Google Play
Auto Added by WPeMatico
Auto Added by WPeMatico
App store spending is continuing to grow, although not as quickly as in years past. According to a new report from Sensor Tower, the iOS App Store and Google Play combined brought in $39.7 billion in worldwide app revenue in the first half of 2019 — that’s up 15.4% over the $34.4 billion seen during the first half of last year. However, at that time, the $34.4 billion was a 27.8% increase from 2017’s numbers, then a combined $26.9 billion across both stores.
Apple’s App Store continues to massively outpace Google Play on consumer spending, the report also found.
In the first half of 2019, global consumers spent $25.5 billion on the iOS App Store, up 13.2% year-over-year from the $22.6 billion spent in the first half of 2018. Last year, the growth in consumer spending was 26.8%, for comparison’s sake.
Still, Apple’s estimated $25.5 billion in the first half of 2019 is 80% higher than Google Play’s estimated gross revenue of $14.2 billion — the latter a 19.6% increase from the first half of 2018.
The major factor in the slowing growth is iOS in China, which contributed to the slowdown in total growth. However, Sensor Tower expects to see China returning to positive growth over the next 12 months, we’re told.
To a smaller extent, the downturn could be attributed to changes with one of the top-earning apps across both app stores: Netflix.
Last year, Netflix dropped in-app subscription sign-ups for Android users. Then, at the end of December 2018, it did so for iOS users, too. That doesn’t immediately drop its revenue to zero, of course — it will continue to generate revenue from existing subscribers. But the number will decline, especially as Netflix expands globally without an in-app purchase option, and as lapsed subscribers return to renew online with Netflix directly.
In the first half of 2019, Netflix was the second highest earning non-game app with consumer spending of $339 million, Sensor Tower estimates, down from $459 million in the first half of 2018. (We should point out the firm bases its estimates on a 70/30 split between Netflix and Apple’s App Store that drops to 85/15 after the first year. To account for the mix of old and new subscribers, Sensor Tower factors in a 25% cut. But Daring Fireball’s John Gruber claims Netflix had a special relationship with Apple where it had an 85/15 cut from year one.)
In any event, Netflix’s contribution to the app stores’ revenue is on the decline.
In the first half of last year, Netflix had been the No. 1 non-game app for revenue. This year, that spot went to Tinder, which pulled in an estimated $497 million across the iOS App Store and Google Play, combined. That’s up 32% over the first half of 2018.

But Tinder’s dominance could be a trend that doesn’t last.
According to recent data from eMarketer, dating app audiences have been growing slower than expected, causing the analyst firm to revise its user estimates downward. It now expects that 25.1 million U.S. adults will use a dating app monthly this year, down from its previous forecast of 25.4 million. It also expects that only 21% of U.S. single adults will use a dating app at all in 2019, and that will only grow to 23% by 2023.
That means Tinder’s time at the top could be overrun by newcomers in later months, especially as new streaming services get off the ground (assuming they offer in-app subscriptions); if TikTok starts taking monetization seriously; or if any other large apps from China find global audiences outside of China’s third-party app stores.
For example, Tencent Video grossed $278 million globally in the first half of 2019, outside of the third-party Chinese Android app stores. That made it the third-largest non-game app by revenue. And Chinese video platform iQIYI and YouTube were the No. 4 and No. 5 top-grossing apps, respectively.
Meanwhile, iOS app installs actually declined in the first half of the year, following the first quarter that saw a decline in downloads, Q1 2019, attributed to the downturn in China.
The App Store in the first half of 2019 accounted for 14.8 billion of the total 56.7 billion app installs.
Google Play installs in the first half of the year grew 16.4% to 41.9 billion, or about 2.8 times greater than the iOS volume.

The most downloaded apps in the first half of 2019 were the same as before: WhatsApp, Messenger and Facebook led the top charts. But TikTok inched ahead of Instagram for the No. 4 spot, and it saw its installs grow around 28% to nearly 344 million worldwide.
In terms of mobile gaming specifically, spending was up 11.3% year-over-year in the first half of 2019, reaching $29.6 billion across the iOS App Store and Google Play. Thanks to the fallout of the game licensing freeze in China, App Store revenue growth for games was at $17.6 billion, or 7.8% year-over-year growth. Google Play game spending grew by 16.8% to $12 billion.
The top-grossing games, in order, were Tencent’s Honor of Kings, Fate/Grand Order, Monster Strike, Candy Crush Saga and PUBG Mobile.

