US Senators suspect TikTok could be a national security threat

Republican Senator Tom Cotton and Senate Minority Leader Chuck Schumer have written to the Intelligence Community to request a national security investigation into social media video app TikTok.

Although TikTok has been paid particular attention in the request, the duo is asking other China-based applications with a significant US presence are also given some consideration. The move could represent an expansion of the aggression towards China and strain trade-talks between the two parties further.

“We write to express our concerns about TikTok, a short-form video application, and the national security risks posed by its growing use in the United States,” the pair said in the letter to Acting Director of National Intelligence Joseph Maguire.

“TikTok’s terms of service and privacy policies describe how it collects data from its users and their devices, including user content and communications, IP address, location-related data, device identifiers, cookies, metadata, and other sensitive personal information. While the company has stated that TikTok does not operate in China and stores US user data in the US, ByteDance is still required to adhere to the laws of China.”

The comments above pay homage to a Chinese law which requires Chinese companies to comply with requests from the Government and its intelligence agencies. While the law also states Chinese companies can refuse the request if it contradicts with the domestic laws in which the company operates, it is clear the US and others do not believe this clause holds much credibility or weight.

After being launched in 2017 by ByteDance, TikTok has proven to be a very successful additional to the social media scene. The app boasts more than 110 million downloads in the US alone and became the world’s most downloaded app on Apple’s App Store in the first half of 2018.

While this is the first-time politicians have waded into the waters, there has been criticism of TikTok from other avenues. US think tank Peterson Institute for International Economics described TikTok as a ‘Huawei-sized problem’, posing a national security threat to ‘the West’. The thinking here seems to be that the app collects location and biometric data and is unable to deny requests from the Chinese Government.

TikTok has proven to be an immense success in its short life, though the attention from security agencies in the US is an ominous sign. Alongside the shadow of doubt which will be cast on the app in the eyes of US citizens, it is not unfeasible for some sort of restrictions to be placed on the business.

Investors learn Silicon Valley can be volatile as Twitter tanks

Twitter’s share price was slashed by 18% as the market opened this morning, with the social media giant failing to find enough consistency to impress investors.

There was a brief glimmer of hope that Twitter might have been a company people could rely on, but rainclouds have once again emerged to spoil the parade. It certainly isn’t corporate doomsday for Twitter, but the management team will have to start ensuring some consistency if they want to remain in their current employment for the long-term.

Looking at the results, total revenues for the three-month period stood at $824 million, a 9% year-on-year increase, but short of the $876 million analysts estimated. Unfortunately for any optimists, the next quarter isn’t looking much better.

Twitter is forecasting revenue to be between $940 million and $1.01 billion for the next three months, down on the $1.06 billion which was estimated by analysts. Operating income is expected to be in the $130 million and $170 million range.

Although the steep decline in share price has largely levelled off, it does not make for comfortable reading.

The question which remains is what went wrong at Twitter? Looking at the materials presented during the earnings call, the management team is pointing to two areas. Firstly, seasonality. Twitter is suggesting fewer users were using the platform during the summer months than it was expecting, partly due to a lack of major events which were taking place over July and August.

Secondly, bugs in the legacy Mobile Application Promotion (MAP) product impacted the ability to target ads and share data with measurement and ad partners. The team also discovered certain personalization and data settings were not operating as expected. Twitter estimates the product issues reduced year-over-year revenue growth by 3 or more points in Q3.

Although these figures, this quarter and the next three months, are not the best it does not demonstrate the business is fundamentally flawed. This should not be seen as a company which will fall off a cliff, next year could be much more promising.

Firstly, the team is retiring legacy products and introducing new systems constantly, as well as creating more opportunities for those advertisers who are craving video engagement. This is an area which Twitter lags behind other social media platforms, though it could certainly catch-up.

