You can pre-order Meizu’s crazy phone with no port for $1,299

If you’re interested in Meizu’s insane smartphone that doesn’t have any port or button, you can now pre-order it on Indiegogo for $1,299. Supply is limited as the company is only selling 100 units for now.

The Meizu Zero looks like any modern phone at first sight. But if you look beyond the display, you’ll notice that there’s absolutely zero port or button.

The volume button has been replaced with a touch-sensitive surface. The fingerprint sensor is integrated in the display. Wireless charging is the only way to charge the device. And if you’re thinking about putting your SIM card in the phone, there’s no SIM slot either — I hope your carrier supports eSIM cards.

There’s no speaker grille either. Meizu is using the screen as a speaker by sending vibrations through the display. It also works as a microphone, apparently.

It’s unclear if this is just a giant joke or an actual product. But it’s an interesting experiment. For $1,299, you get a phone with a 5.99-inch AMOLED display and a Snapdragon 845 system-on-a-chip. The company expects to ship the device in April 2019.

India’s largest bank SBI leaked account data on millions of customers

India’s largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions.

The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500.

But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information.

It’s not known for how long the server was open, but long enough for it to be discovered by a security researcher, who told TechCrunch of the leak, but did not want to be named for the story.

SBI Quick allows SBI’s banking customers to text the bank, or make a missed call, to retrieve information back by text message about their finances and accounts. It’s ideal for millions of the banking giant’s customers who don’t use smartphones or have limited data service. By using predefined keywords, like “BAL” for a customer’s current balance, the service recognizes the customer’s registered phone number and will send back the current amount in that customer’s bank account. The system can also be used to send back the last five transactions, block an ATM card and make inquiries about home or car loans.

It was the back-end text message system that was exposed, TechCrunch can confirm, storing millions of text messages each day.

A redacted example of some of the banking and credit information found in the database (Image: TechCrunch)

The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer’s partial bank account number. Some would say when a check had been cashed, and many of the bank’s sent messages included a link to download SBI’s YONO app for internet banking.

The bank sent out close to three million text messages on Monday alone.

The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers’ finances.

We verified the data by asking India-based security researcher Karan Saini to send a text message to the system. Within seconds, we found his phone number in the database, including the text message he received back.

“The data available could potentially be used to profile and target individuals that are known to have high account balances,” said Saini in a message to TechCrunch. Saini previously found a data leak in India’s Aadhaar, the country’s national identity database, and a two-factor bypass bug in Uber’s ridesharing app.

Saini said that knowing a phone number “could be used to aid social engineering attacks — which is one of the most common attack vectors in the country with regard to financial fraud,” he said.

SBI claims more than 500 million customers across the glob,e with 740 million accounts.

Just days earlier, SBI accused Aadhaar’s authority, UIDAI, of mishandling citizen data that allowed fake Aadhaar identity cards to be created, despite numerous security lapses and misuse of the system. UIDAI denied the report, saying there was “no security breach” of its system. (UIDAI often uses the term “fake news” to describe coverage it doesn’t like.)

TechCrunch reached out to SBI and India’s National Critical Information Infrastructure Protection Centre, which receives vulnerability reports for the banking sector. The database was secured overnight.

Despite several emails, SBI did not comment prior to publication.

Facebook pays teens to install VPN that spies on them

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.

Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits.

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.

Seven hours after this story was published, Facebook told TechCrunch it would shut down the iOS version of its Research app in the wake of our report. But on Wednesday morning, an Apple spokesperson confirmed that Facebook violated its policies, and it had blocked Facebook’s Research app on Tuesday before the social network seemingly pulled it voluntarily (without mentioning it was forced to do so). You can read our full report on the development here.

An Apple spokesperson provided this statement. “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

Facebook’s Research program will continue to run on Android.

Facebook’s Research app requires users to ‘Trust’ it with extensive access to their dataWe asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.

The strategy shows how far Facebook is willing to go and how much it’s willing to pay to protect its dominance — even at the risk of breaking the rules of Apple’s iOS platform on which it depends. Apple may have asked Facebook to discontinue distributing its Research app.

A more stringent punishment would be to revoke Facebook’s permission to offer employee-only apps. The situation could further chill relations between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices. Facebook disobeying iOS policies to slurp up more information could become a new talking point.

