FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Apple’s dangerous path

By Lucas Matney

Hello friends, and welcome back to Week in Review.

Last week, we dove into the truly bizarre machinations of the NFT market. This week, we’re talking about something that’s a little bit more impactful on the current state of the web — Apple’s NeuralHash kerfuffle.

If you’re reading this on the TechCrunch site, you can get this in your inbox from the newsletter page, and follow my tweets @lucasmtny


the big thing

In the past month, Apple did something it generally has done an exceptional job avoiding — the company made what seemed to be an entirely unforced error.

In early August — seemingly out of nowhere** — the company announced that by the end of the year they would be rolling out a technology called NeuralHash that actively scanned the libraries of all iCloud Photos users, seeking out image hashes that matched known images of child sexual abuse material (CSAM). For obvious reasons, the on-device scanning could not be opted out of.

This announcement was not coordinated with other major consumer tech giants, Apple pushed forward on the announcement alone.

Researchers and advocacy groups had almost unilaterally negative feedback for the effort, raising concerns that this could create new abuse channels for actors like governments to detect on-device information that they regarded as objectionable. As my colleague Zach noted in a recent story, “The Electronic Frontier Foundation said this week it had amassed more than 25,000 signatures from consumers. On top of that, close to 100 policy and rights groups, including the American Civil Liberties Union, also called on Apple to abandon plans to roll out the technology.”

(The announcement also reportedly generated some controversy inside of Apple.)

The issue — of course — wasn’t that Apple was looking at find ways that prevented the proliferation of CSAM while making as few device security concessions as possible. The issue was that Apple was unilaterally making a massive choice that would affect billions of customers (while likely pushing competitors towards similar solutions), and was doing so without external public input about possible ramifications or necessary safeguards.

A long story short, over the past month researchers discovered Apple’s NeuralHash wasn’t as air tight as hoped and the company announced Friday that it was delaying the rollout “to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.”

Having spent several years in the tech media, I will say that the only reason to release news on a Friday morning ahead of a long weekend is to ensure that the announcement is read and seen by as few people as possible, and it’s clear why they’d want that. It’s a major embarrassment for Apple, and as with any delayed rollout like this, it’s a sign that their internal teams weren’t adequately prepared and lacked the ideological diversity to gauge the scope of the issue that they were tackling. This isn’t really a dig at Apple’s team building this so much as it’s a dig on Apple trying to solve a problem like this inside the Apple Park vacuum while adhering to its annual iOS release schedule.

illustration of key over cloud icon

Image Credits: Bryce Durbin / TechCrunch /

Apple is increasingly looking to make privacy a key selling point for the iOS ecosystem, and as a result of this productization, has pushed development of privacy-centric features towards the same secrecy its surface-level design changes command. In June, Apple announced iCloud+ and raised some eyebrows when they shared that certain new privacy-centric features would only be available to iPhone users who paid for additional subscription services.

You obviously can’t tap public opinion for every product update, but perhaps wide-ranging and trail-blazing security and privacy features should be treated a bit differently than the average product update. Apple’s lack of engagement with research and advocacy groups on NeuralHash was pretty egregious and certainly raises some questions about whether the company fully respects how the choices they make for iOS affect the broader internet.

Delaying the feature’s rollout is a good thing, but let’s all hope they take that time to reflect more broadly as well.

** Though the announcement was a surprise to many, Apple’s development of this feature wasn’t coming completely out of nowhere. Those at the top of Apple likely felt that the winds of global tech regulation might be shifting towards outright bans of some methods of encryption in some of its biggest markets.

Back in October of 2020, then United States AG Bill Barr joined representatives from the UK, New Zealand, Australia, Canada, India and Japan in signing a letter raising major concerns about how implementations of encryption tech posed “significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children.” The letter effectively called on tech industry companies to get creative in how they tackled this problem.


other things

Here are the TechCrunch news stories that especially caught my eye this week:

LinkedIn kills Stories
You may be shocked to hear that LinkedIn even had a Stories-like product on their platform, but if you did already know that they were testing Stories, you likely won’t be so surprised to hear that the test didn’t pan out too well. The company announced this week that they’ll be suspending the feature at the end of the month. RIP.

FAA grounds Virgin Galactic over questions about Branson flight
While all appeared to go swimmingly for Richard Branson’s trip to space last month, the FAA has some questions regarding why the flight seemed to unexpectedly veer so far off the cleared route. The FAA is preventing the company from further launches until they find out what the deal is.

Apple buys a classical music streaming service
While Spotify makes news every month or two for spending a massive amount acquiring a popular podcast, Apple seems to have eyes on a different market for Apple Music, announcing this week that they’re bringing the classical music streaming service Primephonic onto the Apple Music team.

TikTok parent company buys a VR startup
It isn’t a huge secret that ByteDance and Facebook have been trying to copy each other’s success at times, but many probably weren’t expecting TikTok’s parent company to wander into the virtual reality game. The Chinese company bought the startup Pico which makes consumer VR headsets for China and enterprise VR products for North American customers.

Twitter tests an anti-abuse ‘Safety Mode’
The same features that make Twitter an incredibly cool product for some users can also make the experience awful for others, a realization that Twitter has seemingly been very slow to make. Their latest solution is more individual user controls, which Twitter is testing out with a new “safety mode” which pairs algorithmic intelligence with new user inputs.


extra things

Some of my favorite reads from our Extra Crunch subscription service this week:

Our favorite startups from YC’s Demo Day, Part 1 
“Y Combinator kicked off its fourth-ever virtual Demo Day today, revealing the first half of its nearly 400-company batch. The presentation, YC’s biggest yet, offers a snapshot into where innovation is heading, from not-so-simple seaweed to a Clearco for creators….”

…Part 2
“…Yesterday, the TechCrunch team covered the first half of this batch, as well as the startups with one-minute pitches that stood out to us. We even podcasted about it! Today, we’re doing it all over again. Here’s our full list of all startups that presented on the record today, and below, you’ll find our votes for the best Y Combinator pitches of Day Two. The ones that, as people who sift through a few hundred pitches a day, made us go ‘oh wait, what’s this?’

All the reasons why you should launch a credit card
“… if your company somehow hasn’t yet found its way to launch a debit or credit card, we have good news: It’s easier than ever to do so and there’s actual money to be made. Just know that if you do, you’ve got plenty of competition and that actual customer usage will probably depend on how sticky your service is and how valuable the rewards are that you offer to your most active users….”


