This Week in Apps: Facebook launches trio of app experiments, TikTok gets spammed, plus coronavirus impacts on app economy

Welcome back to This Week in Apps, the Extra Crunch series that recaps the latest OS news, the applications they support and the money that flows through it all.

The app industry is as hot as ever, with a record 204 billion downloads and $120 billion in consumer spending in 2019. People are now spending three hours and 40 minutes per day using apps, rivaling TV. Apps aren’t just a way to pass idle hours — they’re a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus.

In this Extra Crunch series, we help you keep up with the latest news from the world of apps, delivered on a weekly basis.

This week we’re continuing to look at how the coronavirus outbreak is impacting the world of mobile applications, with fresh data from App Annie about trends playing out across app categories benefiting from the pandemic, lockdowns and societal changes. We’re also keeping up with the COVID-19 contact-tracing apps making headlines, and delving into the week’s other news.

We saw a few notable new apps launch this week, including HBO’s new streaming service HBO Max, plus three new app experiments from Facebook’s R&D group. Android Studio 4.0 also launched this week. Instagram is getting better AR tools and IGTV is getting ads. TikTok got spammed in India.

Meanwhile, what is going on with app review? A shady app rises to the top of the iPhone App Store. Google cracks down on conspiracy theory-spreading apps. And a TikTok clone uses a pyramid scheme-powered invite system to rise up the charts.

COVID-19 contact-tracing apps in the news 

  • Latvia: Reuters this week reported that Latvia aims to become one of the first countries to launch a smartphone app, Stop Covid, using the new toolkit created by Apple and Alphabet’s Google to help trace coronavirus infections.
  • Australia: The role of the country’s Covidsafe app in the recovery appears to be marginal, The Guardian reports. In the month since its launch, only one person has been reported to have been identified using data from it. A survey even found that Australians were more supportive of using telecommunications metadata to track close contacts (79%) than they were of downloading an app (69.8%). In a second survey, their support for the app dropped to 64%. The app has been maligned by the public debate over it and technical issues.
  • France: The country’s data protection watchdog, CNIL, reviewed its contact-tracing app StopCovid, finding there were no major issues with the technical implementation and legal framework around StopCovid, with some caveats. France isn’t using Google and Apple’s contact-tracing API, but instead uses a controversial centralized contact-tracing protocol called ROBERT. This relies on a central server to assign a permanent ID and generate ephemeral IDs attached to this permanent ID. CNIL says the app will eventually be open-sourced and it will create a bug bounty. On Wednesday, the app passed its first vote in favor of its release.
  • Qatar: Serious security vulnerabilities in Qatar’s mandatory contact-tracing app were uncovered by Amnesty International. An investigation by Amnesty’s Security Lab discovered a critical weakness in the configuration of Qatar’s EHTERAZ contact-tracing app. Now fixed, the vulnerability would have allowed cyberattackers to access highly sensitive personal information, including the name, national ID, health status and location data of more than one million users.
  • India: India’s contact-tracing app, Aarogya Setu, is going open-source, according to Ministry of Electronics and Information Technology Secretary Ajay Prakash Sawhney on Tuesday. The code is being published on GitHub. Nearly 98% of the app’s more than 114 million users are on Android. The government will also offer a cash bounty of $1,325 to security experts who find bugs or vulnerabilities.
  • Switzerland: Several thousand people are now testing a pilot version of Switzerland’s contact-tracing app, SwissCovid. Like Lativia, the app is one of the first to use Apple and Google’s contact-tracing API. Employees at EPFL, ETH Zurich, the Army and select hospitals and government agencies will be the first to test the Swiss app before its public launch planned for mid-June.
  • China: China’s health-tracking QR codes, embedded in popular WeChat and Alipay smartphone apps, are raising privacy concerns, Reuters reports. To walk around freely, people must have a green rating. They also now have to present their health QR codes to gain entry into restaurants, parks and other venues. These efforts have been met with little resistance. But the eastern city of Hangzhou has since proposed that users are given a color-coded health badge based on their medical records and lifestyle habits, including how much they exercised, their eating and drinking habits, whether they smoked and how much they slept the night before. This suggestion set off a storm of criticism on China’s Weibo, a Twitter-like platform.

Apple fixes bug that stopped iOS apps from opening

Apple has now resolved the bug that was plaguing iPhone and iPad apps over the weekend, causing some apps to not launch at all. The issue was related to a bug with Apple’s Family Sharing system, it appears, as users reported error messages which said “This app is no longer shared with you,” and directed them to buy the app from the App Store in order to still use it.

