Thursday, September 19, 2013

With 2.5M Downloads, Activity Tracking App Moves Launches Its Software Alternative To Fitness Wearables On Android


Activity trackers are all over the place, except maybe on the wrist of the vast majority of the public. Moves is an app that launched with the goal of putting that power on devices people already carry with a software-based activity tracker, and now it’s expanding its availability from iOS to Android. The iOS app from the Helsinki and London-based startup has seen over 2.5 million downloads since launching on iPhone back in January, and Moves CEO and Designer Sampo Karjalainen credits its success to the combined price and convenience of using his company’s software vs. hardware accessories like the Jawbone UP or the Fitbit Flex. “The mobile phone will be the activity tracker for the mainstream,” he said in an interview. “There are over a billion smartphones in the market that could do all-day activity tracking. Dedicated activity tracker gadgets make sense for specific needs, but the big opportunity is in mobile phone as an activity tracker.” Still, Karjalainen says that Moves will be watching the progress of multi-purpose wearable hardware, to see how it might be able to take advantage of those devices. Jawbone has just opened up the API for UP, for instance, which means software like Moves could use its hardware to enhance their own apps, too. Maybe more exciting is Apple’s new M7 processor, tech in the iPhone 5s that act independent of the A7 main system-on-a-chip to track motion, conserving battery. It’s a boost for Moves, but not the be-all and end-all for motion-tracking startups, Karjalainen says. “The M7 confirms our vision. Mobile phone manufacturers are clearly starting to recognize the opportunity in smartphone-based activity tracking,” he explained. “The great thing is that M7 helps minimize battery consumption, which has been the biggest limiting factor. But it lacks cycling recognition and is available only for top model, iPhone 5S, so we can’t fully rely on it.” As for the new Android app, the attention here has been about making sure Moves actually replicates the same kind of experience users have on iPhone in terms of accurately tracking daily activity. “On Android we’ve first focused on making the core technology work well, and this means that 1.0 version doesn’t have all features of iPhone version yet,” Karjalainen said. “We’ll add for example Connected Apps support and user accounts soon. We think the 1.0 version is a great simple way to track your activities and document your life.” He also added that the team considered using the new Google Play Activity Recognition APIs, which Google itself provides, to track a phone’s movement with Moves for Android, but in the end they could recognize running with their own house-made tech, while Google’s couldn’t, and their cycling algorithm was more accurate in testing. Moves may face more competition as a result of the M7 and Google’s APIs, but it clearly feels it can keep ahead by focusing on differentiating via its own movement tracking software engineering efforts. The startup also has a head start on an exciting market, so tapping the large potential user pool that comes with Android is a good step.

Plaid Raises $2.8M To Make Banking Data More Developer Friendly


A number of well-known venture firms are getting behind Plaid, a startup that describes itself as “the modern API for banking data.” The company is announcing that it has raised $2.8 million led by Spark Capital, with participation from Google Ventures, New Enterprise Associates, Felicis Ventures, and Homebrew Capital (the new seed fund from former Googlers Hunter Walk and Satya Patel). Co-founder Zach Perret told me via email that the team’s goal is to make it easier for developers to build financial applications: “As developers in financial technology ourselves, we struggled with the lack of a unified bank API and the low quality of transactional data – so we decided to build the infrastructure to fix it.” So Plaid says its API offers clean transaction data such as merchant names, addresses, and geocodes. The startup is currently in private beta, and Perret said the initial clients have used the API for accounting, automated taxes, and expense management applications (he argued that Plaid could eventually be used in other industries). For example, he said one tax client wanted to build an application that can identify deductible expenses in bank and credit histories. “In the past, you had to mail your statements and receipts to your accountant, who would read through names like SBXUSQ0112x and try to figure out what the transactions mean,” he said. “Using Plaid, applications allow users to link their accounts and get high-context data on each transaction – cleaning up that transaction to Starbucks Coffee at 41 Union Square West, NYC 10003.” But are financial institutions going to want to work with Plaid? Well, Perret said the company is currently working with “just a few major banks” today, and that expanding coverage to a big focus for the next year. He claimed that when Plaid works with a financial partner, it doesn’t require much effort from the partner: “The brunt of the work is on us.” He added, “That said, we’ve found a lot of the big financial institutions to actually be quite forward-thinking in how their users access and utilize their data – and it’s really exciting to be there to help enable that.” By the way, Perret and the Plaid team (including his co-founder William Hockey) won the grand prize at TechCrunch’s Disrupt NY Hackathon this year for an application that used the Plaid API with the Foursquare API to show credit-card transactions on a map.

