Mobile – Nayana Sri Blog

December 16, 2019

The top mobile apps and games of 2019

Mobile consumers worldwide will have downloaded a record 120 billion apps from Apple’s App Store and Google Play by the end of 2019, according to App Annie’s year-end report on app trends. This represents a 5% increase from 2018 — a notable achievement given that the number doesn’t include re-installations or app updates. Consumer spending on apps, meanwhile, approached $ 90 billion in 2019 across both apps stores, up 15% from last year. The new report also examined the year’s biggest apps, including the most downloaded apps and games as well as the most profitable.

Worldwide, the most downloaded non-game apps remained relatively consistent in 2019, with only one new entry on the list of the most downloaded apps — a short-form video creation and sharing app called Likee, which is benefitting from the overall popularity of short-form video. Elsewhere on the chart, TikTok came in at No. 4, beating out Facebook-owned Instagram, plus Snapchat, Netflix and Spotify.

However, Facebook still owned the top of the charts. Its Messenger app was the most downloaded non-game app of 2019, followed by Facebook’s main app, then WhatsApp.

The top 10 games chart showed more volatility in 2019, as 7 out of the top 10 games were new to the chart this year. This included the hyper-casual title Fun Race 3D as well as the anticipated Call of Duty: Mobile, representing the battle royale genre.

While mobile gaming drives the majority of consumer spending on apps, the subscription economy in 2019 played a big role in increasing app revenues, as well.

Specifically, the non-game apps driving revenue growth this year included those in the Photo & Video and Entertainment categories — a trend App Annie predicts will continue in 2020, as new video services, like Disney+, continue to rise. 2020 will additionally see the launch of several other video services, including HBO Max, NBCU’s Peacock, and Jeffrey Katzenberg’s Quibi, which could aid in those increases.

Already, many of the top apps are subscription-based, App Annie had previously noted. During the 12 months ending in September 2019, over 95% of the top 100 non-gaming apps by consumer spend were offering subscriptions through in-app purchases. Publishers’ growing use of subscription services will continue in 2020 to drive consumer spending even higher, the firm says.

This year, Tinder switched places with Netflix for the No. 1 spot on this chart — last year, it was the other way around. HBO NOW, which saw a surge in spending thanks to “Game of Thrones” also fell out of the top chart this year, allowing LINE Manga to take its spot. Tencent Video and iQIYI have the same positions as 2018, while YouTube grew from No. 7 to No. 5, and Pandora slipped from No. 5 to No. 6, compared with last year.

App Annie also took a look at a new category of apps which it’s calling the “breakout” apps of the year. These are those that saw the largest absolute growth in downloads or consumer spending between 2018 and 2019. On this list, the No. 7 most-downloaded app of the year, Likee, from YY Inc., becomes the No. 1 “breakout” app of the year, followed by YY Inc.’s Noizz and Helo. Meanwhile, Indian users drove the adoption of social gaming app Hago at No. 4, which is also popular with Gen Z users in Indonesia.

Breakout apps by consumer spending included YouTube, iQIYI, DAZN, and Tencent Video — similar to the top 10 list.

On the gaming side, hyper-casual titles were successful, claiming 7 out of 10 slots on the breakout games of the year chart. Hot releases like Mario Kart Tour and Call of Duty: Mobile also appeared. But by consumer spending, core games like No. 1 Game of Peace and No. 2 PUBG Mobile, both published by Tencent, made up the top spots.

Android – TechCrunch

November 13, 2019

GitHub launches a mobile app, smarter notifications and improved code search

At its annual Universe conference today, Microsoft -owned GitHub announced a couple of new products, as well as the general availability of a number of tools that developers have been able to test for the last few months. The two announcements that developers will likely be most interested in are the launch of GitHub’s first native mobile app and an improved notifications experience. But in addition to that, it is also taking GitHub Actions, the company’s workflow automation and CI/CD solution, as well as GitHub Packages, out of beta. GitHub is also improving its code search, adding scheduled reminders and it’s launching a pre-release program that will allow users to try out new features before they are ready for a wider rollout.

