Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

Global app spending reached $65 billion in the first half of 2022, up only slightly from the $64.4 billion during the same period in 2021, as hypergrowth fueled by the pandemic has decreased. But overall, the app economy is continuing to grow, having produced a record number of downloads and consumer spending across both the iOS and Google Play stores combined in 2021, according to the latest year-end reports. Global spending across iOS and Google Play last year was $133 billion, and consumers downloaded 143.6 billion apps.

This Week in Apps offers a way to keep up with this fast-moving industry in one place with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and much more.

Do you want This Week in Apps in your inbox every Saturday? Sign up here: techcrunch.com/newsletters

Top Stories

Twitter gets editable… do we still care?

After years of user demand for an edit button, Twitter’s news this week that such a feature was now entering testing felt a little anticlimactic.

Twitter broke its own embargo over the impending launch. There weren’t any interviews. Instead, Twitter just casually noted the edit feature was being tested internally, it said in a tweet published ahead of its blog post announcement. Here’s a feature you wanted. I guess we’ll ship it. 

And though the feature will roll out to users later this month, it won’t be broadly available. Instead, users can pay for a Twitter Blue subscription to access the edit feature, Twitter said. But only “some” Twitter Blue subscribers will even see the option, as it will still be in a test mode at first. Then there’s the fact that Twitter Blue subscribers have already been somewhat placated by the “Undo Tweet” feature — an option that lets you quickly unsend a tweet when you spot a typo. (It’s actually a delay to post, which makes the “unsending” possible.) This reduces the need for an edit button in many cases, as it turns out.

A true edit feature, meanwhile, introduces a layer of complexity on top of the increasingly cluttered social app. Although Twitter says the feature will have an edit log to minimize abuse, there’s concern that people will re-write tweets knowing that many won’t ever look at the past versions.

If anything, the demand for an edit button had become more a meme than a true user request. It was just sort of unfathomable to some Twitter users that a basic feature like this was not being built. But over the years, people have learned to work around the lack of editing. We’d delete and retweet things. We’d reply with a correction, cursing the lack of an edit button as we did. And then we moved on. Now Twitter wants everyone to pay for this long-requested functionality? Ouch.

Here come the BeReal clones

Image Credits: Snapchat

Remember when every social app was copying Snapchat’s Stories — Instagram successfully so? More recently, that sort of copy-and-paste development cycle has been focused on shoehorning a TikTok-like vertical video feed into every other social app, including Instagram and Facebook (Reels), YouTube (Shorts), Snapchat (Spotlight) and others — even Twitter gave it a shot for a time.

But now, the top social apps have set their sights on BeReal, the scrappy social app for unfiltered sharing that’s been sitting just a bit too long at the top of the App Store to keep calling it a “trend.” That has the major social platforms worried about the impact the newcomer is having on their respective user bases. In particular, BeReal seems to be succeeding in appealing to a younger, Gen Z audience in search of a more authentic social networking experience. It allows them to connect with their friends without all the embellishments that, for years, have been the hallmarks of social apps — filters, AR and advanced editing tools resulting in a curated, idealized feed. Instead, BeReal users are in search of imperfection — yet another nail in the coffin for the old “Instagram aesthetic” that’s since been replaced by intentionally poorly shot photos and lo-fi selfies.

Last week, we saw Instagram building out a new feature that’s clearly designed to be a BeReal clone, as it would send Instagram users a notification after which they’d have two minutes to capture and share an “IG Candid” photo to their Story. This is essentially the same mechanic BeReal uses today. Before that, it built a Dual camera feature that lets users shoot from both cameras at once. But that one missed the key component to BeReal’s draw: connecting with friends.

Now Snapchat is jumping on the BeReal bandwagon, with the launch of its own Dual Camera feature. Similar to BeReal, the new mode also lets users capture photos and videos from both their front and back cameras at the same time. But in its case, the app allows users to customize where and how their selfie photo appears — either picture-in-picture, in a horizontal or vertical side-by-side layout or in a unique “image cutout” mode. This latter option cuts out your selfie from the background, then overlays it on top of the footage from the back camera. This differentiates Snap’s feature from BeReal as it could inspire a different type of image-sharing experience to emerge.

It’s also the latest example of how advances in machine learning technologies have been allowing technology companies to do more with users’ photos. Apple, for instance, is introducing an image cutout feature in iOS 16 that lets you cut and paste the subject of a photo into other apps — like texting a picture of your dog’s image cutout in iMessage. This technology is also powering other areas involving photos across iOS — like the “copy subject” feature in mobile Safari or “remove background” in Files, for example.

Elsewhere, Pinterest’s buzzy new app Shuffles is also using image cutouts to allow users to grab images from their Pins for use in collages.

But whether or not an image cutout feature will prove a draw for Snapchat users is still unknown. After all, the dual camera photo-taking tech itself is not driving demand for BeReal — it’s the social connections it enables.

California advances an age-appropriate design code bill for apps

Lawmakers in California have passed a bill, the California Age-Appropriate Design Code Act, that would require apps and websites to increase protections for children, in the absence of any sort of federal standards. The legislation supports the implementation of a range of design changes and features across sites and apps. For instance, companies would have to turn on the highest privacy settings for minors by default — something apps like Instagram have begun doing for minor users (at least new ones), in anticipation of such legislation.

It would also restrict companies from collecting users’ precise locations — a privacy protection that, coincidentally, just went viral on TikTok, as users warned each other how to disable precise location for Instagram’s app in their phone’s Settings. This prompted Instagram head Adam Mosseri to refute the claims users were making, noting that the app was not actually tracking users or sharing their location with others.

Additionally, the bill calls for protections around data collection, prohibiting companies from collecting any data beyond what’s absolutely necessary or using the data collection in a way that would negatively impact the physical or mental health of minors. Apps and sites would also have to have the strongest privacy protections in place, disabling features that personalize the experience based on prior behavior or browsing history, which could affect numerous apps using recommendation algorithms, like TikTok. And it could restrict apps in other ways, like limiting messaging with strangers, and disallowing techniques designed to addict kids into spending hours with the service, among other things.

While such guidelines sound good on paper, the broad and vague language used in the bill could create complications in implementing some of the changes, critics have argued. In addition, privacy advocates pointed out that this could increase the use of age-verification tech, which often requires users to submit personal data in order to use a service.

If signed into law by Governor Gavin Newsom, the bill could become law by 2024.

Weekly News

Platforms: Apple

• Ahead of next week’s event, Apple released iOS 16, beta 8 to developers with additional bug fixes and performance improvements.
• It also rolled out Xcode Cloud subscriptions to developers using Xcode 13.4.1 or later and are members of the Apple Developer Program. The subscription offers 25 compute hours per month for free (until the end of 2023 when it will become $15/mo). Pricing kicks in starting at $49.99/mo for 100 hours and goes up to 1,000 compute hours at $400/mo. Account holders can start, upgrade or downgrade a subscription at any time, Apple says.
• An app developer’s lawsuit over App Store rejections, scams and fraud has ended in a settlement agreement after court filings show a request to dismiss the suit earlier this summer. The plaintiff, app developer and former Pinterest engineer Kosta Eleftheriou, made a name for himself in recent months calling out some of the worst App Store scams. This later culminated in a lawsuit of his own against Apple, filed in California’s Superior Court in Santa Clara County in March 2021, where he alleged his own app had been unfairly rejected from the App Store and then later targeted by scammers, leading to lost revenues. Terms of the settlement were not disclosed.

Platforms: Google

• Google blocked Trump’s social media app, Truth Social, from launching on the Play Store over its content moderation issues. Specifically, Google found the app contained physical threats and incitements to violence, which are banned by its policy. But the app remains live on iOS despite hosting some of the same dangerous content in violation of Apple’s rules. Meanwhile, Google has now reinstated the Parler app to the Play Store after initially removing it over similar content moderation issues following the January 6 Capitol attack.

• Google rolled out third-party in-app billing in the Play Store to additional markets, including India, Australia, Indonesia, Japan and the European Economic Area, making the option available to end users. Interested non-gaming developers can apply for the program and, if they qualify, will be able to use third-party payment systems in their apps. The company announced the program earlier this year. It notes that “reasonable service fees” will still apply to those who make the switch, but didn’t disclose the percentages involved.

E-commerce

Image Credits: WhatsApp

• Meta partnered with India’s Reliance Retail and Jio Platforms to bring grocery shopping to WhatsApp. The launch will allow customers in India to browse JioMart’s grocery catalog on WhatsApp, then add items to a cart and make the payments via local payments rail UPI without leaving the messaging app.
• Block’s Cash App will now allow users to make payments on e-commerce sites outside the Square network, including with new partners American Eagle, Aerie, Tommy Hilfiger, Finish Line and JD Sports. Other merchants will join in the following months, like Romwe, Savage x Fenty, SHEIN, thredUP and Wish.

Social

Image Credits: Meta

• Facebook and Instagram now let users post NFTs to their profiles by connecting their wallets, like Rainbow, MetaMask, Trust Wallet, Coinbase Wallet and Dapper Wallet. NFTs minted on the Ethereum, Polygon and Flow blockchains are supported.
• Facebook said it’s shutting down its Nextdoor clone called Neighborhoods next month after realizing that Facebook Groups was actually just fine for this purpose. It also recently shut down live shopping and its standalone gaming app.
• Instagram began testing new features that will help users better control what they see on the app. This includes the option to mark multiple posts on the Explore page as “Not Interested,” and another option that will let you tell Instagram you want to stop seeing posts with content you’re no longer interested in.
• Twitter launched its “close friends” feature, Twitter Circle, to global users. The feature allows users to add up to 150 people to their Twitter Circle in order to make some tweets available only to those they know and trust instead of to the wider public.

Image Credits: Twitter

• Twitter was reportedly working on an OnlyFans competitor, The Verge reported, but ended those efforts due to issues with CSAM on the platform.
• TikTok laid off employees from its U.S. ad department, amid a restructuring, The Information reported. The head of the ad sales team, former Meta executive Blake Chandlee, had forewarned about layoffs earlier this month.
• Snap also confirmed it would lay off around 20% of its 6,400-plus staff, after The Verge reported on its plans. The company also said it would cancel its original shows and in-app games, and would shut down its Zenly and Voisey apps. The Zenly shutdown is most surprising, given the app is still fairly popular with 35 million MAUs.

• Last summer’s hit social app Poparazzi’s parent company, TTYL, is prepping a new social app that adds the ability for users to post not only photos but also videos, and answers to questions and prompts to their friends’ profiles. The app, called Made With Friends, is due out in October.

Image Credits: Made With Friends

Messaging

• Google brought back the Duo icon with an update to its Google Meet Android app after recently consolidating the Meet and Duo apps, making “Meet” the surviving brand. The company said this would help people who were searching for “Duo” to find and launch the newly merged application.
• An Indian court ordered Telegram to disclose details of channels violating copyright in a lawsuit filed by a teacher. The teacher shared a list of channels circulating her lectures and books on competitive exams, which were being sold on these channels at discounted prices, she said.
• Researchers at the University of Washington made an underwater communication app, AquaApp, that uses sonic signals to pass messages. The system uses the phone’s speaker to create high-frequency audio signals to communicate.

Streaming & Entertainment

• Alongside its announcement of NBC’s Dateline as its latest podcast subscription, Apple shared that the number of Apple Podcast subscribers had grown by 300%+ since June 2021 and 25%+ of the top 100 shows in its Top Shows chart now offer a subscription.
• Sony Music sued Triller over copyright infringement after missing payments, its lawsuit alleges.
• Netflix snatched up two Snap executives to lead its new ad-supported business: Chief Business Officer Jeremi Gorman and VP of Sales for the Americas Peter Naylor, according to The Verge.

Dating

• Video dating app Filter Off described to TechCrunch how it used GPT-3 to create a number of chatbots combined with a script to create human-like faces to trick scammers into interacting with fake dating app profiles. These profiles weren’t seen by normal app users, only by those the algorithm identified as scammers. This ended up with scammers trying to scam each other or scam other bots. Read the full story here.

Gaming

• Facebook is shutting down its standalone Facebook Gaming app on iOS and Android on October 28, 2022 and will transfer games, content and groups over to the main Facebook app. The move comes as the company prioritizes its investments around discovery and recommendations in the main Facebook feed, leading to other closures like live shopping and its specialized neighborhood groups product.
• Epic Games defeated another copyright infringement lawsuit over its Fortnite dances. This one had claimed Fortnite ripped off a choreographer’s routine for the “It’s Complicated” emote in the game. A judge ruled the two dances didn’t share enough creative elements for the emote to be considered infringement.
• Meta renamed its Oculus Mobile app to “Meta Quest” as its continues it transition away from the Oculus branding to take on the Meta name.

