link. The Echo Link is the easiest way to improve the sound of streaming music services.

Powered by WPeMatico

Snap is channeling Asia’s messaging giants with its move into gaming

Posted by | alibaba, Apps, Asia, Australia, Bitmoji, Canada, China, computing, e-commerce, epic games, Evan Spiegel, Facebook, food, France, game developers, Gaming, instagram, Instant Messaging, Japan, josh constine, Kakao, Los Angeles, messaging apps, Messenger, nhn japan, Nintendo, operating systems, player, Snap, Snapchat, Social, social media, social network, Software, Southeast Asia, Startups, Tencent, United Kingdom, United States, WeChat, WhatsApp | No Comments

Snap is taking a leaf out of the Asian messaging app playbook as its social messaging service enters a new era.

The company unveiled a series of new strategies that are aimed at breathing fresh life into the service that has been ruthlessly cloned by Facebook across Instagram, WhatsApp and even its primary social network. The result? Snap has consistently lost users since going public in 2017. It managed to stop the rot with a flat Q4, but resting on its laurels isn’t going to bring back the good times.

Snap has taken a three-pronged approach: extending its stories feature (and ads) into third-party apps and building out its camera play with an AR platform, but it is the launch of social games that is the most intriguing. The other moves are logical, and they fall in line with existing Snap strategies, but games is an entirely new category for the company.

It isn’t hard to see where Snap found inspiration for social games — Asian messaging companies have long twinned games and chat — but the U.S. company is applying its own twist to the genre.

Powered by WPeMatico

Gmail turns 15, gets Smart Compose improvements and email scheduling

Posted by | Android, computing, email, G Suite, gmail, Google, Google Allo, Mobile, mobile software, operating systems, webmail | No Comments

Exactly 15 years ago, Google decided to confuse everybody by launching its long-awaited web-based email client on April 1. This definitely wasn’t a joke, though, and Gmail went on to become one of Google’s most successful products. Today, to celebrate its fifteenth birthday (and maybe make you forget about today’s final demise of Inbox and tomorrow’s shutdown of Google+), the Gmail team announced a couple of new and useful Gmail features, including improvements to Smart Compose and the ability to schedule emails to be sent in the future.

Smart Compose, which tries to autocomplete your emails as you type them, will now be able to adapt to the way you write the greetings in your emails. If you prefer “Hey” over “Hi,” then Smart Compose will learn that. If you often fret over which subject to use for your emails, then there’s some relief here for you, too, because Smart Compose can now suggest a subject line based on the content of your email.

With this update, Smart Compose is now also available on all Android devices. Google says that it was previously only available on Pixel 3 devices, though I’ve been using it on my Pixel 2 for a while already, too. Support for iOS is coming soon.

In addition to this, Smart Compose is also coming to four new languages: Spanish, French, Italian and Portuguese.

That’s all very useful, but the feature that will likely get the most attention today is email scheduling. The idea here is as simple as the execution. The “Send” button now includes a drop-down menu that lets you schedule an email to be sent at a later time. Until now, you needed third-party services to do this, but now it’s directly integrated into Gmail.

Google is positioning the new feature as a digital wellness tool. “We understand that work can often carry over to non-business hours, but it’s important to be considerate of everyone’s downtime,” Jacob Bank, director of Product Management, G Suite, writes in today’s announcement. “We want to make it easier to respect everyone’s digital well-being, so we’re adding a new feature to Gmail that allows you to choose when an email should be sent.”

Powered by WPeMatico

Ahead of third antitrust ruling, Google announces fresh tweaks to Android in Europe

Posted by | Android, antitrust, Apple, Apps, chrome os, competition commission, DuckDuckGo, Europe, european commission, european union, France, G Suite, Google, Image search, joaquin almunia, Jolla, Kent Walker, Margrethe Vestager, Mobile, operating systems, play store, Policy, Qwant, search app, search engine, search engines, smartphone, Spotify, travel search | No Comments

Google is widely expected to be handed a third antitrust fine in Europe this week, with reports suggesting the European Commission’s decision in its long-running investigation of AdSense could land later today.

Right on cue the search giant has PRed another Android product tweak — which it bills as “supporting choice and competition in Europe”.

In the coming months Google says it will start prompting users of existing and new Android devices in Europe to ask which browser and search apps they would like to use.

This follows licensing changes for Android in Europe which Google announced last fall, following the Commission’s $5BN antitrust fine for anti-competitive behavior related to how it operates the dominant smartphone OS.

tl;dr competition regulation can shift policy and product.

Albeit, the devil will be in the detail of Google’s self-imposed ‘remedy’ for Android browser and search apps.