Thanks for reading, and again, if you’re reading this on the TechCrunch site, you can get this in your inbox from the newsletter page, and follow my tweets @lucasmtny

Lucas Matney

Playbyte’s new app aims to become the ‘TikTok for games’

By Sarah Perez

A startup called Playbyte wants to become the TikTok for games. The company’s newly launched iOS app offers tools that allow users to make and share simple games on their phone, as well as a vertically scrollable, fullscreen feed where you can play the games created by others. Also like TikTok, the feed becomes more personalized over time to serve up more of the kinds of games you like to play.

While typically, game creation involves some aspect of coding, Playbyte’s games are created using simple building blocks, emoji and even images from your Camera Roll on your iPhone. The idea is to make building games just another form of self-expression, rather than some introductory, educational experience that’s trying to teach users the basics of coding.

At its core, Playbyte’s game creation is powered by its lightweight 2D game engine built on web frameworks, which lets users create games that can be quickly loaded and played even on slow connections and older devices. After you play a game, you can like and comment using buttons on the right-side of the screen, which also greatly resembles the TikTok look-and-feel. Over time, Playbyte’s feed shows you more of the games you enjoyed as the app leverages its understanding of in-game imagery, tags and descriptions, and other engagement analytics to serve up more games it believes you’ll find compelling.

At launch, users have already made a variety of games using Playbyte’s tools — including simulators, tower defense games, combat challenges, obbys, murder mystery games, and more.

We made an app called Playbyte that lets you make games on your phone, discover games made by other users, and challenge your friends https://t.co/FFnMbKG1ls pic.twitter.com/eqhabN3kM1

— Playbyte (@PlaybyteInc) May 25, 2021

According to Playbyte founder and CEO Kyle Russell — previously of Skydio, Andreessen Horowitz, and (disclosure!) TechCrunch — Playbyte is meant to be a social media app, not just a games app.

“We have this model in our minds for what is required to build a new social media platform,” he says.

What Twitter did for text, Instagram did for photos and TikTok did for video was to combine a constraint with a personalized feed, Russell explains. “Typically. [they started] with a focus on making these experiences really brief…So a short, constrained format and dedicated tools that set you up for success to work within that constrained format,” he adds.

Similarly, Playbyte games have their own set of limitations. In addition to their simplistic nature, the games are limited to five scenes. Thanks to this constraint, a format has emerged where people are making games that have an intro screen where you hit “play,” a story intro, a challenging gameplay section, and then a story outro.

In addition to its easy-to-use game building tools, Playbyte also allows game assets to be reused by other game creators. That means if someone who has more expertise makes a game asset using custom logic or which pieced together multiple components, the rest of the user base can benefit from that work.

“Basically, we want to make it really easy for people who aren’t as ambitious to still feel like productive, creative game makers,” says Russell. “The key to that is going to be if you have an idea — like an image of a game in your mind — you should be able to very quickly search for new assets or piece together other ones you’ve previously saved. And then just drop them in and mix-and-match — almost like Legos — and construct something that’s 90% of what you imagined, without any further configuration on your part,” he says.

In time, Playbyte plans to monetize its feed with brand advertising, perhaps by allowing creators to drop sponsored assets into their games, for instance. It also wants to establish some sort of patronage model at a later point. This could involve either subscriptions or even NFTs of the games, but this would be further down the road.

The cutest lil sprite blob I’ve ever seen 😭#pixelart #gamedev pic.twitter.com/7uBRzs6ix0

— Playbyte (@PlaybyteInc) August 21, 2021

The startup had originally began as a web app in 2019, but at the end of last year, the team scrapped that plan and rewrote everything as a native iOS app with its own game engine. That app launched on the App Store this week, after previously maxing out TestFlight’s cap of 10,000 users.

Currently, it’s finding traction with younger teenagers who are active on TikTok and other collaborative games, like Roblox, Minecraft, or Fortnite.

“These are young people who feel inspired to build their own games but have been intimidated by the need to learn to code or use other advanced tools, or who simply don’t have a computer at home that would let them access those tools,” notes Russell.

Playbyte is backed by $4 million in pre-seed and seed funding from investors including FirstMark (Rick Heitzmann), Ludlow Ventures (Jonathon Triest and Blake Robbins), Dream Machine (former Editor-in-Chief at TechCrunch, Alexia Bonatsos), and angels such as Fred Ehrsam, co-founder of Coinbase; Nate Mitchell, co-founder of Oculus; Ashita Achuthan, previously of Twitter; and others.

The app is a free download on the App Store.

Humane, a stealthy hardware and software startup co-founded by an ex-Apple designer and engineer, raises $100M

By Ingrid Lunden

A stealthy startup co-founded by a former senior designer from Apple and one of its ex-senior software engineers has picked up a significant round funding to build out its business. Humane, which has ambitions to build a new class of consumer devices and technologies that stem from “a genuine collaboration of design and engineering” that will represent “the next shift between humans and computing”, has raised $100 million.

This is a Series B, and it’s coming from some very high profile backers. Tiger Global Management is leading the round, with SoftBank Group, BOND, Forerunner Ventures and Qualcomm Ventures also participating. Other investors in this Series B include Sam Altman, Lachy Groom, Kindred Ventures, Marc Benioff’s TIME Ventures, Valia Ventures, NEXT VENTŪRES, Plexo Capital and the legal firm Wilson Sonsini Goodrich & Rosati.

Humane has been around actually since 2017, but it closed/filed its Series A only last year: $30 million in September 2020 at a $150 million valuation, according to PitchBook. Previous to that, it had raised just under $12 million, with many of the investors in this current round backing Humane in those earlier fundraises, too.

Valuation with this Series B is not being disclosed, the company confirmed to me.

Given that Humane has not yet released any products, nor has said much at all about what it has up its sleeve; and given that hardware in general presents a lot of unique challenges and therefore is often seen as a risky bet (that old “hardware is hard” chestnut), you might be wondering how Humane, still in stealth, has attracted these backers.

Some of that attention possibly stems from the fact that the two co-founders, husband-and-wife team Imran Chaudhri and Bethany Bongiorno, are something of icons in their own right. Bongiorno, who is Humane’s CEO, had been the software engineering director at Apple. Chaudhri, who is Humane’s chairman and president, is Apple’s former director of design, where he worked for 20 years on some of its most seminal products — the iPhone, the iPad and the Mac. Both have dozens of patents credited to them from their time there, and they have picked up a few since then, too.

Those latest patents — plus the very extensive list of job openings listed on Humane’s otherwise quite sparse site — might be the closest clues we have for what the pair and their startup might be building.

One patent is for a “Wearable multimedia device and cloud computing platform with laser projection system”; another is for a “System and apparatus for fertility and hormonal cycle awareness.”