Secondly, when you look at what is going to happen over the next 12 months, it would suggest there will be increased engagement from users and therefore increased opportunity for advertisers. In Europe, you have the UEFA European Championships, in the US, the Presidential Election and in Japan, the Tokyo 2020 Olympics. All of these events present major opportunities for Twitter to engage users.

Looking at user engagement, Twitter has decided to alter the way it reports figures, creating its own metric which will be known as ‘monetizable daily active users’ (mDAU). This could be a useful way to measure engagement, and the explanation below is taken from the letter to shareholders:

“Average mDAU for a period represents the number of mDAU on each day of such period divided by the number of days for such period. Changes in mDAU are a measure of changes in the size of our daily logged in or otherwise authenticated active user base. To calculate the year-over-year change in mDAU, we subtract the average mDAU for the three months ended in the previous year from the average mDAU for the same three months ended in the current year and divide the result by the average mDAU for the three months ended in the previous year.”

In short, it is the number of users which can be served ads each day. Using this metric, Twitter estimates it was able to serve ads to 145 million people each day, on average, which is a 17% increase on the same period of 2018.

The only issue with this metric is that it isn’t the most transparent when it comes to app downloads or concrete figures on daily usage. That said, according to data from Sensor Tower, it is still one of the most popular social media applications worldwide.

These results are not representative of a company which is in trouble, but more demonstrates the volatility of the internet segment. It was a bad three months, but that does not necessatily make Twitter a bad company. There are few companies which emerge from the garages of Silicon Valley which are genuinely reliable, but Twitter is one which will probably get better.

The fundamentals of the business are pretty sound. Assuming the team continue to improve the user experience and fix the bugs in the advertising machine, it will make money. Events across 2019 will attract more people only the platform, especially with social media likely to feature very prominently through the 2020 Presidential Election campaign. Perhaps the market needs to take a reality check on how much money it expects Silicon Valley to hoover up.

California proposes strictest privacy rules in the US

California Attorney General Xavier Becerra has unveiled new privacy proposals which have the potential to rival the impact of Europe’s GDPR on the digital economy.

When Europe announced its General Data Protection Regulation the digital economy was thrown into chaos. Businesses around the world had to audit monstrous amounts of data, as well as reconfigure business models, data collection procedures and relationships to ensure compliance. The rules being proposed here are slightly different, but Becerra is enforcing a privacy first mentality which might not sit comfortably with some in the digital economy.

There are three components of this proposed legislation to keep an eye-on. Firstly, the consumer has the right to request details on the data being stored by companies. Secondly, they have the right to demand this information be deleted. And thirdly, companies will have to seek consent from the consumer to monetize the data.

“Knowledge is power, and in the internet age knowledge is derived from data,” said Becerra. “Our personal data is what powers today’s data-driven economy and the wealth it generates. It’s time we had control over the use of our personal data. That includes keeping it private.

“We take a historic step forward today to protect Californians’ inalienable right to privacy. Once again, California leads the way putting people first in the Age of the Internet.”

However, before the privacy enthusiasts get too excited, there are some hurdles to negotiate. The original California Consumer Privacy Act (CCPA) has been passed, and will come into effect on January 1, though there have been additional bills passed to water-down the strength of these rules.

Although this will hit some like a bad smell, this is the reality of politics. Lobbyists in the US are incredibly powerful, and they are being fuelled by a very profitable technology industry with a lot to lose. This is not to say the new rules will not make an impact, though they might not be as revolutionary as some would hope when they come into effect.

That said, this will create the strongest privacy legislative regime across the US, ironically, in the home of the company’s who play so carelessly with privacy rights.

Looking at the similarities with GDPR, it does seem there has been some inspiration drawn from the rules. The right to request more information, as well as the right to demand deletion, are two elements which seem to be taken from GDPR. The final element mentioned above is very interesting and we suspect will be the focal point of the lobby efforts as these rules gather momentum.

