Everything you need to know about Facebook, Google’s app scandal

Facebook and Google landed in hot water with Apple this week after two investigations by TechCrunch revealed the misuse of internal-only certificates — leading to their revocation, which led to a day of downtime at the two tech giants.

Confused about what happened? Here’s everything you need to know.

How did all this start, and what happened?

On Monday, we revealed that Facebook was misusing an Apple-issued enterprise certificate that is only meant for companies to use to distribute internal, employee-only apps without having to go through the Apple App Store. But the social media giant used that certificate to sign an app that Facebook distributed outside the company, violating Apple’s rules.

The app, known simply as “Research,” allowed Facebook unparalleled access to all of the data flowing out of a device. This included access to some of the users’ most sensitive network data. Facebook paid users — including teenagers — $20 per month to install the app. But it wasn’t clear exactly what kind of data was being vacuumed up, or for what reason.

It turns out that the app was a repackaged app that was effectively banned from Apple’s App Store last year for collecting too much data on users.

Apple was angry that Facebook was misusing its special-issue enterprise certificates to push an app it already banned, and revoked it — rendering the app unable to open. But Facebook was using that same certificate to sign its other employee-only apps, effectively knocking them offline until Apple re-issued the certificate.

Then, it turned out Google was doing almost exactly the same thing with its Screenwise app, and Apple’s ban-hammer fell again.

What’s the controversy over these enterprise certificates and what can they do?

If you want to develop Apple apps, you have to abide by its rules — and Apple expressly makes companies agree to its terms.

A key rule is that Apple doesn’t allow app developers to bypass the App Store, where every app is vetted to ensure it’s as secure as it can be. It does, however, grant exceptions for enterprise developers, such as to companies that want to build apps that are only used internally by employees. Facebook and Google in this case signed up to be enterprise developers and agreed to Apple’s developer terms.

Each Apple-issued certificate grants companies permission to distribute apps they develop internally — including pre-release versions of the apps they make, for testing purposes. But these certificates aren’t allowed to be used for ordinary consumers, as they have to download apps through the App Store.

What’s a “root” certificate, and why is its access a big deal?

Because Facebook’s Research and Google’s Screenwise apps were distributed outside of Apple’s App Store, it required users to manually install the app — known as sideloading. That requires users to go through a convoluted few steps of downloading the app itself, and opening and trusting either Facebook or Google’s enterprise developer code-signing certificate, which is what allows the app to run.

Both companies required users after the app installed to agree to an additional configuration step — known as a VPN configuration profile — allowing all of the data flowing out of that user’s phone to funnel down a special tunnel that directs it all to either Facebook or Google, depending on which app you installed.

This is where the Facebook and Google cases differ.

Google’s app collected data and sent it off to Google for research purposes, but couldn’t access encrypted data — such as the content of any network traffic protected by HTTPS, as most apps in the App Store and internet websites are.

Facebook, however, went far further. Its users were asked to go through an additional step to trust an additional type of certificate at the “root” level of the phone. Trusting this Facebook Research root certificate authority allowed the social media giant to look at all of the encrypted traffic flowing out of the device — essentially what we call a “man-in-the-middle” attack. That allowed Facebook to sift through your messages, your emails and any other bit of data that leaves your phone. Only apps that use certificate pinning — which reject any certificate that isn’t its own — were protected, such as iMessage, Signal and additionally any other end-to-end encrypted solutions.

Facebook’s Research app requires Root Certificate access, which Facebook gather almost any piece of data transmitted by your phone (Image: supplied)

Google’s app might not have been able to look at encrypted traffic, but the company still flouted the rules — and had its separate enterprise developer code-signing certificate revoked anyway.

What data did Facebook have access to on iOS?

It’s hard to know for sure, but it definitely had access to more data than Google.

Facebook said its app was to help it “understand how people use their mobile devices.” In reality, at root traffic level, Facebook could have accessed any kind of data that left your phone.

Will Strafach, a security expert with whom we spoke for our story, said: “If Facebook makes full use of the level of access they are given by asking users to install the certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.”

Remember: this isn’t “root” access to your phone, like jailbreaking, but root access to the network traffic.

How does this compare to the technical ways other market research programs work?

In fairness, these aren’t market research apps unique to Facebook or Google. Several other companies, like Nielsen and comScore, run similar programs, but neither ask users to install a VPN or provide root access to the network.

In any case, Facebook already has a lot of your data — as does Google. Even if the companies only wanted to look at your data in aggregate with other people, it can still hone in on who you talk to, when, for how long and, in some cases, what about. It might not have been such an explosive scandal had Facebook not spent the last year cleaning up after several security and privacy breaches.

Can they capture the data of people the phone owner interacts with?