Meanwhile, the company currently has nearly 50 job openings listed, including engineers with camera and computer vision experience, hardware engineers, designers, and security experts, among many others. (One sign of where all that funding will be going.) There is already an impressive team of about 60 people the company, which is another detail that attracted investors.

“The caliber of individuals working at Humane is incredibly impressive,” said Chase Coleman, Partner, Tiger Global, in a statement. “These are people who have built and shipped transformative products to billions of people around the world. What they are building is groundbreaking with the potential to become a standard for computing going forward.”

I’ve asked for more details on the company’s product roadmap and ethos behind the company, and who its customers might potentially be: other firms for whom it designs products, or end users directly?

For now, Bongiorno and Chaudhri seem to hint that part of what has motivated them to start this business was to reimagine what role technology might play in the next wave of innovation. It’s a question that many ask, but not many try to actually invest in finding the answer. For that alone, it’s worth watching Humane (if Humane lets us, that is: it’s still very much in stealth) to see what it does next.

“Humane is a place where people can truly innovate through a genuine collaboration of design and engineering,” the co-founders said in a joint statement. “We are an experience company that creates products for the benefit of people, crafting technology that puts people first — a more personal technology that goes beyond what we know today. We’re all waiting for something new, something that goes beyond the information age that we have all been living with. At Humane, we’re building the devices and the platform for what we call the intelligence age. We are committed to building a different type of company, founded on our values of trust, truth and joy. With the support of our partners, we will continue to scale the team with individuals who not only share our passion for revolutionizing the way we interact with computing, but also for how we build.”

Update: After publishing, I got a little more from Humane about its plans. Its aim is to build “technology that improves the human experience and is born of good intentions; products that put us back in touch with ourselves, each other, and the world around us; and experiences that are built on trust, with interactions that feel magical and bring joy.” It’s not a whole lot to go on, but more generally it’s an approach that seems to want to step away from the cycle we’re on today, and be more mindful and thoughtful. If they can execute on this, while still building rather than wholesale rejecting technology, they might be on to something.

Apple secures first states to support digital driver’s licenses, but privacy questions linger

By Zack Whittaker

Apple’s plan to digitize your wallet is slowly taking shape. What started with boarding passes and venue tickets later became credit cards, subway tickets, and student IDs. Next on Apple’s list to digitize are driver’s licenses and state IDs, which it plans to support in its iOS 15 update expected out later this year.

But to get there it needs help from state governments, since it’s the states that issue driver’s licenses and other forms of state identification, and every state issues IDs differently. Apple said today it has so far secured two states, Arizona and Georgia, to bring digital driver’s license and state IDs.

Connecticut, Iowa, Kentucky, Maryland, Oklahoma, and Utah are expected to follow, but a timeline for rolling out wasn’t given.

Apple said in June that it would begin supporting digital licenses and IDs, and that the TSA would be the first agency to begin accepting a digital license from an iPhone at several airports, since only a state ID is required for traveling by air domestically within the United States. The TSA will allow you to present your digital wallet by tapping it on an identity reader. Apple says the feature is secure and doesn’t require handing over or unlocking your phone.

The digital license and ID data is stored on your iPhone but a driver’s license must be verified by the participating state. That has to happen at scale and speed to support millions of drivers and travelers while preventing fake IDs from making it through.

The goal of digitizing licenses and IDs is convenience, rather than fixing a problem. But the move hasn’t exactly drawn confidence from privacy experts, who bemoan Apple’s lack of transparency about how it built this technology and what it ultimately gets out of it.

Apple still has not said much about how the digital ID technology works, or what data the state obtains as part of the process to enroll a digital license. Apple is working on a new security verification feature that takes selfies to validate the user. It’s not to say these systems aren’t inherently problematic, but there are privacy questions that Apple will have to address down the line.

But the fragmented picture of digital licenses and IDs across the U.S. isn’t likely to get less murky overnight, even after Apple enters the picture. A recent public records request by MuckRock showed Apple was in contact with some states as early as 2019 about bringing digital licenses and IDs to iPhones, including California and Illinois, yet neither state has been announced by Apple today.

Wisconsin, South Carolina, and Rhode Island are likely further behind, after finding out about Apple’s digital license plan the very day it was announced at WWDC.

Popcorn’s new app brings short-form video to the workplace

By Sarah Perez

A new startup called Popcorn wants to make work communication more fun and personal by offering a way for users to record short video messages, or “pops,” that can be used for any number of purposes in place of longer emails, texts, Slack messages or Zoom calls. While there are plenty of other places to record short-form video these days, most of these exist in the social media space, which isn’t appropriate for a work environment. Nor does it make sense to send a video you’ve recorded on your phone as an email attachment, when you really just want to check in with a colleague or say hello.

Popcorn, on the other hand, lets you create the short video and then send a URL to that video anywhere you would want to add a personal touch to your message.

For example, you could use Popcorn in a business networking scenario, where you’re trying to connect with someone in your industry for the first time — aka “cold outreach.” Instead of just blasting them a message on LinkedIn, you could also paste in the Popcorn URL to introduce yourself in a more natural, friendly fashion. You also could use Popcorn with your team at work for things like daily check-ins, sharing progress on an ongoing project or to greet new hires, among other things.

Image Credits: Popcorn

Videos themselves can be up to 60 seconds in length — a time limit designed to keep Popcorn users from rambling. Users also can opt to record audio only if they don’t want to appear on video. And you can increase the playback speed if you’re in a hurry. Users who want to receive “pops” could also advertise their “popcode” (e.g. try mine at U8696).

The idea to bring short-form video to the workplace comes from Popcorn co-founder and CEO Justin Spraggins, whose background is in building consumer apps. One of his first apps to gain traction back in 2014 was a Tinder-meets-Instagram experience called Looksee that allowed users to connect around shared photos. A couple years later, he co-founded a social calling app called Unmute, a Clubhouse precursor of sorts. He then went on to co-found 9 Count, a consumer app development shop which launched more social apps like BFF (previously Wink) and Juju.

9 Count’s lead engineer, Ben Hochberg, is now also a co-founder on Popcorn (or rather, Snack Break, Inc. as the legal entity is called). They began their work on Popcorn in 2020, just after the start of the COVID-19 pandemic. But the rapid shift to remote work in the days that followed could now help Popcorn gain traction among distributed teams. Today’s remote workers may never again return to in-person meetings at the office, but they’re also growing tired of long days stuck in Zoom meetings.

With Popcorn, the goal is to make work communication fun, personal and bite-sized, Spraggins says. “[We want to] bring all the stuff we’re really passionate about in consumer social into work, which I think is really important for us now,” he explains.

