WhatsApp

Auto Added by WPeMatico

Telegram introduces a feature to prevent users from texting too often in a group

Telegram, a popular instant messaging app, has introduced a new feature to give group admins on the app better control over how members engage, the latest in a series of interesting features it has rolled out in recent months to expand its appeal.

The feature, dubbed Slow Mode, allows a group administrator to dictate how often a member could send a message in the group. If implemented by a group, members who have sent a text will have to wait between 30 seconds to as long as an hour before they can say something again in that group.

telegram slow mode groups

The messaging platform, which had more than 200 million monthly active users as of early 2018, said the new feature was aimed at making conversations in groups “more orderly” and raising the “value of each individual message.” It suggested admins to “keep [the feature] on permanently, or toggle as necessary to throttle rush hour traffic.”

Tech platforms including WhatsApp are grappling with containing the spread of misinformation on their messaging services. Though Telegram has largely been immune to such controversies, it has its fair share of issues.

WhatsApp has enforced limits on how often a user could forward a text message and is using machine learning techniques to weed out fraudulent users during the sign up procedure itself.

Shivnath Thukral, Director of Public Policy for Facebook in India and South Asia, said at a conference this month that virality of content has dropped by 25% to 30% on WhatsApp since the messaging platform imposed limits on forwards.

Telegram isn’t marketing the “Slow Mode” as a way to tackle the spread of false information, though. Instead, it says the feature would give users more “peace of mind.” Indeed, unlike WhatsApp, which allows up to 256 users to be part of a group, up to a whopping 200,000 users can join a Telegram group.

this new Telegram groups feature is so interesting pic.twitter.com/763mHGmZ0u

— freia lobo (@freialobo) August 10, 2019

On a similar tone, Telegram has also added an option that will enable users to send a message without invoking a sound notification at the recipient’s end. “Simply hold the Send button to have any message or media delivered without sound,” the app maker said. “Your recipient will get a notification as usual, but their phone won’t make a sound – even if they forgot to enable the Do Not Disturb mode.”

Telegram has also introduced a range of other small features such as the ability for group owners to add custom titles for admins. Videos on the app now display thumbnail previews when a user scrubs through them, making it easier to them to find the right moment. Like YouTube, users on Telegram too can now share a video that jumps directly at a certain timestamp. Users can also animate their emojis now — if they are into that sort of thing.

In June, Telegram introduced a number of location-flavored features to allow users to quickly exchange contact details without needing to type in digits.

Powered by WPeMatico

Zendesk puts Smooch acquisition to work with WhatsApp integration

Zendesk has always been all about customer service. Last spring it purchased Smooch to move more deeply into messaging app integration. Today, the company announced it was integrating WhatsApp, the popular messaging tool, into the Zendesk customer service toolkit.

Smooch was an early participant in the WhatsApp Business API program. What that does, in practice, says Warren Levitan, who came over as part of the Smooch deal, is provide a direct WhatsApp phone number for businesses using Zendesk . Given how many people, especially in Asia and Latin America, use WhatsApp as a primary channel for communication, this is a big deal.

“The WhatsApp Business API Connector is now fully integrated into Zendesk support. It will allow any Zendesk support customer to be up and running with a new WhatsApp number quicker than ever before, allowing them to connect to the 1.5 billion WhatsApp users worldwide, communicating with them on their channel of choice,” Levitan explained.

Levitan says the entire WhatsApp interaction experience is now fully integrated into the same Zendesk interface that customer service reps are used to using. WhatsApp simply becomes another channel for them.

“They can access WhatsApp conversations from within the same workspace and agent desktop, where they handle all of their other conversations. From an agent perspective, there are no new tools, no new workflows, no new reporting. And that’s what really allows them to get up and running quickly,” he said.

Customers may click or touch a button to dial the WhatsApp number, or they may use a QR code, which is a popular way of accessing WhatsApp customer service. As an example, Levitan says Four Seasons hotels prints a QR code on room key cards, and if customers want to access customer service, they can simply scan the code and the number dials automatically.