In both cases, yes. In Google’s case, any unencrypted data that involves another person’s data could have been collected. In Facebook’s case, it goes far further — any data of yours that interacts with another person, such as an email or a message, could have been collected by Facebook’s app.

How many people did this affect?

It’s hard to know for sure. Neither Google nor Facebook have said how many users they have. Between them, it’s believed to be in the thousands. As for the employees affected by the app outages, Facebook has more than 35,000 employees and Google has more than 94,000 employees.

Why did internal apps at Facebook and Google break after Apple revoked the certificates?

You might own your Apple device, but Apple still gets to control what goes on it.

Apple can’t control Facebook’s root certificates, but it can control the enterprise certificates it issues. After Facebook was caught out, Apple said: “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.” That meant any app that relied on Facebook’s enterprise certificate — including inside the company — would fail to load. That’s not just pre-release builds of Facebook, Instagram and WhatsApp that staff were working on, but reportedly the company’s travel and collaboration apps were down. In Google’s case, even its catering and lunch menu apps were down.

Facebook’s internal apps were down for about a day, while Google’s internal apps were down for a few hours. None of Facebook or Google’s consumer services were affected, however.

How are people viewing Apple in all this?

Nobody seems thrilled with Facebook or Google at the moment, but not many are happy with Apple, either. Even though Apple sells hardware and doesn’t use your data to profile you or serve you ads — like Facebook and Google do — some are uncomfortable with how much power Apple has over the customers — and enterprises — that use its devices.

In revoking Facebook and Google’s enterprise certificates and causing downtime, it has a knock-on effect internally.

Is this legal in the U.S.? What about in Europe with GDPR?

Well, it’s not illegal — at least in the U.S. Facebook says it gained consent from its users. The company even said its teenage users must obtain parental consent, even though it was easily skippable and no verification checks were made. It wasn’t even explicitly clear that the children who “consented” really understood how much privacy they were really handing over.

That could lead to major regulatory headaches down the line. “If it turns out that European teens have been participating in the research effort Facebook could face another barrage of complaints under the bloc’s General Data Protection Regulation (GDPR) — and the prospect of substantial fines if any local agencies determine it failed to live up to consent and ‘privacy by design’ requirements baked into the bloc’s privacy regime,” wrote TechCrunch’s Natasha Lomas.

Who else has been misusing certificates?

Don’t think that Facebook and Google are alone in this. It turns out that a lot of companies might be flouting the rules, too.

According to many finding companies on social media, Sonos uses enterprise certificates for its beta program, as does finance app Binance, as well as DoorDash for its fleet of contractors. It’s not known if Apple will also revoke their enterprise certificates.

What next?

It’s anybody’s guess, but don’t expect this situation to die down any time soon.

Facebook may face repercussions with Europe, as well as at home. Two U.S. senators, Mark Warner and Richard Blumenthal, have already called for action, accusing Facebook of “wiretapping teens.” The Federal Trade Commission may also investigate, if Blumenthal gets his way.

Apple losses trigger a plunge in US markets

Bad news from Apple and signs of slowing international and domestic growth sent stocks tumbling in Thursday trading on all of the major markets.

Investors erased some $75 billion in value from Apple alone… an amount known technically as a shit ton of money. But stocks were down broadly based on Apple’s news, with the Nasdaq falling 3 percent, or roughly 202.44 points, and the Dow Jones Industrial Average plummeting 660.02 points, or roughly 2.8 percent.

Apple halted trading of its stock yesterday afternoon to provide lower guidance for upcoming earnings.

Apple’s news from late yesterday that it would miss its earnings estimates by several billion dollars thanks to a collapse of sales in China was the trigger for a broad sell-off that erased gains from the last trading sessions before the New Year (which saw the biggest one-day gain in stocks in recent history).

Apple’s China woes could be attributed to any number of factors, D.A. Davidson senior analyst Tom Forte said. The weakening Chinese economy, patriotic fervor from Chinese consumers or the increasingly solid options available from domestic manufacturers could all be factors.

Sales were suffering in more regions than China, Forte noted. India, Russia, Brazil and Turkey also had slowing sales of new iPhone models, he said.

Investors have more than just weakness from Apple to be concerned about. Chinese manufacturing flipped from growth to contraction in December and analysts in the region expect that the pain will continue through at least the first half of the year.

“We expect a much worse slowdown in the first half, followed by a more serious and aggressive government easing/stimulus centred on deregulating the property market in big cities, and then we might see stabilisation and even a small rebound later this year,” Ting Lu, chief China economist at Nomura in Hong Kong, wrote in a report quoted by the Financial Times.

U.S. manufacturing isn’t doing much better, according to an industrial gauge published by The Institute for Supply Management. The institute’s index dropped to its lowest point in two years.