Facebook’s Research program is referred to as Project Atlas on sign-up sites that don’t mention Facebook’s involvement

“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach tells us. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”

Facebook’s surveillance app

Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using. Internal documents acquired by Charlie Warzel and Ryan Mac of BuzzFeed News reveal that Facebook was able to leverage Onavo to learn that WhatsApp was sending more than twice as many messages per day as Facebook Messenger. Onavo allowed Facebook to spot WhatsApp’s meteoric rise and justify paying $19 billion to buy the chat startup in 2014. WhatsApp has since tripled its user base, demonstrating the power of Onavo’s foresight.

Over the years since, Onavo clued Facebook in to what apps to copy, features to build and flops to avoid. By 2018, Facebook was promoting the Onavo app in a Protect bookmark of the main Facebook app in hopes of scoring more users to snoop on. Facebook also launched the Onavo Bolt app that let you lock apps behind a passcode or fingerprint while it surveils you, but Facebook shut down the app the day it was discovered following privacy criticism. Onavo’s main app remains available on Google Play and has been installed more than 10 million times.

The backlash heated up after security expert Strafach detailed in March how Onavo Protect was reporting to Facebook when a user’s screen was on or off, and its Wi-Fi and cellular data usage in bytes even when the VPN was turned off. In June, Apple updated its developer policies to ban collecting data about usage of other apps or data that’s not necessary for an app to function. Apple proceeded to inform Facebook in August that Onavo Protect violated those data collection policies and that the social network needed to remove it from the App Store, which it did, Deepa Seetharaman of the WSJ reported.

But that didn’t stop Facebook’s data collection.

Project Atlas

TechCrunch recently received a tip that despite Onavo Protect being banished by Apple, Facebook was paying users to sideload a similar VPN app under the Facebook Research moniker from outside of the App Store. We investigated, and learned Facebook was working with three app beta testing services to distribute the Facebook Research app: BetaBound, uTest and Applause. Facebook began distributing the Research VPN app in 2016. It has been referred to as Project Atlas since at least mid-2018, around when backlash to Onavo Protect magnified and Apple instituted its new rules that prohibited Onavo. Previously, a similar program was called Project Kodiak. Facebook didn’t want to stop collecting data on people’s phone usage and so the Research program continued, in disregard for Apple banning Onavo Protect.

Facebook’s Research App on iOS

Ads (shown below) for the program run by uTest on Instagram and Snapchat sought teens 13-17 years old for a “paid social media research study.” The sign-up page for the Facebook Research program administered by Applause doesn’t mention Facebook, but seeks users “Age: 13-35 (parental consent required for ages 13-17).” If minors try to sign-up, they’re asked to get their parents’ permission with a form that reveal’s Facebook’s involvement and says “There are no known risks associated with the project, however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of apps. You will be compensated by Applause for your child’s participation.” For kids short on cash, the payments could coerce them to sell their privacy to Facebook.

The Applause site explains what data could be collected by the Facebook Research app (emphasis mine):

“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.”

Meanwhile, the BetaBound sign-up page with a URL ending in “Atlas” explains that “For $20 per month (via e-gift cards), you will install an app on your phone and let it run in the background.” It also offers $20 per friend you refer. That site also doesn’t initially mention Facebook, but the instruction manual for installing Facebook Research reveals the company’s involvement.

Facebook’s intermediary uTest ran ads on Snapchat and Instagram, luring teens to the Research program with the promise of money

 

Facebook seems to have purposefully avoided TestFlight, Apple’s official beta testing system, which requires apps to be reviewed by Apple and is limited to 10,000 participants. Instead, the instruction manual reveals that users download the app from r.facebook-program.com and are told to install an Enterprise Developer Certificate and VPN and “Trust” Facebook with root access to the data their phone transmits. Apple requires that developers agree to only use this certificate system for distributing internal corporate apps to their own employees. Randomly recruiting testers and paying them a monthly fee appears to violate the spirit of that rule.

Security expert Will Strafach found Facebook’s Research app contains lots of code from Onavo Protect, the Facebook-owned app Apple banned last year

Once installed, users just had to keep the VPN running and sending data to Facebook to get paid. The Applause-administered program requested that users screenshot their Amazon orders page. This data could potentially help Facebook tie browsing habits and usage of other apps with purchase preferences and behavior. That information could be harnessed to pinpoint ad targeting and understand which types of users buy what.