Zendesk has been able to get close to 1,000 businesses up and running as part of the early access program, but now it really wants to scale that and allow many more businesses to participate. Up until now, Facebook has taken a controlled approach to on-boarding, having to approve each brand’s number before allowing it on the platform. Zendesk has been working to streamline that.

“We’ve worked tightly with Facebook (the owner of WhatsApp), so that we can have an integrated brand approval and on-boarding/activation to get their number lit up. We can now launch customers at scale, and have them up and running in days, whereas before it was more typically a multi-week process,” Levitan said.

For now, when the person connects to customer service via WhatsApp, it’s only via text messaging — there is no voice connection, and no plans for any for the time being, according to Levitan. Zendesk-WhatsApp integration is available starting today worldwide.

Powered by WPeMatico

WhatsApp reaches 400 million users in India, its biggest market

WhatsApp has amassed more than 400 million users in India, the instant messaging app confirmed today, reaffirming its gigantic reach in its biggest market.

Amitabh Kant, CEO of highly influential local think-tank NITI Aayog, revealed the new stat at a press conference held by WhatsApp in New Delhi on Thursday. A WhatsApp spokesperson confirmed that the platform indeed had more than 400 million monthly active users in the country.

The remarkable revelation comes more than two years after WhatsApp said it had hit 200 million users in India. WhatsApp — or Facebook — did not share any India-specific users count in the period in between.

The public disclosure today should help Facebook reaffirm its dominance in India, where it appears to be used by nearly every smartphone user. According to research firm Counterpoint, India has about 450 million smartphone users. (Some other research firms peg the number to be lower.)

It’s worth pointing out that WhatsApp also supports KaiOS — a mobile operating system for feature phones. Millions of KaiOS-powered JioPhone handsets have shipped in India. Additionally, there are about 500 million internet users, according to several industry estimates.

As WhatsApp becomes ubiquitous in the nation, the service is increasingly mutating to serve additional needs. Businesses such as social-commerce app Meesho have been built on top of WhatsApp. Facebook backed Meesho recently in what was its first investment of this kind in an Indian startup. Then, of course, WhatsApp has also come under hot water for its role in the spread of false information in the nation.

As ByteDance and others aggressively expand their businesses in India, Facebook’s perceived dominance in the country has come under attack in recent months. ByteDance’s TikTok, which has amassed 120 million users in India, has been heralded by many as the top competitor of Facebook.

A WhatsApp spokesperson also told TechCrunch that India remains WhatsApp’s biggest market. In 2017, Facebook said its marquee service had about 250 million users in India — a figure it has not updated in the years since.

WhatsApp, which has about 1.5 billion monthly active users worldwide, does not really have any major competitor in India. The closest to a competitor it has in the country is Messenger, another platform owned by Facebook, and Hike, which millions of users check everyday. Times Internet — an internet conglomerate in India that runs several news outlets, entertainment services and more — claims to reach 450 million users in the country each month.

At the aforementioned press conference, WhatsApp global chief Will Cathcart said WhatsApp also plans to roll out WhatsApp Pay, its payment service, to all its users toward the end of the year — something TechCrunch reported earlier.

Its arrival in India’s burgeoning payments space could create serious tension for Google Pay, Flipkart’s PhonePe and Paytm. For Facebook, WhatsApp Pay’s success is even more crucial as the company currently has no plans to bring cryptocurrency wallet Calibra to the country, it told TechCrunch on the sidelines of the Libra and Calibra unveil.

In a series of announcements this week, WhatsApp also unveiled a tie-up with NITI Aayog to promote women’s entrepreneurship. “By launching ‘gateway to a billion opportunities’ and our digital skills training program, we hope to shine a light on the amazing work already happening and build the next generation of entrepreneurs and change makers,” said Cathcart.

At a conference in Mumbai on Wednesday, Cathcart announced a partnership with the Indian School of Public Policy — India’s first program in the theory and practice of public policy, product design and management — to bring a series of privacy design workshops to future policy makers. These workshops will explore “the importance and practice of privacy-centric design to help technology make a positive impact on society,” the Facebook-owned platform said.