“There’s just so much uncertainty going on everywhere that businesses are just pausing,” Timothy Fiore, chairman of ISM’s manufacturing survey committee, told Bloomberg. “No matter where you look, you’ve got chaos everywhere. Businesses can’t operate in an environment of chaos. It’s a warning shot that we need to resolve some of these issues.”

The index remains above the threshold of a serious contraction in American industry, but the 5.2-point drop from the previous month in the manufacturing survey is the largest since the financial crisis, and was only exceeded one other time — following the September 11, 2001 terror attacks on the U.S.

Silicon Valley’s year of reckoning

Tech companies have always branded themselves as the good guys. But 2018 was the year that the long-held belief that Silicon Valley is on the right side of progress and all things good was called into question by a critical mass.

As startups grow bigger and richer, amassing more power and influence outside of the Valley, a reckoning has played out in government and business. Mission statements like “connecting the world” and “don’t be evil” no longer hold water.

A look at a few of this year’s most impactful news themes underscore why; we’ve racked up too many examples to the contrary.

Android co-creator Andy Rubin’s $90 million payout and sexual misconduct revealed

Since the #MeToo movement opened the floodgates on the importance of fighting for gender equality and fair treatment of women and underrepresented minorities at a large scale, the tech industry was rightfully singled out as a microcosm for rampant misconduct.

In October, a New York Times investigation detailed how Android co-creator Andy Rubin was paid out a $90 million exit package when he left Google in 2014. At the time, Google concealed that the executive had multiple relationships with Google staffers and that credible accounts of sexual misconduct had been filed against him during his time at the company. It was an all-too-familiar story recounting how women in tech aren’t safe at work and misbehaved executives are immune from penalty. Google employees didn’t stand for it. 

At a rally in San Francisco, Google staffers read off their list of demands, which included an end to forced arbitration in cases of harassment and discrimination, a commitment to end pay and opportunity inequity and a clear, inclusive process for reporting sexual misconduct safely and anonymously, reported Kate Clark.

Rubin has since taken leave from his smartphone company, Essential.

The first self-driving car fatality occurred when an Uber SUV struck and killed a woman in Arizona

Dara Khosrowshahi, chief executive officer of Uber, arrives for a morning session at the Allen & Co. Media and Technology Conference in Sun Valley, Idaho, U.S., on Wednesday, July 10. Photographer: Scott Eells/Bloomberg via Getty Images

In March, the first self-driving car fatality occurred in Tempe, Arizona when 49-year-old pedestrian Elaine Herzberg was struck by an Uber autonomous test SUV. The car was in self-driving mode, and there was a safety driver behind the wheel who failed to intervene.

Investigators determined the driver had looked down at a phone 204 times during a 43-minute test drive, and that the driver was streaming “The Voice” on Hulu, according to a police report released by the Tempe Police Department. Law enforcement determined her eyes were off the road for 3.67 miles of the 11.8 total miles driven, or about 31 percent of the time.

Uber paused all of its AV testing operations in Pittsburgh, Toronto, San Francisco and Phoenix as a result, and released a safety report detailing how it will add precautions to its testing of self-driving cars. Two employees will be required to sit in the front seat at all times, and an automatic braking system will be enabled.

The incident immediately raised questions about insurance and liability, along with the investigation from the National Transportation Safety Board. As mobility companies charge full speed ahead in developing solutions that will shape the future of urban transportation, tragedies like this remind us that while AVs and humans share the roads, these programs are rife with risk. Has Uber learned a lesson? We’ll find out soon, as the company received permission by the state of Pennsylvania to resume autonomous vehicle testing.

Jamal Khashoggi was assassinated by Saudi agents, prompting Silicon Valley to think about how it got so rich

JIM WATSON/AFP/Getty Images

Silicon Valley companies are used to getting away with a lot. Larger orgs like Uber, Tesla and Facebook rotate in and out of the hot seat as security breaches wreak havoc and sexual harassment scandals are exposed, only to be washed out of the news cycle by a viral image of Elon Musk sampling marijuana the next day.

But one story shocked the public for weeks, after agents of the Saudi government assassinated Washington Post columnist Jamal Khashoggi at the Saudi Arabian consulate in Istanbul as he was trying to obtain marriage license papers.

The tech industry was collectively upset by its proximity to a government and funding source that blatantly misused its power. Silicon Valley gets most of its money through SoftBank’s Vision Fund and by proxy the Saudi kingdom. About half of SoftBank’s massive $93 billion tech-focused fund is powered by a $45 billion commitment from the Saudi kingdom. This means the total invested by the kingdom alone into U.S. startups is far greater than the total raised by any single VC fund. Did we see a single example of a startup that refused to work with SoftBank in the aftermath? No. Will we? Probably not. Because Silicon Valley players are mostly only political and activist when it’s convenient for them.

