Menu

Timesdelhi.com

February 24, 2019
Category archive

app-store

Apple partners with Oakland nonprofit Dream Corps on Swift coding initiative

in app-store/Apple/Apps/coding/Delhi/developers/dream corps/India/iOS/learn to code/macos/nonprofit/Politics/programming/Swift/tvos/watchOS by

Apple this morning announced a new partnership designed to train more people to code using its own programming language, Swift. The company says it’s now working with the Oakland-based nonprofit organization Dream Corps on the initiative, which will see Apple providing technology along with curriculum guidance, professional support and advocacy to individuals in middle and high schools, college and beyond.

The nonprofit currently operates its own learn-to-code program called #YesWeCode, which has graduated 100 people to date and placed around 60 percent in tech jobs. Its long-term goal is to help 100,000 young people from underrepresented backgrounds to be able to train for jobs in tech.

“I see Dream Corps as a peace corps for the American Dream,” said CEO Vien Truong, in a statement. Truong joined the organization in 2015, and is herself the youngest of 11 children born to an immigrant couple who migrated from Vietnam in the 1970’s, Apple also noted.

“It’s about making sure that we can help support people who lived or grew up in communities like mine. And this partnership with Apple will help unlock the untapped genius and talent within those communities, which will allow a new generation to achieve their dreams,” she added.

Dream Corps is now working with the Mayor’s Office and City of Oakland to find a location for a dedicated space to support the program with Apple and other workforce development initiatives. Apple says it’s expected to launch its program later this year in the Bay Area.

Apple’s investment in programming training and development is part of its larger Community Education Initiative. But partnerships like this aren’t the only way Apple is pushing people to learn to code with Swift.

Since the language’s introduction in 2014, Apple has rolled out several programs and tools aimed at helping introduce more people to Swift, including the 2016 launch of kids coding app Swift Playgrounds, expansions of its own “Everyone Can Code” program across the U.S. and elsewhere in the world; the addition of free coding sessions at its retail stores; and it has offered educational tools, software and curriculum for teachers.

For Apple, all of this is about ensuring there’s a new generation of developers learning its tools and Swift, in order to develop new apps for its platforms, iOS, macOS, watchOS and tvOS.

At last year’s WWDC event, WWDC, Apple CEO Tim Cook said there were 20 million registered developers on iOS, who collectively made about $100 billion in revenues, while the App Store saw some 500 million visitors per week.

As more of Apple’s business shifts to its growing Services business instead of just iPhone sales, it’s critical to ensure the developer pipeline remains open and accessible.

News Source = techcrunch.com

US iPhone users spent, on average, $79 on apps last year, up 36% from 2017

in app-store/Apps/Delhi/India/mobile/Politics/subscriptions by

Apple’s push to get developers to build subscription-based apps is now having a notable impact on App Store revenues. According to a new report from Sensor Tower due out later this week, revenue generated per U.S. iPhone grew 36 percent, from $58 in 2017 to $79 last year. As is typical, much of that increase can be attributed to mobile gaming, which accounted for more than half of this per-device average. However, more substantial growth took place in the categories outside of gaming — including those categories where subscription-based apps tend to rule the top charts, the firm found.

According to the report’s findings, per-device app spending in the U.S. grew more over the past year than it did in 2017.

From 2017 to 2018, iPhone users spent an average of $21 or more on in-app purchases and paid app downloads — a 36 percent increase compared with the 23 percent increase from 2016 to 2017, when revenue per device grew from $47 to $58.

However, 2018’s figure was slightly lower than the 42 percent increase in average per-device spending seen between 2015 and 2016, when revenue grew from $33 to $47, noted Sensor Tower.

As usual, mobile gaming continued to play a large role in iPhone spending. In 2018, gaming accounted for nearly 56 percent of the average consumer spend — or $44 out of the total $79 spent per iPhone.

But what’s more interesting is how the non-gaming categories fared this past year.

Some categories — including those where subscription-based apps dominate the top charts — saw even higher year-over-year growth in 2018, the firm found.

For example, Entertainment apps grew their spend per device increase by 82 percent to $8 of the total in 2018. Lifestyle apps increased by 86 percent to reach $3.90, up from $2.10.

And though it didn’t make the top five, Health & Fitness apps also grew 75 percent year-over-year to account for an average of $2.70, up from $1.60 in 2017.