Meanwhile, the most downloaded games were Color Bump 3D, Garena Free Fire and PUBG Mobile.
Image credits: Sensor Tower
Powered by WPeMatico
Mobile gaming continues to hold its own, accounting for 10% of the time users spend in apps — a percentage that has remained steady over the years, even though our time in apps overall has grown by 50% over the past two years. In addition, games are continuing to grow their share of consumer spend, notes App Annie in a new research report out this week, timed with E3.
Thanks to growth in hyper-casual and cross-platform gaming in particular, mobile games are on track to reach 60% market share in consumer spend in 2019.
The new report looks at how much time users spend gaming versus using other apps, monetization and regional highlights within the gaming market, among other things.
Despite accounting for a sizable portion of users’ time, games don’t lead the other categories, App Annie says.
Instead, social and communications apps account for half (50%) of the time users spent globally in apps in 2018, followed by video players and editors at 15%, then games at 10%.
In the U.S., users generally have eight games installed per device; globally, we play an average of two to five games per month.

The number of total hours spent on games continues to grow roughly 10% year-over-year, as well, thanks to existing gamers increasing their time in games and from a broadening user base, including a large number of mobile app newcomers from emerging markets.

This has also contributed to a widening age range for gamers.
Today, the majority of time spent in gaming is by those aged 25 and older. In many cases, these players may not even classify themselves as “gamers,” App Annie noted.

While games may not lead the categories in terms of time spent, they do account for a large number of mobile downloads and the majority of consumer spending on mobile.
One-third of all worldwide downloads are games across iOS, Google Play and third-party app stores.
Last year, 1.6+ million games launched on Google Play and 1.1+ million arrived on iOS.
On Android, 74 cents of every dollar is spent on games, with 95% of those purchases coming as in-app purchases, not paid downloads. App Annie didn’t have figures for iOS.
Google Play is known for having more downloads than iOS, but continues to trail on consumer spend. In 2018, Google Play grabbed a 72% share of worldwide downloads, compared with 28% on iOS. Meanwhile, Google Play only saw 36% of consumer spend versus 64% on iOS.

One particular type of gaming jumped out in the new report: racing games.
Consumer spend in this subcategory of gaming grew 7.9 times as fast as the overall mobile gaming market. Adventure games did well, too, growing roughly five times the rate of games in general. Music games and board games were also popular.

Of course, gaming expands beyond mobile. But it’s surprising to see how large a share of the broader market can be attributed to mobile gaming.
According to App Annie, mobile gaming is larger than all other channels, including home game consoles, handheld consoles and computers (Mac and PC). It’s also 20% larger than all these other categories combined — a shift from only a few years ago, attributed to the growth in the mobile consumer base, which allows mobile gaming to reach more people.

Cross-platform gaming is a key gaming trend today, thanks to titles like PUBG and Fortnite in particular, which were among the most downloaded games across several markets last year.
Meanwhile, hyper-casual games are appealing to those who don’t think of themselves as gamers, which has helped to broaden the market further.


App Annie is predicting the next big surge will come from AR gaming, with Harry Potter: Wizards Unite expected to bring Pokémon Go-like frenzy back to AR, bringing the new title $100 million in its first 30 days. The game is currently in beta testing in select markets, with plans for a 2019 release.
In terms of regions, China’s impact on gaming tends to be outsized, but its growth last year was limited due to the game license regulations. This forced publishers to look outside the country for growth — particularly in markets like North America and Japan, App Annie said.

Meanwhile, India, Brazil, Russia and Indonesia lead the emerging markets with regard to game
downloads, but established markets of the U.S. and China remain strong players in terms of sheer numbers.

With the continued steady growth in consumer spend and the stable time spent in games, App Annie states the monetization potential for games is growing. In 2018, there were 1,900 games that made more than $5 million, up from 1,200 in 2016. In addition, consumer spend in many key markets is still growing too — like the 105% growth in two years in China, for example, and the 45% growth in the U.S.