“You work with these people, but how do you — without scheduling a Zoom — how do you bring the ‘human’ to it?,” Spraggins says. “I’m really excited about making work products feel more social, more like Snapchat than utility tools.”

There is a lot Popcorn would still need to figure out to truly make a business-oriented social app work, including adding enhanced security, limiting spam, offering some sort of reporting flow for bad actors, and more. It will also eventually need to land on a successful revenue model.

Currently, Popcorn is a free download on iPhone, iPad and Mac, and offers a Slack integration so you can send video messages to co-workers directly in the communication software you already use to catch up and stay in touch. The app today is fairly simple, but the company plans to enhance its short videos over time using AR frames that let users showcase their personalities.

The startup raised a $400,000 pre-seed round from General Catalyst (Nico Bonatsos) and Dream Machine (Alexia Bonatsos, previously editor-in-chief at TechCrunch.) Spraggins says the company will be looking to raise a seed round in the fall to help with hires, including in the AR space.

Tesla’s redesigned iPhone app features two new home screen widgets

By Darrell Etherington

Tesla is rolling out a major update for its iOS smartphone app with new controls, improved management and cool visuals. Version 4.0 also gives you the choice between two different sized widgets for your iPhone home screen. As detailed by Tesla Software Updates, both feature the same information: the name of the car, battery percentage, location (or charging info), unlock status, an image of the vehicle and the time the information was last updated. Tesla previously had a “Today” extension for iOS that was nowhere near as comprehensive as the new widgets.

In terms of controls, you can send commands to your car immediately upon opening the app, instead of waiting for the vehicle to wake up. There’s also enhanced phone key support that essentially lets you unlock multiple Teslas.

An updated visual that should be immediately noticeable is the new 3D vehicle render. There are also new animations when you charge your car and in the climate and controls sections. Design-wise, Tesla has ditched the charging section and now displays that info when your car is plugged in. You can also view Supercharging history from within the app. While the speed limit, valet mode and sentry mode settings have been moved to a new category titled Security, which includes tips on how to use the Bluetooth, phone key and location services.

To sum up, this is the biggest update to the EV maker’s iOS app in a while. Recently, Tesla has mainly focused on providing bug fixes and improvements, outside of the introduction of Virtual Power Plant enrolment in July.

Editor’s note: This post originally appeared on Engadget.

Apple lowers commissions on in-app purchases for news publishers who participate in Apple News

By Sarah Perez

Apple today is launching a new program that will allow subscription news organizations that participate in the Apple News app and meet certain requirements to lower their commission rate to 15% on qualifying in-app purchases taking place inside their apps on the App Store. Typically, Apple’s model for subscription-based apps involves a standard 30% commission during their first year on the App Store, which then drops to 15% in year two. But the new Apple News Partner Program, announced today, will now make 15% the commission rate for participants starting on day one.

There are a few caveats to this condition, and they benefit Apple. To qualify, the news publisher must maintain a presence on Apple News and they have to provide their content in the Apple News Format (ANF). The latter is the JavaScript Object Notation (JSON) format that’s used to create articles for Apple News which are optimized for Mac, iPhone and other Apple mobile devices. Typically, this involves a bit of setup to translate news articles from a publisher’s website or from their CMS (content management system) to the supported JSON format. For WordPress and other popular CMS’s, there are also plugins available to make this process easier.

Meanwhile, for publishers headquartered outside one of the four existing Apple News markets — the U.S., U.K., Australia or Canada — they can instead satisfy the program’s obligations by providing Apple with an RSS feed.

On the App Store, the partner app qualifying for the 15% commission must be used to deliver “original, professionally authored” news content, and they must offer their auto-renewable subscriptions using Apple’s in-app purchase system.

Image Credits: Apple

While there is some initial work involved in establishing the publisher’s connection to Apple News, it’s worth noting that most major publishers already participate on Apple’s platform. That means they won’t have to do any additional work beyond what they’re already doing in order to transition over to the reduced commission for their apps. However, the program also serves as a way to push news organizations to continue to participate in the Apple News ecosystem, as it will make more financial sense to do so across their broader business.

That will likely be an area of contention for publishers, who would probably prefer that the reduced App Store commission didn’t come with strings attached.

Some publishers already worry that they’re giving up too much control over their business by tying themselves to the Apple News ecosystem. Last year, for example, The New York Times announced it would exit its partnership with Apple News, saying that Apple didn’t allow it to have as direct a relationship with readers as it wanted, and it would rather drive readers to its own app and website.

Apple, however, would argue that it doesn’t stand in the way of publishers’ businesses — it lets them paywall their content and keep 100% of the ad revenue from the ads they sell. (If they can’t sell it all or would prefer Apple to do so on their behalf, they then split the commission with Apple, keeping 70% of revenues instead.) In addition, for the company’s Apple News+ subscription service — where the subscription revenue split is much higher — it could be argued that it’s “found money.” That is, Apple markets the service to customers the publisher hadn’t been able to attract on its own anyway.

The launch of the new Apple News Partner program comes amid regulatory scrutiny over how Apple manages its App Store business and more recently, proposed legislation aiming to address alleged anticompetitive issues both in the U.S. and in major App Store markets, like South Korea.

Sensing this shift in the market, Apple had already been working to provide itself cover from antitrust complaints and lawsuits — like the one underway now with Epic Games — by adjusting its App Store commissions. Last year, it launched the App Store Small Business Program, which also lowered commissions on in-app purchases from 30% to 15% — but only for developers earning up to $1 million in revenues.

This program may have helped smaller publishers, but it was clear some major publishers still weren’t satisfied. After the reduced commissions for small businesses were announced in November, the publisher trade organization Digital Content Next (DCN) — a representative for the AP, The New York Times, NPR, ESPN, Vox, The Washington Post, Meredith, Bloomberg, NBCU, The Financial Times, and others — joined the advocacy group and lobbying organization the Coalition for App Fairness (CAF) the very next month.

These publishers, who had previously written to Apple CEO Tim Cook to demand lower commissions — had other complaints about the revenue share beyond just the size of the split. They also didn’t want to be required to use Apple’s services for in-app purchases for their subscriptions, saying this “Apple tax” forces them to raise their prices for consumers.

It remains to be seen how these publishers will now react to the launch of the Apple News Partner program.

While it gives them a way to lower their App Store fees, it doesn’t address their broader complaints against Apple’s platform and its rules. If anything, it ties the lower fees to a program that locks them in further to the Apple ecosystem.