TechCrunch commissioned Strafach to analyze the Facebook Research app and find out where it was sending data. He confirmed that data is routed to “vpn-sjc1.v.facebook-program.com” that is associated with Onavo’s IP address, and that the facebook-program.com domain is registered to Facebook, according to MarkMonitor. The app can update itself without interacting with the App Store, and is linked to the email address PeopleJourney@fb.com. He also discovered that the Enterprise Certificate first acquired in 2016 indicates Facebook renewed it on June 27th, 2018 — weeks after Apple announced its new rules that prohibited the similar Onavo Protect app.

“It is tricky to know what data Facebook is actually saving (without access to their servers). The only information that is knowable here is what access Facebook is capable of based on the code in the app. And it paints a very worrisome picture,” Strafach explains. “They might respond and claim to only actually retain/save very specific limited data, and that could be true, it really boils down to how much you trust Facebook’s word on it. The most charitable narrative of this situation would be that Facebook did not think too hard about the level of access they were granting to themselves . . . which is a startling level of carelessness in itself if that is the case.”

[Update: TechCrunch also found that Google’s Screenwise Meter surveillance app also breaks the Enterprise Certificate policy, though it does a better job of revealing the company’s involvement and how it works than Facebook does.]

“Flagrant defiance of Apple’s rules”

In response to TechCrunch’s inquiry, a Facebook spokesperson confirmed it’s running the program to learn how people use their phones and other services. The spokesperson told us “Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.”

Facebook’s Research app requires Root Certificate access, which Facebook gather almost any piece of data transmitted by your phone

Facebook’s spokesperson claimed that the Facebook Research app was in line with Apple’s Enterprise Certificate program, but didn’t explain how in the face of evidence to the contrary. They said Facebook first launched its Research app program in 2016. They tried to liken the program to a focus group and said Nielsen and comScore run similar programs, yet neither of those ask people to install a VPN or provide root access to the network. The spokesperson confirmed the Facebook Research program does recruit teens but also other age groups from around the world. They claimed that Onavo and Facebook Research are separate programs, but admitted the same team supports both as an explanation for why their code was so similar.

Facebook’s Research program requested users screenshot their Amazon order history to provide it with purchase data

However, Facebook’s claim that it doesn’t violate Apple’s Enterprise Certificate policy is directly contradicted by the terms of that policy. Those include that developers “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing”. The policy also states that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers” unless under direct supervision of employees or on company premises. Given Facebook’s customers are using the Enterprise Certificate-powered app without supervision, it appears Facebook is in violation.

Seven hours after this report was first published, Facebook updated its position and told TechCrunch that it would shut down the iOS Research app. Facebook noted that the Research app was started in 2016 and was therefore not a replacement for Onavo Protect. However, they do share similar code and could be seen as twins running in parallel. A Facebook spokesperson also provided this additional statement:

“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN. A small fraction of the users paid may have been teens, but we stand by the newsworthiness of its choice not to exclude minors from this data collection initiative.

Facebook disobeying Apple so directly and then pulling the app could hurt their relationship. “The code in this iOS app strongly indicates that it is simply a poorly re-branded build of the banned Onavo app, now using an Enterprise Certificate owned by Facebook in direct violation of Apple’s rules, allowing Facebook to distribute this app without Apple review to as many users as they want,” Strafach tells us. ONV prefixes and mentions of graph.onavo.com, “onavoApp://” and “onavoProtect://” custom URL schemes litter the app. “This is an egregious violation on many fronts, and I hope that Apple will act expeditiously in revoking the signing certificate to render the app inoperable.”

Facebook is particularly interested in what teens do on their phones as the demographic has increasingly abandoned the social network in favor of Snapchat, YouTube and Facebook’s acquisition Instagram. Insights into how popular with teens is Chinese video music app TikTok and meme sharing led Facebook to launch a clone called Lasso and begin developing a meme-browsing feature called LOL, TechCrunch first reported. But Facebook’s desire for data about teens riles critics at a time when the company has been battered in the press. Analysts on tomorrow’s Facebook earnings call should inquire about what other ways the company has to collect competitive intelligence now that it’s ceased to run the Research program on iOS.