Artillery Teases Upcoming Game ‘Atlas,' An HTML5-Based ‘Spiritual Successor To Starcraft'


Artillery, the HTML5-centric gaming startup from a team of former Googlers and Facebook engineers, just teased its first title. Codenamed “Atlas,” the game is meant to be the “spiritual successor” to Starcraft — except that it’s entirely in the browser and requires no downloadable software. You can play it by opening up a link. The company, which is backed by First Round Capital, Andreessen Horowitz and others, is putting the game in beta for roughly 1,000 players until full release sometime early next year. The teaser they released is to show off how slick the whole experience is and how easily units can be manipulated inside a browser without any lags. While I have not poured hours or years of my life into Starcraft and am therefore not well-equipped to compare the game to its inspiration, I did not experience any latency issues with playing it in the latest version of Chrome. I did die, though. “We wanted to show what’s doable in real-time in the middle of multi-player game in the browser,” said CEO Ankur Pansari and longtime Starcraft player. Artillery recently poached Sean “Day[9]” Plott, a ranked Starcraft player and gaming commentator with hundreds of thousands of fans, to work on game design. The rest of the team is made up of Google, Facebook and Zynga alums. Artillery has $2.5 million in venture backing from First Round Capital, Signia Venture Partners, Lowercase Capital, General Catalyst Partners, CrunchFund and Andreessen Horowitz. They’re releasing titles with their platform first after CEO Ankur Pansari did case studies on major gaming companies throughout the last few decades and realized that all of them developed hugely successful first-party titles first. This was before they licensed out technology or infrastructure to other developers. They do plan on giving access to third-party developers at some point. The company says their tools cut down development time by about 50 percent. Plus, since they distribute through the browser, updates happen automatically and don’t have to be fixed through patches. “If our players complain that the units or dudes are too small, they don’t even have to refresh the page,” Plott said. “I can just adjust it and have it automatically show up.” The game will naturally make money through microtransactions, but monetization isn’t built into the title yet because Pansari and Plott are focused on the gaming experience. “We’re focusing on the fundamentals for real-time strategy gameplay right now,” Plott said.