Apple, in a gesture of goodwill, also said today it would recommit support to three leading media non-profits, Common Sense Media, the News Literacy Project, and Osservatorio Permanente Giovani-Editori. These non-profits offer nonpartisan, independent media literacy programs, which Apple views as key to its larger mission to empower people to become smart and active news readers. Apple also said it would later announce further media literacy projects from other organizations. The company would not disclose the size of its commitment from a financial standpoint however, or discuss how much it has sent such organizations in the past.

“Providing Apple News customers with access to trusted information from our publishing partners has been our priority from day one,” said Eddy Cue, Apple’s senior vice president of Services, in a statement. “For more than a decade, Apple has offered our customers many ways to access and enjoy news content across our products and services. We have hundreds of news apps from dozens of countries around the world available in the App Store, and created Apple News Format to offer publishers a tool to showcase their content and provide a great experience for millions of Apple News users,” he added.

More details about the program and the application form will be available at the News Partner Program website.

This Week in Apps: OnlyFans bans sexual content, SharePlay delayed, TikTok questioned over biometric data collection

By Sarah Perez

Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

The app industry continues to grow, with a record 218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also spent 3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices.

Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year.

This Week in Apps offers a way to keep up with this fast-moving industry in one place with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and suggestions about new apps and games to try, too.

Do you want This Week in Apps in your inbox every Saturday? Sign up here: techcrunch.com/newsletters

Top Stories

OnlyFans to ban sexually explicit content

OnlyFans logo displayed on a phone screen and a website

(Photo Illustration by Jakub Porzycki/NurPhoto via Getty Images)

Creator platform OnlyFans is getting out of the porn business. The company announced this week it will begin to prohibit any “sexually explicit” content starting on October 1, 2021 — a decision it claimed would ensure the long-term sustainability of the platform. The news angered a number of impacted creators who weren’t notified ahead of time and who’ve come to rely on OnlyFans as their main source of income.

However, word is that OnlyFans was struggling to find outside investors, despite its sizable user base, due to the adult content it hosts. Some VC firms are prohibited from investing in adult content businesses, while others may be concerned over other matters — like how NSFW content could have limited interest from advertisers and brand partners. They may have also worried about OnlyFans’ ability to successfully restrict minors from using the app, in light of what appears to be soon-to-come increased regulations for online businesses. Plus, porn companies face a number of other issues, too. They have to continually ensure they’re not hosting illegal content like child sex abuse material, revenge porn or content from sex trafficking victims — the latter which has led to lawsuits at other large porn companies.

The news followed a big marketing push for OnlyFans’ porn-free (SFW) app, OFTV, which circulated alongside reports that the company was looking to raise funds at a $1 billion+ valuation. OnlyFans may not have technically needed the funding to operate its current business — it handled more than $2 billion in sales in 2020 and keeps 20%. Rather, the company may have seen there’s more opportunity to cater to the “SFW” creator community, now that it has big names like Bella Thorne, Cardi B, Tyga, Tyler Posey, Blac Chyna, Bhad Bhabie and others on board.

U.S. lawmakers demand info on TikTok’s plans for biometric data collection

The TikTok logo is seen on an iPhone 11 Pro max

The TikTok logo is seen on an iPhone 11 Pro max. Image Credits: Nur Photo/Getty Images

U.S. lawmakers are challenging TikTok on its plans to collect biometric data from its users. TechCrunch first reported on TikTok’s updated privacy policy in June, where the company gave itself permission to collect biometric data in the U.S., including users’ “faceprints and voiceprints.” When reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began.

Earlier this month, Senators Amy Klobuchar (D-MN) and John Thune (R-SD) sent a letter to TikTok CEO Shou Zi Chew, which said they were “alarmed” by the change, and demanded to know what information TikTok will be collecting and what it plans to do with the data. This wouldn’t be the first time TikTok got in trouble for excessive data collection. Earlier this year, the company paid out $92 million to settle a class-action lawsuit that claimed TikTok had unlawfully collected users’ biometric data and shared it with third parties.

Weekly News

Platforms: Apple

Image Credits: Apple

  • ⭐ Apple told developers that some of the features it announced as coming in iOS 15 won’t be available at launch. This includes one of the highlights of the new OS, SharePlay, a feature that lets people share music, videos and their screen over FaceTime calls. Other features that will come in later releases include Wallet’s support for ID cards, the App Privacy report and others that have yet to make it to beta releases.
  • Apple walked back its controversial Safari changes with the iOS 15 beta 6 update. Apple’s original redesign had shown the address bar at the bottom of the screen, floating atop the page’s content. Now the tab bar will appear below the page’s content, offering access to its usual set of buttons as when it was at the top. Users can also turn off the bottom tab bar now and revert to the old, Single Tab option that puts the address bar back at the top as before.
  • In response to criticism over its new CSAM detection technology, Apple said the version of NeuralHash that was reverse-engineered by a developer, Asuhariet Ygvar, was a generic version, and not the complete version that will roll out later this year.
  • The Verge dug through over 800 documents from the Apple-Epic trial to find the best emails, which included dirt on a number of other companies like Netflix, Hulu, Sony, Google, Nintendo, Valve, Microsoft, Amazon and more. These offered details on things like Netflix’s secret arrangement to pay only 15% of revenue, how Microsoft also quietly offers a way for some companies to bypass its full cut, how Apple initially saw the Amazon Appstore as a threat and more.

Platforms: Google

  • A beta version of the Android Accessibility Suite app (12.0.0) which rolled out with the fourth Android beta release added something called “Camera Switches” to Switch Access, a toolset that lets you interact with your device without using the touchscreen. Camera Switches allows users to navigate their phone and use its features by making face gestures, like a smile, open mouth, raised eyebrows and more.
  • Google announced its Pixel 5a with 5G, the latest A-series Pixel phone, will arrive on August 27, offering IP67 water resistance, long-lasting Adaptive Battery, Pixel’s dual-camera system and more, for $449. The phone makes Google’s default Android experience available at a lower price point than the soon to arrive Pixel 6.
  • An unredacted complaint from the Apple-Epic trial revealed that Google had quietly paid developers hundreds of millions of dollars via a program known as “Project Hug,” (later “Apps and Games Velocity Program”) to keep their games on the Play Store. Epic alleges Google launched the program to keep developers from following its lead by moving their games outside the store.

Augmented Reality

  • Snap on Thursday announced it hired its first VP of Platform Partnerships to lead AR, Konstantinos Papamiltiadis (“KP”). The new exec will lead Snap’s efforts to onboard partners, including individual AR creators building via Lens Studio as well as large companies that incorporate Snapchat’s camera and AR technology (Camera Kit) into their apps. KP will join in September, and report to Ben Schwerin, SVP of Content and Partnerships.