Health & Fitness

• Streaming music service Deezer entered the wellness market with the launch of an app called Zen featuring guided yoga, meditation and other inspiration that can be recommended based on mood or goals. The app will roll out more broadly in 2023, offering the company the opportunity to cross-sell content, it said.

Utilities

• Keyboard tech licensing startup Fleksy expanded its SDK to indie devs and app makers who want to add more text input features — like text input autocorrection, prediction and swipe — to their apps.
• Truecaller released an update to its iOS app featuring better spam detection, faster performance, quick onboarding and a smaller app size. The new app also addresses user concerns over call detection and spam identification that had previously worked better on Android.

Travel & Transportation

• Uber updated its app with new safety features, including a new way to text 911 and others in partnership with ADT. Now, tapping the shield-shaped icon will bring up four options: contact 911, contact an ADT safety agent, share trip status or report a safety issue to the company.

Government & Policy

• The U.S. Department of Justice is in the early stages of drafting an antitrust lawsuit against Apple, according to sources cited by Politico. While the report suggested a potential suit could arrive by the end of the year, it also stressed that a final decision about if or when to sue Apple had not yet been made.
• The U.S. Federal Trade Commission (FTC) filed a lawsuit against data broker Kochava Inc. for selling geolocation data from “hundreds of millions of mobile devices,” it says, which could be used to trace the movements of individuals, including those to and from sensitive locations.

Security & Privacy

• Microsoft revealed how a high-severity vulnerability impacted TikTok users on Android. Though now patched, the vulnerability could have allowed attackers to take over user accounts that clicked on a malicious link.

Funding and M&A

Sony acquired mobile game developer Savage Game Studios for an undisclosed sum. The company will join Sony’s newly created and independently operating PlayStation Studios Mobile Division, which will focus on creating games based on new and existing PlayStation IP.

OneSignal, a startup that helps businesses automate SMS, email and in-app campaigns, raised $50 million in Series C funding, led by BAM Elevate. The company has raised $80 million to date and counts around 6,000 paying customers.

Investing app Landa, which lets users make fractional investments in rental properties, emerged from stealth with an $8 million seed and $25 million Series A, co-led by NFX, 83North and Viola. To date, users have invested in around 400 properties in the app across NYC and Atlanta. It’s soon launching in Charlotte, Birmingham, Tampa, Orlando and Jacksonville, Florida.

PsycApps, a gamified mental health app for teens and adults, raised $1.7 in seed funding from U.S.-based Morningside Ventures. The startup has been through clinical trials, allowing it to secure contracts with schools in the U.K., including Regional College and Paragon Skills.

Reddit acquired audience contextualization company Spiketrap to boost its ads business for an undisclosed sum. Reddit says Spiketrap’s AI-powered contextual analysis and tools will help Reddit to improve in areas like ad quality scoring and will boost prediction models for powering auto-bidding.

Grocery delivery app Instacart is acquiring Eversight, an AI-powered pricing and promotions platform for Consumer Packaged Goods (CPG) brands and retailers, for an undisclosed sum.

Triller reportedly raised $200 million in debt and equity per a report by The Wrap, and is targeting a $3 billion valuation in its expected IPO this year.

Downloads

Robin Games’ PLAYHOUSE

Image Credits: Robin Games

Women-led mobile gaming startup Robin Games raised funding around the idea of carving out a new niche in the market of “lifestyle gaming” by creating a fantasy gaming experience that’s more sophisticated and stylish — something more in line with the sort of content you’d typically find in a lifestyle magazine or Instagram influencer’s profile. This week, the startup released its first title to tackle this concept with the launch of a mobile game, PLAYHOUSE, which combines both gameplay and shopping in one experience.

Available on iOS and Android, PLAYHOUSE is a DIY design game that allows players to drag-and-drop furniture and décor into spaces to create original looks for rooms using elements like wall art, sofas, chairs, tables, plants and more. Unlike some competing design games, the pieces can be moved, rotated, resized or layered to create a unique look. But what makes this experience even more interesting is that users can shop the items in the game by clicking through to the retailer’s website. At launch, it’s partnering with over 100 brands like Arhaus, Article, 1stDibs, Chairish, One Kings Lane, ABC Carpet & Home, Jenni Kayne, Society6, Bloomscape, Room & Board and Lulu & Georgia, and others.

The app monetizes as a free-to-play title with in-app purchases, however, not affiliate commissions. (Read the full review on TechCrunch.)

Duolingo’s new Math app (waitlist)

Language learning app maker Duolingo has launched its latest creation, Duolingo Math, announced during its Duocon conference — after first being teased at the event the year prior. Similar to how Duolingo turns language learning into mini-games, the new app will teach third-grade math to users in a snack-sized experience aimed at making learning fun and accessible. The company says the new app will initially be available to iPhone and iPad users who sign up for the waitlist.

The UK could be gearing up to hit a handful of tech firms with enforcement orders (and potentially fines) related to a children’s online privacy and safety Code which has been in force for a year.

“The ICO are currently looking into how over 50 different online services are conforming with the code, with four ongoing investigations. We have also audited nine organisations and are currently assessing their outcomes,” the data protection watchdog said in a blog post yesterday marking the one-year anniversary of the Code coming into application.

The Telegraph, which has interview with information commissioner, John Edwards — who heads up the Information Commissioner’s Office (ICO) — in today’s paper reports that two of the four social media and tech firms under investigation are household names.

Its reports says decisions by the ICO on whether to prosecute are expected to be announced within weeks.

“This code makes clear that children are not like adults online, and their data needs greater protections,” Edwards told the Telegraph. “We’ll use our enforcement powers where they are required.”

The companies in question have not been named — either by the newspaper or the ICO — but last November, the watchdog wrote to Apple and Google after concerns had been raised with it about how the pair assess apps on their respective mobile app stores to determine which age ratings they apply.

The ICO described its outreach then as an “evidence gathering process to identify conformance with the code” — although it remains to be seen whether the two tech giants are among the four firms facing possible enforcement, or if they’re just among the wider group whose compliance the watchdog has been eyeing.

“Unfortunately, we are unable to name the companies at the minute due to ongoing investigations,” a spokeswoman for the ICO confirmed when asked if it can share any more details.

The ICO first published the children’s Code back in 2020. It contains 15 standards for what’s billed as “age appropriate design” — essentially it’s a set of design recommendations for web services that are likely to be accessed by kids, containing recommendations such as setting high privacy defaults and not using heavy-handed engagement tactics that could keep kids unhealthily hooked on using a digital service.

The overarching aim is for the Code to encourage to platforms to safeguard kids from accessing inappropriate content and prevent them being commercially data-mined, although the ICO regulates personal data (rather than content) — the latter responsibility will fall to Ofcom under the incoming Online Safety Bill (assuming another change of UK prime minister does not lead to a legislative rethink on that front).

This division of regulatory responsibilities has led to some friction from children’s safety campaigners who, while supportive of the Code — and, indeed, even more than that in the case of 5Rights’ chair and life peer, Baroness Kidron, who was a fundamental driver for adoption of the standards (and continues to press for amendments from her seat in the House of Lords) — have complained of “gaps”, as they wait for content-focused safety laws to make their way through parliament.

The ICO has therefore faced pressure to also be looking at adult websites — i.e. by requiring that porn sites also comply with the Code — not just auditing the sorts of games and social media apps that are most obviously popular with children.

Age checks for porn sites?

The overarching push by child safety campaigners is to force adult websites to apply robust age checks to prevent children accessing online pornography — so, basically, a revival of a mandatory age checks for porn sites policy that’s been kicked about by UK lawmakers for years — most recently revived (earlier this year) as an(other) addition to the Online Safety Bill after a standalone age check scheme was dropped in 2019 after facing criticism that it was unworkable.

Campaigners may finally be scenting victory on this front, via the Online Safety Bill, as the government said in February that it will mandate the use of “age verification technologies” on adult sites to make it harder for children to access or stumble across pornography. But they’re evidently not sitting on their hands waiting for that legislation to pass — not when the Children’s Code and UK data protection law already exists for them to leverage…

And in what looks to be a related change to its approach, announced yesterday, the ICO has bowed to pressure to expand its interpretation of the Code to cover pornography websites — or at least those that are “likely” to be accessed by children (whatever that means) — writing in its blog post that: “We have… revised our position to clarify that adult-only services are in scope of the Children’s code if they are likely to be accessed by children.”

The ICO says this evolution in how it applies the Code follows petitions by child safety campaigners and others warning of the risk of “data protection harms” when kids access porn sites.

“We will continue to evolve our approach, listening to others to ensure the code is having the maximum impact,” it goes on. “For example, we have seen an increasing amount of research (from the NSPCC, 5Rights, Microsoft and British Board of Film Classification), that children are likely to be accessing adult-only services and that these pose data protection harms, with children losing control of their data or being manipulated to give more data, in addition to content harms.”

This change in application does not (cannot) entail an expansion of what the ICO regulates to include content itself. (“We don’t regulate content,” its spokeswoman confirmed. “We regulate how children’s personal data is used or processed in order for content to be served to children. It’s the step before children see the content.”)

However it’s clear that porn sites’ data collection habits are not the primary concern for child safety campaigners — rather it’s, yep, the content — but if campaigners can leverage children’s privacy rules to force porn sites to implement age checks they don’t look too fussy.

In a statement welcoming the ICO’s revision to include adult-only sites in scope of the Code, children’s safety campaign group, the 5Rights Foundation, said:

“The UK Age Appropriate Design Code applies to all services that are likely to be accessed by under-18s, even if they are not intended for children. Through its investigative work submitted to the ICO last year, 5Rights uncovered that sites including gambling, dating and pornography sites are being accessed by children and are not complying with the Code, in particular profiling children to serve detrimental material.”

“The ICO’s announcement on adult-only sites will provide much needed clarity to those companies who think they are beyond the law,” added Duncan McCann, its head of policy implementation, in another supporting statement. “They will no longer have grey lines to exploit, and we hope that this development will serve to further improve the online lives of young people.”

While the UK children’s Code itself is not legally binding, it is attached to the country’s wider data protection rules — which include the Data Protection Act and UK GDPR — and ICO guidances notes that applicable online services “need to follow” the standards in order to “ensure they are complying with their obligations under data protection law to protect children’s data online”.

Under the GDPR, the ICO has extensive powers to enforce against privacy breaches — with the ability to fine infringers up to 4% of their global annual turnover (or up to £17.5M, whichever is higher). So the subtext here is basically ‘comply with the code or risk GDPR-level enforcement’ — giving the ICO a big stick to encourage in-scope digital services to apply goldplating rules that could end up in an age-gated Internet, since who knows which other services might be “likely” to be accessed by kids?

Asked how adult websites should assess whether children are likely to access their services, the ICO’s spokeswoman responded with this: “Services must be accountable for their decisions, and be able to provide evidence to support their views on whether they are likely to be accessed by children. To determine if they fall within the scope of the code, adult services will need to understand who their users are, and identify if children make up a significant number of those users. To do this, online service could undertake research about their users, review academic research or commission market research, consideration of the types of content and activities children are interested in and the attractiveness of their services to children; or consider if children are known to like similar services.”

The phrase “understand who their users are, and identify if children make up a significant number of those users” is doing a lot of work in that sentence — although the ICO has not explicitly suggested the use of age verification technology as a way for a service to determine whether it falls in scope of the Code. That comes next…

“If an adult only online service is likely to be accessed by children, the service needs to take measures to restrict children from accessing the service, such as by implementing age assurance measures, or it must implement the standards of the code in a proportionate, risk-based manner to protect children’s privacy online,” the ICO’s spokeswoman also told us, adding: “It’s vitally important to look after children online and not treat them in the same way adults are treated. It is a long term, transformative process to embed the Children’s code but we are seeing more and more change which is good for children, it allows the online industry to be more innovative and it’s the right thing to do.”

The ICO’s blog post also notes that the (privacy) regulatory will be working with Ofcom (the incoming content regulator) and the Department for Digital, Culture, Media and Sport (DCMS) to “establish how the code works in practice in relation to adult-only services and what they should expect”. So expect further implementation ‘evolution’ as more pieces of the UK’s digital regulation strategy land (or, well, fall away).