Powered by WPeMatico

Reliance Jio partners with Facebook to launch literacy program for first time internet users in India

Mukesh Ambani, India’s richest man, has enabled tens of millions of people — if not more — to come online for the first time with his disruptive telecom network. He has changed how many Indians, once thrifty about each megabyte they spent browsing the internet, consume mobile data today.

But many of these first-time internet users are increasingly struggling with grasping the nuances of the internet — often ending up trusting everything they see online and, in extreme cases, causing major chaos in the nation. Ambani now wants to help these people understand the ins and outs of the digital world.

His telecom network Reliance Jio announced today a literacy program called “Digital Udaan” for first-time internet users in India. The two-and-a-half-year-old telecom network, which has amassed more than 300 million subscribers, said it has partnered with Facebook to create “the largest ever digital literacy program” that will offer audio-visual training in 10 regional languages.

As part of the Digital Udaan program, Reliance Jio will hold training sessions to help its users learn about internet safety, and how they should engage with popular services and its devices. The operator said it will hold these sessions each Saturday and also provide training videos and information brochures to users.

Reliance Jio said Facebook helped it build and curate modules that are relevant for people in cities and small towns in India. In the first phase of the program, Jio will conduct these training sessions in about 200 different locations across 13 states. It will then expand to more than 7,000 locations, where “millions of JioPhone users and other first-time internet users” live.

“Facebook is an ally in this mission, and we are delighted to partner with Jio in attracting new Internet users and creating mechanisms for them to unleash the power of that access,” Ajit Mohan, VP and MD of Facebook India, said in a statement. Facebook and WhatsApp count India, where they reach about 350 million users, as their largest and fastest growing market. There are more than 500 million internet users in India.

Akash Ambani, director of Reliance Jio, said he hopes to “help eradicate barriers of information asymmetry and provide accessibility in real time. It is a program for inclusive information, education and entertainment, where no Indian will be left out of this digital drive. Jio envisions to take this to every town and village of India, achieving 100% digital literacy in the country.”

Reliance Jio, through its free voice calls and low-data prices, has significantly helped accelerate the growth of India’s internet and smartphone ecosystem. The platform has brought the nation, now the world’s second largest internet and smartphone market, to a point that many thought would have taken more than five years to reach.

But this growth has also accompanied new sets of challenges. WhatsApp, which is the most popular app in India, continues to grapple with the spread of false information in the nation, for instance. Other social media services are facing similar challenges as well. Last year, WhatsApp began to air TV commercials in India to help users become more cautious about the messages they share on its service. It also partnered with Reliance Jio to pay for teams of performers to travel across India to hold roadshows to help people better understand the rampant rise of fake news.

Prabhakar Kumar, co-ordinator of CMS Medialab, an organization that monitors media trends in India, told TechCrunch in an earlier interview that the level of literacy among the users who are coming onboard now is much lower than those who came online before them.

Powered by WPeMatico

The next service marketplace wave: Vertical market-networks

Ivan Smolnikov
Contributor

Ivan Smolnikov is the CEO and founder of Smartcat, the market network platform for the translation industry.

The last few decades have produced many successful marketplaces. We went from goods marketplace pioneers such as eBay and Amazon to simple service marketplaces such as Uber, Lyft, Doordash, Upwork, Thumbtack, TaskRabbit, and Fiverr. But why haven’t we seen many successful B2B service marketplaces?

Table of Contents


Why Many B2B Service Marketplaces Failed

Some would argue that companies such as Upwork, Thumbtack, Fiverr, or TaskRabbit are horizontal B2B marketplaces in the sense that they provide access to suppliers of different services. But while businesses do indeed transact with freelancers on such “horizontal” marketplaces, for most service verticals these are limited-value, one-off transactions. They fail to enable long-term business collaborations.

So, such marketplaces haven’t delivered more valuable services nor introduced a new paradigm for how businesses buy specific services at scale and on an on-going basis. Why is that?