The inclusion of a ‘Do not sell my data’ link is an aspect no-one in the data-sharing economy will want to see. The industry has largely profited to date through inaction. No-one can do anything about the monetization of data short of refusing to download the app. Consumers are effectively being forced into participating in the digital economy as there are no rules to provide an alternative. This element of the legislation would certainly cause a stir.

Some people will not like the fact companies are making money off their personal data if they are not getting a share of the rewards, irrelevant as to whether they are getting a service for free. Some will object on ethical grounds. Some will reject the concept as the risk of data breaches or leaks is deemed too great. Some will feel uneasy as there are still so many unknowns regarding the darker corners of the world wide web.

Irrelevant as to why an individual might not like the current status quo, as there has been no alternative, it has mattered little. The introduction of an alternative presents a lot of unknown scenarios. More moving parts will have to be factored into risk assessment protocols. It presents uncertainty, which is the enemy of profit.

Interestingly enough, Becerra seems to have learnt the residents of Silicon Valley have very elusive lawyers. Also included in the rules are definitions of those who would be subject to the rules. The company would have to:

  • Have revenues in excess of $25 million
  • Buy, receive, or sell the personal information of 50,000 or more consumers, households, or devices
  • Derives 50% of annual revenues from selling data

These are quite crafty conditions and could potentially cover every type of organization out there. The lawyers will have to be on top-form to find the grey areas here.

The rules still have to negotiate the turns and throws of the political aisles before the digital economy gets too worried, but California is setting the pace when it comes to tackling privacy concerns in the US.

Google pulls back the curtain on Play Pass

The idea of aggregating entertainment services behind a single bill is not new, but Google has finally entered the fray with its Play Pass.

For $4.99 a month, or $1.99 if you are quick enough, users will be able to access 350 apps and games without the worry of in-app purchases, adverts or up-front payments. It is a new type of business model for Google app ecosystem, but it is one which we believe will be of interest to the consumer.

“Play Pass offers a high-quality, curated collection of titles from Stardew Valley to AccuWeather, with new apps and games added every month,” Austin Shoemaker wrote on the Google blog.

“Play Pass is coming to Android devices in the US this week, and we’ll be bringing it to additional countries soon. You can get started with a 10-day free trial and subscribe for just $4.99/month. And for a limited time, you can get Play Pass for only $1.99/month for your first twelve months, then $4.99/month.”

Consumers might be familiar with some of the apps which have been added to the service, Terraria, Monument Valley, Risk, Star Wars: Knights of the Old Republic, or AccuWeather for example, though there does seem to be enough variety and depth to the library. Although $4.99 might not be deemed a huge amount of money, there will have to value justification.

With the idea of ‘data as a currency’ increasingly being criticised by regulators and politicians, we might see a shift back towards a more traditional version of commerce. If monetizing data becomes decreasingly profitable, the developers might just ask for money off the consumer.

As we move forward, and more of these aggregator services appear, the consumers wallet is going to become increasingly strained. This is where Google perhaps has an advantage over others in the digital economy; it has the relationships in place to develop value. The more value Google can offer, increasing the number of apps on the Play Pass in other words, the more attractive it looks to consumers.

The subscription business model is a new one for Google, and while it failed for original content, Google has heritage in the app world. This is an interesting proposition, one which we certainly like the look of.

Quibi: a short-form streaming service to keep an eye-on

A passing reference at IBC 2019 was the first we had heard of Quibi, but it certainly looks like an interesting proposition which could add further disruption to the content world.

Imagine a cross-over between Netflix and Snapchat and you’ll have something close to Quibi. Although there isn’t a huge amount of information out there about the business, it looks to be a mobile-based, short-form video subscription service designed for millennials. Content will be designed for mobile-format, and only viewable through the app.

This might sound like a bit of a fad but looking at the content it already has lined-up, the first-step towards success has been made.