GitHub is also extending its sponsor program, which until now allowed you to tip individual open source contributors for their work, to the project level. With GitHub Sponsors, anybody can help fund a project and the members of that project then get to choose how to use the money. These projects have to be open source and have a corporate or non-profit entity attached to it (and a bank account).

“Developers are what’s driving us and we’re building the tools and the experiences to help them come together to create the world’s most important technologies and to do it on an open platform and ecosystem,” GitHub SVP of Product Shanku Niyogi told me. Today’s announcements, he said, are driven by the company’s mission to improve the developer experience. Over the course of the last year, the company launched well over 150 new features and enhancements, Niyogi stressed. For its Universe show, the company decided to highlight the new mobile app and notification enhancements, though.

The new mobile app, which is now out in beta for iOS, with Android support coming soon, offers all of the basic features you’d want from a mobile app like this. The team decided to focus squarely on the kind of mobile use cases that would make the most sense for a developer on the go, so you’ll be able to share feedback on discussions, review a few lines of code and merge changes, but this isn’t meant to be a tool that replicated the full GitHub experience, though at least on the iPad, you do get a bit more screen real estate to work with.

“When you start to look at the tablet experience, that then extends out because you now got more space,” explained Niyogi. “You can look at the code, you can navigate some of that, we support some of the key same keyboard shortcuts that github.com does to be able to look at a larger amount of content and a larger amount of code. So, the idea is the experience scales with the mobile devices you have, and but it’s also designed for the things you’re likely to do when you’re not using your computer.”

Others have built mobile apps for GitHub before, of course, and it turns out that the developers of GitHawk, which was launched by a group of engineers from Instagram, recently joined GitHub to help the company in its efforts to get this new app off the ground.

The second major new feature is the improved notifications experience. As every GitHub user on even a medium-sized team knows, GitHub’s current set of notifications can quickly become overwhelming. That’s something the GitHub team was also keenly aware of, so the company decided to build a vastly improved system that includes filters, as well as an inbox for all of your notifications right inside of GitHub.

“The experience for developers today can result in an inbox in Gmail or whatever email client you use with tons and tons of notifications — and it can end up being kind of hard to know what matters and what’s just noise,” Kelly Stirman, GitHub’ VP of Strategy and Product Management, said. “We’ve done a bunch of things over the last year to make notifications better, but what we’ve done is a big step. We’ve reimagined what notifications should be.”

Using filters and rules, developers can zero in on the notifications that matter to them, all without flooding your inbox with unnecessary noise. Developers can customize these filters to their hearts’ content. That’s also where the new mobile experience fits in well. “Many times, the notification will be sent to you when you’re not at your computer when you’re not at your desktop,” noted Stirman. “And that notification might be somebody asking for your help to unblock something. And so it’s natural we think that we need to extend the GitHub experience beyond the desktop to a mobile experience.”

Talking about notifications: GitHub also today announced a new feature in a limited preview that adds a few more notifications to your inbox. You can now set up scheduled reminders for pending code reviews.

Among the rest of today’s announcements, the improved code search stands out because that’s definitely an area where some improvements were necessary. This new code search is currently in limited beta, but should roll out to all users over the next few months. It’ll introduce a completely new search experience, the company says, that can match special characters and casing, among other things.

Also new are code review assignments, now in public beta, and a new way to navigate code on GitHub.

Android – TechCrunch

October 2, 2019

Google announces Action Blocks, a new accessibility tool for creating mobile shortcuts

Google today announced Action Blocks, a new accessibility tool that allows you to create shortcuts for common multi-step tasks with the help of the Google Assistant. In that respect, Action Blocks isn’t all that different from Shortcuts on iOS, for example, but Google is specifically looking at this as an accessibility feature for people with cognitive disabilities.

“If you’ve booked a rideshare using your phone recently, you’ve probably had to go through several steps: unlock your phone, find the right app, navigate through its screens, select appropriate options, and enter your address into the input box,” writes google accessibility software engineer Ajit Narayanan. “At each step, the app assumes that you’re able to read and write, find things by trial-and-error, remember your selections, and focus for a sustained period of time.”

Google’s own research shows that 80 percent of people with severe cognitive disabilities like advanced dementia, autism or Down syndrome don’t use smartphones, in part because of these barriers.