Following this issue, users on Sunday said they were seeing dozens of pending app updates for their iOS devices, some of which even went back to the app’s last update from well over a week ago. Users reported in forums seeing as many as 10, 20, 50 or even 100-plus new updates to install. This indicated a fix was in the works, as these were not brand-new updates — the apps were already up to date. Instead, these reissued updates seem to have been part of the fix for the Family Sharing problem, as afterward the bug was resolved.

Apple confirmed the issue has been now resolved for all affected customers.

Apple-focused news sites including MacRumors, 9to5Mac, Appleinsider, and others previously reported on the news of bug and the following deluge of app updates. 9to5Mac also offered a plausible explanation for what happened, saying it was likely due to a signing issue of some kind. Apps were essentially behaving as if they were paid downloads and the right to use the app had been removed from the iCloud family circle, the site explained.

Some users discovered they could delete the troubled app then re-download it to resolve the problem. That’s what the forced app updates did, too — they overwrote the parts of the apps causing the issue. Had Apple not reissued the app updates, many iOS users would have likely assumed it was the app developer’s fault. And they may have then left unfair complaints and 1-star reviews on the app’s App Store page as a result.

Apple has not shared any additional details about why the problem occurred in the first place, but if you happened to notice a significant increase in app updates on Sunday, that’s why.

 

This Week in Apps: Facebook takes on Shopify, Tinder considers its future, contact-tracing tech goes live

Welcome back to This Week in Apps, the Extra Crunch series that recaps the latest OS news, the applications they support and the money that flows through it all.

The app industry is as hot as ever, with a record 204 billion downloads and $120 billion in consumer spending in 2019. People are now spending three hours and 40 minutes per day using apps, rivaling TV. Apps aren’t just a way to pass idle hours — they’re a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus.

In this Extra Crunch series, we help you keep up with the latest news from the world of apps, delivered on a weekly basis.

This week we’re continuing to look at how the coronavirus outbreak is impacting the world of mobile applications. Notably, we saw the launch of the Apple/Google exposure-notification API with the latest version of iOS out this week. The pandemic is also inspiring other new apps and features, including upcoming additions to Apple’s Schoolwork, which focus on distance learning, as well as Facebook’s new Shops feature designed to help small business shift their operations online in the wake of physical retail closures.

Tinder, meanwhile, seems to be toying with the idea of pivoting to a global friend finder and online hangout in the wake of social distancing, with its test of a feature that allows users to match with others worldwide — meaning, with no intention of in-person dating.

Headlines

COVID-19 apps in the news

  • Fitbit app: The fitness tracker app launched a COVID-19 early detection study aimed at determining whether wearables can help detect COVID-19 or the flu. The study will ask volunteers questions about their health, including whether they had COVID-19, then pair that with activity data to see if there are any clues that could be used to build an early warning algorithm of sorts.
  • U.K. contact-tracing app: The app won’t be ready in mid-May as promised, as the government mulls the use of the Apple/Google API. In testing, the existing app drains the phone battery too quickly. In addition, researchers have recently identified seven security flaws in the app, which is currently being trialed on the Isle of Wight.

Apple launches iOS/iPadOS 13.5 with Face ID tweak and contact-tracing API

Apple this week released the latest version of iOS/iPadOS with two new features related to the pandemic. The first is an update to Face ID which will now be able to tell when the user is wearing a mask. In those cases, Face ID will instead switch to the Passcode field so you can type in your code to unlock your phone, or authenticate with apps like the App Store, Apple Books, Apple Pay, iTunes and others.

The other new feature is the launch of the exposure-notification API jointly developed by Apple and Google. The API allows for the development of apps from public health organizations and governments that can help determine if someone has been exposed by COVID-19. The apps that support the API have yet to launch, but some 22 countries have requested API access.

The FBI is mad because it keeps getting into locked iPhones without Apple’s help

The debate over encryption continues to drag on without end.

In recent months, the discourse has largely swung away from encrypted smartphones to focus instead on end-to-end encrypted messaging. But a recent press conference by the heads of the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) showed that the debate over device encryption isn’t dead, it was merely resting. And it just won’t go away.

At the presser, Attorney General William Barr and FBI Director Chris Wray announced that after months of work, FBI technicians had succeeded in unlocking the two iPhones used by the Saudi military officer who carried out a terrorist shooting at the Pensacola Naval Air Station in Florida in December 2019. The shooter died in the attack, which was quickly claimed by Al Qaeda in the Arabian Peninsula.

Early this year — a solid month after the shooting — Barr had asked Apple to help unlock the phones (one of which was damaged by a bullet), which were older iPhone 5 and 7 models. Apple provided “gigabytes of information” to investigators, including “iCloud backups, account information and transactional data for multiple accounts,” but drew the line at assisting with the devices. The situation threatened to revive the 2016 “Apple versus FBI” showdown over another locked iPhone following the San Bernardino terror attack.