Firstly, you have a yet to be named thriller starring Oscar winner Christoph Waltz alongside Liam Hemsworth, where a terminally-ill man is hunted by contestants, as he attempts to provide long-term for his wife. Secondly, you have a Stephen King horror series which can only be watched at night. Another title is “Action Scene” which stars Kevin Hart.

These are only a few of the titles which Quibi has floated through the press. Despite there not being a huge publicity push for the service, Hollywood stars seem to be convinced by the concept.

Although it was only a passing comment on-stage at IBC 2019, All3Media CEO Jane Turton and UK MD of Production for BBC Studios Lisa Opie also suggested they had both been commissioned for content on the platform. Turton also said her parent company Liberty Global was an investor in the business.

Interesting enough, the Quibi business seems to have attracted interest from some of the worlds’ most recognisable technology businesses without making a significant splash in the publicity pond. Walt Disney Company, 21st Century Fox, NBCUniversal, Sony Pictures Entertainment, WarnerMedia, and the Alibaba Group complete the list.

Once again, we are relying on third-party sources, but it does seem to be priced reasonably fairly. For $5 a month, or $8 for an ad-free service, the platform might well gain some traction should the content live-up to the expectation.

Another interesting aspect of this business is the leadership team. Jeffrey Katzenberg, a vastly experienced executive in the firm industry with tenures at Paramount and DreamWorks, has been brought on-board to work alongside CEO Meg Whitman. If Whitman sounds like a familiar name, she was previously CEO of Hewlett Packard, leading the business through the restructuring period which created HP Inc and Hewlett Packard Enterprise.

While Whitman’s tenure at HP was not exactly the most successful, her background in the technology industry married to Katzenberg’s experience in the content world dovetails quite well. It’s technology pragmatism alongside content creativity; both barrels will have to be firing if the Quibi business is going to be a success.

This is the other side of the business which the team is yet to discuss; technology. Digital natives are not very tolerable of poor service, so Quibi will have to be on-form if it is going to be a long-term success. Creating a new, disruptive service is difficult, just look at YouTube’s experience last year.

As Paolo Pescatore of PP Foresight pointed out to us, streaming the Champions League Final on YouTube was not the greatest of successes. It was an interesting move, setting the scene for potentially a new field for YouTube, but the team did not necessarily nail the experience.

“YouTube had decoding issues dealing with the huge demand from the live streaming event. There were no problems with the stream to the BT Sport app,” said Pescatore.

“Key to the success of Quibi will be distribution as it has a strong growing slate of content. It should strong consider forging tie ups with telcos who are crying out for great content to drive connections and usage on fibre broadband and 5G networks.”

We like the idea. It is a novel-concept which could potentially form a completely new kind of content delivery model. The audience is likely to be curious as well.

If the last few years have shown us anything, it’s that the millennials and generation Z are open to new ideas. And they are willing to pay for it. $5 a month is a price point which many will tolerate as an experiment.

Assuming the content lives up to the blockbuster names it is attracting, the technology fulfils the experience which digital natives demand, and the marketing team is clever enough to cut through the noise in a very crowded space, this could well be a success.

Quibi isn’t exactly shouting about itself at the moment, but it is an idea which we really like the look of.

Google continues to tap into the power of Maps

Ask any Android user and you’ll hear a glowing reference for Google’s mapping features, and the power of investing in the future is on show once again.

This is perhaps one of the most admirable aspects of Google Maps. This is a product which would have cost a lot of money and time to develop, at least to ensure it is the most useful of its kind, while there was little immediate return on investment. Now Google is reaping the commercial benefits of Maps, but it is still keeping an eye on new features, improved experience and, eventually, additional revenues.

“Not only does Google Maps help you navigate, explore, and get things done at home, but it’s also a powerful travel companion,” Rachel Inman wrote on Google’s blog.

“After you’ve booked your trip, these new tools will simplify every step of your trip once you’ve touched down–from getting around a new city to reliving every moment once you’re home.”