The full report delves into other regions as well as game publishers’ user acquisition strategies. It’s available for download here.
Powered by WPeMatico
On Wednesday, Google rolled out new policies around kids’ apps on Google Play following an FTC complaint claiming a lack of attention to apps’ compliance with children’s privacy laws, and other rules around content. However, kids’ apps weren’t the only area being addressed this week. As it turns out, Google also cracked down on loot boxes and marijuana apps, while also expanding sections detailing prohibitions around hate speech, sexual content and counterfeit goods, among other things.
The two more notable changes include a crackdown on “loot boxes” and a ban on apps that offer marijuana delivery — while the service providers’ apps can remain, the actual ordering process has to take place outside of the app itself, Google said.
Specifically, Google will no longer allow apps offering the ability to order marijuana through an in-app shopping cart, those that assist users in the delivery or pickup of marijuana or those that facilitate the sale of THC products.
This isn’t a huge surprise — Apple already bans apps that allow for the sale of marijuana, tobacco or other controlled substances in a similar fashion. On iOS, apps like Eaze and Weedmaps are allowed, but they don’t offer an ordering function. That’s the same policy Google is now applying on Google Play.
This is a complex subject for Google, Apple and other app marketplace providers to tackle. Though some states have legalized the sale of marijuana, the laws vary. And it’s still illegal according to the federal government. Opting out of playing middleman here is probably the right step for app marketplace platforms.
That said, we understand Google has no intention of outright banning marijuana ordering and delivery apps.
The company knows they’re popular and wants them to stay. It’s even giving them a grace period of 30 days to make changes, and is working with the affected app developers to ensure they’ll remain accessible.
“These apps simply need to move the shopping cart flow outside of the app itself to be compliant with this new policy,” a spokesperson explained. “We’ve been in contact with many of the developers and are working with them to answer any technical questions and help them implement the changes without customer disruption.”
Another big change impacts loot boxes — a form of gambling popular among gamers. Essentially, people pay a fee to receive a random selection of in-game items, some of which may be rare or valuable. Loot boxes have been heavily criticized for a variety of reasons, including their negative effect on gameplay and how they’re often marketed to children.
Last week, a new Senate bill was introduced with bipartisan support that would prohibit the sale of loot boxes to children, and fine those in violation.
Google Play hasn’t gone so far as to ban loot boxes entirely, but instead says games have to now disclose the odds of getting each item.
In addition to these changes, Google rolled out a handful of more minor updates, detailed on its Developer Policy Center website.
Here, Google says it has expanded the definition of what it considers sexual content to include a variety of new examples, like illustrations of sexual poses, content depicting sexual aids and fetishes and depictions of nudity that wouldn’t be appropriate in a public context. It also added “content that is lewd or profane,” according to Android Police, which compared the old and new versions of the policy.
Definitions that are somewhat “open to interpretation” is something that Apple commonly uses to gain better editorial control over its own App Store. By adding a ban of “lewd or profane” content, Google can opt to reject apps that aren’t covered by other examples.
Google also expanded its list of examples around hate speech to include: “compilations of assertions intended to prove that a protected group is inhuman, inferior or worthy of being hated;” “apps that contain theories about a protected group possessing negative characteristics (e.g. malicious, corrupt, evil, etc.), or explicitly or implicitly claims the group is a threat;” and “content or speech trying to encourage others to believe that people should be hated or discriminated against because they are a member of a protected group.”
Additional changes include an update to the Intellectual Property policy that more clearly prohibits the sale or promotion for sale of counterfeit goods within an app; a clarification of the User Generated Content policy to explicitly prohibit monetization features that encourage objectionable behavior by users; and an update to the Gambling policy, with more examples.
A Google spokesperson says the company regularly updates its Play Store developer policies in accordance with best practices and legal regulations around the world. However, the most recent set of changes err on the side of getting ahead of increased regulation — not only in terms of kids’ apps and data privacy, but also other areas now under legal scrutiny, like loot boxes and marijuana sales.
Powered by WPeMatico
Google announced this morning a new set of developer policies aimed at providing additional protections for children and families seeking kid-friendly apps on Google Play. The new policies require that developers ensure their apps are meeting all the necessary policy and regulatory requirements for apps that target children in terms of their content, ads and how they handle personally identifiable information.
For starters, developers are being asked to consider whether children are a part of their target audience — and, if they’re not, developers must ensure their app doesn’t unintentionally appeal to them. Google says it will now also double-check an app’s marketing to confirm this is the case and ask for changes, as needed.
Apps that do target children have to meet the policy requirements concerning content and handling of personally identifiable information. This shouldn’t be news to developers playing by the rules, as Google has had policies around “kid-safe” apps for years as part of its “Designed for Families” program, and countries have their own regulations to follow when it comes to collecting children’s data.
In addition, developers whose apps are targeting children must only serve ads from an ads network that has certified compliance with Google’s families policies.

To enforce these policies at scale, Google is now requiring all developers to complete the new target audience and content section of the Google Play Console. Here, they will have to specify more details about their app. If they say that children are targeted, they’ll be directed to the appropriate policies.
Google will use this information, alongside its review of the app’s marketing materials, in order to categorize apps and apply policies across three target groups: children, children and older users, and older users. (And because the definition of “children” may vary by country, developers will need to determine what age-based restrictions apply in the countries where their app is listed.)
Developers must comply with the process of filling out the information on Google Play and come into compliance with the updated policies by September 1, 2019.

