Connect with us

Biz & IT

Google still claimed to be blocking search rivals on Android, despite Europe’s antitrust action

Published

on

Mobile licensing changes made by Google this fall, when it tweaked terms for OEMs wanting to license its Android smartphone platform on devices destined for the European market, don’t appear to be offering succour to search rivals — despite being triggered by an antitrust ruling intended to reset the competitive playing field.

The European Commission found the search giant guilty of anti-competitive practices related to its Android platform this summer, slapping the company with a $5BN fine. The decision required Google cease practices judged to be illegally skewing the market and do so within 90 days.

It was the second such major EC antitrust finding against Google, after last year’s Google Shopping ruling, when the company was warned that having been found dominant in search it had a “special responsibility” to avoid breaching antitrust rules in any market it plays in.

Google disputes the Commission’s findings of competitive abuse in both cases, and has lodged legal appeals.

But the nature of competition law demands action in the meanwhile, given the threat of punitive penalties for any continued breach. So in October Google responded to the Commission’s Android ruling by updating its regional compatibility agreement to provide a route for OEMs to unbundle key services from the Android OS — rather than requiring its suite of Google apps be pre-loaded for devices to get the Play Store.

However it also incorporated licensing fees for some unbundled configurations (e.g. Android + Play Store). At the same time it said it would not charge any fee to include search or Chrome. And it said it was offering incentives for OEMs to place its eponymous, market dominating search engine (and/or browser) prominently on their devices — despite one of the behaviors the Commission judged illegal being payments Google had made to certain large manufacturers and mobile carriers to exclusively pre-install Google Search.

The Commission did not prescribe specific remedies for the anticompetitive behaviours it pegged to Android — saying it’s “Google’s sole responsibility to make sure that it changes its conduct in a way that brings the infringements to an effective end”.

Though it warned it would closely monitor the company’s conduct, noting that any finding of continued non-compliance would risk fresh fines — of up to 5% of the average daily turnover of Alphabet for each day of non-compliance.

The key word there is “effective” — in terms of what the Commission is watching for.

Meanwhile Google’s dominant position in search naturally makes it the smartphone consumer’s go-to choice — which in turn means there’s a natural incentive for device makers not to ditch Google as the search default. At least for mainstream devices.

But Google’s new European licensing terms for Android appear to be piling additional pressure on OEMs not to switch even for more experimental and/or regional device launches, according to privacy-focused search engine Qwant.

The suggestion is Google’s licensing changes have essentially blocked the launch of an Android device with Qwant search rather than Google as the default.

Pay to install

Its experience suggests Google’s initial ‘remedy’ — far from delivering an “effective end” to the competitive infringements the Commission found — is actively steering OEMs away from search alternatives and rival companies.

Qwant, a French startup, launched its non-tracking search offering back in 2013, and has been on a growth tear on its home turf in recent months — winning over high profile users in the public sector as concern has risen about Silicon Valley’s intrusive grip on user data.

The French National Assembly and the French Ministry of the Armed Forces Minister announced this fall they’d switch to Qwant instead of Google as their default.

Of course the startup is still a minnow compared to Google. But it’s growing: Qwant tracks queries rather than users (given it doesn’t track people), and it says it generated 2.6BN queries in 2016; which grew to 9BN last year; and is now on track to end this year with around 18BN queries.

“So if we think about it that means that last year we were three days of Google; this year six days of Google — not so bad!” says co-founder Eric Leandri.

“In France we have now more than 6% of the market,” he continues. “In Germany something like 2%. And we are still growing. We do growth of 20% by month for the last four months. The growth in our revenue is two digit too, by month.”

Earlier this year it had been hoping to make additional regional marketshare gains by securing a deal to be pre-loaded on Android smartphones destined for European markets. A spokesman tells us it has a framework agreement with Huawei. (The Chinese Android OEM is second only to Samsung in global marketshare terms, according to analysts.)

The Commission’s antitrust ruling opened the door to this possibility, given it banned Google from prohibiting OEMs from launching non-Google approved Android forks. So after the ruling things were looking good for Qwant, with the startup on the cusp of securing a device deal for a few European countries, as Leandri tells it. 