Google is not a company which makes money by accident. It might be the most popular search engine worldwide, but every time there is a hint of a glass ceiling, new ideas seem to emerge.

The acquisitions of Android and DeepMind certainly added new elements to the business model, its smart speakers and push into the connected car offer more engagement points moving away from traditional user interface, and Maps is an on-going project which seems to never get old.

This latest push forward from Google makes the mapping product more useful for those who are going on holiday.

Starting with the simplest add-on, reservations for both flights and hotels can be stored in the Maps app, allowing users to horde all relevant details into the same place irrelevant to whether the user has connectivity at that point. For those who have smartphone compatible with the ARCore and ARKit, navigation becomes simpler with pop-up directional graphics on the screen, while AI has been introduced to improve restaurant recommendations. Finally, a timeline has been introduced which can link experiences and content to places.

These are not necessarily revolutionary, but very few Google Maps features are. These are little additions which makes the mapping product easier to use and more useful. The incremental gain is quite evident through every feature which is adding every couple of months, and this is why so many people use Maps as a default application.

As with much that Google does, the features have been introduced to improve user experience and add extra value. However, there is also a great opportunity to commercialise these features without being intrusively commercial.

Looking at the restaurant recommendations, like with the search engine, some establishments will likely be able to pay for more prominent positioning. The same could be said for local landmarks and attractions in cities across the world. Although Google does create useful products, it never does anything for free. The user might not have to pay, but there is commercial element to everything which is being done.

However, what Google does very well is not to over commercialise the platform or product. As soon as something become offensively commercial, users are turned off. Just look at what happened to the core Facebook platform over the last few years. Facebook forgot what the core objective of the platform was, to connect friends and family, and it has started to impact engagement as well as the acquisition of new users through its commercial activities.

Facebook is still the leader when it comes to the social media segment, though other platforms seem to be better at engaging younger audiences, the demographics critical for sustainable revenues in the long-run. Snapchat, Instagram (admittedly a Facebook business), Twitter or Pinterest are not attracting the same experience criticism as Facebook has been over the last few years.

With Google Maps, the team seem to have struck the right balance. It’s a very useful application for numerous reasons and makes money for the search giant.

Another example of improved functionality with no-immediate financial benefit is focused on public transport. At the beginning of July, a new feature which will tell users how busy public transport is likely to be and whether users should anticipate delays on a journey was introduced. This is useful to have but has no immediate commercial benefit. However, when Google also suggests alternative means of transport, Uber for instance, and helps the user make a booking, there will be some sort of commercial benefit.

In helping customers with their travel plans, hotels and airlines can be partners, features and prompts introduced, and money can be made. Booking a restaurant through the Google Maps feature is another way, while the promotion of local tourist attractions is a third. It’s the traditional referral business with a slightly different twist.

Mapping is not a cheap business to enter into, there is a lot of data which needs to be acquired and managed after all. And when you start adding in additional features as Google constantly seems to do, the application becomes increasingly expensive and harder to deliver the promised experience. But this is where Google is a very admirable business; it never skimps when investing in creating a product to meet expectations.

It might have taken years to start to see the profits, but Google is now reaping the benefits of patience.

Snapchat looks like a real business after all

We don’t understand it, but perhaps we’re not supposed to. We do understand numbers though, and the Snap financials are looking stronger each year.

For those who getting a bit ‘longer in the tooth’, Snapchat might look like nothing more than a reel of confusing inside jokes which the younger generations are keeping well beyond arms’ length. It seems like nothing more than a messaging app for the paranoia filled narcissists, but few investors will care about perceptions if the numbers keep heading in this direction.

“We’re proud of the results that our team delivered this quarter,” said CEO Evan Spiegel. “We added 13 million daily actives users, our highest net adds since the second quarter of 2016, bringing our daily active users to 203 million.

“The average number of Snaps created every day grew to more than 3.5 billion this quarter, and average time spent per user was over 30 minutes per day.