Horizontal marketplaces are stuck at the discovery process

Horizontal services marketplaces don’t provide much value beyond matching clients with quality service providers. In other words, they don’t facilitate collaboration between buyers and suppliers, never mind provide ways for the two parties to collaborate more efficiently over time as they engage in follow-on projects.

In essence, the model these marketplaces were built around is not much different from the likes of Craigslist, which put a convenient UX on traditional classified advertisements.

Complex B2B services require workflow and collaboration tools

In their article “What’s Next for Marketplace Startups?,” Andrew Chen and Li Jin found that there aren’t many successful service marketplaces because those offerings are complex, diverse, and difficult to evaluate. It’s challenging to define a successful transaction in a service marketplace because it’s harder to quantify success.

One reason is that several service providers must often work together to complete a single job for a buyer, requiring a complex workflow from end to end. As a result, it’s difficult for marketplaces to not only mediate service delivery but also make it significantly more efficient for buyers and suppliers. If both the buyer and suppliers don’t see a significant efficiency gain other than being initially matched, why would they continue using the marketplace?

(Image via Getty Images / Lidiia Moor)

The $50 billion translation industry is a prime example of complex B2B services marketplaces. On the supply side are roughly 50,000 small agencies around the globe responsible for more than 85% of this $50 billion industry. (Note we are referring to agencies here as suppliers, though they play on both sides.)

On the demand side are businesses that need to translate text from one language into another. Plus about 1,500,000 freelance linguists work in this industry, many of whom are more specialized than professionals in other industries.

Anyone can find and hire a translator on Fiverr or Upwork. Both provide a vast selection of language translators. However, the quality and cost of the translation depends on the translation tools available to the translator as well as their subject expertise.

Neither Fiverr nor Upwork provide computer-aided translation (CAT) and collaborative workflow solutions for users of their platforms. Additionally, neither provides an effective way for all parties to collaborate and continuously improve the efficiency and quality.

But the problem with traditional marketplaces goes even further: Multiple translators and reviewers are usually needed to complete a single job for a customer. Multi-language translation projects are even more complicated. Such projects require multiple service providers and cost estimates, in addition to project management tools.

This is why building a B2B service marketplace is difficult. Service marketplaces must not only connect buyers and suppliers, but also provide tools to enable an efficient and collaborative workflow that reduces wasted time and effort.

Horizontal marketplaces suffer high attrition

In addition to the problems already outlined, traditional marketplaces experience another issue that prevents them from growing and retaining market participants: Buyer and supplier attrition.

Many business services are based on regularly recurring engagements. In some cases, a buyer and a service provider interact daily, requiring a different workflow than gig-marketplaces are built around.

Buyers and suppliers have little motivation to continue interacting on a platform with no workflow automation solutions. They lack a way to improve service efficiency and quality, automate collaboration, payment, paperwork, and other basic processes required for a business.

This is why many traditional marketplaces suffer from slow network effects and high attrition. (A network effect is what happens when a platform, product, or service delivers more value the more it is used.

Think Facebook, eBay, WhatsApp.) Why wouldn’t companies work directly with service providers outside of a marketplace after they were introduced? What incentives keep the service transaction on the marketplace? These are critical questions to answer when building a marketplace.

Traditional marketplaces target broad services, making it nearly impossible to provide workflow solutions for buyers and suppliers. Going forward, successful service marketplaces will be developed relying on an industry-specific SaaS workflow. This will focus buyers and suppliers on longer-term projects and interactions that serve the unique needs of collaborations and transactions in a specific vertical.

Image via Getty Images / OstapenkoOlena

What makes a successful service marketplace?

In “The next 10 Years Will Be About Market Networks,” James Currier, Managing Partner at NFX Ventures, defines a new era of service marketplaces, which he calls market networks.

A market network is a platform that combines elements of an n-sided marketplace, a network, and workflow solutions. An n-sided marketplace is one that requires coordination of multiple supply-side parties to provide a complex service for a single buyer.

Market networks enable multiple buyers and suppliers to interact, collaborate, and transact on the same platform. They provide users with industry-specific workflow solutions that enable efficient, ongoing collaboration on long-term projects. This reduces costs and leads to a higher quality of services and increased overall value for all users.