After the government went to federal court to try to dragoon Apple into doing investigators’ job for them, the dispute ended anticlimactically when the government got into the phone itself after purchasing an exploit from an outside vendor the government refused to identify. The Pensacola case culminated much the same way, except that the FBI apparently used an in-house solution instead of a third party’s exploit.

You’d think the FBI’s success at a tricky task (remember, one of the phones had been shot) would be good news for the Bureau. Yet an unmistakable note of bitterness tinged the laudatory remarks at the press conference for the technicians who made it happen. Despite the Bureau’s impressive achievement, and despite the gobs of data Apple had provided, Barr and Wray devoted much of their remarks to maligning Apple, with Wray going so far as to say the government “received effectively no help” from the company.

This diversion tactic worked: in news stories covering the press conference, headline after headline after headline highlighted the FBI’s slam against Apple instead of focusing on what the press conference was nominally about: the fact that federal law enforcement agencies can get into locked iPhones without Apple’s assistance.

That should be the headline news, because it’s important. That inconvenient truth undercuts the agencies’ longstanding claim that they’re helpless in the face of Apple’s encryption and thus the company should be legally forced to weaken its device encryption for law enforcement access. No wonder Wray and Barr are so mad that their employees keep being good at their jobs.

By reviving the old blame-Apple routine, the two officials managed to evade a number of questions that their press conference left unanswered. What exactly are the FBI’s capabilities when it comes to accessing locked, encrypted smartphones? Wray claimed the technique developed by FBI technicians is “of pretty limited application” beyond the Pensacola iPhones. How limited? What other phone-cracking techniques does the FBI have, and which handset models and which mobile OS versions do those techniques reliably work on? In what kinds of cases, for what kinds of crimes, are these tools being used?

We also don’t know what’s changed internally at the Bureau since that damning 2018 Inspector General postmortem on the San Bernardino affair. Whatever happened with the FBI’s plans, announced in the IG report, to lower the barrier within the agency to using national security tools and techniques in criminal cases? Did that change come to pass, and did it play a role in the Pensacola success? Is the FBI cracking into criminal suspects’ phones using classified techniques from the national security context that might not pass muster in a court proceeding (were their use to be acknowledged at all)?

Further, how do the FBI’s in-house capabilities complement the larger ecosystem of tools and techniques for law enforcement to access locked phones? Those include third-party vendors GrayShift and Cellebrite’s devices, which, in addition to the FBI, count numerous U.S. state and local police departments and federal immigration authorities among their clients. When plugged into a locked phone, these devices can bypass the phone’s encryption to yield up its contents, and (in the case of GrayShift) can plant spyware on an iPhone to log its passcode when police trick a phone’s owner into entering it. These devices work on very recent iPhone models: Cellebrite claims it can unlock any iPhone for law enforcement, and the FBI has unlocked an iPhone 11 Pro Max using GrayShift’s GrayKey device.

In addition to Cellebrite and GrayShift, which have a well-established U.S. customer base, the ecosystem of third-party phone-hacking companies includes entities that market remote-access phone-hacking software to governments around the world. Perhaps the most notorious example is the Israel-based NSO Group, whose Pegasus software has been used by foreign governments against dissidents, journalists, lawyers and human rights activists. The company’s U.S. arm has attempted to market Pegasus domestically to American police departments under another name. Which third-party vendors are supplying phone-hacking solutions to the FBI, and at what price?

Finally, who else besides the FBI will be the beneficiary of the technique that worked on the Pensacola phones? Does the FBI share the vendor tools it purchases, or its own home-rolled ones, with other agencies (federal, state, tribal or local)? Which tools, which agencies and for what kinds of cases? Even if it doesn’t share the techniques directly, will it use them to unlock phones for other agencies, as it did for a state prosecutor soon after purchasing the exploit for the San Bernardino iPhone?

We have little idea of the answers to any of these questions, because the FBI’s capabilities are a closely held secret. What advances and breakthroughs it has achieved, and which vendors it has paid, we (who provide the taxpayer dollars to fund this work) aren’t allowed to know. And the agency refuses to answer questions about encryption’s impact on its investigations even from members of Congress, who can be privy to confidential information denied to the general public.

The only public information coming out of the FBI’s phone-hacking black box is nothingburgers like the recent press conference. At an event all about the FBI’s phone-hacking capabilities, Director Wray and AG Barr cunningly managed to deflect the press’s attention onto Apple, dodging any difficult questions, such as what the FBI’s abilities mean for Americans’ privacy, civil liberties and data security, or even basic questions like how much the Pensacola phone-cracking operation cost.