The company says it’s committed to providing “a safe, positive environment” for kids and families, which is why it’s announcing these changes.
However, the changes are more likely inspired by an FTC complaint filed in December, in which a coalition of 22 consumer and public health advocacy groups, led by Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD), asked for an investigation of kids’ apps on Google Play.
The organizations claimed that Google was not verifying apps and games featured in the Family section of Google Play for compliance with U.S. children’s privacy law COPPA.
They also said many so-called “kids” apps exhibited bad behaviors — like showing ads that are difficult to exit or showing those that require viewing in order to continue the current game. Some apps pressured kids into making in-app purchases, and others were found serving ads for alcohol and gambling. And others, still, were found to model harmful behavior or contain graphic, sexualized images, the groups warned regulators.
The time when violations like these can slip through the cracks is long past, thanks to increased regulatory oversight across the online industry by way of laws like the EU’s GDPR, which focuses on data protection and privacy. The FTC is also more keen to act, as needed — it even recently doled out a record fine for TikTok for violating COPPA.
The target audience and content section are live today in the Google Play Console, along with documentation on the new policies, a developer guide and online training. In addition, Google says it has increased its staffing and improved its communications for the Google Play app review and appeals processes in order to help developers get timely decisions and understand any changes they’re directed to make.
Update, 5/29/19, 4:30 PM ET:
Following Google’s announcement, the Campaign for a Commercial-Free Childhood (CCFC), which led the FTC complaint, issued a statement in response.
“It’s great that our coalition’s advocacy has awoken to Google to the massive issues with kids apps in the Play Store,” said CCFC Director Josh Golin. “Unfortunately, there’s not a lot of substance to these changes and it’s concerning that Google remains intent on outsourcing responsibility for compliance to developers rather than taking real steps to enforce its own policies.”
“Furthermore, if Google is serious about cracking down on developers that elide their legal responsibilities by pretending their apps aren’t child-directed, they should start by looking in the mirror. YouTube violates COPPA at a massive scale every day and Google’s laughable defense is that the site is only intended for 13 and up,” he added.
Powered by WPeMatico
Researchers have found two apps masquerading as cryptocurrency apps on Android’s app store, Google Play.
One of them was largely a dud. The second was designed to steal cryptocurrency, the researchers said.
Security firm ESET said one of the two fake Android apps impersonated Trezor, a hardware cryptocurrency wallet. The good news is that the app couldn’t be used to steal cryptocurrency stored by Trezor. But the researchers found the app was connected to a second Android app that could have been used to scam funds out of unsuspecting victims.
Lukas Stefanko, a security researcher at ESET — who has a long history of finding dodgy Android apps — said the fake Trezor app “appeared trustworthy at first glance” but was using a fake developer name to impersonate the company.
The fake app was designed to trick users into turning over a victim’s login credentials. Uploaded to Google Play on May 1, the app quickly ranked as the second-most popular search result when searching for “Trezor” behind the legitimate app, said Stefanko. Users on Reddit also found the fake app and reported it as recently as two weeks ago.
According to Stefanko, the server where user credentials were sent was linked to a website linked to another fake wallet, purportedly to store cryptocurrency, and also listed on Google Play since February 25.
“The app claims it lets its users create wallets for various cryptocurrencies,” said Stefanko. “However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we’ve named wallet address scams in our previous research into cryptocurrency-targeting malware.”
Both apps were collectively downloaded more than a thousand times. After ESET contacted Google, the apps were pulled offline the next day.
Read more:
Powered by WPeMatico
The escalating U.S.-China trade war that’s seen Chinese tech giant Huawei slapped on a U.S. trade blacklist is causing ripples of shock across Europe too, as restrictions imposed on U.S. companies hit regional suppliers concerned they could face U.S. restrictions if they don’t ditch Huawei.
Reuters reports shares fell sharply today in three European chipmakers — Infineon Technologies, AMS and STMicroelectronics — after reports suggested some already had, or were about to, halt shipments to Huawei following the executive order barring U.S. firms from trading with the Chinese tech giant.
The interconnectedness of high-tech supply chains coupled with U.S. dominance of the sector and Huawei’s strong regional position as a supplier of cellular, IT and network kit in Europe suddenly makes political risk a fast-accelerating threat for EU technology companies, large and small.
On the small side is French startup Qwant, which competes with Google by offering a pro-privacy search engine. In recent months it has been hoping to leverage a European antitrust decision against Google Android last year to get smartphones to market in Europe that preload its search engine, not Google’s.
Huawei was its intended first major partner for such devices. Though, prior to recent trade war developments, it was already facing difficulties related to price incentives Google included in reworked EU Android licensing terms.
Still, the U.S.-China trade war threatens to throw a far more existential spanner in European Commission efforts to reset the competitive planning field for smartphone services — certainly if Google’s response to Huawei’s blacklisting is to torch its supply of almost all Android-related services, per Reuters.
A key aim of the EU antitrust decision was intended to support the unbundling of popular Google services from Android so that device makers can try selling combinations that aren’t entirely Google-flavored — while still being able to offer enough “Google” to excite consumers (such as preloading the Play Store but with a different search and browser bundle instead of the usual Google + Chrome combo).
Yet if Google intends to limit Huawei’s access to such key services, there’s little chance of that.
(In a statement responding to the Reuters report Google suggested it’s still deciding how to proceed, with a spokesperson writing: “We are complying with the order and reviewing the implications. For users of our services, Google Play and the security protections from Google Play Protect will continue to function on existing Huawei devices.”)
Going on Google’s initial response, Qwant co-founder and CEO Eric Léandri told us he thinks Google has overreacted — even as he dubbed the U.S.-China trade war “world war III — economical war but it’s a world war for sure.”
“I really need to see exactly what President Trump has said about Huawei and how to work with them. Because I think maybe Google has overreacted. Because I haven’t [interpreted it] that way so I’m very surprised,” he told TechCrunch.
“If Huawei can be [blacklisted] what about the others?,” he added. “Because I would say 60% of the cell phone sales in Europe today are coming from China. Huawei or ZTE, OnePlus and the others — they are all under the same kind of risk.
“Even some of our European brands who are very small like Nokia… all of them are made in China, usually with partnership with these big cell phone manufacturers. So that means several things but one thing that I’m sure is we should not rely on one OS. It would be difficult to explain how the Play Store is not as important as the search in Android.”
Léandri also questioned whether Google’s response to the blacklisting will include instructing Huawei not to even use its search engine — a move that could impact its share of the smartphone search market.