The ICO is already taking credit for a number of policy tweaks applied by major platforms to children’s accounts, including Facebook, Instagram, YouTube, Google and Nintendo, over the past year — such as the Meta-owned platforms limiting targeting to age, gender, and location for under-18s; and YouTube turning off autoplay by default and turning on take a break and bedtime reminders by default for Google Accounts for under 18s, to name two of the actions it flags.

The UK Code has also been credited with encouraging similar policy moves in other jurisdictions — reportedly inspiring a California bill that was passed by lawmakers just this week (and will, if it’s gets signed into law, apply a similar set of protections for under-18s in the state), among a number of other moves by other regulators and policymakers focused on safeguarding kids online.

The U.S. Department of Justice is in the early stages of drafting an antitrust lawsuit against Apple, according to sources cited by Politico in a report released just ahead of the weekend. While the new report suggested a potential suit could arrive by the end of the year, it also stressed that a final decision about if or when to sue Apple had not yet been made.

A 2019 deal between U.S. regulators had allowed the Justice Department to take on the investigations of Apple and Google, while the Federal Trade Commission was to take the reins of other Big Tech investigations, like Amazon and Facebook. In Apple’s case, the DoJ has been examining whether or not Apple abused its market power to dominate smaller tech companies, including both hardware and software makers.

Apple’s tight control of its App Store has angered developers who want to be able to market their apps directly to consumers and take their own payments without having to pay commissions to Apple. This is also the subject of Fortnite developer Epic Games’ lawsuit against the tech giant, now under appeal.

The DoJ’s investigation into Apple’s business has been taking place for some time. The Reuters news agency in February 2020 noted that the Department of Justice had begun reaching out to app developers as part of its examination of Apple’s business practices. Those initial discussions had included the makers of parental control apps that were pulled from the App Store for non-compliance with Apple’s rules. One developer had said their app was pulled for six months, causing it to lose half its business, for example.

Separately, Apple has been accused by AirTag rival Tile (now owned by Life360) as engaging in unfair competition. When Apple’s AirTag launched it did so with direct access to the iPhone’s ultra-wideband technology for precision finding capabilities and deep integration into Apple’s own “Find My” app. Tile had argued that it shouldn’t have to give up its direct relationship with its customers through its own app in order compete with Apple’s hardware by becoming just another “Find My” partner. In addition, Tile had said that Apple’s decision to enter this market would allow it to easily dominate because of its first-party advantage and ecosystem power.

Politico said that DoJ lawyers in San Francisco are leading the Apple investigation and have been reaching out to companies that partner with Tile. Those meetings indicated the lawyers were looking to frame a case that was about not just the App Store, but Apple’s mobile OS more broadly, the report noted.

The investigation comes at a time when Apple is also under increased scrutiny for the way it reports revenues from its Services business, which includes advertising, cloud services, the App Store, subscription services like Apple TV+ and Apple Music, AppleCare, and more.

Analysts are pushing Apple to be more transparent about this “$70 billion black box” consisting of multiple businesses, Bloomberg recently reported in an op-ed. In particular, it’s difficult to get a sense of how much money Apple is making from any one business in that division — like the App Store, whose revenues Apple stopped breaking out separately after 2014. Now, as more countries push Apple to open up the App Store to support alternative payments — as the Netherlands and South Korea have done in limited ways — it’s difficult to tell what impact those changes are having on the App Store, the Services’ sector’s largest business by revenues. This makes it difficult for investors to make decisions about Apple’s stock.

While the timing of a DoJ lawsuit against Apple is still unknown, Politico’s report suggested the Justice Department could be awaiting the judge’s decision in the Apple-Epic Games trial before moving forward.

Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

Global app spending reached $65 billion in the first half of 2022, up only slightly from the $64.4 billion during the same period in 2021, as hypergrowth fueled by the pandemic has decreased. But overall, the app economy is continuing to grow, having produced a record number of downloads and consumer spending across both the iOS and Google Play stores combined in 2021, according to the latest year-end reports. Global spending across iOS and Google Play last year was $133 billion, and consumers downloaded 143.6 billion apps.

This Week in Apps offers a way to keep up with this fast-moving industry in one place with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and much more.

Do you want This Week in Apps in your inbox every Saturday? Sign up here: techcrunch.com/newsletters

Top Stories

Twitter whistleblower’s impact (or lack thereof!) on the Elon Musk lawsuit

The headlines this week were dominated by Twitter’s former head of security, Peiter “Mudge” Zatko’s, explosive whistleblower complaint.

The former Twitter employee accused the company of cybersecurity negligence that ranged from a lack of basic security controls to national security threats and foreign intelligence risks. But one more immediate question on everyone’s minds is whether or not Zatko’s statements about bots on the platform will help or hurt Elon Musk’s case.

To some, it may appear that Zatko has backed up Musk’s claims when he notes that there are millions of active accounts on the platform which Twitter is not including in its mDAU metric — a metric Twitter itself invented to count only those users it could monetize by way of advertisements. (That is, mDAUs are mostly people, not spambots.)

“These millions of non-mDAU accounts are part of the median user’s experience on the platform,” states the complaint. “And for this vast set of non-mDAU active accounts, Musk is correct: Twitter executives have little or no personal incentive to accurately ‘detect’ or measure the prevalence of spam bots,” it reads.

The complaint then goes on to say that Twitter, when asked in 2021, couldn’t identify the total number of spam bots on its platform, and couldn’t provide an accurate upper bound on that figure.

Ah ha!, right? Even Twitter doesn’t know how much spam it has!

Well, maybe that’s not the smoking gun you might think.

Musk’s legal argument is that Twitter has been misleading its users and investors about the number of bots on its platform, which the company has estimated to be less than 5%. (Because surely this all hasn’t come about because Musk overpaid for the deal and now wants out!)

However, Twitter has been reporting to the SEC that spam and bots are less than 5% of its mDAUs — a figure that’s essentially already scrubbed of bots so advertisers know how many real eyeballs they’re able to reach. What’s more, while Zatko may have a point that this sort of made-up, proprietary metric is ripe for manipulation, he also says in the complaint that Twitter execs are “incentivized to avoid counting spam bots as mDAUs.” In other words, it seems likely that Twitter’s statements to the SEC are correct when Twitter says its mDAU figures are “less than 5%” spam.

Plus, even if Twitter doesn’t know how much total spam is on the platform at any given time, that doesn’t mean it can’t figure out how much spam is in its mDAU figure — a figure Twitter has explained it calculates using private data. Twitter looks at things like IP addresses, phone numbers, geolocation, client/browser signatures and more, CEO Parag Agrawal noted in a Twitter thread. This helps it to come up with its mDAU figure, by classifying accounts that appear to belong to “real” users as such.

It’s worth noting the total spam on Twitter’s platform is always in flux — when Twitter does a big sweep for spam and bots, users have noticed their follower counts drop. However, Twitter wasn’t monetizing based on those bots nor was it reporting inflated user metrics to the SEC by including spambots in its user figures — at least, not since its invention of the mDAU in 2019.

And while it’s true that mDAUs are not a representation of the spam-filled Twitter user experience today — an experience, remember, that Musk claimed he was buying Twitter to fix! — they are an indicator of how many real people are on the site. And that’s what a new owner would want to know anyway, right?

Whether or not mDAUs represent Twitter as it truly is misses the point. Sure, mDAUs may be a non-standard metric. It might not be comparable to the metrics used by other social platforms. It may even be a bad metric! But that’s not relevant to the case. The fact is, it’s not a new metric. Twitter defined it years ago and was using mDAUs long before Musk committed to buying Twitter. It’s what Twitter reports to the SEC.

So good luck using this as proof of being lied to, Mr. Musk. Can’t wait to see how that works in court!

In other news, Twitter expands into podcasting

Image Credits: Twitter

While the whistleblower news may have been the biggest news story of the week, Twitter dropped some pretty significant product news as well. It’s turning itself into a podcast app.

The company announced an update to its Twitter Spaces tab that would see it integrating podcasts into a revamped experience where content is now organized into hubs called “Stations.” These Stations group content by topics — like news, sports, music and more. The app will also make recommendations based on who you follow and how you engage with content. Twitter Spaces — including both live and prerecorded audio — will also continue to be available in the Spaces tab.

TechCrunch had previously reported that Twitter was developing Stations and a personalized audio digest as part of a makeover coming to its Spaces tab, but we didn’t know the extent of the podcast integrations at the time. The company tells us it’s making over 2 million podcasts available at launch, which are programmatically recommended to users.

Podcasts are ingested as RSS feeds, which means the 2 million figure is not a hard limit — Twitter could expand. Still, it’s a notable out-of-the-gate start, as Spotify today has more than 4 million podcasts, many of which are produced in-house, exclusives or shows recorded in its Anchor app.

Twitter, of course, is home to its own sort of exclusives, known as Twitter Spaces. These live audio programs can be recorded for later listening — similar to podcasts. If the creator doesn’t download, edit and package the Space to send it out to other services on a podcast RSS feed, then these Spaces remain something you could only find on Twitter. (Of note, Twitter says it would include both the recorded Twitter Space and the resulting podcast of that Space in its app — allowing it to count the same show twice.)

Twitter will make recommendations of podcasts to individuals based on how they listen and engage with people and topics. This could also be a competitive advantage of sorts.

As to why it felt the need to do podcasts? That’s less clear. Twitter told us it wants to be “the home for audio conversations.” It also sees an overlap between podcast listeners and Twitter users. Based on its own internal research, 45% of U.S. Twitter users listen to podcasts monthly. More realistically, it likely sees the ability to monetize audio with ads — if this effort pays off.

However, Twitter falls short in terms of key features that would make its app an alternative to your favorite podcast player. There’s no offline listening, no download capability, no support for paid podcasts and no exclusive partnerships. So who, exactly, does the podcast feature serve — those so addicted to Twitter they can’t even leave the app to stream a favorite program, we suppose.

Weekly News

Platforms: Apple

• Apple announced its iPhone event will take place on September 7 at 10 AM PT. The company is expected to announce a new iPhone 14 with an improved camera and a faster chip. An updated Apple Watch may also show up along with…maybe…a AR/VR headset?!
• Apple confirmed iPadOS 16 is delayed. Bloomberg originally reported it and macOS Ventura would have a slightly later release this year.
• Apple shipped the seventh beta of iOS 16, likely a final or near-final version before the official September launch of the new OS. It also released the seventh betas for watchOS 9 and tvOS 16, as well as the first beta of iPadOS 16.1.

Platforms: Google

• Android Auto 8.0 arrived, but lacks the redesign Google teased in May that would introduce a three-section split screen layout and better adaptability with regard to supporting differently shaped car infotainment screens.
• Google launched a developer Preview of the new Cross device SDK for Android, first announced during Google I/O. The new SDK allows developers to build “rich multi-device experiences with a simple and intuitive set of APIs,” Google says.

E-commerce

• Beauty Retail and Direct-to-Consumer Apparel apps are driving more DAUs in the last 30 days than they did during the peak of 2021 holiday shopping, according to Apptopia. Daily users engaging with D2C Apparel apps have increased 5% from December 2021, and 2% for Beauty Retail apps, a report found.
• 65% of social networking app users consider Meta apps a shopping destination according to a commerce report from SimplicityDX. This data excludes Facebook Marketplace. If the marketplace is kept in the equation, the figure jumps to 83%.
• Walmart’s mobile app is getting a cashback feature — but only for Walmart+ subscribers. Via a partnership with Ibotta, Walmart+ members will be able to save offers, then scan a QR code at checkout to automatically receive money back in the in-app wallet, which they can use on a later purchase.

Image Credits: Walmart

Social

• Instagram updated its teen safety features, which will now default users under the age of 16 to the app’s most restrictive content setting. It will also prompt existing teen users to do the same, and will introduce a new “Settings check-up” feature that guides teens to update their safety and privacy settings. Teens under 18 can only choose between the “Standard” and “Less” options for how much sensitive content they want to see on the app. But even though new users will be defaulted to the most restrictive setting, they can still change it. The features, first announced in December before Instagram’s Senate testimony, are rolling out to global users now. Privacy advocates say they’re a good first step, but suggest that Instagram should route its youngest users to the most restrictive setting, including if it suspects they’re younger than they indicated when signing up. And they point out that Instagram’s list of what it considers sensitive content doesn’t include content that promotes self-harm or disordered eating.