As the recent PR spectacle demonstrated, a press conference isn’t oversight. And instead of exerting its oversight power, mandating more transparency, or requiring an accounting and cost/benefit analysis of the FBI’s phone-hacking expenditures — instead of demanding a straight and conclusive answer to the eternal question of whether, in light of the agency’s continually-evolving capabilities, there’s really any need to force smartphone makers to weaken their device encryption — Congress is instead coming up with dangerous legislation such as the EARN IT Act, which risks undermining encryption right when a population forced by COVID-19 to do everything online from home can least afford it.

The bestcase scenario now is that the federal agency that proved its untrustworthiness by lying to the Foreign Intelligence Surveillance Court can crack into our smartphones, but maybe not all of them; that maybe it isn’t sharing its toys with state and local police departments (which are rife with domestic abusers who’d love to get access to their victims’ phones); that unlike third-party vendor devices, maybe the FBI’s tools won’t end up on eBay where criminals can buy them; and that hopefully it hasn’t paid taxpayer money to the spyware company whose best-known government customer murdered and dismembered a journalist.

The worst-case scenario would be that, between in-house and third-party tools, pretty much any law enforcement agency can now reliably crack into everybody’s phones, and yet nevertheless this turns out to be the year they finally get their legislative victory over encryption anyway. I can’t wait to see what else 2020 has in store.

COVID-19 exposure notification settings begin to go live for iOS users with new update

Apple has released iOS 13.5, which includes support for the Exposure Notification API that it co-created with Google to support public health authorities in their contact tracing efforts to combat COVID-19. The API requires third-party apps developed by public health authorities for use, and none have yet been released, but iOS device users already have access to COVID-19 Exposure Logging global settings.

As previewed in the beta release, you can access the Exposure Logging settings under the Settings app, then navigating to the ‘Privacy’ subsection. From there, you can select the ‘Health’ submenu and find the COVID-19 Exposure Logging setting, which will be off be default. It can’t be turned on at all until you actually get an authorized app to enable them, at which point you’ll receive a pop-up asking you to authorize Exposure Notifications access. Once you do, you can return here to toggle notifications off, and also manually delete your device’s exposure log should you choose to opt out.

Apple and Google both have emphasized that they want as much user control and visibility into the Exposure Notification API as possible. They’re using randomized, temporary identifiers that are not centrally stored to do the exposure notification, and are also forbidding the simultaneous use of geolocation services and the Exposure Notification API within the same app. This manual control is another step to ensure that users have full control over what info they share to participate in the system, and when.

Contact tracing is a time-tested strategy for combating the spread of infectious disease, and has traditionally worked by attempting to trace potential exposure by interviewing infected individuals and leaning as much about their movements during their infectious period as possible. Modern connected devices mean that we can potentially make this far more efficient and accurate, but Google and Apple have worked with privacy experts to try to determine a way to make this happen without exposing users to privacy risks. Matching also happens locally on a user’s device, not in any centralized database.

Apple and Google are currently working with public health authorities who are building apps based on this API, and the companies also have noted that this is a temporary measure that has been designed from the beginning to be disabled once the threat of COVID-19 has passed.

This Week in Apps: Zoom gets busted, TikTok’s new record, contact tracing API launches

Welcome back to This Week in Apps, the Extra Crunch series that recaps the latest OS news, the applications they support and the money that flows through it all.

The app industry is as hot as ever, with a record 204 billion downloads and $120 billion in consumer spending in 2019, according to App Annie’s “State of Mobile” annual report. People are now spending 3 hours and 40 minutes per day using apps, rivaling TV. Apps aren’t just a way to pass idle hours — they’re a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus.

In this Extra Crunch series, we help you keep up with the latest news from the world of apps, delivered on a weekly basis.

This week we’re continuing to look at how the coronavirus outbreak is impacting the world of mobile applications, including the latest on the U.S. and other international efforts to develop contact-tracing apps, plus the use of live-streaming apps as fundraising tools, the impact of quarantine on iPad apps and more. We’re also tracking news related to Zoom’s latest backtrack, WhatsApp’s plans to enter the credit market, the Instagram pods discovery, TikTok best quarter (better than any app… ever), Facebook’s plan for virtual dating and more.

Headlines

Apple News hits 125M monthly active users

The COVID-19 pandemic has driven a significant increase in how many people are using Apple’s News app on their mobile devices, tablets and Macs. During Apple’s earnings call this week, the company revealed Apple News now sees over 125 million monthly active users in the U.S., Canada, the U.K. and Australia, up from 100 million in January. Apple, however, did not note how many were subscribed to its $9.99/month premium news service, Apple News+.

Apple & Google release first version of the exposure notification API

Germany ditches centralized approach to app for COVID-19 contacts tracing

Germany has U-turned on building a centralized COVID-19 contacts tracing app — and will instead adopt a decentralized architecture, Reuters reported Sunday, citing a joint statement by chancellery minister Helge Braun and health minister Jens Spahn.