But how do you actually build a successful market-network platform? While the answer to that varies from company to company, here is our approach. We were able to build a market network for the translation industry that combines the components: network, marketplace, and workflow solution.

STEP 1: SaaS workflow platform unlocks high-value collaboration

The first step to building an effective complex market network is to develop a workflow that is easy for users to embrace. It might not seem like much, but this increases productivity by enabling teams to perform tasks that were previously impossible.

Powered by WPeMatico

Anti-spam service Truecaller adds free voice calling feature

Truecaller, an app best known for helping users screen calls from strangers and spammers, is adding yet another feature to its service as it bolsters its super app status. The Stockholm-based firm said today that its app can now be used to place free VoIP-powered voice calls.

The company told TechCrunch on Tuesday that it has started to roll out the free voice calling feature to its Android users. It expects the rollout to reach all Android users in the coming days. The feature, which currently only supports calls between two users, will arrive on its iOS app soon.

In emerging markets such as India, where 100 million of Truecaller’s 140 million users live, free voice calls has been a long-sought after feature. Until late 2016, voice calls were fairly expensive in India, with telecom operators counting revenue from traditional calls as their biggest profit generator.

But in last two and a half years, things have changed dramatically for hundreds of millions of people in India after Reliance Jio, a telecom operator owned by India’s richest man Mukesh Ambani, launched its network with free voice calls and low-priced data services. Reliance Jio has already amassed over 300 million users to become one of the top three telcos in the nation.

Yet, the quality of network still leaves much to be desired in India as traditional calls drop abruptly and run into quality issues more often than one would like. Truecaller said that its voice calls rely on data services — mobile data and Wi-Fi — and claimed that they can work swiftly even on patchy network.

The addition of voice calling functionality comes as Truecaller aggressively looks to expand its business. The service, which offers both ad-support free tier and subscription bundle, has added messaging, mobile payments, and call recording features in recent years. Earlier this year, it also added a crediting option, allowing users in India to borrow a few hundred dollars.

A representative with the company said Truecaller began exploring the free voice calling feature a few months ago. It began testing the new functionality with alpha and beta test group users four weeks ago. It now plans to introduce group voice calling support soon, the company said.

With the new feature, Truecaller now competes even more closely with WhatsApp . The Facebook-owned app has become ubiquitous in India with more than three-quarters of India’s smartphone base using the app. WhatsApp added voice calling feature to its app in 2015. Last year, Facebook said users around the world were spending 2 billion minutes per day on WhatsApp video and audio calls.

Powered by WPeMatico

Every secure messaging app needs a self-destruct button

The growing presence of encrypted communications apps makes a lot of communities safer and stronger. But the possibility of physical device seizure and government coercion is growing as well, which is why every such app should have some kind of self-destruct mode to protect its user and their contacts.

End to end encryption like that you see in Signal and (if you opt into it) WhatsApp is great at preventing governments and other malicious actors from accessing your messages while they are in transit. But as with nearly all cybersecurity matters, physical access to either device or user or both changes things considerably.

For example, take this Hong Kong citizen who was forced to unlock their phone and reveal their followers and other messaging data to police. It’s one thing to do this with a court order to see if, say, a person was secretly cyberstalking someone in violation of a restraining order. It’s quite another to use as a dragnet for political dissidents.

@telegram @durov an HK citizen who runs a Telegram channel detained by the police was forced to unlock his phone and reveal his channel followers. Could you please add an option such that channel subscribers cannot be seen under extreme circumstances? Much appreciate. https://t.co/tj4UQztuZ2

— Lo Sinofobo (@tnzqo7f9) June 12, 2019

This particular protestor ran a Telegram channel that had a number of followers. But it could just as easily be a Slack room for organizing a protest, or a Facebook group, or anything else. For groups under threat from oppressive government regimes it could be a disaster if the contents or contacts from any of these were revealed to the police.

Just as you should be able to choose exactly what you say to police, you should be able to choose how much your phone can say as well. Secure messaging apps should be the vanguard of this capability.