He blames Google’s licensing changes for putting the kibosh on a launch they’d been expecting to be able to announce in November. Early that month the startup pinged us to trail forthcoming news — of “a major partnership that will allow us to accelerate in the smartphone market” — only to go silent.

A few weeks later it got in touch again to say it had had to postpone the announcement.

“We are very near to one or two deals to be by default or in the list of search engines in some Android cell phone made by a very large Asian manufacturer… Just for Europe, and just for some countries in Europe but we are talking about 10 million or 20 million of cell phones,” says Leandri now.

“And when we have won the bid against Google in October then Google start to say that in Europe you have to pay $40 for Android. So now if you install Qwant you have to pay $40 and if you install Google they give you some cash.”

“Before it was impossible to bid against Google because Google was blocking everything. Now you can — but now the solution of Google is you have to pay $40 if you don’t install Google by default with Chrome just on the bar. You know the bar that is fixed on Android. And this is again an abuse of their dominant position,” he adds.

“Because if I want, for example, 10 million smartphones, the guy has to pay $400M to Google. Do you really think they will pay $400M to Google just to install Qwant?”

Google’s rebuttal of the Commission’s antitrust finding for Android has focused on claims that its approach of free licensing combined with a bundle of Google services has generally enabled competition to thrive in the mobile app ecosystem, as well as claiming lower prices are a “classic hallmark… of robust competition”.

Yet Qwant’s experience offers a clear counterpoint, underlining how challenging it remains to try to compete with Google’s core search business when the same company also dominates the smartphone market and can just throw the levers of Android’s licensing terms to configure how much ‘appetite’ OEMs have for investing in alternative search defaults (given tiny hardware profit margins in the Android space).

After Qwant won over Huawei to building a device with its search engine in prime position, Leandri says it was Google’s changes to the licensing terms for Android that threw a spanner in the works.

“After that pressure then the manufacturer doesn’t know how to react now,” he says, confirming he believes there’s currently no chance for the device to be launched. Not without further changes to how Android operates in the market — i.e. further regulatory intervention.

“So we will work a lot with the European Commission to stop that,” he adds. “But again, again my question is why Google goes that way?”

We reached out to Google to ask about the fees it would charge an OEM wanting to launch an Android device with Google Play but without Google search as the default in Europe.

We also asked how charging a fee for Android if OEMs don’t also bundle Google services can help increase competition, per the Commission’s intention.

At the time of writing Google had not responded to our questions.

We also reached out to Huawei for comment and will update this story with any response.

Even if Qwant and Huawei get their way, and European buyers in a handful of countries are able to choose to buy an Android device with a little search localization as its differentiating out-of-the-box twist, Leandri isn’t under any illusions that a majority of consumers will still switch back to Google of their own accord — given its dominance of search.

He reckons those who’d stick with a non-Google search choice might be as low as a third or 40%. 

But his point is that, as it stands, Qwant doesn’t even have the chance to try competing against the Google Goliath on its own terms. And he argues that’s simply not fair. 

“Google has billions to make advertisement to ask people to switch, right. And they can even do advertisement on the Play Store for zero because they control the Play Store. Why they don’t come back to a normal market where we are all on the same line and they just compete with advertisement, with pushing their products, with a better proposition of value. It’s crazy, it’s crazy!” he says.

“They have 95% of the market, and on that market they expect that if they don’t have the search by default there then they don’t do money with the Play Store. This is bullshit. They do billions of euros with the app on the Play Store each year. With the 30% that they take on the apps. So this is not true. This is not true, sorry.

“So right now this is our goal and my main work actually is just to obtain the right to have a fair competition — a simple, fair competition.”

“I don’t want to dismantle Google. I don’t want Google to be fined 10BN. I don’t care. The only thing I want is to have the right to have a fair competition,” he adds.

We asked the European Commission to respond to Qwant’s experience, and for an update on its monitoring of Google’s compliance with the Android antitrust ruling.

A spokeswoman declined to comment on an individual case but we understand the Commission has been sending questionnaires to market players as part of its compliance monitoring.

It’s clear the regulator’s intention with the Android decision was to expand consumer choice by creating opportunities for competition that didn’t exist before — including for rival search and browser providers to be able to compete on the merits with Google when it comes to pre-loading their products on Android devices.