Image Credits: Instagram

• It’s not a verified label but…Twitter began tests of a special tag that would highlight accounts that had a verified phone number. This signals the account is less likely to be spam. Also this week the team working on spam bots, the Twitter service team, merged with those working to reduce toxic content, the platform health experience team.
• TikTok tries out a “Nearby” feed that displays local content to users. The test is only live in Southeast Asia and is currently limited in scope. When available, the feed is shown as a third option alongside For You and Following on the app’s homepage.
• Snap settled an Illinois class action lawsuit that accused Snapchat’s filters and lenses of violating the Biometric Information Privacy Act. The settlement totaled $35 million and will go toward individual payouts that are estimated to be between $58 and $117. Users who think they may be eligible for compensation can submit a claim online. Despite settling the claims, Snap still denies it violated the BIPA, saying its Lenses “do not collect biometric data that can be used to identify a specific person, or engage in facial identification.”
• Instagram added a feature that allows users to share anyone’s posts or Reels through a QR code. Users also can share a QR code location through its searchable Map experience.
• Pinterest confirmed it’s facing a probe by California’s Civil Rights Department over unlawful discrimination. The department reached out to former Pinterest employee Ifeoma Ozoma and others as possible witnesses, all of them women. Ozoma and another former Pinterest employee, Aerica Shimizu Banks, had accused the company around two years ago of discrimination and retaliation.

Messaging

Image Credits: WhatsApp

• WhatsApp confirmed that users in select markets are gaining access to WhatsApp Communities, its new group discussions platform offers admin controls, sub-groups, file sharing, 32-person group calls and emoji reactions.
• WhatsApp is working on a feature to make Stories — or, as it’s known on the app, Status Updates — a bigger part of the experience by adding blue rings around users’ profile photos in the main chat list that link to their updates. It’s also planning to add the ability to retrieve deleted messages and let admins erase messages from group chats, reports said.
• Telegram founder Pavel Durov said he wants to integrate web3 into the messaging app, TechCrunch reported. Specifically, Durvo referenced the TON project and how it’s used for domain name/wallet auctions. He said he’d be inclined to try out TON’s blockchain on Telegram.
• Facebook Messenger received an update making it compatible with M1 and M2 Macs.

Photos

Image Credits: Lightricks

• Mobile photo editing app creator Lightricks launched its own AI-powered, text-to-image generator within two of its apps, including photo editor Photoleap and Motionleap, an app that animates still photo to make them look like they’re in motion.

Dating

• Match Group’s COO and CFO Gary Swidler has warned that Tinder signups aren’t back at pre-pandemic levels and new user acquisition remains a challenge, per The FT.
• Tinder’s parent company Match filed a new antitrust case in India against Apple over its App Store fees, calling them excessive.

Streaming & Entertainment

• YouTube TV is developing a new viewing mode that would allow users to watch four different streams at once in a mosaic interface. It’s also said to be working on a way to bring YouTube Shorts to the TV.
• A hacker compromised Plex’s streaming media platform and was able to access usernames, emails and encrypted passwords. Plex informed users by email and suggested a password reset.
• SiriusXM began offering a bundle that combines Stitcher Premium with its SiriusXM Platinum Plan.

Gaming

Image Credits: Netflix

• Netflix launched its own version of the popular Heads Up! game to subscribers, which features decks referencing popular Netflix shows like “Bridgerton,” “Selling Sunset,” “Stranger Things,” “Squid Game” and others.
• Netflix job postings suggest the company is expanding into cloud gaming. So far, the streamer’s some two-dozen mobile games are only used by less than 1% of its subscriber base, according to third-party data.
• The New York Times integrated its popular word game app, Wordle, into its existing NYT’s Crossword app. This now allows it to rank above other Wordle clones and copycats in app store searches.
• Google launched its Google Play Games for PC program into open beta in South Korea, Hong Kong, Taiwan, Thailand and Australia. The program had only been available through a waitlist, previously. It now offers more than 50 PC-compatible games for Windows users — including Summoners War, Cookie Run: Kingdom, Last Fortress: Underground and Top War. The games can be played using the same Google ID on Windows as on users’ Android devices.
• Valve is now beta testing a redesigned Steam mobile app for iOS and Android, which includes a rebuilt framework and modernized design. The app hasn’t gotten a major revamp in years. Valve says the beta will help it learn what users like and don’t, and find bugs that need to be fixed.

Productivity

• Microsoft is introducing more ads inside its Outlook Mobile app for iOS and Android. Before, the company only included ads in the “Other” tab of the inbox — the one with all the junk — for those who use the two-tabbed mode for filtering their emails. It will now include ads in the inbox for those who use a single inbox interface, too.

Travel & Transportation

• Google’s Waze is shutting down its six-year-old service Waze Carpool starting next month. The company said driving behaviors changed following the pandemic as more people are working from home, which reduced the need for a service aimed at commuters.

Utilities

• Bloomberg doubled down on its earlier reporting of more ads coming to Apple’s first-party apps with confirmation that Apple Maps will start serving ads next year.
• Apple kicked off fundraising for U.S. National Parks through Apple Pay donations running August 21-28. As a part of this initiative, it also rolled out a new national parks guide to highlight those that honor Native American heritage inside the Apple Maps app. While these sort of initiatives may help to drive users to Apple Pay, the company may no longer need to do this in the future as now three-quarters of U.S. iPhone users have enabled Apple Pay on their devices. 
• Both Yelp and Google Maps rolled out updates to make it clearer which listings were abortion providers versus crisis pregnancy centers. Yelp labeled the latter as providing “limited medical services” while Google labeled abortion care providers as “provides abortions.” It’s not taking action on crisis pregnancy centers, however.
• Google Wallet (previously known as Google Pay) rolled out to six more regions, making the app available now in 45 global markets.
• Apple’s Wallet app can be deleted in iOS 16.1, code suggests, as Apple responds to regulatory pressure focused on how it may push its first-party apps on iPhone users.

Security & Privacy

• VICE goes hands-on with Pretty Good Phone Privacy, a data service for Android that offers increased security when using mobile phone networks. They concluded the service could be suited to those who want a layer or two of additional protections but cautioned PGPP was still in early phases and a little buggy.
• Food delivery app DoorDash confirmed a data breach that exposed customers’ personal information, including names, email addresses, delivery addresses and phone numbers. A subset of users also had partial payment card information stolen.
• Twilio confirmed the same hackers compromised the accounts of some users of its 2FA app, Authy, as part of a wider breach of its systems.
• Google said it has pulled over 2,000 personal loan apps from its Play Store in India this year amid a crackdown on apps engaged in predatory lending practices and abuse and harassment of their users.

Reading Rec’s

• “How the Find My App Became an Accidental Friendship Fixture“ — The New York Times dug into how young people are using Apple’s Find My app to keep up with their friends, no matter the cost to personal privacy and interpersonal dynamics.
• “It’s a modern-day Facebook’ – how BeReal became Gen Z’s favourite app”— this hot Gen Z app is profiled by The Guardian, which dubs it the “modern-day Facebook” for keeping up with real-life friends.
• Authenticator app developer Kevin Archer detailed in a Twitter thread how he continues to face subscription scammers on the App Store who have copied his legitimate app, then beg for reviews during onboarding and push a subscription on consumers before users even start using the app. Archer says they’ve reported the scam several times using the “Report a Problem” feature and Apple has not taken action.

Funding and M&A

Consumer social app maker 9count raised an additional $6 million on top of its $21.5 million Series A to help fund development of its flagship app, Wink, and its newer dating app, Summer.

Bengaluru-based healthcare app Mojocare raised $20.6 million in Series A funding led by B Capital Group. The app offers consultations with doctors, therapists and nutritionists and sells products.

Dubai-based Zywa, a neobank aimed at Gen Z users, raised $3 million in seed funding at over $30 million (110 million AED) valuation. The startup aims to expand further into Saudi Arabia and Egypt.

Seattle mental health Alongside raised $5.5 million for its in-development adolescent mental health app. The app would allow users to interact with a chatbot and guide them to resources.

Downloads

Shuffles

Image Credits: Pinterest

Collage-style video “mood boards” are going viral on TikTok — and so is the app that is making them possible. Pinterest’s recently soft-launched collage-maker Shuffles has been climbing up the App Store’s Top Charts thanks to demand from Gen Z users who are leveraging the new creative expression tool to make, publish and share visual content. These “aesthetic” collages are then set to music and posted to TikTok or shared privately with friends or with the broader Shuffles community.

Despite being in invite-only status, Shuffles has already spent some time as the No. 1 Lifestyle app on the U.S. App Store.

During the week of August 15-22, 2022, Shuffles ranked No. 5 in the Top Lifestyle Apps by downloads on iPhone in the U.S., according to metrics provided by app intelligence firm data.ai — an increase of 72 places in the rankings compared to the week prior. It was the No. 1 Lifestyle app on iPhone by Sunday, August 21st, and broke into the Top 20 non-gaming apps on iOS as a whole in the U.S. that same day, after jumping up 22 ranks from the day prior.

But this app isn’t available to all. You need to know someone with an invite to get in. You can try our invite codes FTSNFUFC or L5JI8QCS to try to get in.

Read more about Shuffles here on TechCrunch. 

Google is facing a fresh privacy complaint in Europe over ads it inserts into its Gmail email service in the guise of emails.

Privacy advocacy group, noyb, has filed the complaint with France’s data protection watchdog, the CNIL, claiming the adtech giant has breached the European Union’s ePrivacy Directive rules on direct marketing by failing to gain consent from Gmail users for the ads it displays inside their inboxes, alongside promotional emails they have actually signed up for.

noyb’s complaint cites a ruling by the EU’s top court last year, in a separate case related to the use of email for direct marketing, which it argues makes it plain that ads which are displayed inside a user’s inbox constitutes “a use of electronic mail for the purposes of direct marketing” — which, under ePrivacy rules, requires user consent. (The Gmail advertising emails only distinguish themselves from genuine emails users have signed up for by the inclusion of an ‘ad’ label and the lack of a date-stamp.)

The complaint asserts that Gmail users did not consent to being spammed with Google’s ads — noting that, under ePrivacy, consent would have needed to be obtained prior to the ads being displayed in their inboxes.

noyb also argues that exceptions set out in relevant EU law do not apply here because Google’s ad emails are not used for the direct marketing of similar products for which consent was previously obtained.

“It is quite simple. Spam is a commercial email sent without consent. And it is illegal. Spam does not become legal just because it is generated by the email provider,” added Romain Robert, lawyer at noyb, in a statement. 

Google was contacted for comment on the complaint.

France’s CNIL has been an active regulator of Google on privacy issues, making use of the competency it can exert under ePrivacy — which, unlike the General Data Protection Regulation, does not require cross-border complaints to be funnelled through a lead DPA (in Google’s case, Ireland’s Data Protection Commission) — avoiding the GDPR bottleneck that has slowed down privacy enforcement against Big Tech.

Back in December 2020, the CNIL fined Google $120M for dropping tracking cookies without consent — after finding it had breached ePrivacy rules. It followed that up with another beefy fine — $170M — this January for dark patterns it found Google deploying in cookie consent flows.

Those French ePrivacy enforcements soon led to Google announcing an updated cookie consent banner in Europe which finally offered users a top-level option to refuse all its tracking — suggesting muscular enforcement of laws defending web users rights and freedoms can face down the power of Big Tech.

The CNIL also managed to slap Google with an early GDPR enforcement, back in 2019, prior to a legal switch which brought the company’s EU users under the jurisdiction of its Irish subsidiary (instead of its US parent) — thereby ensuring that subsequent GDPR complaints against Google have been routed through Ireland.

Hence the majority of GDPR enforcement on major complaints against Google — such as over the legality of its adtech (a formal investigation was opened in May 2019); or its location tracking practices (under probe in Ireland since February 2020) — remain in limbo as the Irish regulator’s painstaking procedures grind on. But decisions must flow eventually — within months or years.

It will be interesting to see which arrives first: A decision from France’s CNIL on this fresh noyb complaint against Google’s Gmail ad spam (filed August 2022) — or a final decision from Ireland on Google’s adtech or location tracking.

In the meanwhile, noyb has been pressing another series of strategic complaints against Big Tech by targeting b2b users of Google Analytics and Facebook Connect across the EU — which has led to a number of breach findings and warnings from DPAs against use of Google’s analytics software, with France’s watchdog putting out guidance in June that warns users of the tool of the need to apply additional safeguards to ensure their implementation complies with GDPR requirements on data transfers outside the bloc or else switch to a compliant (non-Google) alternative.

Facebook also has a major decision hanging over it related to a long-standing complaint about its EU data exports which was originally filed by noyb’s chairman — long before he founded the privacy advocacy group.