Security Researchers Claim Apple Technically Capable Of Intercepting iMessages


Two security researchers have posted an outline for a talk about Apple’s iMessage security to be presented next month. The report claims that Apple could — but not that it does — intercept iMessages and read them if it wishes. Apple had previously claimed, via its security documents, that iMessages were encrypted end-to-end and that it is unable to read them. Researchers ‘GG’ and Cyril ‘Pod2G‘ Cattiaux of firm Quarkslab claim that they have discovered a method to perform a man-in-the-middle (MITM) attack, which can intercept these messages and allow them to be read, despite the encryption used by Apple. Cattiaux, under the moniker Pod2G, may be familiar to many in the iOS jailbreak community. He was formerly part of the Chronic Dev Team, one of the larger jailbreak groups and has discovered several exploits that allow these teams to perform their unlocking of the iOS system partition. A brief for the presentation, entitled How Apple Can Read Your iMessages and How You Can Prevent It, which will take place at the HITB Security Conference in Asia next month, reads: Can Apple read your iMessages? YES. Do they do it? Unfortunately, we can not answer. Quarkslab team studied iMessage protocol for quite some time. We will explain the protocol layers, with Push then iMessage itself. With this understanding, we will be able to try to build a MITM attack toward iMessage. We will explain the mandatory conditions for the MITM to succeed. We will take you deep into the crypto used for encryption, authentication and key management. All pieces put together will prove that Apple can technically read your iMessages whenever they want. The implication, then, is that Apple and other malicious actors could intercept iMessages and read them using the attack. The researchers do not say that Apple is doing this, or that anyone is currently leveraging this vulnerability. Instead, it’s designed to expose an attack that could be used this way and, apparently, to counter the claim by Apple that there is no way for it to read the messages. The researchers say that they have confirmed that iMessages are encrypted end-to-end, and are not claiming that they can intercept it, just that they can demonstrate how an attack could be performed by a company with the resources. Apple’s statement about iMessage security is as follows: For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form. We reached out to the researchers and were given answers to some questions about the presentation by Cattiaux. — TC: What versions of iOS or OS X are vulnerable? CC: The conception flaw letting Apple intercept and read iMessages is in the protocol, not in a specific software or hardware. It means that every Apple product that is compatible with iMessages is affected. Basically, nearly all current Apple products: iMac, Mac Pro, MacBook Pro, MacBook Pro Retina, iPhone, iPod Touch, iPad. We will release a tweak for jailbroken iOS devices and an application for OS X just after the presentation. TC: Is this something that can be performed on OS X as well? CC: Yes, and the OS X version will be more advanced than its iOS counterpart. TC: Has the vulnerability been disclosed to Apple? CC: A big part of the iMessage protocol is protected at the binary level (obfuscation techniques), and also, the protocol is closed-source and not documented anywhere. We thus considered that Apple wouldn’t answer our claims anyway. Maybe we didn’t make the right move, and we’re looking forward to get in touch with them in order to make iMessage even more secure. We would be happy if they fix the issues in the operating system itself, because requiring people to use our tweaks to improve their privacy is not the best solution. That would definitely be much more efficient it is was natively built into iOS or OS X themselves. TC: Is this attack something you feel can be widely distributed or leveraged, or is it so difficult that this is not likely? CC: The iMessage protocol is strong. Only Apple or a powerful institution (NSA is randomly chosen as an example) could tamper with it. TC: Does it require physical access to a user’s device? If not, then can you give some details on what info you need to make it happen? CC: Basically, if you are Apple or the NSA, it doesn’t require any prerequisites. TC: Technically, this means that Apple could very well be forced to intercept messages on court request (if this method is accurate). Do you have any reason to believe Apple knew about the vulnerability? CC: We haven’t seen any evidence that Apple has read iMessages of people, we would have [this] evidence if they had tried to spy [on] us. But [this is] not the case. In the same way, nobody can prove they [made] the design flaw intentionally to spy on people. It may be, or it is just a consequence of another choice. Only Apple can [know]. TC: This isn’t just Apple that is in a position to intercept, correct? If you guys can do it, other people could technically do it? CC: Technically, we can do it and we’ll demo it, but there are some prerequisites. In a position of an external attacker, the encryption is strong enough to consider other targets to spy on a particular phone. In the position of Apple, things are really different — We went on to ask Cattiaux about the background of Quarkslab and why they chose to take on the ‘hacking’ of iMessage. “Firstly, Quarkslab [has] a pretty good knowledge on DRM penetration testing. We do work with big customers to verify and improve their DRM security,” says Cattiaux. “Secondly, iMessage is quite a challenge. Add to that we wanted to understand the protocol (privacy issues or not), and we needed a use case to test one of our internal R&D project[s], all that made iMessage the perfect candidate.” The importance here is immediately evident in light of the recent revelations regarding the NSA and its widely scoped information requests to companies like Apple, Google, Microsoft and many others. Obviously, Apple would have little individual motivation to read or intercept your iMessages, and plenty of incentive to keep them as private as possible. But if Apple’s iMessage system is vulnerable to a MITM attack — which apparently places an intercepting party in the sending process at a time when the messages are un-encrypted and available for viewing — then it could theoretically be forced to exercise this ability by a court order for information. From what the researchers are telling us so far, only Apple or a company with enormous resources like the NSA would be capable of performing this kind of attack. We’ll have to wait for the talk, which is set for the HITB conference on October 16 and 17 in Kuala Lumpur, Malaysia. We have reached out to Apple for comment on the researchers’ discovery.