Last year when Tim Cook was asked what he’d do in Mark Zuckerberg’s position in the wake of the Cambridge Analytica scandal, he said “I wouldn’t be in this situation . . . The truth is we could make a ton of money if we monetized our customer, if our customer was our product. We’ve elected not to do that.” Zuckerberg told Ezra Klein that he felt Cook’s comment was “extremely glib.”

Now it’s clear that even after Apple’s warnings and the removal of Onavo Protect, Facebook was still aggressively collecting data on its competitors via Apple’s iOS platform. “I have never seen such open and flagrant defiance of Apple’s rules by an App Store developer,” Strafach concluded. Now that Facebook has ceased the program on iOS and its Android future is uncertain, it may either have to invent new ways to surveil our behavior amidst a climate of privacy scrutiny, or be left in the dark.

Additional reporting by Zack Whittaker. Updated with comment from Facebook, and on Wednesday with a statement from Apple. 

It’s time to pay serious attention to TikTok

If you haven’t been paying attention to TikTok, you haven’t been paying attention. The short-form video app hailing from Beijing’s ByteDance just had its biggest month ever with the addition of 75 million new users in December — a 275 percent increase from the 20 million it added in December 2017, according a recent report from Sensor Tower.

Despite its rapid rise, there are still plenty of people — often, older people — who aren’t quite sure what TikTok is.

TikTok is often referred to as a “lip-syncing” app, which makes it sound like it’s some online karaoke experience. But a closer comparison would be Vine, Twitter’s still sorely missed short-form video app whose content lives on as YouTube compilations.

While it’s true that TikTok is home to some standard lip-syncing, it’s actually better known for its act-out memes backed by music and other sound clips, which get endlessly reproduced and remixed among its young users.

Its tunes are varied — pop, rap, R&B, electro and DJ tracks serve as backing for its 15-second video clips. But the sounds may also be snagged from YouTube music videos (see: I Baked You A Pie above), SoundCloud or from pop culture — like weird soundbites from Peppa Pig or Riverdale — or just original creations.

These memes-as-videos reference things familiar to Gen Z, like gaming culture (see below). They come in the form of standalone videos, reactions, duets, mirrors/clones and more.

The app has been growing steadily since it acquired its U.S.-based rival Musical.ly in November 2017 for north of $800 million, then merged the two apps’ user bases last August.

This gave TikTok the means to grow in Western markets, where it has attracted the interest of U.S. celebrities like Jimmy Fallon and Tony Hawk, for example, along with YouTubers on the hunt for the next new thing.

But unlike Vine (RIP), YouTube or Instagram, TikTok doesn’t yet feel dominated by micro-celebs, though they certainly exist.

Instead, its main feed often surfaces everyday users — aka, amateurs — doing something cute, funny or clever, with a tacit acknowledgement that “yes, this is an internet joke” underlying much of the content.

Okay, okay.

Sometimes these videos are described as “cringey.” 

But that’s because those of us trying to talk about TikTok are old(er) people who grew up on the big ol’ mean internet.

Cringey, frankly, is an unfair label, as it dismisses TikTok’s success in setting a tone for its community. Here, users will often post and share unapologetically wholesome content, and receive less mocking than elsewhere on the web — largely because everyone else on TikTok posts similar “cringey” content, too.

You might not know this, however, if your only exposure to TikTok comes from YouTube’s TikTok Cringe Compilations. But spend a day in the (oddly addictive) TikTok feed, and you’ll find a whole world of video that doesn’t exist anywhere else on the web — including on YouTube. Videos that are weird, sure — but also fun to watch.

It’s a stark comparison to the existing social media platforms.

Users today are engaged in the culture wars on Twitter (ban the Nazis! protect free speech!), while YouTubers are gaming the algorithm with hateful, exploitive, dangerous and otherwise questionable content that freaks out advertisers. And Facebook is, well, contributing to war crimes and the toppling of democracy.

Meanwhile, TikTok often presents an alternative version of online sharing. Simple, goofy, irreverent — and frankly, it’s a much needed reset.

For example, some of the popular TikTok memes have included videos of kids proclaiming what a great mom they have, as they drag her into frame, or they remind people to pick up litter and conserve water. They might give themselves silly, but self-affirming makeovers where, afterwards, they cite themselves not as “cute” but rather “drop. dead. gorgeous.”