The world has gotten a lot more serious about privacy and data protection, but in many cases business models that rely on personalization of one kind or another have struggled to keep up. Today, a startup out of Paris called Ravel Technologies is emerging from stealth with an approach it believes could be the missing link between those two. It’s built a tool based on homomorphic encryption to keep personally identifiable information (PII) private from end to end without needing to touch the data itself. It’s launching first with a tool to enable “zero-knowledge” advertising services, and another for financial services.

The company has been around for almost four years and was initially bootstrapped, hiring a team of academics and advisors including Fields Medal Recipient Cedric Villani. Now it’s disclosing that Airbus Ventures has led a seed round of an unspecified amount. It has not disclosed any customer names but Mehdi Sabeg, the CEO who co-founded the company, said that it’s in advanced discussions with companies across both products. It notes that French bank BNP Paribas is among those running a proof of concept process.

Homomorphic encryption, as others have described it before, is something of a “holy grail” in the world of security. First conceived of by academics, the technique involves extensive algorithmic encryption of an organization’s data that lets it stay encrypted even as that organization collaborates with third parties to process the data and deliver their own services based on it — as you might, for example, encounter in an advertising network.

The holy grail aspect comes in because while the idea sounds great in theory, in practice it requires enormous computational resources to run, so much so that up to now a lot of efforts to put homomorphic encryption into practice have fallen short.

That’s led other companies who are attempting to build their own approaches to use either modified versions of HE, or to apply it to smaller, well-defined sets of data — approaches that we’ve covered used by the likes of Enveil and Duality, two other HE-based startups that have attracted some interesting attention.

Ravel’s big breakthrough has been a new approach that not only allows it to implement fully homomorphic encryption (FHE) for the first time among all of the others, but to do it at scale, across any-sized data set. Sabeg said that the speed at which Ravel works on data is on “four orders of magnitude faster” than the other HE-based solutions that have been rolled out by others.

Sabeg added that Ravel has put in patent applications on its approach. In general terms, it’s based around a fully encrypted SQL database — the first of its kind, he said — that enables encrypted queries over large volumes of encrypted data.

Today, especially in certain jurisdictions, there are gateways set up over how that data can be sourced and subsequently used, with users able to opt out and essentially remove all personalization, rendering useless a lot of the adtech and other tools that have been created around that concept. Sabeg noted that for companies that adopt its tech — and in the case of the zero-knowledge ad tool, it would be using an API to run the service, and an SDK at the publisher’s end to implement it; while in the case of the financial services tool it would be the financial platform, and, say, a third party tool to execute trades — while something like GDPR gates would still be in place, companies would still be able to run their regular advertising services since the data they were using would no longer be PII-related.

Similarly, in the financial exchanges application, Sabeg said that the aim is to ensure confidentiality and “remove market biases” that come in plaintext data that might, for instance, come up in bidding, which is something that has come up in the context of blockchain exchanges.

It was the emergence of GDPR, in fact, that first led Sabeg, a mathematician by training, to considering how one could apply the concept of HE to the model of online advertising and how DSPs work.

“GDPR was about to be implemented and all the ad customers were complaining about the constraints of it,” he said. “I found GDPR interesting. In its essence, I loved the values it was defending but could understand the problem the ad industry was seeing. I thought we could bring an efficient tech answer. Thought that HE could be used as de-identification tech. A industry could collect and process data while never having to use PII.”

We’ve covered a number of startups looking for ways to apply homomorphic encryption to build more privacy-first data services, but they are not the only ones in pursuit of this idea, in some cases because of how central advertising and other data-heavy services are to them.

Facebook/Meta last year went on a hiring spree to pick up a number of key homomorphic encryption research specialists, including Kristin Lauter, a longtime Microsoft employee, to head up its West Coast AI research, and it’s publishing research on the topic. “It shows the importance they are giving to that technology,” Sabeg said. Others like Google have also dedicated some research into the area, and Apple is also applying it in some of its own privacy tools.

“Given the impressive, major algorithmic breakthroughs achieved by Ravel’s team, Ravel Fully Homomorphic Encryption is orders of magnitude faster than state-of-the-art FHE schemes,” noted Villani in a statement. “With the continual increase of personal and industrial data being processed globally, privacy, and confidentiality protection are of paramount importance. Ravel’s breakthroughs bring an efficient and scalable answer to critical data privacy and security challenges.”

Earlier this year, reports emerged that YouTube would soon add a dedicated podcasts homepage — a signal the company was getting more serious about its investments in podcasts and the potential ad revenue they could deliver. Today, YouTube confirmed to TechCrunch the new podcasts destination is now live for U.S. users, after the URL was discovered to be live ahead of any formal announcement.

According to a report by 9to5Google, the dedicated podcast page YouTube.com/podcasts went live sometime last month and is now linked, at least for some users, on YouTube’s existing Explore page alongside other top destinations like Gaming, Sports, Learning, Fashion and others. It did not appear in the website’s sidebar navigation, however.

Reached for comment, YouTube told TechCrucnh the URL is not globally available at this time.

“The podcast destination page on YouTube helps users explore new and popular podcast episodes, shows and Creators, as well as recommend podcast content,” said YouTube spokesperson, Paul Pennigton. “It’s currently available in the U.S. only.”

YouTube declined to answer further questions about the company’s plans for podcasts in general or the destination itself — hinting that a broader announcement was still to come. (It’s possible this will be one of the announcements planned for a YouTube creator event scheduled for next month, if we had to guess.)

Before today, there were already a number of hints that YouTube was getting more serious about podcasts — particularly after Spotify entered the space with its support for video podcasts.

Last year, YouTube hired a podcast executive, Kai Chuk, to lead its efforts in the space and has been offering cash to popular podcasters to film their shows, reports said. This March, a site called Podnews leaked an 84-page presentation that detailed YouTube’s podcast roadmap. In the document, YouTube revealed it had plans to pilot the feature by ingesting RSS feeds. It also mentioned a new URL, YouTube.com/podcasts but the link didn’t work at the time.

The document also help to clarify some of YouTube’s thinking around podcasts, as it suggested YouTube had plans to feature audio ads sold by Google and other partners. This could present a potential new revenue stream for the tech giant at a time when the younger generation has shifted their search behavior from Google to other platforms, like TikTok.  The document said YouTube planned to roll out audio-first metrics to creators and integrate YouTube data into podcast measurement platforms including Nielsen, Chartable and Podtrac, as well.

The addition of a top-level landing page for podcasts is a fairly significant move for the company.

As different YouTube verticals have grown in importance and popularity, YouTube would highlight these categories by offering them their own homepages on its site and feature them as a link in its main navigation. Notably, it did this with YouTube Gaming back in 2015 and with YouTube Fashion (now Fashion & Beauty) in 2019. On mobile, it also features a prominent link to YouTube Music that opens the companion app for YouTube’s Music service. Presumably, it could do the same with podcasts in the future, it it wanted to capitalize on its ability to drive traffic from its flagship app to its streaming service.

YouTube’s advances in podcasting follow significant investments on Spotify’s part into the medium. The company has spent more than $1 billion on related acquisitions. It brought studios and exclusive shows in-house, launched paid podcast subscriptions, and developed podcast ad tech platforms and services. Spotify hyped the revenue potential for its podcast efforts this June, noting that its podcasting business generated roughly €200 million last year, up 300% from 2020.

Hello hello! We’re back with another edition of Week in Review, the newsletter where we quickly recap the top stories to hit TechCrunch across the last seven days. Want it in your inbox? Sign up here. 

other stuff

a16z backs WeWork founder’s new thing: When a company implodes hard enough that it inspires a miniseries, would anyone back the founders again? It doesn’t seem to have dissuaded a16z, who recently put its biggest check ever into WeWork founder Adam Neumann’s next thing.

Black Girls Code founder fired by board: “Kimberly Bryant is officially out from Black Girls Code, eight months after being indefinitely suspended from the organization that she founded,” write Natasha Mascarenhas and Dominic-Madori Davis. Bryant has filed a lawsuit in response to the termination, alleging “wrongful suspension and conflict of interest.”

Google shutters IoT Core: Google’s IoT Core is a service meant to help device makers build internet-connected gadgets that connect to Google Cloud. This week, Google announced that they’re shutting it down, giving those device makers a year to figure out another solution.

Apple’s big security bug: Time to update your Apple devices! This week the company shipped critical patches that fix two (!) security issues that attackers seem to already be actively exploiting. The bugs involve Safari’s WebKit engine and can lead to an attacker having, essentially, full access to your device — so, really, go update.

HBO Max removing titles: HBO Max is merging with Discovery+, and for some reason this means a bunch of titles are getting the boot — and fast. I was going to tell everyone to go speed-binge their way through the incredible “Summer Camp Island” series before it’s gone, but apparently it already got removed. Find the full list of gone/soon-to-be-gone titles here.

TC battles stalkerware: Back in February, TechCrunch’s Zack Whittaker pulled back the curtain on a network of “stalkerware” apps that were meant to quietly gobble up a victim’s private text messages, photos, browsing history, etc. This week Zack launched a tool meant to help people determine if their Android phone — and thus, their private data — was impacted. We’ll hear more from Zack about this new tool below.

Image Credits: Bryce Durbin / TechCrunch

audio stuff

What’s up in the world of TechCrunch podcasts? This week the Equity crew talked about why we need to “officially stop comparing Adam Neumann and Elizabeth Holmes,” and Burnsy talked with Ethena co-founder Roxanne Petraeus and Homebrew’s Hunter Walk about how to “sell the vision, not the business,” on TechCrunch Live.

additional stuff

What lies behind the TC+ paywall? Some really great stuff! Here’s a taste:

How does venture capital work?: It seems like a basic question, but it’s one we get…quite a lot. Haje, with his rare overlapping perspective as a reporter AND pitch coach AND former director at a VC fund, breaks it all down as only he can.

Planning to use your startup equity as collateral? Good luck: After years of work, you’ve managed to build up a ton of equity in the private company you’ve helped to build. Can you actually use it as collateral for anything? Compound’s Max Brenner walks us through the challenges.

writer spotlight: Zack Whittaker

Image Credits: Veanne Cao

This week we’re experimenting with a new section where we quickly catch up with one TechCrunch writer to hear a bit about them and the thing that’s on their mind this week. First up? The incredible, inimitable Zack Whittaker.

Who is Zack Whittaker? What do you do at TechCrunch?

Hi, I’m the security editor here, a.k.a. TechCrunch’s Bearer of Bad News, and I oversee the security desk. We uncover and report the big cybersecurity news of the day — hacks, data breaches, nation-state attacks, surveillance, and national security — and how it affects you, and the wider tech scene.

If you could snap your fingers and tell everyone in the world one thing about your beat, what would it be?

Think of cybersecurity as an investment for something you hope never happens, like a breach of your personal data. It’s better to get ahead of it now. Nowadays it’s easier than it’s ever been — and it’s never too late to start. Invest a small amount of time on three simple steps that make it so much tougher for hackers to break into your accounts or steal your data: Use a password manager, set up two-factor authentication everywhere you can, and keep your apps and devices up-to-date.

Tell me about this anti-stalkerware tool you launched this week

Back in February, TechCrunch revealed that a network of near-identical “stalkerware” apps share the same common security bug, which is spilling the private phone data of hundreds of thousands of Android device owners around the world. These malicious apps are planted by someone with access to your phone and designed to stay hidden, but silently steal a victim’s phone data, like messages, photos, call logs, location and more. Months later, we obtained a leaked list of every single device that was compromised by these apps. The data didn’t have enough information for us to identify or notify victims, so we built this lookup tool to allow anyone to check if their device was compromised — and how to remove the spyware, if it’s safe to do so.

Ugh. Okay. So someone grabs your phone, installs one of these sketchy apps while you’re not paying attention, the app rips your private data for the installer to snoop around… meanwhile, the app is leaking a bunch of data to anyone who knows where to look. Does it seem like the folks behind the stalkerware apps have any intention of stopping?

Not at all. The Vietnam-based group of developers behind the stalkerware network went to great lengths to keep their identities hidden (but not well enough). The number of compromised devices was growing daily, but with no expectation of a fix, we published our investigation to help alert victims to the dangers of this spyware. Nobody in civil society should be subject to this kind of invasive surveillance without their knowledge or consent.

Besides this tool (which is excellent!), what’s your favorite post you’ve written or thing you’ve done with TC?