There are already some dedicated “panic button” type apps, and Apple has thoughtfully developed an “emergency mode” (activated by hitting the power button five times quickly) that locks the phone to biometrics and will wipe it if it is not unlocked within a certain period of time. That’s effective against “Apple pickers” trying to steal a phone or during border or police stops where you don’t want to show ownership by unlocking the phone with your face.

Those are useful and we need more like them — but secure messaging apps are a special case. So what should they do?

The best-case scenario, where you have all the time in the world and internet access, isn’t really an important one. You can always delete your account and data voluntarily. What needs work is deleting your account under pressure.

The next best-case scenario is that you have perhaps a few seconds or at most a minute to delete or otherwise protect your account. Signal is very good about this: The deletion option is front and center in the options screen, and you don’t have to input any data. WhatsApp and Telegram require you to put in your phone number, which is not ideal — fail to do this correctly and your data is retained.

Signal, left, lets you get on with it. You’ll need to enter your number in WhatsApp (right) and Telegram.

Obviously it’s also important that these apps don’t let users accidentally and irreversibly delete their account. But perhaps there’s a middle road whereby you can temporarily lock it for a preset time period, after which it deletes itself if not unlocked manually. Telegram does have self-destructing accounts, but the shortest time you can delete after is a month.

What really needs improvement is emergency deletion when your phone is no longer in your control. This could be a case of device seizure by police, or perhaps being forced to unlock the phone after you have been arrested. Whatever the case, there need to be options for a user to delete their account outside the ordinary means.

Here are a couple options that could work:

  • Trusted remote deletion: Selected contacts are given the ability via a one-time code or other method to wipe each other’s accounts or chats remotely, no questions asked and no notification created. This would let, for instance, a friend who knows you’ve been arrested remotely remove any sensitive data from your device.
  • Self-destruct timer: Like Telegram’s feature, but better. If you’re going to a protest, or have been “randomly” selected for additional screening or questioning, you can just tell the app to delete itself after a certain duration (as little as a minute perhaps) or at a certain time of the day. Deactivate any time you like, or stall for the five required minutes for it to trigger.
  • Poison PIN: In addition to a normal unlock PIN, users can set a poison PIN that when entered has a variety of user-selectable effects. Delete certain apps, clear contacts, send prewritten messages, unlock or temporarily hard-lock the device, etc.
  • Customizable panic button: Apple’s emergency mode is great, but it would be nice to be able to attach conditions like the poison PIN’s. Sometimes all someone can do is smash that button.

Obviously these open new avenues for calamity and abuse as well, which is why they will need to be explained carefully and perhaps initially hidden in “advanced options” and the like. But overall I think we’ll be safer with them available.

Eventually these roles may be filled by dedicated apps or by the developers of the operating systems on which they run, but it makes sense for the most security-forward app class out there to be the first in the field.

Powered by WPeMatico

WhatsApp is finally going after outside firms that are abusing its platform

WhatsApp has so far relied on past dealings with bad players within its platform to ramp up its efforts to curtail spam and other automated behavior. The Facebook -owned giant has now announced an additional step it plans to take beginning later this year to improve the health of its messaging service: going after those whose mischievous activities can’t be traced within its platform.

The messaging platform, used by more than 1.5 billion users, confirmed on Tuesday that starting December 7 it will start considering signals off its platform to pursue legal actions against those who are abusing its system. The company will also go after individuals who — or firms that — falsely claim to have found ways to cause havoc on the service.

The move comes as WhatsApp grapples with challenges such as spam behavior to push agendas or spread false information on its messaging service in some markets. “This serves as notice that we will take legal action against companies for which we only have off-platform evidence of abuse if that abuse continues beyond December 7, 2019, or if those companies are linked to on-platform evidence of abuse before that date,” it said in an FAQ post on its site.

A WhatsApp spokesperson confirmed the change to TechCrunch, adding, “WhatsApp was designed for private messaging, so we’ve taken action globally to prevent bulk messaging and enforce limits on how WhatsApp accounts that misuse WhatsApp can be used. We’ve also stepped up our ability to identify abuse, which helps us ban 2 million accounts globally per month.”