Other categories in the top five included Music and Social Networking apps, which both grew by 22 percent.

This data indicates that subscription apps are playing a significant role in helping drive iPhone consumer spending higher.

The news comes at a time when Apple has reported slowing iPhone sales, which is pushing the company to lean more on services to continue to boost its revenue. This includes not just App Store subscriptions, but also things like Apple Music, Apple Pay, iCloud, App Store Search ads, AppleCare and more.

As subscriptions become more popular, Apple will need to remain vigilant against those who would abuse the system.

For example, a number of sneaky subscription apps were found plaguing the App Store in recent weeks. They were duping users into paid memberships with tricky buttons, hidden text, instant trials that converted in days and the use of other misleading tactics.

Apple later cracked down by removing some of the apps, and updated its developer guidelines with stricter rules about how subscriptions should both look and operate.

A failure to properly police the App Store or set boundaries to prevent the overuse of subscriptions could end up turning users off from downloading new apps altogether — especially if users begin to think that every app is after a long-term financial commitment.

Developers will need to be clever to convert users and retain subscribers amid this shift away from paid apps to those that come with a monthly bill. App makers will need to properly market their subscription’s benefits, and even consider offering bundles to increase the value.

But in the near-term, the big takeaway for developers is that there is still good money to be made on the App Store, even if iPhone sales are slowing.

News Source = techcrunch.com

Many popular iPhone apps secretly record your screen without asking

in analyst/app-store/apple inc/Banking/Delhi/India/iOS/iPhone/iTunes/mobile/mobile app/mobile software/operating systems/Politics/privacy/Security/smartphones/terms of service/travel sites by

Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.

You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.

Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.

Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”

The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles.

“This gives Air Canada employees — and anyone else capable of accessing the screenshot database — to see unencrypted credit card and password information,” he told TechCrunch.

In the case of Air Canada’s app, although the fields are masked, the masking didn’t always stick (Image: The App Analyst/supplied)

We asked The App Analyst to look at a sample of apps that Glassbox had listed on its website as customers. Using Charles Proxy, a man-in-the-middle tool used to intercept the data sent from the app, the researcher could examine what data was going out of the device.

Not every app was leaking masked data; none of the apps we examined said they were recording a user’s screen — let alone sending them back to each company or directly to Glassbox’s cloud.

That could be a problem if any one of Glassbox’s customers aren’t properly masking data, he said in an email. “Since this data is often sent back to Glassbox servers I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords,” he said.

The App Analyst said that while Hollister and Abercrombie & Fitch sent their session replays to Glassbox, others like Expedia and Hotels.com opted to capture and send session replay data back to a server on their own domain. He said that the data was “mostly obfuscated,” but did see in some cases email addresses and postal codes. The researcher said Singapore Airlines also collected session replay data but sent it back to Glassbox’s cloud.

Without analyzing the data for each app, it’s impossible to know if an app is recording a user’s screens of how you’re using the app. We didn’t even find it in the small print of their privacy policies.

Apps that are submitted to Apple’s App Store must have a privacy policy, but none of the apps we reviewed make it clear in their policies that they record a user’s screen. Glassbox doesn’t require any special permission from Apple or from the user, so there’s no way a user would know.

Expedia’s policy makes no mention of recording your screen, nor does Hotels.com’s policy. And in Air Canada’s case, we couldn’t spot a single line in its iOS terms and conditions or privacy policy that suggests the iPhone app sends screen data back to the airline. And in Singapore Airlines’ privacy policy, there’s no mention, either.

We asked all of the companies to point us to exactly where in its privacy policies it permits each app to capture what a user does on their phone.

Only Abercombie responded, confirming that Glassbox “helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience.” The spokesperson pointing to Abercrombie’s privacy policy makes no mention of session replays, neither does its sister-brand Hollister’s policy.

“I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users data and who they share it with,” said The App Analyst.

When asked, Glassbox said it doesn’t enforce its customers to mention its usage in their privacy policy.

“Glassbox has a unique capability to reconstruct the mobile application view in a visual format, which is another view of analytics, Glassbox SDK can interact with our customers native app only and technically cannot break the boundary of the app,” the spokesperson said, such as when the system keyboard covers part of the native app, “Glassbox does not have access to it,” the spokesperson said.