In the four years I’ve been here? That’s tough! One I still think about often is the inside story of how two British security researchers in their early-20s helped to save the internet from the fast-spreading WannaCry ransomware malware in 2017, which spread around the world, locking up computers in NHS hospitals, shipping giants, and transport hubs, causing billions of dollars in damage. But when one of them found and registered a certain domain name in the malware’s code, the attack stopped dead in its tracks. They found the malware’s kill switch, making them overnight “accidental” heroes. But the only thing holding back another WannaCry outbreak was keeping the kill switch domain in their hands alive, despite efforts by bad actors to force it offline by overwhelming it with internet traffic. “Being responsible for this thing that’s propping up the NHS? Fucking terrifying,” one of the researchers told me at the time.

Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

Global app spending reached $65 billion in the first half of 2022, up only slightly from the $64.4 billion during the same period in 2021, as hypergrowth fueled by the pandemic has slowed. But overall, the app economy is continuing to grow, having produced a record number of downloads and consumer spending across both the iOS and Google Play stores combined in 2021, according to the latest year-end reports. Global spending across iOS and Google Play last year was $133 billion, and consumers downloaded 143.6 billion apps.

This Week in Apps offers a way to keep up with this fast-moving industry in one place with the latest from the world of apps, including news, updates, startup fundings, mergers and acquisitions, and much more.

Do you want This Week in Apps in your inbox every Saturday? Sign up here: techcrunch.com/newsletters

Top Stories

Android 13 arrives

Image Credits: Google

Big news for Android users this week as Google rolled out the new version of its mobile operating system, Android 13, initially to all Pixel devices, following the beta launch a month ago. The OS will reach other non-Pixel Android devices sometime later this year, including Samsung Galaxy, Asus, HMD (Nokia phones), iQOO, Motorola, OnePlus, Oppo, Realme, Sharp, Sony, Tecno, vivo, Xiaomi and others.

As mobile platforms have standardized, the latest efforts from both Google and Apple have been focused on personalization elements. In iOS 16, this now includes a customizable Lock Screen with widgets, while Android is doubling down on its Material You UI. With the prior version of Android, users could theme their device to match their background. With the latest update, they can now also match their non-Google apps to their chosen theme and color schemes. This is a much simpler and more elegant solution than the icon customization on iOS today, where apps like Brass, Themify, Aesthetic, Color Widgets and many others have to leverage a combination of configuration profiles and shortcuts to do the same.

In another personalization move, Android 13 allows users to set the languages used for different apps — useful for those who speak multiple languages.

Other improvements include the ability to copy content (e.g. URLs, photos, videos, text) between Android devices, better multitasking features on tablets, an expanded bedtime mode with dimmed wallpaper and a dark theme, HDR video support on third-party camera apps, BLE Audio, Spatial Audio on supported headphones, an upgraded media player widget that showcases album artwork and includes a dancing playback bar and more. On the privacy side, there are changes to permissions that allow users to more narrowly select images and videos to be shared with third-party apps and the OS now prevents unwanted access to your clipboard.

Another big benefit of the upgraded mobile OS for end users is that they can more easily block apps from annoying them with notifications. Now, apps users download will need explicit permission to send notifications, rather than being allowed to send notifications by default. This change sees Android finally catching up with iOS, which has offered this type of setting for years. (Many, many years.)

The Android source has also been pushed to the Android Open Source Project (AOSP).

This week TechCrunch’s Frederic Lardinois also sat down with James Ward, Google’s product manager for Kotlin, to talk about the language’s role in the Android ecosystem and its future plans. You can read that here.

TechCrunch’s new spyware lookup tool

This week, TechCrunch launched a new product in service to its readers who are concerned about security risks related to mobile spyware.

The spyware lookup tool can check to see if an Android device is one of the hundreds of thousands that’s been hacked by one of several spyware apps, including TheTruthSpy — the subject of a months-long investigation into consumer-grade spyware apps. The apps are installed by someone with physical access to your mobile device and are designed to stay hidden from home screens. They give the attacker the ability to see the victim’s phone data in real time, including calls, messages, contacts, location data, photos and more.

The new lookup tool will check against the leaked list of unique device identifiers, like IMEI numbers and advertising IDs, and is available free of charge to anyone who wants to ensure their phone has not been compromised.

TikTok caught keylogging?

A new privacy analysis warns that TikTok’s in-app browser may be engaged in keylogging. Research by developer Felix Krause found that the TikTok iOS app was injecting code that would allow it to monitor all keyboard inputs and taps that took place on third-party websites that were rendered inside the app. Concerningly, this information could include users’ passwords or payment card information when they’re buying something promoted on TikTok. The researcher couldn’t prove that TikTok was actually doing anything malicious with the access — that is, he couldn’t confirm the data was collected, transferred or determine how it may be used. Users should be aware, however, and opt to open links outside of the TikTok app to be safe.

TikTok refuted the claims saying the JavaScript code is only used for debugging, troubleshooting and performance monitoring — like checking to see how quickly a page loaded or if it crashed. The company also pointed to several other reasons as to why the report’s claims were overblown. The researcher also accused Meta of modifying third-party sites loaded in their in-app browsers, which has since led Ireland’s Data Protection Commission, the lead data protection regulator for Meta and TikTok under the GDPR in Europe, to request a meeting with the tech giant to discuss.

Amazon gets TikTok-ified

It’s official, the TikTok vertical video feed format is now the mobile app user interface to knock off if you’re building a new social experience. How do we know? Because this week, Amazon of all places, was found to be testing its own TikTok clone. The feed, called “Inspire,” appears in the bottom nav bar of the Amazon app.

Image Credits: Watchful via The Wall Street Journal

Amazon, of course, has no interest in competing as a new social or entertainment experience with other big tech companies. But it does copycat the latest, hottest formats when it builds out new shopping features. In years past, that’s seen the company cloning other social apps like Pinterest or Instagram or steaming live shopping videos. Now that TikTok’s feed is the go-to, Amazon has adopted it as well.

For now, the Inspire feed is being tested and is not publicly available to all users.

In Other News…

Apple Updates

• Apple’s next iPhone event will reportedly be held on September 7, per a Bloomberg report. The company is expected to unveil its iPhone 14 line featuring camera upgrades and a faster chip. Apple has not made a formal announcement of the event at this time.
• Apple’s iOS 16 beta 5 added a nifty feature to again show the battery percentage in the status bar on iPhone after being removed for notched models when the iPhone X debuted.
• Apple noted prices of apps and IAPs will increase in Ghana and Turkey. 

Augmented Reality

Image Credits: Snap

• Snap and HBO Max partnered on a new AR experience for HBO’s “House of the Dragon” premiere, which includes a new selfie and worldview Lens in Snapchat’s app, as well as new Landmarker Lenses. Users can immerse themselves in the fantasy world by turning themselves into dragons or watching them fly around you, among other things.
• Universal Studios launched the Dinotracker AR app (iOS/Android) built by Trigger XR and Niantic Labs to promote the new movie, “Jurassic World Dominion.” Users have to try to find dinosaurs around them. The app is using Niantic’s new Lightship ARDK to place 10 dinosaurs in the user’s environment. The technology features include semantic understanding, environmental awareness, walkable planes, occlusion and hand-tracking, among others. Other partners include LG Uplus, Qualcomm and KOCCA in Korea.

Image Credits: NBCUniversal Media

Social Networking

• Twitter, Meta and TikTok all outlined their policies related to their plans on handling the 2022 U.S. midterm elections. Twitter said it’s rolling out redesigned tweet labels and “prebunks” on misleading content. TikTok is offering state-by-state information in an Elections Center and will label and fact-check videos. Facebook said it will disable new political ads a week before the midterms.

• Oracle is now monitoring TikTok’s algorithms and moderation system — for whatever that’s worth. TikTok confirmed its new cloud host for U.S. data has been tasked with the monitoring, but offered no specifics as to how it will be done or who gets to see the results.
• A new Pew Research study found that 67% of U.S. teens use TikTok, with 16% of all teens saying they use it almost constantly. The number of teens using Facebook plummeted from 71% in the 2014-2015 study to now 32% today.
• Snapchat has been busy. It recently rolled out parental controls and expanded its premium offering, Snapchat+, to India. The Snapchat+ service has grown to over 1 million subscribers and added new features, including priority Story replies to top creators and celebs.
• TikTok rolled out its own text-to-image AI generator that lets users enter their own prompts to create images to use as video backgrounds. It also tested a new search feature that highlighted matching keywords in comments that link to the search term as well as a way to share TikTok Stories to Facebook and Instagram. 
• BeReal’s No. 1 app now has 7.9 million DAUs, up from 2 million in January and 10,000 in March 2021. The company raised a $600 million Series B led by DST this past spring, The Information reported.
• Timbaland and Swizz Beatz sued TikTok rival Triller saying they’re owed $28 million+. The suit follows Triller’s acquisition of the live music series Verzuz.
• YouTube Shorts, the video app’s TikTok rival, added watermarks to downloads to discourage users from cross-posting their videos.
• Celeb connections app Cameo added a new feature, Cameo Live, that allows a user and nine friends to engage in a 10-minute call with a celebrity.

Photos

• Pixelmator Photo, a photo-editing app from the company behind graphic design app Pixelmator Pro, is bringing its iOS app to the Mac. The company also said it’s moving to a subscription pricing model to better sustain its business.
• Snapchat’s selfie-recording drone Pixy is already being killed off after just launching in April. The drone project is a causality of re-prioritization of resources at Snap amid economic concerns.

Image Credits: Snap

Messaging

• Messenger began testing end-to-end encryption for individual Messenger chats. The news was announced after it was revealed Meta turned over private messages to aid in the prosecution of a Nebraska teen’s abortion.
• Telegram’s founder slammed Apple for delaying a major update to the messaging app, saying it had been stuck in review for two weeks with no explanations.
• WhatsApp now allows users to delete a private or group chat message up to two and half days after sending it. Before, the limit was 1 hour, 8 mins, and 16 seconds. The app also introduced a new privacy option that allows people to use the app without being visible online except to selected contacts they choose. It’s additionally testing screenshot blocking and will soon allow users to leave groups privately without sending out a notification.

• WhatsApp also launched its native Windows app out of beta. The app now works without requiring users to link a phone. A similar Mac app is underway.
• Facebook and Instagram added a new “Add Yours” sticker to Reels that lets people start trends others can add to with their own content; the trend will have its own landing page in the app.
• Google kicked off a public campaign, “Get the Message,” designed to pressure Apple to adopt messaging standard RCS in its own Messages app. The communication protocol would support a better messaging experience between Android and iOS users, but would also make iMessage a less compelling alternative than it is today.

Image Credits: Google

Streaming & Entertainment

• HBO Max rolled out new mobile (and desktop) apps, promising an improved user experience with features like SharePlay support, a shuffle button for mobile, a dedicated home for downloads, tablet support in portrait and landscape modes, a better screen reader, split screens where supported, improved navigation and overall better performance.
• Apple signed a first-look deal with Pulitizer Prize-winning Futuro Studios to bring more original podcast content to its Podcasts app, and possibly, allow it to turn those shows into Apple TV+ programs further down the road.
• Spotify began selling live concert tickets directly to fans in a new Tickets website. The company previously only worked with partners like Ticketmaster and Eventbrite. Spotify’s home screen also gained new discovery feeds for music and podcasts. The separate feeds will direct users to the type of content they’re looking for at the time. It’s also been testing the ability to record reactions to podcasts.
• An analysis of Spotify usage by Sensor Tower showed how engaging the app is compared with its competition; 10% of its mobile app users engage with the app daily, more than the 4% who engage with YouTube Music or 1% who engage with Pandora. (Apple Music was not included.)

Image Credits: Sensor Tower

• Google Meet introduced a new feature that allows users to watch YouTube or stream Spotify together.
• Apple-owned Shazam celebrated its 20th anniversary with a curated playlist of the most Shazamed songs of every year. The app now has 225 million global monthly users, Apple also noted, and has surpassed 70 billion song recognitions as of this week.
• Netflix’s upcoming ad-supported tier may not offer offline viewing, according to findings in the app’s code.
• Plex introduced a new social experience in its streaming apps called Discover Together, which includes the ability to add friends and see what they’re watching, bookmarking and how they’re rating shows and movies.

Image Credits: Plex

Gaming

• Netflix’s games have seen 23.3 million downloads and average 1.7 million daily active users, per Apptopia data. This represents less than 1% of Netflix’s 221 million subscribers.
• Google began testing a way to allow users to launch games from its cloud gaming service Stadia, as well as from Xbox Cloud Gaming and Amazon’s Luna directly from its Google Search results.
• Fortnite maker Epic Games’ appeals case against Apple is set to be heard starting on October 21. The game maker wants to be able to sell games outside the App Store and use its own payment systems.
• Roblox’s earnings report revealed shifting demographics for games. The fastest growing group was people ages 17-24. The company said male 17- to 24-year-olds would become the biggest tracked category in terms of users and engagement hours in the U.S. and Canada over the next couple of months.

