Connect with us

Mobile

Every secure messaging app needs a self-destruct button – TechCrunch

Published

on

The growing presence of encrypted communications apps makes a lot of communities safer and stronger. But the possibility of physical device seizure and government coercion is growing as well, which is why every such app should have some kind of self-destruct mode to protect its user and their contacts.

End to end encryption like that you see in Signal and (if you opt into it) WhatsApp is great at preventing governments and other malicious actors from accessing your messages while they are in transit. But as with nearly all cybersecurity matters, physical access to either device or user or both changes things considerably.

For example, take this Hong Kong citizen who was forced to unlock their phone and reveal their followers and other messaging data to police. It’s one thing to do this with a court order to see if, say, a person was secretly cyberstalking someone in violation of a restraining order. It’s quite another to use as a dragnet for political dissidents.

This particular protestor ran a Telegram channel that had a number of followers. But it could just as easily be a Slack room for organizing a protest, or a Facebook group, or anything else. For groups under threat from oppressive government regimes it could be a disaster if the contents or contacts from any of these were revealed to the police.

Just as you should be able to choose exactly what you say to police, you should be able to choose how much your phone can say as well. Secure messaging apps should be the vanguard of this capability.

There are already some dedicated “panic button” type apps, and Apple has thoughtfully developed an “emergency mode” (activated by hitting the power button five times quickly) that locks the phone to biometrics and will wipe it if it is not unlocked within a certain period of time. That’s effective against “Apple pickers” trying to steal a phone or during border or police stops where you don’t want to show ownership by unlocking the phone with your face.

Those are useful and we need more like them — but secure messaging apps are a special case. So what should they do?

The best-case scenario, where you have all the time in the world and internet access, isn’t really an important one. You can always delete your account and data voluntarily. What needs work is deleting your account under pressure.

The next best-case scenario is that you have perhaps a few seconds or at most a minute to delete or otherwise protect your account. Signal is very good about this: The deletion option is front and center in the options screen, and you don’t have to input any data. WhatsApp and Telegram require you to put in your phone number, which is not ideal — fail to do this correctly and your data is retained.

Signal, left, lets you get on with it. You’ll need to enter your number in WhatsApp (right) and Telegram.

Obviously it’s also important that these apps don’t let users accidentally and irreversibly delete their account. But perhaps there’s a middle road whereby you can temporarily lock it for a preset time period, after which it deletes itself if not unlocked manually. Telegram does have self-destructing accounts, but the shortest time you can delete after is a month.

What really needs improvement is emergency deletion when your phone is no longer in your control. This could be a case of device seizure by police, or perhaps being forced to unlock the phone after you have been arrested. Whatever the case, there need to be options for a user to delete their account outside the ordinary means.

Here are a couple options that could work:

  • Trusted remote deletion: Selected contacts are given the ability via a one-time code or other method to wipe each other’s accounts or chats remotely, no questions asked and no notification created. This would let, for instance, a friend who knows you’ve been arrested remotely remove any sensitive data from your device.
  • Self-destruct timer: Like Telegram’s feature, but better. If you’re going to a protest, or have been “randomly” selected for additional screening or questioning, you can just tell the app to delete itself after a certain duration (as little as a minute perhaps) or at a certain time of the day. Deactivate any time you like, or stall for the five required minutes for it to trigger.
  • Poison PIN: In addition to a normal unlock PIN, users can set a poison PIN that when entered has a variety of user-selectable effects. Delete certain apps, clear contacts, send prewritten messages, unlock or temporarily hard-lock the device, etc.
  • Customizable panic button: Apple’s emergency mode is great, but it would be nice to be able to attach conditions like the poison PIN’s. Sometimes all someone can do is smash that button.

Obviously these open new avenues for calamity and abuse as well, which is why they will need to be explained carefully and perhaps initially hidden in “advanced options” and the like. But overall I think we’ll be safer with them available.

Eventually these roles may be filled by dedicated apps or by the developers of the operating systems on which they run, but it makes sense for the most security-forward app class out there to be the first in the field.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Mobile

GasBuddy tops the App Store for the first time due to Colonial Pipeline attack – TechCrunch

Published

on

The GasBuddy mobile app, which typically helps consumers find the cheapest gas nearby, has now become the No. 1 app on the U.S. App Store for the first time ever, due to the fuel shortages in the U.S. that followed the cyberattack on the Colonial Pipeline. Americans, fearful that gas would become unavailable, began panic-buying in ways that haven’t been seen since the great toilet paper outage of 2020. As a result, thousands of gas stations ran out of fuel entirely. This dramatic situation has greatly benefitted the GasBuddy app, which includes a crowdsourced feature that helps users locate which local stations still have gas for sale.