They might spend hours setting up gummy bears as Adele concert-goers, learning how to do a shuffle dance up a set of stairs or in a dance battle their dad. Or they may showcase some special talent — drawing, painting, gymnastics, dance or skateboarding, perhaps. They do science experiments, make jokes or use special effects for a little video magic.

They shout out “hit or miss!” in public places and wait to see who answers. (Look it up.)

Sometimes it’s dumb, Sometimes it’s clever. But it’s addictive.

Of course, it is still the internet. And TikTok isn’t perfect.

The app has also been the subject of troubling reports about its “dark” side, which is reportedly filled with child predators, devious algorithms, dark patterns, and teens bullying and harassing one another. It’s not clear, however, that TikTok’s affliction with these matters is any worse than any other large, social, public-by-default app of its size.

And unlike some apps, concerned parents — or the users themselves — can set a TikTok account to private, turn off commenting, hide the account from search, disable downloads, disallow reactions and duets and restrict an account from receiving messages.

It is concerning, however, that under-13 kids are setting up social media accounts without parental consent. (But, uh, have you seen Fortnite and Roblox? This is what kids do. At least the TikTok main feed isn’t worrisome by default, we’ve found.)

The bigger issue, though — and one that could ultimately prove damaging to TikTok — is whether it will be able to keep up with content filtering and takedown requests, or handle its security and privacy protection issues as it scales up.

Content and community aren’t the only things contributing to TikTok’s growth.

While Vine may have introduced the concept of short-form video, TikTok made video editing incredibly simple. You don’t need to be a video expert to put together clips with a range of effects. It’s the Instagram for the mobile video age — in a way that Instagram itself won’t be able to reproduce, having already aligned its community with influencers and advertisers.

TikTok’s sizable user base, meanwhile, is due not only to its growth in Western markets, but because of its traction in emerging markets like China and India.

This allowed TikTok to rank No. 4 worldwide across iOS and Android, combined, according to App Annie’s data on the most-downloaded apps of 2018. On iOS, TikTok was the No. 1 most-downloaded app of the year, mainly thanks to China.

At times last year, TikTok even ranked higher than Facebook, Instagram, Snapchat and YouTube.

Both App Annie and Sensor Tower agree that TikTok scored the No. 3 position for most installs among all apps worldwide in 2018.

Now, TikTok is growing in India, says Sensor Tower.

The country accounted for 27 percent of new installs between December 2017 and December 2018, and last month was the source for 32.3 million of TikTok’s 75 million total new downloads — a 25x increase from last year.

Some of this growth comes from ad spend, according to a report from Apptopia, which examined the app’s widened use of ad networks. (It’s also driving people bonkers with its YouTube ads, some of which are highly questionable.).

The revenue is starting to arrive, as well.

Worldwide, users spent $6 million tipping their favorite live streamers, a 253 percent year-over-year jump from December 2017’s total of $1.7 million, Sensor Tower estimates. But live streaming is not the default activity on TikTok — it added the feature after shutting down Musical.ly’s live streaming app, Live.ly.

Above: full-screen ad in TikTok when app is first launched; spotted today

Above: an ad appearing earlier this month

TikTok is also starting to test in-app advertising, and is being eyed by agencies as a result. When you launch TikTok, you may see a full-page splash screen ad of some kind — though the company has not officially launched ad products.

But the brands are starting to take notice. This week, for example, TikTok collaborated with SportsManias, an officially licensed NFL Players Association partner, for the introduction of NFL-themed AR animated stickers in time for the Super Bowl. The move feels like a test for how well branded content will perform within the TikTok universe, but the company says it’s “not an ad deal.”

The company also declined to say how many are today using TikTok.

However, parent company ByteDance had publicly stated last year that it had 500 million monthly active users when it announced the app’s rebranding post-merger. It has yet to release new numbers for its global user base.

That said, ByteDance just shared updated stats for China only, on all versions of the TikTok app (including the non-Google Play Android version). It says that TikTok now has 500 million monthly active users in China alone.

Sensor Tower today estimates TikTok has grown to nearly 800 million lifetime installs, not counting Android in China.

Factoring in those Android in China installs, it’s fair to say this app has topped 1 billion downloads.

Here comes the new new internet, folks. It’s big, dominated by emerging markets, mobile, video, meme-ified, and goes viral both online and off.