“Our revenue growth rate accelerated both quarter-over-quarter and year-over-year to 48%, yielding $388 million in total revenue for the quarter. This growth in our community, engagement and revenue is the result of several transitions we completed over the past 18 months.”

Total revenues reached $388 million for the three months ending June 30, growth of 48% compared to same period in 2018, while net gain on subscribers exceeded numbers expected by analysts. Snap might not be in profit just yet, operating loss totalled $304 million, but the numbers are all heading in the right direction. Snap does seem to be following the traditional route of Silicon Valley in this sense, and profit might not be that far away anymore.

Those who invest in Silicon Valley certainly have to be brave. The latest generation of businesses to emerge insist on significant backers to pump in huge amounts of capital with the vague hope of profits on the very-distant horizon. The early years are focusing on growth, doubling-down on product innovation to cut through the noise in a very competitive segment. Profits are an afterthought, but the likes of Google, Facebook, Amazon, Netflix and Twitter prove an oasis can emerge after years of traipsing through the baron deserts.

In fairness to the Snap team, its innovations are often stolen by other platforms, somewhat of a complement in today’s world. The product itself does not much resemble the app which hit the market in 2011, and while there might have been complaints about updates forced on the user last year, there do seem to be rewards.

Daily Active Users (DAUs) over the last three months increased to 203 million, up from 190 million in the previous quarter and 188 million in the same period of 2018. The average number of Snaps created every day also grew, this time totalling more than 3.5 billion on average over the three months.

Perhaps most importantly however is retention is increasing. There have been fears in the past that Snapchat would be nothing more than a passing fancy, though the team saw more than a 10% increase in the retention rate of people who open Snapchat for the first time.

The appeal of this app to the younger generations is unquestionable, Spiegel claims 75% of the 13 to 34 year-old population in the US is active on Snapchat, but questions remain over the commercial viability of the platform but also retention rates for older generations.

On the advertising side, this is an area which has certainly improved. Like Twitter last year, Snap has made it easier for advertisers to create content for the platform but also manage campaigns. This might sound simple, but for developers who have traditionally focused on user engagement this could have been an afterthought. It appears there is becoming a much healthier mix of user engagement and advertising appeal on the platform to ensure revenues can continue to grow.

The team is also making encouraging progress on augmented reality, a technology which promises a lot from both engagement and revenue perspectives. Few have been able to make this technology work to its full potential, but the Snap team have proven numerous times over the last few years they are leaders when it comes to innovation.

The Snapchat app might be an enigma when it comes to the older generations, they might not understand why it is appealing, but who are they to second-guess why. Numbers speak for themselves, and while Snap is a long-way from profit, the trends are certainly heading in the right direction.

Snap Q3 2019

Google is a social media addict and it has fallen off the wagon again

Googlers just don’t know when to give up when it comes to social media as the internet giant attempts to crack the market once again with Shoelace.

It’s been almost six months since the team decided to shut-down Google+ but the search behemoth hasn’t given up just yet. We’ve lost track at how many times Google has attempted to crack this lucrative market, and the latest attempt will put much more of a hyper-local twist on the social networking euphoria.

“Shoelace is a mobile app that helps connect people with shared interests through in person activities,” the team has written in the new platforms FAQs. “It’s great for folks who have recently moved cities or who are looking to meet others who live nearby.”

Coming out of Google’s Area 120, an experimental group within the R&D business, the team will look to create a platform which will focus on uniting people in local communities and neighbourhoods depending on their interests and experiences. It is a slightly different twist to and the Google team will be hoping its fifth time lucky as it attempts to crack the code.

Starting in New York with an invite-only private test, the platform will hope to push events out to users and encourage them to create their own. This might be as simple as checking to see if anyone within a five-minute walk would want to join a kick-about in the park, or it could be to promote a comedy-night in the local pub.