So if the Commission’s monitoring efforts confirm instances where competition is being blocked, as appears the case here with Qwant, further interventions will surely follow.

Leandri also points out that Google made much the same arguments vis-a-vis ‘fair competition’ more than a decade ago — when it called for the then computing incumbent, Microsoft, not to stand in the way of Internet upstarts by bundling MSN search into its Internet Explorer web browser. 

“The market favors open choice for search, and companies should compete for users based on the quality of their search services,” said Marissa Mayer in 2006, then Google’s vice president for search products. “We don’t think it’s right for Microsoft to just set the default to MSN. We believe users should choose.”

“I totally agree with what they say in 2006! Just exchange Microsoft for Google and that’s it!” he says now, adding: “We have to fight because there is not a lot of other way. But I stop fighting tomorrow as soon as I have a fair competition.

“I’m not waiting for the Commission to make the competition. Right now the percentage of growth that I have in France it’s not based on the Commission who has won or not. It’s based on our value proposition.”

Leandri is also president of the Open Internet Project, a European organization whose members lobby for regulatory action to rein in what they view as Google’s abusive dominance of digital markets, and which was also involved in the Google Shopping complaints — though he points out that in the Android case three of the five complainants are American. 

“We are the only European. So the problem is not only for a small startup in Europe. Who, y’know, complained because ‘Google is so cool’. And we are so dumb. And so ridiculous. But the problem is for Oracle, it’s for the Fair Search. It’s not for kids.”

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Biz & IT

The cryptopocalypse is nigh! NIST rolls out new encryption standards to prepare

Published

on

Enlarge / Conceptual computer artwork of electronic circuitry with blue and red light passing through it, representing how data may be controlled and stored in a quantum computer.

Getty Images

In the not-too-distant future—as little as a decade, perhaps, nobody knows exactly how long—the cryptography protecting your bank transactions, chat messages, and medical records from prying eyes is going to break spectacularly with the advent of quantum computing. On Tuesday, a US government agency named four replacement encryption schemes to head off this cryptopocalypse.

Some of the most widely used public-key encryption systems—including those using the RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman algorithms—rely on mathematics to protect sensitive data. These mathematical problems include (1) factoring a key’s large composite number (usually denoted as N) to derive its two factors (usually denoted as P and Q) and (2) computing the discrete logarithm that keys are based on.

The security of these cryptosystems depends entirely on classical computers’ difficulty in solving these problems. While it’s easy to generate keys that can encrypt and decrypt data at will, it’s impossible from a practical standpoint for an adversary to calculate the numbers that make them work.

In 2019, a team of researchers factored a 795-bit RSA key, making it the biggest key size ever to be solved. The same team also computed a discrete logarithm of a different key of the same size.

The researchers estimated that the sum of the computation time for both of the new records was about 4,000 core-years using Intel Xeon Gold 6130 CPUs (running at 2.1GHz). Like previous records, these were accomplished using a complex algorithm called the Number Field Sieve, which can be used to perform both integer factoring and finite field discrete logarithms.

Quantum computing is still in the experimental phase, but the results have already made it clear it can solve the same mathematical problems instantaneously. Increasing the size of the keys won’t help, either, since Shor’s algorithm, a quantum-computing technique developed in 1994 by the American mathematician Peter Shor, works orders of magnitude faster in solving integer factorization and discrete logarithmic problems.

Researchers have known for decades these algorithms are vulnerable and have been cautioning the world to prepare for the day when all data that has been encrypted using them can be unscrambled. Chief among the proponents is the US Department of Commerce’s National Institute of Standards and Technology (NIST), which is leading a drive for post-quantum cryptography (PQC).

On Tuesday, NIST said it selected four candidate PQC algorithms to replace those that are expected to be felled by quantum computing. They are: CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+.

CRYSTALS-Kyber and CRYSTALS-Dilithium are likely to be the two most widely used replacements. CRYSTALS-Kyber is used for establishing digital keys two computers that have never interacted with each other can use to encrypt data. The remaining three, meanwhile, are used for digitally signing encrypted data to establish who sent it.