Earlier this year, WhatsApp said (PDF) it had built a machine learning system to detect and weed out users who engage in inappropriate behavior, such as sending bulk messages or creating multiple accounts with intention to harm the service. The platform said it was able to assess the past dealings with problematic behaviors to ban 20% of bad accounts at the time of registration itself.

But the platform is still grappling to contain abusive behavior, a Reuters report claimed last month. The news agency reported about tools that were readily being sold in India for less than $15 that claimed to bypass some of the restrictions that WhatsApp introduced in recent months.

TechCrunch understands that with today’s changes, WhatsApp is going after those same set of bad players. It has already started to send cease and desist letters to marketing companies that claim to abuse WhatsApp in recent months, a person familiar with the matter said.

Powered by WPeMatico

Indian PM Narendra Modi’s reelection spells more frustration for US tech giants

Amazon and Walmart’s problems in India look set to continue after Narendra Modi, the biggest force to embrace the country’s politics in decades, led his Hindu nationalist Bharatiya Janata Party to a historic landslide re-election on Thursday, reaffirming his popularity in the eyes of the world’s largest democracy.

The re-election, which gives Modi’s government another five years in power, will in many ways chart the path of India’s burgeoning startup ecosystem, as well as the local play of Silicon Valley companies that have grown increasingly wary of recent policy changes.

At stake is also the future of India’s internet, the second largest in the world. With more than 550 million internet users, the nation has emerged as one of the last great growth markets for Silicon Valley companies. Google, Facebook, and Amazon count India as one of their largest and fastest growing markets. And until late 2016, they enjoyed great dynamics with the Indian government.

But in recent years, New Delhi has ordered more internet shutdowns than ever before and puzzled many over crackdowns on sometimes legitimate websites. To top that, the government recently proposed a law that would require any intermediary — telecom operators, messaging apps, and social media services among others — with more than 5 million users to introduce a number of changes to how they operate in the nation. More on this shortly.

Growing tension

Powered by WPeMatico

WhatsApp exploit let attackers install government-grade spyware on phones

WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.

The vulnerability (documented here) was discovered by the Facebook-owned WhatsApp in early May, the company confirmed to TechCrunch. It apparently leveraged a bug in the audio call feature of the app to allow the caller to allow the installation of spyware on the device being called, whether the call was answered or not.

The spyware in question that was detected as having been installed was Israel-based NSO Group’s Pegasus, which is usually (ostensibly) licensed to governments looking to infect targets of investigations and gain access to various aspects of their devices.

This is, as you can imagine, an extremely severe security hole, and it is difficult to fix the window during which it was open, or how many people were affected by it. Without knowing exactly what the exploit was and what data WhatsApp keeps regarding that type of activity, we can only speculate.

The company said that it suspects a relatively small number of users were targeted, since it would be nontrivial to deploy, limiting it to advanced and highly motivated actors.

Once alerted to the issue’s existence, the company said it took less than 10 days to make the required changes to its infrastructure that would render the attack inoperable. After that, an update went out to the client that further secured against the exploit.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the company said in a statement.

So what about NSO Group? Is this attack their work as well? The company told the Financial Times, which first reported the attack, that it was investigating the issue. But it noted that it is careful not to involve itself with the actual applications of its software — it vets its customers and investigates abuse, it said, but it has nothing to do with how its code is used or against whom.

WhatsApp did not name NSO in its remarks, but its suspicions seem clear:

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”

Naturally when a security-focused app like WhatsApp finds that a private company has, potentially at least, been secretly selling a known and dangerous exploit of its protocols, there’s a certain amount of enmity. But it’s all part of the 0-day game, an arms race to protect against or breach the latest security measures. WhatsApp notified the Department of Justice and “a number of human rights organisations” of the issue.

You should, as WhatsApp suggests, always keep your apps up to date for situations like this, although in this case the problem was able to be fixed in the backend before clients could be patched.

Powered by WPeMatico