So if you haven’t been paying attention to TikTok, you may want to get started.

Apple’s global active install base of iPhones surpassed 900 million this quarter

It’s not surprising that Apple has a massive active install base of iPhones across the globe, but we now finally have an exact number to put behind it. During its Q1 earnings call, CFO Luca Maestri shared the install base for the first time.

“Our global active install base of iPhone continues to grow and has reached an all-time high at the end of December,” Maestri said. “We are disclosing that number now for the first time; it has surpassed 900 million devices.”

Apple has previously detailed the total active install base of its products. They updated the number today to 1.4 billion devices worldwide at the end of December 2018, up from 1.3 billion at the end of January 2018. It’s interesting that Apple has decided to break out iPhone device numbers even as it shies away from releasing unit sales in its earning calls from this point moving forward.

Maestri detailed that Apple would continue to offer updates on the iPhone install base and total install base on a “periodic basis.”

Apple seems to be seeking bright spots wherever they can find them; the Q1 2019 earnings didn’t deliver great news for the company despite beating already reduced market expectations. iPhone revenues were down 15 percent.

Yep, iPhone revenue is down

Apple’s Q1 earnings are in, and things don’t look too rosy for the iPhone. Revenue for the handset has declined 15 percent year over year for the quarter. It’s a pretty hefty drop for a device that’s been flying high for so long, but you can’t say Apple didn’t warn us. Earlier this month, Tim Cook noted that the company was lowering its guidance, thanks in no small part to smartphone figures.

In its earlier report, the company put much of the blame at the feet of the Chinese market. There are a lot of factors on that front, including slowing economic growth in the world’s largest smartphone market, and a general trend toward prolonged upgrade cycles, as users are holding onto devices for longer. That’s been a large part of the reason that smartphone sales are down nearly across the board, marking the first contraction of the category since analysts began tracking it. 

Last year’s arrival of the XS marked a less dramatic refresh than the iPhone X, but Apple also introduced a new budget handset with the XR. That device has reportedly been a disappointment, though Apple has repeatedly noted that the device has been the best selling iPhone since its October launch.

Notably, those numbers are offset somewhat by growth in other categories. The iPad grew 17 percent on the strength of new models, while Mac/Wearables and Home/Accessories each grew, at 9 and 33 percent, respectively. Services, meanwhile, saw the biggest uptick at 19 percent to $10.9 billion — an all-time high for the category.

“While it was disappointing to miss our revenue guidance, we manage Apple for the long term, and this quarter’s results demonstrate that the underlying strength of our business runs deep and wide,” Cook said in a statement. “Our active installed base of devices reached an all-time high of 1.4 billion in the first quarter, growing in each of our geographic segments. That’s a great testament to the satisfaction and loyalty of our customers, and it’s driving our Services business to new records thanks to our large and fast-growing ecosystem.”

Gmail on mobile gets a fresh coat of Material Design paint

Gmail on mobile will soon get a new look. Google today announced that its mobile email apps for iOS and Android are getting a redesign that is in line with the company’s recent Material Design updates to Gmail, Drive, Calendar and Docs and Site. Indeed, the new UI will look familiar to anybody who has ever used the Gmail web app, including that version’s ability to select three different density styles. You’ll also see some new fonts and other visual tweaks. In terms of functionality, the mobile app is also getting a few new features that put it on par with the web version.

Like on the desktop, you can now choose between the default view, as well as a comfortable and compact style. The default view features a generous amount of white space and the same attachment chips underneath the email preview as the web version. The comfortable view does away with those chips and the compact view removes a lot of the space between messages to show you more emails at a glance.

I’ve been testing the new app for a bit and quickly settled on the comfortable view, as I never found the attachment chips all that useful in day-to-day use.

In line with Google’s Material Design guidelines, all the styles feature relatively subtle but welcome animations that don’t take a lot of time but give you a couple of extra visual cues about what’s going on as you work your way to Inbox Zero.

Google also notes that the new design makes it a bit easier to switch between accounts. I’m not sure I agree (I definitely find the implementation of this in Inbox, which is sadly going away soon, easier to use), but if you regularly use this feature, it’s still easy enough to use. The switcher is now part of the search bar, though, which is a bit confusing and took me a moment to find.

One nice addition to the mobile app is that the large red phishing and scam warning box from the web version now also appears in the mobile app.