Unmetric Raises $5.5M To Help Companies Measure The Competition On Social Media


Social analytics startup Unmetric is announcing that it has raised $5.5 million in Series B funding. The company’s website asks, “Is your brand social enough?” and Unmetric tries to answer that question by tracking more than 10,000 brands on Facebook, Twitter, YouTube, Pinterest and LinkedIn, looking both at what those brands do and whether it’s effective. That allows customers to see how their own activity is performing and how it compares to their competitors. For example, last year I wrote about the launch of the company’s SatisfactionMetrics feature (which tracks brands’ responses to customer service requests on social media and breaks those responses down by type) and its feature for scoring the virality of YouTube campaigns. More recent additions include a system called T+ Amplification Metrics, which scores the engagement of tweets based on retweets, favorites and replies, as well as a similar LinkedIn Engagement Score. (To be clear, Unmetric’s data for both social networks goes beyond a simple score, but the score is an easy way to compare success.) Unmetric has now raised a total of $8.7 million. The new round was led by JAFCO Asia with participation from previous investor Nexus Venture Partners. Not surprisingly, given the investment from an Asian firm, Unmetric says it will use the funding for global expansion, as well as adding even more social networks to its system. Customers include Subway, Chevrolet, Under Armour, GroupM, Fleishman Hillard, and LBi. Unmetric says its biggest success thus far has been in the automotive industry, either working with the companies directly or with their agencies (or both).

Gecko Is One Small Step For The Internet Of Things, One Huge Leap For Your Smartphone


The Internet of Things — like true mobile wallets or Internet-connected coffee makers — is on the horizon. It awaits us, a world where all of our devices are connected and communicate with each other in some sort of futuristic circle of life. But as with any major shift in technology, we’re certainly not there yet. For those of us who are growing impatient, might I introduce you to the Gecko, a new Indiegogo project that’s meant to “make your smartphone smarter.” The idea here is that the accelerometer-equipped Gecko connects to your smartphone via low energy Bluetooth to help you monitor the various things in your life, as well as bring gesture controls and triggers to your smartphone. With Gecko, the connectedness isn’t built into the devices themselves but can rather be applied to objects in the home through these accelerometer- and Bluetooth-based tags. The device itself is packed with a TI CC2541 SoC, removable coin cell battery with a year’s worth of juice (depending on usage), as well as a buzzer and LED light for alerts. So, to start, you can use a hand-held Gecko to control the music on your phone, or to trigger the camera to snap a picture or shoot a video. With the accompanying Gecko app, you can even trigger multiple photos taken at set intervals. The Gecko comes with four available gestures, including turning it to the left and right and shaking it once or twice. Meanwhile, the Gecko can also be used as a tracking or monitoring device. Tag your front door to get alerts when it’s opened or closed. Tag a pillbox to get a reminder when you or a loved one hasn’t taken their medication at the scheduled time that day. Tag your pet to get an alert when it leaves a 100-foot radius. Hell, tag your kid to make sure they don’t wander off, either. You can even find your phone if it’s paired with a Gecko, as long as you haven’t lost the Gecko. (But in that case, you should really work on being more organized.) The project just recently went up on Indiegogo and has about 40 days to reach its $50,000 funding goal. That’s plenty of time for this well-designed, clever little venture, and a hat-tip from the Woz doesn’t hurt either. Steps are taken every day bringing us closer to the Internet of Things. We’ve seen this with Samsung’s TecTiles and NFC-friendly tags that trigger reactions in your phone, but even more so with devices like the Nest learning thermostat and the Lockitron smart lock. If you’re interested in backing the project, head on over to Indiegogo and lay down $20.

Language Startup Busuu Breaks Livemocha's Records, Hits 35M Users, 20M Downloads


Busuu managed to build out and bootstrap its way to a healthy audience by being a language-learning site offering direct interaction with native speakers. Last year it raised a Series A investment round of €3.5 million from PROfounders Capital and private investors. It’s now touching 35 million users and last year launched an app strategy that has now iterated that app into other 11 languages. They now say they’ve hit 20 million downloads across iOS and Android (smartphones and tablets), which is a significant number for language/education apps. Globally, 62 percent of all downloads are for iOS and 38 percent are for Android. The top three countries by number of downloads are the U.S., Germany and Russia, although there is also rapid growth in emerging markets, such as Brazil, Turkey and China. Worldwide, the most popular languages downloaded to learn are English, followed by French and then Spanish. Busuu’s big, active community is a key part of its strategy. Users connect to native speakers by completing writing exercises and submitting these for feedback and corrections. They can then do the same in return, acting as a tutor of their own language. Compared to other companies in edtech (e.g. Coursera with 5 million users) Busuu is doing pretty well. Remember that this spring Rosetta Stone acquired Seattle-based online language-learning community Livemocha for $8.5 million in cash. At exit Livemocha had a 16-million-member online language-learning community. It had also raised $19 million over six years. By contrast Busuu has raised $4.56 million to reach 35 million members.