Silicon Valley companies that have accepted money from this source have a vested interest in keeping the peace with Saudi Arabia and its Crown Prince Mohammed bin Salman — the leader known for getting friendly with tech CEOs in the past. But where does this leave us now as Saudi Arabian money continues to distort American venture? SoftBank has sustained countless startups with round after round of funding as it plunges into debt.

With SoftBank money inflating round sizes and therefore valuations, tech founders and CEOs are faced with the age-old question of whether or not it’s okay to use dirty money to do “good things.” SoftBank’s 2018 culminated in a record IPO that saw a 15 percent drop in value on its debut. Regardless, the aftermath of the Khashoggi assassination could signify the end of an era in American venture if founders begin to think critically about the source of their funding — and act on it. 

Facebook’s struggle

UNITED STATES – APRIL 11: Facebook CEO Mark Zuckerberg testifies before a House Energy and Commerce Committee in Rayburn Building on the protection of user data on April 11, 2018. (Photo By Tom Williams/CQ Roll Call)

Facebook’s 2018 kicked off with Zuckerberg’s wishful, vague post about his personal challenge to “fix Facebook.” The social network bowed out of 2017 with critics saying Zuckerberg hadn’t done enough to combat the proliferation of fake news on Facebook or block Russian interference in the 2016 U.S. election. Online abuse had never been so bad. All of this was happening just as people started to realize that mindlessly browsing the newsfeed — Facebook’s core product — is a total waste of time.

What better timing for not one, but two massive security scandals?

Zuckerberg answered to Congress after Facebook was infiltrated by Cambridge Analytica, a data organization with ties to the Trump administration. In the beginning of 2014, the organization obtained data on 50 million Facebook users in a way that deceived both the users and Facebook itself. 

If that weren’t enough, just months later Facebook revealed at least 30 million users’ data were confirmed to be at risk after attackers exploited a vulnerability allowing them access to users’ personal data. Zuckerberg said that the attackers were using Facebook developer APIs to obtain information, like “name, gender, and hometowns” linked to a user’s profile page. Queue #deletefacebook

A Pew report detailed how Facebook users are becoming more cautious and critical, but they still can’t quit. News and social networking are like oil and water — they can’t blend into coexistence on the same news feed. In 2018, Facebook was caught in a perfect storm. Users started to understand Facebook for what it actually is: powered by algorithms that coalesce fact, opinion and malicious fake content on a platform designed to financially profit off the addictive tendencies of its users. The silver lining is that as people become more cautious and critical of Facebook, the market is readying itself for a new, better social network to be designed off the pioneering mistakes of its predecessors.

Apple hits a $1 trillion market cap and celebrates the anniversary of the iPhone with design changes

SAN FRANCISCO, CA – OCTOBER 22: Apple CEO Tim Cook speaks during an Apple announcement. (Photo by Justin Sullivan/Getty Images)

This was a hardware-heavy year for Apple. The MacBook Air got Retina Display. The Apple Watch got a big redesign. The iPad Pro said farewell to the home button. We met the new mac Mini and an updated Apple Pencil. In September, Apple held its annual hardware event in Cupertino to announce three new iPhone models, the XS (the normal one), XR (the cheap one) and the XS Max (the big one). We also learned that the company went back to the drawing board on the Mac Pro.

In August, Apple won the race to $1 trillion in market cap. It wasn’t the frayed cords or crappy keyboards that boosted the company past this milestone, but rather price hikes in its already high-margin iPhone sales. But while Apple remains wildly profitable, growth is slowing notably.

Tech stocks took a beating toward the end of the year, and although Apple seems to have weathered the storm better than most companies, it may have reached a threshold for how much it can innovate on its high-end hardware. It may be wise for the company to focus on other methods of bringing in revenue like Apple Music and iCloud if it wants to shoot for the $2 trillion market cap.

As the biggest, richest companies get bigger and richer, questions about antitrust and regulation rise to ensure they don’t hold too much economic power. Tim Cook has more authority than many political leaders. Let’s hope he uses it for good.

Tesla CEO Elon Musk sued by the SEC for securities fraud

CHICAGO, IL – JUNE 14: Engineer and tech entrepreneur Elon Musk of The Boring Company listens as Chicago Mayor Rahm Emanuel talks about constructing a high speed transit tunnel at Block 37 during a news conference on June 14, 2018 in Chicago, Illinois. Musk said he could create a 16-passenger vehicle to operate on a high-speed rail system that could get travelers to and from downtown Chicago and O’Hare International Airport under twenty minutes, at speeds of over 100 miles per hour. (Photo by Joshua Lott/Getty Images)

In August, Tesla CEO Elon Musk announced in a tweet heard around the internet that he was considering taking Tesla private for $420 per share and that he’d secured funding to do so. The questioning started. Was it legit? Was it a marijuana joke? The tweet caused Tesla’s stock price to jump by more than 6 percent on August 7. Musk also complained that being a public company “subjects Tesla to constant defamatory attacks by the short-selling community, resulting in great harm to our valuable brand.”