Glassbox is one of many session replay services on the market. Appsee actively markets its “user recording” technology that lets developers “see your app through your user’s eyes,” while UXCam says it lets developers “watch recordings of your users’ sessions, including all their gestures and triggered events.” Most went under the radar until Mixpanel sparked anger for mistakenly harvesting passwords after masking safeguards failed.

It’s not an industry that’s likely to go away any time soon — companies rely on this kind of session replay data to understand why things break, which can be costly in high-revenue situations.

But for the fact that the app developers don’t publicize it just goes to show how creepy even they know it is.


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

News Source = techcrunch.com

Everything you need to know about Facebook, Google’s app scandal

in app-store/Apple/apple-app-store/Apps/Delhi/Europe/Facebook/Federal Trade Commission/Finance/General Data Protection Regulation/Google/India/messaging apps/mobile devices/operating systems/Politics/privacy/Security/smartphones/social media/Sonos/United States by

Facebook and Google landed in hot water with Apple this week after two investigations by TechCrunch revealed the misuse of internal-only certificates — leading to their revocation, which led to a day of downtime at the two tech giants.

Confused about what happened? Here’s everything you need to know.

How did all this start, and what happened?

On Monday, we revealed that Facebook was misusing an Apple-issued certificate that is only meant for companies to use to distribute internal, employee-only apps without having to go through the Apple App Store. But the social media giant used that certificate to sign an app that Facebook distributed outside the company, violating Apple’s rules.

The app, known simply as “Research,” allowed Facebook access to all the data flowing out of the device it was installed on. Facebook paid users — including teenagers — $20 per month to install the app. But it wasn’t clear exactly what kind of data was being vacuumed up, or for what reason.

It turns out that the app was a repackaged app that was effectively banned from Apple’s App Store last year for collecting too much data on users.

Apple was angry that Facebook was misusing its special-issue certificates to push an app it already banned, and revoked it — rendering the app useless. But Facebook was using that same certificate to sign its other employee-only apps, effectively knocking them offline until Apple re-issued the certificate.

Then, it turned out Google was doing almost exactly the same thing with its Screenwise app, and Apple’s ban-hammer fell again.

What’s the controversy over these certificates and what can they do?

If you want to develop Apple apps, you have to abide by its rules.

A key rule is that Apple doesn’t allow app developers to bypass the App Store, where every app is vetted to ensure it’s as secure as it can be. It does, however, grant exceptions for enterprise developers, such as to companies that want to build apps that are only used internally by employees. Facebook and Google in this case signed up to be enterprise developers and agreed to Apple’s developer terms.

Apple granted each a certificate that grants permission to distribute apps they develop internally — including pre-release versions of the apps they make, for testing purposes. But these certificates aren’t allowed to be used for ordinary consumers, as they have to download apps through the App Store.

Why is “root” certificate access a big deal?

Because Facebook’s Research and Google’s Screenwise apps were distributed outside of Apple’s App Store, it required users to manually install the app — known as sideloading. That requires users to go through a convoluted few steps of downloading the app itself, and opening and installing either Facebook or Google’s certificate.

Both apps then required users to open another certificate — known as a VPN configuration profile — allowing all of the data flowing out of that user’s phone to funnel down a special tunnel that directs it all to either Facebook or Google, depending on the app you installed.

This is where Facebook and Google’s cases differ.

Google’s app collected data and sent it off to Google for research purposes, but couldn’t access encrypted data — such as iMessages, or other end-to-end encrypted content.

Facebook, however, went far further. Its users were asked to go through an additional step to trust the certificate at the “root” level of the phone. Trusting this “root certificate” allowed Facebook to look at all of the encrypted traffic flowing out of the device — essentially what we call a “man-in-the-middle” attack. That allowed Facebook to sift through your messages, your emails, and any other bit of data that leaves your phone. Only apps that use certificate pinning — which reject any certificate that isn’t its own — were protected.

Facebook’s Research app requires Root Certificate access, which Facebook gather almost any piece of data transmitted by your phone. (Image: supplied)

Google’s app might not have been able to look at encrypted traffic, but the company still flouted the rules and got its certificate revoked anyway.

What data did Facebook have access to on iOS?

It’s hard to know for sure, but it definitely had access to more data than Google.