In Europe in recent weeks, a battle has raged between different groups backing centralized vs decentralized infrastructure for apps being fast-tracked by governments which will use Bluetooth-based smartphone proximity as a proxy for infection risk — in the hopes of supporting the public health response to the coronavirus by automating some contacts tracing.

Centralized approaches that have been proposed in the region would see pseudonymized proximity data stored and processed on a server controlled by a national authority, such as a healthcare service. However concerns have been raised about allowing authorities to scoop up citizens’ social graph, with privacy experts warning of the risk of function creep and even state surveillance.

Decentralized contacts tracing infrastructure, by contrast, means ephemeral IDs are stored locally on device — and only uploaded with a user’s permission after a confirmed COVID-19 diagnosis. A relay server is used to broadcast infected IDs — enabling devices to locally compute if there’s a risk that requires notification. So social graph data is not centralized.

The change of tack by the German government marks a major blow to a homegrown standardization effort, called PEPP-PT, that had been aggressively backing centralization — while claiming to ‘preserve privacy’ on account of not tracking location data. It quickly scrambled to propose a centralized architecture for tracking coronavirus contacts, led by Germany’s Fraunhofer Institute, and claiming the German government as a major early backer, despite PEPP-PT later saying it would support decentralized protocols too.

As we reported earlier, the effort faced strident criticism from European privacy experts — including a group of academics developing a decentralized protocol called DP-3T — who argue p2p architecture is truly privacy preserving. Concerns were also raised about a lack of transparency around who is behind PEPP-PT and the protocols they claimed to support, with no code published for review.

The European Commission, meanwhile, has also recommended the use of decentralization technologies to help boost trust in such apps in order to encourage wider adoption.

EU parliamentarians have also warned regional governments against trying to centralize proximity data during the coronavirus crisis.

But it was Apple and Google jumping into the fray earlier this month by announcing joint support for decentralized contacts tracing that was the bigger blow — with no prospect of platform-level technical restrictions being lifted. iOS limits background access to Bluetooth for privacy and security reasons, so national apps that do not meet this decentralized standard won’t benefit from API support — and will likely be far less usable, draining battery and functioning only if actively running.

Nonetheless PEPP-PT told journalists just over a week ago that it was engaged in fruitful discussions with Apple and Google about making changes to their approach to accommodate centralized protocols.

Notably, the tech giants never confirmed that claim. They have only since doubled down on the principle of decentralization for the cross-platform API for public health apps — and system-wide contacts tracing which is due to launch next month.

At the time of writing PEPP-PT’s spokesman, Hans-Christian Boos, had not responded to a request for comment on the German government withdrawing support.

Boos previously claimed PEPP-PT had around 40 governments lining up to join the standard. However in recent days the momentum in Europe has been going in the other direction. A number of academic institutions that had initially backed PEPP-PT have also withdrawn support.

In a statement emailed to TechCrunch, the DP-3T project welcomed Germany’s U-turn.

“DP-3T is very happy to see that Germany is adopting a decentralized approach to contact tracing and we look forward to its next steps implementing such a technique in a privacy preserving manner,” the group told us.

Berlin’s withdrawal leaves France and the UK the two main regional backers of centralized apps for coronavirus contacts tracing. And while the German U-turn is certainly a hammer blow for the centralized camp in Europe the French government appears solid in its support — at least for now.

France has been developing a centralized coronavirus contacts tracing protocol, called ROBERT, working with Germany’s Fraunhofer Institute and others.

In an opinion issued Sunday, France’s data protection watchdog, the CNIL, did not take active issue with centralizing pseudonymized proximity IDs — saying EU law does not in principle forbid such a system — although the watchdog emphasized the need to minimize the risk of individuals being re-identified.

It’s notable that France’s digital minister, Cédric O, has been applying high profile public pressure to Apple over Bluetooth restrictions — telling Bloomberg last week that Apple’s policy is a blocker to the virus tracker.

Yesterday O was also tweeting to defend the utility of the planned ‘Stop Covid’ app.

We reached out to France’s digital ministry for comment on Germany’s decision to switch to a decentralized approach but at the time of writing the department had not responded.

In a press release today the government highlights the CNIL view that its approach is compliant with data protection rules, and commits to publishing a data protection impact assessment ahead of launching the app.

If France presses ahead it’s not clear how the country will avoid its app being ignored or abandoned by smartphone users who find it irritating to use. (Although it’s worth noting that Google’s Android platform has a substantial marketshare in the market, with circa 80% vs 20% for iOS, per Kantar.)

A debate in the French parliament tomorrow is due to include discussion of contacts tracing apps.

We’ve also reached out to the UK’s NHSX — which has been developing a COVID-19 contacts tracing app for the UK market — and will update this report with any response.