Huawei ‘disappointed,’ denies charges

The long-simmering battle between the U.S. government and Huawei heated up last night when the U.S. DOJ announced that it is pursuing criminal charges against the Chinese hardware maker.

Huawei has, unsurprisingly, denied all wrongdoing, issuing a statement to the press that wonders aloud why it wasn’t given the opportunity to help clear itself of charges following the arrest of its CFO in Vancouver.

The company writes:

Huawei is disappointed to learn of the charges brought against the company today. company  After Ms. Meng’s arrest, the Company sought an opportunity to discuss the Eastern District of New York investigation with the Justice Department, but the request was rejected without explanation. The allegations in the Western District of Washington trade secret indictment were already the subject of a civil suit that was settled by the parties after a Seattle jury found neither damages nor willful and malicious conduct on the trade secret claim. The Company denies that it or its subsidiary or affiliate have committed any of the asserted violations of U.S. law set forth in each of the indictments, is not aware of any wrongdoing by Ms. Meng, and believes the U.S. courts will ultimately reach the same conclusion.

The Chinese government has also been quick to come to the embattled tech giant’s defense.

“For some time now, the United States has deployed its state power to smear and crack down on targeted Chinese companies in an attempt to kill their normal and legal business operations,” Geng Shuang, a spokesperson for China’s Foreign Ministry, said in a statement. “We strongly urge the US to stop its unreasonable crackdown on Chinese companies, including Huawei, and treat Chinese companies objectively and fairly.”

Huawei (and to a lesser extent ZTE) has long been targeted by the U.S. over its alleged ties to the Chinese government. Tensions have made it all but impossible for the rapidly growing company to conquer the North American market.

Nasty FaceTime bug could allow others to eavesdrop on your microphone or camera

Update: Apple has disabled the group calling feature.


You might want to turn off FaceTime for a few days.

A newly discovered bug in iOS allows FaceTime callers to listen in before you accept the call.

Word of the bug started spreading this morning after Chicago artist Benji Mobb demonstrated it in a tweet, later being spotted by 9to5Mac.

The bug relies on what appears to be a nasty logic screwup in FaceTime’s group call system. While we’re opting to not outline the steps here, the bug seems to trick the recipient’s phone into thinking a group call is already ongoing. A few quick taps, and FaceTime immediately trips over itself and inexplicably fires up the recipient’s microphone without them actually accepting the call.

Weirder yet: If the recipient presses the volume down button or the power button to try to silence or dismiss the call, their camera turns on as well. Though the recipient’s phone display continues showing the incoming call screen, their microphone/camera are streaming.

TechCrunch has verified this bug on multiple iPhones running iOS 12.1.2. We reached out to Apple for insight on the issue, and a spokesperson for the company responded:

We’re aware of this issue and we have identified a fix that will be released in a software update later this week.

So they know, and are working on it — but in the meantime, the quickest fix might be to disable FaceTime (Settings > FaceTime).

This is a pretty awful bug for Apple, which has been highlighting its privacy practices as a key differentiator. Just weeks ago, they flew this banner on a building directly across from the CES convention center:

Photo credit: David Becker/ Stringer (Getty)

App Store developers have earned $120 billion since 2008

Apple is kicking off the Entrepreneur Camp in Cupertino. Eleven female-founded app development companies have been invited to Cupertino for multiple workshops and meetings with Apple employees, and Apple used that opportunity to share a new number when it comes to App Store revenue.

Since the creation of the App Store, Apple has given back $120 billion in revenue to App Store developers. It means that the App Store has generated more revenue than that in total. But if you remove Apple’s cut, $120 billion have been wired to developers.

App Store revenue is still growing rapidly, as more than $30 billion of developer revenue has been generated in the last 12 months alone. Apple reported $100 billion in developer revenue at WWDC back in June 2018.

Apple only counts direct App Store revenue, such as paid downloads, in-app purchases and subscriptions. Developers also could have generated more revenue through ads and subscriptions on a website, for instance.

If you’re curious about the Entrepreneur Camp, Apple has invited the developers of Bites, Camille, CUCO: Lembrete de Medicamentos, Deepr, D’efekt, Hopscotch, LactApp, Pureple, Statues of the La Paz Malecón, WeParent and Seneca Connect. There will be a new session every quarter.