“At the end of the day there is just one thing I can say because I’m just a search engine and a European one — I haven’t seen Google asking to not be by default in Huawei as search engine. If they can be in the Huawei by default as a search engine so I presume that everyone else can be there.”
Léandri said Qwant will be watching to see what Huawei’s next steps will be — such as whether it will decide to try offering devices with its own store baked in in Europe.
And indeed how China will react.
“We have to understand the result politically, globally, the European consequences. The European attitude. It’s not only American and China — the rest of the world exists,” he said.
“I have plan b, plan c, plan d, plan f. To be clear we are a startup — so we can have tonnes of plans, The only thing is right now is it’s too enormous.
“I know that they are the two giants in the tech field… but the rest of the world have some words today and let’s see how the European Commission will react, my government will react and some of us will react because it’s not only a small commercial problem right now. It’s a real political power demonstration and it’s global so I will not be more — I am nobody in all this. I do my job and I do my job well and I will use the maximum opportunity that I can find on the market.”
We’ve reached out to the Commission to ask how it intends to respond to escalating risks for European tech firms as Trump’s trade war steps up.
Also today, Reuters reports that the German Economy Minister is examining the impact of U.S. sanctions against Huawei on local companies.
But while a startup like Qwant waits to see what the next few months will bring — and how the landscape of the smartphone market might radically reconfigure in the face of sharply spiking political risk, a different European startup is hoping to catch some uplift: Finland-based Jolla steers development of a made-in-Europe Android alternative, called Sailfish OS.
It’s a very tiny player in a Google-dominated smartphone world. Yet could be positioned to make gains amid U.S. and Chinese tech clashes — which in turn risk making major platform pieces feel a whole lot less stable.
A made-in-Europe non-Google-led OS might gain more ground among risk averse governments and enterprises — as a sensible hedge against Trump-fueled global uncertainty.
“Sailfish OS, as a non-American, open-source based, secure mobile OS platform, is naturally an interesting option for different players — currently the interest is stronger among corporate and governmental customers and partners, as our product offering is clearly focused on this segment,” says Jolla co-founder and CEO Sami Pienimäki .
“Overall, there definitely has been increased interest towards Sailfish OS as a mobile OS platform in different parts of the world, partly triggered by the on-going political activity in many locations. We have also had clearly more discussions with e.g. Chinese device manufacturers, and Jolla has also recently started new corporate and governmental customer projects in Europe.”
Powered by WPeMatico
A large-scale independent study of pre-installed Android apps has cast a critical spotlight on the privacy and security risks that preloaded software poses to users of the Google developed mobile platform.
The researchers behind the paper, which has been published in preliminary form ahead of a future presentation at the IEEE Symposium on Security and Privacy, unearthed a complex ecosystem of players with a primary focus on advertising and “data-driven services” — which they argue the average Android user is unlikely to be unaware of (while also likely lacking the ability to uninstall/evade the baked in software’s privileged access to data and resources themselves).
The study, which was carried out by researchers at the Universidad Carlos III de Madrid (UC3M) and the IMDEA Networks Institute, in collaboration with the International Computer Science Institute (ICSI) at Berkeley (USA) and Stony Brook University of New York (US), encompassed more than 82,000 pre-installed Android apps across more than 1,700 devices manufactured by 214 brands, according to the IMDEA institute.
“The study shows, on the one hand, that the permission model on the Android operating system and its apps allow a large number of actors to track and obtain personal user information,” it writes. “At the same time, it reveals that the end user is not aware of these actors in the Android terminals or of the implications that this practice could have on their privacy. Furthermore, the presence of this privileged software in the system makes it difficult to eliminate it if one is not an expert user.”
An example of a well-known app that can come pre-installed on certain Android devices is Facebook .
Earlier this year the social network giant was revealed to have inked an unknown number of agreements with device makers to preload its app. And while the company has claimed these pre-installs are just placeholders — unless or until a user chooses to actively engage with and download the Facebook app, Android users essentially have to take those claims on trust with no ability to verify the company’s claims (short of finding a friendly security researcher to conduct a traffic analysis) nor remove the app from their device themselves. Facebook pre-loads can only be disabled, not deleted entirely.
The company’s preloads also sometimes include a handful of other Facebook-branded system apps which are even less visible on the device and whose function is even more opaque.
Facebook previously confirmed to TechCrunch there’s no ability for Android users to delete any of its preloaded Facebook system apps either.
“Facebook uses Android system apps to ensure people have the best possible user experience including reliably receiving notifications and having the latest version of our apps. These system apps only support the Facebook family of apps and products, are designed to be off by default until a person starts using a Facebook app, and can always be disabled,” a Facebook spokesperson told us earlier this month.
But the social network is just one of scores of companies involved in a sprawling, opaque and seemingly interlinked data gathering and trading ecosystem that Android supports and which the researchers set out to shine a light into.
In all 1,200 developers were identified behind the pre-installed software they found in the data-set they examined, as well as more than 11,000 third party libraries (SDKs). Many of the preloaded apps were found to display what the researchers dub potentially dangerous or undesired behavior.
The data-set underpinning their analysis was collected via crowd-sourcing methods — using a purpose-built app (called Firmware Scanner), and pulling data from the Lumen Privacy Monitor app. The latter provided the researchers with visibility on mobile traffic flow — via anonymized network flow metadata obtained from its users.
They also crawled the Google Play Store to compare their findings on pre-installed apps with publicly available apps — and found that just 9% of the package names in their dataset were publicly indexed on Play.
Another concerning finding relates to permissions. In addition to standard permissions defined in Android (i.e. which can be controlled by the user) the researchers say they identified more than 4,845 owner or “personalized” permissions by different actors in the manufacture and distribution of devices.
So that means they found systematic user permissions workarounds being enabled by scores of commercial deals cut in a non-transparency data-driven background Android software ecosystem.
“This type of permission allows the apps advertised on Google Play to evade Android’s permission model to access user data without requiring their consent upon installation of a new app,” writes the IMDEA.
The top-line conclusion of the study is that the supply chain around Android’s open source model is characterized by a lack of transparency — which in turn has enabled an ecosystem to grow unchecked and get established that’s rife with potentially harmful behaviors and even backdoored access to sensitive data, all without most Android users’ consent or awareness. (On the latter front the researchers carried out a small-scale survey of consent forms of some Android phones to examine user awareness.)