Fintech

  • Crypto exchange Coinbase will enter the Japanese market through a new partnership with Japanese financial giant Mitsubishi UFJ Financial Group (MUFG). The company said it plans to launch other localized versions of its existing global services in the future.

Social

Image Credits: Facebook

  • Facebook launched a “test” of Facebook Reels in the U.S. on iOS and Android. The new feature brings the Reels experience to Facebook, allowing users to create and share short-form video content directly within the News Feed or within Facebook Groups. Instagram Reels creators can also now opt in to have their Reels featured on users’ News Feed. The company is heavily investing its its battle with TikTok, even pledging that some portion of its $1 billion creator fund will go toward Facebook Reels.
  • Twitter’s redesign of its website and app was met with a lot of backlash from users and accessibility experts alike. The company choices add more visual contrast between various elements and may have helped those with low vision. But for others, the contrast is causing strain and headaches. Experts believe accessibility isn’t a one-size fits all situation, and Twitter should have introduced tools that allowed people to adjust their settings to their own needs.
  • The pro-Trump Twitter alternative Gettr’s lack of moderation has allowed users to share child exploitation images, according to research from the Stanford Internet Observatory’s Cyber Policy Center.
  • Pinterest rolled out a new set of more inclusive search filters that allow people to find styles for different types of hair textures — like coily, curly, wavy, straight, as well as shaved or bald and protective styles. 

Photos

  • Photoshop for iPad gained new image correction tools, including the Healing Brush and Magic Wand, and added support for connecting an iPad to external monitors via HDMI or USB-C. The company also launched a Photoshop Beta program on the desktop.

Messaging

  • WhatsApp is being adopted by the Taliban to spread its message across Afghanistan, despite being on Facebook’s list of banned organizations. The company says it’s proactively removing Taliban content — but that may be difficult to do since WhatsApp’s E2E encryption means it can’t read people’s texts. This week, Facebook shut down a Taliban helpline in Kabul, which allowed civilians to report violence and looting, but some critics said this wasn’t actually helping local Afghans, as the group was now in effect governing the region.
  • WhatsApp is also testing a new feature that will show a large preview when sharing links, which some suspect may launch around the time when the app adds the ability to have the same account running on multiple devices.

Streaming & Entertainment

  • Netflix announced it’s adding spatial audio support on iPhone and iPad on iOS 14, joining other streamers like HBO Max, Disney+ and Peacock that have already pledged to support the new technology. The feature will be available to toggle on and off in the Control Center, when it arrives.
  • Blockchain-powered streaming music service Audius partnered with TikTok to allow artists to upload their songs using TikTok’s new SoundKit in just one click.
  • YouTube’s mobile app added new functionality that allows users to browse a video’s chapters, and jump into the chapter they want directly from the search page.
  • Spotify’s Anchor app now allows users in global markets to record “Music + Talk” podcasts, where users can combine spoken word recordings with any track from Spotify’s library of 70 million songs for a radio DJ-like experience.
  • Podcasters are complaining that Apple’s revamped Podcasts platform is not working well, reports The Verge. Podcasts Connect has been buggy, and sports a confusing interface that has led to serious user errors (like entire shows being archived). And listeners have complained about syncing problems and podcasts they already heard flooding their libraries.

Dating

  • Tinder announced a new feature that will allow users to voluntarily verify their identity on the platform, which will allow the company to cross-reference sex offender registry data. Previously, Tinder would only check this database when a user signed up for a paid subscription with a credit card.

Gaming

Image Source: The Pokémon Company

  • Pokémon Unite will come to iOS and Android on September 22, The Pokémon Company announced during a livestream this week. The strategic battle game first launched on Nintendo Switch in late July.
  • Developer Konami announced a new game, Castlevania: Grimoire of Souls, which will come exclusively to Apple Arcade. The game is described as a “full-fledged side-scrolling action game,” featuring a roster of iconic characters from the classic game series. The company last year released another version of Castelvania on the App Store and Google Play.
  • Dragon Ball Z: Dokkan Battle has now surpassed $3 billion in player spending since its 2015 debut, reported Sensor Tower. The game from Bandai Namco took 20 months to reach the figure after hitting the $2 billion milestone in 2019. The new landmark sees the game joining other top-grossers, including Clash Royale, Lineage M and others.
  • Sensor Tower’s mobile gaming advertising report revealed data on top ad networks in the mobile gaming market, and their market share. It also found puzzle games were among the top advertisers on gaming-focused networks like Chartboost, Unity, IronSource and Vungle. On less game-focused networks, mid-core games were top titles, like Call of Duty: Mobile and Top War. 

Image Credits: Sensor Tower

Health & Fitness

  • Apple is reportedly scaling back HealthHabit, an internal app for Apple employees that allowed them to track fitness goals, talk to clinicians and coaches at AC Wellness (a doctors’ group Apple works with) and manage hypertension. According to Insider, 50 employees had been tasked to work on the project.
  • Samsung launched a new product for Galaxy smartphones in partnership with healthcare nonprofit The Commons Project, that allows U.S. users to save a verifiable copy of their vaccination card in the Samsung Pay digital wallet.

Image Credits: Samsung

Adtech

Government & Policy

  • China cited 43 apps, including Tencent’s WeChat and an e-reader from Alibaba, for illegally transferring user data. The regulator said the apps had transferred users location data and contact list and harassed them with pop-up windows. The apps have until August 25 to make changes before being punished.

Security & Privacy

  • A VICE report reveals a fascinating story about a jailbreaking community member who had served as a double agent by spying for Apple’s security team. Andrey Shumeyko, whose online handles included JVHResearch and YRH04E, would advertise leaked apps, manuals and stolen devices on Twitter and Discord. He would then tell Apple things like which Apple employees were leaking confidential info, which reporters would talk to leakers, who sold stolen iPhone prototypes and more. Shumeyko decided to share his story because he felt Apple took advantage of him and didn’t compensate him for the work.

Funding and M&A

💰 South Korea’s GS Retail Co. Ltd will buy Delivery Hero’s food delivery app Yogiyo in a deal valued at 800 billion won ($685 million USD). Yogiyo is the second-largest food delivery app in South Korea, with a 25% market share.

💰 Gaming platform Roblox acquired a Discord rival, Guilded, which allows users to have text and voice conversations, organize communities around events and calendars and more. Deal terms were not disclosed. Guilded raised $10.2 million in venture funding. Roblox’s stock fell by 7% after the company reported earnings this week, after failing to meet Wall Street expectations.

💰 Travel app Hopper raised $175 million in a Series G round of funding led by GPI Capital, valuing the business at over $3.5 billion. The company raised a similar amount just last year, but is now benefiting from renewed growth in travel following COVID-19 vaccinations and lifting restrictions.