On the commercial side, it makes sense. Should Google be able to scale adoption to a suitable level there will certainly be demand from advertisers, from small pubs hoping to promote bingo to larger music venues hoping to sell tickets. However, if Google can’t convince enough users to engage with the platform, what’s the point.

This is where Google has struggled before; user adoption. Google+, Google Buzz and Google Friend Connect are all examples of platforms which failed because no-one actually used them aside from Google employees. Shoelace is the latest act of defiance from a company which does not know when to quit, and it is presenting a niche idea.

Users will be able to make use of a mapping feature to browse the local area for events, yoga in the park for instance, irrelevant as to whether they are connected to an individual who is attending or not. This is where it is slightly different from other platforms, it is activity driven not connection driven. This might sound like a good USP, but it relies on the assumption users will be OK spending their time with strangers.

Each time Google has attempted to crack the social media world, there seems to be a groan from the cynics and unimaginative who have decided there are enough social media platforms already. Google does not want to give up the potential gold-mine which is social media and the fortunes of competitors demonstrate why.

Alongside Google, Facebook is recognised as a leader in the world of online advertising. The core platform, as well as Instagram and WhatsApp, are making billions for Zucks and his cronies, but they are not alone. Twitter is starting to hoover up profits while Snap is looking like a genuine business and over in China, WeChat is perhaps the most complete offering around, combining social, communication, payments and eCommerce all in one place. You can see why Google has such a fascination with social media.

Matrix themed virus infects 25 million smartphones

A new variant of mobile malware, dubbed ‘Agent Smith’, which re-directs advertising funds to cybercriminals, has been identified and its infected 25 million smartphones already.

Discovered by Check Point, this is a sneaky virus to deal with. Like ‘Agent Smith’ in the Matrix trilogy, the virus has the ability to consume a downloaded app and assume control.

Right now, the user is not being exploited in a direct manner. The presence of the virus does present dangers in terms of eavesdropping or credit fraud, but currently, the cybercriminals are using the virus to collect cash off advertisers through various trusted applications. The application is forced to display more adds than designed with the attackers collecting the additional credits.

“In this case, “Agent Smith” is being used to for financial gain through the use of malicious advertisements,” Check Point said on its blog.

“However, it could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping. Indeed, due to its ability to hide its icon from the launcher and impersonate existing user-trusted popular apps, there are endless possibilities for this sort of malware to harm a user’s device.”

Check Point estimate that 25 million devices have been infected to date, the majority are in India and other Asia nations, although there have been identified devices in the US, UK and Australia. Although Check Point has not directly stated it, some have suggested the virus can be traced back to Guangzhou, China.

Agent Smith VirusThe virus itself works in three phases. Firstly, the user is encouraged to download a simplistic, free app (usually a minimal function game or sex-app) which contain an encrypted malicious payload. At this point, the malware searches the user’s device for any popular apps on a pre-determined list which can be targets at a later date.

During the second phase, the malicious payload is decrypted into its original form and then abuses several known vulnerabilities without giving any clues to the user. Finally, the malware then attacks the pre-determined applications, extracting the innocent application’s APK file and then patches it with extra malicious modules.

‘Agent Smith’ was first detected in 2016 and the cybercriminals have seemingly been laying the groundwork for a larger attack for some time. It has certainly evolved over this period, and although Check Point has reported the malicious apps to the Google Security team, who is to say there are not more. The danger of ‘Agent Smith’ is that it is incredibly difficult to identify in the first place.

Perhaps this is an oversight in the security world which we will have to address before too long.

As it stands, numerous parties around the world are constantly on the look out for nefarious activity, however, in most cases the assumption is that it will be a state-sponsored attack. This does not seem to be the case here and perhaps why it is very difficult to detect the malware in the first place; everyone is looking for the wrong clues.

In this example, Check Point seem to have caught the suspect firm ahead of time, informing the Google Security team before any genuine damage has been done. That said, 25 million devices is still a substantial number but with the source identified it should be limited.