As of Wednesday afternoon, GasBuddy says the effects of the Colonial Pipeline shutdown are being felt across 11 U.S. states, largely in the Southeast and Washington, D.C. North Carolina had the highest number of gas stations with fuel outages, with 65% of stations reportedly out of gas as of 2:48 p.m. ET on Wednesday. Kentucky has the lowest at only 2%. Because this data is self-reported by GasBuddy users, it may not represent the most current information, we should note.

Image Credits: GasBuddy app screenshot

During the week, consumers have been turning to GasBuddy to help them find where they can fill up. Yesterday, the app hit No. 1 in the “Travel” category on the App Store, while it steadily climbed its way up the App Store’s Top Overall charts.

This afternoon, GasBuddy became both the No.1 app in the non-games category as well as the highest-ranked app Overall across the U.S. App Store.

According to data from app store intelligence firm Apptopia, GasBuddy yesterday saw 15,203 new downloads — a 59% increase from its average daily downloads, which were 9,560 for the past 30 days. However, third-party data isn’t always accurate for sudden shots in rank — it catches up a few days after the fact.

Image Credits: Apptopia

Reached for comment, GasBuddy says its downloads were actually far higher than the third-party estimates. Across all platforms, including both iOS and Google Play, it saw 20x more downloads yesterday compared with an average day in 2021. The company told TechCrunch it counted 313,001 total downloads yesterday, compared with average daily downloads for the previous 30 days of 15,339.

Broken down by platform, GasBuddy says it saw 104,735 downloads on Android and 208,266 downloads on iOS on Tuesday, May 11, 2021.

Apptopia also noted that GasBuddy hadn’t been the No. 1 app on the App Store in all the time it’s been recording app store rankings, which goes back to January 1, 2015. However, it noted the app itself launched back in 2010, making it possible (though not likely) that the app had reached No. 1 at some point.

GasBuddy confirmed that’s not the case. Today is the first time it has ever topped the App Store, though it got close once before when it reached No. 2 behind a walkie-talkie app during Hurricane Irma in September 2017.

Image Credits: App Store screenshot on Wed., May 12, 2021

Consumers can continue to track statewide fuel outages here on GasBuddy’s website as well as where highest prices are being found. In the app, they can report whether gas stations have gas or diesel, as well as current prices.

The Colonial Pipeline, which runs 5,500 miles from the Gulf to the Northeast, shut down on Friday due to a ransomware attack from a criminal hacking network known as DarkSide, which is suspected to be based in Russia or Eastern Europe. The pipeline delivers about 45% of fuel used by the Eastern Seaboard. Reports of the shutdown sent Americans to stock up on gas, worsening the situation further. The U.S. Energy Secretary Jennifer Granholm said the Colonial Pipeline intends to restore operations by the end of the week.

Continue Reading

Mobile

The truth about SDK integrations and their impact on developers – TechCrunch

Published

on

The digital media industry often talks about how much influence, dominance and power entities like Google and Facebook have. Generally, the focus is on the vast troves of data and audience reach these companies tout. However, there’s more beneath the surface that strengthens the grip these companies have on both app developers and publishers alike.

In reality, software development kit (SDK) integrations are a critical component of why these monolith companies have such a prominent presence. For reference, an SDK is a set of software development tools, libraries, code samples, processes and guides that help developers create or enhance the apps they’re building.

Through a digital marketing lens, SDKs provide in-app analytics, insights on campaign testing, attribution information, location details, monetization capabilities and more.

Through a digital marketing lens, SDKs provide in-app analytics, insights on campaign testing, attribution information, location details, monetization capabilities and more. In the case of companies like Google and Facebook, their ability to provide these insights dovetails with their data and reach.

While that does deliver useful capabilities to developers and publishers alike, it also perpetuates the factors contributing to their perceived monopolistic status — and the detriments a lack of competition fosters.

Almost all (90%) ad-monetized Android apps have Google’s Admob SDK integrated, data from Statista showed. Additionally, the Facebook Audience Network SDK is present in 19% of all global Android apps utilizing mobile ads. It’s worth noting that the large majority of alternative “leading” advertising SDKs outside these two players are used less than 13% of the time in Android apps.

As the app ecosystem rapidly expands beyond the borders of mobile, app developers and publishers would benefit immensely from identifying economical and secure ways of adopting more SDKs.

The state of SDK adoption

While there are many SDKs available in the market today, a few key factors contribute to Google and Facebook’s overall dominance. The most basic is around the respective organizations’ reach and industry notoriety. However, a larger component here is the lack of resources and time app developers have.

Continue Reading

Mobile

Sanlo raises $3.5M to help apps and games gain access to financial insights and capital – TechCrunch

Published

on

Having a great idea for an app or game is one thing, but scaling it to become a successful business is quite another. A new fintech startup called Sanlo aims to help. The company, which is today announcing an oversubscribed $3.5 million seed round, offers small to medium-sized game and app companies access to tools to manage their finances and capital to fuel their growth.