In a blog post Friday the UK public healthcare unit’s digital transformation division said it’s “working with Apple and Google on their welcome support for tracing apps around the world”, a PR line that entirely sidesteps the controversy around centralized vs decentralized app infrastructures.

The UK has previously been reported to be planning to centralize proximity data — raising questions about the efficacy of its planned app too, given iOS restrictions on background access to Bluetooth.

“As part of our commitment to transparency, we will be publishing the key security and privacy designs alongside the source code so privacy experts can ‘look under the bonnet’ and help us ensure the security is absolutely world class,” the NHSX’s Matthew Gould and Dr Geraint Lewis added in the statement.

Germany’s COVID-19 contacts tracing app to link to labs for test result notification

A German research institute that’s involved in developing a COVID-19 contacts tracing app with the backing of the national government has released some new details about the work, which suggests the app is being designed as more of a “one-stop shop” to manage coronavirus impacts at an individual level, rather than having a sole function of alerting users to potential infection risk.

Work on the German app began at the start of March, per the Fraunhofer-Gesellschaft institute, with initial funding from the Federal Ministry of Education and Research and the Federal Ministry of Health funding a feasibility study.

In a PDF published today, the research organization reveals the government-backed app will include functionality for health authorities to directly notify users about a COVID-19 test result if they’ve opted in to get results this way.

It says the system must ensure only people who test positive for the virus make their measurement data available to avoid incorrect data being input. For the purposes of “this validation process,” it envisages “a digital connection to the existing diagnostic laboratories is implemented in the technical implementation.”

“App users can thus voluntarily activate this notification function and thus be informed more quickly and directly about their test results,” it writes in the press release (which we’ve translated from German with Google Translate) — arguing that such direct digital notification of tests results will mean that no “valuable time” is lost to curb the spread of the virus.

Governments across Europe are scrambling to get Bluetooth-powered contacts tracing apps off the ground, with apps also in the works from a number of other countries, including the U.K. and France, despite ongoing questions over the efficacy of digital contacts tracing versus such an infectious virus.

The great hope is that digital tools will offer a route out of economically crippling population lockdowns by providing a way to automate at least some contacts tracing — based on widespread smartphone penetration and the use of Bluetooth-powered device proximity as a proxy for coronavirus exposure.

Preventing a new wave of infections as lockdown restrictions are lifted is the near-term goal. Although — in line with Europe’s rights frameworks — use of contacts tracing apps looks set to be voluntary across most of the region, with governments wary about being seen to impose “health surveillance” on citizens, as has essentially happened in China.

However if contacts tracing apps end up larded with features that are deep linking into national health systems, that raises questions about how optional their use will really be.

An earlier proposal by a German consortium of medical device manufacturers, laboratories, clinics, clinical data management systems and blockchain solution providers — proposing a blockchain-based Digital Corona Health Certificate, which was touted as being able to generate “verifiable, certified test results that can be fed into any tracing app” to cut down on false positives — claimed to have backing from the City of Cologne’s public health department, as one example of potential function creep.

In March, Der Spiegel also reported on a large-scale study being coordinated by the Helmholtz Center for Infection Research in Braunschweig, to examine antibody levels to try to determine immunity across the population. Germany’s Robert Koch Institute (RKI) was reportedly involved in that study — and has been a key operator in the national contacts tracing push.

Both RKI and the Fraunhofer-Gesellschaft institute are also involved in parallel German-led pan-EU standardization efforts for COVID-19 contacts tracing apps (called PEPP-PT) that’s been the leading voice for apps to centralize proximity data with governments/health authorities, rather than storing it on users’ device and performing risk processing locally.

As we reported earlier, PEPP-PT and its government backers appear to be squaring up for a battle with Apple over iOS restrictions on Bluetooth.

PEPP-PT bases its claim of being a “privacy-preserving” standard on not backing protocols or apps that use location data or mobile phone numbers — with only arbitrary (but pseudonymized) proximity IDs shared for the purpose of tracking close encounters between devices and potential coronavirus infections.

It has claimed it’s agnostic between centralization of proximity data versus decentralization, though so far the only protocol it’s publicly committed to is a centralized one.

Yet, at the same time, regional privacy experts, the EU parliament and even the European Commission have urged national governments to practice data minimization and decentralized when it comes to COVID-19 contacts tracing in order to boost citizen trust by shrinking associated privacy risks.

If apps are voluntary, citizens’ trust must be earned not assumed, is the key argument. Without substantial uptake the utility of digital contacts tracing seems doubtful.

Apple and Google have also come down on the decentralized side of this debate — outting a joint effort last week for an API and later opt-in system-wide contacts tracing. The first version of their API is slated to be in developers’ hands next week.