tl;dr the phrase ‘if it’s free you’re the product’ is a too trite cherry atop a staggeringly large yet entirely submerged data-gobbling iceberg. (Not least because Android smartphones don’t tend to be entirely free.)
“Potential partnerships and deals — made behind closed doors between stakeholders — may have made user data a commodity before users purchase their devices or decide to install software of their own,” the researchers warn. “Unfortunately, due to a lack of central authority or trust system to allow verification and attribution of the self-signed certificates that are used to sign apps, and due to a lack of any mechanism to identify the purpose and legitimacy of many of these apps and custom permissions, it is difficult to attribute unwanted and harmful app behaviors to the party or parties responsible. This has broader negative implications for accountability and liability in this ecosystem as a whole.”
The researchers go on to make a series of recommendations intended to address the lack of transparency and accountability in the Android ecosystem — including suggesting the introduction and use of certificates signed by globally-trusted certificate authorities, or a certificate transparency repository “dedicated to providing details and attribution for certificates used to sign various Android apps, including pre-installed apps, even if self-signed”.
They also suggest Android devices should be required to document all pre-installed apps, plus their purpose, and name the entity responsible for each piece of software — and do so in a manner that is “accessible and understandable to users”.
“[Android] users are not clearly informed about third-party software that is installed on their devices, including third-party tracking and advertising services embedded in many pre-installed apps, the types of data they collect from them, the capabilities and the amount of control they have on their devices, and the partnerships that allow information to be shared and control to be given to various other companies through custom permissions, backdoors, and side-channels. This necessitates a new form of privacy policy suitable for preinstalled apps to be defined and enforced to ensure that private information is at least communicated to the user in a clear and accessible way, accompanied by mechanisms to enable users to make informed decisions about how or whether to use such devices without having to root their devices,” they argue, calling for overhaul of what’s long been a moribund T&Cs system, from a consumer rights point of view.
In conclusion they couch the study as merely scratching the surface of “a much larger problem”, saying their hope for the work is to bring more attention to the pre-installed Android software ecosystem and encourage more critical examination of its impact on users’ privacy and security.
They also write that they intend to continue to work on improving the tools used to gather the data-set, as well as saying their plan is to “gradually” make the data-set itself available to the research community and regulators to encourage others to dive in.
Google has responded to the paper with the following statement — attributed to a spokesperson:
We appreciate the work of the researchers and have been in contact with them regarding concerns we have about their methodology. Modern smartphones include system software designed by their manufacturers to ensure their devices run properly and meet user expectations. The researchers’ methodology is unable to differentiate pre-installed system software — such as diallers, app stores and diagnostic tools–from malicious software that has accessed the device at a later time, making it difficult to draw clear conclusions. We work with our OEM partners to help them ensure the quality and security of all apps they decide to pre-install on devices, and provide tools and infrastructure to our partners to help them scan their software for behavior that violates our standards for privacy and security. We also provide our partners with clear policies regarding the safety of pre-installed apps, and regularly give them information about potentially dangerous pre-loads we’ve identified.
Powered by WPeMatico
Google is removing apps from Google Play that request permission to access call logs and SMS text message data but haven’t been manually vetted by Google staff.
The search and mobile giant said it is part of a move to cut down on apps that have access to sensitive calling and texting data.
Google said in October that Android apps will no longer be allowed to use the legacy permissions as part of a wider push for developers to use newer, more secure and privacy minded APIs. Many apps request access to call logs and texting data to verify two-factor authentication codes, for social sharing, or to replace the phone dialer. But Google acknowledged that this level of access can and has been abused by developers who misuse the permissions to gather sensitive data — or mishandle it altogether.
“Our new policy is designed to ensure that apps asking for these permissions need full and ongoing access to the sensitive data in order to accomplish the app’s primary use case, and that users will understand why this data would be required for the app to function,” wrote Paul Bankhead, Google’s director of product management for Google Play.
Any developer wanting to retain the ability to ask a user’s permission for calling and texting data has to fill out a permissions declaration.
Google will review the app and why it needs to retain access, and will weigh in several considerations, including why the developer is requesting access, the user benefit of the feature that’s requesting access and the risks associated with having access to call and texting data.
Bankhead conceded that under the new policy, some use cases will “no longer be allowed,” rendering some apps obsolete.
So far, tens of thousands of developers have already submitted new versions of their apps either removing the need to access call and texting permissions, Google said, or have submitted a permissions declaration.
Developers with a submitted declaration have until March 9 to receive approval or remove the permissions. In the meantime, Google has a full list of permitted use cases for the call log and text message permissions, as well as alternatives.
The last two years alone has seen several high-profile cases of Android apps or other services leaking or exposing call and text data. In late 2017, popular Android keyboard ai.type exposed a massive database of 31 million users, including 374 million phone numbers.
Powered by WPeMatico
A coalition of 22 consumer and public health advocacy groups, led by Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD), have today filed a complaint with the Federal Trade Commission asking them to investigate and sanction Google for how its Google Play Store markets apps to children. The complaint states that Google features apps designed for very young children in its Play Store’s “Family” section, many of which are violating federal children’s privacy law, exposing kids to inappropriate content and disregarding Google’s own policies by luring kids into making in-app purchases and watching ads.
Google Play ‘Family’ section
Google first introduced its “Designed for Families” program back in 2015, which gives developers of kid-friendly apps meeting certain guidelines additional visibility in the Play Store. This includes a placement in the Family section, where apps are organized by age appropriateness.
To qualify, “Family” apps must abide by specific content policies, Google’s Developer Distribution Agreement and the Designed for Families DDA Addendum. The apps also must meet the Designed for Families program requirements. Legal compliance with federal privacy laws, including COPPA (Children’s Online Privacy Protection Rule), are among the requirements.
COPPA is designed to protect children under the age of 13 by giving parents control over what information sites and apps can collect from their kids.

