Huawei pledges $1.5 billion to its new developer program

Huawei has announced that it will invest $1.5 billion in the next five years to boost its developer ecosystem for the Kunpeng and Ascend computing platforms.

SDKs were also released at the same event when its Developer Program 2.0 was unveiled.The announcement was made at the 2019 version of the Chinese vendor’s annual Huawei Connect event in Shanghai. According to Patrick Zhang, CTO of Cloud & AI Products & Services at Huawei, the new program will cover five key areas:

  • Building an open computing industry ecosystem based on Kunpeng + Ascend computing processors
  • Establishing an all-round enablement system
  • Promoting the development of industry standards, specifications, demonstration sites, and technical certification system
  • Building industry-specific application ecosystems and region-specific industry ecosystems
  • Sharing Kunpeng and Ascend computing power, making it available to every developer

The focus areas are related to cloud computing and artificial intelligence. The applications and services the ecosystem aims to support are for server level, either in the centralized cloud or on the edge. To enable the ecosystem development, Huawei also published Kunpeng Developer Kit and ModelArts 2.0 AI development platform.

Despite that x86 architecture is still dominating the server market, ARM has worked to break the monopoly, and Huawei is one of ARM’s leading licensees. Earlier this year Huawei released Kunpeng 920, its CPU based on ARMv8 design. Huawei aims to expand its share in the server market with Kunpeng’s superior computing power claimed by Huawei, most likely starting from the market in China.

But Huawei’s ambitions go way beyond moving more boxes. Its cloud service has been promoted for its strong AI capability, supported by the Ascend AI chips. The Ascend 910, the latest version, was released in August, which the company claimed is the world’s most powerful AI processor.

By enriching its ecosystems, Huawei hopes it will be able to deliver a full suite of solutions, including supporting digital transformation undertake by increasing numbers of telecom operators.

This is the second iteration of Huawei’s Developer Program. The Developer Program 1.0 was launched in 2015.

Researchers point to 1,300 apps which circumnavigate Android’s opt-in

Research from a coalition of professors has suggested Android location permissions mean little, as more than 1,300 apps have developed ways and means around the Google protections.

A team of researchers from the International Computer Science Institute (ICSI) has been working to identify short-comings of the data privacy protections offered users through Android permissions and the outcome might worry a few. Through the use of side and covert channels, 1,300 popular applications around the world extracted sensitive information on the user, including location, irrelevant of the permissions sought or given to the app.

The team has informed Google of the oversight, which will be addressed in the up-coming Android Q release, receiving a ‘bug bounty’ for their efforts.

“In the US, privacy practices are governed by the ’notice and consent’ framework: companies can give notice to consumers about their privacy practices (often in the form of a privacy policy), and consumers can consent to those practices by using the company’s services,” the research paper states.

This framework is a relatively simple one to understand. Firstly, app providers provide ‘notice’ to inform the user and provide transparency, while ‘consent’ is provided to ensure both parties have entered into the digital contract with open eyes.

“That apps can and do circumvent the notice and consent framework is further evidence of the framework’s failure. In practical terms, though, these app behaviours may directly lead to privacy violations because they are likely to defy consumers’ expectations.”

What is worth noting is while this sounds incredibly nefarious, it is no-where near the majority. Most applications and app providers act in accordance with the rules and consumer expectations, assuming they have read the detailed terms and conditions. This is a small percentage of the apps which are installed en-mass, but it is certainly an oversight worth drawing attention to.

Looking at the depth and breadth of the study, it is pretty comprehensive. Using a Google Play Store scraper, the team downloaded the most popular apps for each category; in total, more than 88,000 apps were downloaded due to the long-tail of popularity. To cover all bases however, the scraper also kept an eye on app updates, meaning 252,864 different versions of 88,113 Android apps were analysed during the study.

The behaviour of each of these apps were measured at the kernel, Android-framework, and network traffic levels, reaching scale using a tool called Android Automator Monkey. All of the OS-execution logs and network traffic was stored in a database for offline analysis.

Now onto how these apps developers can circumnavigate the protections put in place by Google. For ‘side channels’, the developer has discovered a path to a resource which is outside the security perimeters, perhaps due to a mistake during design stages or a flaw in applying the design. With ‘covert channels’ these are more nefarious.

“A covert channel is a more deliberate and intentional effort between two cooperating entities so that one with access to some data provides it to the other entity without access to

the data in violation of the security mechanism,” the paper states. “As an example, someone could execute an algorithm that alternates between high and low CPU load to pass a binary message to another party observing the CPU load.”

Ultimately this is further evidence the light-touch regulatory environment which has governed the technology industry over the last few years can no-longer be allowed to persist. The technology industry has protested and quietly lobbied against any material regulatory or legislative changes, though the bad apples are spoiling the harvest for everyone else.

As it stands, under Section 5 of the Federal Trade Commission (FTC) Act, such activities would be deemed as non-compliant, and we suspect the European Commission would have something to say with its GDPR stick as well. There are protections in place, though it seems there are elements of the technology industry who consider these more guidelines than rules.

Wholesale changes should be expected in the regulatory environment and it seems there is little which can be done to prevent them. These politicians might be chasing PR points as various elections loom on the horizon, but the evolution of rules in this segment should be considered a necessity nowadays.

There have simply been too many scandals, too much abuse of grey areas and too numerous examples of oversight (or negligence, whichever you choose) to continue on this path. Of course, there are negative consequences to increased regulation, but the right to privacy is too important a principle for rule-makers to ignore; the technology industry has consistently shown it does not respect these values therefore will have to be forced to do so.

This will be an incredibly difficult equation to balance however. The technology industry is leading the growth statistics for many economies around the world, but changes are needed to protect consumer rights.