Which means how exactly the user is prompted will be key — given tech giants are well-versed in the manipulative arts of dark pattern design, enabling them to create ‘consent’ flows that deliver their desired outcome.

A ‘choice’ designed in such a way — based on wording, button/text size and color, timing of prompt and so on — to promote Google’s preferred browser and search app choice by subtly encouraging Android users to stick with its default apps may not actually end up being much of a ‘choice’.

According to Reuters the prompt will surface to Android users via the Play Store. (Though the version of Google’s blog post we read did not include that detail.)

Using the Play Store for the prompt would require an Android device to have Google’s app store pre-loaded — and licensing tweaks made to the OS in Europe last year were supposedly intended to enable OEMs to choose to unbundle Google apps from Android forks. Ergo making only the Play Store the route for enabling choice would be rather contradictory. (As well as spotlighting Google’s continued grip on Android.)

Add to that Google has the advantage of massive brand dominance here, thanks to its kingpin position in search, browsers and smartphone platforms.

So again the consumer decision is weighted in its favor. Or, to put it another way: ‘This is Google; it can afford to offer a ‘choice’.’

In its blog post getting out ahead of the Commission’s looming AdSense ruling, Google’s SVP of global affairs, Kent Walker, writes that the company has been “listening carefully to the feedback we’re getting” vis-a-vis competition.

Though the search giant is actually appealing both antitrust decisions. (The other being a $2.7BN fine it got slapped with two years ago for promoting its own shopping comparison service and demoting rivals’.)

“After the Commission’s July 2018 decision, we changed the licensing model for the Google apps we build for use on Android phones, creating new, separate licenses for Google Play, the Google Chrome browser, and for Google Search,” Walker continues. “In doing so, we maintained the freedom for phone makers to install any alternative app alongside a Google app.”

Other opinions are available on those changes too.

Such as French pro-privacy Google search rival Qwant, which last year told us how those licensing changes still make it essentially impossible for smartphone makers to profit off of devices that don’t bake in Google apps by default. (More recently Qwant’s founder condensed the situation to “it’s a joke“.)

Qwant and another European startup Jolla, which leads development of an Android alternative smartphone platform called Sailfish — and is also a competition complainant against Google in Europe — want regulators to step in and do more.

The Commission has said it is closely monitoring changes made by Google to determine whether or not the company has complied with its orders to stop anti-competitive behavior.

So the jury is still out on whether any of its tweaks sum to compliance. (Google says so but that’s as you’d expect — and certainly doesn’t mean the Commission will agree.)

In its Android decision last summer the Commission judged that Google’s practices harmed competition and “further innovation” in the wider mobile space, i.e. beyond Internet search — because it prevented other mobile browsers from competing effectively with its pre-installed Chrome browser.

So browser choice is a key component here. And ‘effective competition’ is the bar Google’s homebrew ‘remedies’ will have to meet.

Still, the company will be hoping its latest Android tweaks steer off further Commission antitrust action. Or at least generate more fuzz and fuel for its long-game legal appeal.

Current EU competition commissioner, Margrethe Vestager, has flagged for years that the division is also fielding complaints about other Google products, including travel search, image search and maps. Which suggests Google could face fresh antitrust investigations in future, even as the last of the first batch is about to wrap up.

The FT reports that Android users in the European economic area last week started seeing links to rival websites appearing above Google’s answer box for searches for products, jobs or businesses — with the rival links appearing above paid results links to Google’s own services.

The newspaper points out that tweak is similar to a change promoted by Google in 2013, when it was trying to resolve EU antitrust concerns under the prior commissioner, Joaquín Almunia.

However rivals at the time complained the tweak was insufficient. The Commission subsequently agreed — and under Vestager’s tenure went on to hit Google with antitrust fines.

Walker doesn’t mention these any of additional antitrust complaints swirling around Google’s business in Europe, choosing to focus on highlighting changes it’s made in response to the two extant Commission antitrust rulings.

“After the Commission’s July 2018 decision, we changed the licensing model for the Google apps we build for use on Android phones, creating new, separate licenses for Google Play, the Google Chrome browser, and for Google Search. In doing so, we maintained the freedom for phone makers to install any alternative app alongside a Google app,” he writes.

Nor does he make mention of a recent change Google quietly made to the lists of default search engine choices in its Chrome browser — which expanded the “choice” he claims the company offers by surfacing more rivals. (The biggest beneficiary of that tweak is privacy search rival DuckDuckGo, which suddenly got added to the Chrome search engine lists in around 60 markets. Qwant also got added as a default choice in France.)