Action Blocks are essentially a sequence of commands for the Google Assistant, so everything the Assistant can do can be scripted using this new tool, no matter whether that’s starting a call or playing a TV show. Once the Action Block is set up, you can create a shortcut with a custom image on your phone’s home screen.

For now, the only way to get access to Action Blocks is to join Google’s trusted tester program. It’s unclear when this will roll out to a wider audience. When it does, though, I’m sure a wide variety of users will want to use of this feature .

Android – TechCrunch

September 24, 2019

Tibetans hit by the same mobile malware targeting Uyghurs

A recently revealed mobile malware campaign targeting Uyghur Muslims also ensnared a number of senior Tibetan officials and activists, according to new research.

Security researchers at the University of Toronto’s Citizen Lab say some of the Tibetan targets were sent specifically tailored malicious web links over WhatsApp, which, when opened, stealthily gained full access to their phone, installed spyware and silently stole private and sensitive information.

The exploits shared “technical overlaps” with a recently disclosed campaign targeting Uyghur Muslims, an oppressed minority in China’s Xinjiang state. Google last month disclosed the details of the campaign, which targeted iPhone users, but did not say who was targeted or who was behind the attack. Sources told TechCrunch that Beijing was to blame. Apple, which patched the vulnerabilities, later confirmed the exploits targeted Uyghurs.

Although Citizen Lab would not specify who was behind the latest round of attacks, the researchers said the same group targeting both Uyghurs and Tibetans also utilized Android exploits. Those exploits, recently disclosed and detailed by security firm Volexity, were used to steal text messages, contact lists and call logs, as well as watch and listen through the device’s camera and microphone.

It’s the latest move in a marked escalation of attacks on ethnic minority groups under surveillance and subjection by Beijing. China has long claimed rights to Tibet, but many Tibetans hold allegiance to the country’s spiritual leader, the Dalai Lama. Rights groups say China continues to oppress the Tibetan people, just as it does with Uyghurs.

A spokesperson for the Chinese consulate in New York did not return an email requesting comment, but China has long denied state-backed hacking efforts, despite a consistent stream of evidence to the contrary. Although China has recognized it has taken action against Uyghurs on the mainland, it instead categorizes its mass forced detentions of more than a million Chinese citizens as “re-education” efforts, a claim widely refuted by the west.

The hacking group, which Citizen Lab calls “Poison Carp,” uses the same exploits, spyware and infrastructure to target Tibetans as well as Uyghurs, including officials in the Dalai Lama’s office, parliamentarians and human rights groups.

Bill Marczak, a research fellow at Citizen Lab, said the campaign was a “major escalation” in efforts to access and sabotage these Tibetans groups.

In its new research out Tuesday and shared with TechCrunch, Citizen Lab said a number of Tibetan victims were targeted with malicious links sent in WhatsApp messages by individuals purporting to work for Amnesty International and The New York Times. The researchers obtained some of those WhatsApp messages from TibCERT, a Tibetan coalition for sharing threat intelligence, and found each message was designed to trick each target into clicking the link containing the exploit. The links were disguised using a link-shortening service, allowing the attackers to mask the full web address but also gain insight into how many people clicked on a link and when.

“The ruse was persuasive,” the researchers wrote. During a week-long period in November 2018, the targeted victims opened more than half of the attempted infections. Not all were infected, however; all of the targets were running non-vulnerable iPhone software.

One of the specific social engineering messages, pretending to be an Amnesty International aid worker, targeting Tibetan officials (Image: Citizen Lab/supplied)

The researchers said tapping on a malicious link targeting iPhones would trigger a chain of exploits designed to target a number of vulnerabilities, one after the other, in order to gain access to the underlying, typically off-limits, iPhone software.

The chain “ultimately executed a spyware payload designed to steal data from a range of applications and services,” said the report.

Once the exploitation had been achieved, a spyware implant would be installed, allowing the attackers to collect and send data to the attackers’ command and control server, including locations, contacts, call history, text messages and more. The implant also would exfiltrate data, like messages and content, from a hardcoded list of apps — most of which are popular with Asian users, like QQMail and Viber.

Apple had fixed the vulnerabilities months earlier (in July 2018); they were later confirmed as the same flaws found by Google earlier this month.