Researchers point to 1,300 apps which circumnavigate Android’s opt-in

Research from a coalition of professors has suggested Android location permissions mean little, as more than 1,300 apps have developed ways and means around the Google protections.

A team of researchers from the International Computer Science Institute (ICSI) has been working to identify short-comings of the data privacy protections offered users through Android permissions and the outcome might worry a few. Through the use of side and covert channels, 1,300 popular applications around the world extracted sensitive information on the user, including location, irrelevant of the permissions sought or given to the app.

The team has informed Google of the oversight, which will be addressed in the up-coming Android Q release, receiving a ‘bug bounty’ for their efforts.

“In the US, privacy practices are governed by the ’notice and consent’ framework: companies can give notice to consumers about their privacy practices (often in the form of a privacy policy), and consumers can consent to those practices by using the company’s services,” the research paper states.

This framework is a relatively simple one to understand. Firstly, app providers provide ‘notice’ to inform the user and provide transparency, while ‘consent’ is provided to ensure both parties have entered into the digital contract with open eyes.

“That apps can and do circumvent the notice and consent framework is further evidence of the framework’s failure. In practical terms, though, these app behaviours may directly lead to privacy violations because they are likely to defy consumers’ expectations.”

What is worth noting is while this sounds incredibly nefarious, it is no-where near the majority. Most applications and app providers act in accordance with the rules and consumer expectations, assuming they have read the detailed terms and conditions. This is a small percentage of the apps which are installed en-mass, but it is certainly an oversight worth drawing attention to.

Looking at the depth and breadth of the study, it is pretty comprehensive. Using a Google Play Store scraper, the team downloaded the most popular apps for each category; in total, more than 88,000 apps were downloaded due to the long-tail of popularity. To cover all bases however, the scraper also kept an eye on app updates, meaning 252,864 different versions of 88,113 Android apps were analysed during the study.

The behaviour of each of these apps were measured at the kernel, Android-framework, and network traffic levels, reaching scale using a tool called Android Automator Monkey. All of the OS-execution logs and network traffic was stored in a database for offline analysis.

Now onto how these apps developers can circumnavigate the protections put in place by Google. For ‘side channels’, the developer has discovered a path to a resource which is outside the security perimeters, perhaps due to a mistake during design stages or a flaw in applying the design. With ‘covert channels’ these are more nefarious.

“A covert channel is a more deliberate and intentional effort between two cooperating entities so that one with access to some data provides it to the other entity without access to

the data in violation of the security mechanism,” the paper states. “As an example, someone could execute an algorithm that alternates between high and low CPU load to pass a binary message to another party observing the CPU load.”

Ultimately this is further evidence the light-touch regulatory environment which has governed the technology industry over the last few years can no-longer be allowed to persist. The technology industry has protested and quietly lobbied against any material regulatory or legislative changes, though the bad apples are spoiling the harvest for everyone else.

As it stands, under Section 5 of the Federal Trade Commission (FTC) Act, such activities would be deemed as non-compliant, and we suspect the European Commission would have something to say with its GDPR stick as well. There are protections in place, though it seems there are elements of the technology industry who consider these more guidelines than rules.

Wholesale changes should be expected in the regulatory environment and it seems there is little which can be done to prevent them. These politicians might be chasing PR points as various elections loom on the horizon, but the evolution of rules in this segment should be considered a necessity nowadays.

There have simply been too many scandals, too much abuse of grey areas and too numerous examples of oversight (or negligence, whichever you choose) to continue on this path. Of course, there are negative consequences to increased regulation, but the right to privacy is too important a principle for rule-makers to ignore; the technology industry has consistently shown it does not respect these values therefore will have to be forced to do so.

This will be an incredibly difficult equation to balance however. The technology industry is leading the growth statistics for many economies around the world, but changes are needed to protect consumer rights.