“CRYSTALS-Kyber (key-establishment) and CRYSTALS-Dilithium (digital signatures) were both selected for their strong security and excellent performance, and NIST expects them to work well in most applications,” NIST officials wrote. “FALCON will also be standardized by NIST since there may be use cases for which CRYSTALS-Dilithium signatures are too large. SPHINCS+ will also be standardized to avoid relying only on the security of lattices for signatures. NIST asks for public feedback on a version of SPHINCS+ with a lower number of maximum signatures.”

The selections announced today are likely to have significant influence going forward.

“The NIST choices certainly matter because many large companies have to comply with the NIST standards even if their own chief cryptographers don’t agree with their choices,” said Graham Steel, CEO of Cryptosense, a company that makes cryptography management software. “But having said that, I personally believe their choices are based on sound reasoning, given what we know right now about the security of these different mathematical problems, and the trade-off with performance.”

Nadia Heninger, an associate professor of computer science and engineering at University of California, San Diego, agreed.

“The algorithms NIST chooses will be the de facto international standard, barring any unexpected last-minute developments,” she wrote in an email. “A lot of companies have been waiting with bated breath for these choices to be announced so they can implement them ASAP.”

While no one knows exactly when quantum computers will be available, there is considerable urgency in moving to PQC as soon as possible. Many researchers say it’s likely that criminals and nation-state spies are recording massive amounts of encrypted communications and stockpiling them for the day they can be decrypted.

Continue Reading

Biz & IT

Google allowed sanctioned Russian ad company to harvest user data for months

Published

on

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

The day after Russia’s February invasion of Ukraine, Senate Intelligence Committee Chairman Mark Warner sent a letter to Google warning it to be on alert for “exploitation of your platform by Russia and Russian-linked entities,” and calling on the company to audit its advertising business’s compliance with economic sanctions.

But as recently as June 23, Google was sharing potentially sensitive user data with a sanctioned Russian ad tech company owned by Russia’s largest state bank, according to a new report provided to ProPublica.

Google allowed RuTarget, a Russian company that helps brands and agencies buy digital ads, to access and store data about people browsing websites and apps in Ukraine and other parts of the world, according to research from digital ad analysis firm Adalytics. Adalytics identified close to 700 examples of RuTarget receiving user data from Google after the company was added to a US Treasury list of sanctioned entities on Feb. 24. The data sharing between Google and RuTarget stopped four months later on June 23, the day ProPublica contacted Google about the activity.

RuTarget, which also operates under the name Segmento, is owned by Sberbank, a Russian state bank that the Treasury described as “uniquely important” to the country’s economy when it hit the lender with initial sanctions. RuTarget was later listed in an April 6 Treasury announcement that imposed full blocking sanctions on Sberbank and other Russian entities and people. The sanctions mean US individuals and entities are not supposed to conduct business with RuTarget or Sberbank.

Of particular concern, the analysis showed that Google shared data with RuTarget about users browsing websites based in Ukraine. This means Google may have turned over such critical information as unique mobile phone IDs, IP addresses, location information, and details about users’ interests and online activity, data that US senators and experts say could be used by Russian military and intelligence services to track people or zero in on locations of interest.

Last April, a bipartisan group of US senators sent a letter to Google and other major ad technology companies warning of the national security implications of data shared as part of the digital ad buying process. They said this user data “would be a goldmine for foreign intelligence services that could exploit it to inform and supercharge hacking, blackmail, and influence campaigns.”

Google spokesperson Michael Aciman said that the company blocked RuTarget from using its ad products in March and that RuTarget has not purchased ads directly via Google since then. He acknowledged the Russian company was still receiving user and ad buying data from Google before being alerted by ProPublica and Adalytics.

“Google is committed to complying with all applicable sanctions and trade compliance laws,” Aciman said. “We’ve reviewed the entities in question and have taken appropriate enforcement action beyond the measures we took earlier this year to block them from directly using Google advertising products.”

Aciman said this action includes not only preventing RuTarget from further accessing user data, but from purchasing ads through third parties in Russia that may not be sanctioned. He declined to say whether RuTarget had purchased ads via Google systems using such third parties, and he did not comment on whether data about Ukrainians had been shared with RuTarget.

Krzysztof Franaszek, who runs Adalytics and authored the report, said RuTarget’s ability to access and store user data from Google could open the door to serious potential abuse.