Above: Google Play store showcases children’s content in its own dedicated sections
COPPA violations
But the new FTC complaint claims that Google is not verifying COPPA compliance when it accepts these apps and, as a result, many are in continual violation of the law.
“Our research revealed a surprising number of privacy violations on Android apps for children, including sharing geolocation with third parties,” said Serge Egelman, a researcher at the University of California, Berkeley, in a statement shared by the group. “Given Google’s assertion that Designed for Families apps must be COPPA compliant, it’s disappointing these violations still abound, even after Google was alerted to the scale of the problem,” he added.
TechCrunch asked the coalition if it had some idea about how many apps were in violation of COPPA, and were told the groups don’t know an exact number.
“From our survey — and more comprehensive analyses like the PET Study — it seems fairly prevalent,” Lindsey Barrett, Staff Attorney at Georgetown’s Institute for Public Representation, told us.
“The PET Study found that 73 percent of the kids apps in the Play store transmitted sensitive data over the internet, and we saw apps sending geolocation without notice and verifiable parental consent, and sending personal information unencrypted,” Barrett said. “Further, under COPPA, children’s PII cannot be used for behavioral advertising. Yet, many of the children’s apps we looked at were sending information to ad networks which say their services should not be used with children’s apps,” she added.
Other harms
The apps also engage in other bad behaviors, like regularly showing ads that are difficult to exit or showing those that require viewing in order to continue the current game, according to the complaint. Some apps pressure kids into making in-app purchases — in one example, the game characters were crying if the kids didn’t buy the locked items, it notes. Others show ads for alcohol and gambling, despite those being barred by Google’s Ad Policy.