Dating

• Bumble reported Q2 2022 earnings with revenue up 18% YoY to $220.5 million, above estimates, but a higher net loss of $6.4 million versus $2.6 million estimated.
• As part of the larger revamp of its “Bumble BFF” friend-finding feature, Bumble has also been developing a new “communities” offering it’s calling “Hive,” which may include support for features like group chat, polls and video calls.

Health & Fitness

• Fitbit to end Mac and PC syncing on October 13, 2022 and will instead move file transfers to its smartphone app and local music and playlists over to Pandora and Deezer.
• Meditation and wellness app Calm laid off 20% of staff, or 90 people out of around 400. The company had been valued at $2 billion in 2020.
• A Mozilla study found that 18 out of 25 top reproductive apps and wearables, like Clue, Flo, Glow and Eve, didn’t have strong privacy protections. Most didn’t say if they would share data with law enforcement, either.

Travel & Transportation

• Lyft Media is a new business unit designed to consolidate Lyft’s ad offerings, which will focus on showing more ads in cars, on the Lyft mobile app and at bike-sharing stations.
• Uber sunset its free loyalty program Uber Rewards in favor of subscription membership, Uber One. The membership costs 9.99 per month or $99.99 per year, and offers perks like 5% off certain rides or delivery orders and unlimited $0 delivery fees on food orders of over $15 and grocery orders of more than $30.
• Airbnb launched anti-party technology which includes an algorithm that looks at signals, like the history of positive reviews, how long the user has been on the platform, the length of the trip, the distance to the listing and weekday versus weekend booking. Potential rule-breakers will be prevented from booking an entire property, and will instead direct them to results where they can rent a room where hosts are physically present.

Utilities & Productivity

• Meta launched the Duet Display app which allows Portal owners to turn their smart screen devices (Portal Plus Gen 2 and Meta Portal Go) into a second screen for their Mac and PC. The company said it would also launch the Meta Portal Companion app on Mac for Meta Portal touch-based devices (Meta Portal Go, Meta Portal Plus, Meta Portal and Meta Portal Mini) to allow for screen-sharing on video calls. Meta is said to be phasing out its consumer Portal devices.

Adtech

• Bloomberg reported Apple is considering rolling out ads to more places across iOS, including Maps (which was explored internally) and possibly other apps like Books or Podcasts. Currently, Apple’s ad revenue is around $4 billion.

• A new report by FT noted many small businesses reliant on personalized ads have cut back on marketing efforts, in part due to Apple’s ATT changes, as they now face rising customer acquisition costs.
• The WSJ reported that before launching ATT, Apple and Meta had engaged in discussions about revenue-sharing agreements, including one that would see Apple taking a cut of “boosted posts” via IAP and an ad-free Facebook subscription.
• TikTok rolled out new ad solutions as part of its commerce ad suite called “Shopping Ads.” The company is currently testing three formats of Shopping Ads, including Video Shopping Ads, Catalog Listing Ads and LIVE Shopping Ads.

Government & Policy

• South Korean regulators have begun to investigate Apple and Google over possible violations of the country’s in-app payment rules. The Korea Communications Commission (KCC) is also investigating SK Group’s homegrown app store called ONE Store. If the KCC discovers the companies have violated the law, it will issue fines which can be up to 2% of the company’s annual revenue.

• The EU is set to make a final decision related to a privacy complaint regarding Instagram’s handling of children’s data in the region. The decision is expected at the end of August, with a hard deadline of the first week of September.
• Google was fined A$60 million (around $42.7 million USD) in Australia over Android settings it had applied around five years ago which were found to have misled consumers about its location data collection.
• China’s internet regulator published a list of 30 algorithms used in popular apps including WeChat, Taobao, Meituan and Douyin, which includes a brief description of their usage.

Security & Privacy

• Signal said attackers accessed the phone numbers and SMS verification codes for around 1,900 users as part of the recent Twilio breach.
• A security researcher says Apple has known that iOS VPN apps are broken due to a flaw that means there’s no 100% reliable way that data is being sent via the VPN. Apple claims the issue is fixed.
• TechCrunch reviewed iOS 16’s new “Lockdown Mode” designed for high-profile attack targets, like journalists, politicians, lawyers and human rights defenders, who have to be vigilant against nation-state spyware.

Funding and M&A

Unity rejected a takeover offer from AppLovin that would have valued the company at $58.85 per share, an 18% premium over Unity’s stock price at the time. The deal would have been valued at $17.54 billion. Unity said it would proceed with its own deal to acquire ironSource for $4.4 billion in stock. Its shares dropped 7% after the board rejected the acquisition.

Unity announced a deal to create a JV, Unity China, in partnership with Alibaba, China Mobile, Oppo, and Douyin Group. The deal valued at $1 billion will allow Unity to expand into the world’s largest games market.

European encrypted messaging app Wire, focused on enterprise use, raised €24 million in Series C funding led by growth equity firm Cipio Partners and Iconical.

She Matters, a health app for Black women, raised $1.5 million in pre-seed funding. The app recently expanded its resources and support for postpartum healthcare.

DNSFilter acquired the iOS firewall app Guardian for an unknown sum in order to expand its web-based threat detection capabilities. Guardian was founded in 2013 by Will Strafach, a security researcher and former iPhone jailbreaker. Its iPhone app blocks apps from sharing users’ personal information with third parties, such as IP addresses and location data, by using a VPN.

FullStory raised $25 million in new funding from Permira to help companies spot issues in their websites and apps. FullStory says it analyzed more than 15 billion user sessions in 2021, including nearly 1 trillion clicks, text highlights and scrolls.

Infrastructure-as-a-service platform maker Mobot raised $12.5 million in Series A funding to expand its suite of robots that bug-test mobile apps. The robots can run through custom-designed testing flows to tap, swipe and rotate mobile devices, and more. The system integrates with standard dev tools like Jira and provides clients with results and reports.

Meme-based dating app Schmooze recently raised $3.2 million in seed funding led by Inventus Capital and Silicon Valley Quad. The app lets users swipe left or right on people they like and up to love memes presented to them. The latter will help to inform match selections.

Meta invested in Take App, a Singaporean startup founded by former Facebook engineering manager Youmin Ki. The app offers an easy way for users to set up simple websites for online orders, with a shopping cart, payments and a direct connection to WhatsApp for managing and tracking orders. The investment size was undisclosed but came in via the company’s NPE Team, which had previously developed social apps and more recently shifted to investments.

New York-based family journaling app Qeepsake has raised $2 million in seed funding led by LaunchCapital. The company, which has 700,000 registered users, plans to invest in its marketing and engineering teams.

Indian fintech app Jar raised $22.6 million in Series B funding led by Tiger Global. The app helps millions of Indians save small amounts to invest in digital gold and is planning to expand into insurance, mutual funds and lending.

Sofy, the maker of a testing platform for mobile apps, closed on $7.75 million in seed funding led by Voyager Capital. The startup has raised a total of $9.5 million to date.

Just Eat sold its 33% stake in the Latin American joint venture iFood to Prosus for $1.8 billion. Prosus will now fully own the Brazilian food delivery company and app maker as a result.

Downloads

Along

Image Credits: Along

A new video creation app called Along has launched into beta testing to offer a way to create “infinite-length” collaboration videos with multiple creators. The app introduces a concept called “tapes” which begins with one creator’s video that others can then add their own clips to, which the original creator approves. The idea is similar to the “Add This” feature that Meta recently rolled out to its short-form video offering, Reels. Except in Along’s case, users are collaborating on a video “tape,” curated by the original poster, not simply contributing to a trend page.

The app is currently in private, invite-only testing but TechCrunch readers can access the app early here: along.video/invite/techcrunch. (This is not an ad — just an invite!)

You can read more about the app here on TechCrunch.

Zoom has in many ways “won” the mindshare game when it comes to video conferencing: whether you’re actually using Zoom, or another service that’s wrapped into another platform like Google or Microsoft, and whether it’s for work or fun, the standalone Zoom is the one that people reference, the one that has claimed anthimeric status.

But for those who use Zoom, or Google’s Meet, Microsoft’s Teams, or something else, you’ll know that they still lack in certain scenarios. Today a startup called Venue built to plug one of those gaps — larger team meetings — is setting out its stall to compete, with a video conferencing platform that brings in a host of personalization and other features from consumer communication apps to make it more engaging. These include emoji bursts, the ability to set background music and backgrounds, easy tools to share videos and other media, gifs, and multi-functional control panels that mimic those that appear in streaming platforms like Twitch.

“Our clients have told us that if Slack made video conferencing for team meetings, this is what it might look like,” said Jason Goldlist, who co-founded the company with Frank Poon, in an interview with me (which took place, naturally, on Venue).

The Toronto-based startup has been in private beta for the past two years, first as a bootstrapped business and then as part of the Y Combinator Winter 2022 cohort.

In that time, it’s picked up some very interesting traction. Its customers include Yelp, Shopify, and PwC; and it’s so far hosted more than 5 million minutes of meetings and 250,000 participants in aggregate.

And now it’s announcing $4 million in seed funding from an impressive list of backers: led by Accel, the group also incudes Stewart Butterfield, the CEO and co-founder of none other than Slack (he is investing directly, the investment is not coming from the Slack Fund, and this is the video pitch, in Venue, that Goldlist used to pitch him); SquareSpace founder and CEO Anthony Casalena; and the founder and CEO of Remote.com, Job van der Voort.

Venue will be using the funding both for more product development, and also to scale its infrastructure to work with more customers.

Venue’s basic pitch is that it’s not another video conferencing platform. As Goldlist told me the other day, the aim is not to replace Zoom, Meet, Teams or the others, which are perfectly serviceable for one-on-one or small group virtual gatherings.

“We see Zoom as the Craigslist of video conferencing,” he said. “You will always have people who will use it.

“Our role is not to out-Zoom Zoom,” he continued. “It’s to pick our niche and to execute really well. There is a specific set of use cases and venue is the best at and no one focuses the way we do on the all hands, the town halls the AMAs, especially for remote or highly distributed companies.”

Borrowing from the wider world of consumer apps, its aim is to give users more control and thus make video meetings on the platform less abstract. Emoji reactions, background music, dynamic backgrounds, video bubbles, and a wide set of chat tools are among the bells and whistles that Venue believes will keep users interested, and keep organizations on board as customers.

Winning people over with bells and whistles seems to have worked so far. The startup says that there have been over 2 million emoji reactions “blasted to presenters” and that more than 30,000 one-on-one connections have been made between users on Venue to date.

Venue’s emergence from private beta is coming with some momentum for sure, but also — for the video call weary among us — maybe some malaise. Much of the world has inched away from many of the trappings of life in the throes of Covid-19 — local authorities are imposing less rules about face masks, travel and being in groups; offices are opening up again; and some of our e-commerce habits are tailing off in favor of shopping, eating out or doing other things in person.

Video conferencing hasn’t exactly died in recent months, but we are definitely entering a more sober phase after the heady months of 2020 and 2021. Even Zoom has felt the pinch. Although the company met analyst expectations for revenues and beat on earnings in its last financial quarter, it’s been feeling the pinch of a tough market for tech stocks.

Most recently, Citi downgraded Zoom’s stock in the face of growing competition from bigger platforms (Microsoft being especially aggressive with business customers, picking up some interesting partners in the process such as Workplace, the enterprise version of Facebook from Meta), and Zoom itself has been working on a new strategy to double down once more on its bread-and-butter enterprise base after finding that monetizing all those dinner parties and calls among friends was going nowhere fast.

All of that means not just a trickier climate for all video conferencing apps, but also a lot more competition for smaller players among those bigger companies with the resources to build in the tools they lack today.

But although many work practices, including remote working and virtual meetings, definitely opened up in the last couple of years, Goldlist points out that the use case for better, larger team meetings is not something that materialized during / after Covid-19. He points specifically to the costs and clunky nature of traditional video conferencing systems.

“The price of running an all-hands [for a company with employees in more than one place] is extraordinary,” he said. Doing “back of the napkin math”, said Goldlist, the cost for a meeting for 1,000 people for an hour is upwards for $50,000. That is not equipment investments per se. “it’s a huge cost to interrupt people in the middle of the day to have a meeting,” he said. “These are expensive things. You need to make them unique.”