💰 Indian quiz app maker Zupee raised $30 million in a Series B round of funding led by Silicon Valley-based WestCap Group and Tomales Bay Capital. The round values the company at $500 million, up 5x from last year.

💰 Danggeun Market, the publisher of South Korea’s hyperlocal community app Karrot, raised $162 million in a Series D round of funding led by DST Global. The round values the business at $2.7 billion and will be used to help the company launch its own payments platform, Karrot Pay.

💰 Bangalore-based fintech app Smallcase raised $40 million in Series C funding round led by Faering Capital and Premji Invest, with participation from existing investors, as well as Amazon. The Robinhood-like app has over 3 million users who are transacting about $2.5 billion per year.

💰 Social listening app Earbuds raised $3 million in Series A funding led by Ecliptic Capital. Founded by NFL star Jason Fox, the app lets anyone share their favorite playlists, livestream music like a DJ or comment on others’ music picks.

💰 U.S. neobank app One raised $40 million in Series B funding led by Progressive Investment Company (the insurance giant’s investment arm), bringing its total raise to date to $66 million. The app offers all-in-one banking services and budgeting tools aimed at middle-income households who manage their finances on a weekly basis.

Public Markets

📈Indian travel booking app ixigo is looking to raise Rs 1,600 crore in its initial public offering, The Economic Times reported this week.

📉Trading app Robinhood disappointed in its first quarterly earnings as a publicly traded company, when it posted a net loss of $502 million, or $2.16 per share, larger than Wall Street forecasts. This overshadowed its beat on revenue ($565 million versus $521.8 million expected) and its more than doubling of MAUs to 21.3 million in Q2.  Also of note, the company said dogecoin made up 62% of its crypto revenue in Q2.

Downloads

Polycam (update)

Image Credits: Polycam

3D scanning software maker Polycam launched a new 3D capture tool, Photo Mode, that allows iPhone and iPad users to capture professional-quality 3D models with just an iPhone. While the app’s scanner before had required the use of the lidar sensor built into newer devices like the iPhone 12 Pro and iPad Pro models, the new Photo Mode feature uses just an iPhone’s camera. The resulting 3D assets are ready to use in a variety of applications, including 3D art, gaming, AR/VR and e-commerce. Data export is available in over a dozen file formats, including .obj, .gtlf, .usdz and others. The app is a free download on the App Store, with in-app purchases available.

Jiobit (update)

Jiobit, the tracking dongle acquired by family safety and communication app Life360, this week partnered with emergency response service Noonlight to offer Jiobit Protect, a premium add-on that offers Jiobit users access to an SOS Mode and Alert Button that work with the Jiobit mobile app. SOS Mode can be triggered by a child’s caregiver when they detect — through notifications from the Jiobit app — that a loved one may be in danger. They can then reach Noonlight’s dispatcher who can facilitate a call to 911 and provide the exact location of the person wearing the Jiobit device, as well as share other details, like allergies or special needs, for example.

Tweets

When your app redesign goes wrong…

Image Credits: Twitter.com

Prominent App Store critic Kosta Eleftheriou shut down his FlickType iOS app this week after too many frustrations with App Review. He cited rejections that incorrectly argued that his app required more access than it did — something he had successfully appealed and overturned years ago. Attempted follow-ups with Apple were ignored, he said. 

Image Credits: Twitter.com

Anyone have app ideas?

Spatial audio is coming to Netflix on iPhone and iPad

By Amanda Silberling

If you use AirPods Pro or AirPods Max, your mobile Netflix-watching is about to get a bit more immersive. Yesterday, Netflix confirmed that it has begun rolling out spatial audio support on iPhone and iPad on iOS 14 after the feature was spotted by a Reddit user.

Netflix joins streaming competitors like HBO Max, Disney+, and Peacock in enabling this feature, while other popular apps like Amazon Prime Video and YouTube still don’t have this functionality. Still, Netflix said the rollout won’t be immediate — users who have the update should be able to toggle it on or off in the Control Center.

Recently, Apple has been emphasizing its spatial audio features. The company first announced that it would bring spatial audio to AirPods Pro during the WWDC conference in 2020 — during this year’s conference, Apple added that Apple Music subscribers would gain access to spatial audio and lossless audio streaming at no extra charge. This even supports dynamic head tracking, which adjusts the sound when you move your head.  The Android version of the Apple Music app also supports spatial and lossless audio. In February, Spotify said it would rollout a high-end subscription service, Spotify HiFi, which would enable lossless audio, though there’s been no news since.

Last month, Netflix revealed that it start looking toward mobile gaming in addition to its original movies and television series. The company has already experimented with interactive entertainment with projects like Black Mirror: Bandersnatch and its Stranger Things games.

“We view gaming as another new content category for us, similar to our expansion into original films, animation and unscripted TV,” the company said in its quarterly earnings report.

Spatial audio is popular among video game players — so while this update will enhance the streaming video experience on iPhone and iPad, perhaps we’ll see this feature at play in eventual Netflix mobile games, too.

A new Senate bill would totally upend Apple and Google’s app store dominance

By Taylor Hatmaker

With two giants calling the shots and collecting whatever tolls they see fit, mobile software makers have long complained that app stores take an unfair cut of the cash that should be flowing directly to developers. Hearing those concerns, a group of senators introduced a new bill this week that, if passed, would greatly diminish Apple and Google’s ability to control app purchases in their operating systems and completely shake up the way that mobile software gets distributed.

The new bill, called the Open App Markets Act, would enshrine quite a few rights that could benefit app developers tired of handing 30% of their earnings to Apple and Google. The bill, embedded in full below, would require companies that control operating systems to allow third-party apps and app stores.

It would also prevent those companies from blocking developers from telling users about lower prices for their software that they might find outside of official app stores. Apple and Google would also be barred from leveraging “non-public” information collecting through their platforms to create competing apps.

“This legislation will tear down coercive anticompetitive walls in the app economy, giving consumers more choices and smaller startup tech companies a fighting chance,” said Senator Richard Blumenthal (D-CT), who introduced the bipartisan bill with Sen. Marsha Blackburn (R-TN), and Sen. Amy Klobuchar (D-MN). Klobuchar chairs the Senate’s antitrust subcommittee and Blackburn and Blumenthal are both subcommittee members.

Senator Blackburn called Apple and Google’s app store practices a “direct affront to a free and fair marketplace” and Sen. Klobuchar noted that their behavior raises “serious competition concerns.”