Above: disturbing images from TabTale apps
The coalition additionally called out some apps for containing “graphic, sexualized images” like TutoTOONS “Sweet Baby Girl Daycare 4 – Babysitting Fun,” which has more than 10 million downloads. (The game has a part where kids change a baby’s diaper, wipe their diaper area, then rub powder all over the baby’s body.) Others model harmful behavior, like TabTale’s “Crazy Eye Clinic,” which teaches children to clean their eyes with a sharp instrument, and has more than one million downloads. (The game is currently not available on Google Play and its webpage is down.)
The complaint also broadly takes issue with apps that use common SDKs like those from Unity or Flurry (disclosure: Flurry and TechCrunch share a corporate parent) to collect device identifiers from the children’s apps.
“Nearly three-quarters of the apps in the Family section transmit device identifiers to third parties,” reads the complaint. “There is no way for us to know for sure what the device identifiers are used for. Since many of the apps send device identifiers to third parties that specialize in monetizing apps and/or engaging in interest-based (behavioral) advertising, it seems unlikely that this information is being used solely to support internal operations,” it says.

Above: Strawberry Shortcake Puppy Palace was called out for aggressive monetization efforts. Strawberry tells kids to buy things to keep the puppy happy — the implication is if you don’t pay, you’re making puppies sad.
The groups say that Google has been aware of all these problems for some time, but hasn’t taken adequate steps to enforce its criteria for developers. As a result, the consumer advocacy groups are urging the FTC to investigate the Play Store’s practices.
The coalition had previously asked the FTC to investigate developers of children’s apps aimed at preschoolers who were using manipulative advertising. But today’s complaint is focused on Google.
“Google (Alphabet, Inc.) has long engaged in unethical and harmful business practices, especially when it comes to children,” explained Jeff Chester, executive director of the Center for Digital Democracy. “And the Federal Trade Commission has for too long ignored this problem, placing both children and their parents at risk over their loss of privacy, and exposing them to a powerful and manipulative marketing apparatus. As one of the world’s leading providers of content for kids online, Google continues to put the enormous profits they make from kids ahead of any concern for their welfare,” Chester said.
Apple was not similarly called out because a similar analysis has not yet been done on its app marketplace, Josh Golin, executive director at CCFC told us. In Google’s case, he explained, two major studies found widespread issues with the Play Store apps for kids. One from Berkeley researchers found widespread COPPA non-compliance; the other, by University of Michigan researchers, found children’s play experience was often completely interrupted and undermined by aggressive marketing tactics.
The complaint comes at a time where there is increased scrutiny as to how tech companies are misusing and abusing consumer data and violating privacy. Kids game have already been the subject of some concern. And this morning, an NYT investigation into Facebook revealed it had shared more of users’ personal data than disclosed with major tech companies, following a year of data scandals.
The issue of data privacy is an industry-wide problem. Tech companies’ failures on this front will likely lead to increased regulation going forward.
Not all the named developers were immediately available to comment this morning. We’ll update if comments are provided. (Update: TutoToons says they removed the inappropriate content from the app after becoming aware of the complaint. They urged parents and child advocacy groups to reach out to them directly in the future.)
Google says it’s taking the complaint seriously. It has removed thousands of apps from its Designed for Families program this year, and rejects a third of applications.
“Parents want their children to be safe online and we work hard to protect them. Apps in our Designed for Families program have to comply with strict policies on content, privacy and advertising, and we take action on any policy violations that we find,” a Google spokesperson says. “We take these issues very seriously and continue to work hard to remove any content that is inappropriately aimed at children from our platform,” they added.
The full complaint is below.
Powered by WPeMatico
The Google Play Store is receiving an update today that will allow customers to make charitable donations to nonprofits from their Android device. While it may seem odd to be rallying for support for charities within the same marketplace where users download apps and games, it’s not uncommon — Apple for years has collected donations for the American Red Cross in the wake of natural disasters like the California wildfires and hurricanes, for example.
Google’s implementation, however, isn’t a launch tied to a single event. And it’s rolling out support for several charities, not just the Red Cross.
Users in the U.S., Canada, Mexico, Germany, Great Britain, France, Spain, Italy, Taiwan and Indonesia will soon see the option to make a donation to a number of organizations, including also charity:water, Doctors Without Borders USA, Girls Who code, International Rescue Committee, Room to Red, Save the Children, UNICEF, World Food Program USA and World Wildlife Fund US, in addition to the American Red Cross.
To access the feature Android users can head to play.google.com/donate to read about the organizations or to make a donation using the payment card they have on file for the Play Store.
To be clear, this is about the Play Store itself collecting charitable donations, not allowing Android app developers to do so. Google Play is covering all the transaction and disbursement costs, so the organizations receive 100 percent of users’ donations.
The feature’s launch has been timed with the holiday season, which often inspires charitable giving. It’s also a sort of belated nod to Giving Week 2018, the movement that encourages people to volunteer, fundraise and donate to worthy causes. (Giving Week this year wrapped on December 5).
The donations feature may offer a different selection of nonprofits in the future, we understand, though Google is not announcing any planned additions at this time.
Google says the feature will begin to roll out to Android users in the supported markets over the next few days.
Powered by WPeMatico