Turns out, Musk had indeed met with representatives from the Saudi sovereign wealth fund, and that the fund’s lead rep told Musk that they’d bought about 5 percent of Tesla’s stock at a stake worth $2 billion, were interested in taking the company private and confirmed that this rep had the power to make these kinds of investment decisions for the fund. However, nothing was written on paper, and Musk did not notify the Nasdaq — an important requirement.

At the end of September, the SEC filed a lawsuit against Musk for securities fraud in regards to his “false and misleading” tweets, seeking to remove him from Tesla. Musk settled with the SEC two days after being charged, resigning from his chairman position but remaining CEO. Musk and Tesla were also ordered to pay separate $20 million fines to “be distributed to harmed investors under a court-approved process,” according to the SEC.

Public companies are supposed to value the interests of their shareholders. Pulling the trigger on an impulsive tweet breaks that trust — and in Musk’s case, cost $40 million and a board seat. This is why we should never put too much fear or faith in our leaders. Musk is brilliant and his inventions are changing the world. But he is human and humans are flawed and the Tesla board should have done more to balance power at the top. 

The great Amazon HQ2 swindle

Chief Executive Officer of Amazon, Jeff Bezos, tours the facility at the grand opening of the Amazon Spheres, in Seattle, Washington on January 29, 2018. Amazon opened its new Seattle office space which looks more like a rainforest. The company created the Spheres Complex to help spark employee creativity. (Photo: JASON REDMOND/AFP/Getty Images)

Tech jobs bring new wealth to cities. Amazon set out on a roadshow across America in what the company described as a search for its second headquarters, or “HQ2.” The physical presence of Amazon’s massive retail and cloud businesses would undoubtedly bring wealth, innovation, jobs and investment into a region.

There was initial hope that the retail giant would choose a city in the American heartland, serving as a catalyst for job growth in a burgeoning tech hub like Columbus, Ohio, Detroit, Mich., or Birmingham, Ala. But in the end, Amazon split the decision between two locations: New York (Long Island City) and Arlington, Virginia, as the sites for its new offices. The response? Outrage.

Jon Shieber noted that cities opened their books to the company to prove their viability as a second home for the retailing giant. In return, Amazon reaped data on urban and exurban centers that it could use to develop the next wave of its white-collar office space, and more than $2 billion worth of tax breaks from the cities that it will eventually call home for its new offices.

Danny Crichton argued that Amazon did exactly what it should have with its HQ2 process. Crichton wrote that Amazon is its own entity and therefore has ownership of its decisions. It allowed cities to apply and provide information on why they might be the best location for its new headquarters. Maybe the company ignored all of the applications. Maybe it was a ploy to collect data. Maybe it wanted publicity. Regardless, it allowed input into a decision it has complete and exclusive control over.

Let’s hope that in 2019, Silicon Valley will hold on to some of its ethos as a venture-funded sandbox for brilliant entrepreneurs who want to upend antiquated industries with proprietary tech inventions. But let it be known that sleeping at the wheel while your company gets breached, turning a blind eye to the evil doings of your largest funding sources and executive immunity from sexual misconduct violations no longer have their place here. 

Chinese investment into computer vision technology and AR surges as U.S. funding dries up

Last year 30 leading venture investors told us about a fundamental shift from early stage North American VR investment to later stage Chinese computer vision/AR investment — but they didn’t anticipate its ferocity.

Digi-Capital’s AR/VR/XR Analytics Platform showed Chinese investments into computer vision and augmented reality technologies surging to $3.9 billion in the last 12 months, while North American augmented and virtual reality investment fell from nearly $1.5 billion in the fourth quarter of 2017 to less than $120 million in the third quarter of 2018. At the same time, VC sentiment on virtual reality softened significantly.

What a difference a year makes.

Dealflow (dollars)

What VCs said a year ago

When we spoke to venture capitalists least year, they had some pretty strong opinions.

Mobile augmented reality and Computer Vision/Machine Learning (“CV/ML”) are at opposite ends of the spectrum — one delivering new user experiences and user interfaces and the other powering a broad range of new applications (not just mobile augmented reality).