“For all we know they are taking that data and combining it with 20 other data sources they got from God knows where,” he said. “If RuTarget’s other data partners included the Russian government or intelligence or cybercriminals, there is a huge danger.”

In a statement to ProPublica, Warner, a Virginia Democrat, called Google’s failure to sever its relationship with RuTarget alarming.

“All companies have a responsibility to ensure that they are not helping to fund or even inadvertently support Vladimir Putin’s invasion of Ukraine. Hearing that an American company may be sharing user data with a Russian company—owned by a sanctioned, state-owned bank no less—is incredibly alarming and frankly disappointing,” he said. “I urge all companies to examine their business operations from top to bottom to ensure that they are not supporting Putin’s war in any way.”

Continue Reading

Biz & IT

Google closes data loophole amid privacy fears over abortion ruling

Published

on

Google is closing a loophole that has allowed thousands of companies to monitor and sell sensitive personal data from Android smartphones, an effort welcomed by privacy campaigners in the wake of the US Supreme Court’s decision to end women’s constitutional right to abortion.

It also took a further step on Friday to limit the risk that smartphone data could be used to police new abortion restrictions, announcing it would automatically delete the location history on phones that have been close to a sensitive medical location such an abortion clinic.

The Silicon Valley company’s moves come amid growing fears that mobile apps will be weaponized by US states to police new abortion restrictions in the country.

Companies have previously harvested and sold information on the open market including lists of Android users using apps related to period tracking, pregnancy and family planning, such as Planned Parenthood Direct.

Over the past week, privacy researchers and advocates have called for women to delete period-tracking apps from their phones to avoid being tracked or penalised for considering abortions.

The US tech giant announced last March that it would restrict the feature, which allows developers to see which other apps are installed and deleted on individuals’ phones. That change was meant to be implemented last summer, but the company failed to meet that deadline citing the pandemic among other reasons.

The new deadline of July 12 will hit just weeks after the overturning of Roe vs Wade, a ruling that has thrown a spotlight on how smartphone apps could be used for surveillance by US states with new anti-abortion laws.

“It’s long overdue. Data brokers have been banned from using the data under Google’s terms for a long time, but Google didn’t build safeguards into the app approvals process to catch this behavior. They just ignored it,” said Zach Edwards, an independent cyber security researcher who has been investigating the loophole since 2020.

“So now anyone with a credit card can purchase this data online,” he added.

Google said: “In March 2021, we announced that we planned to restrict access to this permission, so that only utility apps, such as device search, antivirus, and file manager apps, can see what other apps are installed on a phone.”

It added: “Collecting app inventory data to sell it or share it for analytics or ads monetisation purposes has never been allowed on Google Play.”

Despite widespread usage by app developers, users remain unaware of this feature in Android software—a Google-designed programming interface, or API, known as the “Query All Packages.” It allows apps, or snippets of third-party code inside them, to query the inventory of all other apps on a person’s phone. Google itself has referred to this type of data as high-risk and “sensitive,” and it has been discovered being sold on to third parties.

Researchers have found that app inventories “can be used to precisely deduce end users interests and personal traits,” including gender, race and marital status, among other things.

Edwards has found that one data marketplace, Narrative.io, was openly selling data obtained by intermediaries in this way, including smartphones using Planned Parenthood, and various period tracking apps.

Narrative said it removed pregnancy tracking and menstruation app data from its platform in May, in response to the leaked draft outlining the Supreme Court’s forthcoming decision.

Another research company, Pixalate, discovered that consumer apps, like a simple weather app, were running bits of code that exploited the same Android feature and were harvesting data for a Panamanian company with ties to US defense contractors.

Google said it “never sells user data, and Google Play strictly prohibits the sale of user data by developers. When we discover violations we take action,” adding it had sanctioned multiple companies believed to be selling user data.

Google said it would restrict the Query All Packages feature to only those who require it from July 12. App developers will be required to fill out a declaration explaining why they need access, and notify Google of this before the deadline so it can be vetted.

“Deceptive and undeclared uses of these permissions may result in a suspension of your app and/or termination of your developer account,” the company warned.

Additional reporting by Richard Waters.

© 2022 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

Continue Reading

Trending