“Our customers’ data security is one of Apple’s highest priorities and we greatly value our collaboration with security researchers like Citizen Lab,” an Apple spokesperson told TechCrunch. “The iOS issue detailed in the report had already been discovered and patched by the security team at Apple. We always encourage customers to download the latest version of iOS for the best and most current security enhancements.”

Meanwhile, the researchers found that the Android-based attacks would detect which version of Chrome was running on the device and would serve a matching exploit. Those exploits had been disclosed and were “obviously copied” from previously released proof-of-concept code published by their finders on bug trackers, said Marczak. A successful exploitation would trick the device into opening Facebook’s in-app Chrome browser, which gives the spyware implant access to device data by taking advantage of Facebook’s vast number of device permissions.

The researchers said the code suggests the implant could be installed in a similar way using Facebook Messenger, and messaging apps WeChat and QQ, but failed to work in the researchers’ testing.

Once installed, the implant downloads plugins from the attacker’s server in order to collect contacts, messages, locations and access to the device’s camera and microphone.

When reached, Google did not comment. Facebook, which received Citizen Lab’s report on the exploit activity in November 2018, did not comment at the time of publication.

“From an adversary perspective what makes mobile an attractive spying target is obvious,” the researchers wrote. “It’s on mobile devices that we consolidate our online lives and for civil society that also means organizing and mobilizing social movements that a government may view as threatening.”

“A view inside a phone can give a view inside these movements,” they said.

The researchers also found another wave of links trying to trick a Tibetan parliamentarian into allowing a malicious app access to their Gmail account.

Citizen Lab said the threat from the mobile malware campaign was a “game changer.”

“These campaigns are the first documented cases of iOS exploits and spyware being used against these communities,” the researchers wrote. But attacks like Poison Carp show mobile threats “are not expected by the community,” as shown by the high click rates on the exploit links.

Gyatso Sither, TibCERT’s secretary, said the highly targeted nature of these attacks presents a “huge challenge” for the security of Tibetans.

“The only way to mitigate these threats is through collaborative sharing and awareness,” he said.

Sources say China used iPhone hacks to target Uyghur Muslims

Android – TechCrunch

June 18, 2019

Most US mobile banking apps have security and privacy flaws, researchers say

You might figure the biggest U.S. banks would have some of the most secure mobile apps. Spoiler alert: not so much.

New findings from security firm Zimperium, shared exclusively with TechCrunch, say most of the top banking apps have security flaws that put user data at risk. The security firm, which has a commercial stake in the mobile security business, downloaded the banks’ iOS and Android apps and scanned for security and privacy issues, like data leaks, which put private user data and communications at risk.

The researchers found most of the apps had issues, like failing to adhere to best coding practices and using old open-source libraries that are infrequently updated.

Some of the apps were using open-source code from GitHub from more than three years ago, said Scott King, Zimperium’s director of embedded security.

Worse, more than half of the banking apps are sharing customer data with at least one advertiser, the researchers said.

An unnamed iOS banking app with an 86/100 risk score (Image: Zimperium)

Two unnamed Android banking apps each with an 82/100 risk score (Image: Zimperium)

The researchers, who didn’t name the banks, said one of the worst offending iOS apps scored 86 out of 100 on the risk scale for several privacy lapses, including communicating over an unencrypted HTTP connection. The same app was vulnerable to two known remote bugs dating back to 2015. The researchers said the risk scores for the banks’ corresponding Android apps were far higher. Two of the apps were rated with a risk score of 82 out of 100. Both of the apps were storing data in an insecure way, which third-party apps could access and recover sensitive data on a rooted device, said King.

One of the Android apps wasn’t properly validating HTTPS certificates, making it possible for an attacker to perform a man-in-the-middle attack. Several of the iOS and Android apps were capable of taking screenshots of the app’s display, increasing the risk of data leaking.

Zimperium said two-thirds of the Android banking apps are targeted by several malware campaigns, such as BankBot, which tricks users into downloading fake apps from Google Play and waits until the victim signs in to a banking app on their phone. Using an overlay screen, the malware campaigns steal logins and passwords.

The security firm called on banking apps to do more to bolster their apps’ security.

A powerful spyware app now targets iPhone owners

Android – TechCrunch