Facebook said its app was to help it “understand how people use their mobile devices.” In reality, at root traffic level, Facebook could have accessed any kind of data that left your phone.

Will Strafach, a security expert who we spoke to for our story, said: “If Facebook makes full use of the level of access they are given by asking users to install the certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.”

Remember: this isn’t “root” access to your phone, like jailbreaking, but root access to the network traffic.

How does this compare to the technical ways other market research programs work?

In fairness, these aren’t market research apps unique to Facebook or Google. Several other companies, like Nielsen and comScore, run similar programs, but neither ask users to install a VPN or provide root access to the network.

In any case, Facebook already has a lot of your data — as does Google. Even if the companies only wanted to look at your data in aggregate with other people, it can still hone in on who you talk to, when, for how long, and in some cases what about. It might not have been such an explosive scandal had Facebook not spent the last year cleaning up after several security and privacy breaches.

Can they capture the data of people the phone owner interacts with?

In both cases, yes. In Google’s case, any unencrypted data that involves another person’s data could have been collected. In Facebook’s case, it goes far further — any data of yours that interacts with another person, such as an email or a message, could have been collected by Facebook’s app.

How many people did this affect?

It’s hard to know for sure. Neither Google nor Facebook have said how many users they have. Between them, it’s believed to be in the thousands. As for the employees affected by the app outages, Facebook has more than 35,000 employees and Google has more than 94,000 employees.

Why did internal apps at Facebook and Google break after Apple revoked the certificates?

You might own your Apple device, but Apple still gets to control what goes on it.

After Facebook was caught out, Apple said: “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.” That meant any app that relied on the certificate — including inside the company — would fail to load. That’s not just pre-release builds of Facebook, Instagram and WhatsApp that staff were working on, but reportedly the company’s travel and collaboration apps were down. In Google’s case, even its catering and lunch menu apps were down.

Facebook’s internal apps were down for about a day, while Google’s internal apps were down for a few hours. None of Facebook or Google’s consumer services were affected, however.

How are people viewing Apple in all this?

Nobody seems thrilled with Facebook or Google at the moment, but not many are happy with Apple, either. Even though Apple sells hardware and doesn’t use your data to profile you or serve you ads — like Facebook and Google do — some are uncomfortable with how much power Apple has over the customers — and enterprises — that use its devices.

In revoking Facebook and Google’s enterprise certificates and causing downtime, it has a knock-on effect internally.

Is this legal in the U.S.? What about in Europe with GDPR?

Well, it’s not illegal — at least in the U.S. Facebook says it gained consent from its users. The company even said its teenage users must obtain parental consent, even though it was easily skippable and no verification checks were made. It wasn’t even explicitly clear that the children who “consented” really understood how much privacy they were really handing over.

That could lead to major regulatory headaches down the line. “If it turns out that European teens have been participating in the research effort Facebook could face another barrage of complaints under the bloc’s General Data Protection Regulation (GDPR) — and the prospect of substantial fines if any local agencies determine it failed to live up to consent and ‘privacy by design’ requirements baked into the bloc’s privacy regime,” wrote TechCrunch’s Natasha Lomas.

Who else have been misusing certificates?

Don’t think that Facebook and Google are alone in this. It turns out that a lot of companies might be flouting the rules, too.

According to many finding companies on social media, Sonos uses enterprise certificates for its beta program, as does finance app Binance, as well as DoorDash for its fleet of contractors. It’s not known if Apple will also revoke their certificates.

What next?

It’s anybody’s guess, but don’t expect this situation to die down any time soon.

Facebook may face repercussions with Europe, as well as at home. Two U.S. senators, Mark Warner and Richard Blumenthal, have already called for action, accusing Facebook of “wiretapping teens.” The Federal Trade Commission may also investigate, if Blumenthal gets his way.

News Source = techcrunch.com

Apple’s new developer guidelines signal that scammy subscription apps’ time is up

in app-store/Apple/Apps/Delhi/developers/India/mobile/Politics/subscriptions by

Apple is sending out a message to app developers: stop tricking users into subscriptions. The company updated its guidelines for mobile developers to more clearly spell out what is and what is not allowed, according to 9to5Mac, which spotted the recent changes. The improved documentation comes at a time when subscriptions are becoming something of a plague on consumers.