To be clear, Sanlo is not an investor that’s taking an equity stake in the apps and games it finances. Instead, it’s offering businesses access to technology, tools, and insights that will allow them to achieve smart and scalable growth while remaining financially healthy — even if they’re a smaller company without time to sit down and structure their finances. Then, when Sanlo’s proprietary algorithms determine the business could benefit from the smart deployment of capital, it will assist by offering financing.

The idea for Sanlo hails from co-founders Olya Caliujnaia and William Liu, who both have backgrounds in fintech and gaming.

Caliujnaia began her career in venture capital in one of the first mobile-focused funds, before moving to operator roles in gaming, stock photography, and fintech, at EA, Getty Images, and SigFig, respectively. She later joined early-stage fintech and enterprise fund XYZ.vc as an Entrepreneur in Residence.

Liu, meanwhile, had also worked in gaming at EA, but later switched to fintech, working at startups like Earnest and Branch.

After reconnecting in San Francisco, the co-founders realized they could put their combined experience to work in order to help smaller businesses just starting out recognize when it’s time to scale, what areas of the business to invest in, and how much capital they need to grow.

Image Credits: Sanlo’s Olya Caliujnaia and William Liu

Caliujnaia has seen how the app and gaming market has evolved over the years, and she realized the difficulties new developers now face.

“You have this explosion of the app economy that’s growing insanely,” she says. “That’s the exciting part of it. That creativity. That passion and that desire to build — that’s so admirable.”

Today, companies benefit from having access to better development tools, broader access to talent, consumer demand, and other forces, she notes, compared with those in the past. But on the flip side, it’s become incredibly difficult to scale a consumer app or game.

“I think a lot of that comes down to, one, that there are dynamics around the free-to-play model — how you monetize and therefore, what kind of players and users you bring on board,” Caliujnaia says. “And then the second aspect is that it’s just harder to get noticed. So, ultimately, it comes down to marketing.”

Many of the decisions that a company has to make on this front are predictable, however. That means Sanlo doesn’t have to sit down with businesses and consult with them one-on-one, the way a financial advisor working in wealth management would do with their clients.

Instead, Sanlo asks companies for certain types of data to get started. This includes product data about how well the app or game monetizes and customer acquisition and retention, for example, as well as marketing data and a subset of financial data. Its predictive algorithms then continually monitor the company’s growth trajectory to surface insights to identify where and how the business can grow.

This concept alone could have worked as a services business for mobile studios, but Sanlo takes the next step beyond advice to actually provide companies with access to capital. The amount of financing provided will vary based on the life stage of the company and risk profile, but it’s non-dilutive capital. That is, Sanlo takes no ownership stake in the companies it finances.

Image Credits: Sanlo

Caliujnaia said it made more sense to go this route rather than return to the VC world, because of potential to reach a wider group.

“There’s this long tail of developers and it’s more about enabling them, rather than producing more hits,” she says. “It’s very different mindsets, different markets that we’re going for.”

Sanlo doesn’t have a lot of direct competitors beyond perhaps, Silicon Valley Bank and other financial lenders, as well as mobile gaming publishers. But the publisher model often implies some sort of ownership, which is a significant differentiating factor. In some cases, you may see a larger gaming company extending debt financing to a smaller one. That was the case with Finnish mobile games company Metacore which recently raised another debt round from gaming giant Supercell, for example.

Caliujnaia points out that most smaller companies don’t have that kind of access to financing. Now they could, through Sanlo.

“The idea is to have a healthier layer of companies that are able to survive for the long-term,” she says.

That means more companies that won’t have to stress about their futures, leading to them to aggressively monetize their users, and later, scrambling for an exit when their financial runway comes to an end.

Sanlo is currently pilot testing its system with a small group of mobile game studios who will serve as its initial customer base, but plans to later support consumer apps, which have similar struggles with customer acquisition costs and growth.

The San Francisco-headquartered startup itself was founded in 2020 and began raising money. It has now raised a total of $3.5 million in seed funding co-led by Index Ventures and Initial Capital, with participation from LVP, Portag3 Ventures, and  XYZ Venture Capital. Angel investors include Kristian Segestrale (Super Evil Megacorp CEO), Gokul Rajaram and Charley Ma. 

Initial Capital co-founder and partner Ken Lamb became a board director with the fundraise, while Index partner Mark Goldberg and XYZ managing partner Ross Fubini joined as board observers.

“Sanlo cracked the code to help mobile gaming and app companies reach maturity with a new level of speed, scale, and fiscal wellbeing,” said Goldberg, in a statement. “The company is building a very sophisticated fintech offering that will give those companies superpowers.”

Sanlo plans to use the funds to grow its team and product suite ahead of its public launch later this year.

Continue Reading

Trending