Talking about Android specifically Walker instead takes a subtle indirect swipe at iOS maker Apple — which now finds itself the target of competition complaints in Europe, via music streaming rival Spotify, and is potentially facing a Commission probe of its own (albeit, iOS’ marketshare in Europe is tiny vs Android). So top deflecting Google.

“On Android phones, you’ve always been able to install any search engine or browser you want, irrespective of what came pre-installed on the phone when you bought it. In fact, a typical Android phone user will usually install around 50 additional apps on their phone,” Walker writes, drawing attention to the fact that Apple does not offer iOS users as much of a literal choice as Google does.

“Now we’ll also do more to ensure that Android phone owners know about the wide choice of browsers and search engines available to download to their phones,” he adds, saying: “This will involve asking users of existing and new Android devices in Europe which browser and search apps they would like to use.”

We’ve reached out to Commission for comment, and to Google with questions about the design of its incoming browser and search app prompts for Android users in Europe and will update this report with any response.

Powered by WPeMatico

Gaming clips service Medal has bought Donate Bot for direct donations and payments

Posted by | api, bot, computing, discord, e-commerce, freeware, Gaming, M&A, operating systems, Patreon, PayPal, Shopify, social media platforms, Software, Steam, subscription services, TC, Twitter | No Comments

The Los Angeles-based video gaming clipping service Medal has made its first acquisition as it rolls out new features to its user base.

The company has acquired the Discord -based donations and payments service Donate Bot to enable direct payments and other types of transactions directly on its site.

Now, the company is rolling out a service to any Medal user with more than 100 followers, allowing them to accept donations, subscriptions and payments directly from their clips on mobile, web, desktop and through embedded clips, according to a blog post from company founder Pim De Witte.

For now, and for at least the next year, the service will be free to Medal users — meaning the company won’t take a dime of any users’ revenue made through payments on the platform.

For users who already have a storefront up with Patreon, Shopify, Paypal.me, Streamlabs or ko-fi, Medal won’t wreck the channel — integrating with those and other payment processing systems.

Through the Donate Bot service any user with a discord server can generate a donation link, which can be customized to become more of a customer acquisition funnel for teams or gamers that sell their own merchandise.

Webhooks API gives users a way to add donors to various list or subscription services or stream overlays, and the Donate Bot is directly linked with Discord Bot List and Discord Server List as well, so you can accept donations without having to set up a website.

In addition, the company updated its social features, so clips made on Medal can ultimately be shared on social media platforms like Twitter and Discord — and the company is also integrated with Discord, Twitter and Steam in a way to encourage easier signups.

Powered by WPeMatico

The Google Assistant gets a button

Posted by | Android, Assistant, Google Assistant, LG, Nokia, operating systems, PIXEL, Samsung, smartphones, TC, Xiaomi | No Comments

Traditionally, the Google Assistant always lived under the home button on Android phones, but as the company announced at MWC today, LG, Nokia, Xiaomi, TCL and Vivo are about to launch phones with dedicated assistant buttons, similar to what Samsung has long done with its Bixby assistant.

The new phones with the button that are launching this week are the LG G8 ThinQ and K40 and the Nokia 3.2 and 4.2. The upcoming Xiaomi Mi Mix 3 5G and Mi 9, as well as new phones from Vivo (including the Vivo V15 Pro) and TCL will also feature a dedicated Assistant button. With this, Google expects that over 100 million devices will soon offer this feature.

With a dedicated button, Google can also build a few new features into the Android OS, too, that’ll make it easier to bring up some Assistant features that were traditionally always a few taps away.

As expected, a single tap on the button will bring up the Assistant, just like a long tap on your phone does today. A double tap will bring up the Assistant’s visual snapshot feature that provides you with contextual information about your day and location (similar to the sorely missed Google Now of days gone by). A long press activates what Google calls a “walkie talkie feature.” This ensures that the Assistant listens to longer queries, which Google says is “perfect for emails or long text message.”

It’s interesting to see that the Android ecosystem is now building these buttons into phones (and we can probably assume that Google’s own next-gen Pixel devices or the fabled low-end Pixel 3 will have one, too). They will make it easier to discover the Assistant, of course, and maybe get people to use it more often, too — and that’s surely what Google is hoping for.

Powered by WPeMatico

Many popular iPhone apps secretly record your screen without asking

Posted by | analyst, app-store, apple inc, Banking, iOS, iPhone, iTunes, Mobile, mobile app, mobile software, operating systems, privacy, Security, smartphones, terms of service, travel sites | No Comments

Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.

You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.

Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.

Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”

The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles.

“This gives Air Canada employees — and anyone else capable of accessing the screenshot database — to see unencrypted credit card and password information,” he told TechCrunch.