Meanwhile, a coalition of nearly 300 academics signed an open letter at the start of this week warning that centralized systems risked surveillance creep — voicing support for decentralized protocols, such as DP-3T: Another contact tracing protocol that’s being developed by a separate European coalition which has been highly critical of PEPP-PT.

And while PEPP-PT claimed recently to have seven governments signed up to its approach, and 40 more in the pipeline, at least two of the claimed EU supporters (Switzerland and Spain) had actually said they will use a decentralized approach.

The coalition has also been losing support from a number of key research institutions which had initially backed its push for a “privacy-preserving” standard, as controversy around its intent and lack of transparency has grown.

Nonetheless, the two biggest EU economies, Germany and France, appear to be digging in behind a push to centralize proximity data — putting Apple in their sights.

Bloomberg reported earlier this week that the French government is pressurizing Apple to remove Bluetooth restrictions for its COVID-19 contacts tracing app which also relies on a “trusted authority” running a central server (we’ve covered the French ROBERT protocol in detail here).

It’s possible Germany and France are sticking to their centralized guns because of wider plans to pack more into these contacts tracing apps than simply Bluetooth-powered alerts — as suggested by the Fraunhofer document.

Access to data is another likely motivator.

“Only if research can access sufficiently valid data it is possible to create forecasts that are the basis for planning further steps against are the spread of the virus,” the institute goes on. (Though, as we’ve written before, the DP-3T decentralized protocol sets out a path for users to opt in to share proximity data for research purposes.)

Another strand that’s evident from the Fraunhofer PDF is sovereignty.

“Overall, the approach is based on the conviction that the state healthcare system must have sovereignty over which criteria, risk calculations, recommendations for action and feedback are in one such system,” it writes, adding: “In order to achieve the greatest possible usability on end devices on the market, technical cooperation with the targeted operating system providers, Google and Apple, is necessary.”

Apple and Google did not respond to requests for comment on whether they will be making any changes to their API as a result of French and German pressure.

Fraunhofer further notes that “full compatibility” between the German app and the centralized one being developed by French research institutes Inria and Inserm was achieved in the “past few weeks” — underlining that the two nations are leading this particular contacts tracing push.

In related news this week, Europe’s Data Protection Board (EDPB) put out guidance for developers of contacts tracing apps, which stressed an EU legal principle related to processing personal data that’s known as purpose limitation — warning that apps need to have purposes “specific enough to exclude further processing for purposes unrelated to the management of the COVID-19 health crisis (e.g., commercial or law enforcement purposes)”.

Which sounds a bit like the regulator drawing a line in the sand to warn states that might be tempted to turn contacts tracing apps into coronavirus immunity passports.

The EDPB also urged that “careful consideration” be given to data minimisation and data protection by design and by default — two other key legal principles baked into Europe’s General Data Protection Regulation, albeit with some flex during a public health emergency.

However the regulatory body took a pragmatic view on the centralization vs decentralization debate — saying both approaches are “viable” in a contacts tracing context, with the key caveat that “adequate security measures” must be in place.

Apple expands App Store, Music, iCloud and other services to dozens of additional markets

Apple said today it is launching its services App Store, Apple Podcasts, iCloud, and Apple Music to dozens of additional markets in Africa, Europe, Asia-Pacific, and Middle East among others in what is one of the biggest geographical expansions for one of the world’s biggest firms.

The App Store, Apple Arcade, Apple Podcasts, and iCloud are now available in 20 additional nations, whereas the iPhone-maker’s music streaming service, Apple Music, has launched in an additional 52 countries.

Apple said Music streaming service includes locally curated playlists including Africa Now, Afrobeats Hits, Ghana Bounce in new markets and, as an introductory offer, it is offering a six-month free trial on Music in the newly launched markets.

The App Store, Apple Arcade, Apple Music, Apple Podcasts and iCloud are now available in the following countries and regions:

  • Africa: Cameroon, Côte d’Ivoire, Democratic Republic of the Congo, Gabon, Libya, Morocco, Rwanda, and Zambia.
  • Asia-Pacific: Maldives and Myanmar.
  • Europe: Bosnia and Herzegovina, Georgia, Kosovo, Montenegro, and Serbia.
  • Middle East: Afghanistan (excluding Apple Music) and Iraq.
  • Oceania: Nauru (excluding Apple Music), Tonga, and Vanuatu.

Apple Music is expanding to the following countries and regions:

  • Africa: Algeria, Angola, Benin, Chad, Liberia, Madagascar, Malawi, Mali, Mauritania, Mozambique, Namibia, Republic of the Congo, Senegal, Seychelles, Sierra Leone, Tanzania, and Tunisia.
  • Asia-Pacific: Bhutan.
  • Europe: Croatia, Iceland, and North Macedonia.
  • Latin America and the Caribbean: the Bahamas, Guyana, Jamaica, Montserrat, St. Lucia, St. Vincent and the Grenadines, Suriname, Turks and Caicos, and Uruguay.
  • Middle East: Kuwait, Qatar, and Yemen.
  • Oceania: Solomon Islands.