Their rapid proliferation is turning everything into a subscription service, which could ultimately see consumers dropping favorite apps because they can’t afford dozens of ongoing payments. But more urgently, Apple’s lax enforcement its rules around subscriptions had allowed shady app developers to financially benefit.

Subscriptions are a big business the app stores, as the industry has begun to shift over to a recurring revenue model instead of one-time purchases within free apps or paid downloads. For developers who continue to improve apps and roll out new features, subscriptions give them the financial means of continuing that work, instead of constantly hunting for new users.

However, not all developers have been playing fair.

As TechCrunch reported last fall, a number of scammers had begun to take advantage of the subscription model in order to trick consumers into recurring payments, in addition to constantly pestering their free users to upgrade.

We found apps that constantly popped up upgrade prompts or hid the “x” to close the prompt’s window, as well as apps that promised free trials that actually converted after a very short period – like three days, for example. Others had intentionally confusing designs where subscription opt-in buttons would say things like “Start” or “Continue” in big text, while the text that explains you’re actually agreeing to a paid subscription is tiny, grayed out, difficult to read, or hidden in some other way.

Apple’s developer guidelines had clearly prohibited fraudulent behavior related to subscriptions, but Apple has now spelled out the details in black-and-white.

As 9to5Mac spotted, updates in Apple’s Human Interface Guidelines and App Store documentation now explicitly state that the monthly subscription price has to be clearly displayed, while information about how much people can save if they opt for longer periods of time, like a year, has to be less prominent.

Messages about free trials have to say how long trials last and what will be charged when the trial ends.

The new documentation has also been clearly organized, and includes screenshots of what a proper subscription sign-up flow should look like, as well as sample text developers can modify for use in their own apps. It even suggests that developers allow customers to manage their subscriptions within their app, rather than requiring them to find the subscriptions section in the App Store.

Today, many customers don’t know how to stop their subscriptions once activated – it takes several steps from the iPhone’s Settings to get into subscriptions, and still a few from within the App Store. (It’s also not that obvious. You tap on your profile icon on the top right of the Home page, then your Apple ID, then scroll down to the bottom of the page. By comparison, you can reveal the “Subscriptions” section with just one tap on Google Play’s left-side hamburger menu.)

While the existence of clear documentation that better spells out the do’s and don’ts is certainly welcome, the real question now is how well will Apple enforce its rules?

After all, Apple was supposedly not okay with subscription fraud and tricks before, yet its App Store was home to a good handful bad actors – particular in the utilities section.

Of course Apple doesn’t want to develop a reputation for allowing misleading or scammy apps to thrive in its App Store, but it simultaneously benefits when they do.

Although games still account for the majority of App Store spending, non-gaming apps across app stores now account for just over a quarter (26%) of total spend, according to App Annie’s “State of Mobile 2019” report. And that number has increased 18% since 2016, mainly because of in-app subscriptions.

Getting a handle on the proper way to market subscriptions is key. But there’s also the larger question as to whether subscriptions will be a sustainable model in the long run for the developers. There’s a bit too much of a gold rush mentality around subscriptions in today’s App Store, and it’s hard to resist the near-term benefit of money that rolls in monthly.

But as more developers adopt subscriptions, consumers will ultimately have to decide which have value for them. People are already paying for so many subscriptions – both inside and outside the app stores. Streaming video like Netflix, streaming music like Spotify, streaming TV like YouTube TV, subscription boxes like Ipsy, Prime memberships, grocery delivery like Instacart, smart home subscriptions like Ring or Nest, newspapers and magazines and newsletters, and so on. What’s really going to be left for a selfie editor, to-do list or weather app, in the end?

Many consumers are already starting to hit the point where they don’t have much more to spend, and will have to turn some subscriptions off in order to turn others on. Subscription app user bases could then contract, with only core customers remaining paying subscribers, as casual users return to free products – like Apple’s own built-in apps, for example, or free services offered by well-heeled tech giants, like Google.

Apple would do well to advise developers when subscriptions make sense for an app, not just how to implement and design them. Subscriptions should offer a real benefit, not just continued ability to use an app. And there could be cases where a one-time purchase to retain a customer who continually declines to subscribe makes sense, too.

 

 

News Source = techcrunch.com

1 2 3 9
Go to Top