In the case of Air Canada’s app, although the fields are masked, the masking didn’t always stick (Image: The App Analyst/supplied)

We asked The App Analyst to look at a sample of apps that Glassbox had listed on its website as customers. Using Charles Proxy, a man-in-the-middle tool used to intercept the data sent from the app, the researcher could examine what data was going out of the device.

Not every app was leaking masked data; none of the apps we examined said they were recording a user’s screen — let alone sending them back to each company or directly to Glassbox’s cloud.

That could be a problem if any one of Glassbox’s customers aren’t properly masking data, he said in an email. “Since this data is often sent back to Glassbox servers I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords,” he said.

The App Analyst said that while Hollister and Abercrombie & Fitch sent their session replays to Glassbox, others like Expedia and Hotels.com opted to capture and send session replay data back to a server on their own domain. He said that the data was “mostly obfuscated,” but did see in some cases email addresses and postal codes. The researcher said Singapore Airlines also collected session replay data but sent it back to Glassbox’s cloud.

Without analyzing the data for each app, it’s impossible to know if an app is recording a user’s screens of how you’re using the app. We didn’t even find it in the small print of their privacy policies.

Apps that are submitted to Apple’s App Store must have a privacy policy, but none of the apps we reviewed make it clear in their policies that they record a user’s screen. Glassbox doesn’t require any special permission from Apple or from the user, so there’s no way a user would know.

Expedia’s policy makes no mention of recording your screen, nor does Hotels.com’s policy. And in Air Canada’s case, we couldn’t spot a single line in its iOS terms and conditions or privacy policy that suggests the iPhone app sends screen data back to the airline. And in Singapore Airlines’ privacy policy, there’s no mention, either.

We asked all of the companies to point us to exactly where in its privacy policies it permits each app to capture what a user does on their phone.

Only Abercombie responded, confirming that Glassbox “helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience.” The spokesperson pointing to Abercrombie’s privacy policy makes no mention of session replays, neither does its sister-brand Hollister’s policy.

“I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users data and who they share it with,” said The App Analyst.

When asked, Glassbox said it doesn’t enforce its customers to mention its usage in their privacy policy.

“Glassbox has a unique capability to reconstruct the mobile application view in a visual format, which is another view of analytics, Glassbox SDK can interact with our customers native app only and technically cannot break the boundary of the app,” the spokesperson said, such as when the system keyboard covers part of the native app, “Glassbox does not have access to it,” the spokesperson said.

Glassbox is one of many session replay services on the market. Appsee actively markets its “user recording” technology that lets developers “see your app through your user’s eyes,” while UXCam says it lets developers “watch recordings of your users’ sessions, including all their gestures and triggered events.” Most went under the radar until Mixpanel sparked anger for mistakenly harvesting passwords after masking safeguards failed.

It’s not an industry that’s likely to go away any time soon — companies rely on this kind of session replay data to understand why things break, which can be costly in high-revenue situations.

But for the fact that the app developers don’t publicize it just goes to show how creepy even they know it is.


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Powered by WPeMatico

Gmail on mobile gets a fresh coat of Material Design paint

Posted by | Android, email, gmail, Google, Mobile, operating systems, TC | No Comments

Gmail on mobile will soon get a new look. Google today announced that its mobile email apps for iOS and Android are getting a redesign that is in line with the company’s recent Material Design updates to Gmail, Drive, Calendar and Docs and Site. Indeed, the new UI will look familiar to anybody who has ever used the Gmail web app, including that version’s ability to select three different density styles. You’ll also see some new fonts and other visual tweaks. In terms of functionality, the mobile app is also getting a few new features that put it on par with the web version.

Like on the desktop, you can now choose between the default view, as well as a comfortable and compact style. The default view features a generous amount of white space and the same attachment chips underneath the email preview as the web version. The comfortable view does away with those chips and the compact view removes a lot of the space between messages to show you more emails at a glance.

I’ve been testing the new app for a bit and quickly settled on the comfortable view, as I never found the attachment chips all that useful in day-to-day use.

In line with Google’s Material Design guidelines, all the styles feature relatively subtle but welcome animations that don’t take a lot of time but give you a couple of extra visual cues about what’s going on as you work your way to Inbox Zero.

Google also notes that the new design makes it a bit easier to switch between accounts. I’m not sure I agree (I definitely find the implementation of this in Inbox, which is sadly going away soon, easier to use), but if you regularly use this feature, it’s still easy enough to use. The switcher is now part of the search bar, though, which is a bit confusing and took me a moment to find.

One nice addition to the mobile app is that the large red phishing and scam warning box from the web version now also appears in the mobile app.

Powered by WPeMatico