The market for mobile AR is very early stage, and could see $50 to $100 million exits in 2018/2019. Dominant companies will take time to emerge, and it will also take time for developers to learn what works and for consumers and businesses to adopt mobile AR at scale (note: Digi-Capital’s base case is mobile AR revenue won’t really take off until 2019, despite 900 million installed base by Q4 2018). Tech investors are most interested in native mobile AR with critical use cases, not ports from other platforms.

Computer vision and visual machine learning is more advanced than mobile AR, and could see dominant companies in the near-term. Here, investors love  startups with real-world solutions that are challenging established industries and business practices, not research projects. Firms are investing in more than 20 different mobile augmented reality and computer vision and visual machine learning sectors, but there is the potential for overfunding during the earliest stages of the market.

What VCs did in the last 12 months

Perhaps the most crucial observation is the declining deal volumes over the last year.

Deal Volume (number of deals by category)

(Source: Digi-Capital AR/VR/XR Analytics Platform)

Deal volume (the number of deals) declined steadily by 10% per quarter over the last 12 months, and was around two-thirds the level in Q3 2018 that it was in Q4 2017. Most of the decline happened in the US and Europe, where VCs increasingly stayed on the sidelines by looking for short-term traction as a sign of long-term growth. (Note: data normalized excluding HTC ViveX accelerator Q4 2017, which skews the data)

Deal Volume (number of deals by stage)

The biggest casualties of this short-termist approach have been early stage startups raising seed (deal volume down by more than half) and some series A (deal volume down by a quarter) rounds. This trend has been strongest in North America and Europe, but even Asia has not been entirely immune from some early stage deal volume decline.

Deal Value (dollars)

(Source: Digi-Capital AR/VR/XR Analytics Platform)

While deal volume is a great indicator of early-stage investment market trends, deal value (dollars invested) gives a clearer picture of where the big money has been going over the last 12 months. (Note: investment means new VC money into startups, not internal corporate investment – which is a cost). Global investment hit its previous quarterly record over $2 billion in Q4 2017, driven by a few very large deals. It then dropped back to around $1 billion in the first quarter of this year. Since then deal value has steadily climbed quarter-on-quarter, to reach a new record high well over $2 billion in Q3 2018.

Over $4 billion of the total $7.2 billion in the last 12 months was invested in computer vision/AR tech, with well over $1 billion going into smartglasses (the bulk of that into Magic Leap) . The next largest sectors were games around $400 million and advertising/marketing at a quarter of a billion dollars. The remaining 22 industry sectors raised in the low hundreds of millions of dollars down to single digit millions in the last 12 months.

A tale of two markets

Deals by Country and Category (dollars)

American and Chinese investment had an inverse relationship in the last 12 months. American investors increasingly chose to stay on the sidelines, while Chinese investor confidence grew to back up clear vision with long-term investments. The differences in the data couldn’t be more stark.

North American Deals (dollars)

North American investment was almost triple Asian investment in Q4 2017, with a record high of nearly $1.5 billion dollars for the quarter. Despite 2018 being a transitional year for the market (Digi-Capital forecast that market revenue was unlikely to accelerate until 2019), North American quarterly investment fell over 90% to less than $120 million in Q3 2018. American VCs appear to have taken a long-term solution to a short-term problem.

China Deals (dollars)

Meanwhile, Chinese VCs have been focused on the long-term potential of the intersection between computer vision and augmented reality, with later-stage Series C and Series D rounds raising hundreds of millions of dollars a time. This trend increased dramatically in the last 12 months, with SenseTime Group raising over $2 billion in multiple rounds and Megvii close behind at over $1 billion (also multiple rounds).

Smaller investments (by Chinese standards) in the hundreds of millions have gone into companies Westerners might not know, including Beijing Moviebook Technology, Kujiale and more. All this saw Chinese quarterly investment grow 3x in the last 12 months. (Note: some recent Western opinions about market investment trends were based on incomplete data)

Where to from here?

With our team’s investment banking background, experience shows that forecasting venture capital investment is a fool’s errand. Yet it is equally foolish to ignore hard data, and ongoing discussions with leading investors along Sand Hill Road and China indicate some trends to watch.

American tech investors might continue to wait for market traction before providing the fuel needed for that traction (even if that seems counterintuitive). While this could pose an existential threat to some early stage startups in North America, it’s also an opportunity for smart money with longer time horizons.

Conversely, Chinese VCs continue to back domestic companies which could dominate the future of computer vision/augmented reality. The next 6 months will determine if this is a long-term trend, but it is the current mental model.

If mobile AR revenue accelerates in 2019 as critical use cases and apps emerge (as in Digi-Capital’s base case), this could become a catalyst for renewed investment by American VCs. The big unknown is whether Apple enters the smartphone tethered smartglasses market in late 2020 (as Digi-Capital has forecast for the last few years). This could be the tipping point for the market as a whole (not just investment). However, Apple timing is hard to predict (because Apple), with any potential launch date known only to Tim Cook and his immediate circle.