“We’re delighted to bring many of Apple’s most beloved Services to users in more countries than ever before,” said Oliver Schusser, Apple’s vice president of Apple Music and International Content, in a statement.

“We hope our customers can discover their new favorite apps, games, music, and podcasts as we continue to celebrate the world’s best creators, artists, and developers,” he added.

App Store is now available in 175 countries and regions, whereas Apple Music has reached 167 markets. In comparison, music streaming service giant Spotify is available in fewer than 100 nations.

The availability of the aforementioned services in dozens of new markets should help Apple further grow sales in its services segment, which already clocks more revenue than the Mac, iPad, and wearables and accessories.

Their availability should also persuade more users to explore Apple’s products. iPhone users in the past have expressed their disappointment when they don’t have access to the wider services ecosystem.

Apple introduces new $399 iPhone SE with Touch ID and 4.7″ screen

Apple has dropped a new iPhone SE on the market today. It’s a 4.7” iPhone with a physical home button, Touch ID, a single rear-facing camera and the A13 Bionic chip on board. With a $399 starting price point, the new SE is aimed squarely at new iPhone users or first time smartphone buyers but could appeal to those who want the smallest iPhone model currently available above other considerations.

It comes in black, silver and Product(RED) editions and features a single rear-facing camera and a single front-facing camera. This is Apple’s new entry-level iPhone.

The overall package is pretty appealing here. It’s got the same A13 chip as in the iPhone 11 and iPhone 11 Pro and Apple tells me that the processor performance in the SE is comparable and not toned down for the more affordable unit.

The display is Apple’s Retina HD unit, which is an LCD panel. It is not a Liquid Retina display like the iPhone 11 and iPhone XR. I’m still waiting on specs to see what we’re looking at from a contrast ration perspective here, but it does have True Tone.

Probably the biggest defining feature of the iPhone SE besides its size is its inclusion of a physical home button with Touch ID instead of the Face ID system we’ve come to expect on new iPhones. It’s not clear now whether that’s due to size constraints preventing the inclusion of the needed front-facing True Depth Camera array — but pricing is probably just as likely to figure in this calculation.

Touch ID is reliable and even preferred by some users, though the physical home buttons have long been one of the biggest hardware failure points of iPhones with the feature. In our new mask-using world, though, some ground swell of Touch ID enthusiasm has been gaining. It’s hard to make Face ID systems properly recognize you behind a cloth wrap covering half of your face. This has been an issue for a while in Asia, where mask wearing has long been a matter of courtesy during allergy season or when a person is ill.

Camera and Comparisons

A couple of main items make Apple’s claim that the iPhone SE is ‘the best single-camera system’ supportable. You may recall that the iPhone XR also supported portrait mode and had the same resolution of rear camera. But with the iPhone SE, you have the A13 bionic, a new ISP and the Neural Engine that have improved things significantly in the machine learning department — allowing for segmentation masks and semantic rendering, two big improvements that make the portrait mode far more effective in recent iPhone models.

Apple only supported 3 lighting effects on the XR — the ones where you didn’t have to strip away the background. Those require more beef in the rendering and separation pipeline so the iPhone SE can do those now. The iPhone SE also has the improved Smart HDR that came to the iPhone 11 — once again tied to the chip.

You also get a bunch of other benefits of that new image pipeline including expanded dynamic range while shooting video at 4k 30fps, 4k 60 cinematic stabilization and the improved smart HDR while shooting still images. Also brought all 6 lighting effects to the front facing camera in this model.

It’s very like you’re getting iPhone 11 Pro image pipeline attached to a single-camera system — but, and it’s a big but — you don’t get Night Mode. Night Mode is one of the most compelling iPhone camera features in a very long time, so buying the new SE is really a price and size over camera equation.

Lineup Placement

This lineup puts the current iPhones Apple produces at roughly 7 as far as I can tell. The iPhone XR, XS and XS Max, iPhone 11 and iPhone 11 Pro and this new model. The iPhone SE’s pricing is incredibly attractive at $399 with 64GB of storage with only a $50 bump to $449 for 128GB.

If you’re comparing the iPhone XR to the iPhone SE, your only real consideration for the older model would be that you must have the larger screen size. But that seems like a hard sell at $200 more.

Overall, Apple seems to be working hard to mortar over the gaps in its iPhone pricing umbrella, making entry into its ecosystem more attractive. Once in, iPhone users tend to stick for the most part, both because of service-based lock-ins and high customer satisfaction.