The fact that there are still so many moments when video meetings don’t feel ideal is likely a strong enough reason for investors to place a bet on one in an early stage that has picked up some users, and is seeing some momentum with the wider startup community.

“Too often all hands and large meetings are inefficient and costly. Historically, it’s been hard to produce highly engaging meetings for large groups – the tools and technology hasn’t supported it. But Venue is now making top-tier production value simple and accessible,” said Sara Ittelson, a partner at Accel, in a statement.

Google Cloud announced this week that it’s shutting down its IoT Core service, giving customers a year to move to a partner to manage their IoT devices.

The announcement appeared at the top of the IoT Core web page this week with little fanfare. The company also sent an email to customers announcing the change.

It believes that having partners manage the process for customers is a better way to go. “Since launching IoT Core, it has become clear that our customers’ needs could be better served by our network of partners that specialize in IoT applications and services,” a Google spokesperson explained.

Google is also keenly aware of its reputation for suddenly shutting down services, and the Google Cloud spokesperson was careful to point out that they are trying to make the move as seamless as possible for customers. “We have worked extensively to provide customers with migration options and solution alternatives, and are providing a year-long runway before IoT Core is discontinued.”

That may be so, but it certainly didn’t appease commenters on Hacker News, who were highly critical of the news, and questioned Google Cloud’s commitment to its customers.

Competitors AWS and Microsoft offer similar services, which provide a way for customers to manage their IoT devices, while ingesting and making sense of all of the data coming in from those devices.

Constellation Research analyst Holger Mueller found it intriguing that Google was shutting down this particular service after all the IoT hype we’ve been hearing in recent years. “It’s interesting. IoT was supposed to be this big driver for cloud loads for the cloud vendors,” he said.

Mueller said that the big three cloud vendors — Amazon, Microsoft and Google — haven’t had much innovation on IoT services. “All three have been kind of standing still on their offerings, which has allowed the best-of-breed and specialized vendors to catch up. Now those specialized IoT vendors run on the big three cloud infrastructure, and they get those workloads anyway without the investment and maintenance of a software platform,” he said. But so far, only Google has announced it’s deprecating its IoT core service.

Ultimately, this could have to do with the mounting losses that the company has been facing in the cloud division as it works to catch up with rivals Amazon and Microsoft. The investment seems to be working with the company reporting over $6 billion in revenue in its most recent earnings report last month, up from $4.6 billion the prior year. But the division also reported losses of $858 million, a much wider gap than the prior year’s $591 million loss.

It’s worth noting that the cloud infrastructure market more broadly is growing rapidly and Google could be investing heavily to get a bigger piece of that over time, while tolerating losses in the short term. Synergy Research reported last month that the market was worth almost $55 billion last quarter with Google accounting for 10% of that. That was good for third place behind Amazon with 34% and Microsoft with 21%. The market, which includes infrastructure as a service, platform as a service along with hosted private cloud services, grew 31% in Q2 2022. (Google Cloud’s $6B figure includes additional services beyond the ones Synergy counts, hence the difference  between Synergy’s number, and what Alphabet reported for Google Cloud revenue.)

Google published a blog post last July outlining its core tenets when it comes to changing or shutting down a service. To that end, the company stated, “If a deprecation or breaking change is inevitable, then the burden is on us to make the migration as effortless as possible.”

That may be so, but customers like the ones on Hacker News are feeling like they’ve been left in the lurch. To a large extent commenters see this as a trust issue, and Google Cloud will need to address that, especially as it tries to grow the division.

Google has been sanctioned A$60 million (around $40M+) in Australia over Android settings it had applied, dating back around five years, which were found — in a 2021 court ruling — to have mislead consumers about its location data collection.

Australia’s Competition & Consumer Commission (ACCC) instigated proceedings against Google and its Australia subsidiary back in October 2019, going on to take the tech giant to court for making misleading representations to consumers about the collection and use of their personal location data on Android phones, between January 2017 and December 2018.

In April 2021 the court found Google had breached Australia’s Consumer Law when it represented to some Android users that the “Location History” setting was the only Google account setting affecting whether it collected, kept and used personally identifiable data about their location.

In actuality, another setting — called ‘Web & App Activity’ — also enabled Google to grab Android users’ location data and this was turned on by default, as the ACCC noted in a press release today. Aka, a classic dark pattern. (Actually Google deployed nested dark patterns, plural, as we detail below.)

The regulator estimates that users of around 1.3 million Google accounts in Australia may have viewed a screen found by the Court to have breached the Consumer Law.

“This significant penalty imposed by the Court today sends a strong message to digital platforms and other businesses, large and small, that they must not mislead consumers about how their data is being collected and used,” said ACCC chair, Gina Cass-Gottlieb, in a statement.

“Google, one of the world’s largest companies, was able to keep the location data collected through the ‘Web & App Activity’ setting and that retained data could be used by Google to target ads to some consumers, even if those consumers had the ‘Location History’ setting turned off.”

“Personal location data is sensitive and important to some consumers, and some of the users who saw the representations may have made different choices about the collection, storage and use of their location data if the misleading representations had not been made by Google,” she added.

Per the ACCC, Google took steps to correct the contravening conduct by 20 December 2018, meaning consumers in the country were no longer shown the misleading screens.

At the time of the court ruling last year, Google said it disagreed with the findings and that it was considering an appeal. But, in the event, it decided to take the lumps.

(These are not as painful as they might have been if the infringements had occurred more recently: The ACCC notes that the majority of the sanctioned conduct occurred prior to September 2018 which is before the maximum penalty for breaches of the Consumer Law was substantially increased — from $1.1M per breach to — since then — the higher of $10M, 3x the value of any benefit obtained or, if the value cannot be determined, 10% of turnover.)

The Court has also ordered Google to ensure its policies include a commitment to compliance, and requirements that it train certain staff about the country’s Consumer Law, as well as to pay a contribution to the ACCC’s costs.

Google was contacted for comment on the sanction. A company spokesperson sent us this statement:

“We can confirm that we’ve agreed to settle the matter concerning historical conduct from 2017-2018. We’ve invested heavily in making location information simple to manage and easy to understand with industry-first tools like auto-delete controls, while significantly minimising the amount of data stored. As we’ve demonstrated, we’re committed to making ongoing updates that give users control and transparency, while providing the most helpful products possible.”

Dark patterns inside dark patterns

The ACCC’s press release includes some screengrabs showing Google notifications to Android users that the court found to be misleading — which includes three versions of Google’s Web & Activity setting screen shown to consumers setting up a Google account on their device that do not mention the word “location” at all.

Instead, on one — which appeared between April 30, 2018 and December 19 2018 — Google instructs consumers that the setting “saves your searches, Chrome browsing history and activity from sites and apps that use Google services”, before nudging them to retain a pre-selected option to “save my Web & Activity to my Google account” (aka, opt into Google’s tracking) by suggesting: “This gives you better search results, suggestions and personalisation across Google services.” But nowhere does it explain that the user is agreeing to be location tracked.

If Android users chose to try to turn off “Location History” — i.e. via a totally separate setting that did not actually enable them to prevent Google’s location tracking — they could also be shown a confusing pop-up querying their decision to “Pause Location History?”, as Google put it, warning them the decision would “limit functionality of some Google products over time”.

It’s hard to know what even the point of this was, since the setting did not empower consumers to entirely prevent Google snooping on their location, so probably it was mostly there to spread FUD.

The text in this notification concludes with a further confusing line — telling the user to “remember, pausing this setting doesn’t delete any previous activity” — and pointing them to yet more settings where Google suggests they could “view and manage this information in your Location History map”. This was presumably intended to send them down a pointless rabbit hole — while drawing their attention away from the Web & Activity setting where Google had hidden another location tracking setting.

Other versions of the Web & Activity setting which the court found misleading Android users between early 2017 and late 2018 include one which contains a full five possible actions a user could take — a surfeit of choice obviously intended to bamboozle them into leaving the ‘on’ setting as is, since it’s so drastically unclear what anything else available on the screen means.

“If you use more than one account at the same time, some data may get saved in your default account. Learn more at support.google.com,” runs one prominent piece of cryptic Google small print — without actually hyperlinking the URL in question to send the consumer to where they might actually ‘learn more’ (or, well, quickly realize there is nothing much to learn and certainly no ‘off’ switch there).

This chunk of small print mostly appears intended to shield consumers from reading the actual description of the Web & Activity setting’s function — a setting which, remember, is defaulted to ‘on’ — since this very salient information is buried below it (and above a more eye-catching tick-box). But even here Google is not clear: Again, it does not use the word ‘location’ at all; there’s only an indirect reference to “Maps” buried in a list that foregrounds ‘faster searches’ and ‘customized experiences’ to nudge consumers to agree.

By using the name of its popular Maps product as a stand in for location Google appears to be suggesting that Android users need this setting to be on if they want to use Maps — rather than making it plain that the setting refers to its ability to track their location.

The same setting screen also includes a pre-ticked check-box next to yet more text that states: “Include Chrome browsing history and activity from websites and apps that use Google services” — so Google is seemingly unbundling tracking settings, presumably as a back-up in case one of these pre-checked settings gets unchecked, meaning it can at least grab data via the other.

After that there’s more small print, lodged under the bland rubric “data from this device”, which reads: “Control reporting of App Activity from this device”. However this text is not instantly visually linked to any setting the user is able to interact with — so anyone glancing at it might assume it’s not pointing them to an option at all and skip over it.

Airgapped below, towards the very bottom of the screen, is a hyperlinked option to “MANAGE ACTIVITY”. This text is bolder — being in ALL CAPS. So does draw the eye. Yet what even is this? Why does the user have to wade into fresh Google submenu hell to try to turn off tracking, as this option seems to be implying? Surely they can just toggle the ‘on’ switch at the top of the settings screen to do that…

Of course everything baked into this dark pattern layer cake is pushing the consumer far away from any understanding of what’s actually going on with their data in order that they give up and leave the default tracking on. Truly a masterclass in deceptive manipulative design.

Screengrab: ACCC

A big reboot?

While Google’s statement today on the ACCC sanction seeks to imply that all misleading location tracking stuff is in the past, the company is facing an ongoing investigation into the same practices in the European Union — open since February 2020 — where it could be on the hook for a more sizeable fine if it’s found to have infringed the bloc’s General Data Protection Regulation (as penalties can scale as high as 4% of global annual turnover).

Consumer watchdogs in the EU actually filed complaints about Google’s deceptive location tracking back in November 2018. So Google will still be able to claim it’s moved on — whatever the outcome.

A draft decision by Ireland’s DPA, which is leading the investigation, is expected this year — although a final decision could be pushed into 2023 since it must be reviewed by the bloc’s network of DPAs and agreement reached on any enforcement.

But there’s more — earlier this summer, European consumer rights groups filed a new series of complaints against Google — accusing the advertising giant of deceptive design around the account creation process that they say steers users into agreeing to extensive and invasive processing of their data.

The complaints highlight how many more ‘clicks’ are required by Google to let users opt out of its tracking vs handling it the keys to their data… so plus ça change right?

The plodding pace of European privacy law enforcement suggests Google can expect several years’ grace before any corrective orders land — leaving consumers exposed in the meanwhile.

But there’s some harder reform on the horizon: EU lawmakers recently agreed to include a ban on online platforms designing and deploying deceptive/manipulative and/or confusing interfaces in a forthcoming flagship update to the bloc’s digital rulebook.

The Digital Services Act (DSA) is generally intended to dial up responsibility and accountability around digital services by steering governance.

On dark patterns, much will hinge on the specifics of the DSA text, and its interpretation, clearly — and there may still be wiggle room for powerful platforms to find ways to use sharkish practices to rob consumers of their rights and agency. But a key feature of the law is it entails an active role for the European Commission in enforcement (against larger platforms — so called VLOPs).

This includes empowering the EU’s executive to step in and issue guidance on best practice in areas like interface design. Combined with a new ability to bare teeth at repeat offenders — as it gets empowered to hit VLOPs with beefy fines if they break the DSA’s rules — so some of the EU’s consumer-focused regulation could, suddenly, get rather harder to ignore. (The DSA will start applying from next year.)

Penalties for breaches of the DSA can scale up to 6% of global annual turnover. So the cost and risk of stealing people’s data are certainly rising. Whether it’ll be enough to give tracking giants pause for thought — or, what’s really needed, force meaningful reform of privacy-hostile business models — remains to be seen.