The bill draws on information collected earlier this year from that subcommittee’s hearing on app stores and competition. In the hearing, lawmakers heard from Apple and Google as well as Spotify, Tile and Match Group, three companies that argued their businesses have been negatively impacted by anti-competitive app store policies.

“… We urge Congress to swiftly pass the Open App Markets Act,” Spotify Chief Legal Officer Horacio Gutierrez said of the new bill. “Absent action, we can expect Apple and others to continue changing the rules in favor of their own services, and causing further harm to consumers, developers and the digital economy.”

The Coalition for App Fairness, a developer advocacy group, praised the bill for its potential to spur innovation in digital markets. “The bipartisan Open App Markets Act is a step towards holding big tech companies accountable for practices that stifle competition for developers in the U.S. and around the world,” CAF executive director Meghan DiMuzio said.

Hoping to head off future regulatory headaches, Apple dropped its own fees for companies that generate less than $1 million in App Store revenue from 30% to 15% last year. Google followed suit with its own gesture, dropping fees to 15% for the first $1 million in revenue a developer earns through the Play Store in a year. Some developers critical of the companies’ practices saw those changes as little more than a publicity stunt.

Developers have long complained about the high tolls they pay to distribute their software through the world’s two major mobile operating systems. That fight escalated over the last year when Epic Games circumvented Apple’s payments rules by allowing Fortnite players to pay Epic directly, setting off a legal fight that has huge implications for the mobile software world. Following a May trial, the verdict is expected later this year.

“This will make it easier for developers of all sizes to challenge these harmful practices and seek relief from retaliation, be it during litigation or simply because they dared speak up,” Epic Games VP of Public Policy Corie Wright said of the new bill.

Unlike Apple, Google does allow apps to be “sideloaded,” installed onto devices outside of the Google Play Store. But documents unsealed in Epic’s parallel case against Google revealed that the Play Store’s creator knows the sideloading process is a terrible experience for users — something the company brings up when pressuring developers to stick with its official app marketplace.

The counterargument here is that official app stores make apps safer and smoother for consumers. While Apple and Google extract heavy fees for selling mobile software through the App Store and the Google Play Store, the companies both argue that streamlining apps through those official channels protects people from malware and allows for prompt software updates to patch security concerns that could jeopardize user privacy.

“At Apple, our focus is on maintaining an App Store where people can have confidence that every app must meet our rigorous guidelines and their privacy and security is protected,” an Apple spokesperson told TechCrunch.

Adam Kovacevich, a former Google policy executive who leads the new tech-backed industry group Chamber of Progress, called the new bill “a finger in the eye” for Android and iPhone owners.

“I don’t see any consumers marching in Washington demanding that Congress make their smartphones dumber,” Kovacevich said. “And Congress has better things to do than intervene in a multi-million-dollar dispute between businesses.”

At least in Google’s case, the counterargument has its own counterargument. Android has long been notorious for malware, but apparently most of that malicious software isn’t making its way onto devices through sideloading — it’s walking through the Google Play Store’s front door.

 

This tool tells you if NSO’s Pegasus spyware targeted your phone

By Zack Whittaker

Over the weekend, an international consortium of news outlets reported that several authoritarian governments — including Mexico, Morocco, and the United Arab Emirates — used spyware developed by NSO Group to hack into the phones of thousands of their most vocal critics, including journalists, activists, politicians and business executives.

A leaked list of 50,000 phone numbers of potential surveillance targets was obtained by Paris-based journalism non-profit Forbidden Stories and Amnesty International, and shared with the reporting consortium, including the Washington Post and The Guardian. Researchers analyzed the phones of dozens of victims to confirm they were targeted by the NSO’s Pegasus spyware, which can access all of the data on a person’s phone. The reports also confirm new details of the government customers themselves, which NSO Group closely guards. Hungary, a member of the European Union where privacy from surveillance is supposed to be a fundamental right for its 500 million residents, is named as an NSO customer.

The reporting shows for the first time how many individuals are likely targets of NSO’s intrusive device-level surveillance. Previous reporting had put the number of known victims in the hundreds or over a thousand.

NSO Group sharply rejected the claims. NSO has long said that it doesn’t know who its customers target, which it reiterated in a statement to TechCrunch on Monday.

Researchers at Amnesty, whose work was reviewed by the Citizen Lab at the University of Toronto, found that NSO can deliver Pegasus by sending a victim a link which when opened infects the phone, or silently and without any interaction at all through a “zero-click” exploit, which takes advantage of vulnerabilities in the iPhone’s software. Citizen Lab researcher Bill Marczak said in a tweet that NSO’s zero-clicks worked on iOS 14.6, which until today was the most up-to-date version.

Amnesty’s researchers showed their working by publishing meticulously detailed technical notes and a toolkit that they said may help others identify if their phones have been targeted by Pegasus.

The Mobile Verification Toolkit, or MVT, works on both iPhones and Android devices, but slightly differently. Amnesty said that more forensic traces were found on iPhones than Android devices, which makes it easier to detect on iPhones. MVT will let you take an entire iPhone backup (or a full system dump if you jailbreak your phone) and feed in for any indicators of compromise (IOCs) known to be used by NSO to deliver Pegasus, such as domain names used in NSO’s infrastructure that might be sent by text message or email. If you have an encrypted iPhone backup, you can also use MVT to decrypt your backup without having to make a whole new copy.

The Terminal output from the MVT toolkit, which scans iPhone and Android backup files for indicators of compromise. (Image: TechCrunch)

The toolkit works on the command line, so it’s not a refined and polished user experience and requires some basic knowledge of how to navigate the terminal. We got it working in about ten minutes, plus the time to create a fresh backup of an iPhone, which you will want to do if you want to check up to the hour. To get the toolkit ready to scan your phone for signs of Pegasus, you’ll need to feed in Amnesty’s IOCs, which it has on its GitHub page. Any time the indicators of compromise file updates, download and use an up-to-date copy.

Once you set off the process, the toolkit scans your iPhone backup file for any evidence of compromise. The process took about a minute or two to run and spit out several files in a folder with the results of the scan. If the toolkit finds a possible compromise, it will say so in the outputted files. In our case, we got one “detection,” which turned out to be a false positive and has been removed from the IOCs after we checked with the Amnesty researchers. A new scan using the updated IOCs returned no signs of compromise.

Given it’s more difficult to detect an Android infection, MVT takes a similar but simpler approach by scanning your Android device backup for text messages with links to domains known to be used by NSO. The toolkit also lets you scan for potentially malicious applications installed on your device.

The toolkit is — as command line tools go — relatively simple to use, though the project is open source so not before long surely someone will build a user interface for it. The project’s detailed documentation will help you — as it did us.

Read more:


You can send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more

❌