Steve Jobs said, “You can’t connect the dots looking forward; you can only connect them looking backwards. So you have to trust that the dots will somehow connect in your future. You have to trust in something – your gut, destiny, life, karma, whatever. This approach has never let me down, and it has made all the difference in my life.”

Chinese investors embraced a Jobsian approach over the last 12 months, with Western VCs increasingly dot-connecting (or not). It will be interesting to see how this plays out for computer vision/AR investment over the next 12 months, so watch this space.

Most iOS devices now run iOS 12 according to Mixpanel’s data

Analytics company Mixpanel is currently tracking the install base of iOS 12. And the latest version of iOS is quite popular as it’s already installed on roughly 47.6 percent of all iOS devices. 45.6 percent of devices still run iOS 11, and 6.9 percent of iOS users run an older version.

Adoption rate is an important metric for app developers. With major iOS releases, Apple also releases new frameworks. But developers still need to support old versions of iOS for a little bit before moving entirely to newer frameworks and drop support for old iOS versions.

But it’s interesting to see that you can already drop support for iOS 10 without losing too many customers. Chances are that users who don’t update their version of iOS don’t really care about having the latest version of your app anyway.

With iOS 11, it took much longer to reach that level. Last year, Apple announced on November 6th that iOS 11 was more popular than iOS 10. Sure, Mixpanel and Apple don’t have the exact same numbers, but you can already see that the trend is different this year.

iOS 12 focuses on performance. Apple has optimized this major release for older devices, such as the iPhone 6. All devices that run iOS 11 can update to iOS 12 as well. Basically, if you want a faster phone, you should update to iOS 12.

This is a bit counterintuitive as previous iOS releases had rendered older devices much slower. But it sounds like iOS users got the message based on the adoption rate.

iOS 12 makes your phone faster than ever

The iPhone SE was the best phone Apple ever made, and now it’s dead

I only wanted one thing out of 2018’s iPhone event: a new iPhone SE. In failing to provide it Apple seems to have quietly put the model out to pasture — and for this I curse them eternally. Because it was the best phone the company ever made.

If you were one of the many who passed over the SE back in 2015, when it made its debut, that’s understandable. The iPhone 6S was the latest and greatest, and of course fixed a few of the problems Apple had kindly introduced with the entirely new design of the 6. But for me the SE was a perfect match.

See, I’ve always loved the iPhone design that began with the 4. That storied phone is perhaps best remembered for being left in a bar ahead of release and leaked by Gizmodo — which is too bad, because for once the product was worthy of the lavish unveiling Apple now bestows on every device it puts out.

The 4 established an entirely new industrial design aesthetic that was at once instantly recognizable and highly practical. Gone were the smooth, rounded edges and back of the stainless original iPhone (probably the second-best phone Apple made) and the jellybean-esque 3G and 3GS.

In the place of those soft curves were hard lines and uncompromising geometry: a belt of metal running around the edge, set off from the glass sides by the slightest of steps. It highlighted and set off the black glass of the screen and bezel, producing a of specular outline from any angle.

The camera was flush and the home button (RIP) sub-flush, entirely contained within the body, making the device perfectly flat both front and back. Meanwhile the side buttons boldly stood out. Volume in bold, etched circles; the mute switch easy to find but impossible to accidentally activate; the power button perfectly placed for a reaching index finger. Note that all these features are directly pointed at usability: making things easier, better, more accessible, while also being attractive and cohesive as parts of a single object.

Compared to the iPhone 4, every single other phone, including Samsung’s new “iPhone killer” Galaxy S, was a cheap-looking mess of plastic, incoherently designed or at best workmanlike. And don’t think I’m speaking as an Apple fanboy; I was not an iPhone user at the time. In fact, I was probably still using my beloved G1 — talk about beauty and the beast!

The design was strong enough that it survived the initially awkward transition to a longer screen in the 5, and with that generation it also gained the improved rear side that alleviated the phone’s unfortunate tendency towards… well, shattering.

The two-tone grey iPhone 5S, however, essentially left no room for improvement. And after 4 years, it was admittedly perhaps time to freshen things up a bit. Unfortunately, what Apple ended up doing was subtracting all personality from the device while adding nothing but screen space.

The 6 was, to me, simply ugly. It was reminiscent of the plethora of boring Android phones at the time — merely higher quality than them, not different. The 6S was similarly ugly, and the 7 through 8 somehow further banished any design that set themselves apart, while reversing course on some practical measures in allowing an increasingly large camera bump and losing the headphone jack. The X, at least, looked a bit different.

But to return to the topic at hand, it was after the 6S that Apple had introduced the SE. Although it nominally stood for “Special Edition,” the name was also a nod to the Macintosh SE. Ironically given the original meaning of “System Expansion,” the new SE was the opposite: essentially an iPhone 6S in the body of a 5S, complete with improved camera, Touch ID sensor, and processor. The move was likely intended as a sort of lifeboat for users who still couldn’t bring themselves to switch to the drastically redesigned, and considerably larger, new model.

It would take time, Apple seems to have reasoned, to convert these people, the types who rarely buy first generation Apple products and cherish usability over novelty. So why not coddle them a bit through this difficult transition?

The SE appealed not just to the nostalgic and neophobic, but simply people who prefer a smaller phone. I don’t have particularly large or small hands, but I preferred this highly pocketable, proven design to the new one for a number of reasons.

Flush camera so it doesn’t get scratched up? Check. Normal, pressable home button? Check. Flat, symmetrical design? Check. Actual edges to hold onto? Check. Thousands of cases already available? Check — although I didn’t use one for a long time. The SE is best without one.

At the time, the iPhone SE was more compact and better looking than anything Apple offered, while making almost no compromises at all in terms of functionality. The only possible objection was its size, and that was (and is) a matter of taste.

It was the best object Apple ever designed, filled with the best tech it had ever developed. It was the best phone it ever made.

And the best phone it’s made since then, too, if you ask me. Ever since the 6, it seems to me that Apple has only drifted, casting about for something to captivate its users the way the iPhone 4’s design and new graphical capabilities did, all the way back in 2010. It honed that design to a cutting edge and then, when everyone expected the company to leap forward, it tiptoed instead, perhaps afraid to spook the golden goose.

To me the SE was Apple allowing itself one last victory lap on the back of a design it would never surpass. It’s understandable that it would not want to admit, this many years on, that anyone could possibly prefer something it created nearly a decade ago to its thousand-dollar flagship — a device, I feel I must add, that not only compromises visibly in its design (I’ll never own a notched phone if I can help it) but backpedals on practical features used by millions, like Touch ID and a 3.5mm headphone jack. This is in keeping with similarly user-unfriendly choices made elsewhere in its lineup.

So while I am disappointed in Apple, I’m not surprised. After all, it’s disappointed me for years. But I still have my SE, and I intend to keep it for as long as possible. Because it’s the best thing the company ever made, and it’s still a hell of a phone.

Hello eSIM: Apple moves the iPhone away from physical SIMs

A man looks cosmically insignificant onstage next to a giant projection of a smartpphone.

(credit: Valentina Palladino)

announced that its new iPhone XS and iPhone XS Max will use an eSIM—a purely electronic SIM that allows users to maintain a secondary phone line in a single device. That line could be a secondary domestic line (say you’re a journalist and don’t want to have separate personal and work iPhones), or the phone could have an American and Canadian number (if you travel across the border frequently).

These handsets will have a new “dual SIM dual standby” option, one of which will be a nano SIM. In other words, they will have two distinct phone numbers. (Chinese models will have two SIM slots instead of the eSIM option.)

Read 4 remaining paragraphs | Comments

Apple takes down Trend Micro Mac apps that collected, stored user data

Article intro image

Enlarge (credit: Andrew Cunningham)

initial statement says.

The statement also details what Trend Micro found in its investigation: the company claims that some of its apps, including Dr. Cleaner, Dr. Antivirus, and Dr. Unarchiver, uploaded a “small snapshot” of users’ browser histories that covered the 24 hours before installation. The company claims this was done for “security purposes,” particularly to see if users had recently come into contact with adware or other threats. The collected user data was uploaded to a US-based server hosted by Amazon Web Services and managed by Trend Micro.

Read 5 remaining paragraphs | Comments

Key iPhone supplier is hamstrung with the debilitating WannaCry worm

Enlarge (credit: Samuel Axon)

statement published Sunday. In statements made on Monday, the officials identified the malware as WannaCry, which gained international attention in May 2017 when it shut down computers worldwide. The company said it expected the disruption to lower third-quarter revenue by as much as 3 percent. With the chipmaker previously forecasting revenue in the quarter to be $8.45 billion to $8.55 billion, the hit to revenue could be as high as $256 million.

TSMC said it had 80 percent of affected chip fabrication systems back online on Sunday and expected to restore the remainder by Monday. The shutdown comes at a critical time for Apple, which accounts for 21 percent of TSMC’s revenue, according to Bloomberg News. Apple is reportedly planning to release three new iPhone models by year’s end. It’s not yet clear if the shutdown might affect the chip output Apple relies on for the new devices. Shares of Apple stock were trading up about 0.4 percent on Monday as this post was being prepared.

Read 3 remaining paragraphs | Comments